bool Cws_accountEx::onMyAccount(IEspContext &context, IEspMyAccountRequest &req, IEspMyAccountResponse &resp) { try { ISecUser* user = context.queryUser(); if(user != NULL) { CDateTime dt; user->getPasswordExpiration(dt); StringBuffer sb; if (dt.isNull()) sb.append("Never"); else { dt.getString(sb); sb.replace('T', (char)0);//chop off timestring } resp.setPasswordExpiration(sb.str()); resp.setPasswordDaysRemaining(user->getPasswordDaysRemaining()); resp.setFirstName(user->getFirstName()); resp.setLastName(user->getLastName()); resp.setUsername(user->getName()); } } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
void CPermissionsCache::removePermissions( ISecUser& sec_user) { synchronized block(m_cachemonitor); const char* user = sec_user.getName(); if(user != NULL && *user != '\0') { m_resPermissionsMap.erase(user); } }
bool CPermissionsCache::lookup(ISecUser& sec_user) { if(!isCacheEnabled()) return false; const char* username = sec_user.getName(); if(!username || !*username) return false; string key(username); ReadLockBlock readLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); if (it == m_userCache.end()) return false; CachedUser* user = (CachedUser*)(it->second); time_t now; time(&now); if(user->getTimestamp() < (now - m_cacheTimeout)) { m_userCache.erase(username); delete user; return false; } const char* cachedpw = user->queryUser()->credentials().getPassword(); StringBuffer pw(sec_user.credentials().getPassword()); if(cachedpw && pw.length() > 0) { StringBuffer md5pbuf; md5_string(pw, md5pbuf); if(strcmp(cachedpw, md5pbuf.str()) == 0) { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Found validated user %s", username); #endif // Copy cached user to the sec_user structure, but still keep the original clear text password. user->queryUser()->copyTo(sec_user); sec_user.credentials().setPassword(pw.str()); return true; } else { m_userCache.erase(username); delete user; return false; } } return false; }
void CPermissionsCache::removePermissions( ISecUser& sec_user) { const char* user = sec_user.getName(); if(user != NULL && *user != '\0') { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Removing permissions for user %s", user); #endif WriteLockBlock writeLock(m_resPermCacheRWLock); m_resPermissionsMap.erase(user); } }
bool CLocalSecurityManager::IsPasswordValid(ISecUser& sec_user) { IAuthenticatedUser* au = createAuthenticatedUser(); StringBuffer userbuf; #ifdef _WIN32 const char* realm = sec_user.getRealm(); if(realm&&*realm) userbuf.append(realm).append("\\"); #endif userbuf.append(sec_user.getName()); return au->login(userbuf.str(), sec_user.credentials().getPassword()); }
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user) { const char* username = sec_user.getName(); if(username && *username) { synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user) { m_userCache.erase(username); delete user; } } }
bool Cws_accountEx::onUpdateUserInput(IEspContext &context, IEspUpdateUserInputRequest &req, IEspUpdateUserInputResponse &resp) { try { ISecUser* user = context.queryUser(); if(user != NULL) { resp.setUsername(user->getName()); } } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user) { const char* username = sec_user.getName(); if(username && *username) { synchronized block(m_userCacheMonitor); string key(username); MapUserCache::iterator it = m_userCache.find(key); if (it != m_userCache.end()) { CachedUser* user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; } } }
bool CPermissionsCache::lookup(ISecUser& sec_user) { if(!isCacheEnabled()) return false; const char* username = sec_user.getName(); if(!username || !*username) return false; synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user == NULL) return false; time_t now; time(&now); if(user->getTimestamp() < (now - m_cacheTimeout)) { m_userCache.erase(username); delete user; return false; } const char* cachedpw = user->queryUser()->credentials().getPassword(); StringBuffer pw(sec_user.credentials().getPassword()); if(cachedpw && pw.length() > 0) { StringBuffer md5pbuf; md5_string(pw, md5pbuf); if(strcmp(cachedpw, md5pbuf.str()) == 0) { // Copy cached user to the sec_user structure, but still keep the original clear text password. user->queryUser()->copyTo(sec_user); sec_user.credentials().setPassword(pw.str()); return true; } else { m_userCache.erase(username); delete user; return false; } } return false; }
