[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [2864] New security used in the HTTP and FTP protocols
From: |
Giuseppe Scrivano |
Subject: |
[myserver-commit] [2864] New security used in the HTTP and FTP protocols. |
Date: |
Sat, 04 Oct 2008 19:43:01 +0000 |
Revision: 2864
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=2864
Author: gscrivano
Date: 2008-10-04 19:43:00 +0000 (Sat, 04 Oct 2008)
Log Message:
-----------
New security used in the HTTP and FTP protocols.
Modified Paths:
--------------
branches/myserver_sec_new/binaries/system/Makefile.am
branches/myserver_sec_new/include/conf/security/security_cache.h
branches/myserver_sec_new/include/conf/security/security_manager.h
branches/myserver_sec_new/include/conf/security/security_token.h
branches/myserver_sec_new/include/protocol/ftp/ftp.h
branches/myserver_sec_new/include/protocol/http/http.h
branches/myserver_sec_new/include/server/server.h
branches/myserver_sec_new/src/conf/security/security_cache.cpp
branches/myserver_sec_new/src/conf/security/xml_validator.cpp
branches/myserver_sec_new/src/protocol/ftp/ftp.cpp
branches/myserver_sec_new/src/protocol/http/http.cpp
branches/myserver_sec_new/src/server/server.cpp
Added Paths:
-----------
branches/myserver_sec_new/binaries/system/.security.xml
Removed Paths:
-------------
branches/myserver_sec_new/binaries/system/security
Added: branches/myserver_sec_new/binaries/system/.security.xml
===================================================================
--- branches/myserver_sec_new/binaries/system/.security.xml
(rev 0)
+++ branches/myserver_sec_new/binaries/system/.security.xml 2008-10-04
19:43:00 UTC (rev 2864)
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<SECURITY>
+
+ <USER name="Guest" password="" READ="YES" EXECUTE="YES" BROWSE="YES"
WRITE="NO"/>
+
+</SECURITY>
Modified: branches/myserver_sec_new/binaries/system/Makefile.am
===================================================================
--- branches/myserver_sec_new/binaries/system/Makefile.am 2008-10-04
12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/binaries/system/Makefile.am 2008-10-04
19:43:00 UTC (rev 2864)
@@ -1,6 +1,5 @@
SUBDIRS = errors icons css
myserverdatadir = $(datadir)/myserver/system
-
-dist_myserverdata_DATA = security
+dist_myserverdata_DATA = .security.xml
Deleted: branches/myserver_sec_new/binaries/system/security
===================================================================
--- branches/myserver_sec_new/binaries/system/security 2008-10-04 12:46:47 UTC
(rev 2863)
+++ branches/myserver_sec_new/binaries/system/security 2008-10-04 19:43:00 UTC
(rev 2864)
@@ -1,8 +0,0 @@
-<?xml version="1.0"?>
-<SECURITY>
-
-
-<USER NAME="Guest" PASS="" READ="TRUE" EXECUTE="TRUE" WRITE="FALSE"
BROWSE="TRUE"/>
-
-</SECURITY>
-
Modified: branches/myserver_sec_new/include/conf/security/security_cache.h
===================================================================
--- branches/myserver_sec_new/include/conf/security/security_cache.h
2008-10-04 12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/include/conf/security/security_cache.h
2008-10-04 19:43:00 UTC (rev 2864)
@@ -44,12 +44,7 @@
int getSecurityFile (const string &file, const string &sys, string
&out, const char* secName = ".security.xml");
/////////OLD NASTY AND DISGUSTING. TEMPORARY SOLUTION TO DON'T BREAK
APIs////////////////////////////////////
