Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Fix gh-#2065 Replace 'SMC' in ECLWatch/ConfigMgr UI #2155

Closed
wants to merge 12 commits into from

6 participants

@wangkx
Collaborator

Existing ECLWatch Permission area shows 'SMC' as feature name.
The 'SMC' is a deprecated term. This fix changes it to 'HPCC'.
Most of the changes are in environment.xml and other deployment
scripts which create the term into esp.xml. This fix also
changes the term espsmc to eclwatch.

Similar changes will be done for EE.

Signed-off-by: Kevin Wang kevin.wang@lexisnexis.com

@richardkchapman

@afishbeck Please review

stuartort and others added some commits
@stuartort stuartort gh-2166 Add the ability to properly activate / deactive package sets
Signed-off-by: Stuart Ort <stuart.ort@lexisnexis.com>
696df02
@ghalliday ghalliday Restructure child dataset flags so they are more useful
This change only modifies the values for the different flags.
It means that the values can be masked to determine subsets of the
information (e.g., does it refer to LEFT/RIGHT), does it have a single
input dataset.

Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>
0024fc7
@richardkchapman richardkchapman Merge pull request #2180 from ghalliday/childflags
Restructure child dataset flags so they are more useful

Reviewed-By: Renato Golin <rengolin@hpccsystems.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
544a65d
@RussWhitehead RussWhitehead Report "ESP Password Expired" to user
If a user's password is expired, report that error to the user instead of
misleading "Invalid Credentials" error.

Signed-off-by: William Whitehead <william.whitehead@lexisnexis.com>
33c8b3b
@richardkchapman richardkchapman Merge pull request #2173 from stuartort/pkg_activate
Package activate

Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
b2fea33
@richardkchapman richardkchapman Merge pull request #2189 from richardkchapman/ldapPWExpired
Report password expired error to ESP user

Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
63c1b9e
@richardkchapman richardkchapman Merge pull request #2191 from richardkchapman/precise-workaround-2187
gh-2187 hpcc-init fails to stop thor on Ubuntu 12.04

Reviewed-By: Jake Smith <jake.smith@lexisnexis.com>
2f92b49
@wangkx wangkx was assigned
@richardkchapman

If this is for 3.8 (as the original issue is targetted) then it will need to be rebased onto 3.8.x

ghalliday and others added some commits
@ghalliday ghalliday Fix regression if memory leak option is enabled
Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>
d93837f
@RussWhitehead RussWhitehead Remove 'break' from if stmt
Inadvertently left a 'break' in what used to be a switch and is
now an 'if'

Signed-off-by: William Whitehead <william.whitehead@lexisnexis.com>
83332ac
@richardkchapman richardkchapman Merge pull request #2194 from RussWhitehead/break
Fix build break

Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
1eb0366
@richardkchapman richardkchapman Merge pull request #2193 from ghalliday/memleakbreak
Fix regression if memory leak option is enabled

Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
3dac26b
@wangkx wangkx Fix gh-#2065 Replace 'SMC' in ECLWatch/ConfigMgr UI
Existing ECLWatch Permission area shows 'SMC' as feature name.
This fix changes it to better names. Most of the changes are
in environment.xml and other deployment scripts which create
the term into esp.xml. It is decided to rename the 'ESP
Services for SMC' to be 'ESP Services for management console'
and rename the 'Root access to SMC service' to be 'Base
access to ESP services'. This fix also changes the term
'espsmc' to 'eclwatch'.

Signed-off-by: Kevin Wang <kevin.wang@lexisnexis.com>
1d9141c
@wangkx
Collaborator

@afishbeck I made the changes based on our discussion today. Please review.

@afishbeck
Collaborator

looks like may need a rebase?

@wangkx
Collaborator

@afishbeck I did.

@wangkx wangkx closed this
@afishbeck

I think even changing this could disconnect us from some existing settings, no?

@afishbeck

Can even just changing this mean we won't find some existing settings?

Collaborator

@afishbeck Yes, the existing setting will not be found. I may check both existing 'SmcAccess' and new 'BaseAccess' in this service to avoid the problem. Any other suggestion?

Collaborator

Might be easier just to keep it SmcAccess?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 26, 2012
  1. @stuartort

    gh-2166 Add the ability to properly activate / deactive package sets

    stuartort authored
    Signed-off-by: Stuart Ort <stuart.ort@lexisnexis.com>
Commits on Apr 27, 2012
  1. @ghalliday

    Restructure child dataset flags so they are more useful

    ghalliday authored
    This change only modifies the values for the different flags.
    It means that the values can be masked to determine subsets of the
    information (e.g., does it refer to LEFT/RIGHT), does it have a single
    input dataset.
    
    Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>
Commits on Apr 30, 2012
  1. @richardkchapman

    Merge pull request #2180 from ghalliday/childflags

    richardkchapman authored
    Restructure child dataset flags so they are more useful
    
    Reviewed-By: Renato Golin <rengolin@hpccsystems.com>
    Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
  2. @RussWhitehead @richardkchapman

    Report "ESP Password Expired" to user

    RussWhitehead authored richardkchapman committed
    If a user's password is expired, report that error to the user instead of
    misleading "Invalid Credentials" error.
    
