NS_IMETHODIMP MailEwsMsgMessageService::CopyMessages(uint32_t aNumKeys, nsMsgKey*aMsgKeys, nsIMsgFolder *srcFolder, nsIStreamListener *aMailboxCopyHandler, bool moveMessage, nsIUrlListener *aUrlListener, nsIMsgWindow *aMsgWindow, nsIURI **aURL) { NS_ENSURE_ARG_POINTER(aMailboxCopyHandler); NS_ENSURE_ARG_POINTER(aMsgKeys); nsresult rv = NS_OK; NS_ENSURE_ARG(srcFolder); NS_ENSURE_ARG(aMsgKeys); nsCOMPtr<nsIMailboxUrl> mailboxurl; mailews_logger << "Message Service Copy Messages-------------" << std::endl; nsMailboxAction actionToUse = nsIMailboxUrl::ActionMoveMessage; if (!moveMessage) actionToUse = nsIMailboxUrl::ActionCopyMessage; nsCOMPtr <nsIMsgDBHdr> msgHdr; nsCOMPtr <nsIMsgDatabase> db; srcFolder->GetMsgDatabase(getter_AddRefs(db)); if (db) { db->GetMsgHdrForKey(aMsgKeys[0], getter_AddRefs(msgHdr)); if (msgHdr) { nsCString uri; srcFolder->GetURI(uri); mailews_logger << "Src Folder uri:" << uri.get() << std::endl; srcFolder->GetUriForMsg(msgHdr, uri); mailews_logger << "Msg uri:" << uri.get() << std::endl; rv = PrepareMessageUrl(uri.get(), aUrlListener, actionToUse , getter_AddRefs(mailboxurl), aMsgWindow); if (NS_SUCCEEDED(rv)) { nsCOMPtr<nsIURI> url = do_QueryInterface(mailboxurl); nsCOMPtr<nsIMsgMailNewsUrl> msgUrl (do_QueryInterface(url)); nsCOMPtr<nsIMailboxUrl> mailboxUrl (do_QueryInterface(url)); msgUrl->SetMsgWindow(aMsgWindow); mailboxUrl->SetMoveCopyMsgKeys(aMsgKeys, aNumKeys); rv = RunMailboxUrl(url, aMailboxCopyHandler); } } } if (aURL && mailboxurl) CallQueryInterface(mailboxurl, aURL); return rv; }
nsresult nsMailboxService::CopyMessages(nsMsgKeyArray *msgKeys, nsIMsgFolder *srcFolder, nsIStreamListener * aMailboxCopyHandler, PRBool moveMessage, nsIUrlListener * aUrlListener, nsIMsgWindow *aMsgWindow, nsIURI **aURL) { nsresult rv = NS_OK; NS_ENSURE_ARG(srcFolder); nsCOMPtr<nsIMailboxUrl> mailboxurl; nsMailboxAction actionToUse = nsIMailboxUrl::ActionMoveMessage; if (!moveMessage) actionToUse = nsIMailboxUrl::ActionCopyMessage; nsCOMPtr <nsIMsgDBHdr> msgHdr; nsCOMPtr <nsIMsgDatabase> db; srcFolder->GetMsgDatabase(aMsgWindow, getter_AddRefs(db)); if (db) { db->GetMsgHdrForKey(msgKeys->GetAt(0), getter_AddRefs(msgHdr)); if (msgHdr) { nsXPIDLCString uri; srcFolder->GetUriForMsg(msgHdr, getter_Copies(uri)); rv = PrepareMessageUrl(uri, aUrlListener, actionToUse , getter_AddRefs(mailboxurl), aMsgWindow); if (NS_SUCCEEDED(rv)) { nsCOMPtr<nsIURI> url = do_QueryInterface(mailboxurl); nsCOMPtr<nsIMsgMailNewsUrl> msgUrl (do_QueryInterface(url)); nsCOMPtr<nsIMailboxUrl> mailboxUrl (do_QueryInterface(url)); msgUrl->SetMsgWindow(aMsgWindow); mailboxUrl->SetMoveCopyMsgKeys(msgKeys->GetArray(), msgKeys->GetSize()); rv = RunMailboxUrl(url, aMailboxCopyHandler); } } } if (aURL) mailboxurl->QueryInterface(NS_GET_IID(nsIURI), (void **) aURL); return rv; }
NS_IMETHODIMP nsMailboxService::OpenAttachment(const char *aContentType, const char *aFileName, const char *aUrl, const char *aMessageUri, nsISupports *aDisplayConsumer, nsIMsgWindow *aMsgWindow, nsIUrlListener *aUrlListener) { nsCOMPtr <nsIURI> URL; nsCAutoString urlString(aUrl); urlString += "&type="; urlString += aContentType; urlString += "&filename="; urlString += aFileName; CreateStartupUrl(urlString.get(), getter_AddRefs(URL)); nsresult rv; nsCOMPtr<nsIMsgMailNewsUrl> mailboxUrl(do_QueryInterface(URL, &rv)); if (NS_SUCCEEDED(rv) && mailboxUrl) mailboxUrl->SetMsgWindow(aMsgWindow); // try to run the url in the docshell... nsCOMPtr<nsIDocShell> docShell(do_QueryInterface(aDisplayConsumer, &rv)); // if we were given a docShell, run the url in the docshell..otherwise just run it normally. if (NS_SUCCEEDED(rv) && docShell) { nsCOMPtr<nsIDocShellLoadInfo> loadInfo; // DIRTY LITTLE HACK --> since we are opening an attachment we want the docshell to // treat this load as if it were a user click event. Then the dispatching stuff will be much // happier. docShell->CreateLoadInfo(getter_AddRefs(loadInfo)); loadInfo->SetLoadType(nsIDocShellLoadInfo::loadLink); return docShell->LoadURI(URL, loadInfo, nsIWebNavigation::LOAD_FLAGS_NONE, PR_FALSE); } return RunMailboxUrl(URL, aDisplayConsumer); }
