// TODO: @student : extend the protocol.
// so the receiver can split the package into name and content
void ClientChatNetPackageDispatcher::dispatchPacket(unsigned char packetIdentifier, NativePacket* nativePacket )
{
NetMessageIDTypes eNetMessageID(static_cast<NetMessageIDTypes>(packetIdentifier));
const bool validMessageId((eNetMessageID > NETMSG_ID_START) && (eNetMessageID < NETMSG_ID_END));
if(validMessageId == false) {
return;
}
switch(eNetMessageID) {
case NETMSG_ID_CHATLINE:
{
const char* message = (const char*)nativePacket->data;
// skip the packet identifier
message++;
if(isEmptyString(message) == true) {
getPeer()->log(ELogType_Error, "received an empty chat message");
}
else {
// TODO: @student : split the packet ...
ChatMessage chatMessage("---", message);
addChatMessage(chatMessage);
}
}
break;
case NETMSG_ID_JSONOBJECT:
{
// TODO: @student : this might not be enough ...
const char* message = (const char*)nativePacket->data;
// skip the packet identifier
message++;
if(isEmptyString(message) == true) {
getPeer()->log(ELogType_Error, "received an empty chat message");
}
else {
SLAString json(message);
getPeer()->log(ELogType_Info, "received json %s", json.c_str());
CCDictionary* dictionary = CCJSONConverter::dictionaryFrom(json.c_str());
getPeer()->log(ELogType_Info, dictionary);
// DONE: @student : read the relevant dictionary members and pass them to the chat message
CCObject *aMessage = dictionary->objectForKey("message");
CCDictionary *messDictionary = dynamic_cast<CCDictionary*>(aMessage);
const CCString *aSender = messDictionary->valueForKey("sender");
const CCString *aContent = messDictionary->valueForKey("content");
ChatMessage chatMessage(aSender->getCString(), aContent->getCString());
addChatMessage(chatMessage);
}
}
break;
default:
break;
}
}
static void set_label_width_callback(gpointer key, gpointer value, gpointer user_data){
WidgetAlignment *wAlignment=(WidgetAlignment *) user_data;
if (!isEmptyString(wAlignment->pageName)){
if (isEmptyString(value) || strcmp(wAlignment->pageName,value)!=0)
return;
}
gchar *keyStr=(gchar *) keyStr;
GtkWidget *widget=maker_dialog_get_widget(wAlignment->self,key,"label");
gtk_widget_set_size_request(widget, wAlignment->currentMaxWidth,-1);
gtk_misc_set_alignment (GTK_MISC(widget),wAlignment->xalign,wAlignment->yalign);
}
static void caculate_max_label_width_callback(gpointer key, gpointer value, gpointer user_data){
WidgetAlignment *wAlignment=(WidgetAlignment *) user_data;
if (!isEmptyString(wAlignment->pageName)){
if (isEmptyString(value) || strcmp(wAlignment->pageName,value)!=0)
return;
}
gchar *keyStr=(gchar *) keyStr;
GtkWidget *widget=maker_dialog_get_widget(wAlignment->self,key,"label");
GtkRequisition requisition;
gtk_widget_size_request (widget,&requisition);
wAlignment->currentMaxWidth=MAX(wAlignment->currentMaxWidth, requisition.width);
}
//Create using given key filespecs
//Caller must release when no longer needed
IDigitalSignatureManager * createDigitalSignatureManagerInstanceFromFiles(const char * pubKeyFileName, const char *privKeyFileName, const char * passPhrase)
{
#if defined(_USE_OPENSSL) && !defined(_WIN32)
Owned<CLoadedKey> pubKey, privKey;
Owned<IMultiException> exceptions;
if (!isEmptyString(pubKeyFileName))
{
try
{
pubKey.setown(loadPublicKeyFromFile(pubKeyFileName, passPhrase));
}
catch (IException * e)
{
if (!exceptions)
exceptions.setown(makeMultiException("createDigitalSignatureManagerInstanceFromFiles"));
exceptions->append(* makeWrappedExceptionV(e, -1, "createDigitalSignatureManagerInstanceFromFiles:Cannot load public key file"));
e->Release();
}
}
if (!isEmptyString(privKeyFileName))
{
try
{
privKey.setown(loadPrivateKeyFromFile(privKeyFileName, passPhrase));
}
catch (IException * e)
{
if (!exceptions)
exceptions.setown(makeMultiException("createDigitalSignatureManagerInstanceFromFiles"));
exceptions->append(* makeWrappedExceptionV(e, -1, "createDigitalSignatureManagerInstanceFromFiles:Cannot load private key file"));
e->Release();
}
}
// NB: allow it continue if 1 of the keys successfully loaded.
