const StringBuffer &CEspApplicationPort::getAppFrameHtml(time_t &modified, const char *inner, StringBuffer &html, IEspContext* ctx)
{
if (!xslp)
throw MakeStringException(0,"Error - CEspApplicationPort XSLT processor not initialized");
bool embedded_url=(inner&&*inner);
StringBuffer params;
bool needRefresh = true;
if (!getUrlParams(ctx->queryRequestParameters(), params))
{
if (params.length()==0)
needRefresh = false;
if (ctx->getClientVersion()>0)
{
params.appendf("%cver_=%g", params.length()?'&':'?', ctx->getClientVersion());
needRefresh = true;
}
}
if (needRefresh || embedded_url || !appFrameHtml.length())
{
int passwordDaysRemaining = scPasswordExpired;//-1 means dont display change password screen
#ifdef _USE_OPENLDAP
ISecUser* user = ctx->queryUser();
ISecManager* secmgr = ctx->querySecManager();
if(user && secmgr)
{
passwordDaysRemaining = user->getPasswordDaysRemaining();//-1 if expired, -2 if never expires
int passwordExpirationDays = (int)secmgr->getPasswordExpirationWarningDays();
if (passwordDaysRemaining == scPasswordNeverExpires || passwordDaysRemaining > passwordExpirationDays)
passwordDaysRemaining = scPasswordExpired;
}
#endif
StringBuffer xml;
StringBuffer encoded_inner;
if(inner && *inner)
encodeXML(inner, encoded_inner);
// replace & with &s;
params.replaceString("&","&");
xml.appendf("<EspApplicationFrame title=\"%s\" navWidth=\"%d\" navResize=\"%d\" navScroll=\"%d\" inner=\"%s\" params=\"%s\" passwordDays=\"%d\"/>",
getESPContainer()->getFrameTitle(), navWidth, navResize, navScroll, (inner&&*inner) ? encoded_inner.str() : "?main", params.str(), passwordDaysRemaining);
Owned<IXslTransform> xform = xslp->createXslTransform();
xform->loadXslFromFile(StringBuffer(getCFD()).append("./xslt/appframe.xsl").str());
xform->setXmlSource(xml.str(), xml.length()+1);
xform->transform( (needRefresh || embedded_url) ? html.clear() : appFrameHtml.clear());
}
if (!needRefresh && !embedded_url)
html.clear().append(appFrameHtml.str());
static time_t startup_time = time(NULL);
modified = startup_time;
return html;
}
bool CPermissionsCache::lookup(ISecUser& sec_user)
{
if(!isCacheEnabled())
return false;
const char* username = sec_user.getName();
if(!username || !*username)
return false;
string key(username);
ReadLockBlock readLock(m_userCacheRWLock );
MapUserCache::iterator it = m_userCache.find(key);
if (it == m_userCache.end())
return false;
CachedUser* user = (CachedUser*)(it->second);
time_t now;
time(&now);
if(user->getTimestamp() < (now - m_cacheTimeout))
{
m_userCache.erase(username);
delete user;
return false;
}
const char* cachedpw = user->queryUser()->credentials().getPassword();
StringBuffer pw(sec_user.credentials().getPassword());
if(cachedpw && pw.length() > 0)
{
StringBuffer md5pbuf;
md5_string(pw, md5pbuf);
if(strcmp(cachedpw, md5pbuf.str()) == 0)
{
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Found validated user %s", username);
#endif
// Copy cached user to the sec_user structure, but still keep the original clear text password.
