const char *request::operator[](const char * val) { #define op(a) (strcmp(val, a) == 0) if (op("Accept")) return getAccept(); else if (op("Accept-Charset")) return getAccept_Charset(); else if (op("Accept-Encoding")) return getAccept_Encoding(); else if (op("Accept-Language")) return getAccept_Language(); else if (op("Authorization")) return getAuthorization(); else if (op("Expect")) return getExpect(); else if (op("From")) return getFrom(); else if (op("If-Match")) return getIf_Match(); else if (op("If-Modified-Since")) return getIf_Modified_since(); else if (op("If-None-Match")) return getIf_None_Match(); else if (op("If-Range")) return getIf_Range(); else if (op("If-Unmodified-Since")) return getIf_Unmodified_Since(); else if (op("Max-Forwards")) return getMax_Forwards(); else if (op("Proxy-Authorization")) return getProxy_Authorization(); else if (op("Range")) return getRange(); else if (op("Referer")) return getReferrer(); else if (op("TE")) return getTE(); else if (op("User-Agent")) return getUser_Agent(); else if (op("URI")) return this->URI; return NULL; #undef op }
// // Verify whether the specified operation has authorization // to be performed by the specified user. // Boolean AuthorizationHandler::verifyAuthorization( const String& userName, const CIMNamespaceName& nameSpace, const CIMName& cimMethodName) { PEG_METHOD_ENTER( TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()"); Boolean authorized = false; Boolean readOperation = false; Boolean writeOperation = false; Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]); Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]); for (Uint32 i = 0; i < readOpSize; i++) { if (cimMethodName.equal(READ_OPERATIONS[i])) { readOperation = true; break; } } if (!readOperation) { for (Uint32 i = 0; i < writeOpSize; i++ ) { if (cimMethodName.equal(WRITE_OPERATIONS[i])) { writeOperation = true; break; } } } #ifdef PEGASUS_OS_PASE if (readOperation || writeOperation) { //Use OS/400 Application Administration to do cim operation verification CString userCStr = userName.getCString(); const char * user = (const char *)userCStr; CString cimMethCStr = cimMethodName.getString().getCString(); const char * cimMeth = (const char *)cimMethCStr; CString nameSpaceCStr = nameSpace.getString().getCString(); const char * nameSpChar = (const char *)nameSpaceCStr; int PaseAuth = umeVerifyFunctionAuthorization(user, cimMeth); if (PaseAuth == TRUE) authorized = true; /* read operation needn't verify priviledUser */ if(authorized && writeOperation) { /* The Application Admin checks we have now cover all class/qualifier operations to all namespaces. But maybe this is not enough protection for the private Pegasus namespaces. We should call isPrivilegedUser in this case instead of App Admin */ if (strcasecmp(nameSpChar,"root/PG_Internal") == 0 ||strcasecmp(nameSpChar,"root/PG_InterOp") == 0 ||strcasecmp(nameSpChar,"PG_Internal") == 0 ||strcasecmp(nameSpChar,"PG_InterOp") == 0 ) { if(!System::isPrivilegedUser(userName)) authorized = false; } } } #else // // Get the authorization of the specified user and namespace // String auth; try { auth = getAuthorization(userName, nameSpace); } catch (Exception&) { PEG_METHOD_EXIT(); return authorized; } if ((String::equal(auth, "rw") || String::equal(auth, "wr")) && (readOperation || writeOperation)) { authorized = true; } else if (String::equal(auth, "r") && readOperation) { authorized = true; } else if (String::equal(auth, "w") && writeOperation) { authorized = true; } #endif PEG_METHOD_EXIT(); return authorized; }
/* Fonction qui interprete une requette passee en parametre dans input, fournit le chemin du fichier demandé dans path, fournit le header dans output, index précise s'il faut conserver la connection dans keep_alive (0/1) */ static int interpreter(client_t *client, int *index, int *keep_alive, char *encoding, int *endRequete) { request_t requete = {0, {0}, {0}, client->ip, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, 0, 0, 0, 0, 0}; reponse_t reponse = {200, {0}, {NULL, 0, 0}, 0, 10}; reponse.header = bufinit(&reponse.header, BUFFER_SIZE, " 200 OK", 9); reponse.header.use = 9; reponse.time = time(NULL); #ifndef NDEBUG printf("<interpreter> requete entrante :\n'%s'\n", client->requete.ptr); #endif int ret = decode(&client->requete, &requete); if(ret != 0){ erreur(ret, &reponse); } if(requete.method == 1){ // GET getVarGET(&requete, &client->vars); }else if(requete.method == 3){ // POST int size = min(requete.content_length, client->requete.use - *endRequete); bufstrcpy(&client->vars, client->requete.ptr+(*endRequete), size); } printf("variables : %s\n", client->vars.ptr); /* Validation du path */ if(valider_path(&requete, &reponse)){ erreur(404, &reponse); } struct stat file_stat; if(reponse.code == 200){ if(stat(requete.path, &file_stat) == -1){ perror("stats"); erreur(500, &reponse); } } /*droit de lecture */ if(reponse.code == 200){ if(!valider_access(file_stat.st_mode)){ erreur(403, &reponse); } } /* Authentification */ if(reponse.code == 200){ if(passFileExistInDir(requete.path)){ char login[30] = {0}; char password[15] = {0}; if(!getAuthorization(requete.authorization, login, password) && !getLoginAndPassword(requete.query, login, password)){ erreur(401,&reponse); requete.keep_alive = 0; }else{ char pass_path[SMALL_BUFF]; getPassFilePath(requete.path,pass_path,isDir(&file_stat)); if(!authentifier(login,password,pass_path)){ erreur(401,&reponse); requete.keep_alive = 0; } } } /* Get content type*/ getContentType(&requete, &reponse, &file_stat); if(requete.method == 2){ *index = 4; // methode HEAD }else{ *index = requete.index; } } bufstrcpy(&client->path, requete.path, strlen(requete.path)); /* On creer le header dans output */ encoder(&client->reponse, &reponse, &requete); if(strlen(requete.encoding) > 0){ get_encoding(requete.encoding,encoding); } makeLog(&requete,&reponse); *keep_alive = requete.keep_alive; *endRequete += requete.content_length; bufkill(&reponse.header); return reponse.code; }
void MoodBoxServer::getAuthorization(Callback callback, qint32 userId) { getAuthorization(callback, QVariant(), userId); }