MythTV master
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
MythSessionManager Class Reference

We use digest authentication because it protects the password over unprotected networks. More...

#include <libmythbase/mythsession.h>

Public Member Functions

 MythSessionManager ()
 
bool IsValidSession (const QString &sessionToken)
 Check if the session token is valid. More...
 
MythUserSession GetSession (const QString &sessionToken)
 Load the session details and return. More...
 
MythUserSession LoginUser (const QString &username, const QByteArray &digest, const QString &client="")
 Login user by digest. More...
 
MythUserSession LoginUser (const QString &username, const QString &password, const QString &client="")
 Login user by password - convenient alternative to using the digest. More...
 
bool ManageDigestUser (DigestUserActions action, const QString &username, const QString &password, const QString &newPassword)
 Manage digest user entries. More...
 

Static Public Member Functions

static bool IsValidUser (const QString &username)
 Check if the given user exists but not whether there is a valid session open for them! More...
 
static QString GetPasswordDigest (const QString &username)
 Load the password digest for comparison in the HTTP Auth code. More...
 
static QByteArray CreateDigest (const QString &username, const QString &password)
 Generate a digest string. More...
 
static void LockSessions ()
 
static void UnlockSessions ()
 

Private Member Functions

void LoadSessions (void)
 Load the values from the sessions table on startup. More...
 
void UpdateSession (const QString &sessionToken)
 Update the session timestamps. More...
 
MythUserSession GetSession (const QString &username, const QString &client)
 Checks if an existing session for this user and client exists. More...
 
MythUserSession CreateUserSession (uint userId, const QString &username, const QString &client)
 Add new user session to the database and cache. More...
 
void DestroyUserSession (const QString &sessionToken)
 Removes user session from the database and cache. More...
 
void DestroyUserAllSessions (const QString &username)
 
bool RemoveDigestUser (const QString &username)
 
bool ChangeDigestUserPassword (const QString &username, const QString &oldPassword, const QString &newPassword)
 

Static Private Member Functions

static bool AddDigestUser (const QString &username, const QString &password)
 

Private Attributes

QMap< QString, MythUserSessionm_sessionList
 

Static Private Attributes

static QMutex mutex
 

Detailed Description

We use digest authentication because it protects the password over unprotected networks.

Even if traffic between the client and server is captured, the digest and password cannot be determined and the attacker cannot gain system access in that way. It cannot protect against a full man-in-the-middle but if that really is a concern, users should setup TLS.

The digest isn't very strong if it leaked, but for that to happen the database would need to be breached, at which point the MythTV system is already heavily compromised.

Definition at line 105 of file mythsession.h.

Constructor & Destructor Documentation

◆ MythSessionManager()

MythSessionManager::MythSessionManager ( )

Definition at line 126 of file mythsession.cpp.

Member Function Documentation

◆ AddDigestUser()

bool MythSessionManager::AddDigestUser ( const QString &  username,
const QString &  password 
)
staticprivate

Definition at line 417 of file mythsession.cpp.

Referenced by ManageDigestUser().

◆ ChangeDigestUserPassword()

bool MythSessionManager::ChangeDigestUserPassword ( const QString &  username,
const QString &  oldPassword,
const QString &  newPassword 
)
private

Definition at line 477 of file mythsession.cpp.

Referenced by ManageDigestUser().

◆ CreateDigest()

QByteArray MythSessionManager::CreateDigest ( const QString &  username,
const QString &  password 
)
static

Generate a digest string.

Parameters
username
password

Definition at line 528 of file mythsession.cpp.

Referenced by AddDigestUser(), ChangeDigestUserPassword(), LoginUser(), and V2Myth::ManageUrlProtection().

◆ CreateUserSession()

MythUserSession MythSessionManager::CreateUserSession ( uint  userId,
const QString &  username,
const QString &  client 
)
private

Add new user session to the database and cache.

Definition at line 336 of file mythsession.cpp.

Referenced by LoginUser().

◆ DestroyUserAllSessions()

void MythSessionManager::DestroyUserAllSessions ( const QString &  username)
private

Definition at line 392 of file mythsession.cpp.

Referenced by ChangeDigestUserPassword(), and RemoveDigestUser().

◆ DestroyUserSession()

void MythSessionManager::DestroyUserSession ( const QString &  sessionToken)
private

Removes user session from the database and cache.

Definition at line 373 of file mythsession.cpp.

Referenced by DestroyUserAllSessions(), GetSession(), and IsValidSession().

◆ GetPasswordDigest()

QString MythSessionManager::GetPasswordDigest ( const QString &  username)
static

Load the password digest for comparison in the HTTP Auth code.

