bool CWSESPControlEx::onSetLogging(IEspContext& context, IEspSetLoggingRequest& req, IEspSetLoggingResponse& resp) { try { #ifdef _USE_OPENLDAP CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr && !secmgr->isSuperUser(context.queryUser())) { context.setAuthStatus(AUTH_STATUS_NOACCESS); throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to change log settings. Permission denied."); } #endif if (!m_container) throw MakeStringException(ECLWATCH_INTERNAL_ERROR, "Failed to access container."); if (!req.getLoggingLevel_isNull()) m_container->setLogLevel(req.getLoggingLevel()); if (!req.getLogRequests_isNull()) m_container->setLogRequests(req.getLogRequests()); if (!req.getLogResponses_isNull()) m_container->setLogResponses(req.getLogResponses()); resp.setStatus(0); resp.setMessage("Logging settings are updated."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CWSESPControlEx::onCleanSession(IEspContext& context, IEspCleanSessionRequest& req, IEspCleanSessionResponse& resp) { try { #ifdef _USE_OPENLDAP CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr && !secmgr->isSuperUser(context.queryUser())) { context.setAuthStatus(AUTH_STATUS_NOACCESS); throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to clean session. Permission denied."); } #endif StringBuffer id, userID, fromIP; bool allSessions = req.getAllSessions(); if (!allSessions) { id.set(req.getID()); userID.set(req.getUserID()); fromIP.set(req.getFromIP()); if ((id.trim().isEmpty()) && (userID.trim().isEmpty()) && (fromIP.trim().isEmpty())) throw MakeStringException(ECLWATCH_INVALID_INPUT, "ID, userID or FromIP has to be specified."); } cleanSessions(allSessions, id.str(), userID.str(), fromIP.str()); resp.setStatus(0); resp.setMessage("Session is cleaned."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool Cws_accountEx::onMyAccount(IEspContext &context, IEspMyAccountRequest &req, IEspMyAccountResponse &resp) { try { ISecUser* user = context.queryUser(); if(user != NULL) { CDateTime dt; user->getPasswordExpiration(dt); StringBuffer sb; if (dt.isNull()) sb.append("Never"); else { dt.getString(sb); sb.replace('T', (char)0);//chop off timestring } resp.setPasswordExpiration(sb.str()); resp.setPasswordDaysRemaining(user->getPasswordDaysRemaining()); resp.setFirstName(user->getFirstName()); resp.setLastName(user->getLastName()); resp.setUsername(user->getName()); } } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CWSESPControlEx::onSetSessionTimeout(IEspContext& context, IEspSetSessionTimeoutRequest& req, IEspSetSessionTimeoutResponse& resp) { try { #ifdef _USE_OPENLDAP CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr && !secmgr->isSuperUser(context.queryUser())) { context.setAuthStatus(AUTH_STATUS_NOACCESS); throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to set session timeout. Permission denied."); } #endif StringBuffer id, userID, fromIP; bool allSessions = req.getAllSessions(); if (!allSessions) { id.set(req.getID()); userID.set(req.getUserID()); fromIP.set(req.getFromIP()); if ((id.trim().isEmpty()) && (userID.trim().isEmpty()) && (fromIP.trim().isEmpty())) throw MakeStringException(ECLWATCH_INVALID_INPUT, "ID, userID or FromIP has to be specified."); } int timeoutMinutes = req.getTimeoutMinutes_isNull() ? 0 : req.getTimeoutMinutes(); if (timeoutMinutes <= 0) cleanSessions(allSessions, id.str(), userID.str(), fromIP.str()); else { StringBuffer searchPath; setSessionXPath(allSessions, id.str(), userID.str(), fromIP.str(), searchPath); Owned<IRemoteConnection> globalLock = querySDSConnectionForESPSession(RTM_LOCK_WRITE, SESSION_SDS_LOCK_TIMEOUT); Owned<IPropertyTreeIterator> iter = globalLock->queryRoot()->getElements("*"); ForEach(*iter) { Owned<IPropertyTreeIterator> iter1 = iter->query().getElements(searchPath.str()); ForEach(*iter1) setSessionTimeout(timeoutMinutes, iter1->query()); } } resp.setStatus(0); resp.setMessage("Session timeout is updated."