void CWSESPControlEx::setSessionTimeout(int timeoutMinutes, IPropertyTree& session)
{
CDateTime timeNow;
timeNow.setNow();
time_t simple = timeNow.getSimple() + timeoutMinutes*60;
session.setPropInt64(PropSessionTimeoutAt, simple);
session.setPropBool(PropSessionTimeoutByAdmin, true);
}
void MessageGenerator::initDefaultValues()
{
char dbuf[64];
CDateTime now;
now.setNow();
StringBuffer nowstr;
now.getString(nowstr, true);
unsigned y, m, d;
now.getDate(y, m, d, true);
unsigned h, minute, s, nano;
now.getTime(h, minute, s, nano, true);
m_defaultvalues["string"] = "string";
m_defaultvalues["boolean"] = "1";
m_defaultvalues["decimal"] = "3.1415926535897932384626433832795";
m_defaultvalues["float"] = "3.14159";
m_defaultvalues["double"] = "3.14159265358979";
m_defaultvalues["duration"] = "P1Y2M3DT10H30M";
m_defaultvalues["dateTime"] = nowstr.str();
sprintf(dbuf, "%02d:%02d:%02d", h,minute,s);
m_defaultvalues["time"] = dbuf;
sprintf(dbuf, "%04d-%02d-%02d", y, m, d);
m_defaultvalues["date"] = dbuf;
sprintf(dbuf, "%04d-%02d", y, m);
m_defaultvalues["gYearMonth"] = dbuf;
sprintf(dbuf, "%04d", y);
m_defaultvalues["gYear"] = dbuf;
sprintf(dbuf, "--%02d-%02d", m, d);
m_defaultvalues["gMonthDay"] = dbuf;
sprintf(dbuf, "---%02d", d);
m_defaultvalues["gDay"] = dbuf;
sprintf(dbuf, "--%02d--", m);
m_defaultvalues["gMonth"] = dbuf;
m_defaultvalues["hexBinary"] = "A9D4C56EFB";
m_defaultvalues["base64Binary"] = "YmFzZTY0QmluYXJ5";
m_defaultvalues["anyURI"] = "http://anyURI/";
m_defaultvalues["QName"] = "q:name";
m_defaultvalues["NOTATION"] = "NOTATION";
m_defaultvalues["normalizedString"] = "normalizedString";
m_defaultvalues["token"] = "token";
m_defaultvalues["language"] = "en-us";
m_defaultvalues["integer"] = "0";
m_defaultvalues["nonPositiveInteger"] = "-1";
m_defaultvalues["negativeInteger"] = "-2";
m_defaultvalues["long"] = "2147483647";
m_defaultvalues["int"] = "32716";
m_defaultvalues["short"] = "4096";
m_defaultvalues["byte"] = "127";
m_defaultvalues["nonNegativeInteger"] = "3";
m_defaultvalues["positiveInteger"] = "2";
m_defaultvalues["unsignedLong"] = "4294967295";
m_defaultvalues["unsignedInt"] = "4";
m_defaultvalues["unsignedShort"] = "65535";
m_defaultvalues["unsignedByte"] = "255";
}
void addDirCache(CDirCacheItem *val)
{
CDateTime now;
now.setNow();
CDateTime cutoff(now);
cutoff.adjustTime(-DIRCACHE_TIMEOUT);
ForEachItemInRev(i,dircache) {
CDirCacheItem &item = dircache.item(i);
if (item.dt.compare(cutoff)<0)
dircache.remove(i);
}
static StringBuffer &getWUIDdaysAgo(StringBuffer &wuid,int daysago)
{
CDateTime dt;
dt.setNow();
