const StringBuffer &CEspApplicationPort::getAppFrameHtml(time_t &modified, const char *inner, StringBuffer &html, IEspContext* ctx) { if (!xslp) throw MakeStringException(0,"Error - CEspApplicationPort XSLT processor not initialized"); bool embedded_url=(inner&&*inner); StringBuffer params; bool needRefresh = true; if (!getUrlParams(ctx->queryRequestParameters(), params)) { if (params.length()==0) needRefresh = false; if (ctx->getClientVersion()>0) { params.appendf("%cver_=%g", params.length()?'&':'?', ctx->getClientVersion()); needRefresh = true; } } if (needRefresh || embedded_url || !appFrameHtml.length()) { int passwordDaysRemaining = scPasswordExpired;//-1 means dont display change password screen #ifdef _USE_OPENLDAP ISecUser* user = ctx->queryUser(); ISecManager* secmgr = ctx->querySecManager(); if(user && secmgr) { passwordDaysRemaining = user->getPasswordDaysRemaining();//-1 if expired, -2 if never expires int passwordExpirationDays = (int)secmgr->getPasswordExpirationWarningDays(); if (passwordDaysRemaining == scPasswordNeverExpires || passwordDaysRemaining > passwordExpirationDays) passwordDaysRemaining = scPasswordExpired; } #endif StringBuffer xml; StringBuffer encoded_inner; if(inner && *inner) encodeXML(inner, encoded_inner); // replace & with &s; params.replaceString("&","&"); xml.appendf("<EspApplicationFrame title=\"%s\" navWidth=\"%d\" navResize=\"%d\" navScroll=\"%d\" inner=\"%s\" params=\"%s\" passwordDays=\"%d\"/>", getESPContainer()->getFrameTitle(), navWidth, navResize, navScroll, (inner&&*inner) ? encoded_inner.str() : "?main", params.str(), passwordDaysRemaining); Owned<IXslTransform> xform = xslp->createXslTransform(); xform->loadXslFromFile(StringBuffer(getCFD()).append("./xslt/appframe.xsl").str()); xform->setXmlSource(xml.str(), xml.length()+1); xform->transform( (needRefresh || embedded_url) ? html.clear() : appFrameHtml.clear()); } if (!needRefresh && !embedded_url) html.clear().append(appFrameHtml.str()); static time_t startup_time = time(NULL); modified = startup_time; return html; }
bool CPermissionsCache::lookup(ISecUser& sec_user) { if(!isCacheEnabled()) return false; const char* username = sec_user.getName(); if(!username || !*username) return false; string key(username); ReadLockBlock readLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); if (it == m_userCache.end()) return false; CachedUser* user = (CachedUser*)(it->second); time_t now; time(&now); if(user->getTimestamp() < (now - m_cacheTimeout)) { m_userCache.erase(username); delete user; return false; } const char* cachedpw = user->queryUser()->credentials().getPassword(); StringBuffer pw(sec_user.credentials().getPassword()); if(cachedpw && pw.length() > 0) { StringBuffer md5pbuf; md5_string(pw, md5pbuf); if(strcmp(cachedpw, md5pbuf.str()) == 0) { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Found validated user %s", username); #endif // Copy cached user to the sec_user structure, but still keep the original clear text password. user->queryUser()->copyTo(sec_user); sec_user.credentials().setPassword(pw.str()); return true; } else { m_userCache.erase(username); delete user; return false; } } return false; }
bool CLocalSecurityManager::IsPasswordValid(ISecUser& sec_user) { IAuthenticatedUser* au = createAuthenticatedUser(); StringBuffer userbuf; #ifdef _WIN32 const char* realm = sec_user.getRealm(); if(realm&&*realm) userbuf.append(realm).append("\\"); #endif userbuf.append(sec_user.getName()); return au->login(userbuf.str(), sec_user.credentials().getPassword()); }