    Signed-off-by: William Whitehead <william.whitehead@lexisnexis.com>
  3. @richardkchapman

    Merge pull request #2173 from stuartort/pkg_activate

    richardkchapman authored
    Package activate
    
    Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
  4. @richardkchapman

    Merge pull request #2189 from richardkchapman/ldapPWExpired

    richardkchapman authored
    Report password expired error to ESP user
    
    Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
  5. @richardkchapman

    Merge pull request #2191 from richardkchapman/precise-workaround-2187

    richardkchapman authored
    gh-2187 hpcc-init fails to stop thor on Ubuntu 12.04
    
    Reviewed-By: Jake Smith <jake.smith@lexisnexis.com>
  6. @ghalliday

    Fix regression if memory leak option is enabled

    ghalliday authored
    Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>
  7. @RussWhitehead

    Remove 'break' from if stmt

    RussWhitehead authored
    Inadvertently left a 'break' in what used to be a switch and is
    now an 'if'
    
    Signed-off-by: William Whitehead <william.whitehead@lexisnexis.com>
  8. @richardkchapman

    Merge pull request #2194 from RussWhitehead/break

    richardkchapman authored
    Fix build break
    
    Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
  9. @richardkchapman

    Merge pull request #2193 from ghalliday/memleakbreak

    richardkchapman authored
    Fix regression if memory leak option is enabled
    
    Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>
  10. @wangkx

    Fix gh-#2065 Replace 'SMC' in ECLWatch/ConfigMgr UI

    wangkx authored
    Existing ECLWatch Permission area shows 'SMC' as feature name.
    This fix changes it to better names. Most of the changes are
    in environment.xml and other deployment scripts which create
    the term into esp.xml. It is decided to rename the 'ESP
    Services for SMC' to be 'ESP Services for management console'
    and rename the 'Root access to SMC service' to be 'Base
    access to ESP services'. This fix also changes the term
    'espsmc' to 'eclwatch'.
    
