[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [SCM] GNU MyServer branch, master, updated. 0_9-383-gf
|
From: |
Giuseppe Scrivano |
|
Subject: |
[myserver-commit] [SCM] GNU MyServer branch, master, updated. 0_9-383-gfc3226b |
|
Date: |
Sun, 08 Nov 2009 00:44:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU MyServer".
The branch, master has been updated
via fc3226b3ee89ae7c6fd61d61fe492912dd1b9a72 (commit)
via 83a01c053761e91c8b86f9445edeab39e08f3592 (commit)
via 3be85b8fb86945bf494ee7859f334635806ea6aa (commit)
from 4aaf51b6ef376b9ee6fa24280a7efe7bf7a9a435 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fc3226b3ee89ae7c6fd61d61fe492912dd1b9a72
Author: Giuseppe Scrivano <address@hidden>
Date: Sun Nov 8 01:43:47 2009 +0100
Http digest authorization can be used only with clear-text or digest a1
passwords.
diff --git a/myserver/include/conf/security/security_token.h
b/myserver/include/conf/security/security_token.h
index 13c0fd3..eab199e 100644
--- a/myserver/include/conf/security/security_token.h
+++ b/myserver/include/conf/security/security_token.h
@@ -97,6 +97,11 @@ public:
return providedMask;
}
+ string &getAlgorithm ()
+ {
+ return algorithm;
+ }
+
string &getNeededPassword ()
{
return neededPassword;
@@ -158,11 +163,26 @@ public:
providedMask = p;
}
- void setNeededPassword (string &pw)
+ void setNeededPassword (const char *pw)
{
neededPassword.assign (pw);
}
+ void setNeededPassword (string &pw)
+ {
+ neededPassword = pw;
+ }
+
+ void setAlgorithm (string &a)
+ {
+ algorithm = a;
+ }
+
+ void setAlgorithm (const char *pw)
+ {
+ algorithm = pw;
+ }
+
void setDone (bool d)
{
done = d;
@@ -212,6 +232,9 @@ private:
/*! Permission mask. */
int mask;
+ /*! Hash algorithm used to crypt the neededPassword. */
+ string algorithm;
+
/*!
Password that the user should provide to have access.
This is used in authorization schemes like the HTTP digest,
diff --git a/myserver/src/conf/security/xml_validator.cpp
b/myserver/src/conf/security/xml_validator.cpp
index f749429..ab99bfb 100644
--- a/myserver/src/conf/security/xml_validator.cpp
+++ b/myserver/src/conf/security/xml_validator.cpp
@@ -122,6 +122,12 @@ int XmlValidator::getPermissionMask (SecurityToken* st)
st->setProvidedMask (permissions);
+ if (algorithm)
+ st->setAlgorithm ((const char*)algorithm);
+
+ if (password)
+ st->setNeededPassword ((const char*)password);
+
if (AuthMethod::comparePassword ((const char *)password,
st->getPassword ().c_str (),
(const char *)algorithm))
diff --git a/myserver/src/protocol/http/http.cpp
b/myserver/src/protocol/http/http.cpp
index 7ca11a2..eab482d 100644
--- a/myserver/src/protocol/http/http.cpp
+++ b/myserver/src/protocol/http/http.cpp
@@ -547,33 +547,51 @@ u_long Http::checkDigest ()
char response[48];
char *uri;
u_long digestCount;
+ HttpUserData *hud =
+ static_cast<HttpUserData*>(td->connection->protocolBuffer);
+
/* Return 0 if the password is different. */
if (td->request.digestOpaque[0]
- && strcmp (td->request.digestOpaque,
- ((HttpUserData*) td->connection->protocolBuffer)->opaque))
+ && strcmp (td->request.digestOpaque, hud->opaque))
return 0;
/*! If is not equal return 0. */
- if (strcmp (td->request.digestRealm,
- ((HttpUserData*) td->connection->protocolBuffer)->realm))
+ if (strcmp (td->request.digestRealm, hud->realm))
return 0;
digestCount = hexToInt (td->request.digestNc);
- if (digestCount != ((HttpUserData*) td->connection->protocolBuffer)->nc + 1)
+ if (digestCount != hud->nc + 1)
return 0;
else
- ((HttpUserData*) td->connection->protocolBuffer)->nc++;
+ hud->nc++;
- md5.init ();
- td->auxiliaryBuffer->setLength (0);
- *td->auxiliaryBuffer << td->request.digestUsername << ":"
- << td->request.digestRealm
- << ":" << td->securityToken.getNeededPassword ();
- md5.update ((char const*) td->auxiliaryBuffer->getBuffer (),
- (unsigned int) td->auxiliaryBuffer->getLength ());
- md5.end (A1);
+ string &algorithm = td->securityToken.getAlgorithm ();
+
+ if (algorithm.length () == 0)
+ {
+ md5.init ();
+ td->auxiliaryBuffer->setLength (0);
+ *td->auxiliaryBuffer << td->request.digestUsername << ":"
+ << td->request.digestRealm
+ << ":" << td->securityToken.getNeededPassword ();
+
+ md5.update ((char const*) td->auxiliaryBuffer->getBuffer (),
+ (unsigned int) td->auxiliaryBuffer->getLength ());
+ md5.end (A1);
+ }
+ else if (algorithm.compare ("a1") == 0)
+ {
+ strcpy (A1, td->securityToken.getNeededPassword ().c_str ());
+ }
+ else
+ {
+ td->connection->host->warningsLogWrite
+ (_("HTTP: internal error, when using digest auth only a1 and cleartext
" \
+ "passwords can be used"));
+ return 0;
+ }
md5.init ();
@@ -591,7 +609,7 @@ u_long Http::checkDigest ()
md5.init ();
td->auxiliaryBuffer->setLength (0);
*td->auxiliaryBuffer << A1 << ":"
- << ((HttpUserData*) td->connection->protocolBuffer)->nonce << ":"
+ << hud->nonce << ":"
<< td->request.digestNc << ":" << td->request.digestCnonce << ":"
<< td->request.digestQop << ":" << A2;
md5.update ((char const*) td->auxiliaryBuffer->getBuffer (),
commit 83a01c053761e91c8b86f9445edeab39e08f3592
Author: Giuseppe Scrivano <address@hidden>
Date: Sun Nov 8 00:33:34 2009 +0100
Security configuration file passwords can be specified using a hash
function.
diff --git a/myserver/documentation/security.texi
b/myserver/documentation/security.texi
index 1994e3f..cf1087f 100644
--- a/myserver/documentation/security.texi
+++ b/myserver/documentation/security.texi
@@ -74,6 +74,20 @@ denied.
As no other information beside username:password is used, this first
phase is the same for any protocol supported by MyServer.
+To improve security it is possible to use in place of the clear-text
+password a crypted version of it. It is done using the
address@hidden variable. It specifies the function F to apply to
+the client specified password before compare it with the
address@hidden value.
+
address@hidden
+<SECURITY>
+ <USER name="admin" password="8ee0f7b66d1ab05714573fc556fbd7ff"
+ algorithm="md5" READ="YES" EXECUTE="YES"
+ BROWSE="YES" DELETE="NO" WRITE="NO"/>
+</SECURITY>
address@hidden example
+
@subsection FTP Anonymous user
To allow the @file{.security.xml} re-use, the FTP ``Anonymous'' user
is mapped internally by MyServer to the ``Guest'' user.
diff --git a/myserver/include/conf/security/auth_method.h
b/myserver/include/conf/security/auth_method.h
index c6d284d..18b85a8 100644
--- a/myserver/include/conf/security/auth_method.h
+++ b/myserver/include/conf/security/auth_method.h
@@ -23,6 +23,8 @@ along with this program. If not, see
<http://www.gnu.org/licenses/>.