user->queryUser()->copyTo(sec_user);
sec_user.credentials().setPassword(pw.str());
return true;
}
else
{
m_userCache.erase(username);
delete user;
return false;
}
}
return false;
}
bool CLocalSecurityManager::IsPasswordValid(ISecUser& sec_user)
{
IAuthenticatedUser* au = createAuthenticatedUser();
StringBuffer userbuf;
#ifdef _WIN32
const char* realm = sec_user.getRealm();
if(realm&&*realm)
userbuf.append(realm).append("\\");
#endif
userbuf.append(sec_user.getName());
return au->login(userbuf.str(), sec_user.credentials().getPassword());
}
bool Cws_accountEx::onUpdateUserInput(IEspContext &context, IEspUpdateUserInputRequest &req, IEspUpdateUserInputResponse &resp)
{
try
{
ISecUser* user = context.queryUser();
if(user != NULL)
{
resp.setUsername(user->getName());
}
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CPermissionsCache::lookup(ISecUser& sec_user)
{
if(!isCacheEnabled())
return false;
const char* username = sec_user.getName();
if(!username || !*username)
return false;
synchronized block(m_userCacheMonitor);
CachedUser* user = m_userCache[username];
if(user == NULL)
return false;
time_t now;
time(&now);
if(user->getTimestamp() < (now - m_cacheTimeout))
{
m_userCache.erase(username);
delete user;
return false;
}
const char* cachedpw = user->queryUser()->credentials().getPassword();
StringBuffer pw(sec_user.credentials().getPassword());
if(cachedpw && pw.length() > 0)
{
StringBuffer md5pbuf;
md5_string(pw, md5pbuf);
if(strcmp(cachedpw, md5pbuf.str()) == 0)
{
// Copy cached user to the sec_user structure, but still keep the original clear text password.
user->queryUser()->copyTo(sec_user);
sec_user.credentials().setPassword(pw.str());
return true;
}
else
{
m_userCache.erase(username);
delete user;
return false;
}
}
return false;
}
UserInfo(ISecUser& userInfo, unsigned TimeoutPeriod=60000)
{
_UserInfo = &userInfo;
if(_UserInfo)
_UserInfo->Link();
_timeCreated = msTick();
_timeOut = TimeoutPeriod;
}
void CPermissionsCache::removePermissions( ISecUser& sec_user)
{
synchronized block(m_cachemonitor);
const char* user = sec_user.getName();
if(user != NULL && *user != '\0')
{
m_resPermissionsMap.erase(user);
}
}
void CPermissionsCache::add(ISecUser& sec_user)
{
if(!isCacheEnabled() || &sec_user == NULL)
return;
const char* username = sec_user.getName();
if(!username || !*username)
return;
synchronized block(m_userCacheMonitor);
CachedUser* user = m_userCache[username];
if(user)
{
m_userCache.erase(username);
delete user;
}
m_userCache[username] = new CachedUser(sec_user.clone());
}
bool CBaseSecurityManager::authorize(ISecUser & sec_user, ISecResourceList * Resources)
{
if(sec_user.getAuthenticateStatus() != AS_AUTHENTICATED)
{
bool bOk = ValidateUser(sec_user);
if(bOk == false)
return false;
}
return ValidateResources(sec_user,Resources);
}
virtual ~UserInfo()
{
MapStrToResList::iterator pos;
for(pos=_resList.begin();pos!=_resList.end();){
pos->second->Release();
pos++;
}
if(_UserInfo)
_UserInfo->Release();
}
bool CWsPackageProcessEx::onEcho(IEspContext &context, IEspEchoRequest &req, IEspEchoResponse &resp)
{
StringBuffer respMsg;
ISecUser* user = context.queryUser();
if(user != NULL)
{
const char* name = user->getName();
if (name && *name)
respMsg.appendf("%s: ", name);
}
const char* reqMsg = req.getRequest();
if (reqMsg && *reqMsg)
respMsg.append(reqMsg);
else
respMsg.append("??");
resp.setResponse(respMsg.str());
return true;
}
void CPermissionsCache::removePermissions( ISecUser& sec_user)
{
const char* user = sec_user.getName();
if(user != NULL && *user != '\0')
{
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Removing permissions for user %s", user);
#endif
WriteLockBlock writeLock(m_resPermCacheRWLock);
m_resPermissionsMap.erase(user);
}
}
void CPermissionsCache::add(ISecUser& sec_user)
{
if(!isCacheEnabled())
return;
const char* username = sec_user.getName();
if(!username || !*username)
return;
synchronized block(m_userCacheMonitor);
string key(username);
MapUserCache::iterator it = m_userCache.find(key);
CachedUser* user = NULL;
if (it != m_userCache.end())
{
user = (CachedUser*)(it->second);
m_userCache.erase(username);
delete user;
}
m_userCache[username] = new CachedUser(sec_user.clone());
}
