virtual void copyTo(ISecUser& destination)
{
destination.setAuthenticateStatus(getAuthenticateStatus());
destination.setName(getName());
destination.setFullName(getFullName());
destination.setFirstName(getFirstName());
destination.setLastName(getLastName());
destination.setEmployeeID(getEmployeeID());
destination.setRealm(getRealm());
destination.setFqdn(getFqdn());
destination.setPeer(getPeer());
destination.credentials().setPassword(credentials().getPassword());
destination.credentials().setSessionToken(credentials().getSessionToken());
destination.credentials().setSignature(credentials().getSignature());
CDateTime exp;
credentials().getPasswordExpiration(exp);
destination.credentials().setPasswordExpiration(exp);
CDateTime tmpTime;
destination.setPasswordExpiration(getPasswordExpiration(tmpTime));
destination.setStatus(getStatus());
CriticalBlock b(crit);
Owned<IPropertyIterator> Itr = m_parameters->getIterator();
ForEach(*Itr)
{
destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey()));
}
// DBGLOG("Copied name %s to %s",getName(),destination.getName());
}
int main(int argc, char *argv[])
{
qSetMessagePattern(QLatin1String(
"%{if-warning}\x1b[35m%{endif}"
"%{if-critical}\x1b[31m%{endif}"
"%{if-fatal}\x1b[1;31m%{endif}"
"%{time HH:mm:ss.zzz} "
//"%{appname} %{pid} %{threadid} "
"%{type} "
//"%{file}:%{line} %{function} "
"%{if-category}%{category} %{endif}%{message}"
"\x1b[0m"
));
QCoreApplication app(argc, argv);
const QString accessKeyId = QString::fromLocal8Bit(qgetenv("AWS_ACCESS_KEY_ID"));
const QString secretAccessKey = QString::fromLocal8Bit(qgetenv("AWS_SECRET_ACCESS_KEY"));
if ((accessKeyId.isEmpty()) || (secretAccessKey.isEmpty())) {
std::cerr << "Missing credentials" << std::endl;
exit(1);
}
AwsBasicCredentials credentials(accessKeyId, secretAccessKey);
QNetworkAccessManager manager;
SqsClient sqs(AwsRegion::AP_Southeast_2, &credentials, &manager);
SqsCreateQueueResponse * response =
sqs.createQueue(QLatin1String("libqtaws-test-queue"));
QObject::connect(response, SIGNAL(finished()), &app, SLOT(quit()));
return (response) ? app.exec() : 1;
}
void Application::slotCheckConnection()
{
Account *account = AccountManager::instance()->account();
if( account ) {
if (account->state() == Account::InvalidCredidential
|| account->state() == Account::SignedOut) {
//Do not try to connect if we are logged out
if (!_userTriggeredConnect)
return;
}
AbstractCredentials* credentials(account->credentials());
if (! credentials->ready()) {
connect( credentials, SIGNAL(fetched()),
this, SLOT(slotCredentialsFetched()), Qt::UniqueConnection);
credentials->fetch(account);
} else {
slotCredentialsFetched();
}
} else {
// let gui open the setup wizard
_gui->slotOpenSettingsDialog( true );
}
}
void TestAwsBasicCredentials::expiration()
{
// Basic credentials never expire.
AwsBasicCredentials credentials(QLatin1String(""), QLatin1String(""));
QTest::ignoreMessage(QtWarningMsg, "AwsAbstractCredentials: expiration should not be invoked on non-refreshable objects ");
QVERIFY(credentials.expiration().isNull());
}
void TestAwsBasicCredentials::refresh()
{
// Basic credentials are not refreshable.