bool Cws_accountEx::onUpdateUserInput(IEspContext &context, IEspUpdateUserInputRequest &req, IEspUpdateUserInputResponse &resp) { try { ISecUser* user = context.queryUser(); if(user != NULL) { resp.setUsername(user->getName()); } } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CPermissionsCache::lookup(ISecUser& sec_user) { if(!isCacheEnabled()) return false; const char* username = sec_user.getName(); if(!username || !*username) return false; synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user == NULL) return false; time_t now; time(&now); if(user->getTimestamp() < (now - m_cacheTimeout)) { m_userCache.erase(username); delete user; return false; } const char* cachedpw = user->queryUser()->credentials().getPassword(); StringBuffer pw(sec_user.credentials().getPassword()); if(cachedpw && pw.length() > 0) { StringBuffer md5pbuf; md5_string(pw, md5pbuf); if(strcmp(cachedpw, md5pbuf.str()) == 0) { // Copy cached user to the sec_user structure, but still keep the original clear text password. user->queryUser()->copyTo(sec_user); sec_user.credentials().setPassword(pw.str()); return true; } else { m_userCache.erase(username); delete user; return false; } } return false; }
UserInfo(ISecUser& userInfo, unsigned TimeoutPeriod=60000) { _UserInfo = &userInfo; if(_UserInfo) _UserInfo->Link(); _timeCreated = msTick(); _timeOut = TimeoutPeriod; }
void CPermissionsCache::removePermissions( ISecUser& sec_user) { synchronized block(m_cachemonitor); const char* user = sec_user.getName(); if(user != NULL && *user != '\0') { m_resPermissionsMap.erase(user); } }
void CPermissionsCache::add(ISecUser& sec_user) { if(!isCacheEnabled() || &sec_user == NULL) return; const char* username = sec_user.getName(); if(!username || !*username) return; synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user) { m_userCache.erase(username); delete user; } m_userCache[username] = new CachedUser(sec_user.clone()); }
bool CBaseSecurityManager::authorize(ISecUser & sec_user, ISecResourceList * Resources) { if(sec_user.getAuthenticateStatus() != AS_AUTHENTICATED) { bool bOk = ValidateUser(sec_user); if(bOk == false) return false; } return ValidateResources(sec_user,Resources); }
virtual ~UserInfo() { MapStrToResList::iterator pos; for(pos=_resList.begin();pos!=_resList.end();){ pos->second->Release(); pos++; } if(_UserInfo) _UserInfo->Release(); }
bool CWsPackageProcessEx::onEcho(IEspContext &context, IEspEchoRequest &req, IEspEchoResponse &resp) { StringBuffer respMsg; ISecUser* user = context.queryUser(); if(user != NULL) { const char* name = user->getName(); if (name && *name) respMsg.appendf("%s: ", name); } const char* reqMsg = req.getRequest(); if (reqMsg && *reqMsg) respMsg.append(reqMsg); else respMsg.append("??"); resp.setResponse(respMsg.str()); return true; }
void CPermissionsCache::removePermissions( ISecUser& sec_user) { const char* user = sec_user.getName(); if(user != NULL && *user != '\0') { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Removing permissions for user %s", user); #endif WriteLockBlock writeLock(m_resPermCacheRWLock); m_resPermissionsMap.erase(user); } }
void CPermissionsCache::add(ISecUser& sec_user) { if(!isCacheEnabled()) return; const char* username = sec_user.getName(); if(!username || !*username) return; synchronized block(m_userCacheMonitor); string key(username); MapUserCache::iterator it = m_userCache.find(key); CachedUser* user = NULL; if (it != m_userCache.end()) { user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; } m_userCache[username] = new CachedUser(sec_user.clone()); }