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool Cws_accountEx::onUpdateUserInput(IEspContext &context, IEspUpdateUserInputRequest &req, IEspUpdateUserInputResponse &resp) { try { ISecUser* user = context.queryUser(); if(user != NULL) { resp.setUsername(user->getName()); } } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CWSESPControlEx::onSessionInfo(IEspContext& context, IEspSessionInfoRequest& req, IEspSessionInfoResponse& resp) { try { #ifdef _USE_OPENLDAP CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr && !secmgr->isSuperUser(context.queryUser())) { context.setAuthStatus(AUTH_STATUS_NOACCESS); throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to get session information. Permission denied."); } #endif StringBuffer id = req.getID(); if (id.trim().isEmpty()) throw MakeStringException(ECLWATCH_INVALID_INPUT, "ID not specified."); unsigned port = 8010; if (!req.getPort_isNull()) port = req.getPort(); Owned<IRemoteConnection> globalLock; VStringBuffer xpath("/%s/%s[@name='%s']/%s[@port='%d']/%s*[%s='%s']", PathSessionRoot, PathSessionProcess, espProcess.get(), PathSessionApplication, port, PathSessionSession, PropSessionExternalID, id.str()); try { globalLock.setown(querySDSConnection(xpath.str(), RTM_LOCK_READ, SESSION_SDS_LOCK_TIMEOUT)); } catch(IException* e) { VStringBuffer msg("Failed to get session info for id %s on port %u: ", id.str(), port); e->errorMessage(msg); e->Release(); throw MakeStringException(ECLWATCH_INVALID_INPUT, "%s", msg.str()); } setSessionInfo(globalLock->queryRoot(), port, &resp.updateSession()); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CWsPackageProcessEx::onEcho(IEspContext &context, IEspEchoRequest &req, IEspEchoResponse &resp) { StringBuffer respMsg; ISecUser* user = context.queryUser(); if(user != NULL) { const char* name = user->getName(); if (name && *name) respMsg.appendf("%s: ", name); } const char* reqMsg = req.getRequest(); if (reqMsg && *reqMsg) respMsg.append(reqMsg); else respMsg.append("??"); resp.setResponse(respMsg.str()); return true; }
bool CWSESPControlEx::onSessionQuery(IEspContext& context, IEspSessionQueryRequest& req, IEspSessionQueryResponse& resp) { try { #ifdef _USE_OPENLDAP CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr && !secmgr->isSuperUser(context.queryUser())) { context.setAuthStatus(AUTH_STATUS_NOACCESS); throw MakeStringException(ECLWATCH_SUPER_USER_ACCESS_DENIED, "Failed to query session. Permission denied."); } #endif StringBuffer xpath; setSessionXPath(false, nullptr, req.getUserID(), req.getFromIP(), xpath); IArrayOf<IEspSession> sessions; Owned<IRemoteConnection> globalLock = querySDSConnectionForESPSession(RTM_LOCK_READ, SESSION_SDS_LOCK_TIMEOUT); Owned<IPropertyTreeIterator> iter = globalLock->queryRoot()->getElements("*"); ForEach(*iter) { IPropertyTree& appSessionTree = iter->query(); unsigned port = appSessionTree.getPropInt("@port"); Owned<IPropertyTreeIterator> iter1 = appSessionTree.getElements(xpath.str()); ForEach(*iter1) { IPropertyTree& sessionTree = iter1->query(); Owned<IEspSession> s = createSession(); setSessionInfo(&sessionTree, port, s); sessions.append(*s.getLink()); } } resp.setSessions(sessions); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & req, IEspUpdateUserResponse & resp) { try { CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager()); if(secmgr == NULL) { throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, "Security manager can't be converted to LdapSecManager. Only LdapSecManager supports this function."); } ISecUser* user = context.queryUser(); if(user == NULL) { resp.setRetcode(-1); resp.setMessage("Can't find user in esp context. Please check if the user was properly logged in."); return false; } if(req.getUsername() == NULL || strcmp(req.getUsername(), user->getName()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* oldpass = req.getOldpass(); if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0) { resp.setRetcode(-1); resp.setMessage("Username/password don't match."); return false; } const char* newpass1 = req.getNewpass1(); const char* newpass2 = req.getNewpass2(); if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4) { resp.setRetcode(-1); resp.setMessage("New password must be 4 characters or longer."); return false; } if(strcmp(newpass1, newpass2) != 0) { resp.setRetcode(-1); resp.setMessage("Password and retype don't match."); return false; } if(strcmp(oldpass, newpass1) == 0) { resp.setRetcode(-1); resp.setMessage("New password can't be the same as current password."); return false; } const