bool CWSESPControlEx::onSetLogging(IEspContext& context, IEspSetLoggingRequest& req, IEspSetLoggingResponse& resp)
{
try
{
#ifdef _USE_OPENLDAP
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr && !secmgr->isSuperUser(context.queryUser()))
{
context.setAuthStatus(AUTH_STATUS_NOACCESS);
throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to change log settings. Permission denied.");
}
#endif
if (!m_container)
throw MakeStringException(ECLWATCH_INTERNAL_ERROR, "Failed to access container.");
if (!req.getLoggingLevel_isNull())
m_container->setLogLevel(req.getLoggingLevel());
if (!req.getLogRequests_isNull())
m_container->setLogRequests(req.getLogRequests());
if (!req.getLogResponses_isNull())
m_container->setLogResponses(req.getLogResponses());
resp.setStatus(0);
resp.setMessage("Logging settings are updated.");
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CWSESPControlEx::onCleanSession(IEspContext& context, IEspCleanSessionRequest& req, IEspCleanSessionResponse& resp)
{
try
{
#ifdef _USE_OPENLDAP
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr && !secmgr->isSuperUser(context.queryUser()))
{
context.setAuthStatus(AUTH_STATUS_NOACCESS);
throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to clean session. Permission denied.");
}
#endif
StringBuffer id, userID, fromIP;
bool allSessions = req.getAllSessions();
if (!allSessions)
{
id.set(req.getID());
userID.set(req.getUserID());
fromIP.set(req.getFromIP());
if ((id.trim().isEmpty()) && (userID.trim().isEmpty()) && (fromIP.trim().isEmpty()))
throw MakeStringException(ECLWATCH_INVALID_INPUT, "ID, userID or FromIP has to be specified.");
}
cleanSessions(allSessions, id.str(), userID.str(), fromIP.str());
resp.setStatus(0);
resp.setMessage("Session is cleaned.");
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool Cws_accountEx::onMyAccount(IEspContext &context, IEspMyAccountRequest &req, IEspMyAccountResponse &resp)
{
try
{
ISecUser* user = context.queryUser();
if(user != NULL)
{
CDateTime dt;
user->getPasswordExpiration(dt);
StringBuffer sb;
if (dt.isNull())
sb.append("Never");
else
{
dt.getString(sb);
sb.replace('T', (char)0);//chop off timestring
}
resp.setPasswordExpiration(sb.str());
resp.setPasswordDaysRemaining(user->getPasswordDaysRemaining());
resp.setFirstName(user->getFirstName());
resp.setLastName(user->getLastName());
resp.setUsername(user->getName());
}
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CWSESPControlEx::onSetSessionTimeout(IEspContext& context, IEspSetSessionTimeoutRequest& req, IEspSetSessionTimeoutResponse& resp)
{
try
{
#ifdef _USE_OPENLDAP
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr && !secmgr->isSuperUser(context.queryUser()))
{
context.setAuthStatus(AUTH_STATUS_NOACCESS);
throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to set session timeout. Permission denied.");
}
#endif
StringBuffer id, userID, fromIP;
bool allSessions = req.getAllSessions();
if (!allSessions)
{
id.set(req.getID());
userID.set(req.getUserID());
fromIP.set(req.getFromIP());
if ((id.trim().isEmpty()) && (userID.trim().isEmpty()) && (fromIP.trim().isEmpty()))
throw MakeStringException(ECLWATCH_INVALID_INPUT, "ID, userID or FromIP has to be specified.");
}
int timeoutMinutes = req.getTimeoutMinutes_isNull() ? 0 : req.getTimeoutMinutes();
if (timeoutMinutes <= 0)
cleanSessions(allSessions, id.str(), userID.str(), fromIP.str());
else
{
StringBuffer searchPath;
setSessionXPath(allSessions, id.str(), userID.str(), fromIP.str(), searchPath);
Owned<IRemoteConnection> globalLock = querySDSConnectionForESPSession(RTM_LOCK_WRITE, SESSION_SDS_LOCK_TIMEOUT);
Owned<IPropertyTreeIterator> iter = globalLock->queryRoot()->getElements("*");
ForEach(*iter)
{
Owned<IPropertyTreeIterator> iter1 = iter->query().getElements(searchPath.str());
ForEach(*iter1)
setSessionTimeout(timeoutMinutes, iter1->query());
}
}
resp.setStatus(0);
resp.setMessage("Session timeout is updated.");
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool Cws_accountEx::onUpdateUserInput(IEspContext &context, IEspUpdateUserInputRequest &req, IEspUpdateUserInputResponse &resp)
{
try
{
ISecUser* user = context.queryUser();
if(user != NULL)
{
resp.setUsername(user->getName());
}
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CWSESPControlEx::onSessionInfo(IEspContext& context, IEspSessionInfoRequest& req, IEspSessionInfoResponse& resp)
{
try
{
#ifdef _USE_OPENLDAP
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr && !secmgr->isSuperUser(context.queryUser()))
{
context.setAuthStatus(AUTH_STATUS_NOACCESS);
throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to get session information. Permission denied.");
}
#endif
StringBuffer id = req.getID();
if (id.trim().isEmpty())
throw MakeStringException(ECLWATCH_INVALID_INPUT, "ID not specified.");
unsigned port = 8010;
if (!req.getPort_isNull())
port = req.getPort();
Owned<IRemoteConnection> globalLock;
VStringBuffer xpath("/%s/%s[@name='%s']/%s[@port='%d']/%s*[%s='%s']", PathSessionRoot, PathSessionProcess, espProcess.get(),
PathSessionApplication, port, PathSessionSession, PropSessionExternalID, id.str());
try
{
globalLock.setown(querySDSConnection(xpath.str(), RTM_LOCK_READ, SESSION_SDS_LOCK_TIMEOUT));
}
catch(IException* e)
{
VStringBuffer msg("Failed to get session info for id %s on port %u: ", id.str(), port);
e->errorMessage(msg);
e->Release();
throw MakeStringException(ECLWATCH_INVALID_INPUT, "%s", msg.str());
}
setSessionInfo(globalLock->queryRoot(), port, &resp.updateSession());
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CWsPackageProcessEx::onEcho(IEspContext &context, IEspEchoRequest &req, IEspEchoResponse &resp)
{
StringBuffer respMsg;
ISecUser* user = context.queryUser();
if(user != NULL)
{
const char* name = user->getName();
if (name && *name)
respMsg.appendf("%s: ", name);
}
const char* reqMsg = req.getRequest();
if (reqMsg && *reqMsg)
respMsg.append(reqMsg);
else
respMsg.append("??");
resp.setResponse(respMsg.str());
return true;
}
bool CWSESPControlEx::onSessionQuery(IEspContext& context, IEspSessionQueryRequest& req, IEspSessionQueryResponse& resp)
{
try
{
#ifdef _USE_OPENLDAP
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr && !secmgr->isSuperUser(context.queryUser()))
{
context.setAuthStatus(AUTH_STATUS_NOACCESS);
throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to query session. Permission denied.");
}
#endif
StringBuffer xpath;
setSessionXPath(false, nullptr, req.getUserID(), req.getFromIP(), xpath);
IArrayOf<IEspSession> sessions;
Owned<IRemoteConnection> globalLock = querySDSConnectionForESPSession(RTM_LOCK_READ, SESSION_SDS_LOCK_TIMEOUT);
Owned<IPropertyTreeIterator> iter = globalLock->queryRoot()->getElements("*");
ForEach(*iter)
{
IPropertyTree& appSessionTree = iter->query();
unsigned port = appSessionTree.getPropInt("@port");
Owned<IPropertyTreeIterator> iter1 = appSessionTree.getElements(xpath.str());
ForEach(*iter1)
{
IPropertyTree& sessionTree = iter1->query();
Owned<IEspSession> s = createSession();
setSessionInfo(&sessionTree, port, s);
sessions.append(*s.getLink());
}
}
resp.setSessions(sessions);
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & req, IEspUpdateUserResponse & resp)
{
try
{
CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
if(secmgr == NULL)
{
throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager can't be converted to LdapSecManager. Only LdapSecManager supports this function.");
}
ISecUser* user = context.queryUser();
if(user == NULL)
{
resp.setRetcode(-1);
resp.setMessage("Can't find user in esp context. Please check if the user was properly logged in.");
return false;
}
if(req.getUsername() == NULL || strcmp(req.getUsername(), user->getName()) != 0)
{
resp.setRetcode(-1);
resp.setMessage("Username/password don't match.");
return false;
}
const char* oldpass = req.getOldpass();
if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0)
{
resp.setRetcode(-1);
resp.setMessage("Username/password don't match.");
return false;
}
const char* newpass1 = req.getNewpass1();
const char* newpass2 = req.getNewpass2();
if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4)
{
resp.setRetcode(-1);
resp.setMessage("New password must be 4 characters or longer.");
return false;
}
if(strcmp(newpass1, newpass2) != 0)
{
resp.setRetcode(-1);
resp.setMessage("Password and retype don't match.");
return false;
}
if(strcmp(oldpass, newpass1) == 0)
{
resp.setRetcode(-1);
resp.setMessage("New password can't be the same as current password.");
return false;
}
const char* pwscheme = secmgr->getPasswordStorageScheme();
bool isCrypt = pwscheme && (stricmp(pwscheme, "CRYPT") == 0);
if(isCrypt && strncmp(oldpass, newpass1, 8) == 0)
{
resp.setRetcode(-1);
resp.setMessage("The first 8 characters of the new password must be different from before.");
return false;
}
bool ok = false;
try
{
ok = secmgr->updateUserPassword(*user, newpass1, oldpass);
}
catch(IException* e)
{
StringBuffer emsg;
e->errorMessage(emsg);
resp.setRetcode(-1);
resp.setMessage(emsg.str());
return false;
}
catch(...)