bool Cws_accountEx::onMyAccount(IEspContext &context, IEspMyAccountRequest &req, IEspMyAccountResponse &resp) { try { ISecUser* user = context.queryUser(); if(user != NULL) { CDateTime dt; user->getPasswordExpiration(dt); StringBuffer sb; if (dt.isNull()) sb.append("Never"); else { dt.getString(sb); sb.replace('T', (char)0);//chop off timestring } resp.setPasswordExpiration(sb.str()); resp.setPasswordDaysRemaining(user->getPasswordDaysRemaining()); resp.setFirstName(user->getFirstName()); resp.setLastName(user->getLastName()); resp.setUsername(user->getName()); } } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool IsPasswordValid(ISecUser& sec_user) { StringBuffer user; user.append(sec_user.getName()); if (0 == user.length()) throw MakeStringException(-1, "htpasswd User name is NULL"); CriticalBlock block(crit); if (!apr_initialized) initAPR(); loadPwds();//reload password file if modified StringBuffer *encPW = userMap.getValue(user.str()); if (encPW && encPW->length()) { apr_status_t rc = apr_password_validate(sec_user.credentials().getPassword(), encPW->str()); if (rc != APR_SUCCESS) DBGLOG("htpasswd authentication for user %s failed - APR RC %d", user.str(), rc ); return rc == APR_SUCCESS; } DBGLOG("User %s not in htpasswd file", user.str()); return false; }
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user) { const char* username = sec_user.getName(); if(username && *username) { synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user) { m_userCache.erase(username); delete user; } } }
void CPermissionsCache::add(ISecUser& sec_user) { if(!isCacheEnabled()) return; const char* username = sec_user.getName(); if(!username || !*username) return; string key(username); WriteLockBlock writeLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); CachedUser* user = NULL; if (it != m_userCache.end()) { user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; } #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Adding cached user %s", username); #endif m_userCache[username] = new CachedUser(sec_user.clone()); }
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user) { const char* username = sec_user.getName(); if(username && *username) { synchronized block(m_userCacheMonitor); string key(username); MapUserCache::iterator it = m_userCache.find(key); if (it != m_userCache.end()) { CachedUser* user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; } } }
void CPermissionsCache::add( ISecUser& sec_user, IArrayOf<ISecResource>& resources ) { synchronized block(m_cachemonitor); const char* user = sec_user.getName(); MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( user ); CResPermissionsCache* pResPermissionsCache; if (i == m_resPermissionsMap.end()) { //DBGLOG("CACHE: Adding cache for %s", user); pResPermissionsCache = new CResPermissionsCache(this, user); m_resPermissionsMap.insert(pair<string, CResPermissionsCache*>(user, pResPermissionsCache)); } else pResPermissionsCache = (*i).second; pResPermissionsCache->add( resources ); }
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user) { const char* username = sec_user.getName(); if(username && *username) { string key(username); WriteLockBlock writeLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); if (it != m_userCache.end()) { CachedUser* user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Removing cached user %s", username); #endif } } }
int CPermissionsCache::lookup( ISecUser& sec_user, IArrayOf<ISecResource>& resources, bool* pFound) { synchronized block(m_cachemonitor); const char* userId = sec_user.getName(); int nFound; MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( userId ); if (i != m_resPermissionsMap.end()) { CResPermissionsCache* pResPermissionsCache = (*i).second; nFound = pResPermissionsCache->lookup( resources, pFound ); } else { nFound = 0; memset(pFound, 0, sizeof(bool)*resources.ordinality()); //DBGLOG("CACHE: Looking up %s:*", userId); } return nFound; }
int CPermissionsCache::lookup( ISecUser& sec_user, IArrayOf<ISecResource>& resources, bool* pFound) { const char* userId = sec_user.getName(); int nFound; ReadLockBlock readLock(m_resPermCacheRWLock); MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( userId ); if (i != m_resPermissionsMap.end()) { CResPermissionsCache* pResPermissionsCache = (*i).second; nFound = pResPermissionsCache->lookup( resources, pFound ); } else { nFound = 0; memset(pFound, 0, sizeof(bool)*resources.ordinality()); } #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Looked up resources for %s:*, found %d of %d matches", userId, nFound, resources.ordinality()); #endif return nFound; }