# include "stdafx.h"
# include <include/conf/security/security_manager.h>
+# include <include/base/crypt/crypt_algo_manager.h>
+
using namespace std;
class AuthMethod
@@ -32,6 +34,16 @@ public:
virtual ~AuthMethod ();
virtual int getPermissionMask (SecurityToken* st);
+
+ CryptAlgoManager *getCryptAlgoManager () {return cryptAlgoManager;}
+ void setCryptAlgoManager (CryptAlgoManager *cam){cryptAlgoManager = cam;}
+
+
+protected:
+ bool comparePassword (const char *password, const char *savedPassword,
+ const char *algorithm);
+
+ CryptAlgoManager *cryptAlgoManager;
};
#endif
diff --git a/myserver/include/conf/security/auth_method_factory.h
b/myserver/include/conf/security/auth_method_factory.h
index c326999..7758fc0 100644
--- a/myserver/include/conf/security/auth_method_factory.h
+++ b/myserver/include/conf/security/auth_method_factory.h
@@ -22,6 +22,7 @@ along with this program. If not, see
<http://www.gnu.org/licenses/>.
# include "stdafx.h"
# include <include/base/hash_map/hash_map.h>
# include <string>
+# include <include/base/crypt/crypt_algo_manager.h>
using namespace std;
@@ -31,12 +32,14 @@ class AuthMethod;
class AuthMethodFactory
{
public:
- AuthMethodFactory ();
+ AuthMethodFactory (CryptAlgoManager *cryptAlgoManager);
virtual ~AuthMethodFactory ();
AuthMethod* getAuthMethod (string &name);
AuthMethod* addAuthMethod (string &name, AuthMethod* authMethod);
bool isAuthMethodPresent (string &name);
+
private:
+ CryptAlgoManager *cryptAlgoManager;
HashMap<string, AuthMethod*> authMethods;
};
#endif
diff --git a/myserver/include/conf/security/security_token.h
b/myserver/include/conf/security/security_token.h
index f986170..13c0fd3 100644
--- a/myserver/include/conf/security/security_token.h
+++ b/myserver/include/conf/security/security_token.h
@@ -213,10 +213,10 @@ private:
int mask;
/*!
- *Password that the user should provide to have access.
- *This is used in authorization schemes like the HTTP digest,
- *where the password is not sent in clear on the network.
- */
+ Password that the user should provide to have access.
+ This is used in authorization schemes like the HTTP digest,
+ where the password is not sent in clear on the network.
+ */
string neededPassword;
/*! The provided password is correct. */
diff --git a/myserver/include/conf/security/validator.h
b/myserver/include/conf/security/validator.h
index 02962f2..ba7343d 100644
--- a/myserver/include/conf/security/validator.h
+++ b/myserver/include/conf/security/validator.h
@@ -30,6 +30,7 @@ along with this program. If not, see
<http://www.gnu.org/licenses/>.
using namespace std;
+
class Validator
{
public:
@@ -45,19 +46,22 @@ public:
AuthMethod* authMethod);
virtual int getPermissionMaskImpl (SecurityToken* st,
- HashMap<string, SecurityDomain*>
*hashedDomains,
+ HashMap<string, SecurityDomain*> *hashedDomains,
AuthMethod* authMethod);
string *getValue (HashMap<string, SecurityDomain*> *hashedDomains,
string &name);
protected:
+ bool comparePassword (const char *password, const char *savedPassword,
+ const char *algorithm);
+
inline void addDomain (HashMap<string, SecurityDomain*> *hashedDomains,
SecurityDomain *domain)
- {
- string &name = domain->getName ();
- hashedDomains->put (name, domain);
- }
+ {
+ string &name = domain->getName ();
+ hashedDomains->put (name, domain);
+ }
int getPermissionMaskInt (SecurityToken* st,
HashMap<string, SecurityDomain*> *hashedDomains,
diff --git a/myserver/include/conf/security/xml_validator.h
b/myserver/include/conf/security/xml_validator.h
index 67400ce..0f83c88 100644
--- a/myserver/include/conf/security/xml_validator.h
+++ b/myserver/include/conf/security/xml_validator.h
@@ -1,19 +1,19 @@
/* -*- mode: c++ -*- */
/*
-MyServer
-Copyright (C) 2008, 2009 Free Software Foundation, Inc.
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
+ MyServer
+ Copyright (C) 2008, 2009 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XML_VALIDATOR_H
@@ -29,6 +29,8 @@ along with this program. If not, see
<http://www.gnu.org/licenses/>.
# include <include/conf/security/validator.h>
# include <include/base/xml/xml_parser.h>
+# include <include/base/crypt/crypt_algo_manager.h>
+
class SecurityCache;
class XmlValidator : public Validator, public AuthMethod
@@ -41,10 +43,10 @@ public:
virtual int getPermissionMask (SecurityToken* st);
- virtual int getPermissionMaskImpl (SecurityToken* st,
- HashMap<string, SecurityDomain*>
*hashedDomains,
- AuthMethod* authMethod);
-
+ virtual int
+ getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*> *hashedDomains,
+ AuthMethod* authMethod);
private:
XmlParser* getParser (SecurityToken* st);
bool doCondition (xmlNodePtr node,
@@ -67,7 +69,8 @@ private:
int *cmd,
HashMap<string, SecurityDomain*> *hashedDomains);
- int getPermissions (xmlAttr* attrs, xmlChar** user = NULL, xmlChar**
password = NULL);
+ int getPermissions (xmlAttr *attrs, xmlChar **user = NULL,
+ xmlChar **password = NULL, xmlChar **algorithm = NULL);
SecurityCache *getCache (SecurityToken*);
SecurityCache *secCache;
diff --git a/myserver/include/server/server.h b/myserver/include/server/server.h
index 0ebbf8a..518f79d 100644
--- a/myserver/include/server/server.h
+++ b/myserver/include/server/server.h
@@ -60,21 +60,18 @@ along with this program. If not, see
<http://www.gnu.org/licenses/>.
using namespace std;
-/*!
- *Definition for new threads entry-point.
- */
-# ifdef WIN32
-unsigned int __stdcall listenServer (void* pParam);
-# else
-void* listenServer (void* pParam);
-# endif
-
class XmlValidator;
class Server : public MulticastRegistry<string, void*, int>
{
public:
- ProcessServerManager* getProcessServerManager ()
+
+ static inline Server* getInstance ()
+ {
+ return instance;
+ }
+
+ ProcessServerManager *getProcessServerManager ()
{
return &processServerManager;
}
@@ -82,15 +79,11 @@ public:
bool stopServer (){return mustEndServer;}
HomeDir* getHomeDir ();
static void createInstance ();
- static inline Server* getInstance ()
- {
- return instance;
- }
int loadLibraries ();
CachedFileFactory* getCachedFiles ();
- const char* getData (const char *name, const char *defValue = NULL);
+ const char *getData (const char *name, const char *defValue = NULL);
FiltersFactory* getFiltersFactory ();
int getMaxThreads ();
@@ -146,7 +139,9 @@ public:
MimeManager *getMimeManager (){return &mimeManager;}
void setProcessPermissions ();
- ConnectionsScheduler* getConnectionsScheduler (){return
&connectionsScheduler;}
+ ConnectionsScheduler* getConnectionsScheduler ()
+ {return &connectionsScheduler;}
+
int deleteConnection (ConnectionPtr);
int notifyDeleteConnection (ConnectionPtr);
@@ -174,9 +169,9 @@ private:
int loadVHostConf ();
/*!
- *When the flag mustEndServer is 1 all the threads are
- *stopped and the application stop its execution.
- */
+ When the flag mustEndServer is 1 all the threads are
+ stopped and the application stop its execution.
