#============================================================ # Authorization2 #============================================================ package Authorization2; use Exporter; use Common2; @ISA = qw(Exporter Common2); use strict; #========================================== # セキュリティ関係変数 #========================================== #暗号化の方法 "plain", "crypt", "md5", "sha1" #my $CryptMethod = "sha1"; #my $CryptPhrase = "xlAeASt"; #my $CheckPrivilegedIPAddress = 1; #権限者アカウント アカウント名:パスワード:権限レベル # "Admin:everybody:1", #権限者アカウントのアクセスを許可するIPアドレス: # ":"の後は許可する権限レベルの最高値 #my @PriviledgedIPAddress = ( # "127.0.0.1:1", # サーバー自身 # "192.168.1.160:1", # Kamiya2 # ); #============================================================ # コンストラクタ、デストラクタ #============================================================ BEGIN { } sub new { my ($module, @args) = @_; my $this = $module; if($this !~ /^HASH=/) { $this = {}; bless $this; } $this->Initialize(); Common2::new($this, @args); return $this; } sub DESTROY { my $this = shift; # $this->SUPER::DESTROY(@_); } sub Initialize { my ($this) = @_; } #=============================================== # 一般固有関数 #=============================================== sub SetCryptMethod { my($this,$m)=@_; return $this->{CryptMethod}=$m; } sub CryptMethod { return shift->{CryptMethod}; } sub SetCryptPhrase { my($this,$p)=@_; return $this->{CryptPhrase}=$p; } sub CryptPhrase { return shift->{CryptPhrase}; } sub SetPriviledgedAccount { my($this,$pA)=@_; return $this->{PriviledgedAccount}=$pA; } sub PriviledgedAccount { my ($App) = @_; my $pA = $App->{PriviledgedAccount}; return @$pA; } sub SetPriviledgedIPAddress { my($this,$pIP)=@_; return $this->{PriviledgedIPAddress}=$pIP; } sub PriviledgedIPAddress { my ($App) = @_; my $pP = $App->{PriviledgedIPAddress}; return @$pP; } sub SetAllowNullIPAddress { my($this,$a)=@_; return $this->{AllowNullIPAddress} = $a; } sub AllowNullIPAddress { return shift->{AllowNullIPAddress}; } sub LogonLevel { return shift->{LogonLevel}; } #========================================== # Authorization subroutines #========================================== sub BuildRegistrationCode { my ($this, @strs) = @_; my $date = time(); srand(); my $s = $date . int(rand(1000)); for(my $i = 0 ; $i < @strs ; $i++) { $s .= $strs[$i]; } return $s; } sub Crypt { my ($this, $s) = @_; $s = Utils::Crypt($this->CryptMethod(), $this->CryptPhrase(), $s); $s =~ s/[\+&\s]/@/g; return $s; } sub IsPrivilegedIPAddress { my ($this, $ip) = (@_); $ip = Utils::GetIPAddress() unless(defined $ip); my @PriviledgedIPAddress = $this->PriviledgedIPAddress(); for(my $i = 0 ; $i < @PriviledgedIPAddress ; $i++) { my ($IPAddress, $Level) = Utils::Split(":", $PriviledgedIPAddress[$i]); return $Level if($ip =~ /^$IPAddress$/); } return 0; } sub GetPrivilege { my ($this, $DB, $TableName, $AccountKey, $Account) = @_; my $ret = $DB->Search($TableName, "$AccountKey='$Account' order by sn", ""); my %Hit = $DB->GetNextHit(); return $Hit{Privilege}; } sub CheckPrivilege { my ($this, $DB, $TableName, $AccountKey, $Account, $priv, $Password) = @_; my $ret = $DB->Search($TableName, "$AccountKey='$Account' order by sn", ""); my %Hit = $DB->GetNextHit(); return 0 unless($Password eq $Hit{Password} or $Password eq $this->Crypt($Hit{Password})); return $Hit{Privilege} if($Hit{Privilege} =~ /$priv/i); return 0; } sub GetLogonLevel { my ($this, @args) = @_; $this->ReadKeyedArgs(@args); my $App = $this->{Application}; my $Account = $this->{Account}; my $Password = $this->{Password}; my $ShowMessage = $this->{ShowMessage}; my $DB = $this->{DB}; my $TableName = $this->{TableName}; my $AccountKey = $this->{AccountKey}; #$App->H2("Arg: Acount[$Account] Pass[$Password]"); $this->{LogonLevel} = 0; my $ip = Utils::GetIPAddress(); my @PriviledgedAccount = $this->PriviledgedAccount(); my @PriviledgedIPAddress = $this->PriviledgedIPAddress(); my $AllowNullIPAddress = $this->AllowNullIPAddress(); #print "P: @PriviledgedAccount : @PriviledgedIPAddress : $AllowNullIPAddress\n"; for(my $i = 0 ; $i < @PriviledgedAccount ; $i++) { my ($account, $pass, $level) = split(/:/, $PriviledgedAccount[$i]); #$App->H2("in Array: Acount[$account] Pass[$pass] Level[$level]"); my $CryptPassword = $this->Crypt($pass); if($account eq $Account and ($pass eq $Password or $CryptPassword eq $Password)) { #$App->print("passed\n"); return $level if($AllowNullIPAddress and $ip eq ''); my ($IPAddress, $Level); for(my $j = 0 ; $j < @PriviledgedIPAddress ; $j++) { ($IPAddress, $Level) = split(/:/, $PriviledgedIPAddress[$j]); #print "ip in array: [$ip] [$IPAddress] [$Level]\n"; if($ip =~ /^$IPAddress$/ and $Level <= $level) { $App->H2("User [$Account] logons as a privileged user [$level] from [$ip].") if($ShowMessage); return $this->{LogonLevel} = $level; } } $App->H2("IPAddress [$ip:$Level] is not allowed for priviledged access [$level].") if($ShowMessage); $this->{LogonLevel} = 0; return -1; } } if(!$DB) { my $Level = 0; $App->H2("User [$Account] is not allowed for privileged access [$Level] from [$ip]."); return $this->{LogonLevel} = $Level; } #CodeとEMailのデータが一致するかどうかの確認。 #改竄による不正登録の防止 my $ret = $DB->Search($TableName, "$AccountKey='$Account' order by sn", "Password"); unless($ret) { $App->H2("DB Error: User [$Account] could not be searched."); return $this->{LogonLevel} = 0; } my $nHit = $DB->nHit(); if($nHit == 0){ $App->H2("User [$Account] is not found."); return $this->{LogonLevel} = 0; } my %Hit = $DB->GetNextHit(); my $DBPassword = $Hit{Password}; if($Password eq '') { $App->H2("Error: Null Password is not allowed."); return $this->{LogonLevel} = 0; } my $CryptPassword = $App->Crypt($DBPassword); if($Password eq $DBPassword or $Password eq $CryptPassword){ my $level = 5; $App->H2("$Account logon as a privileged user [$level] from [$ip].") if($ShowMessage); return $this->{LogonLevel} = 5; } $App->H2("Error: Wrong password for $Account"); return $this->{LogonLevel} = 0; } 1;