if (exceptions && exceptions->ordinality())
{
if (!pubKey && !privKey)
throw exceptions.getClear();
else
EXCLOG(exceptions, nullptr);
}
return new CDigitalSignatureManager(pubKey, privKey);
#else
return nullptr;
#endif
}
static GString *xml_tags_to_string(const gchar *tagName, XmlTagsType type,
const gchar *attribute, const gchar *value,gint indentLevel){
GString *strBuf=g_string_new(NULL);
append_indent_space(strBuf,indentLevel);
if(type!=XML_TAG_TYPE_NO_TAG){
g_string_append_printf(strBuf,"<%s%s%s%s%s>",
(type==XML_TAG_TYPE_END_ONLY) ? "/": "",
(!isEmptyString(tagName))? tagName : "",
(!isEmptyString(attribute)) ? " ":"", (!isEmptyString(attribute))? attribute : "",
(type==XML_TAG_TYPE_EMPTY) ? "/": ""
);
}
if (type==XML_TAG_TYPE_EMPTY)
return strBuf;
if (type==XML_TAG_TYPE_BEGIN_ONLY)
return strBuf;
if (type==XML_TAG_TYPE_END_ONLY)
return strBuf;
if (type==XML_TAG_TYPE_LONG){
g_string_append_c(strBuf,'\n');
}
if (value){
if (type==XML_TAG_TYPE_LONG || type==XML_TAG_TYPE_NO_TAG){
append_indent_space(strBuf,indentLevel+1);
int i, valueLen=strlen(value);
for(i=0;i<valueLen;i++){
g_string_append_c(strBuf,value[i]);
if (value[i]=='\n'){
append_indent_space(strBuf,indentLevel+1);
}
}
g_string_append_c(strBuf,'\n');
if (type==XML_TAG_TYPE_LONG){
append_indent_space(strBuf,indentLevel);
}
}else{
g_string_append(strBuf,value);
}
}
if (type==XML_TAG_TYPE_LONG || type==XML_TAG_TYPE_SHORT){
g_string_append_printf(strBuf,"</%s>",tagName);
}
return strBuf;
}
bool CCControlBase::initWithBackGroundSprite( const char* backgroundSpriteName ) {
CCScale9Sprite* backgroundSprite(nullptr);
if(isEmptyString(backgroundSpriteName) == false) {
backgroundSprite = CCScale9Sprite::create(backgroundSpriteName);
}
return initWithBackGroundSprite(backgroundSprite);
}
// TODO: @student : extend the protocol.
// so the receiver can split the package into name and content
void ServerChatNetPackageDispatcher::dispatchPacket(unsigned char packetIdentifier, NativePacket* nativePacket )
{
NetMessageIDTypes eNetMessageID(static_cast<NetMessageIDTypes>(packetIdentifier));
const bool validMessageId((eNetMessageID > NETMSG_ID_START) && (eNetMessageID < NETMSG_ID_END));
if(validMessageId == false) {
return;
}
switch(eNetMessageID) {
case NETMSG_ID_CHATLINE:
{
const char* message = (const char*)nativePacket->data;
// skip the packet identifier
message++;
if(isEmptyString(message) == true) {
getPeer()->log(ELogType_Error, "received an empty chat message");
}
else {
// TODO: split the packet ...