+ */
int mustEndServer;
Mutex connectionsPoolLock;
@@ -227,8 +222,8 @@ private:
int initialize ();
int addThread (bool staticThread = false);
ConnectionPtr addConnectionToList (Socket* s, MYSERVER_SOCKADDRIN *asock_in,
- char *ipAddr, char *localIpAddr,
- u_short port, u_short localPort, int);
+ char *ipAddr, char *localIpAddr,
+ u_short port, u_short localPort, int);
u_long maxConnections;
u_long maxConnectionsToAccept;
void clearAllConnections ();
diff --git a/myserver/src/conf/security/auth_method.cpp
b/myserver/src/conf/security/auth_method.cpp
index a4d81e0..2b2ff51 100644
--- a/myserver/src/conf/security/auth_method.cpp
+++ b/myserver/src/conf/security/auth_method.cpp
@@ -22,7 +22,7 @@
AuthMethod::AuthMethod ()
{
-
+ cryptAlgoManager = NULL;
}
AuthMethod::~AuthMethod ()
@@ -37,3 +37,26 @@ int AuthMethod::getPermissionMask (SecurityToken* st)
{
return 0;
}
+
+
+/*!
+ * Check if ALGORITHM (SAVED_PASSWORD) = PASSWORD.
+ */
+bool AuthMethod::comparePassword (const char *password,
+ const char *savedPassword,
+ const char *algorithm)
+{
+ if (!algorithm)
+ return strcmpi (password, savedPassword) == 0;
+
+ if (cryptAlgoManager)
+ {
+ string pwStr (password);
+ string savedpwStr (savedPassword);
+ string algorithmStr (algorithm);
+
+ return cryptAlgoManager->check (savedpwStr, pwStr, algorithmStr);
+ }
+
+ return false;
+}
diff --git a/myserver/src/conf/security/auth_method_factory.cpp
b/myserver/src/conf/security/auth_method_factory.cpp
index e014cc4..4092622 100644
--- a/myserver/src/conf/security/auth_method_factory.cpp
+++ b/myserver/src/conf/security/auth_method_factory.cpp
@@ -25,9 +25,9 @@
using namespace std;
-AuthMethodFactory::AuthMethodFactory ()
+AuthMethodFactory::AuthMethodFactory (CryptAlgoManager *cryptAlgoManager)
{
-
+ this->cryptAlgoManager = cryptAlgoManager;
}
AuthMethodFactory::~AuthMethodFactory ()
@@ -36,30 +36,31 @@ AuthMethodFactory::~AuthMethodFactory ()
}
/*!
- *Return an AuthMethod given its name.
- */
+ Return an AuthMethod given its name.
+*/
AuthMethod* AuthMethodFactory::getAuthMethod (string &name)
{
return authMethods.get (name);
}
/*!
- *Add a new AuthMethod to the factory.
- *\param name AuthMethod name.
- *\param authMethod The authMethod to add.
- *\return The old authMethod registered with [name], in any.
- */
-AuthMethod* AuthMethodFactory::addAuthMethod (string &name, AuthMethod*
authMethod)
+ Add a new AuthMethod to the factory.
+ \param name AuthMethod name.
+ \param authMethod The authMethod to add.
+ \return The old authMethod registered with [name], in any.
+*/
+AuthMethod* AuthMethodFactory::addAuthMethod (string &name,
+ AuthMethod* authMethod)
{
+ authMethod->setCryptAlgoManager (cryptAlgoManager);
return authMethods.put (name, authMethod);
-
}
/*!
- *Check if the specified authMethod is present in the factory.
- *\param name The authMethod name.
- *\return a bool value to indicate if it is present or not.
- */
+ Check if the specified authMethod is present in the factory.
+ \param name The authMethod name.
+ \return a bool value to indicate if it is present or not.
+*/
bool AuthMethodFactory::isAuthMethodPresent (string &name)
{
return getAuthMethod (name) != NULL;
diff --git a/myserver/src/conf/security/xml_validator.cpp
b/myserver/src/conf/security/xml_validator.cpp
index 78830ab..f749429 100644
--- a/myserver/src/conf/security/xml_validator.cpp
+++ b/myserver/src/conf/security/xml_validator.cpp
@@ -111,10 +111,10 @@ int XmlValidator::getPermissionMask (SecurityToken* st)
xmlAttr *attrs = cur->properties;
- xmlChar* name = NULL;
- xmlChar* password = NULL;
-
- int permissions = getPermissions (attrs, &name, &password);
+ xmlChar *name = NULL;
+ xmlChar *password = NULL;
+ xmlChar *algorithm = NULL;
+ int permissions = getPermissions (attrs, &name, &password, &algorithm);
if (!name || !password
|| xmlStrcmp (name, (const xmlChar *)st->getUser ().c_str ()))
@@ -122,15 +122,17 @@ int XmlValidator::getPermissionMask (SecurityToken* st)
st->setProvidedMask (permissions);
- if (xmlStrcmp (password, (const xmlChar *)st->getPassword ().c_str ()))
+ if (AuthMethod::comparePassword ((const char *)password,
+ st->getPassword ().c_str (),
+ (const char *)algorithm))
{
- st->setAuthenticated (false);
- st->setMask (0);
+ st->setAuthenticated (true);
+ st->setMask (permissions);
}
else
{
- st->setAuthenticated (true);
- st->setMask (permissions);
+ st->setAuthenticated (false);
+ st->setMask (0);
}
return st->getMask ();
@@ -140,14 +142,16 @@ int XmlValidator::getPermissionMask (SecurityToken* st)
}
/*!
- *Get a permission mask from the attributes.
- *\param attrs Attributes list.
- *\param user The found user name.
- *\param password The found password.
- *\return the permissions mask.
+ Get a permission mask from the attributes.
+ \param attrs Attributes list.
+ \param user The found user name.
+ \param password The found password.
+ \param the crypt algorithm used on password.
+ \return the permissions mask.
*/
-int XmlValidator::getPermissions (xmlAttr* attrs, xmlChar** user,
- xmlChar** password)
+int
+XmlValidator::getPermissions (xmlAttr* attrs, xmlChar** user,
+ xmlChar** password, xmlChar **algorithm)
{
int permissions = 0;
@@ -157,13 +161,20 @@ int XmlValidator::getPermissions (xmlAttr* attrs,
xmlChar** user,
&& attrs->children && attrs->children->content)
*user = attrs->children->content;
- else if (password && !xmlStrcmp (attrs->name, (const xmlChar
*)"password")
+ else if (password
+ && !xmlStrcmp (attrs->name, (const xmlChar *)"password")
&& attrs->children && attrs->children->content)
*password = attrs->children->content;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"READ") &&
- attrs->children && attrs->children->content &&
- !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
+ else if (algorithm
+ && !xmlStrcmp (attrs->name, (const xmlChar *)"algorithm")
+ && attrs->children && attrs->children->content)
+ *algorithm = attrs->children->content;
+
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"READ")
+ && attrs->children && attrs->children->content
+ && !xmlStrcmp (attrs->children->content,
+ (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_READ;
else if (!xmlStrcmp (attrs->name, (const xmlChar *)"WRITE")
@@ -192,9 +203,10 @@ int XmlValidator::getPermissions (xmlAttr* attrs,
xmlChar** user,
/*!
\see XmlValidator#getPermissionMaskImpl.
*/
-int XmlValidator::getPermissionMaskImpl (SecurityToken* st,
- HashMap<string, SecurityDomain*>
*hashedDomains,
- AuthMethod* authMethod)
+int
+XmlValidator::getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*> *hashedDomains,
+ AuthMethod* authMethod)
{
XmlParser* xmlFile = getParser (st);
@@ -229,10 +241,11 @@ int XmlValidator::getPermissionMaskImpl (SecurityToken*
st,
/*!
*Compute the current XML node.
