FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-03-10 09:16:53 +00:00
Code Issues Releases Wiki Activity

fhem.pl: Slight authorize/authenticate mods (Forum #46380)

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@10305 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2015-12-30 09:11:46 +00:00
parent f1480efad4
commit d70bb6273b
4 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
fhem/FHEM/96_allowed.pm
View File

@ -59,12 +59,13 @@ allowed_Authorize($$$$)
if($type eq "cmd") { if($type eq "cmd") {
return 0 if(!$me->{allowedCommands}); return 0 if(!$me->{allowedCommands});
return ($me->{allowedCommands} =~ m/\b$arg\b/) ? 1 : 2; # Return 0: allow stacking with other instances, see Forum#46380
return ($me->{allowedCommands} =~ m/\b$arg\b/) ? 0 : 2;
} }
if($type eq "devicename") { if($type eq "devicename") {
return 0 if(!$me->{allowedDevices}); return 0 if(!$me->{allowedDevices});
return ($me->{allowedDevices} =~ m/\b$arg\b/) ? 1 : 2; return ($me->{allowedDevices} =~ m/\b$arg\b/) ? 0 : 2;
} }
return 0; return 0;
@ -182,7 +183,12 @@ allowed_Attr(@)
<code>define &lt;name&gt; allowed &lt;deviceList&gt;</code> <code>define &lt;name&gt; allowed &lt;deviceList&gt;</code>
<br><br> <br><br>
Authorize execution of commands and modification of devices based on the Authorize execution of commands and modification of devices based on the
frontend used.<br> frontend used and/or authenticate users.<br><br>
If there are multiple instances defined, which are valid for a given
frontend device, then all authorizations must succeed. For authentication
it is sufficient when one of the instances succeeds.<br><br>
<b>Note:</b> this module should work as intended, but no guarantee <b>Note:</b> this module should work as intended, but no guarantee
can be given that there is no way to circumvent it.<br><br> can be given that there is no way to circumvent it.<br><br>
Examples: Examples:
@ -316,10 +322,17 @@ allowed_Attr(@)
Authorisiert das Ausf&uuml;hren von Kommandos oder das &Auml;ndern von Authorisiert das Ausf&uuml;hren von Kommandos oder das &Auml;ndern von
Ger&auml;ten abh&auml;ngig vom verwendeten Frontend.<br> Ger&auml;ten abh&auml;ngig vom verwendeten Frontend.<br>
Falls man mehrere allowed Instanzen definiert hat, die f&uuml;r dasselbe
Frontend verantwortlich sind, dann m&uuml;ssen alle Authorisierungen
genehmigt sein, um das Befehl ausf&uuml;hren zu k&ouml;nnen. Auf der
anderen Seite reicht es, wenn einer der Authentifizierungen positiv
entschieden wird. Die Pr&uuml;fungen werden in alphabetischer Reihenfolge
der Instanznamen ausgef&uuml;hrt. <br><br>
<b>Achtung:</b> das Modul sollte wie hier beschrieben funktionieren, <b>Achtung:</b> das Modul sollte wie hier beschrieben funktionieren,
allerdings k&ouml;nnen wir keine Garantie geben, da&szlig; man sie nicht allerdings k&ouml;nnen wir keine Garantie geben, da&szlig; man sie nicht
&uuml;berlisten, und Schaden anrichten kann. &uuml;berlisten, und Schaden anrichten kann.<br><br>
<br>
Beispiele: Beispiele:
<ul><code> <ul><code>
define allowedWEB allowed<br> define allowedWEB allowed<br>

4
fhem/FHEM/98_JsonList2.pm
View File

@ -81,10 +81,10 @@ CommandJsonList2($$)
if($param) { if($param) {
my @arg = split(" ", $param); my @arg = split(" ", $param);
$attr = $arg[1]; $attr = $arg[1];
@d = devspec2array($arg[0]); @d = devspec2array($arg[0],$cl);
} else { } else {
@d = keys %defs; @d = devspec2array(".*", $cl); # Needed for Authorization
$param=""; $param="";
} }