ChatMessage chatMessage("---", message);
addChatMessage(chatMessage);
// now broadcast this message to everyone else connected to this peer
// except for the sender
getPeer()->accessRakNetPeer()->Send((const char*)nativePacket->data, nativePacket->length,
HIGH_PRIORITY, RELIABLE_ORDERED, 0, nativePacket->systemAddress, true);
}
}
break;
default:
break;
}
}
const char* CWSESPControlEx::setSessionXPath(bool allSessions, const char* id, const char* userID, const char* fromIP, StringBuffer& xPath)
{
if (allSessions)
{
xPath.set("*");
return xPath.str();
}
if (!isEmptyString(userID))
xPath.setf("%s*[%s='%s']", PathSessionSession, PropSessionUserID, userID);
else if (!isEmptyString(fromIP))
xPath.setf("%s*[%s='%s']", PathSessionSession, PropSessionNetworkAddress, fromIP);
else if (!isEmptyString(id))
xPath.setf("%s*[%s='%s']", PathSessionSession, PropSessionExternalID, id);
else
xPath.set("*");
return xPath.str();
}
bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err)
{
bool superUser;
StringBuffer username;
StringBuffer password;
udesc->getUserName(username);
udesc->getPassword(password);
Owned<ISecUser> user = ldapsecurity->createUser(username);
//Check user's digital signature, if present
bool authenticated = false;
if (!isEmptyString(udesc->querySignature()))
{
if (nullptr == pDSM)
pDSM = queryDigitalSignatureManagerInstanceFromEnv();
if (pDSM && pDSM->isDigiVerifierConfigured())
{
StringBuffer b64Signature(udesc->querySignature());
if (!pDSM->digiVerify(username, b64Signature))//digital signature valid?
{
ERRLOG("LDAP: enableScopeScans(%s) : Invalid user digital signature", username.str());
*err = -1;
return false;
}
else
authenticated = true;
}
}
if (!authenticated)
{
user->credentials().setPassword(password);
if (!ldapsecurity->authenticateUser(*user, &superUser) || !superUser)
{
*err = -1;
return false;
}
}
unsigned flags = getLDAPflags();
if (enable)
{
DBGLOG("Scope Scans Enabled by user %s",username.str());
flags |= (unsigned)DLF_SCOPESCANS;
}
else
{
DBGLOG("Scope Scans Disabled by user %s",username.str());
flags &= ~(unsigned)DLF_SCOPESCANS;
}
setLDAPflags(flags);
*err = 0;
return true;
}
static void createDigitalSignatureManagerInstance(IDigitalSignatureManager * * ppDSM)
{
const char * pubKey = nullptr, *privKey = nullptr, *passPhrase = nullptr;
queryHPCCPKIKeyFiles(nullptr, &pubKey, &privKey, &passPhrase);
StringBuffer passPhraseDec;
if (!isEmptyString(passPhrase))
{
decrypt(passPhraseDec, passPhrase);
passPhrase = passPhraseDec.str();
}
*ppDSM = createDigitalSignatureManagerInstanceFromFiles(pubKey, privKey, passPhrase);
}
bool CODEExporterXPPAUT::exportSingleODE(const CModelEntity* mentity, std::string & equation, std::string & comments)
{
std::ostringstream odeKey;
if (!isEmptyString(comments)) ode << "#" << comments << std::endl;
odeKey << "ode_" << mentity->getKey();
if (!exportSingleObject(ode, NameMap[odeKey.str()], equation, comments)) return false;
return true;
}
//For every ECLWatchVisible dropzones, read: dropZoneName, directory, and, if available, computer.
//For every Servers/Server in ECLWatchVisible dropzones, read: directory,
// server name, and hostname(or IP). Create dropzone("@name", "@directory", "@computer",
// "@netAddress", "@linux", "@sourceNode") tree into pSoftware.
void CFileSpraySoapBindingEx::appendDropZones(double clientVersion, IConstEnvironment* env, const char* dfuwuidSourcePartIP, IPropertyTree* softwareTree)
{
Owned<IConstDropZoneInfoIterator> dropZoneItr = env->getDropZoneIterator();
ForEach(*dropZoneItr)
{
IConstDropZoneInfo& dropZoneInfo = dropZoneItr->query();
if (!dropZoneInfo.isECLWatchVisible()) //This code is used by ECLWatch. So, skip the DZs not for ECLWatch.