AwsBasicCredentials credentials(QLatin1String(""), QLatin1String(""));
QTest::ignoreMessage(QtWarningMsg, "AwsAbstractCredentials: refresh should not be invoked on non-refreshable objects ");
QVERIFY(!credentials.refresh());
}
void Account::setCredentials(AbstractCredentials *cred)
{
// set active credential manager
QNetworkCookieJar *jar = 0;
if (_am) {
jar = _am->cookieJar();
jar->setParent(0);
_am->deleteLater();
}
if (_credentials) {
credentials()->deleteLater();
}
// The order for these two is important! Reading the credential's
// settings accesses the account as well as account->_credentials
_credentials = cred;
cred->setAccount(this);
_am = _credentials->getQNAM();
if (jar) {
_am->setCookieJar(jar);
}
connect(_am, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)),
SLOT(slotHandleErrors(QNetworkReply*,QList<QSslError>)));
connect(_credentials, SIGNAL(fetched()),
SLOT(slotCredentialsFetched()));
}
virtual void copyTo(ISecUser& destination)
{
destination.setAuthenticateStatus(getAuthenticateStatus());
destination.setName(getName());
destination.setFullName(getFullName());
destination.setFirstName(getFirstName());
destination.setLastName(getLastName());
destination.setRealm(getRealm());
destination.setFqdn(getFqdn());
destination.setPeer(getPeer());
destination.credentials().setPassword(credentials().getPassword());
CDateTime tmpTime;
destination.setPasswordExpiration(getPasswordExpiration(tmpTime));
destination.setStatus(getStatus());
if(m_parameters.get()==NULL)
return;
CriticalBlock b(crit);
Owned<IPropertyIterator> Itr = m_parameters->getIterator();
Itr->first();
while(Itr->isValid())
{
destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey()));
Itr->next();
}
//addToken is not currently implemented....
// DBGLOG("Copied name %s to %s",getName(),destination.getName());
}
QString WebClient::request(
const QString& email,
const QString& password)
{
QStringList args("--login-auth");
// hash password in case it contains interesting chars.
QString credentials(email + ":" + hash(password) + "\n");
return m_CoreInterface.run(args, credentials);
}
// -----------------------------------------------------------------------------
// RSIPSecChallengeResolver::PrepareCache
// Ignore challenges that match a cache entry, but have different algorithm.
// Then check if any matching cache entries must be removed.
// -----------------------------------------------------------------------------
//
void RSIPSecChallengeResolver::PrepareCache( const MSIPSecUser& aUser )
{
TRegistrationId regId = iContext->RegistrationId();
CSIPSecDigestCacheEntry* entry( NULL );
CSIPSecCredentials* credentials( NULL );
TInt i( 0 );
// Start search from the end of the array, so if a challenge is removed, it
// won't affect the position of challenges that haven't yet been checked.
for ( i = Count() - 1; i >= 0; i-- )
{
CSIPSecChallenge* challenge = ( *this )[ i ];
TSIPSecDigestCacheIterator iterator( *iContext );
iContext->Cache().InitializeIterator( iterator );
while ( ( entry = iterator.Next() ) != NULL && challenge )
{
credentials = static_cast< CSIPSecCredentials* >( entry );
if ( credentials->DoesMatch( *challenge, aUser, regId ) &&
MixedAlgorithms( *credentials, *challenge ))
{
Remove( i );
delete challenge;
challenge = NULL; // exits while-loop
}
}
}
for ( i = 0; i < Count(); i++ )
{
CSIPSecChallenge* challenge = ( *this )[ i ];
TSIPSecDigestCacheIterator iterator( *iContext );
iContext->Cache().InitializeIterator( iterator );
while ( ( entry = iterator.Next() ) != NULL )
{
credentials = static_cast< CSIPSecCredentials* >( entry );
if ( credentials->Type( *iContext ) == CSIPSecDigest::EProxy )
{
__SIP_ASSERT_RETURN(
credentials->IsUsedByUser(iContext->SIPSecUser(),
ETrue,
regId ),
KErrGeneral );
}
