#============================================================ # Authorization #============================================================ package Authorization; #use Exporter; use Common; @ISA = qw(Common); use strict; #========================================== # セキュリティ関係変数 #========================================== #暗号化の方法 "plain", "crypt", "md5", "sha1" #my $CryptMethod = "sha1"; #my $CryptPhrase = "xlAeASt"; #my $CheckPrivilegedIPAddress = 1; #権限者アカウント アカウント名:パスワード:権限レベル # "Admin:everybody:1", #権限者アカウントのアクセスを許可するIPアドレス: # ":"の後は許可する権限レベルの最高値 #my @PrivilegedIPAddress = ( # "127.0.0.1:1", # サーバー自身 # "192.168.1.160:1", # Kamiya2 # ); #============================================================ # コンストラクタ、デストラクタ #============================================================ BEGIN { } sub new { my ($module, $CryptMethod, $CryptPhrase, $pPrivilegedAccount, $pPrivilegedIPAddress) = @_; my $this = {}; bless $this; $this->SetCryptMethod($CryptMethod) if($CryptMethod); $this->SetCryptPhrase($CryptPhrase) if($CryptPhrase); $this->SetPrivilegedIPAddress($pPrivilegedIPAddress) if($pPrivilegedIPAddress); $this->SetPrivilegedAccount($pPrivilegedAccount) if($pPrivilegedAccount); $this->SetAllowNullIPAddress(0); return $this; } sub DESTROY { my $this = shift; # $this->SUPER::DESTROY(@_); } #=============================================== # 一般固有関数 #=============================================== sub SetCryptMethod { my($this,$m)=@_; return $this->{CryptMethod}=$m; } sub CryptMethod { return shift->{CryptMethod}; } sub SetCryptPhrase { my($this,$p)=@_; return $this->{CryptPhrase}=$p; } sub CryptPhrase { return shift->{CryptPhrase}; } sub SetPrivilegedAccount { my($this,$pA)=@_; return $this->{PrivilegedAccount}=$pA; } sub PrivilegedAccount { my ($App) = @_; my $pA = $App->{PrivilegedAccount}; return @$pA; } sub SetPrivilegedIPAddress { my($this,$pIP)=@_; return $this->{PrivilegedIPAddress}=$pIP; } sub PrivilegedIPAddress { my ($App) = @_; my $pP = $App->{PrivilegedIPAddress}; return @$pP; } sub SetAllowNullIPAddress { my($this,$a)=@_; return $this->{AllowNullIPAddress} = $a; } sub AllowNullIPAddress { return shift->{AllowNullIPAddress}; } #========================================== # Authorization subroutines #========================================== sub BuildRegistrationCode { my ($this, @strs) = @_; my $date = time(); srand(); my $s = $date . int(rand(1000)); for(my $i = 0 ; $i < @strs ; $i++) { $s .= $strs[$i]; } return $s; } sub Crypt { my ($this, $s) = @_; $s = Utils::Crypt($this->CryptMethod(), $this->CryptPhrase(), $s); $s =~ s/[\+&\s]/@/g; return $s; } sub IsPrivilegedIPAddress { my ($this, $ip) = (@_); $ip = Utils::GetIPAddress() unless(defined $ip); my @PrivilegedIPAddress = $this->PrivilegedIPAddress(); for(my $i = 0 ; $i < @PrivilegedIPAddress ; $i++) { my ($IPAddress, $Level) = Utils::Split(":", $PrivilegedIPAddress[$i]); return $Level if($ip =~ /^$IPAddress$/); } return 0; } sub GetPrivilege { my ($this, $DB, $TableName, $AccountKey, $Account) = @_; my $ret = $DB->Search($TableName, "$AccountKey='$Account' order by sn", ""); my %Hit = $DB->GetNextHit(); return $Hit{Privilege}; } sub CheckPrivilege { my ($this, $DB, $TableName, $AccountKey, $Account, $priv, $Password) = @_; my $ret = $DB->Search($TableName, "$AccountKey='$Account' order by sn", ""); my %Hit = $DB->GetNextHit(); return 0 unless($Password eq $Hit{Password} or $Password eq $this->Crypt($Hit{Password})); return $Hit{Privilege} if($Hit{Privilege} =~ /$priv/i); return 0; } sub IsValidUser { my ($this, $App, $Account, $Password, $ShowMessage, $DB, $TableName, $AccountKey) = (@_); #print "a: $Account : $Password\n"; my $ip = Utils::GetIPAddress(); my @PrivilegedAccount = $this->PrivilegedAccount(); my @PrivilegedIPAddress = $this->PrivilegedIPAddress(); my $AllowNullIPAddress = $this->AllowNullIPAddress(); #print "P: @PrivilegedAccount : @PrivilegedIPAddress : $AllowNullIPAddress\n"; for(my $i = 0 ; $i < @PrivilegedAccount ; $i++) { my ($account, $pass, $level) = split(/:/, $PrivilegedAccount[$i]); #$App->H2("Acount[$account] Pass[$pass] Level[$level]"); my $CryptPassword = $this->Crypt($pass); if($account eq $Account and ($pass eq $Password or $CryptPassword eq $Password)) { return $level if($AllowNullIPAddress and $ip eq ''); my ($IPAddress, $Level); for(my $j = 0 ; $j < @PrivilegedIPAddress ; $j++) { ($IPAddress, $Level) = split(/:/, $PrivilegedIPAddress[$j]); #print "ip: [$ip] [$IPAddress]\n"; return $level if($ip =~ /^$IPAddress$/ and $Level <= $level); } $App->H2("IPAddress [$ip:$Level] is not allowed for priviledged access [$level].") if($ShowMessage); return -1; } } return 0 if(!$DB); #CodeとEMailのデータが一致するかどうかの確認。 #改竄による不正登録の防止 my $ret = $DB->Search($TableName, "$AccountKey='$Account' order by sn", "Password"); unless($ret) { $App->H2("Error: selelct!!"); return 0; } my $nHit = $DB->nHit(); if($nHit == 0){ $App->H2("Error: User [$Account] is not found."); return 0; } my %Hit = $DB->GetNextHit(); my $DBPassword = $Hit{Password}; if($Password eq '') { $App->H2("Error: Null Password is not allowed."); return 0; } my $CryptPassword = $App->Crypt($DBPassword); if($Password eq $DBPassword or $Password eq $CryptPassword){ return 5; } $App->H2("Error: Wrong password for $Account"); return 0; } 1;