continue;
SCMStringBuffer dropZoneName, directory, computerName;
dropZoneInfo.getName(dropZoneName);
dropZoneInfo.getDirectory(directory);
if (!dropZoneName.length() || !directory.length())
continue;
bool isLinux = getPathSepChar(directory.str()) == '/' ? true : false;
Owned<IConstDropZoneServerInfoIterator> dropZoneServerItr = dropZoneInfo.getServers();
ForEach(*dropZoneServerItr)
{
IConstDropZoneServerInfo& dropZoneServer = dropZoneServerItr->query();
StringBuffer name, server, networkAddress;
dropZoneServer.getName(name);
dropZoneServer.getServer(server);
if (name.isEmpty() || server.isEmpty())
continue;
IPropertyTree* dropZone = softwareTree->addPropTree("DropZone", createPTree());
dropZone->setProp("@name", dropZoneName.str());
dropZone->setProp("@computer", name.str());
dropZone->setProp("@directory", directory.str());
if (isLinux)
dropZone->setProp("@linux", "true");
IpAddress ipAddr;
ipAddr.ipset(server.str());
ipAddr.getIpText(networkAddress);
if (!ipAddr.isNull())
{
dropZone->addProp("@netAddress", networkAddress);
if (!isEmptyString(dfuwuidSourcePartIP))
{
IpAddress ip(dfuwuidSourcePartIP);
if (ip.ipequals(ipAddr))
dropZone->addProp("@sourceNode", "1");
}
}
}
}
}
bool CLoggingManager::updateLog(IEspContext* espContext, const char* option, IPropertyTree* userContext, IPropertyTree* userRequest,
const char* backEndReq, const char* backEndResp, const char* userResp, const char* logDatasets, StringBuffer& status)
{
if (!initialized)
throw MakeStringException(-1,"LoggingManager not initialized");
bool bRet = false;
try
{
Owned<IPropertyTree> espContextTree;
if (espContext)
{
espContextTree.setown(createPTree("ESPContext"));
short port;
StringBuffer sourceIP, peerStr;
const char* esdlBindingID = espContext->queryESDLBindingID();
espContext->getServAddress(sourceIP, port);
espContextTree->addProp("SourceIP", sourceIP.str());
espContext->getPeer(peerStr);
espContextTree->addProp("Peer", peerStr.str());
if (!isEmptyString(esdlBindingID))
espContextTree->addProp("ESDLBindingID", esdlBindingID);
//More information in espContext may be added to the espContextTree later.
const char* userId = espContext->queryUserId();
if (userId && *userId)
espContextTree->addProp("UserName", userId);
espContextTree->addProp("ResponseTime", VStringBuffer("%.4f", (msTick()-espContext->queryCreationTime())/1000.0));
}
Owned<IEspUpdateLogRequestWrap> req = new CUpdateLogRequestWrap(nullptr, option, espContextTree.getClear(), LINK(userContext), LINK(userRequest),
backEndReq, backEndResp, userResp, logDatasets);
Owned<IEspUpdateLogResponse> resp = createUpdateLogResponse();
bRet = updateLog(espContext, *req, *resp, status);
}
catch (IException* e)
{
status.set("Failed to update log: ");
e->errorMessage(status);
ERRLOG("%s", status.str());
e->Release();
}
return bRet;
}
unsigned CLoggingManager::serializeLogRequestContent(IEspUpdateLogRequestWrap* request, const char* GUID, StringBuffer& logData)
{
appendXMLTag(logData, LOGREQUEST_GUID, GUID);
const char* option = request->getOption();
if (!isEmptyString(option))
appendXMLTag(logData, LOGREQUEST_OPTION, option);
appendXMLOpenTag(logData, LOGREQUEST);
const char* logRequest = request->getUpdateLogRequest();
MemoryBuffer memBuf;
LZWCompress(logRequest, strlen(logRequest), memBuf, 0x100);
JBASE64_Encode(memBuf.toByteArray(), memBuf.length(), logData);
appendXMLCloseTag(logData, LOGREQUEST);
return logData.length();
}
bool ESPMemCached::init(const char * _options)
{
CriticalBlock block(cacheCrit);
if (initialized)
return initialized;
if (!isEmptyString(_options))
options.set(_options);
else
options.set("--SERVER=127.0.0.1");
pool = memcached_pool(options.get(), options.length());