    Signed-off-by: Kevin Wang <kevin.wang@lexisnexis.com>
This page is out of date. Refresh to see the latest.
Showing with 177 additions and 114 deletions.
  1. +1 −1  deployment/envgen/main.cpp
  2. +4 −2 ecl/ecl-package/ecl-package.cpp
  3. +1 −1  ecl/eclcc/eclcc.cpp
  4. +46 −15 ecl/hql/hqlexpr.hpp
  5. +4 −1 esp/bindings/http/platform/httpbinding.cpp
  6. +32 −10 esp/bindings/http/platform/httpservice.cpp
  7. +4 −2 esp/services/ws_access/ws_accessService.cpp
  8. +1 −1  esp/services/ws_account/ws_accountService.cpp
  9. +1 −1  esp/services/ws_smc/ws_smcService.cpp
  10. +1 −1  initfiles/componentfiles/configxml/@temp/esp_service_WsSMC.xsl
  11. +6 −6 initfiles/componentfiles/configxml/buildsetCC.xml.in
  12. +1 −1  initfiles/componentfiles/configxml/cgencomplist_linux.xml
  13. +1 −1  initfiles/componentfiles/configxml/cgencomplist_win.xml
  14. +1 −1  initfiles/componentfiles/configxml/espsmcservice.xsd
  15. +2 −2 initfiles/componentfiles/configxml/espsmcservice.xsd.in
  16. +2 −2 initfiles/componentfiles/thor/stop_thor
  17. +19 −19 initfiles/etc/DIR_NAME/environment.xml.in
  18. +19 −7 system/security/LdapSecurity/ldapconnection.cpp
  19. +6 −16 system/security/LdapSecurity/ldapsecurity.cpp
  20. +4 −3 system/security/LdapSecurity/ldapsecurity.ipp
  21. +5 −14 system/security/shared/SecureUser.hpp
  22. +5 −5 system/security/shared/basesecurity.cpp
  23. +11 −2 system/security/shared/seclib.hpp
View
2  deployment/envgen/main.cpp
@@ -102,7 +102,7 @@ void usage()
puts(" directory and to set eclwatch's enableSystemUseRewrite to true, the following options");
puts(" can be provided.");
puts(" \"-override DropZone,@directory,/mnt/disk1/mydropzone ");
- puts(" -override espsmc,@enableSystemUseRewrite,true\"");
+ puts(" -override eclwatch,@enableSystemUseRewrite,true\"");
puts(" -help: print out this usage.");
}
View
6 ecl/ecl-package/ecl-package.cpp
@@ -73,7 +73,7 @@ class EclCmdPackageActivate : public EclCmdCommon
return false;
if (optQuerySetName.isEmpty())
{
- fprintf(stdout, "\n ... Missing package name\n\n");
+ fprintf(stdout, "\n ... Missing query set name\n\n");
usage();
return false;
}
@@ -128,6 +128,8 @@ class EclCmdPackageDeActivate : public EclCmdCommon
optQuerySetName.set(arg);
break;
}
+ if (iter.matchOption(optPackageMap, ECLOPT_PACKAGEMAP))
+ continue;
switch (EclCmdCommon::matchCommandLineOption(iter))
{
case EclCmdOptionNoMatch:
@@ -147,7 +149,7 @@ class EclCmdPackageDeActivate : public EclCmdCommon
return false;
if (optQuerySetName.isEmpty())
{
- fprintf(stdout, "\n ... Missing package name\n\n");
+ fprintf(stdout, "\n ... Missing query set name\n\n");
usage();
return false;
}
View
2  ecl/eclcc/eclcc.cpp
@@ -1471,7 +1471,7 @@ bool EclCC::parseCommandLineOptions(int argc, const char* argv[])
if (optDebugMemLeak)
{
StringBuffer title;
- title.append(inputFiles.item(0).queryFilename()).newline();
+ title.append(inputFileNames.item(0)).newline();
initLeakCheck(title);
}
View
61 ecl/hql/hqlexpr.hpp
@@ -1691,25 +1691,56 @@ extern HQL_API unsigned queryCurrentTransformDepth(); // debug
extern HQL_API bool isExternalFunction(IHqlExpression * funcdef);
typedef enum {
- childdataset_none,
- childdataset_dataset_noscope, // single dataset but this operation doesn't use any fields from it.
- childdataset_dataset, // single dataset, fields are referenced by <dataset>.field
- childdataset_datasetleft, // single dataset, fields are referenced by <dataset>|LEFT.field
- childdataset_left, // single dataset, fields are referenced by LEFT.field
- childdataset_leftright, // two datasets, fields are referenced by LEFT|RIGHT.field
- childdataset_same_left_right, // single dataset, fields are referenced by LEFT|RIGHT.field
- childdataset_top_left_right, // single dataset, fields are referenced by <dataset>|LEFT|RIGHT.field
- childdataset_many_noscope, // multiple input files, no reference to any fields.
- childdataset_many, // multiple input files, fields reference by <active>.field
- childdataset_nway_left_right, // set of files for first parameter, fields accessed via LEFT and RIGHT
+ //Flags to indicate which datasets are available in scope
+ childdataset_hasnone = 0x0000, // dataset->queryNormalizedSelector()
+ childdataset_hasdataset = 0x0001, // dataset->queryNormalizedSelector()
+ childdataset_hasleft = 0x0002, // no_left
+ childdataset_hasright = 0x0004, // no_right
+ childdataset_hasactive = 0x0008, // no_activetable
+ childdataset_hasevaluate= 0x0010, // weird!
+
+ //Flags that indicate the number/type of the dataset parameters to the operator
+ childdataset_dsmask = 0xFF00,
+ childdataset_dsnone = 0x0000, // No datasets
+ childdataset_ds = 0x0100, // A single dataset
+ childdataset_dsds = 0x0200, // two datasets
+ childdataset_dschild = 0x0300, // a dataset with second dependent on the first (normalize)
+ childdataset_dsmany = 0x0400, // many datasetes
+ childdataset_dsset = 0x0500, // [set-of-datasets]
+ childdataset_dsif = 0x0600, // IF(<cond>, ds, ds)
+ childdataset_dscase = 0x0700, // CASE
+ childdataset_dsmap = 0x0800, // MAP
+
+ //Combinations of the two sets of flags above for the cases which are currently used.
+ childdataset_none = childdataset_dsnone|childdataset_hasnone,
+ childdataset_dataset_noscope = childdataset_ds|childdataset_none,
+ childdataset_dataset = childdataset_ds|childdataset_hasdataset,
+ childdataset_datasetleft = childdataset_ds|childdataset_hasdataset|childdataset_hasleft,
+ childdataset_left = childdataset_ds|childdataset_hasleft,
+ childdataset_leftright = childdataset_dsds|childdataset_hasleft|childdataset_hasright,
+ childdataset_same_left_right = childdataset_ds|childdataset_hasleft|childdataset_hasright,
+ childdataset_top_left_right = childdataset_ds|childdataset_hasdataset|childdataset_hasleft|childdataset_hasright,
+ childdataset_many_noscope = childdataset_dsmany|childdataset_none,
+ childdataset_many = childdataset_dsmany|childdataset_hasactive,
+ childdataset_nway_left_right = childdataset_dsset|childdataset_hasleft|childdataset_hasright,
+
//weird exceptions
- childdataset_evaluate, // EVALUATE
- childdataset_if, // IF - second and third are datasets
- childdataset_case, // CASE
- childdataset_map, // MAP
+ childdataset_evaluate = childdataset_ds|childdataset_hasevaluate,
+ childdataset_if = childdataset_dsif|childdataset_none,
+ childdataset_case = childdataset_dscase|childdataset_none,
+ childdataset_map = childdataset_dsmap|childdataset_none,
childdataset_max
} childDatasetType;
extern HQL_API childDatasetType getChildDatasetType(IHqlExpression * expr);
+inline bool hasLeft(childDatasetType value) { return (value & childdataset_hasleft) != 0; }
+inline bool hasRight(childDatasetType value) { return (value & childdataset_hasright) != 0; }
+inline bool hasLeftRight(childDatasetType value) { return (value & (childdataset_hasleft|childdataset_hasright)) == (childdataset_hasleft|childdataset_hasright); }
+inline bool hasSameLeftRight(childDatasetType value)
+{
+ return hasLeftRight(value) &&
+ (((value & childdataset_dsmask) == childdataset_ds) ||
+ ((value & childdataset_dsmask) == childdataset_dsset));
+}
// To improve error message.
extern HQL_API StringBuffer& getFriendlyTypeStr(IHqlExpression* e, StringBuffer& s);
View
5 esp/bindings/http/platform/httpbinding.cpp
@@ -551,7 +551,10 @@ bool EspHttpBinding::basicAuth(IEspContext* ctx)
bool authenticated = m_secmgr->authorize(*user, rlist);
if(!authenticated)
{
- ctx->AuditMessage(AUDIT_TYPE_ACCESS_FAILURE, "Authentication", "Access Denied: User or password invalid", NULL);
+ if (user->getAuthenticateStatus() == AS_PASSWORD_EXPIRED)
+ ctx->AuditMessage(AUDIT_TYPE_ACCESS_FAILURE, "Authentication", "ESP password is expired", NULL);
+ else
+ ctx->AuditMessage(AUDIT_TYPE_ACCESS_FAILURE, "Authentication", "Access Denied: User or password invalid", NULL);
return false;
}
bool authorized = true;
View
42 esp/bindings/http/platform/httpservice.cpp
@@ -173,8 +173,19 @@ bool CEspHttpServer::rootAuth(IEspContext* ctx)
ret=true;
else
{
- DBGLOG("User authentication required");
- m_response->sendBasicChallenge(thebinding->getChallengeRealm(), true);
+ ISecUser *user = ctx->queryUser();
+ if (user && user->getAuthenticateStatus() == AS_PASSWORD_EXPIRED)
+ {
+ DBGLOG("ESP password expired for %s", user->getName());
+ m_response->setContentType(HTTP_TYPE_TEXT_PLAIN);
+ m_response->setContent("Your ESP password has expired");
+ m_response->send();
+ }
+ else
+ {
+ DBGLOG("User authentication required");
+ m_response->sendBasicChallenge(thebinding->getChallengeRealm(), true);
+ }
}
}
@@ -422,16 +433,27 @@ int CEspHttpServer::processRequest()
if (authState==authRequired)
{
- DBGLOG("User authentication required");
- StringBuffer realmbuf;
- if(thebinding)
- realmbuf.append(thebinding->getChallengeRealm());
- if(realmbuf.length() == 0)
- realmbuf.append("ESP");
- m_response->sendBasicChallenge(realmbuf.str(), !isSoapPost);
+ ISecUser *user = ctx->queryUser();
+ if (user && user->getAuthenticateStatus() == AS_PASSWORD_EXPIRED)
+ {
+ DBGLOG("ESP password expired for %s", user->getName());
+ m_response->setContentType(HTTP_TYPE_TEXT_PLAIN);
+ m_response->setContent("Your ESP password has expired");
+ m_response->send();
+ }
+ else
+ {
+ DBGLOG("User authentication required");
+ StringBuffer realmbuf;
+ if(thebinding)
+ realmbuf.append(thebinding->getChallengeRealm());
+ if(realmbuf.length() == 0)
+ realmbuf.append("ESP");
+ m_response->sendBasicChallenge(realmbuf.str(), !isSoapPost);
+ }
return 0;
}
-
+
// authenticate optional groups
if (authenticateOptionalFailed(*ctx,thebinding))
throw createEspHttpException(401,"Unauthorized Access","Unauthorized Access");
View
6 esp/services/ws_access/ws_accessService.cpp
@@ -141,7 +141,9 @@ void Cws_accessEx::init(IPropertyTree *cfg, const char *process, const char *ser
else
head.append(colon - bptr, bptr);
- if(stricmp(head.str(), "WsAttributesAccess") == 0)
+ if(strieq(head.str(), "SMC"))
+ head.clear().append("Management Console");
+ else if(stricmp(head.str(), "WsAttributesAccess") == 0)
continue;
Owned<IEspDnStruct> onedn = createDnStruct();
@@ -649,7 +651,7 @@ bool Cws_accessEx::onAddUser(IEspContext &context, IEspAddUserRequest &req, IEsp
resp.setRetmsg("username can't be empty");
return false;
}
- if(strchr(username, (int)' '))
+ if(strchr(username, ' '))
{
resp.setRetcode(-1);
resp.setRetmsg("Username can't contain spaces");
View
2  esp/services/ws_account/ws_accountService.cpp
@@ -189,7 +189,7 @@ bool Cws_accountEx::onVerifyUser(IEspContext &context, IEspVerifyUserRequest &re
try
{
ISecUser* usr = context.queryUser();
- if(!usr || !usr->isAuthenticated())
+ if(!usr || usr->getAuthenticateStatus() != AS_AUTHENTICATED)
{
resp.setRetcode(-1);
return false;
View
2  esp/services/ws_smc/ws_smcService.cpp
@@ -30,7 +30,7 @@
#include "dfuwu.hpp"
#include "exception_util.hpp"
-static const char* FEATURE_URL = "SmcAccess";
+static const char* FEATURE_URL = "BaseAccess";
const char* THORQUEUE_FEATURE = "ThorQueueAccess";
const char* PERMISSIONS_FILENAME = "espsmc_permissions.xml";
View
2  initfiles/componentfiles/configxml/@temp/esp_service_WsSMC.xsl
@@ -26,7 +26,7 @@ xmlns:seisint="http://seisint.com" xmlns:set="http://exslt.org/sets" exclude-re
<xsl:param name="instance" select="'rmoondhra'"/>
<xsl:param name="outputFilePath" select="'c:\development\deployment\xmlenv\dummy.xml'"/>
<xsl:param name="isLinuxInstance" select="0"/>
- <xsl:param name="espServiceName" select="'espsmc'"/>
+ <xsl:param name="espServiceName" select="'eclwatch'"/>
<xsl:template match="text()"/>
View
12 initfiles/componentfiles/configxml/buildsetCC.xml.in
@@ -93,7 +93,7 @@
schema="esp.xsd"/>
<BuildSet deployable="no"
installSet="deploy_map.xml"
- name="espsmc"
+ name="eclwatch"
path="componentfiles/espsmc"
processName="EspService"
schema="espsmcservice.xsd">
@@ -102,13 +102,13 @@
defaultSecurePort="18010"
type="WsSMC">
<Authenticate access="Read"
- description="Root access to SMC service"
+ description="Base access to ESP services"
path="/"
required="Read"
- resource="SmcAccess"/>
- <AuthenticateFeature description="Access to SMC service"
- path="SmcAccess"
- resource="SmcAccess"
+ resource="BaseAccess"/>
+ <AuthenticateFeature description="Base access to ESP services"
+ path="BaseAccess"
+ resource="BaseAccess"
service="ws_smc"/>
<AuthenticateFeature description="Access to thor queues"
path="ThorQueueAccess"
View
2  initfiles/componentfiles/configxml/cgencomplist_linux.xml
@@ -84,7 +84,7 @@
<Component name="espjavelinapiau" processName='EspService' schema='espjavelinapi.xsd' deployable='no'>
<File name="@temp/esp_service_javelinapiau.xsl" method="esp_service_module"/>
</Component>
- <Component name="espsmc" processName='EspService' schema='espsmcservice.xsd' deployable='no'>
+ <Component name="eclwatch" processName='EspService' schema='espsmcservice.xsd' deployable='no'>
<File name="plugins.xsl" method="esp_plugin" destName="plugins.xml" destPath="@temp"/>
<File name="@temp/esp_service_WsSMC.xsl" method="esp_service_module"/>
</Component>
View
2  initfiles/componentfiles/configxml/cgencomplist_win.xml
@@ -87,7 +87,7 @@
<Component name="espjavelinapiau" processName='EspService' schema='espjavelinapi.xsd' deployable='no'>
<File name="@temp\esp_service_javelinapiau.xsl" method="esp_service_module"/>
</Component>
- <Component name="espsmc" processName='EspService' schema='espsmcservice.xsd' deployable='no'>
+ <Component name="eclwatch" processName='EspService' schema='espsmcservice.xsd' deployable='no'>
<File name="plugins.xsl" method="esp_plugin" destName="plugins.xml" destPath="@temp"/>
<File name="@temp\esp_service_WsSMC.xsl" method="esp_service_module"/>
</Component>
View
2  initfiles/componentfiles/configxml/espsmcservice.xsd
@@ -39,7 +39,7 @@
</xs:appinfo>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="name" type="xs:string" use="optional" default="espsmc">
+ <xs:attribute name="name" type="xs:string" use="optional" default="eclwatch">
<xs:annotation>
<xs:appinfo>
<required>true</required>
View