void CPermissionsCache::add( ISecUser& sec_user, IArrayOf<ISecResource>& resources ) { const char* user = sec_user.getName(); WriteLockBlock writeLock(m_resPermCacheRWLock); MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( user ); CResPermissionsCache* pResPermissionsCache; if (i == m_resPermissionsMap.end()) { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Adding resources to cache for new user %s", user); #endif pResPermissionsCache = new CResPermissionsCache(this, user); m_resPermissionsMap.insert(pair<string, CResPermissionsCache*>(user, pResPermissionsCache)); } else { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Adding resources to cache for existing user %s", user); #endif pResPermissionsCache = (*i).second; } pResPermissionsCache->add( resources ); }
bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & req, IEspUpdateUserResponse & resp) { try { CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr == NULL) { throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager can't be converted to LdapSecManager. Only LdapSecManager supports this function."); } ISecUser* user = context.queryUser(); if(user == NULL) { resp.setRetcode(-1); resp.setMessage("Can't find user in esp context. Please check if the user was properly logged in."); return false; } if(req.getUsername() == NULL || strcmp(req.getUsername(), user->getName()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* oldpass = req.getOldpass(); if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* newpass1 = req.getNewpass1(); const char* newpass2 = req.getNewpass2(); if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4) { resp.setRetcode(-1); resp.setMessage("New password must be 4 characters or longer."); return false; } if(strcmp(newpass1, newpass2) != 0) { resp.setRetcode(-1); resp.setMessage("Password and retype don't match."); return false; } if(strcmp(oldpass, newpass1) == 0) { resp.setRetcode(-1); resp.setMessage("New password can't be the same as current password."); return false; } const char* pwscheme = secmgr->getPasswordStorageScheme(); bool isCrypt = pwscheme && (stricmp(pwscheme, "CRYPT") == 0); if(isCrypt && strncmp(oldpass, newpass1, 8) == 0) { resp.setRetcode(-1); resp.setMessage("The first 8 characters of the new password must be different from before."); return false; } bool ok = false; try { ok = secmgr->updateUserPassword(*user, newpass1, oldpass); } catch(IException* e) { StringBuffer emsg; e->errorMessage(emsg); resp.setRetcode(-1); resp.setMessage(emsg.str()); return false; } catch(...) { ok = false; } if(!ok) { throw MakeStringException(ECLWATCH_CANNOT_CHANGE_PASSWORD, "Failed in changing password."); } resp.setRetcode(0); if(isCrypt && strlen(newpass1) > 8) resp.setMessage("Your password has been changed successfully, however, only the first 8 chars are effective."); else resp.setMessage("Your password has been changed successfully."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool Cws_accountEx::onVerifyUser(IEspContext &context, IEspVerifyUserRequest &req, IEspVerifyUserResponse &resp) { try { ISecUser* usr = context.queryUser(); if(!usr || usr->getAuthenticateStatus() != AS_AUTHENTICATED) { resp.setRetcode(-1); return false; } const char* ver = req.getVersion(); if (!ver || !