X-Git-Url: https://git.defcon.no/?a=blobdiff_plain;f=api%2Flib%2Fauth_base.php;h=bb3c26fa411e8931be33454f140ea6f0313d66d6;hb=49718d337c37e2a3c06d751dc980fe9401277c2a;hp=97e557f9d4e63e0878f0dd50b93549ef718296f1;hpb=6496a650839b71ea7bfaab1b3b461886de4475a8;p=hermes

diff --git a/api/lib/auth_base.php b/api/lib/auth_base.php
index 97e557f..bb3c26f 100644
--- a/api/lib/auth_base.php
+++ b/api/lib/auth_base.php
@@ -252,7 +252,7 @@ function add_apikey ( $host, $level )
 
 	// Try to add the new key to authorizations first. If this
 	// fails, there will be the least amount of data to clean up ...
-	if ( ! update_authorization( $key, $level ) ) return false;
+	if ( ! update_authorization( "key", $key, $level ) ) return false;
 
 	$query = sprintf("INSERT INTO %s ( host, apikey ) VALUES ( '%s', '%s' )",
 		$config['apikeys_table'],
@@ -301,7 +301,8 @@ function list_apikeys ()
 	global $config;
 	$query = sprintf("SELECT k.apikey AS apikey, k.host AS host, 
 				a.access_level AS access_level 
-				FROM %s k INNER JOIN %s a ON k.apikey = a.authid",
+				FROM %s k INNER JOIN %s a ON k.apikey = a.authid
+				WHERE a.type = 'key'",
 			$config['apikeys_table'], 
 			$config['authorizations_table']);
 	$list = array();
@@ -318,14 +319,49 @@ function list_apikeys ()
 	return $list;
 
 }
-function update_authorization( $authid, $level )
+
+function list_authusers ()
+{
+	global $config;
+	$query = sprintf("SELECT authid, access_level
+				FROM %s
+				WHERE type = 'user'",
+			$config['authorizations_table']);
+	$list = array();
+	$result = sql_dbquery( $config['provision_db'], $query);
+	if ( ! $result ) return $list; 
+	while ( $row = @mysql_fetch_assoc( $result ) )
+	{
+		$username = $row['authid'];
+		$user_data = authuser_getinfo( $username );
+
+		// TODO: Remove invalid users here?
+		if ( ! $user_data ) continue;
+
+		array_push( $list, array(
+			'user' => $username,
+			'name' => $user_data['name'],
+			'email' => $user_data['email'],
+			'level' => authlevel_name( $row['access_level'] )
+		));
+	}
+	return $list;
+
+}
+
+
+
+function update_authorization( $type, $authid, $level )
 {
 	global $config;
 	if ( !is_numeric($level) ) return false;
-	$query = sprintf("INSERT INTO %s ( authid, access_level ) VALUES ( '%s', %d )
+	if ( ($type != "key") && ($type != "user") ) return false;
+
+	$query = sprintf("INSERT INTO %s ( authid, type, access_level ) VALUES ( '%s', '%s', %d )
 			ON DUPLICATE KEY UPDATE access_level=%d",
 		$config['authorizations_table'],
 		sql_clean($authid),
+		$type,
 		$level, $level);
 	if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
 	return true;
@@ -348,7 +384,7 @@ function get_authorization( $type, $authid )
 	global $config;
 
 	// If API-key is used, but key fails verification, write is impossible.
-	if ( ( $type == "key" ) && ( ! verify_apikey( $authid ) ) )
+	if ( ( $type == "key" ) && ( ! verify_apikey( $authid, true ) ) )
 		return false;
 
 	// If User-login is used, but backend is unable to provide info, fail.
@@ -373,7 +409,7 @@ function can_write ( )
 	// Stub, to be called on any API nodes that write data in the DB.
 	$authid = $_SESSION['authid'];
 	$type   = $_SESSION['type'];
-	
+
 	$level = get_authorization( $type, $authid );
 	if ( $level >= authlevel_value('read_write') ) return $level;
 	else return false;