if ( credentials->DoesMatch( *challenge, aUser, regId ) &&
credentials->ChallengeReceived( *challenge ) )
{
iContext->Cache().RemoveEntry( *credentials );
}
}
}
RemoveObsoleteAKAEntries();
}
bool
TwitterAccount::refreshTwitterAuth()
{
qDebug() << Q_FUNC_INFO << " begin";
if( !m_twitterAuth.isNull() )
delete m_twitterAuth.data();
Q_ASSERT( TomahawkUtils::nam() != 0 );
tDebug() << Q_FUNC_INFO << " with nam " << TomahawkUtils::nam();
m_twitterAuth = QPointer< TomahawkOAuthTwitter >( new TomahawkOAuthTwitter( TomahawkUtils::nam(), this ) );
if( m_twitterAuth.isNull() )
return false;
m_twitterAuth.data()->setOAuthToken( credentials()[ "oauthtoken" ].toString().toLatin1() );
m_twitterAuth.data()->setOAuthTokenSecret( credentials()[ "oauthtokensecret" ].toString().toLatin1() );
return true;
}
TEST_F(AwsUtilTests, test_get_credentials) {
// Set a good path for the credentials file
std::string profile_path = kTestDataPath + "/aws/credentials";
setenv(kAwsProfileFileEnvVar, profile_path.c_str(), true);
// Clear any values for the other AWS env vars
unsetenv(kAwsAccessKeyEnvVar);
unsetenv(kAwsSecretKeyEnvVar);
OsqueryAWSCredentialsProviderChain provider;
Aws::Auth::AWSCredentials credentials("", "");
FLAGS_aws_access_key_id = "FLAG_ACCESS_KEY_ID";
FLAGS_aws_secret_access_key = "flag_secret_key";
// With the flags set, those credentials should be used
provider = OsqueryAWSCredentialsProviderChain();
credentials = provider.GetAWSCredentials();
ASSERT_EQ("FLAG_ACCESS_KEY_ID", credentials.GetAWSAccessKeyId());
ASSERT_EQ("flag_secret_key", credentials.GetAWSSecretKey());
FLAGS_aws_access_key_id = "";
FLAGS_aws_secret_access_key = "flag_secret_key";
// With the flags set improperly, the profile should be used
provider = OsqueryAWSCredentialsProviderChain();
credentials = provider.GetAWSCredentials();
ASSERT_EQ("DEFAULT_ACCESS_KEY_ID", credentials.GetAWSAccessKeyId());
ASSERT_EQ("default_secret_key", credentials.GetAWSSecretKey());
FLAGS_aws_access_key_id = "FLAG_ACCESS_KEY_ID";
FLAGS_aws_secret_access_key = "";
// With the flags set improperly, the profile should be used
provider = OsqueryAWSCredentialsProviderChain();
credentials = provider.GetAWSCredentials();
ASSERT_EQ("DEFAULT_ACCESS_KEY_ID", credentials.GetAWSAccessKeyId());
ASSERT_EQ("default_secret_key", credentials.GetAWSSecretKey());
// Clear flags
FLAGS_aws_access_key_id = "";
FLAGS_aws_secret_access_key = "";
setenv(kAwsAccessKeyEnvVar, "ENV_ACCESS_KEY_ID", true);
setenv(kAwsSecretKeyEnvVar, "env_secret_key", true);
// Now env variables should be the primary source
provider = OsqueryAWSCredentialsProviderChain();
credentials = provider.GetAWSCredentials();
ASSERT_EQ("ENV_ACCESS_KEY_ID", credentials.GetAWSAccessKeyId());
ASSERT_EQ("env_secret_key", credentials.GetAWSSecretKey());
FLAGS_aws_profile_name = "test";
provider = OsqueryAWSCredentialsProviderChain();
credentials = provider.GetAWSCredentials();
// Now the "test" profile should take precedence
ASSERT_EQ("TEST_ACCESS_KEY_ID", credentials.GetAWSAccessKeyId());
ASSERT_EQ("test_secret_key", credentials.GetAWSSecretKey());
}
TEST_FIXTURE(table_service_test_base, TableClient_BaseUriAndCredentials)
{
azure::storage::storage_uri base_uri(web::http::uri(U("https://myaccount.table.core.windows.net")), web::http::uri(U("https://myaccount-secondary.table.core.windows.net")));
azure::storage::storage_credentials credentials(U("devstoreaccount1"), U("Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="));
azure::storage::table_request_options default_request_options;
azure::storage::cloud_table_client client(base_uri, credentials);
CHECK(client.base_uri().primary_uri() == base_uri.primary_uri());
CHECK(client.base_uri().secondary_uri() == base_uri.secondary_uri());
CHECK(client.credentials().is_shared_key());
