// verify the person, the machine and the URL exist in our DB
REGISTRY_PERSON_URL *registry_verify_request(char *person_guid, char *machine_guid, char *url, REGISTRY_PERSON **pp, REGISTRY_MACHINE **mm) {
char pbuf[GUID_LEN + 1], mbuf[GUID_LEN + 1];
if(!person_guid || !*person_guid || !machine_guid || !*machine_guid || !url || !*url) {
info("Registry Request Verification: invalid request! person: '%s', machine '%s', url '%s'", person_guid?person_guid:"UNSET", machine_guid?machine_guid:"UNSET", url?url:"UNSET");
return NULL;
}
// normalize the url
url = registry_fix_url(url, NULL);
// make sure the person GUID is valid
if(regenerate_guid(person_guid, pbuf) == -1) {
info("Registry Request Verification: invalid person GUID, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url);
return NULL;
}
person_guid = pbuf;
// make sure the machine GUID is valid
if(regenerate_guid(machine_guid, mbuf) == -1) {
info("Registry Request Verification: invalid machine GUID, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url);
return NULL;
}
machine_guid = mbuf;
// make sure the machine exists
REGISTRY_MACHINE *m = registry_machine_find(machine_guid);
if(!m) {
info("Registry Request Verification: machine not found, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url);
return NULL;
}
if(mm) *mm = m;
// make sure the person exist
REGISTRY_PERSON *p = registry_person_find(person_guid);
if(!p) {
info("Registry Request Verification: person not found, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url);
return NULL;
}
if(pp) *pp = p;
REGISTRY_PERSON_URL *pu = registry_person_url_index_find(p, url);
if(!pu) {
info("Registry Request Verification: URL not found for person, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url);
return NULL;
}
return pu;
}
// 1. validate machine GUID
// 2. if it is valid, find it or create it and return it
// 3. if it is not valid, return NULL
REGISTRY_MACHINE *registry_machine_get(const char *machine_guid, time_t when) {
REGISTRY_MACHINE *m = NULL;
if(likely(machine_guid && *machine_guid)) {
// validate it is a GUID
char buf[GUID_LEN + 1];
if(unlikely(regenerate_guid(machine_guid, buf) == -1))
info("Registry: machine guid '%s' is not a valid guid. Ignoring it.", machine_guid);
else {
machine_guid = buf;
m = registry_machine_find(machine_guid);
if(!m) m = registry_machine_allocate(machine_guid, when);
}
}
return m;
}
REGISTRY_MACHINE *registry_request_machine(char *person_guid, char *machine_guid, char *url, char *request_machine, time_t when) {
(void)when;
char mbuf[GUID_LEN + 1];
REGISTRY_PERSON *p = NULL;
REGISTRY_MACHINE *m = NULL;
REGISTRY_PERSON_URL *pu = registry_verify_request(person_guid, machine_guid, url, &p, &m);
if(!pu || !p || !m) return NULL;
// make sure the machine GUID is valid
if(regenerate_guid(request_machine, mbuf) == -1) {
info("Registry Machine URLs request: invalid machine GUID, person: '%s', machine '%s', url '%s', request machine '%s'", p->guid, m->guid, pu->url->url, request_machine);
return NULL;
}
request_machine = mbuf;
// make sure the machine exists
m = registry_machine_find(request_machine);
if(!m) {
info("Registry Machine URLs request: machine not found, person: '%s', machine '%s', url '%s', request machine '%s'", p->guid, machine_guid, pu->url->url, request_machine);
return NULL;
}
// Verify the user has in the past accessed this machine
// We will walk through the PERSON_URLs to find the machine
// linking to our machine
// a structure to pass to the dictionary_get_all() callback handler
struct machine_request_callback_data rdata = { m, NULL };
// request a walk through on the dictionary
avl_traverse(&p->person_urls, machine_request_callback, &rdata);
if(rdata.result)
return m;
return NULL;
}
// the main method for switching user identity
int registry_request_switch_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *new_person_guid, time_t when) {
if(!registry.enabled)
return registry_json_disabled(host, w, "switch");
(void)url;
(void)when;
registry_lock();
REGISTRY_PERSON *op = registry_person_find(person_guid);
if(!op) {
registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
registry_json_footer(w);
registry_unlock();
return 430;
}
REGISTRY_PERSON *np = registry_person_find(new_person_guid);
if(!np) {
registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
registry_json_footer(w);
registry_unlock();
return 431;
}
REGISTRY_MACHINE *m = registry_machine_find(machine_guid);
if(!m) {
registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
registry_json_footer(w);
registry_unlock();
return 432;
}
struct registry_person_url_callback_verify_machine_exists_data data = { m, 0 };
// verify the old person has access to this machine
avl_traverse(&op->person_urls, registry_person_url_callback_verify_machine_exists, &data);
if(!data.count) {
registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
registry_json_footer(w);
registry_unlock();
return 433;
}
// verify the new person has access to this machine
data.count = 0;
avl_traverse(&np->person_urls, registry_person_url_callback_verify_machine_exists, &data);
if(!data.count) {
registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
registry_json_footer(w);
registry_unlock();
return 434;
}
// set the cookie of the new person
// the user just switched identity
registry_set_person_cookie(w, np);
// generate the response
registry_json_header(host, w, "switch", REGISTRY_STATUS_OK);
buffer_sprintf(w->response.data, ",\n\t\"person_guid\": \"%s\"", np->guid);
registry_json_footer(w);
registry_unlock();
return 200;
}
