From 756b42cb0e52b837c1ec3a02970424134b8d3cf6 Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Mon, 24 May 2021 02:57:09 -0400 Subject: [PATCH 01/19] Some prototype RBAC checking + unfinished comments Signed-off-by: Leanid Astrakou --- c/httpserver.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/c/httpserver.c b/c/httpserver.c index 7d46e461a..27fe104d7 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -2516,6 +2516,8 @@ static int safAuthenticate(HttpService *service, HttpRequest *request, AuthRespo printf("u: '%s' p: '%s'\n",request->username,request->password); #endif #endif + printf("SAF auth for user: '%s'\n", request->username); + printf("u: '%s' p: '%s'\n",request->username,request->password); if (isLowerCasePasswordAllowed() || isPassPhrase(request->password)) { #ifdef DEBUG printf("mixed-case system or a pass phrase, not upfolding password\n"); @@ -3004,6 +3006,7 @@ static int serviceAuthNativeWithSessionToken(HttpService *service, HttpRequest * response->sessionCookie = NULL; AUTH_TRACE("AUTH: tokenCookieText: %s\n",(tokenCookieText ? tokenCookieText : "")); + printf("AUTH data: %d\n\n", authDataFound); int returnCode = 0; int reasonCode = 0; int retVal = 0; @@ -3400,6 +3403,7 @@ static int handleHttpService(HttpServer *server, switch (service->authType){ case SERVICE_AUTH_NONE: + request->authenticated = TRUE; break; case SERVICE_AUTH_SAF: @@ -3410,7 +3414,9 @@ static int handleHttpService(HttpServer *server, #ifdef DEBUG printf("saf auth needed for service %s\n",service->name); #endif + printf("\n\nThis should happen before safAuthenticate\n\n"); request->authenticated = safAuthenticate(service, request, &authResponse); + printf("\n\nThis should happen after safAuthenticate - %d\n\n", request->authenticated); break; case SERVICE_AUTH_CUSTOM: #ifdef DEBUG @@ -3419,6 +3425,25 @@ static int handleHttpService(HttpServer *server, request->authenticated = FALSE; break; case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN: + if (conversation->parser) { + HttpRequestParser *parser = conversation->parser; + char *method = safeMalloc(1024, "method"); + char *uri = safeMalloc(1024, "uri"); + snprintf(uri, 1024, "%s", request->uri); + snprintf(method, 1024, "%s", request->method); + destructivelyNativize(uri); + destructivelyNativize(method); + char *profileName = safeMalloc(1024, "profileName"); + // TODO: Remove printf's (not ready for merge) + printf("\n\n\nURI, METHOD, PROFILENAME PRE CONVERSION: %s - %s - %s - (old) %s\n\n", uri, method, profileName, request->uri); + getProfileNameFromRequest(profileName, uri, method, -1); + printf("\n\n\nURI, METHOD, PROFILENAME POST CONVERSION %s - %s - %s\n\n", uri, method, profileName); + int rc = serveAuthCheckByParams(service, request->username, "ZOWE", profileName, 2); + printf("\n\n\nRC STATUS: %d - profileName %s\n\n", rc, profileName); + if (rc != 0) { + respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); + } + } switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: From 37a9bd7cf2f962e1b30065f82fccc4d9af1062db Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Mon, 24 May 2021 17:49:30 -0400 Subject: [PATCH 02/19] request->username works properly Signed-off-by: Leanid Astrakou --- c/httpserver.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 27fe104d7..576c1727a 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3425,10 +3425,25 @@ static int handleHttpService(HttpServer *server, request->authenticated = FALSE; break; case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN: + switch (server->config->authTokenType) { + case SERVICE_AUTH_TOKEN_TYPE_JWT: + case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: + request->authenticated = serviceAuthWithJwt(service, request, response); + + if (request->authenticated || + service->server->config->authTokenType + != SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK) { + break; + } /* else fall through */ + case SERVICE_AUTH_TOKEN_TYPE_LEGACY: + request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); + break; + } if (conversation->parser) { HttpRequestParser *parser = conversation->parser; char *method = safeMalloc(1024, "method"); char *uri = safeMalloc(1024, "uri"); + char *username = safeMalloc(1024, "username"); snprintf(uri, 1024, "%s", request->uri); snprintf(method, 1024, "%s", request->method); destructivelyNativize(uri); @@ -3444,20 +3459,6 @@ static int handleHttpService(HttpServer *server, respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); } } - switch (server->config->authTokenType) { - case SERVICE_AUTH_TOKEN_TYPE_JWT: - case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: - request->authenticated = serviceAuthWithJwt(service, request, response); - - if (request->authenticated || - service->server->config->authTokenType - != SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK) { - break; - } /* else fall through */ - case SERVICE_AUTH_TOKEN_TYPE_LEGACY: - request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); - break; - } break; } #ifdef DEBUG From d11786a6a612bfd0efe017e18468964ec9c5455a Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Tue, 25 May 2021 12:12:14 -0400 Subject: [PATCH 03/19] Removed logging for TSO credentials Signed-off-by: Leanid Astrakou --- c/httpserver.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 576c1727a..fbdf957dc 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -2516,8 +2516,6 @@ static int safAuthenticate(HttpService *service, HttpRequest *request, AuthRespo printf("u: '%s' p: '%s'\n",request->username,request->password); #endif #endif - printf("SAF auth for user: '%s'\n", request->username); - printf("u: '%s' p: '%s'\n",request->username,request->password); if (isLowerCasePasswordAllowed() || isPassPhrase(request->password)) { #ifdef DEBUG printf("mixed-case system or a pass phrase, not upfolding password\n"); From 552f551295be87081241c409870047c8c2914335 Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Mon, 31 May 2021 19:29:00 -0400 Subject: [PATCH 04/19] Change up switch case logic to handle backwards compatibility Signed-off-by: Leanid Astrakou --- c/httpserver.c | 24 ++++++++++++++++++++++-- h/httpserver.h | 1 + 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index fbdf957dc..cafd8cff7 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3398,6 +3398,7 @@ static int handleHttpService(HttpServer *server, AuthResponse authResponse; + printf("\n\n\nWHAT IS AUTH TYPE? %d\n\n\n", service->authType); switch (service->authType){ case SERVICE_AUTH_NONE: @@ -3422,7 +3423,23 @@ static int handleHttpService(HttpServer *server, #endif request->authenticated = FALSE; break; - case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN: + case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC: + switch (server->config->authTokenType) { + case SERVICE_AUTH_TOKEN_TYPE_JWT: + case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: + request->authenticated = serviceAuthWithJwt(service, request, response); + + if (request->authenticated || + service->server->config->authTokenType + != SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK) { + break; + } /* else fall through */ + case SERVICE_AUTH_TOKEN_TYPE_LEGACY: + request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); + break; + } + break; + default: /* Type was not found, checking custom handlers */ switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: @@ -3457,7 +3474,6 @@ static int handleHttpService(HttpServer *server, respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); } } - break; } #ifdef DEBUG printf("service=%s authenticated=%d\n",service->name,request->authenticated); @@ -3501,6 +3517,10 @@ static int handleHttpService(HttpServer *server, */ } +/* static struct registerAuthHandlers() { + return NULL; +} */ + HttpConversation *makeHttpConversation(SocketExtension *socketExtension, HttpServer *server){ HttpConversation *conversation = (HttpConversation*)safeMalloc31(sizeof(HttpConversation),"HttpConversation"); diff --git a/h/httpserver.h b/h/httpserver.h index 