bool Cws_accountEx::onMyAccount(IEspContext &context, IEspMyAccountRequest &req, IEspMyAccountResponse &resp)
{
try
{
ISecUser* user = context.queryUser();
if(user != NULL)
{
CDateTime dt;
user->getPasswordExpiration(dt);
StringBuffer sb;
if (dt.isNull())
sb.append("Never");
else
{
dt.getString(sb);
sb.replace('T', (char)0);//chop off timestring
}
resp.setPasswordExpiration(sb.str());
resp.setPasswordDaysRemaining(user->getPasswordDaysRemaining());
resp.setFirstName(user->getFirstName());
resp.setLastName(user->getLastName());
resp.setUsername(user->getName());
}
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool IsPasswordValid(ISecUser& sec_user)
{
StringBuffer user;
user.append(sec_user.getName());
if (0 == user.length())
throw MakeStringException(-1, "htpasswd User name is NULL");
CriticalBlock block(crit);
if (!apr_initialized)
initAPR();
loadPwds();//reload password file if modified
StringBuffer *encPW = userMap.getValue(user.str());
if (encPW && encPW->length())
{
apr_status_t rc = apr_password_validate(sec_user.credentials().getPassword(), encPW->str());
if (rc != APR_SUCCESS)
DBGLOG("htpasswd authentication for user %s failed - APR RC %d", user.str(), rc );
return rc == APR_SUCCESS;
}
DBGLOG("User %s not in htpasswd file", user.str());
return false;
}
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user)
{
const char* username = sec_user.getName();
if(username && *username)
{
synchronized block(m_userCacheMonitor);
CachedUser* user = m_userCache[username];
if(user)
{
m_userCache.erase(username);
delete user;
}
}
}
void CPermissionsCache::add(ISecUser& sec_user)
{
if(!isCacheEnabled())
return;
const char* username = sec_user.getName();
if(!username || !*username)
return;
string key(username);
WriteLockBlock writeLock(m_userCacheRWLock );
MapUserCache::iterator it = m_userCache.find(key);
CachedUser* user = NULL;
if (it != m_userCache.end())
{
user = (CachedUser*)(it->second);
m_userCache.erase(username);
delete user;
}
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Adding cached user %s", username);
#endif
m_userCache[username] = new CachedUser(sec_user.clone());
}
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user)
{
const char* username = sec_user.getName();
if(username && *username)
{
synchronized block(m_userCacheMonitor);
string key(username);
MapUserCache::iterator it = m_userCache.find(key);
if (it != m_userCache.end())
{
CachedUser* user = (CachedUser*)(it->second);
m_userCache.erase(username);
delete user;
}
}
}
void CPermissionsCache::add( ISecUser& sec_user, IArrayOf<ISecResource>& resources )
{
synchronized block(m_cachemonitor);
const char* user = sec_user.getName();
MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( user );
CResPermissionsCache* pResPermissionsCache;
if (i == m_resPermissionsMap.end())
{
//DBGLOG("CACHE: Adding cache for %s", user);
pResPermissionsCache = new CResPermissionsCache(this, user);
m_resPermissionsMap.insert(pair<string, CResPermissionsCache*>(user, pResPermissionsCache));
}
else
pResPermissionsCache = (*i).second;
pResPermissionsCache->add( resources );
}
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user)
{
const char* username = sec_user.getName();
if(username && *username)
{
string key(username);
WriteLockBlock writeLock(m_userCacheRWLock );
MapUserCache::iterator it = m_userCache.find(key);
if (it != m_userCache.end())
{
CachedUser* user = (CachedUser*)(it->second);
m_userCache.erase(username);
delete user;
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Removing cached user %s", username);
#endif
}
}
}
int CPermissionsCache::lookup( ISecUser& sec_user, IArrayOf<ISecResource>& resources,
bool* pFound)
{
synchronized block(m_cachemonitor);
const char* userId = sec_user.getName();
int nFound;
MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( userId );
if (i != m_resPermissionsMap.end())
{
CResPermissionsCache* pResPermissionsCache = (*i).second;
nFound = pResPermissionsCache->lookup( resources, pFound );
}
else
{
nFound = 0;
memset(pFound, 0, sizeof(bool)*resources.ordinality());
//DBGLOG("CACHE: Looking up %s:*", userId);
}
return nFound;
}
int CPermissionsCache::lookup( ISecUser& sec_user, IArrayOf<ISecResource>& resources,
bool* pFound)
{
const char* userId = sec_user.getName();
int nFound;