*/
-int XmlValidator::computeXmlNode (xmlNodePtr node,
- SecurityToken *st,
- int *cmd,
- HashMap<string, SecurityDomain*>
*hashedDomains)
+int
+XmlValidator::computeXmlNode (xmlNodePtr node,
+ SecurityToken *st,
+ int *cmd,
+ HashMap<string, SecurityDomain*> *hashedDomains)
{
if (!node)
return 0;
@@ -269,13 +282,9 @@ int XmlValidator::computeXmlNode (xmlNodePtr node,
return 1;
}
else if (!xmlStrcmp (cur->name, (const xmlChar *) "DEFINE"))
- {
- doDefine (cur, st, hashedDomains);
- }
+ doDefine (cur, st, hashedDomains);
else if (!xmlStrcmp (cur->name, (const xmlChar *) "PERMISSION"))
- {
- doPermission (cur, st, hashedDomains);
- }
+ doPermission (cur, st, hashedDomains);
}
return 0;
diff --git a/myserver/src/server/server.cpp b/myserver/src/server/server.cpp
index 690a9a9..943b0b3 100644
--- a/myserver/src/server/server.cpp
+++ b/myserver/src/server/server.cpp
@@ -65,7 +65,7 @@ Server* Server::instance = NULL;
Server::Server () : connectionsScheduler (this),
listenThreads (&connectionsScheduler, this),
- authMethodFactory (),
+ authMethodFactory (&cryptAlgoManager),
validatorFactory (),
securityManager (&validatorFactory, &authMethodFactory),
connectionsPool (100)
diff --git a/myserver/tests/Makefile.am b/myserver/tests/Makefile.am
index 96e049e..da07db4 100644
--- a/myserver/tests/Makefile.am
+++ b/myserver/tests/Makefile.am
@@ -2,11 +2,11 @@
#
bin_PROGRAMS = tests_suite
-tests_suite_SOURCES = main.cpp test_auth_domain.cpp test_base64.cpp \
- test_bitvec.cpp test_cached_file_buffer.cpp test_cached_file.cpp \
- test_cached_file_factory.cpp test_crypt_algo_manager.cpp
test_connection.cpp \
- test_connections_scheduler.cpp test_file.cpp test_file_stream.cpp \
- test_file_stream_creator.cpp test_files_utility.cpp \
+tests_suite_SOURCES = main.cpp test_auth_domain.cpp test_auth_method.cpp \
+ test_base64.cpp test_bitvec.cpp test_cached_file_buffer.cpp \
+ test_cached_file.cpp test_cached_file_factory.cpp
test_crypt_algo_manager.cpp \
+ test_connection.cpp test_connections_scheduler.cpp test_file.cpp \
+ test_file_stream.cpp test_file_stream_creator.cpp
test_files_utility.cpp \
test_filter_chain.cpp test_fork_server.cpp test_ftp.cpp test_gzip.cpp \
test_hashmap.cpp test_homedir.cpp test_http_req_security_domain.cpp \
test_http_request.cpp test_http_response.cpp test_ip.cpp \
diff --git a/myserver/tests/test_auth_method.cpp
b/myserver/tests/test_auth_method.cpp
new file mode 100644
index 0000000..65d2e25
--- /dev/null
+++ b/myserver/tests/test_auth_method.cpp
@@ -0,0 +1,106 @@
+/*
+ MyServer
+ Copyright (C) 2008, 2009 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "stdafx.h"
+#include <include/base/crypt/crypt_algo_manager.h>
+#include <include/base/crypt/md5.h>
+
+#include <include/conf/security/auth_method.h>
+
+#include <ctype.h>
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+#include <string.h>
+
+#include <typeinfo>
+using namespace std;
+
+
+class TestAuthMethodImpl : public AuthMethod
+{
+public:
+ bool exposeComparePassword (const char *password, const char *savedPassword,
+ const char *algorithm)
+ {
+ return AuthMethod::comparePassword (password, savedPassword, algorithm);
+ }
+};
+
+
+class TestAuthMethod : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE ( TestAuthMethod );
+ CPPUNIT_TEST (testCryptAlgoManager);
+ CPPUNIT_TEST (testGetPermissionMask);
+ CPPUNIT_TEST (testComparePassword);
+ CPPUNIT_TEST_SUITE_END ();
+
+public:
+ void setUp ()
+ {
+
+ }
+
+ void tearDown ()
+ {
+ }
+
+ void testCryptAlgoManager ()
+ {
+ CryptAlgoManager cam;
+ TestAuthMethodImpl tam;
+
+ tam.setCryptAlgoManager (&cam);
+
+ CPPUNIT_ASSERT_EQUAL (&cam, tam.getCryptAlgoManager ());
+ }
+
+ void testGetPermissionMask ()
+ {
+ TestAuthMethodImpl tam;
+ SecurityToken st;
+ CPPUNIT_ASSERT (tam.getPermissionMask (&st) >= 0);
+ }
+
+ void testComparePassword ()
+ {
+ TestAuthMethodImpl tam;
+ CryptAlgoManager cam;
+ Md5::initialize (&cam);
+
+ CPPUNIT_ASSERT (!tam.exposeComparePassword
+ ("d5aa1729c8c253e5d917a5264855eab8", "freedom",
+ "md5"));
+
+ tam.setCryptAlgoManager (&cam);
+
+
+ CPPUNIT_ASSERT (tam.exposeComparePassword
+ ("d5aa1729c8c253e5d917a5264855eab8", "freedom",
+ "md5"));
+
+
+ CPPUNIT_ASSERT (!tam.exposeComparePassword
+ ("d5aa1729c8c253e5d917a5264855ea8b", "freedom",
+ "md5"));
+ }
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION (TestAuthMethod);
diff --git a/myserver/tests/test_crypt_algo_manager.cpp
b/myserver/tests/test_crypt_algo_manager.cpp
index a3f508a..d67f5a9 100644
--- a/myserver/tests/test_crypt_algo_manager.cpp
+++ b/myserver/tests/test_crypt_algo_manager.cpp
@@ -1,19 +1,19 @@
/*
- MyServer
- Copyright (C) 2008, 2009 Free Software Foundation, Inc.
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
+ MyServer
+ Copyright (C) 2008, 2009 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
#include "stdafx.h"
#include <include/base/crypt/crypt_algo_manager.h>
diff --git a/myserver/tests/test_security_manager.cpp
b/myserver/tests/test_security_manager.cpp
index 6574958..c40dc3e 100644
--- a/myserver/tests/test_security_manager.cpp
+++ b/myserver/tests/test_security_manager.cpp
@@ -42,6 +42,11 @@ class TestSecurityManager : public CppUnit::TestFixture
ValidatorFactory validatorFactory;
SecurityManager* securityManager;
public:
+
+ TestSecurityManager () : authMethodFactory (NULL)
+ {
+ }
+
void setUp ()
{
securityManager = new SecurityManager (&validatorFactory,
&authMethodFactory);
commit 3be85b8fb86945bf494ee7859f334635806ea6aa
Author: Giuseppe Scrivano <address@hidden>
Date: Sat Nov 7 22:24:08 2009 +0100
Remove some unneeded `friend' declarations.
diff --git a/myserver/include/conf/security/security_token.h
b/myserver/include/conf/security/security_token.h
index e5a0241..f986170 100644
--- a/myserver/include/conf/security/security_token.h
+++ b/myserver/include/conf/security/security_token.h
@@ -1,19 +1,19 @@
/* -*- mode: c++ -*- */
/*
-MyServer
-Copyright (C) 2002, 2003, 2004, 2008, 2009 Free Software Foundation, Inc.