053f52bdb..fbb55f38a 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -48,6 +48,7 @@ #define SERVICE_AUTH_SAF 2 #define SERVICE_AUTH_CUSTOM 3 /* done by service */ #define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN 4 +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC 5 #define SERVICE_AUTH_TOKEN_TYPE_LEGACY 0 #define SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK 1 From 56d3941a822b1a76702b921f06256650b1e5783a Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Thu, 3 Jun 2021 00:55:51 -0400 Subject: [PATCH 05/19] Moved core RBAC auth code from zowe-common-c into ZSS Signed-off-by: Leanid Astrakou --- c/httpserver.c | 22 +++++----------------- h/httpserver.h | 13 ++++++++++--- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index cafd8cff7..34745ca78 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -1545,6 +1545,7 @@ HttpServer *makeHttpServer3(STCBase *base, #endif server->config = (HttpServerConfig*)safeMalloc31(sizeof(HttpServerConfig),"HttpServerConfig"); + server->authHandler = (HttpAuthHandler*)safeMalloc31(sizeof(HttpAuthHandler),"HttpAuthHandler"); server->properties = htCreate(4001,stringHash,stringCompare,NULL,NULL); memset(server->config,0,sizeof(HttpServerConfig)); @@ -3417,12 +3418,12 @@ static int handleHttpService(HttpServer *server, request->authenticated = safAuthenticate(service, request, &authResponse); printf("\n\nThis should happen after safAuthenticate - %d\n\n", request->authenticated); break; - case SERVICE_AUTH_CUSTOM: + /* case SERVICE_AUTH_CUSTOM: - Safe to remove? #ifdef DEBUG printf("CUSTOM auth not yet supported\n"); #endif request->authenticated = FALSE; - break; + break; */ case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC: switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: @@ -3454,22 +3455,9 @@ static int handleHttpService(HttpServer *server, request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); break; } + /* TODO: authHandlers needs to be an array of structs, not just 1 custom type */ if (conversation->parser) { - HttpRequestParser *parser = conversation->parser; - char *method = safeMalloc(1024, "method"); - char *uri = safeMalloc(1024, "uri"); - char *username = safeMalloc(1024, "username"); - snprintf(uri, 1024, "%s", request->uri); - snprintf(method, 1024, "%s", request->method); - destructivelyNativize(uri); - destructivelyNativize(method); - char *profileName = safeMalloc(1024, "profileName"); - // TODO: Remove printf's (not ready for merge) - printf("\n\n\nURI, METHOD, PROFILENAME PRE CONVERSION: %s - %s - %s - (old) %s\n\n", uri, method, profileName, request->uri); - getProfileNameFromRequest(profileName, uri, method, -1); - printf("\n\n\nURI, METHOD, PROFILENAME POST CONVERSION %s - %s - %s\n\n", uri, method, profileName); - int rc = serveAuthCheckByParams(service, request->username, "ZOWE", profileName, 2); - printf("\n\n\nRC STATUS: %d - profileName %s\n\n", rc, profileName); + int rc = service->server->authHandler->authFunction(conversation, request, service); if (rc != 0) { respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); } diff --git a/h/httpserver.h b/h/httpserver.h index fbb55f38a..ad48be87d 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -44,11 +44,11 @@ #define SERVICE_TYPE_PROXY 5 #define SERVICE_TYPE_FILES_SECURE 6 +/* TODO: These need to become strings so they can be more mobile i.e. "NATIVE_WITH_SESSION_TOKEN" */ #define SERVICE_AUTH_NONE 1 #define SERVICE_AUTH_SAF 2 -#define SERVICE_AUTH_CUSTOM 3 /* done by service */ -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN 4 -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC 5 +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN 3 +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC 4 #define SERVICE_AUTH_TOKEN_TYPE_LEGACY 0 #define SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK 1 @@ -147,6 +147,7 @@ typedef int HttpServiceServe(struct HttpService_tag *service, HttpResponse *resp typedef int AuthExtract(struct HttpService_tag *service, HttpRequest *request); typedef int AuthValidate(struct HttpService_tag *service, HttpRequest *request); typedef int HttpServiceInsertCustomHeaders(struct HttpService_tag *service, HttpResponse *response); +typedef int AuthHandle(); /* returns HTTP_SERVICE_SUCCESS or other fail codes in same group @@ -208,6 +209,11 @@ typedef struct HttpService_tag{ int authFlags; } HttpService; +typedef struct HttpAuthHandler_tag{ + char *type; + AuthHandle *authFunction; +} HttpAuthHandler; + typedef struct HTTPServerConfig_tag { int port; HttpService *serviceList; @@ -230,6 +236,7 @@ typedef struct HttpServer_tag{ uint64 serverInstanceUID; /* may be something smart at some point. Now just startup STCK */ void *sharedServiceMem; /* address shared by all HttpServices */ hashtable *loggingIdsByName; /* contains a map of pluginID -> loggingID */ + HttpAuthHandler *authHandler; /* TODO: Needs to be an array of handlers */ } HttpServer; typedef struct WSReadMachine_tag{ From f6d670dffbd061a2ba23a114ddb3be99ca853846 Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Sun, 6 Jun 2021 22:39:11 -0400 Subject: [PATCH 06/19] Made authHandlers into an array of structs Signed-off-by: Leanid Astrakou --- c/httpserver.c | 195 +++++++++++++++++++++++++++++-------------------- h/httpserver.h | 2 +- 2 files changed, 115 insertions(+), 82 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index d56ccbdba..e9be8b293 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -1545,7 +1545,6 @@ HttpServer *makeHttpServer3(STCBase *base, #endif server->config = (HttpServerConfig*)safeMalloc31(sizeof(HttpServerConfig),"HttpServerConfig"); - server->authHandler = (HttpAuthHandler*)safeMalloc31(sizeof(HttpAuthHandler),"HttpAuthHandler"); server->properties = htCreate(4001,stringHash,stringCompare,NULL,NULL); memset(server->config,0,sizeof(HttpServerConfig)); @@ -3455,11 +3454,16 @@ static int handleHttpService(HttpServer *server, request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); break; } - /* TODO: authHandlers needs to be an array of structs, not just 1 custom type */ - if (conversation->parser) { - int rc = service->server->authHandler->authFunction(conversation, request, service); - if (rc != 0) { - respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); + int size = sizeof server->authHandler / sizeof server->authHandler[0]; + for (int i = 0; i < size; i++) { + if (server->authHandler[i] != NULL) { + if (strcmp(server->authHandler[i]->type, "NATIVE_WITH_SESSION_TOKEN") == 0) + int rc = service->server->authHandler[0]->authFunction(conversation, request, service); + if (rc != 0) { + respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); + } + } else { + i = size; } } } @@ -3883,87 +3887,116 @@ HttpRequestParam *getCheckedParam(HttpRequest *request, char *paramName){ return NULL; } -static char *getMimeType2(char *extension, int *isBinary, int dotPos, int ccsid); +static char *getMimeType2(char *extension, int *isBinary, int dotPos); char *getMimeType(char *extension, int *isBinary) { - getMimeType2(extension, isBinary, FALSE, -1); -} - -typedef struct MimeType_tag { - char *extension; - char *mimeType; - int isBinary; -} MimeType; - -static MimeType MIME_TYPES[] = { - {"js", "text/javascript", FALSE}, - {"json", "application/json", FALSE}, - {"ts", "text/typescript", FALSE}, - {"c", "text/plain", FALSE}, - {"py", "text/plain", FALSE}, - {"cbl", "text/plain", FALSE}, - {"asm", "text/plain", FALSE}, - {"cpp", "text/plain", FALSE}, - {"csv", "text/csv", FALSE}, - {"h", "text/plain", FALSE}, - {"log", "text/plain", FALSE}, - {"env", "text/plain", FALSE}, - {"html", "text/html", FALSE}, - {"htm", "text/html", FALSE}, - {"css", "text/css", FALSE}, - {"md", "text/markdown", FALSE}, - {"sh", "application/x-sh", FALSE}, - {"bin", "application/octet-stream", TRUE}, - {"gz", "application/gzip", TRUE}, - {"jar", "application/java-archive", TRUE}, - {"tar", "application/x-tar", TRUE}, - {"gif", "image/gif", TRUE}, - {"png", "image/png", TRUE}, - {"jpg", "image/jpg", TRUE}, - {"bmp", "image/bmp", TRUE}, - {"mpg", "video/mpeg", TRUE}, - {"woff2", "application/font-woff2", TRUE}, - {"ttf", "application/font-ttf", TRUE}, - {"avi", "video/x-msvideo", TRUE}, - {"doc", "application/msword", TRUE }, - {"docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", TRUE}, - {"mp3", "audio/mpeg", TRUE}, - {"jsonld", "application/ld+json", TRUE}, - {"pdf", "application/pdf", TRUE}, - {"xls", "application/vnd.ms-excel", TRUE}, - {"zip", "application/zip", TRUE}, - {"7z", "application/x-7z-compressed", TRUE}, - {"webm", "video/webm", TRUE} -}; - -#define MIME_TYPE_COUNT sizeof(MIME_TYPES)/sizeof(MIME_TYPES[0]) - -static MimeType *findMimeTypeByExtension(const char *extention) { - for (int i = 0; i < MIME_TYPE_COUNT; i++) { - if (0 == strcmp(extention, MIME_TYPES[i].extension)) { - return &MIME_TYPES[i]; - } - } - return NULL; + getMimeType2(extension, isBinary, FALSE); } -static char *getMimeType2(char *extension, int *isBinary, int isDotFile, int ccsid){ - bool isTaggedAsText = (ccsid > 0); - if (isDotFile) { +static char *getMimeType2(char *extension, int *isBinary, int isDotFile){ + if (!strcmp(extension,"js")){ *isBinary = FALSE; - return "text/plain"; - } - MimeType *mimeType = findMimeTypeByExtension(extension); - if (mimeType) { - *isBinary = isTaggedAsText ? FALSE : mimeType->isBinary; - return mimeType->mimeType; - } - if (isTaggedAsText) { + return "text/javascript"; + } else if (!strcmp(extension,"ts")){ + *isBinary = FALSE; + return "text/typescript"; + } else if (!strcmp(extension,"txt") || + !strcmp(extension,"c") || !strcmp(extension,"py") || !strcmp(extension,"rexx") || + !strcmp(extension,"cbl") || !strcmp(extension,"cpy") || !strcmp(extension,"asm") || + !strcmp(extension,"cpp") || !strcmp(extension,"h") || !strcmp(extension,"log") || + !strcmp(extension,"env") || + (isDotFile == TRUE)){ *isBinary = FALSE; return "text/plain"; + } else if (!strcmp(extension,"html") || + !strcmp(extension,"htm")){ + *isBinary = FALSE; + return "text/html"; + } else if (!strcmp(extension,"css")){ + *isBinary = FALSE; + return "text/css"; + } else if(!strcmp(extension,"md")) { + *isBinary = FALSE; + return "text/markdown"; + } else if(!strcmp(extension,"bin")) { + *isBinary = TRUE; + return "application/octet-stream"; + } else if(!strcmp(extension,"gz")) { + *isBinary = TRUE; + return "application/gzip"; + } else if(!strcmp(extension,"jar")) { + *isBinary = TRUE; + return "application/java-archive"; + } else if(!strcmp(extension,"json")) { + *isBinary = FALSE; + return "application/json"; + } else if(!strcmp(extension,"sh")) { + *isBinary = FALSE; + return "application/x-sh"; + } else if(!strcmp(extension,"tar")) { + *isBinary = TRUE; + return "application/x-tar"; + } else if (!strcmp(extension,"gif")){ + *isBinary = TRUE; + return "image/gif"; + } else if (!strcmp(extension,"jpg")){ + *isBinary = TRUE; + return "image/jpeg"; + } else if (!strcmp(extension,"png")){ + *isBinary = TRUE; + return "image/png"; + } else if (!strcmp(extension,"mpg")){ + *isBinary = TRUE; + return "video/mpeg"; + } else if (!strcmp(extension,"woff2")){ + *isBinary = TRUE; + return "application/font-woff2"; + } else if (!strcmp(extension,"ttf")){ + *isBinary = TRUE; + return "application/font-ttf"; + } else if(!strcmp(extension,"avi")) { + *isBinary = TRUE; + return "video/x-msvideo"; + } else if(!strcmp(extension,"bmp")) { + *isBinary = TRUE; + return "image/bmp"; + } else if(!strcmp(extension,"csv")) { + *isBinary = FALSE; + return "text/csv"; + } else if(!strcmp(extension,"doc")) { + *isBinary = FALSE; + return "application/msword"; + } else if(!strcmp(extension,"docx")) { + *isBinary = FALSE; + return "application/vnd.openxmlformats-officedocument.wordprocessingml.document"; + } else if(!strcmp(extension,"mp3")) { + *isBinary = TRUE; + return "audio/mpeg"; + } else if(!strcmp(extension,"jsonld")) { + *isBinary = TRUE; + return "application/ld+json"; + } else if(!strcmp(extension,"pdf")) { + *isBinary = TRUE; + return "application/pdf"; + } else if(!strcmp(extension,"xls")) { + *isBinary = FALSE; + return "application/vnd.ms-excel"; + } else if(!strcmp(extension,"zip")) { + *isBinary = TRUE; + return "application/zip"; + } else if(!strcmp(extension,"7z")) { + *isBinary = TRUE; + return "application/x-7z-compressed"; + } else if(!strcmp(extension,"webm")) { + *isBinary = TRUE; + return "video/webm"; + } else if(!strcmp(extension,"mp4")) { + *isBinary = TRUE; + return "video/mp4"; + } else{ + *isBinary = TRUE; + return "application/octet-stream"; } - *isBinary = TRUE; - return "application/octet-stream"; } static void respondWithUnixFileInternal(HttpResponse* response, char* absolutePath, int jsonMode, int secureFlag); @@ -4159,11 +4192,11 @@ void respondWithUnixFile2(HttpService* service, HttpResponse* response, char* ab } char *extension = (dotPos == -1) ? "NULL" : absolutePath + dotPos + 1; int isBinary = FALSE; + char *mimeType = getMimeType2(extension,&isBinary,isDotFile); long fileSize = fileInfoSize(&info); int ccsid = fileInfoCCSID(&info); - char *mimeType = getMimeType2(extension,&isBinary,isDotFile, ccsid); #ifdef DEBUG - printf("File ccsid=%d, mimetype=%s isBinary=%s\n",ccsid,mimeType,isBinary ? "true" : "false"); + printf("File ccsid=%d, mimetype=%s\n",ccsid,mimeType); #endif char tmperr[256] = {0}; #if defined(__ZOWE_OS_AIX) || defined(__ZOWE_OS_LINUX) diff --git a/h/httpserver.h b/h/httpserver.h index ad48be87d..2fa6a7496 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -236,7 +236,7 @@ typedef struct HttpServer_tag{ uint64 serverInstanceUID; /* may be something smart at some point. Now just startup STCK */ void *sharedServiceMem; /* address shared by all HttpServices */ hashtable *loggingIdsByName; /* contains a map of pluginID -> loggingID */ - HttpAuthHandler *authHandler; /* TODO: Needs to be an array of handlers */ + HttpAuthHandler *authHandler[64]; /* TODO: Needs to be an array of handlers */ } HttpServer; typedef struct WSReadMachine_tag{ From f8e6a20d7f7c3c0a9e81402445574bf9a3c51fcc Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Mon, 7 Jun 2021 09:59:15 -0400 Subject: [PATCH 07/19] Clean-up + changed authType to string in httpServer.c Signed-off-by: Leanid Astrakou --- c/httpserver.c | 203 ++++++++++++++++++++++--------------------------- h/httpserver.h | 12 +-- 2 files changed, 98 insertions(+), 117 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index e9be8b293..a983b2f10 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3398,14 +3398,12 @@ static int handleHttpService(HttpServer *server, AuthResponse authResponse; - printf("\n\n\nWHAT IS AUTH TYPE? %d\n\n\n", service->authType); - switch (service->authType){ - - case SERVICE_AUTH_NONE: - + if (strcmp(service->authType, SERVICE_AUTH_NONE) == 0) + { request->authenticated = TRUE; - break; - case SERVICE_AUTH_SAF: + } + else if (strcmp(service->authType, SERVICE_AUTH_SAF) == 0) + { /* SAF Authentication just checks that user is known at ALL to SAF. Additional privilege (Facility Class Profile) checking maybe done later or added to the generic SAF support in server. @@ -3416,14 +3414,15 @@ static int handleHttpService(HttpServer *server, printf("\n\nThis should happen before safAuthenticate\n\n"); request->authenticated = safAuthenticate(service, request, &authResponse); printf("\n\nThis should happen after safAuthenticate - %d\n\n", request->authenticated); - break; + } /* case SERVICE_AUTH_CUSTOM: - Safe to remove? #ifdef DEBUG printf("CUSTOM auth not yet supported\n"); #endif request->authenticated = FALSE; break; */ - case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC: + else if (strcmp(service->authType, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC) == 0) + { switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: @@ -3438,8 +3437,9 @@ static int handleHttpService(HttpServer *server, request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); break; } - break; - default: /* Type was not found, checking custom handlers */ + } + else /* Type was not found, checking custom handlers */ + { switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: @@ -3457,10 +3457,12 @@ static int handleHttpService(HttpServer *server, int size = sizeof server->authHandler / sizeof server->authHandler[0]; for (int i = 0; i < size; i++) { if (server->authHandler[i] != NULL) { - if (strcmp(server->authHandler[i]->type, "NATIVE_WITH_SESSION_TOKEN") == 0) - int rc = service->server->authHandler[0]->authFunction(conversation, request, service); - if (rc != 0) { - respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); + if (strcmp(server->authHandler[i]->type, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN) == 0) + { + int rc = service->server->authHandler[i]->authFunction(conversation, request, service); + if (rc != 0) { + respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); + } } } else { i = size; @@ -3887,17 +3889,82 @@ HttpRequestParam *getCheckedParam(HttpRequest *request, char *paramName){ return NULL; } -static char *getMimeType2(char *extension, int *isBinary, int dotPos); +static char *getMimeType2(char *extension, int *isBinary, int dotPos, int ccsid); char *getMimeType(char *extension, int *isBinary) { - getMimeType2(extension, isBinary, FALSE); + getMimeType2(extension, isBinary, FALSE, -1); +} + +typedef struct MimeType_tag { + char *extension; + char *mimeType; + int isBinary; +} MimeType; + +static MimeType MIME_TYPES[] = { + {"js", "text/javascript", FALSE}, + {"json", "application/json", FALSE}, + {"ts", "text/typescript", FALSE}, + {"c", "text/plain", FALSE}, + {"py", "text/plain", FALSE}, + {"cbl", "text/plain", FALSE}, + {"asm", "text/plain", FALSE}, + {"cpp", "text/plain", FALSE}, + {"csv", "text/csv", FALSE}, + {"h", "text/plain", FALSE}, + {"log", "text/plain", FALSE}, + {"env", "text/plain", FALSE}, + {"html", "text/html", FALSE}, + {"htm", "text/html", FALSE}, + {"css", "text/css", FALSE}, + {"md", "text/markdown", FALSE}, + {"sh", "application/x-sh", FALSE}, + {"bin", "application/octet-stream", TRUE}, + {"gz", "application/gzip", TRUE}, + {"jar", "application/java-archive", TRUE}, + {"tar", "application/x-tar", TRUE}, + {"gif", "image/gif", TRUE}, + {"png", "image/png", TRUE}, + {"jpg", "image/jpg", TRUE}, + {"bmp", "image/bmp", TRUE}, + {"mpg", "video/mpeg", TRUE}, + {"woff2", "application/font-woff2", TRUE}, + {"ttf", "application/font-ttf", TRUE}, + {"avi", "video/x-msvideo", TRUE}, + {"doc", "application/msword", TRUE }, + {"docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", TRUE}, + {"mp3", "audio/mpeg", TRUE}, + {"jsonld", "application/ld+json", TRUE}, + {"pdf", "application/pdf", TRUE}, + {"xls", "application/vnd.ms-excel", TRUE}, + {"zip", "application/zip", TRUE}, + {"7z", "application/x-7z-compressed", TRUE}, + {"webm", "video/webm", TRUE} +}; + +#define MIME_TYPE_COUNT sizeof(MIME_TYPES)/sizeof(MIME_TYPES[0]) + +static MimeType *findMimeTypeByExtension(const char *extention) { + for (int i = 0; i < MIME_TYPE_COUNT; i++) { + if (0 == strcmp(extention, MIME_TYPES[i].extension)) { + return &MIME_TYPES[i]; + } + } + return NULL; } -static char *getMimeType2(char *extension, int *isBinary, int isDotFile){ - if (!strcmp(extension,"js")){ +static char *getMimeType2(char *extension, int *isBinary, int isDotFile, int ccsid){ + bool isTaggedAsText = (ccsid > 0); + if (isDotFile) { *isBinary = FALSE; - return "text/javascript"; - } else if (!strcmp(extension,"ts")){ + return "text/plain"; + } + MimeType *mimeType = findMimeTypeByExtension(extension); + if (mimeType) { + *isBinary = isTaggedAsText ? FALSE : mimeType->isBinary; + return mimeType->mimeType; + } + if (isTaggedAsText) { *isBinary = FALSE; return "text/typescript"; } else if (!strcmp(extension,"txt") || @@ -3908,95 +3975,9 @@ static char *getMimeType2(char *extension, int *isBinary, int isDotFile){ (isDotFile == TRUE)){ *isBinary = FALSE; return "text/plain"; - } else if (!strcmp(extension,"html") || - !strcmp(extension,"htm")){ - *isBinary = FALSE; - return "text/html"; - } else if (!strcmp(extension,"css")){ - *isBinary = FALSE; - return "text/css"; - } else if(!strcmp(extension,"md")) { - *isBinary = FALSE; - return "text/markdown"; - } else if(!strcmp(extension,"bin")) { - *isBinary = TRUE; - return "application/octet-stream"; - } else if(!strcmp(extension,"gz")) { - *isBinary = TRUE; - return "application/gzip"; - } else if(!strcmp(extension,"jar")) { - *isBinary = TRUE; - return "application/java-archive"; - } else if(!strcmp(extension,"json")) { - *isBinary = FALSE; - return "application/json"; - } else if(!strcmp(extension,"sh")) { - *isBinary = FALSE; - return "application/x-sh"; - } else if(!strcmp(extension,"tar")) { - *isBinary = TRUE; - return "application/x-tar"; - } else if (!strcmp(extension,"gif")){ - *isBinary = TRUE; - return "image/gif"; - } else if (!strcmp(extension,"jpg")){ - *isBinary = TRUE; - return "image/jpeg"; - } else if (!strcmp(extension,"png")){ - *isBinary = TRUE; - return "image/png"; - } else if (!strcmp(extension,"mpg")){ - *isBinary = TRUE; - return "video/mpeg"; - } else if (!strcmp(extension,"woff2")){ - *isBinary = TRUE; - return "application/font-woff2"; - } else if (!strcmp(extension,"ttf")){ - *isBinary = TRUE; - return "application/font-ttf"; - } else if(!strcmp(extension,"avi")) { - *isBinary = TRUE; - return "video/x-msvideo"; - } else if(!strcmp(extension,"bmp")) { - *isBinary = TRUE; - return "image/bmp"; - } else if(!strcmp(extension,"csv")) { - *isBinary = FALSE; - return "text/csv"; - } else if(!strcmp(extension,"doc")) { - *isBinary = FALSE; - return "application/msword"; - } else if(!strcmp(extension,"docx")) { - *isBinary = FALSE; - return "application/vnd.openxmlformats-officedocument.wordprocessingml.document"; - } else if(!strcmp(extension,"mp3")) { - *isBinary = TRUE; - return "audio/mpeg"; - } else if(!strcmp(extension,"jsonld")) { - *isBinary = TRUE; - return "application/ld+json"; - } else if(!strcmp(extension,"pdf")) { - *isBinary = TRUE; - return "application/pdf"; - } else if(!strcmp(extension,"xls")) { - *isBinary = FALSE; - return "application/vnd.ms-excel"; - } else if(!strcmp(extension,"zip")) { - *isBinary = TRUE; - return "application/zip"; - } else if(!strcmp(extension,"7z")) { - *isBinary = TRUE; - return "application/x-7z-compressed"; - } else if(!strcmp(extension,"webm")) { - *isBinary = TRUE; - return "video/webm"; - } else if(!strcmp(extension,"mp4")) { - *isBinary = TRUE; - return "video/mp4"; - } else{ - *isBinary = TRUE; - return "application/octet-stream"; } + *isBinary = TRUE; + return "application/octet-stream"; } static void respondWithUnixFileInternal(HttpResponse* response, char* absolutePath, int jsonMode, int secureFlag); @@ -4192,11 +4173,11 @@ void respondWithUnixFile2(HttpService* service, HttpResponse* response, char* ab } char *extension = (dotPos == -1) ? "NULL" : absolutePath + dotPos + 1; int isBinary = FALSE; - char *mimeType = getMimeType2(extension,&isBinary,isDotFile); long fileSize = fileInfoSize(&info); int ccsid = fileInfoCCSID(&info); + char *mimeType = getMimeType2(extension,&isBinary,isDotFile, ccsid); #ifdef DEBUG - printf("File ccsid=%d, mimetype=%s\n",ccsid,mimeType); + printf("File ccsid=%d, mimetype=%s isBinary=%s\n",ccsid,mimeType,isBinary ? "true" : "false"); #endif char tmperr[256] = {0}; #if defined(__ZOWE_OS_AIX) || defined(__ZOWE_OS_LINUX) diff --git a/h/httpserver.h b/h/httpserver.h index 2fa6a7496..8b9af51f7 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -45,10 +45,10 @@ #define SERVICE_TYPE_FILES_SECURE 6 /* TODO: These need to become strings so they can be more mobile i.e. "NATIVE_WITH_SESSION_TOKEN" */ -#define SERVICE_AUTH_NONE 1 -#define SERVICE_AUTH_SAF 2 -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN 3 -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC 4 +#define SERVICE_AUTH_NONE "NONE" +#define SERVICE_AUTH_SAF "SAF" +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN "NATIVE_WITH_SESSION_TOKEN" +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC "NATIVE_WITH_SESSION_TOKEN_NO_RBAC" #define SERVICE_AUTH_TOKEN_TYPE_LEGACY 0 #define SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK 1 @@ -182,7 +182,7 @@ typedef struct HttpService_tag{ char **parsedMaskParts; int matchFlags; int serviceType; - int authType; + char *authType; int runInSubtask; void *authority; /* NULL unless AUTH_CUSTOM */ AuthExtract *authExtractionFunction; @@ -236,7 +236,7 @@ typedef struct HttpServer_tag{ uint64 serverInstanceUID; /* may be something smart at some point. Now just startup STCK */ void *sharedServiceMem; /* address shared by all HttpServices */ hashtable *loggingIdsByName; /* contains a map of pluginID -> loggingID */ - HttpAuthHandler *authHandler[64]; /* TODO: Needs to be an array of handlers */ + HttpAuthHandler *authHandler[64]; /* contains array of authHandlers (type + auth func) for HttpServices */ } HttpServer; typedef struct WSReadMachine_tag{ From 1b55568e910c888aadfdb6b4f4c1695fe7217544 Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Mon, 7 Jun 2021 10:02:45 -0400 Subject: [PATCH 08/19] Missed a few things Signed-off-by: Leanid Astrakou --- c/httpserver.