scottk/sysadm
1
0
Fork 0
mirror of https://github.com/outbackdingo/sysadm.git synced 2026-03-20 16:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ae716ebfcbddf0bbe0fc09869aaad5acbb648ad
sysadm/src/server/AuthorizationManager.h
Ken Moore 1ae716ebfc Add IP blacklisting to the sysadm server. 
Current Settings:
1) 5 auth attempts allowed before failover
2) If no communications for 10 minutes, the failover counter gets reset
3) On failover - the IP is placed on the server blacklist for 1 hour
Note: The blacklist system is connection independant, and uses the host IP for unique tracking/blocking.
2016-01-21 10:12:13 -05:00

56 lines
1.6 KiB
C++
Raw Blame History

// ===============================
// PC-BSD REST/JSON API Server
// Available under the 3-clause BSD License
// Written by: Ken Moore <ken@pcbsd.org> July 2015
// =================================
#ifndef _PCBSD_REST_AUTHORIZATION_MANAGER_H
#define _PCBSD_REST_AUTHORIZATION_MANAGER_H
#include "globals-qt.h"
class AuthorizationManager : public QObject{
Q_OBJECT
public:
AuthorizationManager();
~AuthorizationManager();
// == Token Interaction functions ==
void clearAuth(QString token); //clear an authorization token
bool checkAuth(QString token); //see if the given token is valid
bool hasFullAccess(QString token); //see if the token is associated with a full-access account
int checkAuthTimeoutSecs(QString token); //Return the number of seconds that a token is valid for
// == Token Generation functions
QString LoginUP(QHostAddress host, QString user, QString pass); //Login w/ username & password
QString LoginService(QHostAddress host, QString service); //Login a particular automated service
private:
QHash<QString, QDateTime> HASH;
QHash <QString, QDateTime> IPFAIL;
QString generateNewToken(bool isOperator);
QStringList getUserGroups(QString user);
//Failure count management
bool BumpFailCount(QString host);
void ClearHostFail(QString host);
//token->hashID filter simplification
QString hashID(QString token){
QStringList tmp = QStringList(HASH.keys()).filter(token+"::::");
if(tmp.isEmpty()){ return ""; }
else{ return tmp.first(); }
}
//PAM login/check files
bool pam_checkPW(QString user, QString pass);
void pam_logFailure(int ret);
signals:
void BlockHost(QHostAddress); //block a host address temporarily
};
#endif
Reference in New Issue View Git Blame Copy Permalink