- static class SecurityManager sm;
- static class AuthMethodFactory authMethodFactory;
- static class ValidatorFactory validatorFactory;
-
- int getPermissionMask (SecurityToken* st);
-
+ int getPermissionMask (SecurityToken* st){return 0;}
int getErrorFileName (const char *root, int error,
const char* sysdirectory, string& out){return 0;}
private:
Modified: branches/myserver_sec_new/include/conf/security/security_manager.h
===================================================================
--- branches/myserver_sec_new/include/conf/security/security_manager.h
2008-10-04 12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/include/conf/security/security_manager.h
2008-10-04 19:43:00 UTC (rev 2864)
@@ -43,6 +43,9 @@
*/
enum PERMISSION_MASK
{
+ /*! No permissions. */
+ MYSERVER_PERMISSION_NONE = 0,
+
/*! Current user can read the file. */
MYSERVER_PERMISSION_READ = (1<<0),
@@ -55,8 +58,11 @@
/*! Current user can remove the file. */
MYSERVER_PERMISSION_DELETE = (1<<3),
-/*! Current user can browse the directory content. */
- MYSERVER_PERMISSION_BROWSE = (1<<4)
+ /*! Current user can browse the directory content. */
+ MYSERVER_PERMISSION_BROWSE = (1<<4),
+
+ /*! All permissions. */
+ MYSERVER_PERMISSION_ALL = -1
};
class SecurityManager
Modified: branches/myserver_sec_new/include/conf/security/security_token.h
===================================================================
--- branches/myserver_sec_new/include/conf/security/security_token.h
2008-10-04 12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/include/conf/security/security_token.h
2008-10-04 19:43:00 UTC (rev 2864)
@@ -218,17 +218,6 @@
/*! VHost. */
Vhost* vhost;
-
-
- ///////OLD NOT USED////////////
- friend class Http;
- friend class Ftp;
- char* requiredPassword;
- const char* filename;
- struct HttpThreadContext* td;
- char* authType;
- int authTypeLen;
- int throttlingRate;
};
#endif
Modified: branches/myserver_sec_new/include/protocol/ftp/ftp.h
===================================================================
--- branches/myserver_sec_new/include/protocol/ftp/ftp.h 2008-10-04
12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/include/protocol/ftp/ftp.h 2008-10-04
19:43:00 UTC (rev 2864)
@@ -25,7 +25,6 @@
#include <include/base/mem_buff/mem_buff.h>
#include <include/base/xml/xml_parser.h>
#include <include/protocol/ftp/ftp_common.h>
-#include <include/conf/security/security_cache.h>
#include <include/protocol/ftp/ftp_parser.h>
#include <include/protocol/ftp/ftp_lexer.h>
@@ -139,9 +138,6 @@
void RetrStor(bool bRetr, bool bAppend, const std::string &sPath);
void RemovePipelinedCmds(MemBuf &In, MemBuf &Out);
- static Mutex secCacheMutex;
- static SecurityCache secCache;
-
public:
void EscapeTelnet(MemBuf &In, MemBuf &Out);
Modified: branches/myserver_sec_new/include/protocol/http/http.h
===================================================================
--- branches/myserver_sec_new/include/protocol/http/http.h 2008-10-04
12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/include/protocol/http/http.h 2008-10-04
19:43:00 UTC (rev 2864)
@@ -22,6 +22,7 @@
#include <include/protocol/http/http_thread_context.h>
#include <include/protocol/protocol.h>
#include <include/protocol/http/http_headers.h>
+#include <include/conf/security/security_token.h>
#include <include/conf/security/security_cache.h>
#include <include/base/xml/xml_parser.h>
#include <include/base/thread/thread.h>
@@ -54,10 +55,6 @@
clearMulticastRegistry();
}
-
- Mutex secCacheMutex;
- SecurityCache secCache;
-
DynHttpCommandManager dynCmdManager;
DynHttpManagerList dynManagerList;
@@ -76,18 +73,22 @@
public:
/*! Realm string used by Digest authorization scheme. */
char realm[48];
+
/*! Opaque string used by Digest authorization scheme. */
char opaque[48];
+
/*! Nonce string used by Digest authorization scheme. */
char nonce[48];
+
/*! Cnonce string used by Digest authorization scheme. */
char cnonce[48];
- /*! Password string used by Digest authorization scheme. */
- char requiredPassword[32];
+
/*! Nonce count used by Digest authorization scheme. */
u_long nc;
+
/*! Nonzero if the user was authenticated trough the Digest scheme. */
int digest;
+
/*! Nonzero if the digest was already checked. */
int digestChecked;
HttpUserData();
@@ -187,7 +188,10 @@
static HttpStaticData* getStaticData();
+ SecurityToken *getSecurityToken (){return &securityToken;}
+
protected:
+ SecurityToken securityToken;
HttpDataHandler* mscgi;
HttpDataHandler* wincgi;
HttpDataHandler* isapi;
Modified: branches/myserver_sec_new/include/server/server.h
===================================================================
--- branches/myserver_sec_new/include/server/server.h 2008-10-04 12:46:47 UTC
(rev 2863)
+++ branches/myserver_sec_new/include/server/server.h 2008-10-04 19:43:00 UTC
(rev 2864)
@@ -46,6 +46,11 @@
#include <include/base/multicast/multicast.h>
#include <include/connections_scheduler/connections_scheduler.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/auth_method_factory.h>
+#include <include/conf/security/validator_factory.h>
+
#include <string>
#include <list>
using namespace std;
@@ -153,6 +158,7 @@
void increaseFreeThread();
void decreaseFreeThread();
+ SecurityManager* getSecurityManager (){return &securityManager;}
private:
friend class ClientsThread;
@@ -251,6 +257,10 @@
ProcessServerManager processServerManager;
ConnectionsScheduler connectionsScheduler;
bool endServer;
+
+ AuthMethodFactory authMethodFactory;
+ ValidatorFactory validatorFactory;
+ SecurityManager securityManager;
};
#endif
Modified: branches/myserver_sec_new/src/conf/security/security_cache.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/security_cache.cpp
2008-10-04 12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/src/conf/security/security_cache.cpp
2008-10-04 19:43:00 UTC (rev 2864)
@@ -24,28 +24,6 @@
#include <string>
using namespace std;
-
-
-AuthMethodFactory SecurityCache::authMethodFactory;
-ValidatorFactory SecurityCache::validatorFactory;
-SecurityManager SecurityCache::sm(&SecurityCache::validatorFactory,
&SecurityCache::authMethodFactory);
-
-int SecurityCache::getPermissionMask (SecurityToken* st)
-{
- string xml("xml");
- if (!validatorFactory.isValidatorPresent (xml))
- {
- XmlValidator*xmlV = new XmlValidator ();
-
- validatorFactory.addValidator (xml, xmlV);
- authMethodFactory.addAuthMethod (xml, (AuthMethod*) xmlV);
- }
-
- AuthDomain auth (st);
- SecurityDomain* domains[] = {&auth, NULL};
- return sm.getPermissionMask (st, domains, xml, xml);
-}
-/////////////////////////////////////////////////////////////////////////////////////
/*!
*Constructor for the SecurityCache object.
@@ -200,7 +178,6 @@
parser = dictionary.get (file);
-
/*!
*If the parser is already present and satisfy XPath then use it.
*/
Modified: branches/myserver_sec_new/src/conf/security/xml_validator.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/xml_validator.cpp
2008-10-04 12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/src/conf/security/xml_validator.cpp
2008-10-04 19:43:00 UTC (rev 2864)
@@ -154,22 +154,22 @@
attrs->children && attrs->children->content)
*password = attrs->children->content;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"read") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"READ") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_READ;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"write") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"WRITE") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_WRITE;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"execute") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"EXECUTE") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_EXECUTE;
- else if (!xmlStrcmp (attrs->name, (const xmlChar *)"browse") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"BROWSE") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_BROWSE;
@@ -196,11 +196,23 @@
for (xmlNodePtr cur = xmlFile->getDoc ()->children; cur; cur = cur->next)
if (cur->type == XML_ELEMENT_NODE)
{
- int cmd = 1;
+ int cmd = -1;
computeXmlNode (cur, st, &cmd, hashedDomains);
- return cmd;
+ /* By default return ALLOW. */
+ if (cmd == -1)
+ return 1;
+
+ if (cmd == 0)
+ return 0;
+
+ if (cmd == 1)
+ {
+ st->setMask (MYSERVER_PERMISSION_ALL);
+ return 1;
+ }
+
}
return 0;
Modified: branches/myserver_sec_new/src/protocol/ftp/ftp.cpp
===================================================================
--- branches/myserver_sec_new/src/protocol/ftp/ftp.cpp 2008-10-04 12:46:47 UTC
(rev 2863)
+++ branches/myserver_sec_new/src/protocol/ftp/ftp.cpp 2008-10-04 19:43:00 UTC
(rev 2864)
@@ -28,6 +28,7 @@
#include <include/base/find_data/find_data.h>
#include <include/base/string/stringutils.h>
#include <include/base/mem_buff/mem_buff.h>
+#include <include/conf/security/auth_domain.h>
#include <assert.h>
#ifndef WIN32
@@ -96,14 +97,6 @@
}
//////////////////////////////////////////////////////////////////////////////
-// Used at Ftp access control
-/*! Cache for security files. */
-SecurityCache Ftp::secCache;
-
-/*! Access the security cache safely. */
-Mutex Ftp::secCacheMutex;
-
-//////////////////////////////////////////////////////////////////////////////
// FtpUserData class
FtpUserData::FtpUserData()
{
@@ -2389,34 +2382,34 @@
FilesUtility::splitPath(sPath, sDir, sFileName);
SecurityToken st;
+ string user;
+ string password;
if ( strcmpi(sUser.c_str(), "anonymous") == 0 )
{
- st.user = "Guest";
- st.password = "";
+ user.assign ("Guest");
+ password.assign("");
}
else
{
- st.user = sUser.c_str();
- st.password = sPass.c_str();
+ user.assign (sUser);
+ password.assign (sPass);
}
- st.directory = &sDir;
- st.sysdirectory =
(string*)&(td.pConnection->host->getSystemRoot());//pFtpUserData->m_pDataConnection->host->getSystemRoot().c_str();
- st.authType = 0;
- st.filename = sFileName.c_str();
- //st.providedMask = &mask;
- int perm = 0;
- secCacheMutex.lock();
- try
- {
- perm = secCache.getPermissionMask (&st);
- secCacheMutex.unlock();
- }
- catch ( ... )
- {
- secCacheMutex.unlock();
- throw;
- }
- return (perm & mask);
+
+ st.setUser (user);
+ st.setPassword (password);
+
+
+ st.setDirectory (&sDir);
+ st.setSysDirectory ((string *)&(td.pConnection->host->getSystemRoot ()));
+ st.setResource (&sFileName);
+
+ AuthDomain auth (&st);
+ string xml ("xml");//FIXME: don't hardly-code "xml".