CHECK(client.default_request_options().payload_format() == azure::storage::table_payload_format::json);
}
void PasswordDialog::accept()
{
if( LogonAuthentication::authenticateUser( credentials() ) == false )
{
QMessageBox::critical( window(),
tr( "Authentication error" ),
tr( "Logon failed with given username and password. Please try again!" ) );
}
else
{
QDialog::accept();
}
}
void TestAwsBasicCredentials::setToken()
{
QFETCH(QString, token);
AwsBasicCredentials credentials(QLatin1String(""), QLatin1String(""));
const QString accessKeyId = credentials.accessKeyId();
const QString secretKey = credentials.secretKey();
credentials.setToken(token);
QCOMPARE(credentials.accessKeyId(), accessKeyId);
QCOMPARE(credentials.secretKey(), secretKey);
QCOMPARE(credentials.token(), token);
}
//------------------------------------------------------------------------------
bool ofxWebServerBaseRouteHandler::isValidRequest(const Settings& settings,
HTTPServerRequest& request,
HTTPServerResponse& response) {
string sessionId = "";
// extract cookie from request
NameValueCollection cookies;
request.getCookies(cookies);
NameValueCollection::ConstIterator it = cookies.find(settings.sessionCookieName);
if (it != cookies.end()) {
sessionId = it->second;
} else {
sessionId = ofxWebServerSessionManager::generateSessionKey(request);
HTTPCookie cookie(settings.sessionCookieName,sessionId);
cookie.setPath("/");
// set no age, so it expires @ end of session
response.addCookie(cookie);
}
// TODO: update session manager
URI uri(request.getURI());
const string path = uri.getPath(); // just get the path
if(settings.requireAuthentication) {
if(request.hasCredentials()) {
HTTPBasicCredentials credentials(request);
const string& user = credentials.getUsername();
const string& pwd = credentials.getPassword();
if(settings.username == credentials.getUsername() &&
settings.password == credentials.getPassword()) {
// add an authentication cookie?
return true;
} else {
response.setStatusAndReason(HTTPResponse::HTTP_UNAUTHORIZED);
sendErrorResponse(response);
return false;
}
} else {
response.requireAuthentication(settings.realm);
response.setContentLength(0);
response.send();
return false;
}
} else {
return true;
}
}
std::string Server::getStatsDocument() const {
std::ostringstream doc;
doc << "clear();" << std::endl;
for (auto it = _connections.begin(); it != _connections.end(); ++it) {
doc << "connection({";
auto connection = it->first;
jsonKeyPairToStream(doc,
"since", EpochTimeAsLocal(it->second),
"fd", connection->getFd(),
"id", reinterpret_cast<uint64_t>(connection),
"uri", connection->getRequestUri(),
"addr", formatAddress(connection->getRemoteAddress()),
"user", connection->credentials() ?
connection->credentials()->username : "******",
"input", connection->inputBufferSize(),
"read", connection->bytesReceived(),
"output", connection->outputBufferSize(),
"written", connection->bytesSent()
);
doc << "});" << std::endl;
}
return doc.str();
}
void
TwitterAccount::authenticateSlot()
{
tDebug() << Q_FUNC_INFO;
if ( m_twitterInfoPlugin.isNull() )
{
if ( infoPlugin() && Tomahawk::InfoSystem::InfoSystem::instance()->workerThread() )
{
infoPlugin().data()->moveToThread( Tomahawk::InfoSystem::InfoSystem::instance()->workerThread().data() );
Tomahawk::InfoSystem::InfoSystem::instance()->addInfoPlugin( infoPlugin() );
}
}
if ( m_isAuthenticating )
{
tDebug( LOGVERBOSE ) << Q_FUNC_INFO << "Already authenticating";
return;
}
tDebug() << Q_FUNC_INFO << "credentials: " << credentials().keys();
if ( credentials()[ "oauthtoken" ].toString().isEmpty() || credentials()[ "oauthtokensecret" ].toString().isEmpty() )
{
tDebug() << Q_FUNC_INFO << "TwitterSipPlugin has empty Twitter credentials; not connecting";
return;
}
if ( refreshTwitterAuth() )
{