ReadLockBlock readLock(m_resPermCacheRWLock);
MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( userId );
if (i != m_resPermissionsMap.end())
{
CResPermissionsCache* pResPermissionsCache = (*i).second;
nFound = pResPermissionsCache->lookup( resources, pFound );
}
else
{
nFound = 0;
memset(pFound, 0, sizeof(bool)*resources.ordinality());
}
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Looked up resources for %s:*, found %d of %d matches", userId, nFound, resources.ordinality());
#endif
return nFound;
}
void CPermissionsCache::add( ISecUser& sec_user, IArrayOf<ISecResource>& resources )
{
const char* user = sec_user.getName();
WriteLockBlock writeLock(m_resPermCacheRWLock);
MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( user );
CResPermissionsCache* pResPermissionsCache;
if (i == m_resPermissionsMap.end())
{
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Adding resources to cache for new user %s", user);
#endif
pResPermissionsCache = new CResPermissionsCache(this, user);
m_resPermissionsMap.insert(pair<string, CResPermissionsCache*>(user, pResPermissionsCache));
}
else
{
#ifdef _DEBUG
DBGLOG("CACHE: CPermissionsCache Adding resources to cache for existing user %s", user);
#endif
pResPermissionsCache = (*i).second;
}
pResPermissionsCache->add( resources );
}
bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & req, IEspUpdateUserResponse & resp)
{
try
{
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr == NULL)
{
throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager can't be converted to LdapSecManager. Only LdapSecManager supports this function.");
}
ISecUser* user = context.queryUser();
if(user == NULL)
{
resp.setRetcode(-1);
resp.setMessage("Can't find user in esp context. Please check if the user was properly logged in.");
return false;
}
if(req.getUsername() == NULL || strcmp(req.getUsername(), user->getName()) != 0)
{
resp.setRetcode(-1);
resp.setMessage("Username/password don't match.");
return false;
}
const char* oldpass = req.getOldpass();
if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0)
{
resp.setRetcode(-1);
resp.setMessage("Username/password don't match.");
return false;
}
const char* newpass1 = req.getNewpass1();
const char* newpass2 = req.getNewpass2();
if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4)
{
resp.setRetcode(-1);
resp.setMessage("New password must be 4 characters or longer.");
return false;
}
if(strcmp(newpass1, newpass2) != 0)
{
resp.setRetcode(-1);
resp.setMessage("Password and retype don't match.");
return false;
}
if(strcmp(oldpass, newpass1) == 0)
{
resp.setRetcode(-1);
resp.setMessage("New password can't be the same as current password.");
return false;
}
const char* pwscheme = secmgr->getPasswordStorageScheme();
bool isCrypt = pwscheme && (stricmp(pwscheme, "CRYPT") == 0);
if(isCrypt && strncmp(oldpass, newpass1, 8) == 0)
{
resp.setRetcode(-1);
resp.setMessage("The first 8 characters of the new password must be different from before.");
return false;
}
bool ok = false;
try
{
ok = secmgr->updateUserPassword(*user, newpass1, oldpass);
}
catch(IException* e)
{
StringBuffer emsg;
e->errorMessage(emsg);
resp.setRetcode(-1);
resp.setMessage(emsg.str());
return false;
}
catch(...)
{
ok = false;
}
if(!ok)
{
throw MakeStringException(ECLWATCH_CANNOT_CHANGE_PASSWORD, "Failed in changing password.");
}
resp.setRetcode(0);
if(isCrypt && strlen(newpass1) > 8)
resp.setMessage("Your password has been changed successfully, however, only the first 8 chars are effective.");
else
resp.setMessage("Your password has been changed successfully.");
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool Cws_accountEx::onVerifyUser(IEspContext &context, IEspVerifyUserRequest &req, IEspVerifyUserResponse &resp)
{
try
{
ISecUser* usr = context.queryUser();
if(!usr || usr->getAuthenticateStatus() != AS_AUTHENTICATED)
{
resp.setRetcode(-1);
return false;
}
const char* ver = req.getVersion();
if (!ver || !*ver)
{
throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version not found");
}
int minor = 0;
int major = 0;
const char* dot1 = strrchr(ver, '.');
if (!dot1)
minor = atoi(ver);
else if (strlen(dot1) > 1)
{
minor = atoi(dot1 + 1);
if(dot1 > ver)
{
const char* dot2 = dot1 - 1;
while(dot2 > ver && *dot2 != '.')