4 initfiles/componentfiles/configxml/espsmcservice.xsd.in
@@ -39,7 +39,7 @@
</xs:appinfo>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="name" type="xs:string" use="optional" default="espsmc">
+ <xs:attribute name="name" type="xs:string" use="optional" default="eclwatch">
<xs:annotation>
<xs:appinfo>
<required>true</required>
@@ -49,7 +49,7 @@
</xs:appinfo>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="description" type="xs:string" use="optional" default="ESP services for SMC">
+ <xs:attribute name="description" type="xs:string" use="optional" default="ESP services for Management Console">
<xs:annotation>
<xs:appinfo>
<tooltip>Description for this process</tooltip>
View
4 initfiles/componentfiles/thor/stop_thor
@@ -44,7 +44,7 @@ if [ "$#" -lt "2" ] || [ "$2" != "keep_sentinel" ]; then
sleep 1
fi
-masterproc="thormaster_$THORNAME"
+masterproc="$instancedir/thormaster_$THORNAME"
while [ "`${PIDOF} $masterproc`" != "" ]
do
echo --------------------------
@@ -58,7 +58,7 @@ done
echo --------------------------
echo stopping thor slaves
-slaveproc="thorslave_$THORNAME"
+slaveproc="$instancedir/thorslave_$THORNAME"
if [ "$localthor" = "true" ]; then
killall -9 $slaveproc
else
View
38 initfiles/etc/DIR_NAME/environment.xml.in
@@ -86,7 +86,7 @@
schema="esp.xsd"/>
<BuildSet deployable="no"
installSet="deploy_map.xml"
- name="espsmc"
+ name="eclwatch"
path="componentfiles/espsmc"
processName="EspService"
schema="espsmcservice.xsd">
@@ -95,13 +95,13 @@
defaultSecurePort="18010"
type="WsSMC">
<Authenticate access="Read"
- description="Root access to SMC service"
+ description="Base access to ESP services"
path="/"
required="Read"
- resource="SmcAccess"/>
- <AuthenticateFeature description="Access to SMC service"
- path="SmcAccess"
- resource="SmcAccess"
+ resource="BaseAccess"/>
+ <AuthenticateFeature description="Base access to ESP services"
+ path="BaseAccess"
+ resource="BaseAccess"
service="ws_smc"/>
<AuthenticateFeature description="Access to thor queues"
path="ThorQueueAccess"
@@ -491,7 +491,7 @@
method="none"/>
<EspBinding defaultForPort="true"
defaultServiceVersion=""
- name="smc"
+ name="eclwatch"
port="8010"
protocol="http"
resourcesBasedn="ou=SMC,ou=EspServices,ou=ecl"
@@ -499,14 +499,14 @@
workunitsBasedn="ou=workunits,ou=ecl"
wsdlServiceAddress="">
<Authenticate access="Read"
- description="Root access to SMC service"
+ description="Base access to ESP services"
path="/"
required="Read"
- resource="SmcAccess"/>
+ resource="BaseAccess"/>
<AuthenticateFeature authenticate="Yes"
- description="Access to SMC service"
- path="SmcAccess"
- resource="SmcAccess"
+ description="Base access to ESP services"
+ path="BaseAccess"
+ resource="BaseAccess"
service="ws_smc"/>
<AuthenticateFeature authenticate="Yes"
description="Access to thor queues"
@@ -668,8 +668,8 @@
<EspService allowNewRoxieOnDemandQuery="false"
AWUsCacheTimeout="15"
build="${projname}_${version}-${stagever}"
- buildSet="espsmc"
- description="ESP services for SMC"
+ buildSet="eclwatch"
+ description="ESP services for Management Console"
disableUppercaseTranslation="false"
enableSystemUseRewrite="false"
excludePartitions="/,/dev*,/sys,/usr,/proc/*"
@@ -687,13 +687,13 @@
defaultSecurePort="18010"
type="WsSMC">
<Authenticate access="Read"
- description="Root access to SMC service"
+ description="Base access to ESP services"
path="/"
required="Read"
- resource="SmcAccess"/>
- <AuthenticateFeature description="Access to SMC service"
- path="SmcAccess"
- resource="SmcAccess"
+ resource="BaseAccess"/>
+ <AuthenticateFeature description="Base access to ESP services"
+ path="BaseAccess"
+ resource="BaseAccess"
service="ws_smc"/>
<AuthenticateFeature description="Access to thor queues"
path="ThorQueueAccess"
View
26 system/security/LdapSecurity/ldapconnection.cpp
@@ -998,6 +998,7 @@ class CLdapClient : public CInterface, implements ILdapClient
char *attribute, **values;
BerElement *ber;
struct berval** bvalues = NULL;
+ user.setAuthenticateStatus(AS_UNEXPECTED_ERROR);//assume the worst
const char* username = user.getName();
const char* password = user.credentials().getPassword();
@@ -1016,11 +1017,12 @@ class CLdapClient : public CInterface, implements ILdapClient
if(strcmp(password, m_ldapconfig->getSysUserPassword()) == 0)
{
user.setFullName(m_ldapconfig->getSysUserCommonName());
- user.setAuthenticated(true);
+ user.setAuthenticateStatus(AS_AUTHENTICATED);
return true;
}
else
{
+ user.setAuthenticateStatus(AS_INVALID_CREDENTIALS);
return false;
}
}
@@ -1066,6 +1068,7 @@ class CLdapClient : public CInterface, implements ILdapClient
if(result != LDAP_SUCCESS)
{