7
fhem/FHEM/98_XmlList.pm
View File

@ -47,17 +47,14 @@ CommandXmlList($$)
my $lt = ""; my $lt = "";
my %filter; my %filter;
if($param) { my @arr = devspec2array($param ? $param : ".*", $cl); # for Authorize
my @arr = devspec2array($param);
map { $filter{$_} = 1 } @arr; map { $filter{$_} = 1 } @arr;
}
delete($modules{""}) if(defined($modules{""})); # ???
for my $d (sort { my $x = $modules{$defs{$a}{TYPE}}{ORDER}.$defs{$a}{TYPE} cmp for my $d (sort { my $x = $modules{$defs{$a}{TYPE}}{ORDER}.$defs{$a}{TYPE} cmp
$modules{$defs{$b}{TYPE}}{ORDER}.$defs{$b}{TYPE}; $modules{$defs{$b}{TYPE}}{ORDER}.$defs{$b}{TYPE};
$x = ($a cmp $b) if($x == 0); $x; } keys %defs) { $x = ($a cmp $b) if($x == 0); $x; } keys %defs) {
next if(IsIgnored($d) || (%filter && !$filter{$d})); next if(IsIgnored($d) || !$filter{$d});
my $p = $defs{$d}; my $p = $defs{$d};
my $t = $p->{TYPE}; my $t = $p->{TYPE};
if($t ne $lt) { if($t ne $lt) {

10
fhem/fhem.pl
View File

@ -2115,7 +2115,7 @@ CommandList($$)
for my $d (sort { my $x=$modules{$defs{$a}{TYPE}}{ORDER}.$defs{$a}{TYPE} cmp for my $d (sort { my $x=$modules{$defs{$a}{TYPE}}{ORDER}.$defs{$a}{TYPE} cmp
$modules{$defs{$b}{TYPE}}{ORDER}.$defs{$b}{TYPE}; $modules{$defs{$b}{TYPE}}{ORDER}.$defs{$b}{TYPE};
$x=($a cmp $b) if($x == 0); $x; } keys %defs) { $x=($a cmp $b) if($x == 0); $x; } keys %defs) {
next if(IsIgnored($d)); next if(IsIgnored($d) || ($cl && !Authorized($cl,"devicename",$d)));
my $t = $defs{$d}{TYPE}; my $t = $defs{$d}{TYPE};
$str .= "\n$t:\n" if($t ne $lt); $str .= "\n$t:\n" if($t ne $lt);
$str .= sprintf(" %-20s (%s)\n", $d, $defs{$d}{STATE}); $str .= sprintf(" %-20s (%s)\n", $d, $defs{$d}{STATE});
@ -4537,6 +4537,7 @@ Each($$;$) # can be used e.g. in at, Forum #40022
################## ##################
# Return 1 if Authorized, else 0 # Return 1 if Authorized, else 0
# Note: AuthorizeFn's returning 1 are not stackable.
sub sub
Authorized($$$) Authorized($$$)
{ {
@ -4555,6 +4556,7 @@ Authorized($$$)
################## ##################
# Return 0 if not needed, 1 if authenticated, 2 if authentication failed # Return 0 if not needed, 1 if authenticated, 2 if authentication failed
# Loop until one Authenticate is ok
sub sub
Authenticate($$) Authenticate($$)
{ {
@ -4563,11 +4565,13 @@ Authenticate($$)
return 1 if(!$init_done || !$cl || !$cl->{SNAME}); # Safeguarding return 1 if(!$init_done || !$cl || !$cl->{SNAME}); # Safeguarding
RefreshAuthList() if($auth_refresh); RefreshAuthList() if($auth_refresh);
my $needed = 0;
foreach my $a (@authenticate) { foreach my $a (@authenticate) {
my $r = CallFn($a, "AuthenticateFn", $defs{$a}, $cl, $arg); my $r = CallFn($a, "AuthenticateFn", $defs{$a}, $cl, $arg);
return $r if($r); $needed = $r if($r);
return $r if($r == 1);
} }
return 0; return $needed;
} }
sub sub