dot2--;
if(*dot2 == '.')
dot2++;
if(dot2 < dot1)
{
StringBuffer majorstr;
majorstr.append(dot1 - dot2, dot2);
major = atoi(majorstr.str());
}
}
}
if(major > CUTOFF_MAJOR || (major == CUTOFF_MAJOR && minor >= CUTOFF_MINOR))
{
resp.setRetcode(0);
return true;
}
const char* build_ver = getBuildVersion();
if (build_ver && *build_ver)
throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s (server %s) is out of date.", ver, build_ver);
else
throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s is out of date.", ver);
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CBaseSecurityManager::updateSettings(ISecUser & sec_user,IArrayOf<ISecResource>& rlist)
{
CSecureUser* user = (CSecureUser*)&sec_user;
if(user == NULL)
return false;
int usernum = findUser(user->getName(),user->getRealm());
if(usernum < 0)
{
PrintLog("User number of %s can't be found", user->getName());
return false;
}
bool sqchecked = false, sqverified = false, otpchecked = false;
int otpok = -1;
ForEachItemIn(x, rlist)
{
ISecResource* secRes = (ISecResource*)(&(rlist.item(x)));
if(secRes == NULL)
continue;
//AccessFlags default value is -1. Set it to 0 so that the settings can be cached. AccessFlags is not being used for settings.
secRes->setAccessFlags(0);
if(secRes->getParameter("userprop") && *secRes->getParameter("userprop")!='\0')
{
//if we have a parameter in the user or company table it will have been added as a parameter to the ISecUser when
// the authentication query was run. We should keep this messiness here so that the the end user is insulated....
dbValidateSetting(*secRes,sec_user);
continue;
}
const char* resource_name = secRes->getParameter("resource");
if(resource_name && *resource_name &&
(stricmp(resource_name, "SSN Masking") == 0 || stricmp(resource_name, "Driver License Masking") == 0))
{
//If OTP Enabled and OTP2FACTOR cookie not valid, mask
if(m_enableOTP)
{
if(!otpchecked)
{
const char* otpcookie = sec_user.getProperty("OTP2FACTOR");
// -1 means OTP is not enabled for the user. 0: failed verfication, 1: passed verification.
otpok = validateOTP(&sec_user, otpcookie);
otpchecked = true;
}
if(otpok == 0)
{
CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes);
if(resource_name && *resource_name && cres)
{
if(stricmp(resource_name, "SSN Masking") == 0)
{
cres->setValue("All");
continue;
}
else if(stricmp(resource_name, "Driver License Masking") == 0)
{
cres->setValue("1");
continue;
}
}
}
else if(otpok == 1)
{
CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes);
if(resource_name && *resource_name && cres)
{
if(stricmp(resource_name, "SSN Masking") == 0)
{
cres->setValue("None");
continue;
}
else if(stricmp(resource_name, "Driver License Masking") == 0)
{
cres->setValue("0");
continue;
}
}
}
}
if(m_enableIPRoaming && sec_user.getPropertyInt("IPRoaming") == 1)
{
if(!sqchecked)
{
const char* sequest = sec_user.getProperty("SEQUEST");
if(sequest && *sequest)
{
sqverified = validateSecurityQuestion(&sec_user, sequest);
}
sqchecked = true;
}
if(!sqverified)
{
CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes);
if(resource_name && *resource_name && cres)
{
if(stricmp(resource_name, "SSN Masking") == 0)
{
cres->setValue("All");
continue;
}
else if(stricmp(resource_name, "Driver License Masking") == 0)
{
cres->setValue("1");
continue;
}
}
}
}
}
dbValidateSetting(*secRes,usernum,user->getRealm());
}
virtual void copyTo(ISecUser& destination)
{
destination.setAuthenticateStatus(getAuthenticateStatus());
destination.setName(getName());
destination.setFullName(getFullName());
destination.setFirstName(getFirstName());
destination.setLastName(getLastName());
destination.setEmployeeID(getEmployeeID());
destination.setRealm(getRealm());
destination.setFqdn(getFqdn());
destination.setPeer(getPeer());