Parameters
username

The username should be checked for validity first

Definition at line 221 of file mythsession.cpp.

Referenced by ChangeDigestUserPassword(), HTTPRequest::DigestAuthentication(), and V2Myth::ManageUrlProtection().

◆ GetSession() [1/2]

MythUserSession MythSessionManager::GetSession ( const QString &  sessionToken)

Load the session details and return.

Parameters
sessionToken

If no matching session exists an empty MythUserSession object is returned

Definition at line 184 of file mythsession.cpp.

Referenced by LoginUser(), V2Myth::ManageDigestUser(), HTTPRequest::ParseRequest(), and V2Myth::PutSetting().

◆ GetSession() [2/2]

MythUserSession MythSessionManager::GetSession ( const QString &  username,
const QString &  client 
)
private

Checks if an existing session for this user and client exists.

Parameters
username
client

We may want to reuse this session or destroy this session

Definition at line 195 of file mythsession.cpp.

◆ IsValidSession()

bool MythSessionManager::IsValidSession ( const QString &  sessionToken)

Check if the session token is valid.

Parameters
sessionToken

Definition at line 239 of file mythsession.cpp.

Referenced by GetSession(), and MythHTTPService::HTTPRequest().

◆ IsValidUser()

bool MythSessionManager::IsValidUser ( const QString &  username)
static

Check if the given user exists but not whether there is a valid session open for them!

Parameters
username

Definition at line 166 of file mythsession.cpp.

Referenced by AddDigestUser(), HTTPRequest::BasicAuthentication(), ChangeDigestUserPassword(), HTTPRequest::DigestAuthentication(), V2Myth::ManageUrlProtection(), and RemoveDigestUser().

◆ LoadSessions()

void MythSessionManager::LoadSessions ( void  )
private

Load the values from the sessions table on startup.

Definition at line 134 of file mythsession.cpp.

Referenced by MythSessionManager().

◆ LockSessions()

void MythSessionManager::LockSessions ( )
static

Definition at line 561 of file mythsession.cpp.

Referenced by MythCoreContext::GetSessionManager().

◆ LoginUser() [1/2]

MythUserSession MythSessionManager::LoginUser ( const QString &  username,
const QByteArray &  digest,
const QString &  client = "" 
)

Login user by digest.

Parameters
username
digestPassword Digest (RFC 2617)
clientOptional string identifying this client uniquely, will be created automatically if absent
Returns
Unique session token

Definition at line 273 of file mythsession.cpp.

Referenced by HTTPRequest::BasicAuthentication(), HTTPRequest::DigestAuthentication(), V2Myth::LoginUser(), and LoginUser().

◆ LoginUser() [2/2]

MythUserSession MythSessionManager::LoginUser ( const QString &  username,
const QString &  password,
const QString &  client = "" 
)

Login user by password - convenient alternative to using the digest.

Parameters
username
passwordClear text password string
clientOptional string identifying this client uniquely, will be created automatically if absent
Returns
Unique session token

Definition at line 324 of file mythsession.cpp.

◆ ManageDigestUser()

bool MythSessionManager::ManageDigestUser ( DigestUserActions  action,
const QString &  username,
const QString &  password,
const QString &  newPassword 
)

Manage digest user entries.

Parameters
actionrequires one from: DigestUserActions
usernamealways required
passwordalways required
newPasswordif action=DIGEST_USER_CHANGE_PW
adminPasswordif action=DIGEST_USER_ADD

Definition at line 542 of file mythsession.cpp.

Referenced by V2Myth::ManageDigestUser().

◆ RemoveDigestUser()

bool MythSessionManager::RemoveDigestUser ( const QString &  username)
private

Definition at line 444 of file mythsession.cpp.

Referenced by ManageDigestUser().

◆ UnlockSessions()

void MythSessionManager::UnlockSessions ( )
static

Definition at line 565 of file mythsession.cpp.

Referenced by MythCoreContext::GetSessionManager().

◆ UpdateSession()

void MythSessionManager::UpdateSession ( const QString &  sessionToken)
private

Update the session timestamps.

Definition at line 260 of file mythsession.cpp.

Referenced by IsValidSession().

Member Data Documentation

◆ m_sessionList

QMap<QString, MythUserSession> MythSessionManager::m_sessionList
private

◆ mutex

QMutex MythSessionManager::mutex
staticprivate

Definition at line 230 of file mythsession.h.

Referenced by LockSessions(), and UnlockSessions().


The documentation for this class was generated from the following files: