[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [2865] New security implementation merged to trunk fro
From: |
Giuseppe Scrivano |
Subject: |
[myserver-commit] [2865] New security implementation merged to trunk from the `myserver_sec_new' branch. |
Date: |
Sat, 04 Oct 2008 20:35:10 +0000 |
Revision: 2865
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=2865
Author: gscrivano
Date: 2008-10-04 20:35:08 +0000 (Sat, 04 Oct 2008)
Log Message:
-----------
New security implementation merged to trunk from the `myserver_sec_new' branch.
Modified Paths:
--------------
trunk/myserver/binaries/system/Makefile.am
trunk/myserver/include/base/xml/xml_parser.h
trunk/myserver/include/conf/security/Makefile.am
trunk/myserver/include/conf/security/security_cache.h
trunk/myserver/include/protocol/ftp/ftp.h
trunk/myserver/include/protocol/http/Makefile.am
trunk/myserver/include/protocol/http/http.h
trunk/myserver/include/server/server.h
trunk/myserver/src/conf/security/Makefile.am
trunk/myserver/src/conf/security/security_cache.cpp
trunk/myserver/src/http_handler/http_dir/http_dir.cpp
trunk/myserver/src/protocol/ftp/ftp.cpp
trunk/myserver/src/protocol/http/Makefile.am
trunk/myserver/src/protocol/http/http.cpp
trunk/myserver/src/server/server.cpp
trunk/myserver/tests/Makefile.am
Added Paths:
-----------
trunk/myserver/binaries/system/.security.xml
trunk/myserver/include/conf/security/auth_domain.h
trunk/myserver/include/conf/security/auth_method.h
trunk/myserver/include/conf/security/auth_method_factory.h
trunk/myserver/include/conf/security/security.h
trunk/myserver/include/conf/security/security_domain.h
trunk/myserver/include/conf/security/security_manager.h
trunk/myserver/include/conf/security/security_token.h
trunk/myserver/include/conf/security/validator.h
trunk/myserver/include/conf/security/validator_factory.h
trunk/myserver/include/conf/security/xml_validator.h
trunk/myserver/include/protocol/http/http_req_security_domain.h
trunk/myserver/src/conf/security/auth_domain.cpp
trunk/myserver/src/conf/security/auth_method.cpp
trunk/myserver/src/conf/security/auth_method_factory.cpp
trunk/myserver/src/conf/security/security_domain.cpp
trunk/myserver/src/conf/security/security_manager.cpp
trunk/myserver/src/conf/security/security_token.cpp
trunk/myserver/src/conf/security/validator.cpp
trunk/myserver/src/conf/security/validator_factory.cpp
trunk/myserver/src/conf/security/xml_validator.cpp
trunk/myserver/src/protocol/http/http_req_security_domain.cpp
trunk/myserver/tests/test_auth_domain.cpp
trunk/myserver/tests/test_http_req_security_domain.cpp
trunk/myserver/tests/test_security_cache.cpp
trunk/myserver/tests/test_security_domain.cpp
trunk/myserver/tests/test_security_manager.cpp
trunk/myserver/tests/test_security_token.cpp
trunk/myserver/tests/test_validator.cpp
trunk/myserver/tests/test_validator_factory.cpp
trunk/myserver/tests/test_xml_validator.cpp
Removed Paths:
-------------
trunk/myserver/binaries/system/security
trunk/myserver/include/conf/security/security.h
trunk/myserver/src/conf/security/security.cpp
Copied: trunk/myserver/binaries/system/.security.xml (from rev 2864,
branches/myserver_sec_new/binaries/system/.security.xml)
===================================================================
--- trunk/myserver/binaries/system/.security.xml
(rev 0)
+++ trunk/myserver/binaries/system/.security.xml 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<SECURITY>
+
+ <USER name="Guest" password="" READ="YES" EXECUTE="YES" BROWSE="YES"
WRITE="NO"/>
+
+</SECURITY>
Modified: trunk/myserver/binaries/system/Makefile.am
===================================================================
--- trunk/myserver/binaries/system/Makefile.am 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/binaries/system/Makefile.am 2008-10-04 20:35:08 UTC (rev
2865)
@@ -1,6 +1,5 @@
SUBDIRS = errors icons css
myserverdatadir = $(datadir)/myserver/system
-
-dist_myserverdata_DATA = security
+dist_myserverdata_DATA = .security.xml
Deleted: trunk/myserver/binaries/system/security
===================================================================
--- trunk/myserver/binaries/system/security 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/binaries/system/security 2008-10-04 20:35:08 UTC (rev
2865)
@@ -1,8 +0,0 @@
-<?xml version="1.0"?>
-<SECURITY>
-
-
-<USER NAME="Guest" PASS="" READ="TRUE" EXECUTE="TRUE" WRITE="FALSE"
BROWSE="TRUE"/>
-
-</SECURITY>
-
Modified: trunk/myserver/include/base/xml/xml_parser.h
===================================================================
--- trunk/myserver/include/base/xml/xml_parser.h 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/include/base/xml/xml_parser.h 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -54,58 +54,58 @@
class XmlParser
{
public:
- static bool startXML();
+ static bool startXML();
static bool cleanXML();
- XmlParser();
- ~XmlParser();
- xmlDocPtr getDoc();
- int open(const char* filename, bool useXpath = 0);
- int open(string const &filename, bool useXpath = 0){return
open(filename.c_str(), useXpath);};
- int openMemBuf(MemBuf &, bool useXpath = 0);
+ XmlParser();
+ ~XmlParser();
+ xmlDocPtr getDoc();
+ int open(const char* filename, bool useXpath = 0);
+ int open(string const &filename, bool useXpath = 0){return
open(filename.c_str(), useXpath);};
+ int openMemBuf(MemBuf &, bool useXpath = 0);
- char *getValue(const char* field);
- char *getValue(string const &field){return getValue(field.c_str());};
- char *getAttr(const char* field, const char *attr);
- int setValue(const char* field, const char *value);
- int close();
+ char *getValue(const char* field);
+ char *getValue(string const &field){return getValue(field.c_str());};
+ char *getAttr(const char* field, const char *attr);
+ int setValue(const char* field, const char *value);
+ int close();
- int save(const char *filename,int *nbytes = 0);
- int save(string const &filename,int *nbytes = 0){return
save(filename.c_str(), nbytes);};
- int saveMemBuf(MemBuf &,int *nbytes = 0);
+ int save(const char *filename, int *nbytes = 0);
+ int save(string const &filename, int *nbytes = 0){return
save(filename.c_str(), nbytes);};
+ int saveMemBuf(MemBuf &, int *nbytes = 0);
- void newfile(const char * root);
- void newfile(string const &root){newfile(root.c_str());};
- void addChild(const char * name, const char * value);
- void addChild(string const &name, string& value)
+ void newfile(const char * root);
+ void newfile(string const &root){newfile(root.c_str());};
+ void addChild(const char * name, const char * value);
+ void addChild(string const &name, string& value)
{addChild(name.c_str(), value.c_str());};
- void addGroup(const char * name);
- void addGroup(string const &name)
+ void addGroup(const char * name);
+ void addGroup(string const &name)
{addGroup(name.c_str());};
- void endGroup();
+ void endGroup();
- void setAttr(const char * name, const char * value);
+ void setAttr(const char * name, const char * value);
- void setAttr(string& name, string& value)
- {
- setAttr(name.c_str(), value.c_str());
- };
+ void setAttr(string& name, string& value)
+ {
+ setAttr(name.c_str(), value.c_str());
+ };
- void addLineFeed();
- time_t getLastModTime();
-
+ void addLineFeed();
+ time_t getLastModTime();
+
XmlXPathResult* evaluateXpath(string & path){return
evaluateXpath(path.c_str());}
XmlXPathResult* evaluateXpath(const char*);
bool isXpathEnabled(){return useXpath;}
+
private:
xmlXPathContextPtr xpathCtx;
bool useXpath;
- xmlDocPtr doc;
- string buffer;
- xmlNodePtr cur;
- xmlNodePtr prevCur;
- xmlNodePtr lastNode;
- time_t mtime;
-
+ xmlDocPtr doc;
+ string buffer;
+ xmlNodePtr cur;
+ xmlNodePtr prevCur;
+ xmlNodePtr lastNode;
+ time_t mtime;
};
#endif
Modified: trunk/myserver/include/conf/security/Makefile.am
===================================================================
--- trunk/myserver/include/conf/security/Makefile.am 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/include/conf/security/Makefile.am 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -1,4 +1,4 @@
securityincludedir=$(includedir)/myserver/include/conf/security
-securityinclude_HEADERS = security_cache.h security.h
+securityinclude_HEADERS = auth_domain.h auth_method.h auth_method_factory.h
security_cache.h security_domain.h security_manager.h security_token.h
validator.h validator_factory.h xml_validator.h
SUBDIRS =
Copied: trunk/myserver/include/conf/security/auth_domain.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/auth_domain.h)
===================================================================
--- trunk/myserver/include/conf/security/auth_domain.h
(rev 0)
+++ trunk/myserver/include/conf/security/auth_domain.h 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,42 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTH_DOMAIN_H
+#define AUTH_DOMAIN_H
+
+#include "stdafx.h"
+#include <include/conf/security/security_domain.h>
+
+#include <string>
+
+using namespace std;
+
+struct SecurityToken;
+
+class AuthDomain : public SecurityDomain
+{
+public:
+ AuthDomain (SecurityToken*);
+ virtual ~AuthDomain ();
+ virtual string *getValue (string &name);
+protected:
+ string name;
+ SecurityToken *securityToken;
+};
+
+#endif
Copied: trunk/myserver/include/conf/security/auth_method.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/auth_method.h)
===================================================================
--- trunk/myserver/include/conf/security/auth_method.h
(rev 0)
+++ trunk/myserver/include/conf/security/auth_method.h 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,36 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2002, 2003, 2004, 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTH_METHOD_H
+#define AUTH_METHOD_H
+
+#include "stdafx.h"
+#include <include/conf/security/security_manager.h>
+
+using namespace std;
+
+class AuthMethod
+{
+public:
+ AuthMethod ();
+ virtual ~AuthMethod();
+
+ virtual int getPermissionMask (SecurityToken* st);
+};
+
+#endif
Copied: trunk/myserver/include/conf/security/auth_method_factory.h (from rev
2864, branches/myserver_sec_new/include/conf/security/auth_method_factory.h)
===================================================================
--- trunk/myserver/include/conf/security/auth_method_factory.h
(rev 0)
+++ trunk/myserver/include/conf/security/auth_method_factory.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,41 @@
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTH_METHOD_FACTORY_H
+#define AUTH_METHOD_FACTORY_H
+
+#include "stdafx.h"
+#include <include/base/hash_map/hash_map.h>
+#include <string>
+
+using namespace std;
+
+class AuthMethod;
+
+
+class AuthMethodFactory
+{
+public:
+ AuthMethodFactory ();
+ virtual ~AuthMethodFactory ();
+ AuthMethod* getAuthMethod (string &name);
+ AuthMethod* addAuthMethod (string &name, AuthMethod* authMethod);
+ bool isAuthMethodPresent (string &name);
+private:
+ HashMap<string, AuthMethod*> authMethods;
+};
+#endif
Deleted: trunk/myserver/include/conf/security/security.h
===================================================================
--- trunk/myserver/include/conf/security/security.h 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/include/conf/security/security.h 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -1,121 +0,0 @@
-/* -*- mode: c++ -*- */
-/*
-MyServer
-Copyright (C) 2002, 2003, 2004, 2008 Free Software Foundation, Inc.
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef SECURITY_H
-#define SECURITY_H
-
-#include "stdafx.h"
-#include <include/connection/connection.h>
-#include <include/base/xml/xml_parser.h>
-#include <include/base/hash_map/hash_map.h>
-#include <include/protocol/http/http_headers.h>
-
-#ifndef DO_NOT_USE_SSL
-#include<openssl/ssl.h>
-#include<openssl/crypto.h>
-#include<openssl/lhash.h>
-#include<openssl/err.h>
-#include<openssl/bn.h>
-#include<openssl/pem.h>
-#include<openssl/x509.h>
-#include<openssl/rand.h>
-#include<openssl/pem.h>
-#include<openssl/err.h>
-#include<openssl/rsa.h>
-#endif
-
-#include <string>
-
-using namespace std;
-
-/*!
- *Various permissions flags.
- */
-
-/*! Current user can read the file. */
-const u_long MYSERVER_PERMISSION_READ = (1<<0);
-
-/*! Current user can write to the file. */
-const u_long MYSERVER_PERMISSION_WRITE = (1<<1);
-
-/*! Current user can execute the file. */
-const u_long MYSERVER_PERMISSION_EXECUTE = (1<<2);
-
-/*! Current user can remove the file. */
-const u_long MYSERVER_PERMISSION_DELETE = (1<<3);
-
-/*! Current user can browse the directory content. */
-const u_long MYSERVER_PERMISSION_BROWSE = (1<<4);
-
-struct SecurityToken
-{
- /*! User to check for. */
- const char* user;
-
- /*! Password provided by the user. */
- const char* password;
-
- /*! Directory that the user is in. */
- const char* directory;
-
- /*! System directory for the host. */
- const char* sysdirectory;
-
- /*! File that the user tried to access. */
- const char* filename;
-
- /*!
- *Password that the user should provide to have access.
- *This is used in authorization schemes like the HTTP digest,
- *where the password is not sent in clear on the network.
- */
- char *requiredPassword;
-
- /*! Permission mask that the user will have providing [neededPassword]. */
- int *providedMask;
-
- struct HttpThreadContext* td;
-
- /*! Authorization scheme to use. */
- char* authType;
-
- /*! Length for the [authType] allocated string. */
- int authTypeLen;
-
- /*! Throttling rate to use with specified user. */
- int throttlingRate;
-
- HashMap<string,string*> *otherValues;
-
- SecurityToken();
- void reset();
-};
-
-class SecurityManager
-{
-public:
- SecurityManager();
- ~SecurityManager();
- int getErrorFileName(const char *sysDir, int error, string& out,
- XmlParser* parser = 0);
- int getPermissionMask(SecurityToken* st, XmlParser* parser = 0);
-private:
- XmlParser* getParser(const char *sysDir);
- bool checkActions(HttpThreadContext* td, xmlNode *root);
-};
-#endif
Copied: trunk/myserver/include/conf/security/security.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/security.h)
===================================================================
--- trunk/myserver/include/conf/security/security.h
(rev 0)
+++ trunk/myserver/include/conf/security/security.h 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,2 @@
+//////KEEP THIS FILE TO DON'T BREAK OLD APIs
+#include <include/conf/security/security_manager.h>
Modified: trunk/myserver/include/conf/security/security_cache.h
===================================================================
--- trunk/myserver/include/conf/security/security_cache.h 2008-10-04
19:43:00 UTC (rev 2864)
+++ trunk/myserver/include/conf/security/security_cache.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -18,29 +18,38 @@
#ifndef SECURITY_CACHE_H
#define SECURITY_CACHE_H
#include <include/base/hash_map/hash_map.h>
-#include <include/conf/security/security.h>
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/auth_method_factory.h>
+#include <include/conf/security/auth_method.h>
+#include <include/conf/security/validator_factory.h>
+#include <include/conf/security/validator.h>
+#include <include/conf/security/xml_validator.h>
+
#include <string>
using namespace std;
class SecurityCache
{
+
public:
- SecurityCache();
- ~SecurityCache();
- void free();
- void setMaxNodes(int);
- int getMaxNodes();
- XmlParser* getParser(const char* dir, const char* sys, bool useXpath = true);
- int getSecurityFile(const char* file, const char* sys, string& out);
- int getPermissionMask(SecurityToken* st);
- int getErrorFileName(const char *root, int error,
- const char* sysdirectory, string& out);
+ SecurityCache ();
+ ~SecurityCache ();
+ void free ();
+ void setMaxNodes (int);
+ int getMaxNodes ();
+
+ XmlParser* getParser (const string &dir, const string &sys, bool useXpath =
true, const char* secName = ".security.xml");
+ int getSecurityFile (const string &file, const string &sys, string
&out, const char* secName = ".security.xml");
+
+ /////////OLD NASTY AND DISGUSTING. TEMPORARY SOLUTION TO DON'T BREAK
APIs////////////////////////////////////
+ int getPermissionMask (SecurityToken* st){return 0;}
+ int getErrorFileName (const char *root, int error,
+ const char* sysdirectory, string& out){return 0;}
private:
- /*! Object used to handle security on the server. */
- SecurityManager sm;
- /*! Store a list of opened files using a hash dictionary. */
+
+ /*! Store a list of opened files using a hash dictionary. */
HashMap<string, XmlParser*> dictionary;
int limit;
};
Copied: trunk/myserver/include/conf/security/security_domain.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/security_domain.h)
===================================================================
--- trunk/myserver/include/conf/security/security_domain.h
(rev 0)
+++ trunk/myserver/include/conf/security/security_domain.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,41 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SECURITY_DOMAIN_H
+#define SECURITY_DOMAIN_H
+
+#include "stdafx.h"
+
+#include <string>
+
+using namespace std;
+
+class SecurityDomain
+{
+public:
+ SecurityDomain ();
+ SecurityDomain (const char* name);
+ SecurityDomain (string &name);
+ virtual ~SecurityDomain ();
+ virtual string *getValue (string &name);
+ string& getName(){return name;}
+protected:
+ string name;
+};
+
+#endif
Copied: trunk/myserver/include/conf/security/security_manager.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/security_manager.h)
===================================================================
--- trunk/myserver/include/conf/security/security_manager.h
(rev 0)
+++ trunk/myserver/include/conf/security/security_manager.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,94 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2002, 2003, 2004, 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SECURITY_MANAGER_H
+#define SECURITY_MANAGER_H
+
+#include "stdafx.h"
+#include <include/conf/security/security_token.h>
+#include <include/connection/connection.h>
+#include <include/base/xml/xml_parser.h>
+#include <include/protocol/http/http_headers.h>
+#include <include/base/hash_map/hash_map.h>
+
+#include <string>
+
+using namespace std;
+
+class AuthMethod;
+class Validator;
+class SecurityDomain;
+class AuthMethodFactory;
+class ValidatorFactory;
+class Vhost;
+class Server;
+
+/*!
+ *Define permissions flags.
+ */
+enum PERMISSION_MASK
+{
+ /*! No permissions. */
+ MYSERVER_PERMISSION_NONE = 0,
+
+ /*! Current user can read the file. */
+ MYSERVER_PERMISSION_READ = (1<<0),
+
+ /*! Current user can write to the file. */
+ MYSERVER_PERMISSION_WRITE = (1<<1),
+
+ /*! Current user can execute the file. */
+ MYSERVER_PERMISSION_EXECUTE = (1<<2),
+
+ /*! Current user can remove the file. */
+ MYSERVER_PERMISSION_DELETE = (1<<3),
+
+ /*! Current user can browse the directory content. */
+ MYSERVER_PERMISSION_BROWSE = (1<<4),
+
+ /*! All permissions. */
+ MYSERVER_PERMISSION_ALL = -1
+};
+
+class SecurityManager
+{
+public:
+ SecurityManager(ValidatorFactory*, AuthMethodFactory*);
+ ~SecurityManager();
+
+ int getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ string& validator,
+ string& authMethod);
+
+ int getPermissionMask (SecurityToken* st,
+ list<SecurityDomain*> *domains,
+ string& validator,
+ string& authMethod);
+
+private:
+ int getValidatorAndAuthMethod (string &validatorName,
+ string &authMethodName,
+ Validator **validator,
+ AuthMethod **authMethod);
+
+ ValidatorFactory *validatorFactory;
+ AuthMethodFactory *authMethodFactory;
+};
+
+#endif
Copied: trunk/myserver/include/conf/security/security_token.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/security_token.h)
===================================================================
--- trunk/myserver/include/conf/security/security_token.h
(rev 0)
+++ trunk/myserver/include/conf/security/security_token.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,223 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2002, 2003, 2004, 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SECURITY_TOKEN_H
+#define SECURITY_TOKEN_H
+
+#include "stdafx.h"
+#include <include/base/hash_map/hash_map.h>
+
+#include <string>
+
+using namespace std;
+
+class Server;
+class Vhost;
+
+enum SECURITY_RING
+{
+ /*! Security file configuration. */
+ MYSERVER_SECURITY_CONF = (1<<0),
+
+ /*! Virtual host configuration. */
+ MYSERVER_VHOST_CONF = (1<<1),
+
+ /*! Global server configuration. */
+ MYSERVER_SERVER_CONF = (1<<2),
+};
+
+class SecurityToken
+{
+public:
+ SecurityToken();
+ void reset();
+
+ const char* getHashedData (const char* name, int domains);
+
+ string& getUser ()
+ {
+ return user;
+ }
+
+ string& getPassword ()
+ {
+ return password;
+ }
+
+ HashMap<string,string*>* getValues ()
+ {
+ return &values;
+ }
+
+ string *getDirectory ()
+ {
+ return directory;
+ }
+
+ string *getSysDirectory ()
+ {
+ return sysdirectory;
+ }
+
+ string *getResource ()
+ {
+ return resource;
+ }
+
+ int getMask ()
+ {
+ return mask;
+ }
+
+ int getProvidedMask ()
+ {
+ return providedMask;
+ }
+
+ string& getNeededPassword ()
+ {
+ return neededPassword;
+ }
+
+ bool isDone ()
+ {
+ return done;
+ }
+
+ bool isAuthenticated ()
+ {
+ return authenticated;
+ }
+
+
+ Server* getServer ()
+ {
+ return server;
+ }
+
+ Vhost* getVhost ()
+ {
+ return vhost;
+ }
+
+ void setUser (string& u)
+ {
+ user.assign (u);
+ }
+
+ void setPassword (string& pw)
+ {
+ password.assign (pw);
+ }
+
+ void setDirectory (string * d)
+ {
+ directory = d;
+ }
+
+ void setSysDirectory (string * sd)
+ {
+ sysdirectory = sd;
+ }
+
+ void setResource (string *r)
+ {
+ resource = r;
+ }
+
+ int setMask (int m)
+ {
+ mask = m;
+ }
+
+ void setProvidedMask (int p)
+ {
+ providedMask = p;
+ }
+
+ void setNeededPassword (string& pw)
+ {
+ neededPassword.assign (pw);
+ }
+
+ bool setDone (bool d)
+ {
+ done = d;
+ }
+
+ bool setAuthenticated (bool a)
+ {
+ authenticated = a;
+ }
+
+ void setServer (Server* s)
+ {
+ server = s;
+ }
+
+ void setVhost (Vhost* v)
+ {
+ vhost = v;
+ }
+
+private:
+ /*! User to check for. */
+ string user;
+
+ /*! Password provided by the user. */
+ string password;
+
+ /*! Directory that the user is in. */
+ string *directory;
+
+ /*! System directory for the host. */
+ string *sysdirectory;
+
+ /*! Resource that the user tried to access. */
+ string *resource;
+
+ /*! Permission mask. */
+ int mask;
+
+ /*!
+ *Password that the user should provide to have access.
+ *This is used in authorization schemes like the HTTP digest,
+ *where the password is not sent in clear on the network.
+ */
+ string neededPassword;
+
+ /*! The provided password is correct. */
+ bool authenticated;
+
+ /*! The obtained mask if password were correct. */
+ int providedMask;
+
+ /*! Stored values. */
+ HashMap<string,string*> values;
+
+ /*! If it is true the security manager will use the cached values. */
+ bool done;
+
+ /*! Server instance. */
+ Server* server;
+
+ /*! VHost. */
+ Vhost* vhost;
+};
+
+#endif
Copied: trunk/myserver/include/conf/security/validator.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/validator.h)
===================================================================
--- trunk/myserver/include/conf/security/validator.h
(rev 0)
+++ trunk/myserver/include/conf/security/validator.h 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,67 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef VALIDATOR_H
+#define VALIDATOR_H
+
+#include "stdafx.h"
+#include <include/base/hash_map/hash_map.h>
+
+#include <include/conf/security/auth_method.h>
+#include <include/conf/security/security_domain.h>
+#include <include/conf/security/security_manager.h>
+
+#include <list>
+using namespace std;
+
+
+class Validator
+{
+public:
+ Validator ();
+ virtual ~Validator ();
+
+ int getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ AuthMethod* authMethod);
+
+ int getPermissionMask (SecurityToken* st,
+ list<SecurityDomain*> *domains,
+ AuthMethod* authMethod);
+
+ virtual int getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod);
+
+
+ string *getValue (HashMap<string, SecurityDomain*> *hashedDomains,
+ string &name);
+protected:
+ inline void addDomain (HashMap<string, SecurityDomain*> *hashedDomains,
+ SecurityDomain *domain)
+ {
+ string &name = domain->getName ();
+ hashedDomains->put (name, domain);
+ }
+
+ int getPermissionMaskInt (SecurityToken* st,
+ HashMap<string, SecurityDomain*> *hashedDomains,
+ AuthMethod* authMethod);
+};
+
+#endif
Copied: trunk/myserver/include/conf/security/validator_factory.h (from rev
2864, branches/myserver_sec_new/include/conf/security/validator_factory.h)
===================================================================
--- trunk/myserver/include/conf/security/validator_factory.h
(rev 0)
+++ trunk/myserver/include/conf/security/validator_factory.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,41 @@
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef VALIDATOR_FACTORY_H
+#define VALIDATOR_FACTORY_H
+
+#include "stdafx.h"
+#include <include/base/hash_map/hash_map.h>
+#include <string>
+
+using namespace std;
+
+class Validator;
+
+
+class ValidatorFactory
+{
+public:
+ ValidatorFactory ();
+ virtual ~ValidatorFactory ();
+ Validator* getValidator (string &name);
+ Validator* addValidator (string &name, Validator* validator);
+ bool isValidatorPresent (string &name);
+private:
+ HashMap<string, Validator*> validators;
+};
+#endif
Copied: trunk/myserver/include/conf/security/xml_validator.h (from rev 2864,
branches/myserver_sec_new/include/conf/security/xml_validator.h)
===================================================================
--- trunk/myserver/include/conf/security/xml_validator.h
(rev 0)
+++ trunk/myserver/include/conf/security/xml_validator.h 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,77 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef XML_VALIDATOR_H
+#define XML_VALIDATOR_H
+
+#include "stdafx.h"
+#include <include/base/hash_map/hash_map.h>
+
+#include <include/conf/security/security_domain.h>
+#include <include/conf/security/security_manager.h>
+#include <include/server/server.h>
+#include <include/base/sync/mutex.h>
+#include <include/conf/security/validator.h>
+#include <include/base/xml/xml_parser.h>
+
+class SecurityCache;
+
+class XmlValidator : public Validator, public AuthMethod
+{
+public:
+ XmlValidator ();
+ virtual ~XmlValidator ();
+
+ using Validator::getPermissionMask;
+
+ virtual int getPermissionMask (SecurityToken* st);
+
+ virtual int getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod);
+
+private:
+ XmlParser* getParser(SecurityToken* st);
+ bool doCondition (xmlNodePtr node,
+ HashMap<string, SecurityDomain*> *hashedDomains);
+
+ void doReturn (xmlNodePtr node,
+ int *cmd,
+ HashMap<string, SecurityDomain*> *hashedDomains);
+
+ void doDefine (xmlNodePtr node,
+ SecurityToken *st,
+ HashMap<string, SecurityDomain*> *hashedDomains);
+
+ void doPermission (xmlNodePtr node,
+ SecurityToken *st,
+ HashMap<string, SecurityDomain*> *hashedDomains);
+
+ int computeXmlNode (xmlNodePtr node,
+ SecurityToken *st,
+ int *cmd,
+ HashMap<string, SecurityDomain*> *hashedDomains);
+
+ int getPermissions (xmlAttr* attrs, xmlChar** user = NULL, xmlChar**
password = NULL);
+
+ SecurityCache *getCache(Server*);
+ SecurityCache *secCache;
+ Mutex cacheMutex;
+};
+
+#endif
Modified: trunk/myserver/include/protocol/ftp/ftp.h
===================================================================
--- trunk/myserver/include/protocol/ftp/ftp.h 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/include/protocol/ftp/ftp.h 2008-10-04 20:35:08 UTC (rev
2865)
@@ -25,7 +25,6 @@
#include <include/base/mem_buff/mem_buff.h>
#include <include/base/xml/xml_parser.h>
#include <include/protocol/ftp/ftp_common.h>
-#include <include/conf/security/security_cache.h>
#include <include/protocol/ftp/ftp_parser.h>
#include <include/protocol/ftp/ftp_lexer.h>
@@ -139,9 +138,6 @@
void RetrStor(bool bRetr, bool bAppend, const std::string &sPath);
void RemovePipelinedCmds(MemBuf &In, MemBuf &Out);
- static Mutex secCacheMutex;
- static SecurityCache secCache;
-
public:
void EscapeTelnet(MemBuf &In, MemBuf &Out);
Modified: trunk/myserver/include/protocol/http/Makefile.am
===================================================================
--- trunk/myserver/include/protocol/http/Makefile.am 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/include/protocol/http/Makefile.am 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -1,4 +1,4 @@
httpincludedir=$(includedir)/myserver/include/protocol/http
-httpinclude_HEADERS = http_data_handler.h http_data_read.h http_errors.h
http.h http_header_checker.h http_header.h http_headers.h http_request.h
http_response.h http_thread_context.h
+httpinclude_HEADERS = http_data_handler.h http_data_read.h http_errors.h
http.h http_header_checker.h http_header.h http_headers.h http_request.h
http_req_security_domain.h http_response.h http_thread_context.h
SUBDIRS = env
Modified: trunk/myserver/include/protocol/http/http.h
===================================================================
--- trunk/myserver/include/protocol/http/http.h 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/include/protocol/http/http.h 2008-10-04 20:35:08 UTC (rev
2865)
@@ -22,6 +22,7 @@
#include <include/protocol/http/http_thread_context.h>
#include <include/protocol/protocol.h>
#include <include/protocol/http/http_headers.h>
+#include <include/conf/security/security_token.h>
#include <include/conf/security/security_cache.h>
#include <include/base/xml/xml_parser.h>
#include <include/base/thread/thread.h>
@@ -54,10 +55,6 @@
clearMulticastRegistry();
}
-
- Mutex secCacheMutex;
- SecurityCache secCache;
-
DynHttpCommandManager dynCmdManager;
DynHttpManagerList dynManagerList;
@@ -76,18 +73,22 @@
public:
/*! Realm string used by Digest authorization scheme. */
char realm[48];
+
/*! Opaque string used by Digest authorization scheme. */
char opaque[48];
+
/*! Nonce string used by Digest authorization scheme. */
char nonce[48];
+
/*! Cnonce string used by Digest authorization scheme. */
char cnonce[48];
- /*! Password string used by Digest authorization scheme. */
- char requiredPassword[32];
+
/*! Nonce count used by Digest authorization scheme. */
u_long nc;
+
/*! Nonzero if the user was authenticated trough the Digest scheme. */
int digest;
+
/*! Nonzero if the digest was already checked. */
int digestChecked;
HttpUserData();
@@ -187,7 +188,10 @@
static HttpStaticData* getStaticData();
+ SecurityToken *getSecurityToken (){return &securityToken;}
+
protected:
+ SecurityToken securityToken;
HttpDataHandler* mscgi;
HttpDataHandler* wincgi;
HttpDataHandler* isapi;
Copied: trunk/myserver/include/protocol/http/http_req_security_domain.h (from
rev 2864,
branches/myserver_sec_new/include/protocol/http/http_req_security_domain.h)
===================================================================
--- trunk/myserver/include/protocol/http/http_req_security_domain.h
(rev 0)
+++ trunk/myserver/include/protocol/http/http_req_security_domain.h
2008-10-04 20:35:08 UTC (rev 2865)
@@ -0,0 +1,42 @@
+/* -*- mode: c++ -*- */
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef HTTP_REQ_SECURITY_DOMAIN_H
+#define HTTP_REQ_SECURITY_DOMAIN_H
+
+#include "stdafx.h"
+
+#include <include/conf/security/security_domain.h>
+#include <include/protocol/http/http_request.h>
+#include <string>
+
+using namespace std;
+
+class HttpReqSecurityDomain : public SecurityDomain
+{
+public:
+ HttpReqSecurityDomain (HttpRequestHeader *request);
+ virtual ~HttpReqSecurityDomain ();
+ virtual string *getValue (string &name);
+ HttpRequestHeader *getRequest () {return request;}
+protected:
+ HttpRequestHeader *request;
+ string name;
+};
+
+#endif
Modified: trunk/myserver/include/server/server.h
===================================================================
--- trunk/myserver/include/server/server.h 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/include/server/server.h 2008-10-04 20:35:08 UTC (rev
2865)
@@ -46,6 +46,11 @@
#include <include/base/multicast/multicast.h>
#include <include/connections_scheduler/connections_scheduler.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/auth_method_factory.h>
+#include <include/conf/security/validator_factory.h>
+
#include <string>
#include <list>
using namespace std;
@@ -155,6 +160,7 @@
void increaseFreeThread();
void decreaseFreeThread();
+ SecurityManager* getSecurityManager (){return &securityManager;}
private:
friend class ClientsThread;
@@ -253,6 +259,10 @@
ConnectionsScheduler connectionsScheduler;
ListenThreads listenThreads;
bool endServer;
+
+ AuthMethodFactory authMethodFactory;
+ ValidatorFactory validatorFactory;
+ SecurityManager securityManager;
};
#endif
Modified: trunk/myserver/src/conf/security/Makefile.am
===================================================================
--- trunk/myserver/src/conf/security/Makefile.am 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/src/conf/security/Makefile.am 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -1,5 +1,4 @@
lib_LIBRARIES = libsecurity.a
-libsecurity_a_SOURCES = security_cache.cpp security.cpp
+libsecurity_a_SOURCES = auth_domain.cpp auth_method.cpp
auth_method_factory.cpp security_cache.cpp security_domain.cpp
security_manager.cpp security_token.cpp validator.cpp validator_factory.cpp
xml_validator.cpp
SUBDIRS =
INCLUDES = $(all_includes)
-
Copied: trunk/myserver/src/conf/security/auth_domain.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/auth_domain.cpp)
===================================================================
--- trunk/myserver/src/conf/security/auth_domain.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/auth_domain.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,52 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/auth_domain.h>
+#include <include/conf/security/security_manager.h>
+
+
+AuthDomain::AuthDomain (SecurityToken *st)
+{
+ this->name.assign ("auth");
+ securityToken = st;
+}
+
+AuthDomain::~AuthDomain()
+{
+
+}
+
+/*!
+ *\see SecurityDomain::getValue.
+ */
+string *AuthDomain::getValue (string &name)
+{
+ if (!name.compare ("user"))
+ return &(securityToken->getUser ());
+
+ if (!name.compare ("password"))
+ return &(securityToken->getPassword ());
+
+ if (!name.compare ("directory"))
+ return securityToken->getDirectory ();
+
+ if (!name.compare ("sysdirectory"))
+ return securityToken->getSysDirectory ();
+
+ return NULL;
+}
Copied: trunk/myserver/src/conf/security/auth_method.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/auth_method.cpp)
===================================================================
--- trunk/myserver/src/conf/security/auth_method.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/auth_method.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,38 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/auth_method.h>
+
+
+AuthMethod::AuthMethod ()
+{
+
+}
+
+AuthMethod::~AuthMethod()
+{
+
+}
+
+/*!
+ *Get the permission mask for the specified user/password.
+ */
+int AuthMethod::getPermissionMask (SecurityToken* st)
+{
+ return 0;
+}
Copied: trunk/myserver/src/conf/security/auth_method_factory.cpp (from rev
2864, branches/myserver_sec_new/src/conf/security/auth_method_factory.cpp)
===================================================================
--- trunk/myserver/src/conf/security/auth_method_factory.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/auth_method_factory.cpp 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,66 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <include/conf/security/auth_method_factory.h>
+#include <include/conf/security/auth_method.h>
+
+#include <string>
+
+using namespace std;
+
+AuthMethodFactory::AuthMethodFactory ()
+{
+ // XmlAuthMethod* xmlAuthMethod = new XmlAuthMethod;
+ // string xml ("xml");
+
+ // authMethods.put (xml, xmlAuthMethod);
+}
+
+AuthMethodFactory::~AuthMethodFactory ()
+{
+ authMethods.clear ();
+}
+
+/*!
+ *Return an AuthMethod given its name.
+ */
+AuthMethod* AuthMethodFactory::getAuthMethod(string &name)
+{
+ return authMethods.get (name);
+}
+
+/*!
+ *Add a new AuthMethod to the factory.
+ *\param name AuthMethod name.
+ *\param authMethod The authMethod to add.
+ *\return The old authMethod registered with [name], in any.
+ */
+AuthMethod* AuthMethodFactory::addAuthMethod(string &name, AuthMethod*
authMethod)
+{
+ return authMethods.put (name, authMethod);
+
+}
+
+/*!
+ *Check if the specified authMethod is present in the factory.
+ *\param name The authMethod name.
+ *\return a bool value to indicate if it is present or not.
+ */
+bool AuthMethodFactory::isAuthMethodPresent (string &name)
+{
+ return getAuthMethod (name) != NULL;
+}
Deleted: trunk/myserver/src/conf/security/security.cpp
===================================================================
--- trunk/myserver/src/conf/security/security.cpp 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/src/conf/security/security.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -1,284 +0,0 @@
-/*
-MyServer
-Copyright (C) 2002-2008 Free Software Foundation, Inc.
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include <include/conf/security/security.h>
-#include <include/base/utility.h>
-#include <include/base/xml/xml_parser.h>
-#include <include/connection/connection.h>
-#include <include/base/string/securestr.h>
-#include <include/base/regex/myserver_regex.h>
-#include <include/base/file/files_utility.h>
-#include <include/protocol/http/http_thread_context.h>
-
-#include <string>
-#include <sstream>
-#include <memory>
-
-using namespace std;
-
-/*!
- *Create the object.
- */
-SecurityToken::SecurityToken()
-{
- reset();
-}
-
-/*!
- *Reset every structure member.
- */
-void SecurityToken::reset()
-{
- user = 0;
- password = 0;
- directory = 0;
- filename = 0;
- requiredPassword = 0;
- providedMask = 0;
- authType = 0;
- authTypeLen = 0;
- throttlingRate = (int)-1;
-}
-
-
-/*!
- *Get the error file for a page using the specified parser.
- *Return 0 to use the default one.
- *Return -1 on errors.
- *Return other valus on success.
- */
-int SecurityManager::getErrorFileName(const char* sysDir,
- int error,
- string &out,
- XmlParser* parser)
-{
- string evalString;
- XmlXPathResult* xpathRes;
- xmlNodeSetPtr nodes;
- int ret;
-
- out.assign("");
-
- if(parser == NULL || !parser->isXpathEnabled())
- return -1;
-
- evalString = "/SECURITY/address@hidden'";
- evalString += error;
- evalString += "']/@FILE";
-
- xpathRes = parser->evaluateXpath(evalString);
- nodes = xpathRes->getNodeSet();
-
- if(nodes && nodes->nodeNr)
- out.assign((const char*)nodes->nodeTab[0]->children->content);
-
- /* Return 1 if both it was found and well configured. */
- ret = nodes && nodes->nodeNr && out.length() ? 1 : 0;
-
- delete xpathRes;
- return ret;
-
-}
-
-
-/*!
- *Get the permissions mask for the file FILENAME using the XML parser PARSER.
- *The file DIRECTORY/security will be parsed.
- *PROVIDEDMASK is the permission mask that the USER will have providing the
- *REQUIREDPASSWORD password.
- *Returns -1 on errors.
- */
-int SecurityManager::getPermissionMask(SecurityToken *st, XmlParser* parser)
-{
- xmlNodeSetPtr nodes;
- xmlAttr* attr;
- string evalString;
- int permissions = 0;
- const char* requiredPassword;
- bool rightPassword = false;
- auto_ptr<XmlXPathResult> itemRes;
- auto_ptr<XmlXPathResult> userRes;
-
- if(parser == NULL || !parser->isXpathEnabled())
- return -1;
-
-
- evalString = "/SECURITY/AUTH/@TYPE";
-
- auto_ptr<XmlXPathResult>authRes(parser->evaluateXpath(evalString));
- nodes = authRes.get()->getNodeSet();
-
- if(nodes && nodes->nodeNr)
- strncpy(st->authType,(const char*)nodes->nodeTab[0]->children->content,
- st->authTypeLen);
-
- evalString = "/SECURITY/address@hidden'";
- evalString += st->filename;
- evalString += "\']/address@hidden'";
- evalString += st->user;
- evalString += "\']/.";
-
- auto_ptr<XmlXPathResult> itemUserRes(parser->evaluateXpath(evalString));
-
- nodes = itemUserRes.get()->getNodeSet();
-
- if(!nodes || !nodes->nodeNr)
- {
- evalString = "/SECURITY/address@hidden'";
- evalString += st->filename;
- evalString += "\']/.";
-
- itemRes.reset(parser->evaluateXpath(evalString));
-
- nodes = itemRes.get()->getNodeSet();
-
- if(!nodes || !nodes->nodeNr)
- {
- evalString = "/SECURITY/address@hidden'";
- evalString += st->user;
- evalString += "\']/.";
-
- userRes.reset(parser->evaluateXpath(evalString));
-
- nodes = userRes.get()->getNodeSet();
- }
-
- }
-
- if(!nodes || !nodes->nodeNr)
- return 0;
-
- for(attr = nodes->nodeTab[0]->properties; attr; attr = attr->next)
- {
- if(!strcmpi((const char*)attr->name, "READ") &&
- !strcmpi((const char*)attr->children->content, "TRUE"))
- permissions |= MYSERVER_PERMISSION_READ;
-
- if(!strcmpi((const char*)attr->name, "WRITE") &&
- !strcmpi((const char*)attr->children->content, "TRUE"))
- permissions |= MYSERVER_PERMISSION_WRITE;
-
- if(!strcmpi((const char*)attr->name, "EXECUTE") &&
- !strcmpi((const char*)attr->children->content, "TRUE"))
- permissions |= MYSERVER_PERMISSION_EXECUTE;
-
- if(!strcmpi((const char*)attr->name, "BROWSE") &&
- !strcmpi((const char*)attr->children->content, "TRUE"))
- permissions |= MYSERVER_PERMISSION_BROWSE;
-
- if(!strcmpi((const char*)attr->name, "PASS"))
- {
- requiredPassword = (const char*)attr->children->content;
- rightPassword = !strcmp(st->password, requiredPassword);
- }
- }
-
- if(rightPassword)
- {
- for(attr = nodes->nodeTab[0]->properties; attr; attr = attr->next)
- {
- if(!strcmpi((const char*)attr->name, "THROTTLING_RATE"))
- st->throttlingRate = atoi((const char*)attr->children->content);
- }
- }
-
- if(st->requiredPassword)
- myserver_strlcpy(st->requiredPassword, requiredPassword, 32);
-
- if(st->providedMask)
- *(st->providedMask) = permissions;
-
- if(!SecurityManager::checkActions(st->td, nodes->nodeTab[0] ))
- return 0;
-
-
- return rightPassword ? permissions : 0;
-}
-
-/*!
- *Check if the specified actions deny the access to the resource.
- *\param td The Thread Context.
- *\param root The root node with actions.
- *\return true if the action allows the access to the resource.
- *\return false if the action denies the access to the resource.
- */
-bool SecurityManager::checkActions(HttpThreadContext* td, xmlNode *root)
-{
- xmlNode* actionsNode = root;
-
- for( ; td && actionsNode; actionsNode = actionsNode->next)
- {
- xmlAttr *attr = actionsNode->properties;
- int deny = 0;
- regmatch_t pm;
- const char* name = 0;
- Regex value;
- string* headerVal = 0;
-
- if(strcmpi((const char*)actionsNode->name, "ACTION"))
- continue;
-
- if(actionsNode->children && actionsNode->children->content
- && !strcmpi((const char*)actionsNode->children->content, "DENY"))
- deny = 1;
-
- if(!deny)
- continue;
-
- for( ; attr; attr = attr->next)
- {
- if(!strcmpi((const char*)attr->name, "NAME"))
- name = (const char*) attr->children->content;
- if(!strcmpi((const char*)attr->name, "VALUE"))
- value.compile((const char*)attr->children->content, REG_EXTENDED);
- }
-
- if(name)
- headerVal = td->request.getValue(name, 0);
-
- if(!headerVal)
- continue;
-
- /*
- *If the regular expression matches the header value then deny the
- *access.
- */
- if(value.isCompiled() && !value.exec(headerVal->c_str(), 1,&pm,
- REG_NOTEOL))
- return false;
- }
-
- return true;
-
-}
-
-/*!
- *Create the object.
- */
-SecurityManager::SecurityManager()
-{
-
-}
-
-/*!
- *Destroy the SecurityManager object.
- */
-SecurityManager::~SecurityManager()
-{
-
-}
Modified: trunk/myserver/src/conf/security/security_cache.cpp
===================================================================
--- trunk/myserver/src/conf/security/security_cache.cpp 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/src/conf/security/security_cache.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -16,30 +16,30 @@
*/
#include <include/conf/security/security_cache.h>
-#include <include/conf/security/security.h>
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/auth_domain.h>
#include <include/base/file/file.h>
#include <include/base/file/files_utility.h>
#include <string>
using namespace std;
-
+
/*!
*Constructor for the SecurityCache object.
*/
-SecurityCache::SecurityCache()
+SecurityCache::SecurityCache ()
{
/*!
*By default do not store more than 25 nodes.
*/
limit = 25;
-
}
/*!
*Destroy the security cache object.
*/
-SecurityCache::~SecurityCache()
+SecurityCache::~SecurityCache ()
{
free();
}
@@ -47,11 +47,11 @@
/*!
*free the memory used by the SecurityCache object.
*/
-void SecurityCache::free()
+void SecurityCache::free ()
{
HashMap<string, XmlParser*>::Iterator it = dictionary.begin();
- for (;it != dictionary.end(); it++)
+ for (;it != dictionary.end (); it++)
{
delete (*it);
}
@@ -61,11 +61,15 @@
/*!
*Set a new limit on the nodes to keep in memory.
+ *\param newLimit Number of files to cache. it is adjusted
+ *to be >= 1.
*/
-void SecurityCache::setMaxNodes(int newLimit)
+void SecurityCache::setMaxNodes (int newLimit)
{
+ if (newLimit <= 0)
+ newLimit = 1;
+
/*! Remove all the additional nodes from the dictionary. */
-
while(newLimit < dictionary.size())
{
XmlParser* toremove = dictionary.remove(dictionary.begin());
@@ -81,20 +85,25 @@
*\param dir The directory we need a security parser for.
*\param sys The system directory.
*\param out Output string where put the security file path.
+ *\param secFileName The security file name.
*/
-int SecurityCache::getSecurityFile(const char* dir, const char* sys,
- string& out)
+int SecurityCache::getSecurityFile (const string& dir,
+ const string& sys,
+ string& out,
+ const char* secFileName)
{
int found = 0;
- string file(dir);
string secFile;
+ string file(dir);
+
int i = file.length() - 1;
- while(i && file[i] == '/')
+ while(i && dir[i] == '/')
file.erase(i--, 1);
- secFile.assign(file);
- secFile.append("/security");
+ secFile.assign(dir);
+ secFile.append("/");
+ secFile.append(secFileName);
/* The security file exists in the directory. */
if(FilesUtility::fileExists(secFile))
@@ -103,18 +112,11 @@
return 0;
}
- if(file.length() == 0)
- {
- out.assign(sys);
- out.append("/security");
- return !FilesUtility::fileExists(out);
- }
-
-
+
/* Go upper in the tree till we find a security file. */
- do
+ for(;;)
{
- if(!file.length())
+ if(found || !file.length())
break;
for(i = file.length() - 1; i; i--)
@@ -124,22 +126,24 @@
break;
}
-
/*
*Top of the tree, check if the security file is present in the
- *system directory, returns an error if it is not.
+ *system directory. Return an error if it is not.
*/
if(i == 0)
{
out.assign(sys);
- out.append("/security");
+ out.append("/");
+ out.append(secFileName);
return !FilesUtility::fileExists(out);
}
+
secFile.assign(file);
- secFile.append("/security");
+ secFile.append("/");
+ secFile.append(secFileName);
+ found = FilesUtility::fileExists(secFile);
}
- while(!(found = FilesUtility::fileExists(secFile)));
out.assign(secFile);
return 0;
@@ -159,33 +163,36 @@
*\param dir The path where start looking.
*\param sys The system directory.
*\param useXpath Specify if XPath will be used on the file.
+ *\param secFileName The security file name.
*/
-XmlParser* SecurityCache::getParser(const char* dir, const char* sys, bool
useXpath)
+XmlParser* SecurityCache::getParser (const string &dir,
+ const string &sys,
+ bool useXpath,
+ const char* secFileName)
{
XmlParser* parser;
string file;
- if(getSecurityFile(dir, sys, file))
+ if (getSecurityFile (dir, sys, file, secFileName))
return NULL;
- parser = dictionary.get(file);
+ parser = dictionary.get (file);
-
/*!
*If the parser is already present and satisfy XPath then use it.
*/
- if(parser && (!useXpath || parser->isXpathEnabled()))
+ if (parser && (!useXpath || parser->isXpathEnabled ()))
{
time_t fileModTime;
/*! If the file was modified reload it. */
- fileModTime = FilesUtility::getLastModTime(file.c_str());
- if((fileModTime != static_cast<time_t>(-1)) &&
- (parser->getLastModTime() != fileModTime))
+ fileModTime = FilesUtility::getLastModTime (file.c_str ());
+ if ((fileModTime != static_cast<time_t>(-1)) &&
+ (parser->getLastModTime () != fileModTime))
{
- parser->close();
- if(parser->open(file.c_str(), useXpath) == -1)
+ parser->close ();
+ if(parser->open (file.c_str (), useXpath) == -1)
{
- dictionary.remove(file.c_str());
+ dictionary.remove (file.c_str ());
return NULL;
}
@@ -193,77 +200,31 @@
}
else
{
- /*!
- *Create the parser and append at the dictionary.
+ /*!
+ *Create the parser and add it to the dictionary.
*/
XmlParser* old;
- parser = new XmlParser();
- if(parser == NULL)
+ parser = new XmlParser ();
+
+ if (parser == NULL)
{
return NULL;
}
- if(dictionary.size() >= limit)
+ if (dictionary.size () >= limit)
{
- XmlParser* toremove = dictionary.remove(dictionary.begin());
- if(toremove)
+ XmlParser* toremove = dictionary.remove (dictionary.begin ());
+ if (toremove)
delete toremove;
}
- if(parser->open(file.c_str(), useXpath) == -1)
+ if (parser->open (file.c_str (), useXpath) == -1)
return NULL;
- old = dictionary.put(file, parser);
- if(old)
- {
+ old = dictionary.put (file, parser);
+ if (old)
delete old;
- }
}
return parser;
}
-
-
-/*!
- *Get the permission mask for the specified file and user. If the security
file to use
- *is not loaded it will be loaded and added to the cache dictionary for faster
future
- *accesses.
- */
-int SecurityCache::getPermissionMask(SecurityToken* st)
-{
- XmlParser *parser;
-
- if(st->directory == 0)
- return -1;
-
- if(st->filename == 0)
- return -1;
-
- parser = getParser(st->directory, st->sysdirectory);
-
- if(parser == NULL)
- return -1;
-
- return sm.getPermissionMask(st, parser);
-}
-
-/*!
- *Get the error file name from the security file.
- */
-int SecurityCache::getErrorFileName(const char *directory, int error,
- const char* sysdirectory, string& out)
-{
- XmlParser *parser;
-
- out.assign("");
-
- if(directory == 0)
- return -1;
-
- parser = getParser(directory, sysdirectory);
-
- if(parser == NULL)
- return -1;
-
- return sm.getErrorFileName(directory, error, out, parser);
-}
Copied: trunk/myserver/src/conf/security/security_domain.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/security_domain.cpp)
===================================================================
--- trunk/myserver/src/conf/security/security_domain.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/security_domain.cpp 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,48 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/security_domain.h>
+
+
+SecurityDomain::SecurityDomain ()
+{
+ this->name.assign ("");
+}
+
+SecurityDomain::SecurityDomain (string& name)
+{
+ this->name.assign (name);
+}
+SecurityDomain::SecurityDomain (const char* name)
+{
+ this->name.assign (name);
+}
+
+
+SecurityDomain::~SecurityDomain ()
+{
+
+}
+
+/*!
+ *Get the stored value for [name].
+ */
+string *SecurityDomain::getValue (string &name)
+{
+ return NULL;
+}
Copied: trunk/myserver/src/conf/security/security_manager.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/security_manager.cpp)
===================================================================
--- trunk/myserver/src/conf/security/security_manager.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/security_manager.cpp 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,107 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/validator.h>
+#include <include/conf/security/validator_factory.h>
+#include <include/conf/security/auth_method.h>
+#include <include/conf/security/auth_method_factory.h>
+#include <include/conf/security/security_token.h>
+
+#include <string>
+#include <sstream>
+#include <memory>
+
+using namespace std;
+
+SecurityManager::SecurityManager (ValidatorFactory* vf, AuthMethodFactory* amf)
+{
+ validatorFactory = vf;
+ authMethodFactory = amf;
+}
+
+SecurityManager::~SecurityManager ()
+{
+
+}
+
+/*!
+ *Get the permission mask for the requested resource.
+ */
+int SecurityManager::getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ string &validator,
+ string &authMethod)
+{
+ Validator *v;
+ AuthMethod *am;
+
+ if (getValidatorAndAuthMethod (validator, authMethod, &v, &am))
+ return 0;
+
+ return v->getPermissionMask (st, domains, am);
+}
+
+/*!
+ *Get the permission mask for the requested resource.
+ */
+int SecurityManager::getPermissionMask (SecurityToken* st,
+ list<SecurityDomain*> *domains,
+ string &validator,
+ string &authMethod)
+{
+ Validator *v;
+ AuthMethod *am;
+
+ if (getValidatorAndAuthMethod (validator, authMethod, &v, &am))
+ return 0;
+
+ return v->getPermissionMask (st, domains, am);
+}
+
+
+/*!
+ *Initialize the pointers to the specified Validator and AuthMethod.
+ *\param validatorName The validator name to find.
+ *\param authMethodName The auth method name to find.
+ *\param validator Pointer to the Validator to initialize.
+ *\param validator Pointer to the AuthMethod initialize.
+ *\return 0 if the pointers were successfully initialized.
+ */
+int SecurityManager::getValidatorAndAuthMethod (string &validatorName,
+ string &authMethodName,
+ Validator **validator,
+ AuthMethod **authMethod)
+{
+
+ string xml ("xml");
+
+ *validator = validatorFactory->getValidator (validatorName);
+ *authMethod = authMethodFactory->getAuthMethod (authMethodName);
+
+ if (!(*validator))
+ *validator = validatorFactory->getValidator (xml);
+
+ if (!(*authMethod))
+ *authMethod = authMethodFactory->getAuthMethod (xml);
+
+ if (*validator && *authMethod)
+ return 0;
+
+ return 1;
+}
Copied: trunk/myserver/src/conf/security/security_token.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/security_token.cpp)
===================================================================
--- trunk/myserver/src/conf/security/security_token.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/security_token.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,91 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/security_token.h>
+#include <include/conf/vhost/vhost.h>
+#include <include/server/server.h>
+
+#include <string>
+#include <sstream>
+#include <memory>
+
+using namespace std;
+
+/*!
+ *Create the object.
+ */
+SecurityToken::SecurityToken ()
+{
+ reset ();
+}
+
+/*!
+ *Reset every structure member.
+ */
+void SecurityToken::reset ()
+{
+ mask = 0;
+ done = false;
+ server = NULL;
+ vhost = NULL;
+
+ directory = NULL;
+ sysdirectory = NULL;
+ resource = NULL;
+
+}
+
+/*!
+ *Get the value for the variable using the specified domains.
+ *\param name Variable name.
+ *\param domains Domains where to look. They are looked in this order:
+ *\li Security configuration file.
+ *\li Virtual host configuration file.
+ *\li Global security file.
+ */
+const char* SecurityToken::getHashedData (const char* name, int domains)
+{
+ if (domains & MYSERVER_SECURITY_CONF)
+ {
+ string strName (name);
+ string *ret = values.get (strName);
+
+ if (ret)
+ return ret->c_str ();
+
+ }
+
+ if (vhost && (domains & MYSERVER_VHOST_CONF))
+ {
+ const char* ret = vhost->getHashedData (name);
+
+ if (ret)
+ return ret;
+ }
+
+ if (server && (domains & MYSERVER_SERVER_CONF))
+ {
+ const char* ret = server->getHashedData (name);
+
+ if (ret)
+ return ret;
+ }
+
+
+ return NULL;
+}
Copied: trunk/myserver/src/conf/security/validator.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/validator.cpp)
===================================================================
--- trunk/myserver/src/conf/security/validator.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/validator.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,146 @@
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/validator.h>
+#include <include/conf/security/auth_domain.h>
+
+Validator::Validator ()
+{
+
+}
+
+Validator::~Validator ()
+{
+
+}
+
+
+/*!
+ *Get the permission mask for the requested resource.
+ *Delegate the problem to getPermissionMaskInt.
+ */
+int Validator::getPermissionMask (SecurityToken* st,
+ list<SecurityDomain*> *domains,
+ AuthMethod* authMethod)
+{
+ HashMap<string, SecurityDomain*> hashedDomains;
+
+ if (st->isDone ())
+ return st->getMask ();
+
+ if (domains)
+ {
+ for (list<SecurityDomain*>::iterator it = domains->begin ();
+ it != domains->end (); it++)
+ {
+ addDomain (&hashedDomains, *it);
+ }
+ }
+
+ return getPermissionMaskInt (st, &hashedDomains, authMethod);
+}
+
+/*!
+ *Get the permission mask for the requested resource.
+ *Delegate the problem to getPermissionMaskInt.
+ */
+int Validator::getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ AuthMethod* authMethod)
+{
+ HashMap<string, SecurityDomain*> hashedDomains;
+
+ if (st->isDone ())
+ return st->getMask ();
+
+ if (domains)
+ {
+ for (u_int i = 0; domains[i]; i++)
+ {
+ addDomain (&hashedDomains, domains[i]);
+ }
+ }
+
+ return getPermissionMaskInt (st, &hashedDomains, authMethod);
+}
+
+
+
+/*!
+ *Get the permission mask for the requested resource.
+ *Decorate getPermissionMaskImpl.
+ */
+int Validator::getPermissionMaskInt (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod)
+{
+ int ret = 0;
+
+ if (authMethod)
+ ret = authMethod->getPermissionMask (st);
+
+ if (!getPermissionMaskImpl (st, hashedDomains, authMethod))
+ ret = 0;
+
+ st->setDone (true);
+
+ return ret;
+}
+
+
+/*!
+ *Get the permission mask for the requested resource.
+ */
+int Validator::getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod)
+{
+ return 0;
+}
+
+/*!
+ *Get the value for [name] in the form domain.variable.
+ *\param hashedDomains Registered security domains.
+ *\param name Variable name.
+ *\return The value of the requested variable.
+ */
+string *Validator::getValue (HashMap<string, SecurityDomain*> *hashedDomains,
string &name)
+{
+ string domain;
+ string var;
+ size_t pos = name.find ('.');
+ SecurityDomain *securityDomain = NULL;
+
+ if (pos != string::npos)
+ {
+ domain = name.substr (0, pos);
+ var = name.substr (pos + 1, string::npos);
+ }
+ else
+ {
+ domain.assign("");
+ var = name;
+ }
+
+ securityDomain = hashedDomains->get (domain);
+
+ if (securityDomain)
+ return securityDomain->getValue (var);
+
+ return NULL;
+}
Copied: trunk/myserver/src/conf/security/validator_factory.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/validator_factory.cpp)
===================================================================
--- trunk/myserver/src/conf/security/validator_factory.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/validator_factory.cpp 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,68 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/validator.h>
+#include <include/conf/security/validator_factory.h>
+#include <include/conf/security/xml_validator.h>
+
+#include <string>
+
+using namespace std;
+
+ValidatorFactory::ValidatorFactory ()
+{
+ XmlValidator* xmlValidator = new XmlValidator;
+ string xml ("xml");
+
+ validators.put (xml, xmlValidator);
+
+}
+
+ValidatorFactory::~ValidatorFactory ()
+{
+ validators.clear ();
+}
+
+/*!
+ *Return a validator given its name.
+ */
+Validator* ValidatorFactory::getValidator(string &name)
+{
+ return validators.get (name);
+}
+
+/*!
+ *Add a new validator to the factory.
+ *\param name Validator name.
+ *\param validator The validator to add.
+ *\return The old validator registered with [name], in any.
+ */
+Validator* ValidatorFactory::addValidator(string &name, Validator* validator)
+{
+ return validators.put (name, validator);
+}
+
+/*!
+ *Check if the specified validator is present in the factory.
+ *\param name The validator name.
+ *\return a bool value to indicate if it is present or not.
+ */
+bool ValidatorFactory::isValidatorPresent (string &name)
+{
+ return getValidator (name) != NULL;
+}
Copied: trunk/myserver/src/conf/security/xml_validator.cpp (from rev 2864,
branches/myserver_sec_new/src/conf/security/xml_validator.cpp)
===================================================================
--- trunk/myserver/src/conf/security/xml_validator.cpp
(rev 0)
+++ trunk/myserver/src/conf/security/xml_validator.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,372 @@
+/*
+MyServer
+Copyright (C) 2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/conf/security/xml_validator.h>
+#include <include/conf/security/auth_domain.h>
+#include <include/conf/security/security_cache.h>
+
+XmlValidator::XmlValidator ()
+{
+ secCache = NULL;
+}
+
+XmlValidator::~XmlValidator ()
+{
+ if (secCache != NULL)
+ {
+ secCache->free ();
+ delete secCache;
+ }
+}
+
+/*!
+ *Get the security files cache.
+ */
+SecurityCache* XmlValidator::getCache (Server *server)
+{
+ if (!secCache && server)
+ {
+ const char *data = server->getHashedData ("SECURITY_CACHE_NODES");
+ secCache = new SecurityCache ();
+ if (data)
+ {
+ int nodes = atoi (data);
+ secCache->setMaxNodes (nodes);
+ }
+ }
+
+ return secCache;
+}
+
+/*!
+ *Get the XML parser to use.
+ */
+XmlParser* XmlValidator::getParser (SecurityToken* st)
+{
+ const char *secName;
+
+ SecurityCache *cache = getCache (st->getServer ());
+
+ if (!cache)
+ return NULL;
+
+ secName = st->getVhost () ? st->getVhost ()->getHashedData
("SECURITY_FILE_NAME") : NULL;
+
+ if (!secName)
+ secName = st->getServer () ? st->getServer ()->getHashedData
("SECURITY_FILE_NAME") : NULL;
+
+ if (!secName)
+ secName = ".security.xml";
+
+ return cache->getParser (*(st->getResource ()), *(st->getSysDirectory ()),
false, secName);
+}
+
+/*!
+ *\see AuthMethod#getPermissionMask.
+ */
+int XmlValidator::getPermissionMask (SecurityToken* st)
+{
+ xmlNodePtr root;
+ XmlParser* xmlFile = getParser (st);
+
+ if (!xmlFile)
+ return 0;
+
+ for (xmlNodePtr cur = xmlFile->getDoc ()->children; cur; cur = cur->next)
+ if (cur->type == XML_ELEMENT_NODE)
+ {
+ for (xmlNodePtr curChild = cur->children; curChild; curChild =
curChild->next)
+ if (curChild->type == XML_ELEMENT_NODE)
+ {
+ root = curChild;
+ break;
+ }
+ }
+
+ for (xmlNodePtr cur = root; cur; cur = cur->next)
+ {
+ if (xmlStrcmp (cur->name, (const xmlChar *) "USER"))
+ continue;
+
+ xmlAttr *attrs = cur->properties;
+
+ xmlChar* name = NULL;
+ xmlChar* password = NULL;
+
+ int permissions = getPermissions (attrs, &name, &password);
+
+ if (!name || !password ||
+ xmlStrcmp (name, (const xmlChar *)st->getUser ().c_str ()))
+ continue;
+
+ st->setProvidedMask (permissions);
+
+ if (xmlStrcmp (password, (const xmlChar *)st->getPassword ().c_str ()))
+ {
+ st->setAuthenticated (false);
+ st->setMask (0);
+ }
+ else
+ {
+ st->setAuthenticated (true);
+ st->setMask (permissions);
+ }
+
+ return st->getMask ();
+ }
+
+ return 0;
+}
+
+/*!
+ *Get a permission mask from the attributes.
+ *\param attrs Attributes list.
+ *\param user The found user name.
+ *\param password The found password.
+ *\return the permissions mask.
+ */
+int XmlValidator::getPermissions (xmlAttr* attrs, xmlChar** user, xmlChar**
password )
+{
+ int permissions = 0;
+
+ while (attrs)
+ {
+ if (user && !xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
+ attrs->children && attrs->children->content)
+ *user = attrs->children->content;
+
+ else if (password && !xmlStrcmp (attrs->name, (const xmlChar
*)"password") &&
+ attrs->children && attrs->children->content)
+ *password = attrs->children->content;
+
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"READ") &&
+ attrs->children && attrs->children->content &&
+ !xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
+ permissions |= MYSERVER_PERMISSION_READ;
+
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"WRITE") &&
+ attrs->children && attrs->children->content &&
+ !xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
+ permissions |= MYSERVER_PERMISSION_WRITE;
+
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"EXECUTE") &&
+ attrs->children && attrs->children->content &&
+ !xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
+ permissions |= MYSERVER_PERMISSION_EXECUTE;
+
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"BROWSE") &&
+ attrs->children && attrs->children->content &&
+ !xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
+ permissions |= MYSERVER_PERMISSION_BROWSE;
+
+ attrs = attrs->next;
+ }
+
+ return permissions;
+}
+
+
+/*!
+ *\see XmlValidator#getPermissionMaskImpl.
+ */
+int XmlValidator::getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod)
+{
+ XmlParser* xmlFile = getParser (st);
+
+ if (!xmlFile)
+ return 0;
+
+ for (xmlNodePtr cur = xmlFile->getDoc ()->children; cur; cur = cur->next)
+ if (cur->type == XML_ELEMENT_NODE)
+ {
+ int cmd = -1;
+
+ computeXmlNode (cur, st, &cmd, hashedDomains);
+
+ /* By default return ALLOW. */
+ if (cmd == -1)
+ return 1;
+
+ if (cmd == 0)
+ return 0;
+
+ if (cmd == 1)
+ {
+ st->setMask (MYSERVER_PERMISSION_ALL);
+ return 1;
+ }
+
+ }
+
+ return 0;
+}
+
+/*!
+ *Compute the current XML node.
+ */
+int XmlValidator::computeXmlNode (xmlNodePtr node,
+ SecurityToken *st,
+ int *cmd,
+ HashMap<string, SecurityDomain*>
*hashedDomains)
+{
+ if (!node)
+ return 0;
+
+ for (xmlNodePtr cur = node->children; cur; cur = cur->next)
+ {
+ if (cur->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (!xmlStrcmp (cur->name, (const xmlChar *) "CONDITION"))
+ {
+ if (doCondition (cur, hashedDomains) && computeXmlNode (cur, st, cmd,
hashedDomains))
+ return 1;
+ }
+ else if (!xmlStrcmp (cur->name, (const xmlChar *) "RETURN"))
+ {
+ doReturn (cur, cmd, hashedDomains);
+ return 1;
+ }
+ else if (!xmlStrcmp (cur->name, (const xmlChar *) "DEFINE"))
+ {
+ doDefine (cur, st, hashedDomains);
+ }
+ else if (!xmlStrcmp (cur->name, (const xmlChar *) "PERMISSION"))
+ {
+ doPermission (cur, st, hashedDomains);
+ }
+ }
+
+ return 0;
+}
+
+/*!
+ *Handle a CONDITION.
+ */
+bool XmlValidator::doCondition (xmlNodePtr node, HashMap<string,
SecurityDomain*> *hashedDomains)
+{
+ string name;
+ const xmlChar *isNot = (const xmlChar*)"";
+ const xmlChar *value = (const xmlChar*)"";
+ xmlAttr *attrs = node->properties;
+
+ while (attrs)
+ {
+ if(!xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
+ attrs->children && attrs->children->content)
+ name.assign ((const char*)attrs->children->content);
+
+ if(!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
+ attrs->children && attrs->children->content)
+ value = attrs->children->content;
+
+ if(!xmlStrcmp (attrs->name, (const xmlChar *)"not") &&
+ attrs->children && attrs->children->content)
+ isNot = attrs->children->content;
+
+ attrs = attrs->next;
+ }
+
+ string *storedValue = getValue (hashedDomains, name);
+
+ if (!storedValue)
+ return false;
+
+ bool eq = storedValue->compare ((const char*)value) == 0;
+
+ if (!xmlStrcmp (isNot, (const xmlChar *) "yes"))
+ return !eq;
+
+ return eq;
+}
+
+/*!
+ *Handle a PERMISSION.
+ */
+void XmlValidator::doPermission (xmlNodePtr node, SecurityToken *st,
HashMap<string, SecurityDomain*> *hashedDomains)
+{
+ string name;
+ const xmlChar *isNot = (const xmlChar*)"";
+ const xmlChar *value = (const xmlChar*)"";
+ xmlAttr *attrs = node->properties;
+
+ st->setProvidedMask (getPermissions (attrs));
+
+ if (st->isAuthenticated ())
+ st->setMask (st->getProvidedMask ());
+}
+
+
+/*!