void CPermissionsCache::add(ISecUser& sec_user) { if(!isCacheEnabled() || &sec_user == NULL) return; const char* username = sec_user.getName(); if(!username || !*username) return; synchronized block(m_userCacheMonitor); CachedUser* user = m_userCache[username]; if(user) { m_userCache.erase(username); delete user; } m_userCache[username] = new CachedUser(sec_user.clone()); }
void CPermissionsCache::add( ISecUser& sec_user, IArrayOf<ISecResource>& resources ) { synchronized block(m_cachemonitor); const char* user = sec_user.getName(); MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( user ); CResPermissionsCache* pResPermissionsCache; if (i == m_resPermissionsMap.end()) { //DBGLOG("CACHE: Adding cache for %s", user); pResPermissionsCache = new CResPermissionsCache(this, user); m_resPermissionsMap.insert(pair<string, CResPermissionsCache*>(user, pResPermissionsCache)); } else pResPermissionsCache = (*i).second; pResPermissionsCache->add( resources ); }
void CPermissionsCache::removeFromUserCache(ISecUser& sec_user) { const char* username = sec_user.getName(); if(username && *username) { string key(username); WriteLockBlock writeLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); if (it != m_userCache.end()) { CachedUser* user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Removing cached user %s", username); #endif } } }
bool CWsPackageProcessEx::onEcho(IEspContext &context, IEspEchoRequest &req, IEspEchoResponse &resp) { StringBuffer respMsg; ISecUser* user = context.queryUser(); if(user != NULL) { const char* name = user->getName(); if (name && *name) respMsg.appendf("%s: ", name); } const char* reqMsg = req.getRequest(); if (reqMsg && *reqMsg) respMsg.append(reqMsg); else respMsg.append("??"); resp.setResponse(respMsg.str()); return true; }
void CPermissionsCache::add(ISecUser& sec_user) { if(!isCacheEnabled()) return; const char* username = sec_user.getName(); if(!username || !*username) return; synchronized block(m_userCacheMonitor); string key(username); MapUserCache::iterator it = m_userCache.find(key); CachedUser* user = NULL; if (it != m_userCache.end()) { user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; } m_userCache[username] = new CachedUser(sec_user.clone()); }
int CPermissionsCache::lookup( ISecUser& sec_user, IArrayOf<ISecResource>& resources, bool* pFound) { synchronized block(m_cachemonitor); const char* userId = sec_user.getName(); int nFound; MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( userId ); if (i != m_resPermissionsMap.end()) { CResPermissionsCache* pResPermissionsCache = (*i).second; nFound = pResPermissionsCache->lookup( resources, pFound ); } else { nFound = 0; memset(pFound, 0, sizeof(bool)*resources.ordinality()); //DBGLOG("CACHE: Looking up %s:*", userId); } return nFound; }
bool IsPasswordValid(ISecUser& sec_user) { StringBuffer user; user.append(sec_user.getName()); if (0 == user.length()) throw MakeStringException(-1, "htpasswd User name is NULL"); CriticalBlock block(crit); if (!apr_initialized) initAPR(); loadPwds();//reload password file if modified StringBuffer *encPW = userMap.getValue(user.str()); if (encPW && encPW->length()) { apr_status_t rc = apr_password_validate(sec_user.credentials().getPassword(), encPW->str()); if (rc != APR_SUCCESS) DBGLOG("htpasswd authentication for user %s failed - APR RC %d", user.str(), rc ); return rc == APR_SUCCESS; } DBGLOG("User %s not in htpasswd file", user.str()); return false; }