*ver) { throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version not found"); } int minor = 0; int major = 0; const char* dot1 = strrchr(ver, '.'); if (!dot1) minor = atoi(ver); else if (strlen(dot1) > 1) { minor = atoi(dot1 + 1); if(dot1 > ver) { const char* dot2 = dot1 - 1; while(dot2 > ver && *dot2 != '.') dot2--; if(*dot2 == '.') dot2++; if(dot2 < dot1) { StringBuffer majorstr; majorstr.append(dot1 - dot2, dot2); major = atoi(majorstr.str()); } } } if(major > CUTOFF_MAJOR || (major == CUTOFF_MAJOR && minor >= CUTOFF_MINOR)) { resp.setRetcode(0); return true; } const char* build_ver = getBuildVersion(); if (build_ver && *build_ver) throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s (server %s) is out of date.", ver, build_ver); else throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s is out of date.", ver); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CBaseSecurityManager::updateSettings(ISecUser & sec_user,IArrayOf<ISecResource>& rlist) { CSecureUser* user = (CSecureUser*)&sec_user; if(user == NULL) return false; int usernum = findUser(user->getName(),user->getRealm()); if(usernum < 0) { PrintLog("User number of %s can't be found", user->getName()); return false; } bool sqchecked = false, sqverified = false, otpchecked = false; int otpok = -1; ForEachItemIn(x, rlist) { ISecResource* secRes = (ISecResource*)(&(rlist.item(x))); if(secRes == NULL) continue; //AccessFlags default value is -1. Set it to 0 so that the settings can be cached. AccessFlags is not being used for settings. secRes->setAccessFlags(0); if(secRes->getParameter("userprop") && *secRes->getParameter("userprop")!='\0') { //if we have a parameter in the user or company table it will have been added as a parameter to the ISecUser when // the authentication query was run. We should keep this messiness here so that the the end user is insulated.... dbValidateSetting(*secRes,sec_user); continue; } const char* resource_name = secRes->getParameter("resource"); if(resource_name && *resource_name && (stricmp(resource_name, "SSN Masking") == 0 || stricmp(resource_name, "Driver License Masking") == 0)) { //If OTP Enabled and OTP2FACTOR cookie not valid, mask if(m_enableOTP) { if(!otpchecked) { const char* otpcookie = sec_user.getProperty("OTP2FACTOR"); // -1 means OTP is not enabled for the user. 0: failed verfication, 1: passed verification. otpok = validateOTP(&sec_user, otpcookie); otpchecked = true; } if(otpok == 0) { CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes); if(resource_name && *resource_name && cres) { if(stricmp(resource_name, "SSN Masking") == 0) { cres->setValue("All"); continue; } else if(stricmp(resource_name, "Driver License Masking") == 0) { cres->setValue("1"); continue; } } } else if(otpok == 1) { CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes); if(resource_name && *resource_name && cres) { if(stricmp(resource_name, "SSN Masking") == 0) { cres->setValue("None"); continue; } else if(stricmp(resource_name, "Driver License Masking") == 0) { cres->setValue("0"); continue; } } } } if(m_enableIPRoaming && sec_user.getPropertyInt("IPRoaming") == 1) { if(!sqchecked) { const char* sequest = sec_user.getProperty("SEQUEST"); if(sequest && *sequest) { sqverified = validateSecurityQuestion(&sec_user, sequest); } sqchecked = true; } if(!sqverified) { CSecurityResource* cres = dynamic_cast<CSecurityResource*>(secRes); if(resource_name && *resource_name && cres) { if(stricmp(resource_name, "SSN Masking") == 0) { cres->setValue("All"); continue; } else if(stricmp(resource_name, "Driver License Masking") == 0) { cres->setValue("1"); continue; } } } } } dbValidateSetting(*secRes,usernum,user->getRealm()); }