+ *Handle a DEFINE.
+ */
+void XmlValidator::doDefine (xmlNodePtr node, SecurityToken *st,
HashMap<string, SecurityDomain*> *hashedDomains)
+{
+ string name;
+ const xmlChar *value = (const xmlChar*)"";
+ xmlAttr *attrs = node->properties;
+
+ while (attrs)
+ {
+ if(!xmlStrcmp (attrs->name, (const xmlChar *)"name") &&
+ attrs->children && attrs->children->content)
+ name.assign ((const char*)attrs->children->content);
+
+ if(!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
+ attrs->children && attrs->children->content)
+ value = attrs->children->content;
+
+ attrs = attrs->next;
+ }
+
+ if (!value)
+ return;
+
+ string *valStr = new string ((const char *)value);
+
+ string *old = st->getValues ()->put (name, valStr);
+
+ if (old)
+ delete old;
+}
+
+/*!
+ *Handle a RETURN.
+ */
+void XmlValidator::doReturn (xmlNodePtr node, int *cmd, HashMap<string,
SecurityDomain*> *hashedDomains)
+{
+ xmlAttr *attrs = node->properties;
+
+ xmlChar *value = NULL;
+
+ while (attrs)
+ {
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"value") &&
+ attrs->children && attrs->children->content)
+ value = attrs->children->content;
+
+ attrs = attrs->next;
+ }
+
+ if (value && !xmlStrcmp (value, (const xmlChar *) "ALLOW"))
+ *cmd = 1;
+ else
+ *cmd = 0;
+}
Modified: trunk/myserver/src/http_handler/http_dir/http_dir.cpp
===================================================================
--- trunk/myserver/src/http_handler/http_dir/http_dir.cpp 2008-10-04
19:43:00 UTC (rev 2864)
+++ trunk/myserver/src/http_handler/http_dir/http_dir.cpp 2008-10-04
20:35:08 UTC (rev 2865)
@@ -398,9 +398,6 @@
{
if(fd.name[0] == '.')
continue;
- /* Do not show the security file. */
- if(!strcmp(fd.name, "security"))
- continue;
FileStruct file;
file.name.assign(fd.name);
@@ -408,7 +405,6 @@
file.attrib = fd.attrib;
file.size = fd.size;
files.push_back(file);
-
}
while(!fd.findnext());
Modified: trunk/myserver/src/protocol/ftp/ftp.cpp
===================================================================
--- trunk/myserver/src/protocol/ftp/ftp.cpp 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/src/protocol/ftp/ftp.cpp 2008-10-04 20:35:08 UTC (rev
2865)
@@ -28,6 +28,7 @@
#include <include/base/find_data/find_data.h>
#include <include/base/string/stringutils.h>
#include <include/base/mem_buff/mem_buff.h>
+#include <include/conf/security/auth_domain.h>
#include <assert.h>
#ifndef WIN32
@@ -96,14 +97,6 @@
}
//////////////////////////////////////////////////////////////////////////////
-// Used at Ftp access control
-/*! Cache for security files. */
-SecurityCache Ftp::secCache;
-
-/*! Access the security cache safely. */
-Mutex Ftp::secCacheMutex;
-
-//////////////////////////////////////////////////////////////////////////////
// FtpUserData class
FtpUserData::FtpUserData()
{
@@ -2389,34 +2382,34 @@
FilesUtility::splitPath(sPath, sDir, sFileName);
SecurityToken st;
+ string user;
+ string password;
if ( strcmpi(sUser.c_str(), "anonymous") == 0 )
{
- st.user = "Guest";
- st.password = "";
+ user.assign ("Guest");
+ password.assign("");
}
else
{
- st.user = sUser.c_str();
- st.password = sPass.c_str();
+ user.assign (sUser);
+ password.assign (sPass);
}
- st.directory = sDir.c_str();
- st.sysdirectory =
td.pConnection->host->getSystemRoot().c_str();//pFtpUserData->m_pDataConnection->host->getSystemRoot().c_str();
- st.authType = 0;
- st.filename = sFileName.c_str();
- //st.providedMask = &mask;
- int perm = 0;
- secCacheMutex.lock();
- try
- {
- perm = secCache.getPermissionMask (&st);
- secCacheMutex.unlock();
- }
- catch ( ... )
- {
- secCacheMutex.unlock();
- throw;
- }
- return (perm & mask);
+
+ st.setUser (user);
+ st.setPassword (password);
+
+
+ st.setDirectory (&sDir);
+ st.setSysDirectory ((string *)&(td.pConnection->host->getSystemRoot ()));
+ st.setResource (&sFileName);
+
+ AuthDomain auth (&st);
+ string xml ("xml");//FIXME: don't hardly-code "xml".
+ SecurityDomain* domains[] = {&auth, NULL};
+
+ Server::getInstance()->getSecurityManager ()->getPermissionMask (&st,
domains, xml, xml);
+
+ return (st.getMask () & mask);
}
void Ftp::Size(const std::string &sPath)
Modified: trunk/myserver/src/protocol/http/Makefile.am
===================================================================
--- trunk/myserver/src/protocol/http/Makefile.am 2008-10-04 19:43:00 UTC
(rev 2864)
+++ trunk/myserver/src/protocol/http/Makefile.am 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -1,5 +1,5 @@
lib_LIBRARIES = libhttp.a
-libhttp_a_SOURCES = http.cpp http_data_handler.cpp http_data_read.cpp
http_errors.cpp http_header_checker.cpp http_headers.cpp http_request.cpp
http_response.cpp http_thread_context.cpp
+libhttp_a_SOURCES = http.cpp http_data_handler.cpp http_data_read.cpp
http_errors.cpp http_header_checker.cpp http_headers.cpp http_request.cpp
http_req_security_domain.cpp http_response.cpp http_thread_context.cpp
SUBDIRS = env
INCLUDES = $(all_includes)
Modified: trunk/myserver/src/protocol/http/http.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http.cpp 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/src/protocol/http/http.cpp 2008-10-04 20:35:08 UTC (rev
2865)
@@ -18,8 +18,10 @@
#include <include/protocol/http/http.h>
#include <include/protocol/http/http_headers.h>
+#include <include/protocol/http/http_req_security_domain.h>
#include <include/server/server.h>
#include <include/conf/security/security.h>
+#include <include/conf/security/auth_domain.h>
#include <include/base/base64/mime_utils.h>
#include <include/base/file/file.h>
#include <include/base/file/files_utility.h>
@@ -348,16 +350,21 @@
int Http::getFilePermissions(string& filename, string& directory, string&
file,
string &filenamePath, int yetmapped, int*
permissions)
{
- SecurityToken st;
- char authType[16];
int providedMask;
+ securityToken.setServer (Server::getInstance ());
+ securityToken.setSysDirectory
((string*)&(td->connection->host->getSystemRoot ()));
+
+ securityToken.setVhost (td->connection->host);
+
try
{
- st.authType = authType;
- st.authTypeLen = 16;
- st.td = td;
- FilesUtility::splitPath(filename, directory, file);
+ FilesUtility::splitPath (filename, directory, file);
+ FilesUtility::completePath (directory);
+
+ securityToken.setResource (&filenamePath);
+ securityToken.setDirectory (&directory);
+
/*!
*td->filenamePath is the file system mapped path while filename
*is the uri requested.
@@ -414,71 +421,53 @@
((HttpUserData*)(td->connection->protocolBuffer))->reset();
}
+ string user;
+ string password;
+
if(td->request.auth.length())
{
- st.user = td->connection->getLogin();
- st.password = td->connection->getPassword();
- st.directory = directory.c_str();
- st.sysdirectory = td->getVhostSys();
- st.filename = file.c_str();
- st.requiredPassword =
- ((HttpUserData*)td->connection->protocolBuffer)->requiredPassword;
- st.providedMask = &providedMask;
- staticHttp.secCacheMutex.lock();
- try
- {
- *permissions = staticHttp.secCache.getPermissionMask(&st);
- staticHttp.secCacheMutex.unlock();
- }
- catch(...)
- {
- staticHttp.secCacheMutex.unlock();
- throw;
- };
+ user.assign (td->connection->getLogin());
+ password.assign (td->connection->getPassword ());
}
- else/*! The default user is Guest with a null password. */
+ else
{
- st.user = "Guest";
- st.password = "";
- st.directory = directory.c_str();
- st.sysdirectory = td->getVhostSys();
- st.filename = file.c_str();
- st.requiredPassword = 0;
- st.providedMask = 0;
- staticHttp.secCacheMutex.lock();
- try
- {
- *permissions = staticHttp.secCache.getPermissionMask(&st);
- staticHttp.secCacheMutex.unlock();
- }
- catch(...)
- {
- staticHttp.secCacheMutex.unlock();
- throw;
- };
+ /* The default user is Guest with a null password. */
+ user.assign ("Guest");
+ password.assign ("");
}
- if(*permissions == -1)
- {
- td->connection->host->warningsLogRequestAccess(td->id);
- td->connection->host->warningsLogWrite(
- "Http: Error reading security file");
- td->connection->host->warningsLogTerminateAccess(td->id);
- return 500;
- }
+
+ securityToken.setUser (user);
+ securityToken.setPassword (password);
+
+ AuthDomain auth (&securityToken);
+ HttpReqSecurityDomain httpReqSecDom (&(td->request));
+
+ string xml ("xml");//FIXME: don't hardly-code "xml".
+ SecurityDomain* domains[] = {&auth, &httpReqSecDom, NULL};
+
+ Server::getInstance()->getSecurityManager ()->getPermissionMask
(&securityToken, domains, xml, xml);
+
+ const char *authType = securityToken.getHashedData ("http.auth",
MYSERVER_SECURITY_CONF |
+ MYSERVER_VHOST_CONF |
+ MYSERVER_SERVER_CONF);
+ *permissions = securityToken.getMask ();
+
/*! Check if we have to use digest for the current directory. */
- if(!strcmpi(authType, "Digest"))
+ if(authType && !strcmpi(authType, "Digest"))
{
+ HttpUserData* hud = (HttpUserData*)td->connection->protocolBuffer;
+
if(!td->request.auth.compare("Digest"))
{
- if(!((HttpUserData*)td->connection->protocolBuffer)->digestChecked)
- ((HttpUserData*)td->connection->protocolBuffer)->digest =
- checkDigest();
- ((HttpUserData*)td->connection->protocolBuffer)->digestChecked = 1;
- if(((HttpUserData*)td->connection->protocolBuffer)->digest == 1)
+ if(!hud->digestChecked)
+ hud->digest = checkDigest();
+
+ hud->digestChecked = 1;
+
+ if(hud->digest == 1)
{
- td->connection->setPassword(
-
((HttpUserData*)td->connection->protocolBuffer)->requiredPassword);
- *permissions = providedMask;
+ td->connection->setPassword (securityToken.getNeededPassword
().c_str ());
+ *permissions = securityToken.getProvidedMask ();
}
}
td->authScheme = HTTP_AUTH_SCHEME_DIGEST;
@@ -488,46 +477,19 @@
{
td->authScheme = HTTP_AUTH_SCHEME_BASIC;
}
- /*! If there are no permissions, use the Guest permissions. */
- if(td->request.auth.length() && (*permissions==0))
- {
- st.user = "Guest";
- st.password = "";
- st.directory = directory.c_str();
- st.sysdirectory = td->getVhostSys();
- st.filename = file.c_str();
- st.requiredPassword = 0;
- st.providedMask = 0;
- staticHttp.secCacheMutex.lock();
- try
- {
- *permissions = staticHttp.secCache.getPermissionMask(&st);
- staticHttp.secCacheMutex.unlock();
- }
- catch(...)
- {
- staticHttp.secCacheMutex.unlock();
- throw;
- };
- }
- if(*permissions == -1)
- {
- td->connection->host->warningsLogRequestAccess(td->id);
- td->connection->host->warningsLogWrite(
- "Http: Error reading security file");
- td->connection->host->warningsLogTerminateAccess(td->id);
- return 500;
- }
}
catch(...)
{
return 500;
}
+ const char *tr = securityToken.getHashedData ("connection.throttling",
MYSERVER_SECURITY_CONF |
+ MYSERVER_VHOST_CONF |
+ MYSERVER_SERVER_CONF);
/*! If a throttling rate was specifed use it. */
- if(st.throttlingRate != -1)
- td->connection->socket->setThrottling(st.throttlingRate);
+ if(tr)
+ td->connection->socket->setThrottling( atoi (tr));
return 200;
}
@@ -543,6 +505,9 @@
{
string directory;
string file;
+ int filenamePathLen;
+ string dirscan;
+
try
{
if(td->request.isKeepAlive())
@@ -550,6 +515,73 @@
td->response.connection.assign( "keep-alive");
}
+ /*!
+ *Get the PATH_INFO value.
+ *Use dirscan as a buffer for put temporary directory scan.
+ *When an '/' character is present check if the path up to '/' character
+ *is a file. If it is a file send the rest of the uri as PATH_INFO.
+ */
+ td->pathInfo.assign("");
+ td->pathTranslated.assign("");
+ filenamePathLen = (int)td->filenamePath.length();
+ dirscan.assign("");
+
+ for(int i = 0, len = 0; i < filenamePathLen ; i++)
+ {
+ /*!
+ *http://host/pathtofile/filetosend.php/PATH_INFO_VALUE?QUERY_INFO_VALUE
+ *When a request has this form send the file filetosend.php with the
+ *environment string PATH_INFO equals to PATH_INFO_VALUE and QUERY_INFO
+ *to QUERY_INFO_VALUE.
+ *
+ *If there is the '/' character check if dirscan is a file.
+ */
+ if(i && (td->filenamePath[i] == '/'))
+ {
+ /*!
+ *If the token is a file.
+ */
+ if(!FilesUtility::isDirectory(dirscan.c_str()))
+ {
+ td->pathInfo.assign((char*) & (td->filenamePath[i]));
+ td->filenamePath.assign(dirscan);
+ break;
+ }
+ }
+
+ if(len + 1 < filenamePathLen)
+ {
+ char db[2];
+ db[0] = (td->filenamePath)[i];
+ db[1] = '\0';
+ dirscan.append(db);
+ }
+ }
+
+ /*!