DBGLOG("ldap_search_ext_s error: %s, when searching %s under %s", ldap_err2string( result ), filter.str(), m_ldapconfig->getSysUserBasedn());
+ user.setAuthenticateStatus(AS_INVALID_CREDENTIALS);
return false;
}
@@ -1073,6 +1076,7 @@ class CLdapClient : public CInterface, implements ILdapClient
if(entries == 0)
{
DBGLOG("LDAP: User %s not found", username);
+ user.setAuthenticateStatus(AS_INVALID_CREDENTIALS);
return false;
}
}
@@ -1104,11 +1108,10 @@ class CLdapClient : public CInterface, implements ILdapClient
user.setLastName(values[0]);
ldap_value_free( values );
}
- else if((stricmp(attribute, "userAccountControl") == 0) && (bvalues = ldap_get_values_len(sys_ld, entry, attribute)) != NULL )
+ else if((stricmp(attribute, "userAccountControl") == 0) && ( values = ldap_get_values( sys_ld, entry, attribute)) != NULL )
{
- struct berval* val = bvalues[0];
-// //UF_DONT_EXPIRE_PASSWD 0x10000
- if (atoi(val->bv_val) & 0x10000)//this can be true at the account level, even if domain policy requires password
+ //UF_DONT_EXPIRE_PASSWD 0x10000
+ if (atoi((char*)values[0]) & 0x10000)//this can be true at the account level, even if domain policy requires password
m_passwordNeverExpires = true;
ldap_value_free( values );
}
@@ -1202,10 +1205,19 @@ class CLdapClient : public CInterface, implements ILdapClient
}
if(rc != LDAP_SUCCESS)
{
- DBGLOG("LDAP: Authentication for user %s failed - %s", username, ldap_err2string(rc));
+ if (user.getPasswordDaysRemaining() == -1)
+ {
+ DBGLOG("ESP Password Expired for user %s", username);
+ user.setAuthenticateStatus(AS_PASSWORD_EXPIRED);
+ }
+ else
+ {
+ DBGLOG("LDAP: Authentication for user %s failed - %s", username, ldap_err2string(rc));
+ user.setAuthenticateStatus(AS_INVALID_CREDENTIALS);
+ }
return false;
}
- user.setAuthenticated(true);
+ user.setAuthenticateStatus(AS_AUTHENTICATED);
}
//Always retrieve user info(SID, UID, fullname, etc) for Active Directory, when the user first logs in.
if((m_ldapconfig->getServerType() == ACTIVE_DIRECTORY) && (m_pp != NULL))
View
22 system/security/LdapSecurity/ldapsecurity.cpp
@@ -29,9 +29,9 @@
* CLdapSecUser *
**********************************************************/
CLdapSecUser::CLdapSecUser(const char *name, const char *pw) :
- m_pw(pw), m_isAuthenticated(false)
+ m_pw(pw), m_authenticateStatus(AS_UNKNOWN)
{
- setName(name);
+ setName(name);
}
CLdapSecUser::~CLdapSecUser()
@@ -39,10 +39,6 @@ CLdapSecUser::~CLdapSecUser()
}
//non-interfaced functions
-void CLdapSecUser::setAuthenticated(bool authenticated)
-{
- m_isAuthenticated = authenticated;
-}
void CLdapSecUser::setUserID(unsigned userid)
{
m_userid = userid;
@@ -156,12 +152,6 @@ bool CLdapSecUser::setPeer(const char *Peer)
}
-bool CLdapSecUser::isAuthenticated()
-{
- return m_isAuthenticated;
-}
-
-
ISecCredentials & CLdapSecUser::credentials()
{
return *this;
@@ -201,7 +191,7 @@ void CLdapSecUser::copyTo(ISecUser& destination)
if(!dest)
return;
- dest->setAuthenticated(isAuthenticated());
+ dest->setAuthenticateStatus(getAuthenticateStatus());
dest->setName(getName());
dest->setFullName(getFullName());
dest->setFirstName(getFirstName());
@@ -585,12 +575,12 @@ bool CLdapSecManager::authenticate(ISecUser* user)
if(!user)
return false;
- if(user->isAuthenticated())
+ if(user->getAuthenticateStatus() == AS_AUTHENTICATED)
return true;
if(m_permissionsCache.isCacheEnabled() && !m_usercache_off && m_permissionsCache.lookup(*user))
{
- user->setAuthenticated(true);
+ user->setAuthenticateStatus(AS_AUTHENTICATED);
return true;
}
@@ -600,7 +590,7 @@ bool CLdapSecManager::authenticate(ISecUser* user)
if(m_permissionsCache.isCacheEnabled() && !m_usercache_off)
m_permissionsCache.add(*user);
- user->setAuthenticated(true);
+ user->setAuthenticateStatus(AS_AUTHENTICATED);
}
return ok;
View
7 system/security/LdapSecurity/ldapsecurity.ipp
@@ -45,7 +45,7 @@ private:
StringAttr m_pw;
StringAttr m_Fqdn;
StringAttr m_Peer;
- bool m_isAuthenticated;
+ authStatus m_authenticateStatus;
CDateTime m_passwordExpiration;//local time
unsigned m_userid;
MemoryBuffer m_usersid;
@@ -70,7 +70,6 @@ public:
virtual ~CLdapSecUser();
//non-interfaced functions
- virtual void setAuthenticated(bool authenticated);
void setUserID(unsigned userid);
void setUserSid(int sidlen, const char* sid);
MemoryBuffer& getUserSid();
@@ -85,7 +84,6 @@ public:
virtual bool setLastName(const char * lname);
const char * getRealm();
bool setRealm(const char * name);
- bool isAuthenticated();
ISecCredentials & credentials();
virtual unsigned getUserID();
virtual void copyTo(ISecUser& source);
@@ -131,6 +129,9 @@ public:
return numDays;
}
+ authStatus getAuthenticateStatus() { return m_authenticateStatus; }
+ void setAuthenticateStatus(authStatus status){ m_authenticateStatus = status; }