virtual void copyTo(ISecUser& destination) { destination.setAuthenticateStatus(getAuthenticateStatus()); destination.setName(getName()); destination.setFullName(getFullName()); destination.setFirstName(getFirstName()); destination.setLastName(getLastName()); destination.setEmployeeID(getEmployeeID()); destination.setRealm(getRealm()); destination.setFqdn(getFqdn()); destination.setPeer(getPeer()); destination.credentials().setPassword(credentials().getPassword()); destination.credentials().setSessionToken(credentials().getSessionToken()); destination.credentials().setSignature(credentials().getSignature()); CDateTime exp; credentials().getPasswordExpiration(exp); destination.credentials().setPasswordExpiration(exp); CDateTime tmpTime; destination.setPasswordExpiration(getPasswordExpiration(tmpTime)); destination.setStatus(getStatus()); CriticalBlock b(crit); Owned<IPropertyIterator> Itr = m_parameters->getIterator(); ForEach(*Itr) { destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey())); } // DBGLOG("Copied name %s to %s",getName(),destination.getName()); }
int CSoapService::processHeader(CHeader* header, IEspContext* ctx) { int num = header->getNumBlocks(); if(ctx == NULL) return 0; int returnValue = 0; bool authenticated = !ctx->toBeAuthenticated(); for (int i = 0; i < num; i++) { IRpcMessage* oneblock = header->getHeaderBlock(i); if(oneblock == NULL) continue; if(strcmp(oneblock->get_name(), "Security") == 0) { bool encodeXML = oneblock->getEncodeXml(); oneblock->setEncodeXml(false); StringBuffer username, password,realm; oneblock->get_value("UsernameToken/Username", username); oneblock->get_value("UsernameToken/Password", password); oneblock->get_value("RealmToken/Realm", realm); oneblock->setEncodeXml(encodeXML); //DBGLOG("username=%s, password=%s", username.str(), password.str()); if(username.length() > 0) { ctx->setUserID(username.str()); ctx->setPassword(password.str()); if(realm.length()>0) ctx->setRealm(realm.str()); ISecManager* secmgr = ctx->querySecManager(); if(secmgr != NULL) { ISecUser *user = ctx->queryUser(); if(user==NULL) { user = secmgr->createUser(username.str()); ctx->setUser(user); } if(user == NULL) { WARNLOG("Couldn't create ISecUser object for %s", username.str()); } user->setName(username.str()); user->credentials().setPassword(password.str()); if(realm.length()>0) user->setRealm(realm.str()); } if(ctx->toBeAuthenticated()) { if(stricmp(m_soapbinding->getTransportType(), "http") == 0) { EspHttpBinding* httpbinding = dynamic_cast<EspHttpBinding*>(m_soapbinding.get()); authenticated = httpbinding->doAuth(ctx); } else { authenticated = false; } if(!authenticated) returnValue = SOAP_AUTHENTICATION_ERROR; break; } } } } if (returnValue == 0) { if (authenticated) return 0; returnValue = SOAP_AUTHENTICATION_REQUIRED; } StringBuffer peerStr; ctx->getPeer(peerStr); const char* userId = ctx->queryUserId(); VStringBuffer msg("SOAP request from %s@%s.", (userId&&*userId)?userId:"unknown", (peerStr.length()>0)?peerStr.str():"unknown"); if (returnValue == SOAP_AUTHENTICATION_ERROR) msg.append(" User authentication failed"); else msg.append(" User authentication required"); DBGLOG("%s", msg.str()); return returnValue; }
void CopyTo(ISecUser & sec_user) { if(_UserInfo) _UserInfo->copyTo(sec_user); }
virtual void copyTo(ISecUser& destination) { destination.setAuthenticateStatus(getAuthenticateStatus()); destination.setName(getName()); destination.setFullName(getFullName()); destination.setFirstName(getFirstName()); destination.setLastName(getLastName()); destination.setRealm(getRealm()); destination.setFqdn(getFqdn()); destination.setPeer(getPeer()); destination.credentials().setPassword(credentials().getPassword()); CDateTime tmpTime; destination.setPasswordExpiration(getPasswordExpiration(tmpTime)); destination.setStatus(getStatus()); if(m_parameters.get()==NULL) return; CriticalBlock b(crit); Owned<IPropertyIterator> Itr = m_parameters->getIterator(); Itr->first(); while(Itr->isValid()) { destination.setProperty(Itr->getPropKey(),m_parameters->queryProp(Itr->getPropKey())); Itr->next(); } //addToken is not currently implemented.... // DBGLOG("Copied name %s to %s",getName(),destination.getName()); }