+ *If there is a PATH_INFO value the get the PATH_TRANSLATED too.
+ *PATH_TRANSLATED is the local filesystem mapped version of PATH_INFO.
+ */
+ if(td->pathInfo.length() > 1)
+ {
+ int ret;
+ /*!
+ *Start from the second character because the first is a
+ *slash character.
+ */
+ ret = getPath(td->pathTranslated, &((td->pathInfo.c_str())[1]), 0);
+
+ if(ret != 200)
+ td->pathTranslated.assign("");
+ else
+ FilesUtility::completePath(td->pathTranslated);
+ }
+ else
+ {
+ td->pathTranslated.assign("");
+ }
+ FilesUtility::completePath(td->filenamePath);
+
return getFilePermissions(filename, directory, file,
td->filenamePath, yetmapped, permissions);
}
@@ -632,7 +664,7 @@
md5.init();
td->buffer2->setLength(0);
*td->buffer2 << td->request.digestUsername << ":" << td->request.digestRealm
- << ":" <<
((HttpUserData*)td->connection->protocolBuffer)->requiredPassword;
+ << ":" << securityToken.getNeededPassword();
md5.update((unsigned char const*)td->buffer2->getBuffer(),
(unsigned int)td->buffer2->getLength());
@@ -692,7 +724,6 @@
nonce[0] = '\0';
cnonce[0] = '\0';
digestChecked = 0;
- requiredPassword[0] = '\0';
nc = 0;
digest = 0;
}
@@ -709,8 +740,6 @@
*/
string filename;
int permissions;
- string dirscan;
- int filenamePathLen;
string data;
int mimecmd;
time_t lastMT;
@@ -743,77 +772,7 @@
return raiseHTTPError(ret);
}
- /* The security file doesn't exist in any case. */
- if(!strcmpi(file.c_str(), "security"))
- return raiseHTTPError(404);
-
/*!
- *Get the PATH_INFO value.
- *Use dirscan as a buffer for put temporary directory scan.
- *When an '/' character is present check if the path up to '/' character
- *is a file. If it is a file send the rest of the uri as PATH_INFO.
- */
- td->pathInfo.assign("");
- td->pathTranslated.assign("");
- filenamePathLen = (int)td->filenamePath.length();
- dirscan.assign("");
- for(int i = 0, len = 0; i < filenamePathLen ; i++)
- {
- /*!
- *http://host/pathtofile/filetosend.php/PATH_INFO_VALUE?QUERY_INFO_VALUE
- *When a request has this form send the file filetosend.php with the
- *environment string PATH_INFO equals to PATH_INFO_VALUE and QUERY_INFO
- *to QUERY_INFO_VALUE.
- *
- *If there is the '/' character check if dirscan is a file.
- */
- if(i && (td->filenamePath[i] == '/'))
- {
- /*!
- *If the token is a file.
- */
- if(!FilesUtility::isDirectory(dirscan.c_str()))
- {
- td->pathInfo.assign((char*) & (td->filenamePath[i]));
- td->filenamePath.assign(dirscan);
- break;
- }
- }
-
- if(len + 1 < filenamePathLen)
- {
- char db[2];
- db[0] = (td->filenamePath)[i];
- db[1] = '\0';
- dirscan.append(db);
- }
- }
-
- /*!
- *If there is a PATH_INFO value the get the PATH_TRANSLATED too.
- *PATH_TRANSLATED is the local filesystem mapped version of PATH_INFO.
- */
- if(td->pathInfo.length() > 1)
- {
- int ret;
- /*!
- *Start from the second character because the first is a
- *slash character.
- */
- ret = getPath(td->pathTranslated, &((td->pathInfo.c_str())[1]), 0);
-
- if(ret != 200)
- td->pathTranslated.assign("");
- else
- FilesUtility::completePath(td->pathTranslated);
- }
- else
- {
- td->pathTranslated.assign("");
- }
- FilesUtility::completePath(td->filenamePath);
-
- /*!
*If there are not any extension then we do one of this in order:
*1)We send the default files in the directory in order.
*2)We send the directory content.
@@ -1967,7 +1926,6 @@
{
try
{
- string defFile;
int ret = 0;
string time;
ostringstream errorFile;
@@ -2005,23 +1963,16 @@
}
td->response.httpStatus = ID;
- staticHttp.secCacheMutex.lock();
- /*!
- *The specified error file name must be in the web directory
- *of the virtual host.
- */
- if(td->connection->host)
- ret = staticHttp.secCache.getErrorFileName(td->getVhostDir(),
- ID,
- td->getVhostSys(),
- defFile);
- else
- ret = -1;
- staticHttp.secCacheMutex.unlock();
+ char errorName [32];
+ sprintf (errorName, "http.error.file.%i", ID);
- if(ret > 0)
+ const char *defErrorFile = securityToken.getHashedData (errorName,
MYSERVER_SECURITY_CONF |
+
MYSERVER_VHOST_CONF |
+
MYSERVER_SERVER_CONF);
+
+ if (defErrorFile)
{
ostringstream nURL;
int isPortSpecified = 0;
@@ -2044,7 +1995,7 @@
if(nURL.str()[nURL.str().length()-1] != '/')
nURL << "/";
- nURL << defFile;
+ nURL << defErrorFile;
if(td->pathInfo.length())
nURL << "/" << td->pathInfo;
@@ -2365,8 +2316,6 @@
string pluginsResource(Server::getInstance()->getExternalPath());
xmlDocPtr xmlDoc = configurationFileManager->getDoc();
- staticHttp.secCacheMutex.init();
-
/*
*Store defaults value.
*By default use GZIP with files bigger than a MB.
@@ -2486,10 +2435,6 @@
HttpDir::unLoad();
- staticHttp.secCache.free();
-
- staticHttp.secCacheMutex.destroy();
-
staticHttp.defaultFilename.clear();
staticHttp.browseDirCSSpath.assign("");
Added: trunk/myserver/src/protocol/http/http_req_security_domain.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http_req_security_domain.cpp
(rev 0)
+++ trunk/myserver/src/protocol/http/http_req_security_domain.cpp
2008-10-04 20:35:08 UTC (rev 2865)
@@ -0,0 +1,42 @@
+/*
+MyServer
+Copyright (C) 2002-2008 Free Software Foundation, Inc.
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <include/protocol/http/http_req_security_domain.h>
+#include <include/conf/security/security_domain.h>
+
+/*!
+ *C'tor.
+ *\param request The HTTP Request object to use.
+ */
+HttpReqSecurityDomain::HttpReqSecurityDomain (HttpRequestHeader *request) :
SecurityDomain ("http_request")
+{
+ this->request = request;
+}
+
+HttpReqSecurityDomain::~HttpReqSecurityDomain ()
+{
+
+}
+
+/*!
+ *\see SecurityDomain#getValue.
+ */
+string *HttpReqSecurityDomain::getValue (string &name)
+{
+ return request->getValue (name.c_str (), NULL);
+}
Modified: trunk/myserver/src/server/server.cpp
===================================================================
--- trunk/myserver/src/server/server.cpp 2008-10-04 19:43:00 UTC (rev
2864)
+++ trunk/myserver/src/server/server.cpp 2008-10-04 20:35:08 UTC (rev
2865)
@@ -74,8 +74,11 @@
*/
Server* Server::instance = 0;
-Server::Server() : connectionsScheduler(this),
- listenThreads(&connectionsScheduler, this)
+Server::Server() : connectionsScheduler (this),
+ listenThreads (&connectionsScheduler, this),
+ authMethodFactory (),
+ validatorFactory (),
+ securityManager (&validatorFactory, &authMethodFactory)
{
toReboot = false;
autoRebootEnabled = true;
@@ -495,6 +498,13 @@
*/
void Server::loadPlugins()
{
+ string xml("xml");
+ //FIXME: xmlV is never freed.
+ XmlValidator *xmlV = new XmlValidator ();
+
+ validatorFactory.addValidator (xml, xmlV);
+ authMethodFactory.addAuthMethod (xml, (AuthMethod*) xmlV);
+
if(filtersFactory.insert("gzip", Gzip::factory))
{
ostringstream stream;
Modified: trunk/myserver/tests/Makefile.am
===================================================================
--- trunk/myserver/tests/Makefile.am 2008-10-04 19:43:00 UTC (rev 2864)
+++ trunk/myserver/tests/Makefile.am 2008-10-04 20:35:08 UTC (rev 2865)
@@ -2,5 +2,5 @@
#
bin_PROGRAMS = tests_suite
-tests_suite_SOURCES = main.cpp test_base64.cpp test_cached_file.cpp
test_cached_file_buffer.cpp test_cached_file_factory.cpp test_connection.cpp
test_connections_scheduler.cpp test_files_utility.cpp test_filter_chain.cpp
test_ftp.cpp test_gzip.cpp test_hashmap.cpp test_homedir.cpp
test_http_request.cpp test_http_response.cpp test_md5.cpp test_mem_buff.cpp
test_mem_stream.cpp test_multicast.cpp test_mutex.cpp test_recursive_mutex.cpp
test_regex.cpp test_pipe.cpp test_safetime.cpp test_semaphore.cpp
test_thread.cpp test_utility.cpp test_log_manager.cpp
test_log_stream_factory.cpp test_socket_stream_creator.cpp
test_file_stream_creator.cpp test_file_stream.cpp
+tests_suite_SOURCES = main.cpp test_connection.cpp test_ftp.cpp
test_log_manager.cpp test_mutex.cpp test_security_domain.cpp test_validator.cpp
test_auth_domain.cpp test_connections_scheduler.cpp test_gzip.cpp
test_log_stream_factory.cpp test_pipe.cpp test_security_manager.cpp
test_validator_factory.cpp test_base64.cpp test_file_stream.cpp
test_hashmap.cpp test_md5.cpp test_recursive_mutex.cpp test_semaphore.cpp
test_xml.cpp test_cached_file_buffer.cpp test_file_stream_creator.cpp
test_homedir.cpp test_mem_buff.cpp test_regex.cpp
test_socket_stream_creator.cpp test_cached_file.cpp test_files_utility.cpp
test_http_request.cpp test_http_req_security_domain.cpp test_mem_stream.cpp
test_safetime.cpp test_thread.cpp test_cached_file_factory.cpp
test_filter_chain.cpp test_http_response.cpp test_multicast.cpp
test_security_cache.cpp test_security_token.cpp test_utility.cpp
test_xml_validator.cpp
tests_suite_LDADD = ../src/libmyserver.a $(CPPUNIT_LDFLAGS) $(PTHREAD_LIB)
$(IDN_LIB) $(XNET_LIB) $(EVENT_LIB) $(DL_LIB) $(OPENSSL_LIB) $(ZLIB_LIB)
$(XML_LIBS) $(LDFLAGS)
Copied: trunk/myserver/tests/test_auth_domain.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_auth_domain.cpp)
===================================================================
--- trunk/myserver/tests/test_auth_domain.cpp (rev 0)
+++ trunk/myserver/tests/test_auth_domain.cpp 2008-10-04 20:35:08 UTC (rev
2865)
@@ -0,0 +1,61 @@
+/*
+ MyServer
+ Copyright (C) 2008 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/auth_domain.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+class TestAuthDomain : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestAuthDomain );
+ CPPUNIT_TEST( testGetName );
+ CPPUNIT_TEST_SUITE_END();
+
+ SecurityToken *secToken;
+ AuthDomain* authDomain;
+public:
+ void setUp()
+ {
+ secToken = new SecurityToken();
+ authDomain = new AuthDomain(secToken);
+ }
+
+ void tearDown()
+ {
+ delete authDomain;
+ delete secToken;
+ }
+
+ void testGetName()
+ {
+ CPPUNIT_ASSERT_EQUAL(authDomain->getName().compare(""), 0);
+ }
+
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestAuthDomain );
Copied: trunk/myserver/tests/test_http_req_security_domain.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_http_req_security_domain.cpp)
===================================================================
--- trunk/myserver/tests/test_http_req_security_domain.cpp
(rev 0)
+++ trunk/myserver/tests/test_http_req_security_domain.cpp 2008-10-04
20:35:08 UTC (rev 2865)
@@ -0,0 +1,82 @@
+/*
+ MyServer
+ Copyright (C) 2008 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ctype.h>
+
+#include <string.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+
+#include <include/protocol/http/http_req_security_domain.h>
+
+#include <iostream>
+using namespace std;
+
+class TestHttpReqSecurityDomain : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestHttpReqSecurityDomain );
+ CPPUNIT_TEST( testConstructor );
+ CPPUNIT_TEST( testGetValue );
+ CPPUNIT_TEST_SUITE_END();
+
+public:
+ void setUp()
+ {
+
+ }
+
+ void tearDown()
+ {
+
+ }
+
+
+ void testConstructor ()
+ {
+ HttpRequestHeader req;
+ HttpReqSecurityDomain *dom = new HttpReqSecurityDomain (&req);
+
+ CPPUNIT_ASSERT_EQUAL (&req, dom->getRequest ());
+
+ delete dom;
+ }
+
+
+ void testGetValue ()
+ {
+ HttpRequestHeader req;
+ const char *name = "My-Header";
+ const char *value = "foo-bar";
+ string nameStr (name);
+ HttpReqSecurityDomain *dom = new HttpReqSecurityDomain (&req);
+
+ req.setValue (name, value);
+
+ string *ret = dom->getValue (nameStr);
+
+ CPPUNIT_ASSERT_EQUAL (ret->compare (value), 0);
+
+ delete dom;
+ }
+
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestHttpReqSecurityDomain );
Copied: trunk/myserver/tests/test_security_cache.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_security_cache.cpp)
===================================================================
--- trunk/myserver/tests/test_security_cache.cpp
(rev 0)
+++ trunk/myserver/tests/test_security_cache.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,90 @@
+/*
+ MyServer
+ Copyright (C) 2008 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/security_cache.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+class TestSecurityCache : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE ( TestSecurityCache );
+ CPPUNIT_TEST ( testMaxNodes );
+ CPPUNIT_TEST ( testGetParser );
+ CPPUNIT_TEST ( testGetSecurityFile );
+ CPPUNIT_TEST_SUITE_END ();
+
+ SecurityCache *secCache;
+public:
+ void setUp ()
+ {
+ secCache = new SecurityCache ();
+ }
+
+ void tearDown ()
+ {
+ delete secCache;
+ }
+
+ void testMaxNodes ()
+ {
+ secCache->setMaxNodes (-10);
+ CPPUNIT_ASSERT_EQUAL (secCache->getMaxNodes (), 1);
+
+ secCache->setMaxNodes (0);
