Skip to content

Latest commit

 

History

History
79 lines (61 loc) · 3.2 KB

Authentication.md

File metadata and controls

79 lines (61 loc) · 3.2 KB
Raw

Admin Console Authentication and Authorization

Authorization

Any authenticated user is authorized for all actions.

The restriction for authorization only applies to access to the Command Server (CMDSRV) and does not apply to read only data such as language codes and catalogs, which are open (see the list below).

Authentication

You can login as any sudoer or member of the admin_console_group, but Change Password only allows changing the password of the currently logged in useras the user field is read only.

Authentication Process

At Server Init:

  • Generate server public/private key pair and store

At Client Init:

  • Get server public key and store for future authentication
  • Generate client public/private key pair and store

Whenever Login Invalid:

  • Client prompts for Username and Password.
  • Client stores in authData object.
  • Client invokes the /iiab-cmd-service/auth/login end point.

To Authenticate (repeated for each transaction):

  • Client submits GET-NONCE.
  • Server generates nonce and stores for one time use.
  • Server returns nonce.
  • Client encrypts Username and Password packed as string U:P with server public key, client private key, and nonce.
  • Client sends encrypted credentials, nonce, and client public key to server in addition to any normal cmd and cmdArgs.
  • Before executing cmd:
  • Server decrypts credentials with server private key, nonce, and client public key.
  • Server authenticates against shadow file and returns unauthenticated status or cmd results.
  • Server removes nonce from list.

Logout

  • Client clears all authentication data and form.
  • Client reinitializes.

Change Password

  • Ux is as before.
  • Credentials are encrypted before sending to server.
  • uwsgi decrypts before sending to CMDSRV.

Icon File Upload

  • The upload form is protected by login.
  • The upload php script is not protected, but only uploads to a /library/working/uploads.
  • The process which moves the uploaded file to the menuing system is protected.
  • Uploaded files are examined for their type and rejected if not gif, jpg, or png.
  • The default maximum image size is 1M and has not been changed. (Set by nginx, not php.)

Caveats

  • Status Code 403 (unauthorized) is used for unathenticated. (Some use 401.)
  • Authentication is performed by the uswgi app as a wrapper to CMDSRV.
  • Authentication data is stored on the client in the authData structure.
  • Authorization data is transmitted encoded in base64 in the following http headers:
  • X-IIAB-Credentials: encryptedCredentials64
  • X-IIAB-Nonce: nonce64
  • X-IIAB-ClientKey: authData.clientPubKey64
  • Nonce uniqueness requires a single worker process for uwsgi or will need another permanent store for generated nonces.
  • Multiple threads are no problem and are used.
  • Login tokens, which are generated by the server upon successful login, are not used at this time but could be added. The advantage is that if an attacker gains access to the client they can only find a short lived access token instead of the password.

Functions that don't use sendcmdsrvcmd

  • getServerInfo
  • getLangCodes
  • readKiwixCatalog
  • readOer2goCatalog
  • readMapIdx
  • readMapCatalog
  • getContentMenuToEdit
  • getMenuItemDef
  • selectMenuItemIcon
  • upload-image.php