assertPool();
setPoolSettings();
connect();
if (connection)
initialized = checkServersUp();
return initialized;
}
// change literal of a cacheable query into ConstantParameter
ItemExpr* ConstValue::normalizeForCache(CacheWA& cwa, BindWA& bindWA)
{
// skip system supplied or empty string literals
if (isSystemSupplied_ || isEmptyString()) {
return this;
}
if (nodeIsNormalizedForCache()) {
return this;
}
// for now, do not parameterize NULLs because they can cause false
// constraint violations, eg, fullstack/TEST005
// create table t005t2(a int, b int not null, c char(10) not null,
// d int, primary key (c) );
// insert into t005t2 values (NULL,7,'?-7-?',NULL);
// gets "ERROR[8421] NULL cannot be assigned to a NOT NULL column."
if (isNull()) {
return this;
}
NAHeap* heap = cwa.wHeap();
// quantize length of strings only in after parse case
ConstantParameter* result = new(heap) ConstantParameter
(*this, heap, cwa.getPhase() == CmpMain::PARSE);
if (result) {
// "after-parser" ConstantParameters will undergo complete binding, so
// addConstParam does not have to bind "after-parser" ConstantParameters
cwa.addConstParam(result, bindWA);
result->markAsNormalizedForCache();
}
// do not mark this ConstValue as normalizedForCache because it may
// be "shared" and may need to be replaced into a ConstantParameter
// again in another referencing expression context. For example, the
// binder visits the case operand "3" more than once in
// insert into t values(case 3 when 4 then 0 when 3 then 1 end)
return result;
}
bool compile(const char *wuid, const char *target, const char *targetCluster)
{
Owned<IConstWUQuery> query = workunit->getQuery();
if (!query)
{
reportError("Workunit does not contain a query", 2);
return false;
}
addTimeStamp(workunit, SSTglobal, NULL, StWhenCompiled);
SCMStringBuffer mainDefinition;
SCMStringBuffer eclQuery;
query->getQueryText(eclQuery);
query->getQueryMainDefinition(mainDefinition);
StringBuffer eclccProgName;
splitDirTail(queryCurrentProcessPath(), eclccProgName);
eclccProgName.append("eclcc");
StringBuffer eclccCmd(" -shared");
if (eclQuery.length())
eclccCmd.append(" -");
if (mainDefinition.length())
eclccCmd.append(" -main ").append(mainDefinition);
eclccCmd.append(" --timings --xml");
eclccCmd.append(" --nostdinc");
if (globals->getPropBool("@enableEclccDali", true))
{
const char *daliServers = globals->queryProp("@daliServers");
if (!daliServers)
daliServers = ".";
eclccCmd.appendf(" -dfs=%s", daliServers);
const char *wuScope = workunit->queryWuScope();
if (!isEmptyString(wuScope))
eclccCmd.appendf(" -scope=%s", wuScope);
eclccCmd.appendf(" -cluster=%s", targetCluster);
SCMStringBuffer token;
workunit->getSecurityToken(token);
if (token.length())
eclccCmd.appendf(" -wuid=%s -token=%s", workunit->queryWuid(), token.str());
}
Owned<IPipeProcess> pipe = createPipeProcess();
pipe->setenv("ECLCCSERVER_THREAD_INDEX", idxStr.str());
Owned<IPropertyTreeIterator> options = globals->getElements("./Option");
ForEach(*options)
{
IPropertyTree &option = options->query();
const char *name = option.queryProp("@name");
const char *value = option.queryProp("@value");
const char *cluster = option.queryProp("@cluster"); // if cluster is set it's specific to a particular target
if (name && (cluster==NULL || cluster[0]==0 || strcmp(cluster, targetCluster)==0))
processOption(name, value, eclccCmd, eclccProgName, *pipe, false);
}
eclccCmd.appendf(" -o%s", wuid);
eclccCmd.appendf(" -platform=%s", target);
eclccCmd.appendf(" --component=%s", queryStatisticsComponentName());
Owned<IStringIterator> debugValues = &workunit->getDebugValues();
ForEach (*debugValues)
{
