status_t
Inode::OpenAttr(const char* _name, int mode, OpenAttrCookie* cookie,
bool create, int32 type)
{
ASSERT(_name != NULL);
ASSERT(cookie != NULL);
(void)type;
status_t result = LoadAttrDirHandle();
if (result != B_OK)
return result;
char* name = AttrToFileName(_name);
if (name == NULL)
return B_NO_MEMORY;
MemoryDeleter nameDeleter(name);
OpenDelegationData data;
data.fType = OPEN_DELEGATE_NONE;
OpenState* state = new OpenState;
if (state == NULL)
return B_NO_MEMORY;
state->fFileSystem = fFileSystem;
result = NFS4Inode::OpenAttr(state, name, mode, &data, create);
if (result != B_OK) {
delete state;
return result;
}
fFileSystem->AddOpenFile(state);
cookie->fOpenState = state;
cookie->fFileSystem = fFileSystem;
cookie->fMode = mode;
if (data.fType != OPEN_DELEGATE_NONE) {
Delegation* delegation
= new(std::nothrow) Delegation(data, this, state->fClientID, true);
if (delegation != NULL) {
delegation->fInfo = state->fInfo;
delegation->fFileSystem = fFileSystem;
state->fDelegation = delegation;
fFileSystem->AddDelegation(delegation);
}
}
if (create || (mode & O_TRUNC) == O_TRUNC) {
struct stat st;
st.st_size = 0;
WriteStat(&st, B_STAT_SIZE, cookie);
}
return B_OK;
}
QTSS_Error Authorize(QTSS_StandardRTSP_Params* inParams)
{
OSMutexLocker locker(sAuthMutex);
QTSS_RTSPRequestObject theRTSPRequest = inParams->inRTSPRequest;
if ( (NULL == inParams) || (NULL == inParams->inRTSPRequest) )
{
debug_printf("QTSSDSAuthModule - Authorize inParams: Error");
return QTSS_RequestFailed;
}
//get the local file path
char* pathBuffStr = NULL;
QTSS_Error theErr = QTSS_GetValueAsString(theRTSPRequest, qtssRTSPReqLocalPath, 0, &pathBuffStr);
QTSSCharArrayDeleter pathBuffDeleter(pathBuffStr);
if (theErr != QTSS_NoErr)
{
debug_printf("QTSSDSAuthModule - Authorize [QTSS_GetValueAsString]: Error %"_S32BITARG_"", theErr);
return QTSS_RequestFailed;
}
//get the root movie directory
char* movieRootDirStr = NULL;
theErr = QTSS_GetValueAsString(theRTSPRequest,qtssRTSPReqRootDir, 0, &movieRootDirStr);
OSCharArrayDeleter movieRootDeleter(movieRootDirStr);
if (theErr != QTSS_NoErr)
{
debug_printf("QTSSDSAuthModule - Authorize[QTSS_GetValueAsString]: Error %"_S32BITARG_"", theErr);
return false;
}
//check if this user is allowed to see this movie
DSAccessFile accessFile;
Bool16 allowNoAccessFiles = sAllowGuestDefaultEnabled; //no access files allowed means allowing guest access (unknown users)
Bool16 allowAnyUser = false;
QTSS_ActionFlags noAction = ~qtssActionFlagsRead; //only handle read
QTSS_ActionFlags authorizeAction = QTSSModuleUtils::GetRequestActions(theRTSPRequest);
Bool16 authorized =false;
Bool16 saclUser = false;
char *name = NULL;
(void) QTSS_GetValueAsString (theRTSPRequest,qtssRTSPReqUserName,0, &name);
OSCharArrayDeleter nameDeleter(name);
if (sAllowGuestDefaultEnabled) // if guest access is on, sacls are ignored.
{
authorized = true;
}
else
{ int result = check_sacl(name);
switch (result)
{
case kSACLAuthorized: authorized = true;
break;
case kSACLUnknownUser: authorized = false; //set this to true to allow file based and other non-directory service users access, when SACLs are enabled in the system for QTSS.
break;
case kSACLNotAuthorized: authorized = false;
break;
case kSACLAnyUser: authorized = true;
break;
default: authorized = false;
}
debug_printf("QTSSDSAuthModule:Authorize sacl_check result=%d for %s authorized = %d\n",result, name, authorized);
if (false == authorized)
saclUser = true;
}
Bool16 foundUser = false;
Bool16 passwordOK = false; //::AuthenticateRequest(inParams, pathBuffStr, movieRootDirStr, &sRealmNameStr, &foundUser);
if (authorized) //have to be authorized by sacls or guest first before qtaccess file checks can allow or disallow.
{
theErr = accessFile.AuthorizeRequest(inParams,allowNoAccessFiles, noAction, authorizeAction,&authorized, &allowAnyUser);
debug_printf("QTSSDSAuthModule:Authorize AuthorizeRequest() returned authorized=%d allowAnyUser=%d\n", authorized, allowAnyUser);
}
debug_printf("QTSSDSAuthModule:Authorize AuthenticateRequest() returned passwordOK=%d foundUser=%d authorized=%d allowAnyUser=%d\n", passwordOK ,foundUser, authorized,allowAnyUser);
Bool16 allowRequest = authorized;
Bool16 authHandled = true;
if(!(authorizeAction & qtssActionFlagsRead)) //not for us
{
debug_printf("QTSSDSAuthModule:Authorize(qtssActionFlagsRead) not handled do nothing.\n");
}
else if (allowRequest)
{
debug_printf("QTSSDSAuthModule:Authorize() succeeded.\n");
theErr = QTSSModuleUtils::AuthorizeRequest(theRTSPRequest, &allowRequest, &foundUser, &authHandled);
debug_printf("QTSSDSAuthModule:Authorize allowRequest=%d founduser=%d authHandled=%d\n", allowRequest, foundUser, authHandled);
}
else //request denied
{
debug_printf("QTSSDSAuthModule:Authorize() failed.\n");
foundUser = saclUser;
authHandled = true;
theErr = QTSSModuleUtils::AuthorizeRequest(theRTSPRequest, &allowRequest, &foundUser, &authHandled);
debug_printf("QTSSDSAuthModule:Authorize allowRequest=%d founduser=%d authHandled=%d saclUser=%d\n", allowRequest, foundUser, authHandled,saclUser);
}
return theErr;
}