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
+ MyServer
+ Copyright (C) 2002, 2003, 2004, 2008, 2009 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SECURITY_TOKEN_H
@@ -31,19 +31,19 @@ class Vhost;
struct MimeRecord;
enum SECURITY_RING
-{
- /*! Security file configuration. */
- MYSERVER_SECURITY_CONF = (1 << 0),
+ {
+ /*! Security file configuration. */
+ MYSERVER_SECURITY_CONF = (1 << 1),
- /*! Virtual host configuration. */
- MYSERVER_VHOST_CONF = (1 << 1),
+ /*! Virtual host configuration. */
+ MYSERVER_VHOST_CONF = (1 << 2),
- /*! Mime type. */
- MYSERVER_MIME_CONF = (1 << 2),
+ /*! Mime type. */
+ MYSERVER_MIME_CONF = (1 << 3),
- /*! Global server configuration. */
- MYSERVER_SERVER_CONF = (1 << 3),
-};
+ /*! Global server configuration. */
+ MYSERVER_SERVER_CONF = (1 << 4),
+ };
class SecurityToken
{
@@ -51,10 +51,13 @@ public:
SecurityToken ();
void reset ();
- const char* getData (const char* name, int domains, const char *def = NULL);
- NodeTree<string>* getNodeTree (string& key, int domains, NodeTree<string>*
def = NULL);
+ const char* getData (const char *name, int domains,
+ const char *def = NULL);
+
+ NodeTree<string>* getNodeTree (string &key, int domains,
+ NodeTree<string> *def = NULL);
- string& getUser ()
+ string &getUser ()
{
return user;
}
@@ -64,7 +67,7 @@ public:
return password;
}
- HashMap<string, NodeTree<string>*>* getValues ()
+ HashMap<string, NodeTree<string>*> *getValues ()
{
return &values;
}
@@ -94,7 +97,7 @@ public:
return providedMask;
}
- string& getNeededPassword ()
+ string &getNeededPassword ()
{
return neededPassword;
}
@@ -110,32 +113,32 @@ public:
}
- Server* getServer ()
+ Server *getServer ()
{
return server;
}
- Vhost* getVhost ()
+ Vhost *getVhost ()
{
return vhost;
}
- void setUser (string& u)
+ void setUser (string &u)
{
user.assign (u);
}
- void setPassword (string& pw)
+ void setPassword (string &pw)
{
password.assign (pw);
}
- void setDirectory (string * d)
+ void setDirectory (string *d)
{
directory = d;
}
- void setSysDirectory (string * sd)
+ void setSysDirectory (string *sd)
{
sysdirectory = sd;
}
@@ -155,7 +158,7 @@ public:
providedMask = p;
}
- void setNeededPassword (string& pw)
+ void setNeededPassword (string &pw)
{
neededPassword.assign (pw);
}
@@ -170,12 +173,12 @@ public:
authenticated = a;
}
- void setServer (Server* s)
+ void setServer (Server *s)
{
server = s;
}
- void setVhost (Vhost* v)
+ void setVhost (Vhost *v)
{
vhost = v;
}
diff --git a/myserver/include/filter/filters_chain.h
b/myserver/include/filter/filters_chain.h
index 588f4f4..3eb0bad 100644
--- a/myserver/include/filter/filters_chain.h
+++ b/myserver/include/filter/filters_chain.h
@@ -1,20 +1,20 @@
/* -*- mode: c++ -*- */
/*
-MyServer
-Copyright (C) 2002, 2003, 2004, 2007, 2009 Free Software Foundation,
-Inc.
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
+ MyServer
+ Copyright (C) 2002, 2003, 2004, 2007, 2009 Free Software Foundation,
+ Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef FILTERS_CHAIN_H
@@ -46,7 +46,7 @@ public:
list<string> getFilters ();
virtual int read (char* buffer, u_long len, u_long*);
virtual int write (const char* buffer, u_long len, u_long*);
- virtual int flush (u_long*);
+ virtual int flush (u_long*);
FiltersChain ();
~FiltersChain ();
protected:
diff --git a/myserver/include/protocol/protocol.h
b/myserver/include/protocol/protocol.h
index bb00f47..974094d 100644
--- a/myserver/include/protocol/protocol.h
+++ b/myserver/include/protocol/protocol.h
@@ -23,8 +23,8 @@
# include <include/connection/connection.h>
/*!
- *This is the base class to derive other protocols implementations for the
server.
- */
+ This is the base class to derive other protocols implementations for
+ the server. */
class Protocol
{
public:
diff --git a/myserver/include/server/server.h b/myserver/include/server/server.h
index 9740482..0ebbf8a 100644
--- a/myserver/include/server/server.h
+++ b/myserver/include/server/server.h
@@ -166,7 +166,6 @@ public:
CryptAlgoManager *getCryptAlgoManager () {return &cryptAlgoManager;}
private:
- friend class ClientsThread;
XmlValidator *xmlValidator;
VhostManagerHandler *vhostHandler;
@@ -174,12 +173,6 @@ private:
MainConfiguration* (*genMainConf) (Server *server, const char *arg);
int loadVHostConf ();
-# ifdef WIN32
- friend int __stdcall control_handler (u_long control_type);
-# endif
-# ifdef NOT_WIN
- friend int control_handler (u_long control_type);
-# endif
/*!
*When the flag mustEndServer is 1 all the threads are
*stopped and the application stop its execution.
diff --git a/myserver/src/conf/security/auth_method_factory.cpp
b/myserver/src/conf/security/auth_method_factory.cpp
index 04960a0..e014cc4 100644
--- a/myserver/src/conf/security/auth_method_factory.cpp
+++ b/myserver/src/conf/security/auth_method_factory.cpp
@@ -27,10 +27,7 @@ using namespace std;
AuthMethodFactory::AuthMethodFactory ()
{
- // XmlAuthMethod* xmlAuthMethod = new XmlAuthMethod;
- // string xml ("xml");
- // authMethods.put (xml, xmlAuthMethod);
}
AuthMethodFactory::~AuthMethodFactory ()
diff --git a/myserver/src/conf/security/security_cache.cpp
b/myserver/src/conf/security/security_cache.cpp
index ee41360..5bd6cc0 100644
--- a/myserver/src/conf/security/security_cache.cpp
+++ b/myserver/src/conf/security/security_cache.cpp
@@ -27,14 +27,14 @@
using namespace std;
-/*!
- *Constructor for the SecurityCache object.
+/*
+ Constructor for the SecurityCache object.
*/
SecurityCache::SecurityCache ()
{
- /*!
- *By default do not store more than 25 nodes.
- */
+ /*
+ By default do not store more than 25 nodes.
+ */
limit = 25;
}
@@ -47,25 +47,23 @@ SecurityCache::~SecurityCache ()
}
/*!
- *free the memory used by the SecurityCache object.
- */
+ Free the memory used by the SecurityCache object.
+*/
void SecurityCache::free ()
{
HashMap<string, XmlParser*>::Iterator it = dictionary.begin ();
for (;it != dictionary.end (); it++)
- {
delete (*it);
- }
dictionary.clear ();
}
/*!
- *Set a new limit on the nodes to keep in memory.
- *\param newLimit Number of files to cache. it is adjusted
- *to be >= 1.
- */
+ Set a new limit on the nodes to keep in memory.
+ \param newLimit Number of files to cache. it is adjusted
+ to be >= 1.
+*/
void SecurityCache::setMaxNodes (int newLimit)
{
if (newLimit <= 0)
@@ -82,13 +80,13 @@ void SecurityCache::setMaxNodes (int newLimit)
}
/*!
- *Get the security file to use starting from the file location, returns
- *zero on success.
- *\param dir The directory we need a security parser for.
- *\param sys The system directory.
- *\param out Output string where put the security file path.
- *\param secFileName The security file name.
- */
+ Get the security file to use starting from the file location, returns
+ zero on success.
+ \param dir The directory we need a security parser for.
+ \param sys The system directory.
+ \param out Output string where put the security file path.
+ \param secFileName The security file name.
+*/
int SecurityCache::getSecurityFile (const string& dir,
const string& sys,
string& out,
@@ -129,9 +127,9 @@ int SecurityCache::getSecurityFile (const string& dir,
}
/*
- *Top of the tree, check if the security file is present in the
- *system directory. Return an error if it is not.
- */
+ Top of the tree, check if the security file is present in the
+ system directory. Return an error if it is not.
+ */
if (i == 0)
{
out.assign (sys);
@@ -153,21 +151,21 @@ int SecurityCache::getSecurityFile (const string& dir,
/*!
- *Get the actual limit of open nodes.