dt.adjustTime(-(daysago*60*24));
unsigned y;
unsigned m;
unsigned d;
dt.getDate(y,m,d, true);
unsigned h;
unsigned mn;
unsigned s;
unsigned ns;
dt.getTime(h,mn,s,ns,true);
return getWUIDonDate(wuid,y,m,d,h,mn);
}
CSDSServerStatus::CSDSServerStatus(const char *servername)
{
conn = querySDS().connect("Status/Servers/Server", myProcessSession(), RTM_CREATE_ADD | RTM_LOCK_READ | RTM_DELETE_ON_DISCONNECT, 5*60*1000);
if (conn) {
IPropertyTree &root = *conn->queryRoot();
root.setProp("@name",servername);
StringBuffer node;
queryMyNode()->endpoint().getIpText(node);
root.setProp("@node",node.str());
root.setPropInt("@mpport",queryMyNode()->endpoint().port);
CDateTime dt;
dt.setNow();
StringBuffer str;
root.setProp("@started",dt.getString(str).str());
conn->commit();
}
}
void CleanFiles()
{
//DBGLOG("directory len %d and ext len: %d",Directory.length(),Ext.length());
if (Directory.length() == 0 || Ext.length() == 0)
return;
CDateTime currentTime;
currentTime.setNow();
int fileCounter = 0;
// DBGLOG("Directory:%s for files of ext:%s",Directory.str(), Ext.str());
Owned<IDirectoryIterator> di = createDirectoryIterator(Directory.str(), Ext.str());
ForEach (*di)
{
IFile &file = di->query();
CDateTime createTime, modifiedTime,accessedTime;
file.getTime( &createTime, &modifiedTime, &accessedTime);
StringBuffer accessedTimeStr,currentTimeStr;
accessedTime.getString(accessedTimeStr);
accessedTime.adjustTime(+m_CacheTimeoutPeriod);
accessedTimeStr.clear();
accessedTime.getString(accessedTimeStr);
currentTime.getString(currentTimeStr);
if (accessedTime.compare(currentTime) < 0)
{
const char* fileName = file.queryFilename();
DBGLOG("Trying to remove:%s",fileName);
if (file.exists() == true)
{
fileCounter++;
bool bDeleteOk = file.remove();
if (!bDeleteOk)
WARNLOG("ERROR Removing old cache file %s",fileName);
}
}
}
}
static StringBuffer &getWUIDonDate(StringBuffer &wuid,unsigned year,unsigned month,unsigned day,unsigned hour,unsigned minute)
{
if ((year==0)||(month==0)||(day==0)) {
CDateTime dt;
dt.setNow();
unsigned y;
unsigned m;
unsigned d;
dt.getDate(y,m,d, true);
if (year==0)
year = y;
if (month==0)
month = m;
if (day==0)
day = d;
}
else if (year<100)
year+=2000;
wuid.appendf("W%d%02d%02d-%02d%02d00",year,month,day,hour,minute);
return wuid;
}
bool doSingleSwapNode(const char *oldip,const char *newip,unsigned nodenum,IPropertyTree *info,const char *timechecked)
{
if (doSwap(oldip,newip)) {
if (info) {
StringBuffer times(timechecked);
if (times.length()==0) {
CDateTime dt;
dt.setNow();
dt.getString(times);
}
// TBD tie up with bad node in auto?