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index a983b2f10..fe29f2c84 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3004,7 +3004,6 @@ static int serviceAuthNativeWithSessionToken(HttpService *service, HttpRequest * response->sessionCookie = NULL; AUTH_TRACE("AUTH: tokenCookieText: %s\n",(tokenCookieText ? tokenCookieText : "")); - printf("AUTH data: %d\n\n", authDataFound); int returnCode = 0; int reasonCode = 0; int retVal = 0; @@ -3411,9 +3410,7 @@ static int handleHttpService(HttpServer *server, #ifdef DEBUG printf("saf auth needed for service %s\n",service->name); #endif - printf("\n\nThis should happen before safAuthenticate\n\n"); request->authenticated = safAuthenticate(service, request, &authResponse); - printf("\n\nThis should happen after safAuthenticate - %d\n\n", request->authenticated); } /* case SERVICE_AUTH_CUSTOM: - Safe to remove? #ifdef DEBUG @@ -3966,14 +3963,6 @@ static char *getMimeType2(char *extension, int *isBinary, int isDotFile, int ccs } if (isTaggedAsText) { *isBinary = FALSE; - return "text/typescript"; - } else if (!strcmp(extension,"txt") || - !strcmp(extension,"c") || !strcmp(extension,"py") || !strcmp(extension,"rexx") || - !strcmp(extension,"cbl") || !strcmp(extension,"cpy") || !strcmp(extension,"asm") || - !strcmp(extension,"cpp") || !strcmp(extension,"h") || !strcmp(extension,"log") || - !strcmp(extension,"env") || - (isDotFile == TRUE)){ - *isBinary = FALSE; return "text/plain"; } *isBinary = TRUE; From c5c9bacc024bf4548eeeaa8f2bd16b125b2fdaae Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Mon, 7 Jun 2021 11:52:28 -0400 Subject: [PATCH 09/19] Removed comment Signed-off-by: Leanid Astrakou --- h/httpserver.h | 1 - 1 file changed, 1 deletion(-) diff --git a/h/httpserver.h b/h/httpserver.h index 8b9af51f7..4eb2897aa 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -44,7 +44,6 @@ #define SERVICE_TYPE_PROXY 5 #define SERVICE_TYPE_FILES_SECURE 6 -/* TODO: These need to become strings so they can be more mobile i.e. "NATIVE_WITH_SESSION_TOKEN" */ #define SERVICE_AUTH_NONE "NONE" #define SERVICE_AUTH_SAF "SAF" #define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN "NATIVE_WITH_SESSION_TOKEN" From 20ad412e92c9e5b8283db2b59cb455637945b3a9 Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Thu, 10 Jun 2021 22:12:05 -0400 Subject: [PATCH 10/19] Code review changes Signed-off-by: Leanid Astrakou --- c/httpserver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/c/httpserver.c b/c/httpserver.c index fe29f2c84..24ac07b49 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3456,7 +3456,7 @@ static int handleHttpService(HttpServer *server, if (server->authHandler[i] != NULL) { if (strcmp(server->authHandler[i]->type, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN) == 0) { - int rc = service->server->authHandler[i]->authFunction(conversation, request, service); + int rc = service->server->authHandler[i]->authFunction(conversation, request, service, response); if (rc != 0) { respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); } From 1673b5f825570481e3452e68e90be8e6e0279227 Mon Sep 17 00:00:00 2001 From: Leanid Astrakou Date: Fri, 11 Jun 2021 02:16:36 -0400 Subject: [PATCH 11/19] Removed unneeded comment Signed-off-by: Leanid Astrakou --- c/httpserver.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 24ac07b49..20daf70e5 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3508,10 +3508,6 @@ static int handleHttpService(HttpServer *server, */ } -/* static struct registerAuthHandlers() { - return NULL; -} */ - HttpConversation *makeHttpConversation(SocketExtension *socketExtension, HttpServer *server){ HttpConversation *conversation = (HttpConversation*)safeMalloc31(sizeof(HttpConversation),"HttpConversation"); From 632cb11bdc6ca44251a84ff8c7ceaa5e2c029812 Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Wed, 23 Jun 2021 10:27:25 +0500 Subject: [PATCH 12/19] Some code cleanup Signed-off-by: Leonty Chudinov --- c/httpserver.c | 29 ++++++++++++++++++----------- h/httpserver.h | 2 +- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 20daf70e5..23f0139bd 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3397,6 +3397,8 @@ static int handleHttpService(HttpServer *server, AuthResponse authResponse; + int authorized = TRUE; + if (strcmp(service->authType, SERVICE_AUTH_NONE) == 0) { request->authenticated = TRUE; @@ -3451,23 +3453,26 @@ static int handleHttpService(HttpServer *server, request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); break; } - int size = sizeof server->authHandler / sizeof server->authHandler[0]; - for (int i = 0; i < size; i++) { - if (server->authHandler[i] != NULL) { - if (strcmp(server->authHandler[i]->type, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN) == 0) - { - int rc = service->server->authHandler[i]->authFunction(conversation, request, service, response); - if (rc != 0) { - respondWithError(response, HTTP_STATUS_UNAUTHORIZED, "Not Authorized"); + if (request->authenticated) { + int size = sizeof(server->authHandler)/sizeof(server->authHandler[0]); + for (int i = 0; i < size; i++) { + if (server->authHandler[i] != NULL) { + if (strcmp(server->authHandler[i]->type, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN) == 0) { + authorized = service->server->authHandler[i]->authFunction(service, request, response); + if (!authorized) { + break; + } } + } else { + break; } - } else { - i = size; } + } else { + authorized = FALSE; } } #ifdef DEBUG - printf("service=%s authenticated=%d\n",service->name,request->authenticated); + printf("service=%s authenticated=%d authorized=%d\n",service->name,request->authenticated,authorized); #endif if (request->authenticated == FALSE){ if (service->authFlags & SERVICE_AUTH_FLAG_OPTIONAL) { @@ -3476,6 +3481,8 @@ static int handleHttpService(HttpServer *server, } else { respondWithAuthError(response, &authResponse); } + } else if (!authorized) { + respondWithError(response, HTTP_STATUS_FORBIDDEN, "Forbidden"); // Response is finished on return } else { diff --git a/h/httpserver.h b/h/httpserver.h index 4eb2897aa..69fb77d9c 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -146,7 +146,7 @@ typedef int HttpServiceServe(struct HttpService_tag *service, HttpResponse *resp typedef int AuthExtract(struct HttpService_tag *service, HttpRequest *request); typedef int AuthValidate(struct HttpService_tag *service, HttpRequest *request); typedef int HttpServiceInsertCustomHeaders(struct HttpService_tag *service, HttpResponse *response); -typedef int AuthHandle(); +typedef int AuthHandle(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response); /* returns HTTP_SERVICE_SUCCESS or other fail codes in same group From 517679b97184f0c0ccacefa9cf6d8d31e26d6bf4 Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Thu, 1 Jul 2021 10:12:35 +0500 Subject: [PATCH 13/19] Revert back to integer authType Signed-off-by: Leonty Chudinov --- c/httpserver.c | 62 +++++++++++++++++++------------------------------- h/httpserver.h | 13 ++++++----- 2 files changed, 30 insertions(+), 45 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 23f0139bd..5dc9f8970 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3399,12 +3399,12 @@ static int handleHttpService(HttpServer *server, int authorized = TRUE; - if (strcmp(service->authType, SERVICE_AUTH_NONE) == 0) - { + switch (service->authType){ + + case SERVICE_AUTH_NONE: request->authenticated = TRUE; - } - else if (strcmp(service->authType, SERVICE_AUTH_SAF) == 0) - { + break; + case SERVICE_AUTH_SAF: /* SAF Authentication just checks that user is known at ALL to SAF. Additional privilege (Facility Class Profile) checking maybe done later or added to the generic SAF support in server. @@ -3413,15 +3413,15 @@ static int handleHttpService(HttpServer *server, printf("saf auth needed for service %s\n",service->name); #endif request->authenticated = safAuthenticate(service, request, &authResponse); - } - /* case SERVICE_AUTH_CUSTOM: - Safe to remove? + break; + case SERVICE_AUTH_CUSTOM: #ifdef DEBUG printf("CUSTOM auth not yet supported\n"); #endif request->authenticated = FALSE; - break; */ - else if (strcmp(service->authType, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC) == 0) - { + break; + case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN: + case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC: switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: @@ -3436,40 +3436,24 @@ static int handleHttpService(HttpServer *server, request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); break; } + break; } - else /* Type was not found, checking custom handlers */ - { - switch (server->config->authTokenType) { - case SERVICE_AUTH_TOKEN_TYPE_JWT: - case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: - request->authenticated = serviceAuthWithJwt(service, request, response); - - if (request->authenticated || - service->server->config->authTokenType - != SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK) { - break; - } /* else fall through */ - case SERVICE_AUTH_TOKEN_TYPE_LEGACY: - request->authenticated = serviceAuthNativeWithSessionToken(service,request,response,&clearSessionToken, &authResponse); - break; - } - if (request->authenticated) { - int size = sizeof(server->authHandler)/sizeof(server->authHandler[0]); - for (int i = 0; i < size; i++) { - if (server->authHandler[i] != NULL) { - if (strcmp(server->authHandler[i]->type, SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN) == 0) { - authorized = service->server->authHandler[i]->authFunction(service, request, response); - if (!authorized) { - break; - } + if (request->authenticated) { + int size = sizeof(server->authHandler)/sizeof(server->authHandler[0]); + for (int i = 0; i < size; i++) { + if (server->authHandler[i] != NULL) { + if (server->authHandler[i]->type == service->authType) { + authorized = service->server->authHandler[i]->authFunction(service, request, response); + if (!authorized) { + break; } - } else { - break; } + } else { + break; } - } else { - authorized = FALSE; } + } else { + authorized = FALSE; } #ifdef DEBUG printf("service=%s authenticated=%d authorized=%d\n",service->name,request->authenticated,authorized); diff --git a/h/httpserver.h b/h/httpserver.h index 69fb77d9c..3d175f194 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -44,10 +44,11 @@ #define SERVICE_TYPE_PROXY 5 #define SERVICE_TYPE_FILES_SECURE 6 -#define SERVICE_AUTH_NONE "NONE" -#define SERVICE_AUTH_SAF "SAF" -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN "NATIVE_WITH_SESSION_TOKEN" -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC "NATIVE_WITH_SESSION_TOKEN_NO_RBAC" +#define SERVICE_AUTH_NONE 1 +#define SERVICE_AUTH_SAF 2 +#define SERVICE_AUTH_CUSTOM 3 /* done by service */ +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN 4 +#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC 5 #define SERVICE_AUTH_TOKEN_TYPE_LEGACY 0 #define SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK 1 @@ -181,7 +182,7 @@ typedef struct HttpService_tag{ char **parsedMaskParts; int matchFlags; int serviceType; - char *authType; + int authType; int runInSubtask; void *authority; /* NULL unless AUTH_CUSTOM */ AuthExtract *authExtractionFunction; @@ -209,7 +210,7 @@ typedef struct HttpService_tag{ } HttpService; typedef struct HttpAuthHandler_tag{ - char *type; + int type; AuthHandle *authFunction; } HttpAuthHandler; From 305ab94ff6c7e0cc66b3066608b8e5637a81ad0e Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Thu, 1 Jul 2021 10:53:55 +0500 Subject: [PATCH 14/19] Remove SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC Signed-off-by: Leonty Chudinov --- c/httpserver.c | 3 +-- h/httpserver.h | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 5dc9f8970..f3de00781 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3421,7 +3421,6 @@ static int handleHttpService(HttpServer *server, request->authenticated = FALSE; break; case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN: - case SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC: switch (server->config->authTokenType) { case SERVICE_AUTH_TOKEN_TYPE_JWT: case SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK: @@ -3438,7 +3437,7 @@ static int handleHttpService(HttpServer *server, } break; } - if (request->authenticated) { + if (request->authenticated && !(service->authFlags & SERVICE_AUTH_FLAG_SKIP_AUTHORIZATION)) { int size = sizeof(server->authHandler)/sizeof(server->authHandler[0]); for (int i = 0; i < size; i++) { if (server->authHandler[i] != NULL) { diff --git a/h/httpserver.h b/h/httpserver.h index 3d175f194..4219432e7 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -48,7 +48,6 @@ #define SERVICE_AUTH_SAF 2 #define SERVICE_AUTH_CUSTOM 3 /* done by service */ #define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN 4 -#define SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC 5 #define SERVICE_AUTH_TOKEN_TYPE_LEGACY 0 #define SERVICE_AUTH_TOKEN_TYPE_JWT_WITH_LEGACY_FALLBACK 1 @@ -206,6 +205,7 @@ typedef struct HttpService_tag{ int doImpersonation; AuthValidate *authValidateFunction; #define SERVICE_AUTH_FLAG_OPTIONAL 1 +#define SERVICE_AUTH_FLAG_SKIP_AUTHORIZATION 2 int authFlags; } HttpService; From be35a3605b13da78edc4e7bc5e1633b3338def95 Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Thu, 1 Jul 2021 16:44:52 +0500 Subject: [PATCH 15/19] Refactor authorization code Signed-off-by: Leonty Chudinov --- c/httpserver.c | 62 ++++++++++++++++++++++++++++++++++---------------- h/httpserver.h | 21 +++++++++++------ 2 files changed, 56 insertions(+), 27 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index f3de00781..ef2e8e6c5 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3349,6 +3349,27 @@ static int handleServiceFailed(HttpConversation *conversation, return HTTP_SERVICE_FAILED; } +static int checkAuthorization(HttpServer *server, HttpService *service, HttpRequest *request, HttpResponse *response) { + if (!request->authenticated) { + return FALSE; + } + if (service->authorizationType == SERVICE_AUTHORIZATION_TYPE_NONE) { + return TRUE; + } + int authorized = TRUE; + HttpAuthorizationHandler *handler = server->authorizationHandlerList; + while (handler) { + if (handler->authorizationType == service->authorizationType) { + authorized = handler->authorizationCheck(service, request, response); + if (!authorized) { + break; + } + } + handler = handler->next; + } + return authorized; +} + static int handleHttpService(HttpServer *server, HttpService *service, HttpRequest *request, @@ -3397,8 +3418,6 @@ static int handleHttpService(HttpServer *server, AuthResponse authResponse; - int authorized = TRUE; - switch (service->authType){ case SERVICE_AUTH_NONE: @@ -3437,23 +3456,7 @@ static int handleHttpService(HttpServer *server, } break; } - if (request->authenticated && !