- */
+ Get the actual limit of open nodes.
+*/
int SecurityCache::getMaxNodes ()
{
return limit;
}
/*!
- *Open the XML parser associated to the file.
- *\param dir The path where start looking.
- *\param sys The system directory.
- *\param useXpath Specify if XPath will be used on the file.
- *\param secFileName The security file name.
- *\param maxSize The maximum file size allowed for the security file.
- */
+ Open the XML parser associated to the file.
+ \param dir The path where start looking.
+ \param sys The system directory.
+ \param useXpath Specify if XPath will be used on the file.
+ \param secFileName The security file name.
+ \param maxSize The maximum file size allowed for the security file.
+*/
XmlParser* SecurityCache::getParser (const string &dir,
const string &sys,
bool useXpath,
@@ -182,13 +180,10 @@ XmlParser* SecurityCache::getParser (const string &dir,
parser = dictionary.get (file);
- /*!
- *If the parser is already present and satisfy XPath then use it.
- */
+ /* If the parser is already present and satisfy XPath then use it. */
if (parser && (!useXpath || parser->isXpathEnabled ()))
{
time_t fileModTime;
- /*! If the file was modified reload it. */
fileModTime = FilesUtility::getLastModTime (file.c_str ());
if ((fileModTime != static_cast<time_t>(-1)) &&
@@ -220,16 +215,12 @@ XmlParser* SecurityCache::getParser (const string &dir,
}
else
{
- /*!
- *Create the parser and add it to the dictionary.
- */
+ /* Create the parser and add it to the dictionary. */
XmlParser* old;
parser = new XmlParser ();
if (parser == NULL)
- {
return NULL;
- }
if (dictionary.size () >= limit)
{
diff --git a/myserver/src/conf/security/security_token.cpp
b/myserver/src/conf/security/security_token.cpp
index c976edf..443921e 100644
--- a/myserver/src/conf/security/security_token.cpp
+++ b/myserver/src/conf/security/security_token.cpp
@@ -17,7 +17,6 @@
#include "stdafx.h"
-
#include <include/conf/security/security_token.h>
#include <include/conf/vhost/vhost.h>
#include <include/server/server.h>
@@ -37,8 +36,8 @@ SecurityToken::SecurityToken ()
}
/*!
- *Reset every structure member.
- */
+ Reset every structure member.
+*/
void SecurityToken::reset ()
{
mask = 0;
@@ -56,100 +55,102 @@ void SecurityToken::reset ()
}
/*!
- *Get the value for the variable using the specified domains.
- *\param key Variable name.
- *\param def Default value.
- *\param domains Domains where to look. They are looked in this order:
- *\li Security configuration file.
- *\li Virtual host configuration file.
- *\li Global security file.
- *\li Default value.
- */
-NodeTree<string>* SecurityToken::getNodeTree (string& key, int domains,
NodeTree<string>* def)
+ Get the value for the variable using the specified domains.
+ \param key Variable name.
+ \param def Default value.
+ \param domains Domains where to look. They are looked in this order:
+ \li Security configuration file.
+ \li Virtual host configuration file.
+ \li Global security file.
+ \li Default value.
+*/
+NodeTree<string>* SecurityToken::getNodeTree (string& key, int domains,
+ NodeTree<string>* def)
{
if (domains & MYSERVER_SECURITY_CONF)
- {
- string strName (key);
- NodeTree<string>* ret = values.get (strName);
+ {
+ string strName (key);
+ NodeTree<string>* ret = values.get (strName);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
if (mimeRecord && (domains & MYSERVER_MIME_CONF))
- {
- string strName (key);
- NodeTree<string>* ret = mimeRecord->getNodeTree (strName);
+ {
+ string strName (key);
+ NodeTree<string>* ret = mimeRecord->getNodeTree (strName);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
if (vhost && (domains & MYSERVER_VHOST_CONF))
- {
- NodeTree<string>* ret = vhost->getNodeTree (key);
+ {
+ NodeTree<string>* ret = vhost->getNodeTree (key);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
if (server && (domains & MYSERVER_SERVER_CONF))
- {
- NodeTree<string>* ret = server->getNodeTree (key);
+ {
+ NodeTree<string>* ret = server->getNodeTree (key);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
return def;
}
/*!
- *Get the value for the variable using the specified domains.
- *\param name Variable name.
- *\param def Default value.
- *\param domains Domains where to look. They are looked in this order:
- *\li Security configuration file.
- *\li Virtual host configuration file.
- *\li Global security file.
- *\li Default value.
- */
-const char* SecurityToken::getData (const char* name, int domains, const char
*def)
+ Get the value for the variable using the specified domains.
+ \param name Variable name.
+ \param def Default value.
+ \param domains Domains where to look. They are looked in this order:
+ \li Security configuration file.
+ \li Virtual host configuration file.
+ \li Global security file.
+ \li Default value.
+*/
+const char* SecurityToken::getData (const char* name, int domains,
+ const char *def)
{
if (domains & MYSERVER_SECURITY_CONF)
- {
- string strName (name);
- NodeTree<string> *ret = values.get (strName);
+ {
+ string strName (name);
+ NodeTree<string> *ret = values.get (strName);
- if (ret)
- return ret->getValue ()->c_str ();
- }
+ if (ret)
+ return ret->getValue ()->c_str ();
+ }
if (mimeRecord && (domains & MYSERVER_MIME_CONF))
- {
- string strName (name);
- const char *ret = mimeRecord->getData (strName);
+ {
+ string strName (name);
+ const char *ret = mimeRecord->getData (strName);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
if (vhost && (domains & MYSERVER_VHOST_CONF))
- {
- const char* ret = vhost->getData (name);
+ {
+ const char* ret = vhost->getData (name);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
if (server && (domains & MYSERVER_SERVER_CONF))
- {
- const char* ret = server->getData (name);
+ {
+ const char* ret = server->getData (name);
- if (ret)
- return ret;
- }
+ if (ret)
+ return ret;
+ }
return def;
}
diff --git a/myserver/src/conf/security/xml_validator.cpp
b/myserver/src/conf/security/xml_validator.cpp
index 6f28b22..78830ab 100644
--- a/myserver/src/conf/security/xml_validator.cpp
+++ b/myserver/src/conf/security/xml_validator.cpp
@@ -31,10 +31,10 @@ XmlValidator::XmlValidator ()
XmlValidator::~XmlValidator ()
{
if (secCache != NULL)
- {
- secCache->free ();
- delete secCache;
- }
+ {
+ secCache->free ();
+ delete secCache;
+ }
}
/*!
@@ -43,24 +43,25 @@ XmlValidator::~XmlValidator ()
SecurityCache* XmlValidator::getCache (SecurityToken *st)
{
if (!secCache)
- {
- const char *data = st->getData ("SECURITY_CACHE_NODES",
MYSERVER_SERVER_CONF, NULL);
+ {
+ const char *data = st->getData ("SECURITY_CACHE_NODES",
+ MYSERVER_SERVER_CONF, NULL);
- secCache = new SecurityCache ();
+ secCache = new SecurityCache ();
- if (data)
- {
- int nodes = atoi (data);
- secCache->setMaxNodes (nodes);
+ if (data)
+ {
+ int nodes = atoi (data);
+ secCache->setMaxNodes (nodes);
+ }
}
- }
return secCache;
}
/*!
- *Get the XML parser to use.
- */
+ Get the XML parser to use.