SCMStringBuffer debugStr, valueStr;
debugValues->str(debugStr);
workunit->getDebugValue(debugStr.str(), valueStr);
processOption(debugStr.str(), valueStr.str(), eclccCmd, eclccProgName, *pipe, true);
}
if (workunit->getResultLimit())
{
eclccCmd.appendf(" -fapplyInstantEclTransformations=1 -fapplyInstantEclTransformationsLimit=%u", workunit->getResultLimit());
}
try
{
cycle_t startCycles = get_cycles_now();
Owned<ErrorReader> errorReader = new ErrorReader(pipe, this);
Owned<AbortWaiter> abortWaiter = new AbortWaiter(pipe, workunit);
eclccCmd.insert(0, eclccProgName);
if (!pipe->run(eclccProgName, eclccCmd, ".", true, false, true, 0, true))
throw makeStringExceptionV(999, "Failed to run eclcc command %s", eclccCmd.str());
errorReader->start();
abortWaiter->start();
try
{
pipe->write(eclQuery.s.length(), eclQuery.s.str());
pipe->closeInput();
}
catch (IException *e)
{
reportError(e);
e->Release();
}
unsigned retcode = pipe->wait();
errorReader->join();
abortWaiter->stop();
if (retcode == 0)
{
StringBuffer realdllname, dllurl;
realdllname.append(SharedObjectPrefix).append(wuid).append(SharedObjectExtension);
StringBuffer realdllfilename(dllPath);
realdllfilename.append(SharedObjectPrefix).append(wuid).append(SharedObjectExtension);
StringBuffer wuXML;
if (!getWorkunitXMLFromFile(realdllfilename, wuXML))
throw makeStringException(999, "Failed to extract workunit from query dll");
Owned<ILocalWorkUnit> embeddedWU = createLocalWorkUnit(wuXML);
queryExtendedWU(workunit)->copyWorkUnit(embeddedWU, false, true);
workunit->setIsClone(false);
const char *jobname = embeddedWU->queryJobName();
if (jobname && *jobname) //let ECL win naming job during initial compile
workunit->setJobName(jobname);
if (!workunit->getDebugValueBool("obfuscateOutput", false))
{
Owned<IWUQuery> query = workunit->updateQuery();
query->setQueryText(eclQuery.s.str());
}
createUNCFilename(realdllfilename.str(), dllurl);
unsigned crc = crc_file(realdllfilename.str());
Owned<IWUQuery> query = workunit->updateQuery();
associateLocalFile(query, FileTypeDll, realdllfilename, "Workunit DLL", crc);
queryDllServer().registerDll(realdllname.str(), "Workunit DLL", dllurl.str());
cycle_t elapsedCycles = get_cycles_now() - startCycles;
updateWorkunitTimeStat(workunit, SSTcompilestage, "compile", StTimeElapsed, NULL, cycle_to_nanosec(elapsedCycles));
workunit->commit();
return true;
}
}
catch (IException * e)
{
reportError(e);
e->Release();
}
return false;
}
SecAccessFlags getPermissions(const char *key,const char *obj,IUserDescriptor *udesc,unsigned auditflags,const char * reqSignature, CDateTime * reqUTCTimestamp)
{
if (!ldapsecurity||((getLDAPflags()&DLF_ENABLED)==0))
return SecAccess_Full;
StringBuffer username;
StringBuffer password;
if (udesc)
{
udesc->getUserName(username);
udesc->getPassword(password);
}
else
{
WARNLOG("NULL UserDescriptor in daldap.cpp getPermissions('%s')",key ? key : "NULL");
}
if (0 == username.length())
{
username.append(filesdefaultuser);
decrypt(password, filesdefaultpassword);
}
Owned<ISecUser> user = ldapsecurity->createUser(username);
user->credentials().setPassword(password);
bool authenticated = false;
//Check that the digital signature provided by the caller (signature of
//caller's "scope;username;timeStamp") matches what we expect it to be
if (!isEmptyString(reqSignature))
{
if (nullptr == pDSM)
pDSM = queryDigitalSignatureManagerInstanceFromEnv();
if (pDSM && pDSM->isDigiVerifierConfigured())
{
StringBuffer requestTimestamp;
reqUTCTimestamp->getString(requestTimestamp, false);//extract timestamp string from Dali request
CDateTime now;
now.setNow();
if (now.compare(*reqUTCTimestamp) < 0)//timestamp from the future?