destination.credentials().setPassword(credentials().getPassword());
destination.credentials().setSessionToken(credentials().getSessionToken());
destination.credentials().setSignature(credentials().getSignature());
CDateTime exp;
credentials().getPasswordExpiration(exp);
destination.credentials().setPasswordExpiration(exp);
CDateTime tmpTime;
destination.setPasswordExpiration(getPasswordExpiration(tmpTime));
destination.setStatus(getStatus());
CriticalBlock b(crit);
Owned<IPropertyIterator> Itr = m_parameters->getIterator();
ForEach(*Itr)
{
destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey()));
}
// DBGLOG("Copied name %s to %s",getName(),destination.getName());
}
int CSoapService::processHeader(CHeader* header, IEspContext* ctx)
{
int num = header->getNumBlocks();
if(ctx == NULL)
return 0;
int returnValue = 0;
bool authenticated = !ctx->toBeAuthenticated();
for (int i = 0; i < num; i++)
{
IRpcMessage* oneblock = header->getHeaderBlock(i);
if(oneblock == NULL)
continue;
if(strcmp(oneblock->get_name(), "Security") == 0)
{
bool encodeXML = oneblock->getEncodeXml();
oneblock->setEncodeXml(false);
StringBuffer username, password,realm;
oneblock->get_value("UsernameToken/Username", username);
oneblock->get_value("UsernameToken/Password", password);
oneblock->get_value("RealmToken/Realm", realm);
oneblock->setEncodeXml(encodeXML);
//DBGLOG("username=%s, password=%s", username.str(), password.str());
if(username.length() > 0)
{
ctx->setUserID(username.str());
ctx->setPassword(password.str());
if(realm.length()>0)
ctx->setRealm(realm.str());
ISecManager* secmgr = ctx->querySecManager();
if(secmgr != NULL)
{
ISecUser *user = ctx->queryUser();
if(user==NULL)
{
user = secmgr->createUser(username.str());
ctx->setUser(user);
}
if(user == NULL)
{
WARNLOG("Couldn't create ISecUser object for %s", username.str());
}
user->setName(username.str());
user->credentials().setPassword(password.str());
if(realm.length()>0)
user->setRealm(realm.str());
}
if(ctx->toBeAuthenticated())
{
if(stricmp(m_soapbinding->getTransportType(), "http") == 0)
{
EspHttpBinding* httpbinding = dynamic_cast<EspHttpBinding*>(m_soapbinding.get());
authenticated = httpbinding->doAuth(ctx);
}
else
{
authenticated = false;
}
if(!authenticated)
returnValue = SOAP_AUTHENTICATION_ERROR;
break;
}
}
}
}
if (returnValue == 0)
{
if (authenticated)
return 0;
returnValue = SOAP_AUTHENTICATION_REQUIRED;
}
StringBuffer peerStr;
ctx->getPeer(peerStr);
const char* userId = ctx->queryUserId();
VStringBuffer msg("SOAP request from %s@%s.", (userId&&*userId)?userId:"unknown", (peerStr.length()>0)?peerStr.str():"unknown");
if (returnValue == SOAP_AUTHENTICATION_ERROR)
msg.append(" User authentication failed");
else
msg.append(" User authentication required");
DBGLOG("%s", msg.str());
return returnValue;
}
void CopyTo(ISecUser & sec_user)
{
if(_UserInfo)
_UserInfo->copyTo(sec_user);
}
virtual void copyTo(ISecUser& destination)
{
destination.setAuthenticateStatus(getAuthenticateStatus());
destination.setName(getName());
destination.setFullName(getFullName());
destination.setFirstName(getFirstName());
destination.setLastName(getLastName());
destination.setRealm(getRealm());
destination.setFqdn(getFqdn());
destination.setPeer(getPeer());
destination.credentials().setPassword(credentials().getPassword());
CDateTime tmpTime;
destination.setPasswordExpiration(getPasswordExpiration(tmpTime));
destination.setStatus(getStatus());
if(m_parameters.get()==NULL)
return;
CriticalBlock b(crit);
Owned<IPropertyIterator> Itr = m_parameters->getIterator();
Itr->first();
while(Itr->isValid())
{
destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey()));
Itr->next();
}
//addToken is not currently implemented....
// DBGLOG("Copied name %s to %s",getName(),destination.getName());
}