m_isAuthenticating = true;
tDebug() << Q_FUNC_INFO << "Verifying credentials";
QTweetAccountVerifyCredentials *credVerifier = new QTweetAccountVerifyCredentials( m_twitterAuth.data(), this );
connect( credVerifier, SIGNAL( parsedUser( const QTweetUser & ) ), SLOT( connectAuthVerifyReply( const QTweetUser & ) ) );
credVerifier->verify();
}
}
bool AccountInfoPanel::apply()
{
// Apply service information changes
if (service) {
// Apply anonymity
if (service->isAnonymous() != anonymousCheckBox->isChecked() && anonymousCheckBox->isChecked()) {
userName->setText(QString());
password->setText(QString());
}
if (service->description() != descriptionLineEdit->text()) {
service->setDescription(descriptionLineEdit->text());
}
QVariantMap credentials(service->credentials());
bool credentialsModified = false;
if (credentials.value("password") != password->text()) {
credentials["password"] = password->text();
credentialsModified = true;
}
if (credentials.value("user") != userName->text()) {
credentials["user"] = userName->text();
credentialsModified = true;
}
if (credentialsModified) {
service->setCredentials(credentials);
}
if (service->isAnonymous() != anonymousCheckBox->isChecked()) {
service->setAnonymous(anonymousCheckBox->isChecked());
} else if (credentialsModified && service->isEnabled() && !service->isAnonymous()) {
// Reset and start a service in error
if (service->serviceState() == Service::ErrorState) {
service->reset();
service->start();
// Log off a started logged-in service
} else if (service->serviceState() == Service::StartedState && service->isLoggedIn() && service->logOut()) {
loop.exec();
}
service->logIn();
}
refreshInformation();
return true;
}
return false;
}
void CLdapSecUser::copyTo(ISecUser& destination)
{
CLdapSecUser* dest = dynamic_cast<CLdapSecUser*>(&destination);
if(!dest)
return;
dest->setAuthenticated(isAuthenticated());
dest->setName(getName());
dest->setFullName(getFullName());
dest->setFirstName(getFirstName());
dest->setLastName(getLastName());
dest->setRealm(getRealm());
dest->credentials().setPassword(credentials().getPassword());
dest->setUserSid(m_usersid.length(), m_usersid.toByteArray());
dest->setUserID(m_userid);
dest->setPasswordExpiration(m_passwordExpiration);
}
cloud_storage_account cloud_storage_account::parse_explicit_settings(std::map<utility::string_t, utility::string_t> settings)
{
utility::string_t blob_endpoint;
utility::string_t queue_endpoint;
utility::string_t table_endpoint;
get_setting(settings, blob_endpoint_setting_string, blob_endpoint);
get_setting(settings, queue_endpoint_setting_string, queue_endpoint);
get_setting(settings, table_endpoint_setting_string, table_endpoint);
storage_credentials credentials(get_credentials(settings));
if (settings.empty() && (!blob_endpoint.empty() || !queue_endpoint.empty() || !table_endpoint.empty()))
{
return cloud_storage_account(credentials,
blob_endpoint.empty() ? storage_uri() : storage_uri(web::http::uri(blob_endpoint)),
queue_endpoint.empty() ? storage_uri() : storage_uri(web::http::uri(queue_endpoint)),
table_endpoint.empty() ? storage_uri() : storage_uri(web::http::uri(table_endpoint)));
}
return cloud_storage_account();
}
// we use syntool to authenticate because Qt's http library is very
// unreliable, and since we're writing platform specific code, use the
// synergy code since there we can use integ tests.
QString PremiumAuth::request(const QString& email, const QString& password)
{
QString program(QCoreApplication::applicationDirPath() + "/syntool");
QStringList args("--premium-auth");
QProcess process;
process.setReadChannel(QProcess::StandardOutput);
process.start(program, args);
bool success = process.waitForStarted();
QString out, error;
if (success)
{
// hash password in case it contains interesting chars.