+ SecurityDomain* domains[] = {&auth, NULL};
+
+ Server::getInstance()->getSecurityManager ()->getPermissionMask (&st,
domains, xml, xml);
+
+ return (st.getMask () & mask);
}
void Ftp::Size(const std::string &sPath)
Modified: branches/myserver_sec_new/src/protocol/http/http.cpp
===================================================================
--- branches/myserver_sec_new/src/protocol/http/http.cpp 2008-10-04
12:46:47 UTC (rev 2863)
+++ branches/myserver_sec_new/src/protocol/http/http.cpp 2008-10-04
19:43:00 UTC (rev 2864)
@@ -18,8 +18,10 @@
#include <include/protocol/http/http.h>
#include <include/protocol/http/http_headers.h>
+#include <include/protocol/http/http_req_security_domain.h>
#include <include/server/server.h>
#include <include/conf/security/security.h>
+#include <include/conf/security/auth_domain.h>
#include <include/base/base64/mime_utils.h>
#include <include/base/file/file.h>
#include <include/base/file/files_utility.h>
@@ -348,23 +350,21 @@
int Http::getFilePermissions(string& filename, string& directory, string&
file,
string &filenamePath, int yetmapped, int*
permissions)
{
- SecurityToken st;
- char authType[16];
int providedMask;
- st.server = Server::getInstance();
- st.resource = &filenamePath;
- st.directory = &directory;
- st.sysdirectory = &(td->vhostSys);
+ securityToken.setServer (Server::getInstance());
+ securityToken.setSysDirectory (&(td->vhostSys));
- st.vhost = td->connection->host;
+ securityToken.setVhost (td->connection->host);
try
{
- st.authType = authType;
- st.authTypeLen = 16;
- st.td = td;
- FilesUtility::splitPath(filename, directory, file);
+ FilesUtility::splitPath (filename, directory, file);
+ FilesUtility::completePath (directory);
+
+ securityToken.setResource (&filenamePath);
+ securityToken.setDirectory (&directory);
+
/*!
*td->filenamePath is the file system mapped path while filename
*is the uri requested.
@@ -421,66 +421,53 @@
((HttpUserData*)(td->connection->protocolBuffer))->reset();
}
+ string user;
+ string password;
+
if(td->request.auth.length())
{
- st.user = td->connection->getLogin();
- st.password = td->connection->getPassword();
- st.filename = file.c_str();
- st.requiredPassword =
- ((HttpUserData*)td->connection->protocolBuffer)->requiredPassword;
- staticHttp.secCacheMutex.lock();
- try
- {
- *permissions = staticHttp.secCache.getPermissionMask(&st);
- staticHttp.secCacheMutex.unlock();
- }
- catch(...)
- {
- staticHttp.secCacheMutex.unlock();
- throw;
- };
+ user.assign (td->connection->getLogin());
+ password.assign (td->connection->getPassword ());
}
- else/*! The default user is Guest with a null password. */
+ else
{
- st.user = "Guest";
- st.password = "";
- st.filename = file.c_str();
- st.requiredPassword = 0;
- st.providedMask = 0;
- staticHttp.secCacheMutex.lock();
- try
- {
- *permissions = staticHttp.secCache.getPermissionMask(&st);
- staticHttp.secCacheMutex.unlock();
- }
- catch(...)
- {
- staticHttp.secCacheMutex.unlock();
- throw;
- };
+ /* The default user is Guest with a null password. */
+ user.assign ("Guest");
+ password.assign ("");
}
- if(*permissions == -1)
- {
- td->connection->host->warningsLogRequestAccess(td->id);
- td->connection->host->warningsLogWrite(
- "Http: Error reading security file");
- td->connection->host->warningsLogTerminateAccess(td->id);
- return 500;
- }
+
+ securityToken.setUser (user);
+ securityToken.setPassword (password);
+
+ AuthDomain auth (&securityToken);
+ HttpReqSecurityDomain httpReqSecDom (&(td->request));
+
+ string xml ("xml");//FIXME: don't hardly-code "xml".
+ SecurityDomain* domains[] = {&auth, &httpReqSecDom, NULL};
+
+ Server::getInstance()->getSecurityManager ()->getPermissionMask
(&securityToken, domains, xml, xml);
+
+ const char *authType = securityToken.getHashedData ("http.auth",
MYSERVER_SECURITY_CONF |
+ MYSERVER_VHOST_CONF |
+ MYSERVER_SERVER_CONF);
+ *permissions = securityToken.getMask ();
+
/*! Check if we have to use digest for the current directory. */
- if(!strcmpi(authType, "Digest"))
+ if(authType && !strcmpi(authType, "Digest"))
{
+ HttpUserData* hud = (HttpUserData*)td->connection->protocolBuffer;
+
if(!td->request.auth.compare("Digest"))
{
- if(!((HttpUserData*)td->connection->protocolBuffer)->digestChecked)
- ((HttpUserData*)td->connection->protocolBuffer)->digest =
- checkDigest();
- ((HttpUserData*)td->connection->protocolBuffer)->digestChecked = 1;
- if(((HttpUserData*)td->connection->protocolBuffer)->digest == 1)
+ if(!hud->digestChecked)
+ hud->digest = checkDigest();
+
+ hud->digestChecked = 1;
+
+ if(hud->digest == 1)
{
- td->connection->setPassword(
-
((HttpUserData*)td->connection->protocolBuffer)->requiredPassword);
- *permissions = providedMask;
+ td->connection->setPassword (securityToken.getNeededPassword
().c_str ());
+ *permissions = securityToken.getProvidedMask ();
}
}
td->authScheme = HTTP_AUTH_SCHEME_DIGEST;
@@ -490,44 +477,19 @@
{
td->authScheme = HTTP_AUTH_SCHEME_BASIC;
}
- /*! If there are no permissions, use the Guest permissions. */
- if(td->request.auth.length() && (*permissions==0))
- {
- st.user = "Guest";
- st.password = "";
- st.filename = file.c_str();
- st.requiredPassword = 0;
- st.providedMask = 0;
- staticHttp.secCacheMutex.lock();
- try
- {
- *permissions = staticHttp.secCache.getPermissionMask(&st);
- staticHttp.secCacheMutex.unlock();
- }
- catch(...)
- {
- staticHttp.secCacheMutex.unlock();
- throw;
- };
- }
- if(*permissions == -1)
- {
- td->connection->host->warningsLogRequestAccess(td->id);
- td->connection->host->warningsLogWrite(
- "Http: Error reading security file");
- td->connection->host->warningsLogTerminateAccess(td->id);
- return 500;
- }
}
catch(...)
{
return 500;
}
+ const char *tr = securityToken.getHashedData ("connection.throttling",
MYSERVER_SECURITY_CONF |
+ MYSERVER_VHOST_CONF |
+ MYSERVER_SERVER_CONF);
/*! If a throttling rate was specifed use it. */
- if(st.throttlingRate != -1)
- td->connection->socket->setThrottling(st.throttlingRate);
+ if(tr)
+ td->connection->socket->setThrottling( atoi (tr));
return 200;
}
@@ -543,6 +505,9 @@
{
string directory;
string file;
+ int filenamePathLen;
+ string dirscan;
+
try
{
if(td->request.isKeepAlive())
@@ -550,6 +515,73 @@
td->response.connection.assign( "keep-alive");
}
+ /*!
+ *Get the PATH_INFO value.
+ *Use dirscan as a buffer for put temporary directory scan.
+ *When an '/' character is present check if the path up to '/' character
+ *is a file. If it is a file send the rest of the uri as PATH_INFO.
+ */
+ td->pathInfo.assign("");
+ td->pathTranslated.assign("");
+ filenamePathLen = (int)td->filenamePath.length();
+ dirscan.assign("");
+
+ for(int i = 0, len = 0; i < filenamePathLen ; i++)
+ {
+ /*!
+ *http://host/pathtofile/filetosend.php/PATH_INFO_VALUE?QUERY_INFO_VALUE
+ *When a request has this form send the file filetosend.php with the
+ *environment string PATH_INFO equals to PATH_INFO_VALUE and QUERY_INFO
+ *to QUERY_INFO_VALUE.
+ *
+ *If there is the '/' character check if dirscan is a file.
+ */
+ if(i && (td->filenamePath[i] == '/'))
+ {
+ /*!
+ *If the token is a file.