char* pwscheme = secmgr->getPasswordStorageScheme(); bool isCrypt = pwscheme && (stricmp(pwscheme, "CRYPT") == 0); if(isCrypt && strncmp(oldpass, newpass1, 8) == 0) { resp.setRetcode(-1); resp.setMessage("The first 8 characters of the new password must be different from before."); return false; } bool ok = false; try { ok = secmgr->updateUserPassword(*user, newpass1, oldpass); } catch(IException* e) { StringBuffer emsg; e->errorMessage(emsg); resp.setRetcode(-1); resp.setMessage(emsg.str()); return false; } catch(...) { ok = false; } if(!ok) { throw MakeStringException(ECLWATCH_CANNOT_CHANGE_PASSWORD, "Failed in changing password."); } resp.setRetcode(0); if(isCrypt && strlen(newpass1) > 8) resp.setMessage("Your password has been changed successfully, however, only the first 8 chars are effective."); else resp.setMessage("Your password has been changed successfully."); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool Cws_accountEx::onVerifyUser(IEspContext &context, IEspVerifyUserRequest &req, IEspVerifyUserResponse &resp) { try { ISecUser* usr = context.queryUser(); if(!usr || usr->getAuthenticateStatus() != AS_AUTHENTICATED) { resp.setRetcode(-1); return false; } const char* ver = req.getVersion(); if (!ver || !*ver) { throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version not found"); } int minor = 0; int major = 0; const char* dot1 = strrchr(ver, '.'); if (!dot1) minor = atoi(ver); else if (strlen(dot1) > 1) { minor = atoi(dot1 + 1); if(dot1 > ver) { const char* dot2 = dot1 - 1; while(dot2 > ver && *dot2 != '.') dot2--; if(*dot2 == '.') dot2++; if(dot2 < dot1) { StringBuffer majorstr; majorstr.append(dot1 - dot2, dot2); major = atoi(majorstr.str()); } } } if(major > CUTOFF_MAJOR || (major == CUTOFF_MAJOR && minor >= CUTOFF_MINOR)) { resp.setRetcode(0); return true; } const char* build_ver = getBuildVersion(); if (build_ver && *build_ver) throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s (server %s) is out of date.", ver, build_ver); else throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Client version %s is out of date.", ver); } catch(IException* e) { FORWARDEXCEPTION(context, e, ECLWATCH_INTERNAL_ERROR); } return true; }
bool CEclDirectEx::onRunEclEx(IEspContext &context, IEspRunEclExRequest & req, IEspRunEclExResponse & resp) { if (!context.validateFeatureAccess(ECLDIRECT_ACCESS, SecAccess_Full, false)) throw MakeStringException(-1, "EclDirect access permission denied."); const char* eclText = req.getEclText(); if (!eclText || !*eclText) { resp.setResults("<Exception><Source>ESP</Source><Message>No Ecl Text provided</Message></Exception>"); return true; } StringBuffer user; if (!context.getUserID(user).length()) user.append(req.getUserName()); Owned <IWorkUnitFactory> factory = getWorkUnitFactory(context.querySecManager(), context.queryUser()); Owned <IWorkUnit> workunit; if (!user.length()) workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", "")); else { workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", user.str())); workunit->setUser(user.str()); } Owned<IWUQuery> query = workunit->updateQuery(); query->setQueryText(eclText); query.clear(); const char* cluster = req.getCluster(); if (!cluster || !*cluster || !stricmp(cluster, "default")) cluster = defaultCluster.str(); if (!cluster || !*cluster) throw MakeStringException(-1, "No Cluster Specified"); if (!isValidCluster(cluster)) throw MakeStringException(-1, "Invalid TargetCluster %s Specified", cluster); workunit->setClusterName(cluster); const char* snapshot = req.getSnapshot(); if (snapshot && *snapshot) workunit->setSnapshot(snapshot); if (req.getResultLimit()) workunit->setResultLimit(req.getResultLimit()); // Execute it SCMStringBuffer wuid; workunit->getWuid(wuid); workunit->setAction(WUActionRun); workunit->setState(WUStateSubmitted); workunit.clear(); resp.setWuid(wuid.str()); submitWorkUnit(wuid.str(), context.querySecManager(), context.queryUser()); if (!waitForWorkUnitToComplete(wuid.str(), (req.getWait_isNull()) ? defaultWait : req.getWait())) { StringBuffer result; result.appendf("<Exception><Source>ESP</Source><Message>Timed out waiting for job to complete: %s</Message></Exception>", wuid.str()); resp.setResults(result.str()); return true; } if (!deleteWorkunits && context.queryRequestParameters()->hasProp("redirect")) { StringBuffer url("/WsWorkunits/WUInfo?Wuid="); resp.setRedirectUrl(url.append(wuid).str()); return true; } Owned<IConstWorkUnit> cw = factory->openWorkUnit(wuid.str(), false); EclDirectWUExceptions errors(*cw); resp.setErrors(errors); if (req.getIncludeResults()) { StringBuffer results; CRunEclExFormat outputFormat = req.getFormat(); Owned<IWuWebView> web = createWuWebView(wuid.str(), NULL, NULL, getCFD(), true); if (!web) results.appendf("<Exception><Source>ESP</Source><Message>Failed loading result workunit %s</Message></Exception>", wuid.str()); else if (outputFormat == CRunEclExFormat_Table) { StringBuffer xsltfile(getCFD()); web->applyResultsXSLT(xsltfile.append("xslt/wsecl3_result.xslt").str(), results); } else { unsigned xmlflags = 0; if (outputFormat != CRunEclExFormat_ExtendedXml) xmlflags |= WWV_OMIT_SCHEMAS; if (context.queryRequestParameters()->hasProp("display_xslt")) xmlflags |= WWV_USE_DISPLAY_XSLT; else xmlflags |= WWV_OMIT_XML_DECLARATION; web->expandResults(results, xmlflags); } resp.setResults(results.str()); } if (req.getIncludeGraphs()) { Owned<IConstWUGraphIterator> it = &cw->getGraphs(GraphTypeAny); StringBuffer xgmml("<Graphs>"); SCMStringBuffer s; ForEach(*it) xgmml.append(it->query().getXGMML(s, true).str()); xgmml.append("</Graphs>"); resp.setGraphsXGMML(xgmml.str()); } if (deleteWorkunits) deleteEclDirectWorkunit(factory, wuid.str()); return true; }
bool CEclDirectEx::onRunEcl(IEspContext &context, IEspRunEclRequest & req, IEspRunEclResponse & resp) { if (!context.validateFeatureAccess(ECLDIRECT_ACCESS, SecAccess_Full, false)) throw MakeStringException(-1, "EclDirect access permission denied."); StringBuffer user; if (!context.getUserID(user).length()) user.append(req.getUserName()); Owned <IWorkUnitFactory> factory = getWorkUnitFactory(context.querySecManager(), context.queryUser()); Owned <IWorkUnit> workunit; if (!user.length()) workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", "")); else { workunit.setown(factory->createWorkUnit(NULL, "ECL-Direct", user.str())); workunit->setUser(user.str()); } Owned<IWUQuery> query = workunit->updateQuery(); query->setQueryText(req.getEclText()); query.clear(); const char* clustername = req.getCluster(); if (!clustername || !*clustername || strieq(clustername, "default")) clustername = defaultCluster.str(); if (!clustername || !*clustername) throw MakeStringException(-1, "No Cluster Specified"); if (!isValidCluster(clustername)) throw MakeStringException(-1, "Invalid TargetCluster %s Specified", clustername); workunit->setClusterName(clustername); if (req.getLimitResults()) workunit->setResultLimit(100); const char* snapshot = req.getSnapshot(); if (snapshot && *snapshot) workunit->setSnapshot(snapshot); // Execute it SCMStringBuffer wuid; workunit->getWuid(wuid); workunit->setAction(WUActionRun); workunit->setState(WUStateSubmitted); workunit.clear(); submitWorkUnit(wuid.str(), context.querySecManager(), context.queryUser()); if (waitForWorkUnitToComplete(wuid.str(), defaultWait)) { Owned<IConstWorkUnit> cw = factory->openWorkUnit(wuid.str(), false); SCMStringBuffer resultXML; getFullWorkUnitResultsXML(context.queryUserId(), context.queryPassword(), cw.get(), resultXML); resp.setResults(resultXML.str()); cw.clear(); if (deleteWorkunits) deleteEclDirectWorkunit(factory, wuid.str()); } else { // Don't delete these ones... DBGLOG("WorkUnit %s timed out", wuid.str()); StringBuffer result; result.appendf("<Exception><Source>ESP</Source><Message>Timed out waiting for job to complete: %s</Message></Exception>", wuid.str()); resp.setResults(result.str()); } return true; }
CWUWrapper(const char * app, const char * user, IEspContext &context): factory(getWorkUnitFactory()), wu(factory->createWorkUnit(app, user, context.querySecManager(), context.queryUser())) { if(!wu) throw MakeStringException(ECLWATCH_CANNOT_CREATE_WORKUNIT,"Could not create workunit."); }
CWUWrapper(const char* wuid, IEspContext &context): factory(getWorkUnitFactory()), wu(factory->openWorkUnit(wuid, false, context.querySecManager(), context.queryUser())) { if(!wu) throw MakeStringException(ECLWATCH_CANNOT_OPEN_WORKUNIT,"Could not open workunit %s",wuid); }