QString credentials(email + ":" + hash(password) + "\n");
process.write(credentials.toStdString().c_str());
if (process.waitForFinished()) {
out = process.readAllStandardOutput();
error = process.readAllStandardError();
}
}
out = out.trimmed();
error = error.trimmed();
if (out.isEmpty() ||
!error.isEmpty() ||
!success ||
process.exitCode() != 0)
{
throw std::runtime_error(
QString("Code: %1\nError: %2")
.arg(process.exitCode())
.arg(error.isEmpty() ? "Unknown" : error)
.toStdString());
}
return out;
}
void CLdapSecUser::copyTo(ISecUser& destination)
{
if (this == &destination)
return;
CLdapSecUser* dest = dynamic_cast<CLdapSecUser*>(&destination);
if(!dest)
return;
dest->setAuthenticateStatus(getAuthenticateStatus());
dest->setName(getName());
dest->setFullName(getFullName());
dest->setFirstName(getFirstName());
dest->setLastName(getLastName());
dest->setEmployeeID(getEmployeeID());
dest->setRealm(getRealm());
dest->credentials().setPassword(credentials().getPassword());
dest->setUserSid(m_usersid.length(), m_usersid.toByteArray());
dest->setUserID(m_userid);
dest->setPasswordExpiration(m_passwordExpiration);
dest->setDistinguishedName(m_distinguishedName);
dest->credentials().setSessionToken(&m_sessionToken);
dest->credentials().setSignature(&m_signature);
}
QVariant
CredentialsManager::credentials( const QString& serviceName, const QString& key ) const
{
return credentials( CredentialsStorageKey( serviceName, key ) );
}
void TestAwsBasicCredentials::isRefreshable()
{
// Basic credentials are not refreshable.
AwsBasicCredentials credentials(QLatin1String(""), QLatin1String(""));
QVERIFY(!credentials.isRefreshable());
}
void TestAwsBasicCredentials::isExpired()
{
// Basic credentials never expire.
AwsBasicCredentials credentials(QLatin1String(""), QLatin1String(""));
QVERIFY(!credentials.isExpired());
}
void HTTPHandler::processQuery(
Poco::Net::HTTPServerRequest & request,
HTMLForm & params,
Poco::Net::HTTPServerResponse & response,
Output & used_output)
{
Context context = server.context();
context.setGlobalContext(server.context());
CurrentThread::QueryScope query_scope(context);
LOG_TRACE(log, "Request URI: " << request.getURI());
std::istream & istr = request.stream();
/// Part of the query can be passed in the 'query' parameter and the rest in the request body
/// (http method need not necessarily be POST). In this case the entire query consists of the
/// contents of the 'query' parameter, a line break and the request body.
std::string query_param = params.get("query", "");
if (!query_param.empty())
query_param += '\n';
/// The user and password can be passed by headers (similar to X-Auth-*),
/// which is used by load balancers to pass authentication information.
std::string user = request.get("X-ClickHouse-User", "");
std::string password = request.get("X-ClickHouse-Key", "");
std::string quota_key = request.get("X-ClickHouse-Quota", "");
if (user.empty() && password.empty() && quota_key.empty())
{
/// User name and password can be passed using query parameters
/// or using HTTP Basic auth (both methods are insecure).
if (request.hasCredentials())
{
Poco::Net::HTTPBasicCredentials credentials(request);
user = credentials.getUsername();
password = credentials.getPassword();
}
else
{
user = params.get("user", "default");
password = params.get("password", "");
}
quota_key = params.get("quota_key", "");
}
else
{
/// It is prohibited to mix different authorization schemes.
if (request.hasCredentials()
|| params.has("user")
|| params.has("password")
|| params.has("quota_key"))
{
throw Exception("Invalid authentication: it is not allowed to use X-ClickHouse HTTP headers and other authentication methods simultaneously", ErrorCodes::REQUIRED_PASSWORD);
}
}
std::string query_id = params.get("query_id", "");
context.setUser(user, password, request.clientAddress(), quota_key);
context.setCurrentQueryId(query_id);
/// The user could specify session identifier and session timeout.
/// It allows to modify settings, create temporary tables and reuse them in subsequent requests.
std::shared_ptr<Context> session;
String session_id;
std::chrono::steady_clock::duration session_timeout;
bool session_is_set = params.has("session_id");
const auto & config = server.config();
if (session_is_set)
{
session_id = params.get("session_id");
session_timeout = parseSessionTimeout(config, params);
std::string session_check = params.get("session_check", "");
session = context.acquireSession(session_id, session_timeout, session_check == "1");
context = *session;
context.setSessionContext(*session);
}
SCOPE_EXIT({
if (session_is_set)
session->releaseSession(session_id, session_timeout);
});