+ */
+ if(!FilesUtility::isDirectory(dirscan.c_str()))
+ {
+ td->pathInfo.assign((char*) & (td->filenamePath[i]));
+ td->filenamePath.assign(dirscan);
+ break;
+ }
+ }
+
+ if(len + 1 < filenamePathLen)
+ {
+ char db[2];
+ db[0] = (td->filenamePath)[i];
+ db[1] = '\0';
+ dirscan.append(db);
+ }
+ }
+
+ /*!
+ *If there is a PATH_INFO value the get the PATH_TRANSLATED too.
+ *PATH_TRANSLATED is the local filesystem mapped version of PATH_INFO.
+ */
+ if(td->pathInfo.length() > 1)
+ {
+ int ret;
+ /*!
+ *Start from the second character because the first is a
+ *slash character.
+ */
+ ret = getPath(td->pathTranslated, &((td->pathInfo.c_str())[1]), 0);
+
+ if(ret != 200)
+ td->pathTranslated.assign("");
+ else
+ FilesUtility::completePath(td->pathTranslated);
+ }
+ else
+ {
+ td->pathTranslated.assign("");
+ }
+ FilesUtility::completePath(td->filenamePath);
+
return getFilePermissions(filename, directory, file,
td->filenamePath, yetmapped, permissions);
}
@@ -632,7 +664,7 @@
md5.init();
td->buffer2->setLength(0);
*td->buffer2 << td->request.digestUsername << ":" << td->request.digestRealm
- << ":" <<
((HttpUserData*)td->connection->protocolBuffer)->requiredPassword;
+ << ":" << securityToken.getNeededPassword();
md5.update((unsigned char const*)td->buffer2->getBuffer(),
(unsigned int)td->buffer2->getLength());
@@ -692,7 +724,6 @@
nonce[0] = '\0';
cnonce[0] = '\0';
digestChecked = 0;
- requiredPassword[0] = '\0';
nc = 0;
digest = 0;
}
@@ -710,8 +741,6 @@
string filename;
int permissions;
int providedMask;
- string dirscan;
- int filenamePathLen;
string data;
int mimecmd;
time_t lastMT;
@@ -745,77 +774,7 @@
return raiseHTTPError(ret);
}
- /* The security file doesn't exist in any case. */
- if(!strcmpi(file.c_str(), "security"))
- return raiseHTTPError(404);
-
/*!
- *Get the PATH_INFO value.
- *Use dirscan as a buffer for put temporary directory scan.
- *When an '/' character is present check if the path up to '/' character
- *is a file. If it is a file send the rest of the uri as PATH_INFO.
- */
- td->pathInfo.assign("");
- td->pathTranslated.assign("");
- filenamePathLen = (int)td->filenamePath.length();
- dirscan.assign("");
- for(int i = 0, len = 0; i < filenamePathLen ; i++)
- {
- /*!
- *http://host/pathtofile/filetosend.php/PATH_INFO_VALUE?QUERY_INFO_VALUE
- *When a request has this form send the file filetosend.php with the
- *environment string PATH_INFO equals to PATH_INFO_VALUE and QUERY_INFO
- *to QUERY_INFO_VALUE.
- *
- *If there is the '/' character check if dirscan is a file.
- */
- if(i && (td->filenamePath[i] == '/'))
- {
- /*!
- *If the token is a file.
- */
- if(!FilesUtility::isDirectory(dirscan.c_str()))
- {
- td->pathInfo.assign((char*) & (td->filenamePath[i]));
- td->filenamePath.assign(dirscan);
- break;
- }
- }
-
- if(len + 1 < filenamePathLen)
- {
- char db[2];
- db[0] = (td->filenamePath)[i];
- db[1] = '\0';
- dirscan.append(db);
- }
- }
-
- /*!
- *If there is a PATH_INFO value the get the PATH_TRANSLATED too.
- *PATH_TRANSLATED is the local filesystem mapped version of PATH_INFO.