{
ok = false;
}
if(!ok)
{
throw MakeStringException(ECLWATCH_CANNOT_CHANGE_PASSWORD, "Failed in changing password.");
}
resp.setRetcode(0);
if(isCrypt && strlen(newpass1) > 8)
resp.setMessage("Your password has been changed successfully, however, only the first 8 chars are effective.");
else
resp.setMessage("Your password has been changed successfully.");
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool Cws_accountEx::onVerifyUser(IEspContext &context, IEspVerifyUserRequest &req, IEspVerifyUserResponse &resp)
{
try
{
ISecUser* usr = context.queryUser();
if(!usr || usr->getAuthenticateStatus() != AS_AUTHENTICATED)
{
resp.setRetcode(-1);
return false;
}
const char* ver = req.getVersion();
if (!ver || !*ver)
{
throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version not found");
}
int minor = 0;
int major = 0;
const char* dot1 = strrchr(ver, '.');
if (!dot1)
minor = atoi(ver);
else if (strlen(dot1) > 1)
{
minor = atoi(dot1 + 1);
if(dot1 > ver)
{
const char* dot2 = dot1 - 1;
while(dot2 > ver && *dot2 != '.')
dot2--;
if(*dot2 == '.')
dot2++;
if(dot2 < dot1)
{
StringBuffer majorstr;
majorstr.append(dot1 - dot2, dot2);
major = atoi(majorstr.str());
}
}
}
if(major > CUTOFF_MAJOR || (major == CUTOFF_MAJOR && minor >= CUTOFF_MINOR))
{
resp.setRetcode(0);
return true;
}
const char* build_ver = getBuildVersion();
if (build_ver && *build_ver)
throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s (server %s) is out of date.", ver, build_ver);
else
throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s is out of date.", ver);
}
catch(IException* e)
{
FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR);
}
return true;
}
bool CEclDirectEx::onRunEclEx(IEspContext &context, IEspRunEclExRequest & req, IEspRunEclExResponse & resp)
{
if (!context.validateFeatureAccess(ECLDIRECT_ACCESS, SecAccess_Full, false))
throw MakeStringException(-1, "EclDirect access permission denied.");
const char* eclText = req.getEclText();
if (!eclText || !*eclText)
{
resp.setResults("<Exception><Source>ESP</Source><Message>No Ecl Text provided</Message></Exception>");
return true;
}
StringBuffer user;
if (!context.getUserID(user).length())
user.append(req.getUserName());
Owned <IWorkUnitFactory> factory = getWorkUnitFactory(context.querySecManager(), context.queryUser());
Owned <IWorkUnit> workunit;
if (!user.length())
workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", ""));
else
{
workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", user.str()));
workunit->setUser(user.str());
}
Owned<IWUQuery> query = workunit->updateQuery();
query->setQueryText(eclText);
query.clear();
const char* cluster = req.getCluster();
if (!cluster || !*cluster || !stricmp(cluster, "default"))
cluster = defaultCluster.str();
if (!cluster || !*cluster)
throw MakeStringException(-1, "No Cluster Specified");
if (!isValidCluster(cluster))
throw MakeStringException(-1, "Invalid TargetCluster %s Specified", cluster);
workunit->setClusterName(cluster);
const char* snapshot = req.getSnapshot();
if (snapshot && *snapshot)
workunit->setSnapshot(snapshot);
if (req.getResultLimit())
workunit->setResultLimit(req.getResultLimit());
// Execute it
SCMStringBuffer wuid;
workunit->getWuid(wuid);
workunit->setAction(WUActionRun);
workunit->setState(WUStateSubmitted);
workunit.clear();
resp.setWuid(wuid.str());
submitWorkUnit(wuid.str(), context.querySecManager(), context.queryUser());
if (!waitForWorkUnitToComplete(wuid.str(), (req.getWait_isNull()) ? defaultWait : req.getWait()))
{
StringBuffer result;
result.appendf("<Exception><Source>ESP</Source><Message>Timed out waiting for job to complete: %s</Message></Exception>", wuid.str());
resp.setResults(result.str());
return true;
}
if (!deleteWorkunits && context.queryRequestParameters()->hasProp("redirect"))
{
StringBuffer url("/WsWorkunits/WUInfo?Wuid=");
resp.setRedirectUrl(url.append(wuid).str());
return true;
}
Owned<IConstWorkUnit> cw = factory->openWorkUnit(wuid.str(), false);