UtlBoolean SubscribeServerThread::isAuthenticated ( const SipMessage* message, SipMessage *responseMessage, UtlString& authenticatedUser, UtlString& authenticatedRealm ) { UtlBoolean isAuthorized = FALSE; // if we are not using a database we must assume authenticated if ( !mIsCredentialDB ) { OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " ":: No Credential DB - request is always AUTHENTICATED"); isAuthorized = TRUE; } else { // realm and auth type should be default for server // if URI not defined in DB, the user is not authorized to modify bindings - OsSysLog::add( FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated():TRUE realm=\"%s\" ", mRealm.data()); UtlString requestNonce; UtlString requestRealm; UtlString requestUser; UtlString requestUserBase; UtlString requestUriParam; int requestAuthIndex = 0; // can have multiphe authorization / authorization-proxy headers // headers search for a realm match while ( message->getDigestAuthorizationData ( &requestUser, &requestRealm, &requestNonce, NULL, NULL, &requestUriParam, HttpMessage::SERVER, requestAuthIndex, &requestUserBase) ) { OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- Authorization header set in message, validate it.\n" "- reqRealm=\"%s\", reqUser=\"%s\", reqUserBase=\"%s\"", requestRealm.data(), requestUser.data(), requestUserBase.data()); // case sensitive comparison of realm if ( mRealm.compareTo( requestRealm ) == 0 ) { OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated()" "- Realm matches, now validate userid/password"); // See if the nonce is valid - see net/SipNonceDb.cpp UtlString reqUri; message->getRequestUri(&reqUri); Url mailboxUrl(reqUri); UtlString authTypeDB; UtlString passTokenDB; UtlString callId; UtlString fromTag; long nonceExpires = (5*60); // five minutes Url fromUrl; message->getFromUrl(fromUrl); fromUrl.getFieldParameter("tag", fromTag); message->getCallIdField(&callId); if (mNonceDb.isNonceValid(requestNonce, callId, fromTag, mRealm, nonceExpires)) { // then get the credentials for this realm if (CredentialDB::getInstance()-> getCredentialByUserid( mailboxUrl, mRealm, requestUserBase, passTokenDB, authTypeDB)) { // the Digest Password is calculated from the request // user, passtoken, nonce and request URI isAuthorized = message->verifyMd5Authorization(requestUser.data(), passTokenDB.data(), requestNonce, requestRealm.data(), requestUriParam.data()); if (isAuthorized) { // can have multiple credentials for same realm so only break out // when we have a positive match OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- request is AUTHENTICATED"); // copy the authenticated user/realm for subsequent authorization authenticatedUser = requestUserBase; authenticatedRealm = requestRealm; break; } else { OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- digest authorization failed"); } } else { OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- No Credentials for mailboxUrl=\"%s\", reqRealm=\"%s\", reqUser=\"%s\"", mailboxUrl.toString().data(), requestRealm.data(), requestUser.data()); } } else { OsSysLog::add(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- Invalid nonce \"%s\" for mailboxUrl=\"%s\", reqRealm=\"%s\", reqUser=\"%s\"", requestNonce.data(), mailboxUrl.toString().data(), requestRealm.data(), requestUser.data()); } // end check credentials } requestAuthIndex++; } //end while if ( !isAuthorized ) { // Generate the 401 Unauthorized response to challenge for credentials // Use the SipNonceDB to generate a nonce UtlString newNonce; UtlString callId; UtlString fromTag; Url fromUrl; message->getFromUrl(fromUrl); fromUrl.getFieldParameter("tag", fromTag); message->getCallIdField(&callId); mNonceDb.createNewNonce(callId, fromTag, mRealm, newNonce); responseMessage->setRequestUnauthorized(message, HTTP_DIGEST_AUTHENTICATION, mRealm, newNonce); } } return isAuthorized; }
UtlBoolean SubscribeServerThread::isAuthenticated (const SipMessage* message, SipMessage *responseMessage, UtlString& authenticatedUser, UtlString& authenticatedRealm ) { UtlBoolean retIsAuthenticated = FALSE; // if we are not using a database we must assume authenticated if ( !mIsCredentialDB ) { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " ":: No Credential DB - request is always AUTHENTICATED"); retIsAuthenticated = TRUE; } else { // realm and auth type should be default for server // if URI not defined in DB, the user is not authorized to modify bindings - Os::Logger::instance().log( FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated():TRUE