- */
- if(td->pathInfo.length() > 1)
- {
- int ret;
- /*!
- *Start from the second character because the first is a
- *slash character.
- */
- ret = getPath(td->pathTranslated, &((td->pathInfo.c_str())[1]), 0);
-
- if(ret != 200)
- td->pathTranslated.assign("");
- else
- FilesUtility::completePath(td->pathTranslated);
- }
- else
- {
- td->pathTranslated.assign("");
- }
- FilesUtility::completePath(td->filenamePath);
-
- /*!
*If there are not any extension then we do one of this in order:
*1)We send the default files in the directory in order.
*2)We send the directory content.
@@ -1969,7 +1928,6 @@
{
try
{
- string defFile;
int ret = 0;
string time;
ostringstream errorFile;
@@ -2007,23 +1965,16 @@
}
td->response.httpStatus = ID;
- staticHttp.secCacheMutex.lock();
- /*!
- *The specified error file name must be in the web directory
- *of the virtual host.
- */
- if(td->connection->host)
- ret = staticHttp.secCache.getErrorFileName(td->getVhostDir(),
- ID,
- td->getVhostSys(),
- defFile);
- else
- ret = -1;
- staticHttp.secCacheMutex.unlock();
+ char errorName [32];
+ sprintf (errorName, "http.error.file.%i", ID);
- if(ret > 0)
+ const char *defErrorFile = securityToken.getHashedData (errorName,
MYSERVER_SECURITY_CONF |
+
MYSERVER_VHOST_CONF |
+
MYSERVER_SERVER_CONF);
+
+ if (defErrorFile)
{
ostringstream nURL;
int isPortSpecified = 0;
@@ -2046,7 +1997,7 @@
if(nURL.str()[nURL.str().length()-1] != '/')
nURL << "/";
- nURL << defFile;
+ nURL << defErrorFile;
if(td->pathInfo.length())
nURL << "/" << td->pathInfo;
@@ -2367,8 +2318,6 @@
string pluginsResource(Server::getInstance()->getExternalPath());
xmlDocPtr xmlDoc = configurationFileManager->getDoc();
- staticHttp.secCacheMutex.init();
-
/*
*Store defaults value.
*By default use GZIP with files bigger than a MB.
@@ -2488,10 +2437,6 @@
HttpDir::unLoad();
- staticHttp.secCache.free();
-
- staticHttp.secCacheMutex.destroy();
-
staticHttp.defaultFilename.clear();
staticHttp.browseDirCSSpath.assign("");
Modified: branches/myserver_sec_new/src/server/server.cpp
===================================================================
--- branches/myserver_sec_new/src/server/server.cpp 2008-10-04 12:46:47 UTC
(rev 2863)
+++ branches/myserver_sec_new/src/server/server.cpp 2008-10-04 19:43:00 UTC
(rev 2864)
@@ -74,8 +74,11 @@
*/
Server* Server::instance = 0;
-Server::Server() : connectionsScheduler(this),
- listenThreads(&connectionsScheduler, this)
+Server::Server() : connectionsScheduler (this),
+ listenThreads (&connectionsScheduler, this),
+ authMethodFactory (),
+ validatorFactory (),
+ securityManager (&validatorFactory, &authMethodFactory)
{
toReboot = false;
autoRebootEnabled = true;
@@ -496,6 +499,13 @@
*/
void Server::loadPlugins()
{
+ string xml("xml");
+ //FIXME: xmlV is never freed.
+ XmlValidator *xmlV = new XmlValidator ();
+
+ validatorFactory.addValidator (xml, xmlV);
+ authMethodFactory.addAuthMethod (xml, (AuthMethod*) xmlV);
+
if(filtersFactory.insert("gzip", Gzip::factory))
{
ostringstream stream;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [2864] New security used in the HTTP and FTP protocols.,
Giuseppe Scrivano <=