EclDirectWUExceptions errors(*cw);
resp.setErrors(errors);
if (req.getIncludeResults())
{
StringBuffer results;
CRunEclExFormat outputFormat = req.getFormat();
Owned<IWuWebView> web = createWuWebView(wuid.str(), NULL, NULL, getCFD(), true);
if (!web)
results.appendf("<Exception><Source>ESP</Source><Message>Failed loading result workunit %s</Message></Exception>", wuid.str());
else if (outputFormat == CRunEclExFormat_Table)
{
StringBuffer xsltfile(getCFD());
web->applyResultsXSLT(xsltfile.append("xslt/wsecl3_result.xslt").str(), results);
}
else
{
unsigned xmlflags = 0;
if (outputFormat != CRunEclExFormat_ExtendedXml)
xmlflags |= WWV_OMIT_SCHEMAS;
if (context.queryRequestParameters()->hasProp("display_xslt"))
xmlflags |= WWV_USE_DISPLAY_XSLT;
else
xmlflags |= WWV_OMIT_XML_DECLARATION;
web->expandResults(results, xmlflags);
}
resp.setResults(results.str());
}
if (req.getIncludeGraphs())
{
Owned<IConstWUGraphIterator> it = &cw->getGraphs(GraphTypeAny);
StringBuffer xgmml("<Graphs>");
SCMStringBuffer s;
ForEach(*it)
xgmml.append(it->query().getXGMML(s, true).str());
xgmml.append("</Graphs>");
resp.setGraphsXGMML(xgmml.str());
}
if (deleteWorkunits)
deleteEclDirectWorkunit(factory, wuid.str());
return true;
}
bool CEclDirectEx::onRunEcl(IEspContext &context, IEspRunEclRequest & req, IEspRunEclResponse & resp)
{
if (!context.validateFeatureAccess(ECLDIRECT_ACCESS, SecAccess_Full, false))
throw MakeStringException(-1, "EclDirect access permission denied.");
StringBuffer user;
if (!context.getUserID(user).length())
user.append(req.getUserName());
Owned <IWorkUnitFactory> factory = getWorkUnitFactory(context.querySecManager(), context.queryUser());
Owned <IWorkUnit> workunit;
if (!user.length())
workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", ""));
else
{
workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", user.str()));
workunit->setUser(user.str());
}
Owned<IWUQuery> query = workunit->updateQuery();
query->setQueryText(req.getEclText());
query.clear();
const char* clustername = req.getCluster();
if (!clustername || !*clustername || strieq(clustername, "default"))
clustername = defaultCluster.str();
if (!clustername || !*clustername)
throw MakeStringException(-1, "No Cluster Specified");
if (!isValidCluster(clustername))
throw MakeStringException(-1, "Invalid TargetCluster %s Specified", clustername);
workunit->setClusterName(clustername);
if (req.getLimitResults())
workunit->setResultLimit(100);
const char* snapshot = req.getSnapshot();
if (snapshot && *snapshot)
workunit->setSnapshot(snapshot);
// Execute it
SCMStringBuffer wuid;
workunit->getWuid(wuid);
workunit->setAction(WUActionRun);
workunit->setState(WUStateSubmitted);
workunit.clear();
submitWorkUnit(wuid.str(), context.querySecManager(), context.queryUser());
if (waitForWorkUnitToComplete(wuid.str(), defaultWait))
{
Owned<IConstWorkUnit> cw = factory->openWorkUnit(wuid.str(), false);
SCMStringBuffer resultXML;
getFullWorkUnitResultsXML(context.queryUserId(), context.queryPassword(), cw.get(), resultXML);
resp.setResults(resultXML.str());
cw.clear();
if (deleteWorkunits)
deleteEclDirectWorkunit(factory, wuid.str());
}
else
{
// Don't delete these ones...
DBGLOG("WorkUnit %s timed out", wuid.str());
StringBuffer result;
result.appendf("<Exception><Source>ESP</Source><Message>Timed out waiting for job to complete: %s</Message></Exception>", wuid.str());
resp.setResults(result.str());
}
return true;
}
CWUWrapper(const char * app, const char * user, IEspContext &context):
factory(getWorkUnitFactory()), wu(factory->createWorkUnit(app, user, context.querySecManager(), context.queryUser()))
{
if(!wu)
throw MakeStringException(ECLWATCH_CANNOT_CREATE_WORKUNIT,"Could not create workunit.");
}
CWUWrapper(const char* wuid, IEspContext &context):
factory(getWorkUnitFactory()), wu(factory->openWorkUnit(wuid, false, context.querySecManager(), context.queryUser()))
{
if(!wu)
throw MakeStringException(ECLWATCH_CANNOT_OPEN_WORKUNIT,"Could not open workunit %s",wuid);
}