(service->authFlags & SERVICE_AUTH_FLAG_SKIP_AUTHORIZATION)) { - int size = sizeof(server->authHandler)/sizeof(server->authHandler[0]); - for (int i = 0; i < size; i++) { - if (server->authHandler[i] != NULL) { - if (server->authHandler[i]->type == service->authType) { - authorized = service->server->authHandler[i]->authFunction(service, request, response); - if (!authorized) { - break; - } - } - } else { - break; - } - } - } else { - authorized = FALSE; - } + int authorized = checkAuthorization(server, service, request, response); #ifdef DEBUG printf("service=%s authenticated=%d authorized=%d\n",service->name,request->authenticated,authorized); #endif @@ -6017,7 +6020,26 @@ int mainHttpLoop(HttpServer *server){ return stcBaseMainLoop(base, MAIN_WAIT_MILLIS); } - +void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *authorizationCheck) { + if (authorizationType == SERVICE_AUTHORIZATION_TYPE_NONE) { + return; + } + HttpAuthorizationHandler *handler = (HttpAuthorizationHandler*) safeMalloc(sizeof(*handler), "HttpAuthorizationHandler"); + if (handler) { + handler->authorizationType = authorizationType; + handler->authorizationCheck = authorizationCheck; + handler->next = NULL; + HttpAuthorizationHandler *head = server->authorizationHandlerList; + if (!head) { + server->authorizationHandlerList = handler; + } else { + while (head->next != NULL) { + head = head->next; + } + head->next = handler; + } + } +} /* diff --git a/h/httpserver.h b/h/httpserver.h index 4219432e7..ee9d6464a 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -146,7 +146,7 @@ typedef int HttpServiceServe(struct HttpService_tag *service, HttpResponse *resp typedef int AuthExtract(struct HttpService_tag *service, HttpRequest *request); typedef int AuthValidate(struct HttpService_tag *service, HttpRequest *request); typedef int HttpServiceInsertCustomHeaders(struct HttpService_tag *service, HttpResponse *response); -typedef int AuthHandle(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response); +typedef int AuthorizationCheck(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response); /* returns HTTP_SERVICE_SUCCESS or other fail codes in same group @@ -205,14 +205,18 @@ typedef struct HttpService_tag{ int doImpersonation; AuthValidate *authValidateFunction; #define SERVICE_AUTH_FLAG_OPTIONAL 1 -#define SERVICE_AUTH_FLAG_SKIP_AUTHORIZATION 2 int authFlags; +#define SERVICE_AUTHORIZATION_TYPE_DEFAULT 0 +#define SERVICE_AUTHORIZATION_TYPE_NONE 1 +#define SERVICE_AUTHORIZATION_TYPE_CUSTOM 100 + int authorizationType; } HttpService; -typedef struct HttpAuthHandler_tag{ - int type; - AuthHandle *authFunction; -} HttpAuthHandler; +typedef struct HttpAuthorizationHandler_tag { + int authorizationType; + AuthorizationCheck *authorizationCheck; + struct HttpAuthorizationHandler_tag *next; +} HttpAuthorizationHandler; typedef struct HTTPServerConfig_tag { int port; @@ -236,7 +240,7 @@ typedef struct HttpServer_tag{ uint64 serverInstanceUID; /* may be something smart at some point. Now just startup STCK */ void *sharedServiceMem; /* address shared by all HttpServices */ hashtable *loggingIdsByName; /* contains a map of pluginID -> loggingID */ - HttpAuthHandler *authHandler[64]; /* contains array of authHandlers (type + auth func) for HttpServices */ + HttpAuthorizationHandler *authorizationHandlerList; } HttpServer; typedef struct WSReadMachine_tag{ @@ -425,6 +429,9 @@ int httpServerSetSessionTokenKey(HttpServer *server, unsigned int size, int registerHttpService(HttpServer *server, HttpService *service); + +void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *handleFn); + HttpRequest *dequeueHttpRequest(HttpRequestParser *parser); HttpRequestParser *makeHttpRequestParser(ShortLivedHeap *slh); HttpResponse *makeHttpResponse(HttpRequest *request, ShortLivedHeap *slh, Socket *socket); From 166c715201ecce6c4cd2ce2fd6e952f18e728ee2 Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Fri, 2 Jul 2021 09:34:35 +0500 Subject: [PATCH 16/19] Provide ability to pass userData into AuthorizationCheck Signed-off-by: Leonty Chudinov --- c/httpserver.c | 5 +++-- h/httpserver.h | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index ef2e8e6c5..9680ac4a1 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3360,7 +3360,7 @@ static int checkAuthorization(HttpServer *server, HttpService *service, HttpRequ HttpAuthorizationHandler *handler = server->authorizationHandlerList; while (handler) { if (handler->authorizationType == service->authorizationType) { - authorized = handler->authorizationCheck(service, request, response); + authorized = handler->authorizationCheck(service, request, response, handler->userData); if (!authorized) { break; } @@ -6020,7 +6020,7 @@ int mainHttpLoop(HttpServer *server){ return stcBaseMainLoop(base, MAIN_WAIT_MILLIS); } -void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *authorizationCheck) { +void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *authorizationCheck, void *userData) { if (authorizationType == SERVICE_AUTHORIZATION_TYPE_NONE) { return; } @@ -6028,6 +6028,7 @@ void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, if (handler) { handler->authorizationType = authorizationType; handler->authorizationCheck = authorizationCheck; + handler->userData = userData; handler->next = NULL; HttpAuthorizationHandler *head = server->authorizationHandlerList; if (!head) { diff --git a/h/httpserver.h b/h/httpserver.h index ee9d6464a..08a9ea69f 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -146,7 +146,7 @@ typedef int HttpServiceServe(struct HttpService_tag *service, HttpResponse *resp typedef int AuthExtract(struct HttpService_tag *service, HttpRequest *request); typedef int AuthValidate(struct HttpService_tag *service, HttpRequest *request); typedef int HttpServiceInsertCustomHeaders(struct HttpService_tag *service, HttpResponse *response); -typedef int AuthorizationCheck(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response); +typedef int AuthorizationCheck(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response, void *userData); /* returns HTTP_SERVICE_SUCCESS or other fail codes in same group @@ -215,6 +215,7 @@ typedef struct HttpService_tag{ typedef struct HttpAuthorizationHandler_tag { int authorizationType; AuthorizationCheck *authorizationCheck; + void *userData; struct HttpAuthorizationHandler_tag *next; } HttpAuthorizationHandler; @@ -430,7 +431,7 @@ int httpServerSetSessionTokenKey(HttpServer *server, unsigned int size, int registerHttpService(HttpServer *server, HttpService *service); -void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *handleFn); +void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *handleFn, void *userData); HttpRequest *dequeueHttpRequest(HttpRequestParser *parser); HttpRequestParser *makeHttpRequestParser(ShortLivedHeap *slh); From be5f0e544f4f094afc0a022d54bcd174f0d67aef Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Mon, 5 Jul 2021 10:46:46 +0500 Subject: [PATCH 17/19] Minor refactoring Signed-off-by: Leonty Chudinov --- c/httpserver.c | 6 +++--- h/httpserver.h | 18 ++++++++++++++---- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 9680ac4a1..ae3577314 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3360,7 +3360,7 @@ static int checkAuthorization(HttpServer *server, HttpService *service, HttpRequ HttpAuthorizationHandler *handler = server->authorizationHandlerList; while (handler) { if (handler->authorizationType == service->authorizationType) { - authorized = handler->authorizationCheck(service, request, response, handler->userData); + authorized = handler->authorizationHandler(service, request, response, handler->userData); if (!authorized) { break; } @@ -6020,14 +6020,14 @@ int mainHttpLoop(HttpServer *server){ return stcBaseMainLoop(base, MAIN_WAIT_MILLIS); } -void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *authorizationCheck, void *userData) { +void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData) { if (authorizationType == SERVICE_AUTHORIZATION_TYPE_NONE) { return; } HttpAuthorizationHandler *handler = (HttpAuthorizationHandler*) safeMalloc(sizeof(*handler), "HttpAuthorizationHandler"); if (handler) { handler->authorizationType = authorizationType; - handler->authorizationCheck = authorizationCheck; + handler->authorizationHandler = authorizationHandler; handler->userData = userData; handler->next = NULL; HttpAuthorizationHandler *head = server->authorizationHandlerList; diff --git a/h/httpserver.h b/h/httpserver.h index 08a9ea69f..50a2a1ab6 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -146,7 +146,7 @@ typedef int HttpServiceServe(struct HttpService_tag *service, HttpResponse *resp typedef int AuthExtract(struct HttpService_tag *service, HttpRequest *request); typedef int AuthValidate(struct HttpService_tag *service, HttpRequest *request); typedef int HttpServiceInsertCustomHeaders(struct HttpService_tag *service, HttpResponse *response); -typedef int AuthorizationCheck(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response, void *userData); +typedef int AuthorizationHandler(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response, void *userData); /* returns HTTP_SERVICE_SUCCESS or other fail codes in same group @@ -208,13 +208,15 @@ typedef struct HttpService_tag{ int authFlags; #define SERVICE_AUTHORIZATION_TYPE_DEFAULT 0 #define SERVICE_AUTHORIZATION_TYPE_NONE 1 -#define SERVICE_AUTHORIZATION_TYPE_CUSTOM 100 +// Range 2..99 is reserved for future use +#define SERVICE_AUTHORIZATION_TYPE_FIRST_CUSTOM 100 +// SERVICE_AUTHORIZATION_TYPE_FIRST_CUSTOM and higher can be defined and used by an application. int authorizationType; } HttpService; typedef struct HttpAuthorizationHandler_tag { int authorizationType; - AuthorizationCheck *authorizationCheck; + AuthorizationHandler *authorizationHandler; void *userData; struct HttpAuthorizationHandler_tag *next; } HttpAuthorizationHandler; @@ -431,7 +433,15 @@ int httpServerSetSessionTokenKey(HttpServer *server, unsigned int size, int registerHttpService(HttpServer *server, HttpService *service); -void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationCheck *handleFn, void *userData); +/* + * @brief Register an Authorization handler. + * @param server HTTP Server + * @param authorizationType + * @param authorizationHandler Function that performs authorization. + * The function has to return TRUE if the user succesfully authorized, otherwise - FALSe. + * @param userData Additional data for authorizationHandler + */ +void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData); HttpRequest *dequeueHttpRequest(HttpRequestParser *parser); HttpRequestParser *makeHttpRequestParser(ShortLivedHeap *slh); From 9d7f631cbaf3558190b45e4890d967eeaf2e322e Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Tue, 31 Aug 2021 12:54:43 +0500 Subject: [PATCH 18/19] Add return code for registerHttpAuthorizationHandler Signed-off-by: Leonty Chudinov --- c/httpserver.c | 6 ++++-- h/httpserver.h | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index c47f0a158..29ae1b8e8 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -6025,9 +6025,9 @@ int mainHttpLoop(HttpServer *server){ return stcBaseMainLoop(base, MAIN_WAIT_MILLIS); } -void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData) { +int registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData) { if (authorizationType == SERVICE_AUTHORIZATION_TYPE_NONE) { - return; + return 0; } HttpAuthorizationHandler *handler = (HttpAuthorizationHandler*) safeMalloc(sizeof(*handler), "HttpAuthorizationHandler"); if (handler) { @@ -6044,7 +6044,9 @@ void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, } head->next = handler; } + return 0; } + return -1; } diff --git a/h/httpserver.h b/h/httpserver.h index 50a2a1ab6..49b97da19 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -440,8 +440,9 @@ int registerHttpService(HttpServer *server, HttpService *service); * @param authorizationHandler Function that performs authorization. * The function has to return TRUE if the user succesfully authorized, otherwise - FALSe. * @param userData Additional data for authorizationHandler + * @return 0 on success, -1 on failure. */ -void registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData); +int registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData); HttpRequest *dequeueHttpRequest(HttpRequestParser *parser); HttpRequestParser *makeHttpRequestParser(ShortLivedHeap *slh); From e736e8dc367a82380ea9211e3b0080e4b40a840a Mon Sep 17 00:00:00 2001 From: Leonty Chudinov Date: Tue, 31 Aug 2021 13:48:17 +0500 Subject: [PATCH 19/19] Rename AuthorizationHandler to HttpAuthorize Signed-off-by: Leonty Chudinov --- c/httpserver.c | 6 +++--- h/httpserver.h | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/c/httpserver.c b/c/httpserver.c index 29ae1b8e8..b6a5ffda1 100644 --- a/c/httpserver.c +++ b/c/httpserver.c @@ -3360,7 +3360,7 @@ static int checkAuthorization(HttpServer *server, HttpService *service, HttpRequ HttpAuthorizationHandler *handler = server->authorizationHandlerList; while (handler) { if (handler->authorizationType == service->authorizationType) { - authorized = handler->authorizationHandler(service, request, response, handler->userData); + authorized = handler->authorizeFunction(service, request, response, handler->userData); if (!authorized) { break; } @@ -6025,14 +6025,14 @@ int mainHttpLoop(HttpServer *server){ return stcBaseMainLoop(base, MAIN_WAIT_MILLIS); } -int registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData) { +int registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, HttpAuthorize *authorizeFunction, void *userData) { if (authorizationType == SERVICE_AUTHORIZATION_TYPE_NONE) { return 0; } HttpAuthorizationHandler *handler = (HttpAuthorizationHandler*) safeMalloc(sizeof(*handler), "HttpAuthorizationHandler"); if (handler) { handler->authorizationType = authorizationType; - handler->authorizationHandler = authorizationHandler; + handler->authorizeFunction = authorizeFunction; handler->userData = userData; handler->next = NULL; HttpAuthorizationHandler *head = server->authorizationHandlerList; diff --git a/h/httpserver.h b/h/httpserver.h index 49b97da19..c2657022f 100644 --- a/h/httpserver.h +++ b/h/httpserver.h @@ -146,7 +146,7 @@ typedef int HttpServiceServe(struct HttpService_tag *service, HttpResponse *resp typedef int AuthExtract(struct HttpService_tag *service, HttpRequest *request); typedef int AuthValidate(struct HttpService_tag *service, HttpRequest *request); typedef int HttpServiceInsertCustomHeaders(struct HttpService_tag *service, HttpResponse *response); -typedef int AuthorizationHandler(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response, void *userData); +typedef int HttpAuthorize(struct HttpService_tag *service, HttpRequest *request, HttpResponse *response, void *userData); /* returns HTTP_SERVICE_SUCCESS or other fail codes in same group @@ -216,7 +216,7 @@ typedef struct HttpService_tag{ typedef struct HttpAuthorizationHandler_tag { int authorizationType; - AuthorizationHandler *authorizationHandler; + HttpAuthorize *authorizeFunction; void *userData; struct HttpAuthorizationHandler_tag *next; } HttpAuthorizationHandler; @@ -437,12 +437,12 @@ int registerHttpService(HttpServer *server, HttpService *service); * @brief Register an Authorization handler. * @param server HTTP Server * @param authorizationType - * @param authorizationHandler Function that performs authorization. - * The function has to return TRUE if the user succesfully authorized, otherwise - FALSe. - * @param userData Additional data for authorizationHandler + * @param authorizeFunction Function that performs authorization. + * The function has to return TRUE if the user successfully authorized, otherwise - FALSE. + * @param userData Additional data for authorizeFunction * @return 0 on success, -1 on failure. */ -int registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, AuthorizationHandler *authorizationHandler, void *userData); +int registerHttpAuthorizationHandler(HttpServer *server, int authorizationType, HttpAuthorize *authorizeFunction, void *userData); HttpRequest *dequeueHttpRequest(HttpRequestParser *parser); HttpRequestParser *makeHttpRequestParser(ShortLivedHeap *slh);