int CPermissionsCache::lookup( ISecUser& sec_user, IArrayOf<ISecResource>& resources, bool* pFound) { const char* userId = sec_user.getName(); int nFound; ReadLockBlock readLock(m_resPermCacheRWLock); MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( userId ); if (i != m_resPermissionsMap.end()) { CResPermissionsCache* pResPermissionsCache = (*i).second; nFound = pResPermissionsCache->lookup( resources, pFound ); } else { nFound = 0; memset(pFound, 0, sizeof(bool)*resources.ordinality()); } #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Looked up resources for %s:*, found %d of %d matches", userId, nFound, resources.ordinality()); #endif return nFound; }
void CPermissionsCache::add( ISecUser& sec_user, IArrayOf<ISecResource>& resources ) { const char* user = sec_user.getName(); WriteLockBlock writeLock(m_resPermCacheRWLock); MapResPermissionsCache::const_iterator i = m_resPermissionsMap.find( user ); CResPermissionsCache* pResPermissionsCache; if (i == m_resPermissionsMap.end()) { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Adding resources to cache for new user %s", user); #endif pResPermissionsCache = new CResPermissionsCache(this, user); m_resPermissionsMap.insert(pair<string, CResPermissionsCache*>(user, pResPermissionsCache)); } else { #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Adding resources to cache for existing user %s", user); #endif pResPermissionsCache = (*i).second; } pResPermissionsCache->add( resources ); }
void CPermissionsCache::add(ISecUser& sec_user) { if(!isCacheEnabled()) return; const char* username = sec_user.getName(); if(!username || !*username) return; string key(username); WriteLockBlock writeLock(m_userCacheRWLock ); MapUserCache::iterator it = m_userCache.find(key); CachedUser* user = NULL; if (it != m_userCache.end()) { user = (CachedUser*)(it->second); m_userCache.erase(username); delete user; } #ifdef _DEBUG DBGLOG("CACHE: CPermissionsCache Adding cached user %s", username); #endif m_userCache[username] = new CachedUser(sec_user.clone()); }
bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & req, IEspUpdateUserResponse & resp) { try { CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr == NULL) { throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager can't be converted to LdapSecManager. Only LdapSecManager supports this function."); } ISecUser* user = context.queryUser(); if(user == NULL) { resp.setRetcode(-1); resp.setMessage("Can't find user in esp context. Please check if the user was properly logged in."); return false; } if(req.getUsername() == NULL || strcmp(req.getUsername(), user->getName()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* oldpass = req.getOldpass(); if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* newpass1 = req.getNewpass1(); const char* newpass2 = req.getNewpass2(); if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4) { resp.setRetcode(-1); resp.setMessage("New password must be 4 characters or longer."); return false; } if(strcmp(newpass1, newpass2) != 0) { resp.setRetcode(-1); resp.setMessage("Password and retype don't match."); return false; } if(strcmp(oldpass, newpass1) == 0) { resp.setRetcode(-1); resp.setMessage("New password can't be the same as current password."); return false; } const char* pwscheme = secmgr->getPasswordStorageScheme(); bool isCrypt = pwscheme && (stricmp(pwscheme, "CRYPT") == 0); if(isCrypt && strncmp(oldpass, newpass1, 8) == 0) { resp.setRetcode(-1); resp.setMessage("The first 8 characters of the new password must be different from before."); return false; } bool ok = false; try { ok = secmgr->updateUserPassword(*user, newpass1, oldpass); } catch(IException* e) { StringBuffer emsg; e->errorMessage(emsg); resp.setRetcode(-1); resp.setMessage(emsg.str()); return false; } catch(...) { ok = false; } if(!ok) { throw MakeStringException(ECLWATCH_CANNOT_CHANGE_PASSWORD, "Failed in changing password."); } resp.setRetcode(0); if(isCrypt && strlen(newpass1) > 8) resp.setMessage("Your password has been changed successfully, however, only the first 8 chars are effective."); else resp.setMessage("Your password has been changed successfully."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }