virtual void copyTo(ISecUser& destination) { destination.setAuthenticateStatus(getAuthenticateStatus()); destination.setName(getName()); destination.setFullName(getFullName()); destination.setFirstName(getFirstName()); destination.setLastName(getLastName()); destination.setEmployeeID(getEmployeeID()); destination.setRealm(getRealm()); destination.setFqdn(getFqdn()); destination.setPeer(getPeer()); destination.credentials().setPassword(credentials().getPassword()); destination.credentials().setSessionToken(credentials().getSessionToken()); destination.credentials().setSignature(credentials().getSignature()); CDateTime exp; credentials().getPasswordExpiration(exp); destination.credentials().setPasswordExpiration(exp); CDateTime tmpTime; destination.setPasswordExpiration(getPasswordExpiration(tmpTime)); destination.setStatus(getStatus()); CriticalBlock b(crit); Owned<IPropertyIterator> Itr = m_parameters->getIterator(); ForEach(*Itr) { destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey())); } // DBGLOG("Copied name %s to %s",getName(),destination.getName()); }
bool CPermissionsCache::lookup(ISecUser& sec_user) { if(!isCacheEnabled()) return false; const char* username = sec_user.getName(); if(!username || !*username) return false; string key(username); ReadLockBlock readLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); if (it == m_userCache.end()) return false; CachedUser* user = (CachedUser*)(it->second); time_t now; time(&now); if(user->getTimestamp() < (now - m_cacheTimeout)) { m_userCache.erase(username); delete user; return false; } const char* cachedpw = user->queryUser()->credentials().getPassword(); StringBuffer pw(sec_user.credentials().getPassword()); if(cachedpw && pw.length() > 0) { StringBuffer md5pbuf; md5_string(pw, md5pbuf); if(strcmp(cachedpw, md5pbuf.str()) == 0) { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Found validated user %s", username); #endif // Copy cached user to the sec_user structure, but still keep the original clear text password. user->queryUser()->copyTo(sec_user); sec_user.credentials().setPassword(pw.str()); return true; } else { m_userCache.erase(username); delete user; return false; } } return false; }
virtual void copyTo(ISecUser& destination) { destination.setAuthenticateStatus(getAuthenticateStatus()); destination.setName(getName()); destination.setFullName(getFullName()); destination.setFirstName(getFirstName()); destination.setLastName(getLastName()); destination.setRealm(getRealm()); destination.setFqdn(getFqdn()); destination.setPeer(getPeer()); destination.credentials().setPassword(credentials().getPassword()); CDateTime tmpTime; destination.setPasswordExpiration(getPasswordExpiration(tmpTime)); destination.setStatus(getStatus()); if(m_parameters.get()==NULL) return; CriticalBlock b(crit); Owned<IPropertyIterator> Itr = m_parameters->getIterator(); Itr->first(); while(Itr->isValid()) { destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey())); Itr->next(); } //addToken is not currently implemented.... // DBGLOG("Copied name %s to %s",getName(),destination.getName()); }
bool CPermissionsCache::lookup(ISecUser& sec_user) { if(!isCacheEnabled()) return false; const char* username = sec_user.getName(); if(!username || !*username) return false; synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user == NULL) return false; time_t now; time(&now); if(user->getTimestamp() < (now - m_cacheTimeout)) { m_userCache.erase(username); delete user; return false; } const char* cachedpw = user->queryUser()->credentials().getPassword(); StringBuffer pw(sec_user.credentials().getPassword()); if(cachedpw && pw.length() > 0) { StringBuffer md5pbuf; md5_string(pw, md5pbuf); if(strcmp(cachedpw, md5pbuf.str()) == 0) { // Copy cached user to the sec_user structure, but still keep the original clear text password. user->queryUser()->copyTo(sec_user); sec_user.credentials().setPassword(pw.str()); return true; } else { m_userCache.erase(username); delete user; return false; } } return false; }
bool CLocalSecurityManager::IsPasswordValid(ISecUser& sec_user) { IAuthenticatedUser* au = createAuthenticatedUser(); StringBuffer userbuf; #ifdef _WIN32 const char* realm = sec_user.getRealm(); if(realm&&*realm) userbuf.append(realm).append("\\"); #endif userbuf.append(sec_user.getName()); return au->login(userbuf.str(), sec_user.credentials().getPassword()); }
bool IsPasswordValid(ISecUser& sec_user) { StringBuffer user; user.append(sec_user.getName()); if (0 == user.length()) throw MakeStringException(-1, "htpasswd User name is NULL"); CriticalBlock block(crit); if (!apr_initialized) initAPR(); loadPwds();//reload password file if modified StringBuffer *encPW = userMap.getValue(user.str()); if (encPW && encPW->length()) { apr_status_t rc = apr_password_validate(sec_user.credentials().getPassword(), encPW->str()); if (rc != APR_SUCCESS) DBGLOG("htpasswd authentication for user %s failed - APR RC %d", user.str(), rc ); return rc == APR_SUCCESS; } DBGLOG("User %s not in htpasswd file", user.str()); return false; }
bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & req, IEspUpdateUserResponse & resp) { try { CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr == NULL) { throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager can't be converted to LdapSecManager. Only LdapSecManager supports this function."); } ISecUser* user = context.queryUser(); if(user == NULL) { resp.setRetcode(-1); resp.setMessage("Can't find user in esp context. Please check if the user was properly logged in."); return false; } if(req.getUsername() == NULL || strcmp(req.getUsername(), user->getName()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* oldpass = req.getOldpass(); if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* newpass1 = req.getNewpass1(); const char* newpass2 = req.getNewpass2(); if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4) { resp.setRetcode(-1); resp.setMessage("New password must be 4 characters or longer."); return false; } if(strcmp(newpass1, newpass2) != 0) { resp.setRetcode(-1); resp.setMessage("Password and retype don't match."); return false; } if(strcmp(oldpass, newpass1) == 0) { resp.setRetcode(-1); resp.setMessage("New password can't be the same as current password."); return false; } const char* pwscheme = secmgr->getPasswordStorageScheme(); bool isCrypt = pwscheme && (stricmp(pwscheme, "CRYPT") == 0); if(isCrypt && strncmp(oldpass, newpass1, 8) == 0) { resp.setRetcode(-1); resp.setMessage("The first 8 characters of the new password must be different from before."); return false; } bool ok = false; try { ok = secmgr->updateUserPassword(*user, newpass1, oldpass); } catch(IException* e) { StringBuffer emsg; e->errorMessage(emsg); resp.setRetcode(-1); resp.setMessage(emsg.str()); return false; } catch(...) { ok = false; } if(!ok) { throw MakeStringException(ECLWATCH_CANNOT_CHANGE_PASSWORD, "Failed in changing password."); } resp.setRetcode(0); if(isCrypt && strlen(newpass1) > 8) resp.setMessage("Your password has been changed successfully, however, only the first 8 chars are effective."); else resp.setMessage("Your password has been changed successfully."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
int CSoapService::processHeader(CHeader* header, IEspContext* ctx) { int num = header->getNumBlocks(); if(ctx == NULL) return 0; int returnValue = 0; bool authenticated = !ctx->toBeAuthenticated(); for (int i = 0; i < num; i++) { IRpcMessage* oneblock = header->getHeaderBlock(i); if(oneblock == NULL) continue; if(strcmp(oneblock->get_name(), "Security") == 0) { bool encodeXML = oneblock->getEncodeXml(); oneblock->setEncodeXml(false); StringBuffer username, password,realm; oneblock->get_value("UsernameToken/Username", username); oneblock->get_value("UsernameToken/Password", password); oneblock->get_value("RealmToken/Realm", realm); oneblock->setEncodeXml(encodeXML); //DBGLOG("username=%s, password=%s", username.str(), password.str()); if(username.length() > 0) { ctx->setUserID(username.str()); ctx->setPassword(password.str()); if(realm.length()>0) ctx->setRealm(realm.str()); ISecManager* secmgr = ctx->querySecManager(); if(secmgr != NULL) { ISecUser *user = ctx->queryUser(); if(user==NULL) { user = secmgr->createUser(username.str()); ctx->setUser(user); } if(user == NULL) { WARNLOG("Couldn't create ISecUser object for %s", username.str()); } user->setName(username.str()); user->credentials().setPassword(password.str()); if(realm.length()>0) user->setRealm(realm.str()); } if(ctx->toBeAuthenticated()) { if(stricmp(m_soapbinding->getTransportType(), "http") == 0) { EspHttpBinding* httpbinding = dynamic_cast<EspHttpBinding*>(m_soapbinding.get()); authenticated = httpbinding->doAuth(ctx); } else { authenticated = false; } if(!authenticated) returnValue = SOAP_AUTHENTICATION_ERROR; break; } } } } if (returnValue == 0) { if (authenticated) return 0; returnValue = SOAP_AUTHENTICATION_REQUIRED; } StringBuffer peerStr; ctx->getPeer(peerStr); const char* userId = ctx->queryUserId(); VStringBuffer msg("SOAP request from %s@%s.", (userId&&*userId)?userId:"unknown", (peerStr.length()>0)?peerStr.str():"unknown"); if (returnValue == SOAP_AUTHENTICATION_ERROR) msg.append(" User authentication failed"); else msg.append(" User authentication required"); DBGLOG("%s", msg.str()); return returnValue; }