const char *request::operator[](const char * val)
{
#define op(a) (strcmp(val, a) == 0)
if (op("Accept")) return getAccept();
else if (op("Accept-Charset")) return getAccept_Charset();
else if (op("Accept-Encoding")) return getAccept_Encoding();
else if (op("Accept-Language")) return getAccept_Language();
else if (op("Authorization")) return getAuthorization();
else if (op("Expect")) return getExpect();
else if (op("From")) return getFrom();
else if (op("If-Match")) return getIf_Match();
else if (op("If-Modified-Since")) return getIf_Modified_since();
else if (op("If-None-Match")) return getIf_None_Match();
else if (op("If-Range")) return getIf_Range();
else if (op("If-Unmodified-Since")) return getIf_Unmodified_Since();
else if (op("Max-Forwards")) return getMax_Forwards();
else if (op("Proxy-Authorization")) return getProxy_Authorization();
else if (op("Range")) return getRange();
else if (op("Referer")) return getReferrer();
else if (op("TE")) return getTE();
else if (op("User-Agent")) return getUser_Agent();
else if (op("URI")) return this->URI;
return NULL;
#undef op
}
//
// Verify whether the specified operation has authorization
// to be performed by the specified user.
//
Boolean AuthorizationHandler::verifyAuthorization(
const String& userName,
const CIMNamespaceName& nameSpace,
const CIMName& cimMethodName)
{
PEG_METHOD_ENTER(
TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
Boolean authorized = false;
Boolean readOperation = false;
Boolean writeOperation = false;
Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
for (Uint32 i = 0; i < readOpSize; i++)
{
if (cimMethodName.equal(READ_OPERATIONS[i]))
{
readOperation = true;
break;
}
}
if (!readOperation)
{
for (Uint32 i = 0; i < writeOpSize; i++ )
{
if (cimMethodName.equal(WRITE_OPERATIONS[i]))
{
writeOperation = true;
break;
}
}
}
#ifdef PEGASUS_OS_PASE
if (readOperation || writeOperation)
{
//Use OS/400 Application Administration to do cim operation verification
CString userCStr = userName.getCString();
const char * user = (const char *)userCStr;
CString cimMethCStr = cimMethodName.getString().getCString();
const char * cimMeth = (const char *)cimMethCStr;
CString nameSpaceCStr = nameSpace.getString().getCString();
const char * nameSpChar = (const char *)nameSpaceCStr;
int PaseAuth =
umeVerifyFunctionAuthorization(user,
cimMeth);
if (PaseAuth == TRUE)
authorized = true;
/* read operation needn't verify priviledUser */
if(authorized && writeOperation)
{
/*
The Application Admin checks
we have now cover all class/qualifier
operations to all namespaces.
But maybe this is not enough protection
for the private Pegasus namespaces.
We should call isPrivilegedUser
in this case instead of App Admin
*/
if (strcasecmp(nameSpChar,"root/PG_Internal") == 0
||strcasecmp(nameSpChar,"root/PG_InterOp") == 0
||strcasecmp(nameSpChar,"PG_Internal") == 0
||strcasecmp(nameSpChar,"PG_InterOp") == 0 )
{
if(!System::isPrivilegedUser(userName))
authorized = false;
}
}
}
#else
//
// Get the authorization of the specified user and namespace
//
String auth;
try
{
auth = getAuthorization(userName, nameSpace);
}
catch (Exception&)
{
PEG_METHOD_EXIT();
return authorized;
}
if ((String::equal(auth, "rw") || String::equal(auth, "wr")) &&
(readOperation || writeOperation))
{
authorized = true;
}
else if (String::equal(auth, "r") && readOperation)
{
authorized = true;
}
else if (String::equal(auth, "w") && writeOperation)
{
authorized = true;
}
#endif
PEG_METHOD_EXIT();
return authorized;
}
/* Fonction qui interprete une requette passee en parametre dans input,
fournit le chemin du fichier demandé dans path,
fournit le header dans output,
index
précise s'il faut conserver la connection dans keep_alive (0/1) */
static int interpreter(client_t *client, int *index, int *keep_alive, char *encoding, int *endRequete)
{
request_t requete = {0, {0}, {0}, client->ip, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, 0, 0, 0, 0, 0};
reponse_t reponse = {200, {0}, {NULL, 0, 0}, 0, 10};
reponse.header = bufinit(&reponse.header, BUFFER_SIZE, " 200 OK", 9);
reponse.header.use = 9;
reponse.time = time(NULL);
#ifndef NDEBUG
printf("<interpreter> requete entrante :\n'%s'\n", client->requete.ptr);
#endif
int ret = decode(&client->requete, &requete);
if(ret != 0){
erreur(ret, &reponse);
}
if(requete.method == 1){ // GET
getVarGET(&requete, &client->vars);
}else if(requete.method == 3){ // POST
int size = min(requete.content_length, client->requete.use - *endRequete);
bufstrcpy(&client->vars, client->requete.ptr+(*endRequete), size);
}
printf("variables : %s\n", client->vars.ptr);
/* Validation du path */
if(valider_path(&requete, &reponse)){
erreur(404, &reponse);
}
struct stat file_stat;
if(reponse.code == 200){
if(stat(requete.path, &file_stat) == -1){
perror("stats");
erreur(500, &reponse);
}
}
/*droit de lecture */
if(reponse.code == 200){
if(!valider_access(file_stat.st_mode)){
erreur(403, &reponse);
}
}
/* Authentification */
if(reponse.code == 200){
if(passFileExistInDir(requete.path)){
char login[30] = {0};
char password[15] = {0};
if(!getAuthorization(requete.authorization, login, password) &&
!getLoginAndPassword(requete.query, login, password)){
erreur(401,&reponse);
requete.keep_alive = 0;
}else{
char pass_path[SMALL_BUFF];
getPassFilePath(requete.path,pass_path,isDir(&file_stat));
if(!authentifier(login,password,pass_path)){
erreur(401,&reponse);
requete.keep_alive = 0;
}
}
}
/* Get content type*/
getContentType(&requete, &reponse, &file_stat);
if(requete.method == 2){
*index = 4; // methode HEAD
}else{
*index = requete.index;
}
}
bufstrcpy(&client->path, requete.path, strlen(requete.path));
/* On creer le header dans output */
encoder(&client->reponse, &reponse, &requete);
if(strlen(requete.encoding) > 0){
get_encoding(requete.encoding,encoding);
}
makeLog(&requete,&reponse);
*keep_alive = requete.keep_alive;
*endRequete += requete.content_length;
bufkill(&reponse.header);
return reponse.code;
}
void MoodBoxServer::getAuthorization(Callback callback, qint32 userId)
{
getAuthorization(callback, QVariant(), userId);
}
