bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err)
{
bool superUser;
StringBuffer username;
StringBuffer password;
udesc->getUserName(username);
udesc->getPassword(password);
Owned<ISecUser> user = ldapsecurity->createUser(username);
user->credentials().setPassword(password);
if (!ldapsecurity->authenticateUser(*user,superUser) || !superUser)
{
*err = -1;
return false;
}
unsigned flags = getLDAPflags();
if (enable)
{
DBGLOG("Scope Scans Enabled by user %s",username.str());
flags |= (unsigned)DLF_SCOPESCANS;
}
else
{
DBGLOG("Scope Scans Disabled by user %s",username.str());
flags &= ~(unsigned)DLF_SCOPESCANS;
}
setLDAPflags(flags);
*err = 0;
return true;
}
bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err)
{
bool superUser;
StringBuffer username;
StringBuffer password;
udesc->getUserName(username);
udesc->getPassword(password);
Owned<ISecUser> user = ldapsecurity->createUser(username);
//Check user's digital signature, if present
bool authenticated = false;
if (!isEmptyString(udesc->querySignature()))
{
if (nullptr == pDSM)
pDSM = queryDigitalSignatureManagerInstanceFromEnv();
if (pDSM && pDSM->isDigiVerifierConfigured())
{
StringBuffer b64Signature(udesc->querySignature());
if (!pDSM->digiVerify(username, b64Signature))//digital signature valid?
{
ERRLOG("LDAP: enableScopeScans(%s) : Invalid user digital signature", username.str());
*err = -1;
return false;
}
else
authenticated = true;
}
}
if (!authenticated)
{
user->credentials().setPassword(password);
if (!ldapsecurity->authenticateUser(*user, &superUser) || !superUser)
{
*err = -1;
return false;
}
}
unsigned flags = getLDAPflags();
if (enable)
{
DBGLOG("Scope Scans Enabled by user %s",username.str());
flags |= (unsigned)DLF_SCOPESCANS;
}
else
{
DBGLOG("Scope Scans Disabled by user %s",username.str());
flags &= ~(unsigned)DLF_SCOPESCANS;
}
setLDAPflags(flags);
*err = 0;
return true;
}