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s Request digital signature timestamp %s from the future",key?key:"NULL",obj?obj:"NULL",username.str(), requestTimestamp.str());
return SecAccess_None;//deny
}
CDateTime expiry;
expiry.set(now);
expiry.adjustTime(requestSignatureExpiryMinutes);//compute expiration timestamp
if (expiry.compare(*reqUTCTimestamp) < 0)//timestamp too far in the past?
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s Expired request digital signature timestamp %s",key?key:"NULL",obj?obj:"NULL",username.str(), requestTimestamp.str());
return SecAccess_None;//deny
}
VStringBuffer expectedStr("%s;%s;%s", obj, username.str(), requestTimestamp.str());
StringBuffer b64Signature(reqSignature);// signature of scope;user;timestamp
if (!pDSM->digiVerify(expectedStr, b64Signature))//does the digital signature match what we expect?
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s fails digital signature verification",key?key:"NULL",obj?obj:"NULL",username.str());
return SecAccess_None;//deny
}
authenticated = true;//Digital signature verified
}
else
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s digital signature support not available",key?key:"NULL",obj?obj:"NULL",username.str());
}
if (!authenticated && !ldapsecurity->authenticateUser(*user, NULL))
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s fails LDAP authentication",key?key:"NULL",obj?obj:"NULL",username.str());
return SecAccess_None;//deny
}
bool filescope = stricmp(key,"Scope")==0;
bool wuscope = stricmp(key,"workunit")==0;
if (filescope || wuscope) {
SecAccessFlags perm = SecAccess_None;
unsigned start = msTick();
if (filescope)
perm=ldapsecurity->authorizeFileScope(*user, obj);
else if (wuscope)
perm=ldapsecurity->authorizeWorkunitScope(*user, obj);
if (perm == SecAccess_Unavailable)
perm = SecAccess_None;
unsigned taken = msTick()-start;
#ifndef _DEBUG
if (taken>100)
#endif
{
PROGLOG("LDAP: getPermissions(%s) scope=%s user=%s returns %d in %d ms",key?key:"NULL",obj?obj:"NULL",username.str(),perm,taken);
}
if (auditflags&DALI_LDAP_AUDIT_REPORT) {
StringBuffer auditstr;
if ((auditflags&DALI_LDAP_READ_WANTED)&&!HASREADPERMISSION(perm))
auditstr.append("Lookup Access Denied");
else if ((auditflags&DALI_LDAP_WRITE_WANTED)&&!HASWRITEPERMISSION(perm))
auditstr.append("Create Access Denied");
if (auditstr.length()) {
auditstr.append(":\n\tProcess:\tdaserver");
auditstr.appendf("\n\tUser:\t%s",username.str());
auditstr.appendf("\n\tScope:\t%s\n",obj?obj:"");
SYSLOG(AUDIT_TYPE_ACCESS_FAILURE,auditstr.str());
}
}
return perm;
}
return SecAccess_Full;
}
Bool
ccsIniGetList (IniDictionary *dictionary,
const char *section,
const char *entry,
CCSSettingValueList *value,
CCSSetting *parent)
{
CCSSettingValueList list = NULL;
char *valueString, *valueStart, *valString;
char *token;
int nItems = 1, i = 0, len;
valString = getIniString (dictionary, section, entry);
if (!valString)
return FALSE;
if (isEmptyString (valString))
{
*value = NULL;
return TRUE;
}
valueString = strdup (valString);
valueStart = valueString;
/* remove trailing semicolon that we added to be able to differentiate