realm=\"%s\" ", mRealm.data()); UtlString requestNonce; UtlString requestCnonce; UtlString requestNonceCount; UtlString requestQop; UtlString requestRealm; UtlString requestUser; UtlString requestUserBase; UtlString requestUriParam; int requestAuthIndex = 0; EntityDB* entityDb = StatusServer::getInstance()->getEntityDb(); // can have multiple authorization / authorization-proxy headers // headers search for a realm match while ( message->getDigestAuthorizationData ( &requestUser, &requestRealm, &requestNonce, NULL, // opaque NULL, // response &requestUriParam, &requestCnonce, &requestNonceCount, &requestQop, HttpMessage::SERVER, requestAuthIndex, &requestUserBase) ) { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- Authorization header set in message, validate it.\n" "- reqRealm=\"%s\", reqUser=\"%s\", reqUserBase=\"%s\"", requestRealm.data(), requestUser.data(), requestUserBase.data()); UtlString qopType; UtlString callId; UtlString fromTag; long nonceExpires = (5*60); // five minutes Url fromUrl; message->getFromUrl(fromUrl); fromUrl.getFieldParameter("tag", fromTag); UtlString reqUri; message->getRequestUri(&reqUri); Url mailboxUrl(reqUri); message->getCallIdField(&callId); if (mRealm.compareTo(requestRealm) ) // case sensitive check that realm is correct { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "Realm does not match"); } // See if the nonce is valid - see net/SipNonceDb.cpp else if (!mNonceDb.isNonceValid(requestNonce, callId, fromTag, mRealm, nonceExpires)) { Os::Logger::instance().log(FAC_AUTH, PRI_INFO, "SubscribeServerThread::isAuthenticated() " "Invalid NONCE: '%s' found for mailboxUrl '%s' " "realm: '%s' user: '******' " "cnonce: '%s' nc: '%s' qop: '%s' " "expiration: %ld", requestNonce.data(), mailboxUrl.toString().data(), mRealm.data(), requestUser.data(), requestCnonce.data(), requestNonceCount.data(), requestQop.data(), nonceExpires); } // verify that qop,cnonce, nonceCount are compatible else if (message->verifyQopConsistency(requestCnonce.data(), requestNonceCount.data(), &requestQop, qopType) >= HttpMessage::AUTH_QOP_NOT_SUPPORTED) { Os::Logger::instance().log(FAC_AUTH, PRI_INFO, "SubscribeServerThread::isAuthenticated() " "Invalid combination of QOP('%s'), cnonce('%s') and nonceCount('%s')", requestQop.data(), requestCnonce.data(), requestNonceCount.data()); } else // realm, nonce and qop are all ok { UtlString authTypeDB; UtlString passTokenDB; // then get the credentials for this realm if (entityDb->getCredential(mailboxUrl, mRealm, requestUserBase, passTokenDB, authTypeDB)) { // the Digest Password is calculated from the request // user, passtoken, nonce and request URI retIsAuthenticated = message->verifyMd5Authorization(requestUser.data(), passTokenDB.data(), requestNonce.data(), requestRealm.data(), requestCnonce.data(), requestNonceCount.data(), requestQop.data(), requestUriParam.data()); if (retIsAuthenticated) { // can have multiple credentials for same realm so only break out // when we have a positive match Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- request is AUTHENTICATED"); // copy the authenticated user/realm for subsequent authorization authenticatedUser = requestUserBase; authenticatedRealm = requestRealm; break; } else { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- digest authorization failed " "nonce \"%s\", cnonce \"%s\" for " "mailboxUrl=\"%s\", reqRealm=\"%s\", reqUser=\"%s\"", requestNonce.data(), requestCnonce.data(), mailboxUrl.toString().data(), requestRealm.data(), requestUser.data()); } } else { Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthenticated() " "- No Credentials for mailboxUrl=\"%s\", reqRealm=\"%s\", reqUser=\"%s\"", mailboxUrl.toString().data(), requestRealm.data(), requestUser.data()); } // end check credentials } requestAuthIndex++; } //end while if ( !retIsAuthenticated ) { // Generate the 401 Unauthorized response to challenge for credentials // Use the SipNonceDB to generate a nonce UtlString newNonce; UtlString callId; UtlString fromTag; Url fromUrl; message->getFromUrl(fromUrl); fromUrl.getFieldParameter("tag", fromTag); message->getCallIdField(&callId); mNonceDb.createNewNonce(callId, fromTag, mRealm, newNonce); responseMessage->setRequestUnauthorized(message, HTTP_DIGEST_AUTHENTICATION, mRealm, newNonce); } } // end DB exists return retIsAuthenticated; }