IPropertyTree *swap = info->addPropTree("Swap",createPTree("Swap"));
swap->setProp("@inNetAddress",newip);
swap->setProp("@outNetAddress",oldip);
swap->setProp("@time",times.str());
if (UINT_MAX != nodenum)
swap->setPropInt("@rank",nodenum-1);
}
return true;
}
return false;
}
SecAccessFlags getPermissions(const char *key,const char *obj,IUserDescriptor *udesc,unsigned auditflags,const char * reqSignature, CDateTime * reqUTCTimestamp)
{
if (!ldapsecurity||((getLDAPflags()&DLF_ENABLED)==0))
return SecAccess_Full;
StringBuffer username;
StringBuffer password;
if (udesc)
{
udesc->getUserName(username);
udesc->getPassword(password);
}
else
{
WARNLOG("NULL UserDescriptor in daldap.cpp getPermissions('%s')",key ? key : "NULL");
}
if (0 == username.length())
{
username.append(filesdefaultuser);
decrypt(password, filesdefaultpassword);
}
Owned<ISecUser> user = ldapsecurity->createUser(username);
user->credentials().setPassword(password);
bool authenticated = false;
//Check that the digital signature provided by the caller (signature of
//caller's "scope;username;timeStamp") matches what we expect it to be
if (!isEmptyString(reqSignature))
{
if (nullptr == pDSM)
pDSM = queryDigitalSignatureManagerInstanceFromEnv();
if (pDSM && pDSM->isDigiVerifierConfigured())
{
StringBuffer requestTimestamp;
reqUTCTimestamp->getString(requestTimestamp, false);//extract timestamp string from Dali request
CDateTime now;
now.setNow();
if (now.compare(*reqUTCTimestamp) < 0)//timestamp from the future?
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s Request digital signature timestamp %s from the future",key?key:"NULL",obj?obj:"NULL",username.str(), requestTimestamp.str());
return SecAccess_None;//deny
}
CDateTime expiry;
expiry.set(now);
expiry.adjustTime(requestSignatureExpiryMinutes);//compute expiration timestamp
if (expiry.compare(*reqUTCTimestamp) < 0)//timestamp too far in the past?
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s Expired request digital signature timestamp %s",key?key:"NULL",obj?obj:"NULL",username.str(), requestTimestamp.str());
return SecAccess_None;//deny
}
VStringBuffer expectedStr("%s;%s;%s", obj, username.str(), requestTimestamp.str());
StringBuffer b64Signature(reqSignature);// signature of scope;user;timestamp
if (!pDSM->digiVerify(expectedStr, b64Signature))//does the digital signature match what we expect?
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s fails digital signature verification",key?key:"NULL",obj?obj:"NULL",username.str());
return SecAccess_None;//deny
}
authenticated = true;//Digital signature verified
}
else
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s digital signature support not available",key?key:"NULL",obj?obj:"NULL",username.str());
}
if (!authenticated && !ldapsecurity->authenticateUser(*user, NULL))
{
ERRLOG("LDAP: getPermissions(%s) scope=%s user=%s fails LDAP authentication",key?key:"NULL",obj?obj:"NULL",username.str());
return SecAccess_None;//deny
}
bool filescope = stricmp(key,"Scope")==0;
bool wuscope = stricmp(key,"workunit")==0;
if (filescope || wuscope) {
SecAccessFlags perm = SecAccess_None;
unsigned start = msTick();
if (filescope)
perm=ldapsecurity->authorizeFileScope(*user, obj);
else if (wuscope)
perm=ldapsecurity->authorizeWorkunitScope(*user, obj);
if (perm == SecAccess_Unavailable)
perm = SecAccess_None;
unsigned taken = msTick()-start;
#ifndef _DEBUG
if (taken>100)
#endif
{
PROGLOG("LDAP: getPermissions(%s) scope=%s user=%s returns %d in %d ms",key?key:"NULL",obj?obj:"NULL",username.str(),perm,taken);
}
if (auditflags&DALI_LDAP_AUDIT_REPORT) {
StringBuffer auditstr;
if ((auditflags&DALI_LDAP_READ_WANTED)&&!HASREADPERMISSION(perm))
auditstr.append("Lookup Access Denied");
else if ((auditflags&DALI_LDAP_WRITE_WANTED)&&!HASWRITEPERMISSION(perm))
auditstr.append("Create Access Denied");
if (auditstr.length()) {
auditstr.append(":\n\tProcess:\tdaserver");
auditstr.appendf("\n\tUser:\t%s",username.str());
auditstr.appendf("\n\tScope:\t%s\n",obj?obj:"");
SYSLOG(AUDIT_TYPE_ACCESS_FAILURE,auditstr.str());
}
}
return perm;
}
return SecAccess_Full;
}