+*/
XmlParser* XmlValidator::getParser (SecurityToken* st)
{
const char *secName;
@@ -70,16 +71,19 @@ XmlParser* XmlValidator::getParser (SecurityToken* st)
if (!cache)
return NULL;
- secName = st->getData ("security.filename", MYSERVER_VHOST_CONF |
MYSERVER_SERVER_CONF, ".security.xml");
+ secName = st->getData ("security.filename", MYSERVER_VHOST_CONF
+ | MYSERVER_SERVER_CONF, ".security.xml");
- u_long maxSize = atol (st->getData ("security.max_size", MYSERVER_VHOST_CONF
| MYSERVER_SERVER_CONF, "0"));
+ u_long maxSize = atol (st->getData ("security.max_size", MYSERVER_VHOST_CONF
+ | MYSERVER_SERVER_CONF, "0"));
- return cache->getParser (*(st->getDirectory ()), *(st->getSysDirectory ()),
false, secName);
+ return cache->getParser (*(st->getDirectory ()), *(st->getSysDirectory ()),
+ false, secName);
}
/*!
- *\see AuthMethod#getPermissionMask.
- */
+ \see AuthMethod#getPermissionMask.
+*/
int XmlValidator::getPermissionMask (SecurityToken* st)
{
xmlNodePtr root;
@@ -90,46 +94,47 @@ int XmlValidator::getPermissionMask (SecurityToken* st)
for (xmlNodePtr cur = xmlFile->getDoc ()->children; cur; cur = cur->next)
if (cur->type == XML_ELEMENT_NODE)
- {
- for (xmlNodePtr curChild = cur->children; curChild; curChild =
curChild->next)
- if (curChild->type == XML_ELEMENT_NODE)
- {
- root = curChild;
- break;
- }
- }
+ {
+ for (xmlNodePtr curChild = cur->children; curChild;
+ curChild = curChild->next)
+ if (curChild->type == XML_ELEMENT_NODE)
+ {
+ root = curChild;
+ break;
+ }
+ }
for (xmlNodePtr cur = root; cur; cur = cur->next)
- {
- if (xmlStrcmp (cur->name, (const xmlChar *) "USER"))
- continue;
+ {
+ if (xmlStrcmp (cur->name, (const xmlChar *) "USER"))
+ continue;
- xmlAttr *attrs = cur->properties;
+ xmlAttr *attrs = cur->properties;
- xmlChar* name = NULL;
- xmlChar* password = NULL;
+ xmlChar* name = NULL;
+ xmlChar* password = NULL;
- int permissions = getPermissions (attrs, &name, &password);
+ int permissions = getPermissions (attrs, &name, &password);
- if (!name || !password ||
- xmlStrcmp (name, (const xmlChar *)st->getUser ().c_str ()))
- continue;
+ if (!name || !password
+ || xmlStrcmp (name, (const xmlChar *)st->getUser ().c_str ()))
+ continue;
- st->setProvidedMask (permissions);
+ st->setProvidedMask (permissions);
- if (xmlStrcmp (password, (const xmlChar *)st->getPassword ().c_str ()))
- {
- st->setAuthenticated (false);
- st->setMask (0);
- }
- else
- {
- st->setAuthenticated (true);
- st->setMask (permissions);
- }
+ if (xmlStrcmp (password, (const xmlChar *)st->getPassword ().c_str ()))
+ {
+ st->setAuthenticated (false);
+ st->setMask (0);
+ }
+ else
+ {
+ st->setAuthenticated (true);
+ st->setMask (permissions);
+ }
- return st->getMask ();
- }
+ return st->getMask ();
+ }
return 0;
}
@@ -141,52 +146,54 @@ int XmlValidator::getPermissionMask (SecurityToken* st)
*\param password The found password.
*\return the permissions mask.
*/
-int XmlValidator::getPermissions (xmlAttr* attrs, xmlChar** user, xmlChar**
password )
+int XmlValidator::getPermissions (xmlAttr* attrs, xmlChar** user,
+ xmlChar** password)
{
- int permissions = 0;
+ int permissions = 0;
- while (attrs)
+ while (attrs)
{
- if (user && !xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
- attrs->children && attrs->children->content)
+ if (user && !xmlStrcmp (attrs->name, (const xmlChar *)"name")
+ && attrs->children && attrs->children->content)
*user = attrs->children->content;
- else if (password && !xmlStrcmp (attrs->name, (const xmlChar
*)"password") &&
- attrs->children && attrs->children->content)
+ else if (password && !xmlStrcmp (attrs->name, (const xmlChar
*)"password")
+ && attrs->children && attrs->children->content)
*password = attrs->children->content;
else if (!xmlStrcmp (attrs->name, (const xmlChar *)"READ") &&
- attrs->children && attrs->children->content &&
- !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
+ attrs->children && attrs->children->content &&
+ !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_READ;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"WRITE") &&
- attrs->children && attrs->children->content &&
- !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"WRITE")
+ && attrs->children && attrs->children->content &&
+ !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_WRITE;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"EXECUTE") &&
- attrs->children && attrs->children->content &&
- !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"EXECUTE")
+ && attrs->children && attrs->children->content &&
+ !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_EXECUTE;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"BROWSE") &&
- attrs->children && attrs->children->content &&
- !xmlStrcmp (attrs->children->content, (const xmlChar *) "YES"))
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"BROWSE")
+ && attrs->children && attrs->children->content
+ && !xmlStrcmp (attrs->children->content,
+ (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_BROWSE;
attrs = attrs->next;
}
- return permissions;
+ return permissions;
}
/*!
- *\see XmlValidator#getPermissionMaskImpl.
- */
+ \see XmlValidator#getPermissionMaskImpl.
+*/
int XmlValidator::getPermissionMaskImpl (SecurityToken* st,
- HashMap<string, SecurityDomain*>
*hashedDomains,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
AuthMethod* authMethod)
{
XmlParser* xmlFile = getParser (st);
@@ -196,25 +203,25 @@ int XmlValidator::getPermissionMaskImpl (SecurityToken*
st,
for (xmlNodePtr cur = xmlFile->getDoc ()->children; cur; cur = cur->next)
if (cur->type == XML_ELEMENT_NODE)
- {
- int cmd = -1;
+ {
+ int cmd = -1;
- computeXmlNode (cur, st, &cmd, hashedDomains);
+ computeXmlNode (cur, st, &cmd, hashedDomains);
- /* By default return ALLOW. */
- if (cmd == -1)
- return 1;
+ /* By default return ALLOW. */
+ if (cmd == -1)
+ return 1;
- if (cmd == 0)
- return 0;
+ if (cmd == 0)
+ return 0;
- if (cmd == 1)
- {
- st->setMask (MYSERVER_PERMISSION_ALL);
- return 1;
- }
+ if (cmd == 1)
+ {
+ st->setMask (MYSERVER_PERMISSION_ALL);
+ return 1;
+ }
- }
+ }
return 0;
}
@@ -225,59 +232,60 @@ int XmlValidator::getPermissionMaskImpl (SecurityToken*
st,
int XmlValidator::computeXmlNode (xmlNodePtr node,
SecurityToken *st,
int *cmd,
- HashMap<string, SecurityDomain*>
*hashedDomains)
+ HashMap<string, SecurityDomain*>
*hashedDomains)
{
if (!node)
return 0;
xmlNodePtr cur = node->children;
for (;;)
- {
- if (cur->next == NULL)
{
- cur = cur->parent;
+ if (cur->next == NULL)
+ {
+ cur = cur->parent;
- /* The root is reached. */
- if (cur == node)
- return 1;
+ /* The root is reached. */
+ if (cur == node)
+ return 1;
- /* This should never happen. */
- if (cur == NULL)
- return 0;
- }
- else
- cur = cur->next;
+ /* This should never happen. */
+ if (cur == NULL)
+ return 0;
+ }
+ else
+ cur = cur->next;
- if (cur->type != XML_ELEMENT_NODE)
- continue;
+ if (cur->type != XML_ELEMENT_NODE)
+ continue;
- if (!xmlStrcmp (cur->name, (const xmlChar *) "CONDITION"))
- {
- if (doCondition (cur, hashedDomains))
- cur = cur->children;
- }
- else if (!xmlStrcmp (cur->name, (const xmlChar *) "RETURN"))
- {
- doReturn (cur, cmd, hashedDomains);
- return 1;
- }
- else if (!xmlStrcmp (cur->name, (const xmlChar *) "DEFINE"))
- {
- doDefine (cur, st, hashedDomains);
- }
- else if (!xmlStrcmp (cur->name, (const xmlChar *) "PERMISSION"))
- {
- doPermission (cur, st, hashedDomains);
+ if (!xmlStrcmp (cur->name, (const xmlChar *) "CONDITION"))
+ {
+ if (doCondition (cur, hashedDomains))
+ cur = cur->children;
+ }
+ else if (!xmlStrcmp (cur->name, (const xmlChar *) "RETURN"))
+ {
+ doReturn (cur, cmd, hashedDomains);
+ return 1;
+ }
+ else if (!xmlStrcmp (cur->name, (const xmlChar *) "DEFINE"))
+ {
+ doDefine (cur, st, hashedDomains);
+ }
+ else if (!xmlStrcmp (cur->name, (const xmlChar *) "PERMISSION"))
+ {
+ doPermission (cur, st, hashedDomains);
+ }
}
- }
return 0;
}
/*!