between an empty list and a list with one empty item */
len = strlen (valueString);
if (valueString[len - 1] == ';')
valueString[len - 1] = 0;
token = strchr (valueString, ';');
while (token)
{
token = strchr (token + 1, ';');
nItems++;
}
token = strsep (&valueString, ";");
switch (parent->info.forList.listType)
{
case TypeString:
case TypeMatch:
{
char **array = malloc (nItems * sizeof (char*));
if (!array)
break;
while (token)
{
array[i++] = strdup (token);
token = strsep (&valueString, ";");
}
list = ccsGetValueListFromStringArray (array, nItems, parent);
for (i = 0; i < nItems; i++)
free (array[i]);
free (array);
}
break;
case TypeColor:
{
CCSSettingColorValue *array;
array = malloc (nItems * sizeof (CCSSettingColorValue));
if (!array)
break;
while (token)
{
memset (&array[i], 0, sizeof (CCSSettingColorValue));
ccsStringToColor (token, &array[i]);
token = strsep (&valueString, ";");
i++;
}
list = ccsGetValueListFromColorArray (array, nItems, parent);
free (array);
}
break;
case TypeBool:
{
Bool *array = malloc (nItems * sizeof (Bool));
Bool isTrue;
if (!array)
break;
while (token)
{
isTrue = (token[0] == 'y' || token[0] == 'Y' ||
token[0] == '1' ||
token[0] == 't' || token[0] == 'T');
array[i++] = isTrue;
token = strsep (&valueString, ";");
}
list = ccsGetValueListFromBoolArray (array, nItems, parent);
free (array);
}
break;
case TypeInt:
{
int *array = malloc (nItems * sizeof (int));
if (!array)
break;
while (token)
{
array[i++] = strtoul (token, NULL, 10);
token = strsep (&valueString, ";");
}
list = ccsGetValueListFromIntArray (array, nItems, parent);
free (array);
}
break;
case TypeFloat:
{
float *array = malloc (nItems * sizeof (float));
if (!array)
break;
while (token)
{
array[i++] = strtod (token, NULL);
token = strsep (&valueString, ";");
}
list = ccsGetValueListFromFloatArray (array, nItems, parent);
free (array);
}
break;
case TypeKey:
{
CCSSettingValue *val = NULL;
list = NULL;
while (token)
{
val = malloc (sizeof (CCSSettingValue));
if (!val)
break;
if (ccsStringToKeyBinding (token, &val->value.asKey))
list = ccsSettingValueListAppend (list, val);
else
free (val);
token = strsep (&valueString, ";");
}
}
break;
case TypeButton:
{
CCSSettingValue *val = NULL;
list = NULL;
while (token)
{
val = malloc (sizeof (CCSSettingValue));
if (!val)
break;
if (ccsStringToButtonBinding (token, &val->value.asButton))
list = ccsSettingValueListAppend (list, val);
else
free (val);
token = strsep (&valueString, ";");
}
}
break;
case TypeEdge:
{
CCSSettingValue *val = NULL;
list = NULL;
while (token)
{
val = malloc (sizeof (CCSSettingValue));
if (!val)
break;
val->value.asEdge = ccsStringToEdges (token);
list = ccsSettingValueListAppend (list, val);
token = strsep (&valueString, ";");
}
}
break;
case TypeBell:
{
CCSSettingValue *val = NULL;
list = NULL;
Bool isTrue;
while (token)
{
val = malloc (sizeof (CCSSettingValue));
if (!val)
break;
isTrue = (token[0] == 'y' || token[0] == 'Y' ||
token[0] == '1' ||
token[0] == 't' || token[0] == 'T');
val->value.asBell = isTrue;
list = ccsSettingValueListAppend (list, val);
token = strsep (&valueString, ";");
}
}
break;
default:
break;
}
*value = list;
free (valueStart);
return TRUE;
}