#!/usr/bin/tclsh
#
# This file is part of Helga.
#
# Helga is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Helga is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Helga. If not, see .
#
#
# Helga Authentication Script
#
# Runs the shell script helgaAuth.sh to get a password because Tcl
# can't hide passwords
if { $argc < 1 } {
puts "Usage: helgaAuth.tclsh \[\]"
exit 1
}
set user [lindex $argv 0]
set pass [lindex $argv 1]
package require mysqltcl
package require md5
set dirName [file dirname [file normalize $argv0]]
source "$dirName/sourceConf.tcl"
if { [catch "::mysql::connect -user helgaAdmin -password $::ADMINSQLPASS -db $::SQLDB" db] } {
error "Error: $db"
}
set sql "SELECT a.`assetId` FROM `users` u, `assets` a WHERE a.`assetName` = '$user' AND a.`assetId` = u.`assetId` AND u.`password` "
if { $pass == "" } {
append sql "IS NULL OR u.`password` = ''"
} else {
append sql "= '$pass'"
}
set result ""
set result [::mysql::sel $db $sql -list]
if { $result == "" } {
set sql "SELECT * FROM `users` u, `assets` a WHERE a.`assetName` = '$user' AND a.`assetId` = u.`assetId`"
set result ""
set result [::mysql::sel $db $sql -list]
if { $result == "" } {
puts [list nouser "" ""]
} else {
puts [list wrongpass "" ""]
}
} else {
if { [catch "::mysql::connect -user helgaAdmin -password $::ADMINSQLPASS -db $::SQLDB" db] } {
error "Error: $db"
}
set sql "SELECT a.`assetId` FROM `assets` a, `users` u WHERE a.`assetName` = '$user' AND a.`assetId` = u.`assetId`"
set result [::mysql::sel $db $sql -list]
if { $result == "" } {
error "Error: no user found with name $userName."
}
set userId [lindex [lindex $result 0] 0]
#
# We'll need the current time twice, so we'll get it and store it.
#
set currentTime [clock seconds]
#
# Generate a unique session ID. This is done by running the current
# unix time through md5 encryption.
#
set sessionId [::md5::md5 -hex $currentTime]
#
# Find an open port, in case it's a web user that will be needing to
# send commands to the Shell remotely.
#
set portNum 5000
#
# Set a reasonable limit in case there's some other problem so this
# script doesn't go into an infinite loop.
#
set maxNum 7000
proc blah {} {}
while { [catch "socket -server blah $portNum" sock] } {
incr portNum
if { $portNum >= $maxNum } {
error "Error: $sock"
}
}
close $sock
#
# Add the row to the database.
#
set sql "INSERT INTO `sessions` ( `sessionId`, `userId`, `timestamp`, `portNumber` ) VALUES ( '$sessionId', $userId, $currentTime, $portNum );"
::mysql::exec $db $sql
set sql "SELECT p.`permLevel` FROM `assets` a, `permissions` p WHERE a.`assetName` = '$user' AND a.`assetId` = p.`userId` ORDER BY p.`permLevel` DESC LIMIT 1"
set result [::mysql::sel $db $sql -list]
if { $result == "" } {
set highestPermLevel guest
} else {
set highestPermLevel [lindex [lindex $result 0] 0]
}
set permCap [string toupper $highestPermLevel 0 0]
set permUpper [string toupper $highestPermLevel]
set userVarName helga$permCap
set user [set userVarName]
set passVarName ${permUpper}SQLPASS
if { [info vars $passVarName] != "" } {
set pass [set $passVarName]
} else {
set pass ""
}
set out [list $sessionId $user $pass]
puts $out
}