- *Handle a CONDITION.
- */
-bool XmlValidator::doCondition (xmlNodePtr node, HashMap<string,
SecurityDomain*> *hashedDomains)
+ Handle a CONDITION.
+*/
+bool XmlValidator::doCondition (xmlNodePtr node,
+ HashMap<string, SecurityDomain*>
*hashedDomains)
{
string name;
const xmlChar *isNot = (const xmlChar*)"";
@@ -286,25 +294,25 @@ bool XmlValidator::doCondition (xmlNodePtr node,
HashMap<string, SecurityDomain*
xmlAttr *attrs = node->properties;
while (attrs)
- {
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
- attrs->children && attrs->children->content)
- name.assign ((const char*)attrs->children->content);
+ {
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
+ attrs->children && attrs->children->content)
+ name.assign ((const char*)attrs->children->content);
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
- attrs->children && attrs->children->content)
- value = attrs->children->content;
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
+ attrs->children && attrs->children->content)
+ value = attrs->children->content;
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"not") &&
- attrs->children && attrs->children->content)
- isNot = attrs->children->content;
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"not") &&
+ attrs->children && attrs->children->content)
+ isNot = attrs->children->content;
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"regex") &&
- attrs->children && attrs->children->content)
- regex = attrs->children->content;
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"regex") &&
+ attrs->children && attrs->children->content)
+ regex = attrs->children->content;
- attrs = attrs->next;
- }
+ attrs = attrs->next;
+ }
string *storedValue = getValue (hashedDomains, name);
@@ -314,16 +322,16 @@ bool XmlValidator::doCondition (xmlNodePtr node,
HashMap<string, SecurityDomain*
bool eq;
if (!xmlStrcmp (regex, (const xmlChar *) "yes"))
- {
- Regex regex;
+ {
+ Regex regex;
- if (regex.compile ((const char*)value, REG_EXTENDED))
- return false;
+ if (regex.compile ((const char*)value, REG_EXTENDED))
+ return false;
- regmatch_t pm;
+ regmatch_t pm;
- eq = regex.exec (storedValue->c_str (), 1, &pm, 0) == 0;
- }
+ eq = regex.exec (storedValue->c_str (), 1, &pm, 0) == 0;
+ }
else
eq = storedValue->compare ((const char*)value) == 0;
@@ -336,7 +344,8 @@ bool XmlValidator::doCondition (xmlNodePtr node,
HashMap<string, SecurityDomain*
/*!
*Handle a PERMISSION.
*/
-void XmlValidator::doPermission (xmlNodePtr node, SecurityToken *st,
HashMap<string, SecurityDomain*> *hashedDomains)
+void XmlValidator::doPermission (xmlNodePtr node, SecurityToken *st,
+ HashMap<string, SecurityDomain*> *hashedDomains)
{
string name;
xmlAttr *attrs = node->properties;
@@ -351,24 +360,25 @@ void XmlValidator::doPermission (xmlNodePtr node,
SecurityToken *st, HashMap<str
/*!
*Handle a DEFINE.
*/
-void XmlValidator::doDefine (xmlNodePtr node, SecurityToken *st,
HashMap<string, SecurityDomain*> *hashedDomains)
+void XmlValidator::doDefine (xmlNodePtr node, SecurityToken *st,
+ HashMap<string, SecurityDomain*> *hashedDomains)
{
string name;
const xmlChar *value = (const xmlChar*)"";
xmlAttr *attrs = node->properties;
while (attrs)
- {
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
- attrs->children && attrs->children->content)
- name.assign ((const char*)attrs->children->content);
+ {
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
+ attrs->children && attrs->children->content)
+ name.assign ((const char*)attrs->children->content);
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
- attrs->children && attrs->children->content)
- value = attrs->children->content;
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
+ attrs->children && attrs->children->content)
+ value = attrs->children->content;
- attrs = attrs->next;
- }
+ attrs = attrs->next;
+ }
if (!value)
return;
@@ -384,20 +394,19 @@ void XmlValidator::doDefine (xmlNodePtr node,
SecurityToken *st, HashMap<string,
/*!
*Handle a RETURN.
*/
-void XmlValidator::doReturn (xmlNodePtr node, int *cmd, HashMap<string,
SecurityDomain*> *hashedDomains)
+void XmlValidator::doReturn (xmlNodePtr node, int *cmd,
+ HashMap<string, SecurityDomain*> *hashedDomains)
{
xmlAttr *attrs = node->properties;
-
xmlChar *value = NULL;
-
while (attrs)
- {
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
- attrs->children && attrs->children->content)
- value = attrs->children->content;
+ {
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
+ attrs->children && attrs->children->content)
+ value = attrs->children->content;
- attrs = attrs->next;
- }
+ attrs = attrs->next;
+ }
if (value && !xmlStrcmp (value, (const xmlChar *) "ALLOW"))
*cmd = 1;
diff --git a/myserver/tests/test_crypt_algo_manager.cpp
b/myserver/tests/test_crypt_algo_manager.cpp
index 6c8dc47..a3f508a 100644
--- a/myserver/tests/test_crypt_algo_manager.cpp
+++ b/myserver/tests/test_crypt_algo_manager.cpp
@@ -82,7 +82,7 @@ public:
try
{
/* Using an algorithm that is not registered causes an
- * exception. */
+ exception. */
cam.check (value, result, wrong);
}
catch (...)
-----------------------------------------------------------------------
Summary of changes:
myserver/documentation/security.texi | 14 +
myserver/include/conf/security/auth_method.h | 12 +
.../include/conf/security/auth_method_factory.h | 5 +-
myserver/include/conf/security/security_token.h | 110 ++++---
myserver/include/conf/security/validator.h | 14 +-
myserver/include/conf/security/xml_validator.h | 41 ++-
myserver/include/filter/filters_chain.h | 28 +-
myserver/include/protocol/protocol.h | 4 +-
myserver/include/server/server.h | 44 +--
myserver/src/conf/security/auth_method.cpp | 25 ++-
myserver/src/conf/security/auth_method_factory.cpp | 34 +-
myserver/src/conf/security/security_cache.cpp | 73 ++---
myserver/src/conf/security/security_token.cpp | 135 ++++----
myserver/src/conf/security/xml_validator.cpp | 374 +++++++++++---------
myserver/src/protocol/http/http.cpp | 48 ++-
myserver/src/server/server.cpp | 2 +-
myserver/tests/Makefile.am | 10 +-
myserver/tests/test_auth_method.cpp | 106 ++++++
myserver/tests/test_crypt_algo_manager.cpp | 32 +-
myserver/tests/test_security_manager.cpp | 5 +
20 files changed, 666 insertions(+), 450 deletions(-)
create mode 100644 myserver/tests/test_auth_method.cpp
hooks/post-receive
--
GNU MyServer
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [SCM] GNU MyServer branch, master, updated. 0_9-383-gfc3226b,
Giuseppe Scrivano <=