+ CPPUNIT_ASSERT_EQUAL (secCache->getMaxNodes (), 1);
+
+ secCache->setMaxNodes (1);
+ CPPUNIT_ASSERT_EQUAL (secCache->getMaxNodes (), 1);
+
+ secCache->setMaxNodes (10);
+ CPPUNIT_ASSERT_EQUAL (secCache->getMaxNodes (), 10);
+
+ secCache->setMaxNodes (100);
+ CPPUNIT_ASSERT_EQUAL (secCache->getMaxNodes (), 100);
+ }
+
+ void testGetSecurityFile ()
+ {
+ string file("foo/bar/not/exist/in/reality");
+ string out;
+
+ CPPUNIT_ASSERT(secCache->getSecurityFile (file, file, out));
+ }
+
+
+ void testGetParser ()
+ {
+ string dir("foo/bar/not/exist/in/reality");
+ string file("baz");
+ CPPUNIT_ASSERT_EQUAL(secCache->getParser (dir, dir, false),
(XmlParser*)NULL);
+ }
+
+
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION ( TestSecurityCache );
Copied: trunk/myserver/tests/test_security_domain.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_security_domain.cpp)
===================================================================
--- trunk/myserver/tests/test_security_domain.cpp
(rev 0)
+++ trunk/myserver/tests/test_security_domain.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,67 @@
+/*
+ MyServer
+ Copyright (C) 2008 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/security_domain.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+
+class TestSecurityDomain : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestSecurityDomain );
+ CPPUNIT_TEST( testGetValue );
+ CPPUNIT_TEST( testGetName );
+ CPPUNIT_TEST_SUITE_END();
+
+ SecurityDomain* securityDomain;
+public:
+ void setUp()
+ {
+ securityDomain = new SecurityDomain();
+ }
+
+ void tearDown()
+ {
+ delete securityDomain;
+ }
+
+ void testGetName()
+ {
+ string val("value");
+ CPPUNIT_ASSERT_EQUAL(securityDomain->getName().compare(""), 0);
+ }
+
+ void testGetValue()
+ {
+ string val("value");
+ CPPUNIT_ASSERT_EQUAL(securityDomain->getValue(val), (string*)NULL);
+ }
+
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestSecurityDomain );
Copied: trunk/myserver/tests/test_security_manager.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_security_manager.cpp)
===================================================================
--- trunk/myserver/tests/test_security_manager.cpp
(rev 0)
+++ trunk/myserver/tests/test_security_manager.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,64 @@
+/*
+ MyServer
+ Copyright (C) 2008 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/validator_factory.h>
+#include <include/conf/security/auth_method_factory.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+class TestSecurityManager : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestSecurityManager );
+ CPPUNIT_TEST( testGetPermissionMask );
+ CPPUNIT_TEST_SUITE_END();
+
+ AuthMethodFactory authMethodFactory;
+ ValidatorFactory validatorFactory;
+ SecurityManager* securityManager;
+public:
+ void setUp()
+ {
+ securityManager = new SecurityManager(&validatorFactory,
&authMethodFactory);
+ }
+
+ void tearDown()
+ {
+ delete securityManager;
+ }
+
+ void testGetPermissionMask()
+ {
+ SecurityToken secToken;
+ string xml("xml");
+ CPPUNIT_ASSERT_EQUAL(securityManager->getPermissionMask(&secToken,
(list<SecurityDomain*>*)NULL, xml, xml), 0);
+ CPPUNIT_ASSERT_EQUAL(securityManager->getPermissionMask(&secToken,
(SecurityDomain**)NULL, xml, xml), 0);
+ }
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestSecurityManager );
Copied: trunk/myserver/tests/test_security_token.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_security_token.cpp)
===================================================================
--- trunk/myserver/tests/test_security_token.cpp
(rev 0)
+++ trunk/myserver/tests/test_security_token.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,163 @@
+/*
+ MyServer
+ Copyright (C) 2008 Free Software Foundation, Inc.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/security_token.h>
+#include <include/conf/vhost/vhost.h>
+#include <include/server/server.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+
+class TestSecurityToken : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestSecurityToken );
+ CPPUNIT_TEST ( testUser);
+ CPPUNIT_TEST ( testPassword);
+ CPPUNIT_TEST ( testValues );
+ CPPUNIT_TEST ( testDirectory );
+ CPPUNIT_TEST ( testSysDirectory );
+ CPPUNIT_TEST ( testResource );
+ CPPUNIT_TEST ( testMask );
+ CPPUNIT_TEST ( testProvidedMask );
+ CPPUNIT_TEST ( testNeededPassword );
+ CPPUNIT_TEST ( testDone );
+ CPPUNIT_TEST ( testAuthenticated );
+ CPPUNIT_TEST ( testServer );
+ CPPUNIT_TEST ( testVhost );
+ CPPUNIT_TEST_SUITE_END();
+
+ SecurityToken* securityToken;
+public:
+ void setUp()
+ {
+ securityToken = new SecurityToken();
+ }
+
+ void tearDown()
+ {
+ delete securityToken;
+ }
+
+
+ void testUser()
+ {
+ string user ("foo");
+ securityToken->setUser (user);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getUser ().compare (user), 0);
+ }
+
+ void testPassword()
+ {
+ string password ("foo");
+ securityToken->setPassword (password);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getPassword ().compare (password), 0);
+ }
+
+ void testValues ()
+ {
+ CPPUNIT_ASSERT (securityToken->getValues ());
+ }
+
+ void testDirectory ()
+ {
+ string dir ("foo");
+ securityToken->setDirectory (&dir);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getDirectory (), &dir);
+ }
+
+ void testSysDirectory ()
+ {
+ string sysDir ("foo");
+ securityToken->setSysDirectory (&sysDir);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getSysDirectory (), &sysDir);
+ }
+
+ void testResource ()
+ {
+ string resource ("foo");
+ securityToken->setResource (&resource);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getResource (), &resource);
+ }
+
+ void testMask ()
+ {
+ int mask = MYSERVER_PERMISSION_READ;
+ securityToken->setMask (mask);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getMask (), mask);
+ }
+
+ void testProvidedMask ()
+ {
+ int mask = MYSERVER_PERMISSION_READ;
+ securityToken->setProvidedMask (mask);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getProvidedMask (), mask);
+ }
+
+ void testNeededPassword ()
+ {
+ string password ("foo");
+ securityToken->setNeededPassword (password);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getNeededPassword ().compare
(password), 0);
+ }
+
+ void testDone ()
+ {
+ securityToken->setDone (true);
+ CPPUNIT_ASSERT_EQUAL (securityToken->isDone (), true);
+
+ securityToken->setDone (false);
+ CPPUNIT_ASSERT_EQUAL (securityToken->isDone (), false);
+ }
+
+ void testAuthenticated ()
+ {
+ securityToken->setAuthenticated (true);
+ CPPUNIT_ASSERT_EQUAL (securityToken->isAuthenticated (), true);
+
+ securityToken->setAuthenticated (false);
+ CPPUNIT_ASSERT_EQUAL (securityToken->isAuthenticated (), false);
+ }
+
+ void testServer ()
+ {
+ Server *s = (Server*)0x10; //XXX: Dirty but it avoids to use the Singleton
instance.
+ securityToken->setServer (s);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getServer (), s);
+ }
+
+ void testVhost ()
+ {
+ Vhost *v = (Vhost*)0x100; //XXX: Dirty.
+ securityToken->setVhost (v);
+ CPPUNIT_ASSERT_EQUAL (securityToken->getVhost (), v);
+ }
+
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestSecurityToken );
Copied: trunk/myserver/tests/test_validator.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_validator.cpp)
===================================================================
--- trunk/myserver/tests/test_validator.cpp (rev 0)
+++ trunk/myserver/tests/test_validator.cpp 2008-10-04 20:35:08 UTC (rev
2865)
@@ -0,0 +1,61 @@
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/validator.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+class TestValidator : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestValidator );
+ CPPUNIT_TEST( testGetPermissionMask );
+ CPPUNIT_TEST( testGetPermissionMaskImpl );
+ CPPUNIT_TEST( testGetValue );
+ CPPUNIT_TEST_SUITE_END();
+
+ Validator* validator;
+public:
+ void setUp()
+ {
+ validator = new Validator ();
+ }
+
+ void tearDown()
+ {
+ delete validator;
+ }
+
+ void testGetValue ()
+ {
+ string val ("value");
+ HashMap<string, SecurityDomain*> hashedDomains;
+ CPPUNIT_ASSERT_EQUAL (validator->getValue (&hashedDomains, val),
(string*)NULL);
+ }
+
+ void testGetPermissionMaskImpl ()
+ {
+ string val ("value");
+ SecurityToken secToken;
+ CPPUNIT_ASSERT_EQUAL (validator->getPermissionMaskImpl (&secToken, NULL,
NULL), 0);
+
+ }
+
+ void testGetPermissionMask ()
+ {
+ string val ("value");
+ SecurityToken secToken;
+ CPPUNIT_ASSERT_EQUAL (validator->getPermissionMask (&secToken,
(SecurityDomain**) NULL, NULL), 0);
+ CPPUNIT_ASSERT_EQUAL (validator->getPermissionMask (&secToken,
(list<SecurityDomain*>*) NULL, NULL), 0);
+ }
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestValidator );
Copied: trunk/myserver/tests/test_validator_factory.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_validator_factory.cpp)
===================================================================
--- trunk/myserver/tests/test_validator_factory.cpp
(rev 0)
+++ trunk/myserver/tests/test_validator_factory.cpp 2008-10-04 20:35:08 UTC
(rev 2865)
@@ -0,0 +1,71 @@
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/validator_factory.h>
+#include <include/conf/security/validator.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+
+class TestValidatorFactory : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestValidatorFactory );
+ CPPUNIT_TEST( testGetValidator );
+ CPPUNIT_TEST( testAddValidator );
+ CPPUNIT_TEST( testIsValidatorPresent );
+ CPPUNIT_TEST_SUITE_END();
+
+ ValidatorFactory* factory;
+public:
+ void setUp()
+ {
+ factory = new ValidatorFactory();
+ }
+
+ void tearDown()
+ {
+ delete factory;
+ }
+
+ void testGetValidator()
+ {
+ string val("foo");
+ CPPUNIT_ASSERT_EQUAL(factory->getValidator(val), (Validator*)NULL);
+
+ }
+
+ void testAddValidator()
+ {
+ string val("bar");
+ Validator *validator = new Validator;
+
+ Validator* old = factory->addValidator(val, validator);
+
+ CPPUNIT_ASSERT_EQUAL(old, (Validator*)NULL);
+ CPPUNIT_ASSERT(factory->getValidator(val));
+ }
+
+ void testIsValidatorPresent()
+ {
+ string val("bar");
+ Validator *validator = new Validator;
+
+
+ CPPUNIT_ASSERT_EQUAL(factory->isValidatorPresent(val), false);
+
+ factory->addValidator(val, validator);
+
+ CPPUNIT_ASSERT_EQUAL(factory->isValidatorPresent(val), true);
+ }
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestValidatorFactory );
Copied: trunk/myserver/tests/test_xml_validator.cpp (from rev 2864,
branches/myserver_sec_new/tests/test_xml_validator.cpp)
===================================================================
--- trunk/myserver/tests/test_xml_validator.cpp (rev 0)
+++ trunk/myserver/tests/test_xml_validator.cpp 2008-10-04 20:35:08 UTC (rev
2865)
@@ -0,0 +1,62 @@
+#include <ctype.h>
+
+#include <cppunit/CompilerOutputter.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <cppunit/ui/text/TestRunner.h>
+#include <cppunit/extensions/HelperMacros.h>
+
+#include <include/conf/security/security_manager.h>
+#include <include/conf/security/xml_validator.h>
+
+#include <string.h>
+
+#include <iostream>
+using namespace std;
+
+class TestXmlValidator : public CppUnit::TestFixture
+{
+ CPPUNIT_TEST_SUITE( TestXmlValidator );
+ CPPUNIT_TEST( testGetPermissionMask );
+ CPPUNIT_TEST( testGetPermissionMaskImpl );
+ CPPUNIT_TEST( testGetValue );
+ CPPUNIT_TEST_SUITE_END();
+
+ XmlValidator* xmlValidator;
+public:
+ void setUp()
+ {
+ xmlValidator = new XmlValidator();
+ }
+
+ void tearDown()
+ {
+ delete xmlValidator;
+ }
+
+ void testGetValue()
+ {
+ string val("value");
+ HashMap<string, SecurityDomain*> hashedDomains;
+
+ CPPUNIT_ASSERT_EQUAL(xmlValidator->getValue(&hashedDomains, val),
(string*)NULL);
+
+ }
+
+ void testGetPermissionMaskImpl()
+ {
+ string val("value");
+ SecurityToken secToken;
+ CPPUNIT_ASSERT_EQUAL(xmlValidator->getPermissionMaskImpl(&secToken, NULL,
NULL), 0);
+
+ }
+
+ void testGetPermissionMask()
+ {
+ SecurityToken secToken;
+ CPPUNIT_ASSERT_EQUAL (xmlValidator->getPermissionMask (&secToken,
(SecurityDomain**) NULL, NULL), 0);
+ CPPUNIT_ASSERT_EQUAL (xmlValidator->getPermissionMask (&secToken,
(list<SecurityDomain*>*) NULL, NULL), 0);
+ }
+};
+
+
+CPPUNIT_TEST_SUITE_REGISTRATION( TestXmlValidator );
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [2865] New security implementation merged to trunk from the `myserver_sec_new' branch.,
Giuseppe Scrivano <=