+
ISecUser * clone();
virtual void setProperty(const char* name, const char* value){}
virtual const char* getProperty(const char* name){ return "";}
View
19 system/security/shared/SecureUser.hpp
@@ -32,7 +32,7 @@ class CSecureUser : public CInterface,
StringBuffer m_name;
StringBuffer m_pw;
StringBuffer m_encodedPw;
- bool m_isAuthenticated;
+ authStatus m_authenticateStatus;
StringBuffer m_fullname;
StringBuffer m_firstname;
StringBuffer m_lastname;
@@ -47,7 +47,7 @@ class CSecureUser : public CInterface,
IMPLEMENT_IINTERFACE
CSecureUser(const char *name, const char *pw) :
- m_name(name), m_pw(pw), m_isAuthenticated(false),m_userID(0), m_status(SecUserStatus_Unknown)
+ m_name(name), m_pw(pw), m_authenticateStatus(AS_UNKNOWN), m_userID(0), m_status(SecUserStatus_Unknown)
{
}
@@ -55,11 +55,6 @@ class CSecureUser : public CInterface,
{
}
- virtual void setAuthenticated(bool authenticated)
- {
- m_isAuthenticated = authenticated;
- }
-
//interface ISecUser
const char * getName()
{
@@ -148,11 +143,6 @@ class CSecureUser : public CInterface,
return true;
}
- bool isAuthenticated()
- {
- return m_isAuthenticated;
- }
-
ISecCredentials & credentials()
{
return *this;
@@ -212,10 +202,12 @@ class CSecureUser : public CInterface,
virtual CDateTime & getPasswordExpiration(CDateTime& expirationDate){ assertex(false); return expirationDate; }
virtual bool setPasswordExpiration(CDateTime& expirationDate) { assertex(false);return true; }
virtual int getPasswordDaysRemaining() {assertex(false);return -1;}
+ virtual authStatus getAuthenticateStatus() {return m_authenticateStatus;}
+ virtual void setAuthenticateStatus(authStatus status){m_authenticateStatus = status;}
virtual void copyTo(ISecUser& destination)
{
- destination.setAuthenticated(isAuthenticated());
+ destination.setAuthenticateStatus(getAuthenticateStatus());
destination.setName(getName());
destination.setFullName(getFullName());
destination.setFirstName(getFirstName());
@@ -227,7 +219,6 @@ class CSecureUser : public CInterface,
CDateTime tmpTime;
destination.setPasswordExpiration(getPasswordExpiration(tmpTime));
destination.setStatus(getStatus());
-
if(m_parameters.get()==NULL)
return;
CriticalBlock b(crit);
View
10 system/security/shared/basesecurity.cpp
@@ -138,7 +138,7 @@ bool CBaseSecurityManager::unsubscribe(ISecAuthenticEvents & events)
bool CBaseSecurityManager::authorize(ISecUser & sec_user, ISecResourceList * Resources)
{
- if(!sec_user.isAuthenticated())
+ if(sec_user.getAuthenticateStatus() != AS_AUTHENTICATED)
{
bool bOk = ValidateUser(sec_user);
if(bOk == false)
@@ -389,7 +389,7 @@ bool CBaseSecurityManager::ValidateUser(ISecUser & sec_user)
{
//we seem to be coming from a different peer... this is not good
WARNLOG("Found user %d in cache, but have to re-validate IP, because it was coming from %s but is now coming from %s",sec_user.getUserID(), cachedclientip, clientip.str());
- sec_user.setAuthenticated(false);
+ sec_user.setAuthenticateStatus(AS_INVALID_CREDENTIALS);
sec_user.setPeer(clientip.str());
m_permissionsCache.removeFromUserCache(sec_user);
bReturn = false;
@@ -411,7 +411,7 @@ bool CBaseSecurityManager::ValidateUser(ISecUser & sec_user)
if(bReturn)
{
- sec_user.setAuthenticated(true);
+ sec_user.setAuthenticateStatus(AS_AUTHENTICATED);
return true;
}
}
@@ -428,13 +428,13 @@ bool CBaseSecurityManager::ValidateUser(ISecUser & sec_user)
if(ValidateSourceIP(sec_user,m_safeIPList)==false)
{
ERRLOG("IP check failed for user:%s coming from %s",sec_user.getName(),sec_user.getPeer());
- sec_user.setAuthenticated(false);
+ sec_user.setAuthenticateStatus(AS_INVALID_CREDENTIALS);
return false;
}
}
if(m_permissionsCache.isCacheEnabled())
m_permissionsCache.add(sec_user);
- sec_user.setAuthenticated(true);
+ sec_user.setAuthenticateStatus(AS_AUTHENTICATED);
}
return true;
}
View
13 system/security/shared/seclib.hpp
@@ -131,6 +131,15 @@ interface ISecCredentials : extends IInterface
virtual int getPasswordDaysRemaining() = 0;
};
+//LDAP authentication status
+enum authStatus
+{
+ AS_AUTHENTICATED = 0,
+ AS_UNKNOWN = 1,//have not attempted to authenticate
+ AS_UNEXPECTED_ERROR = 2,
+ AS_INVALID_CREDENTIALS = 3,
+ AS_PASSWORD_EXPIRED = 4
+};
class CDateTime;
interface ISecUser : extends IInterface
@@ -151,8 +160,8 @@ interface ISecUser : extends IInterface
virtual bool setPeer(const char * Peer) = 0;
virtual SecUserStatus getStatus() = 0;
virtual bool setStatus(SecUserStatus Status) = 0;
- virtual bool isAuthenticated() = 0;
- virtual void setAuthenticated(bool authenticated) = 0;
+ virtual authStatus getAuthenticateStatus() = 0;
+ virtual void setAuthenticateStatus(authStatus status) = 0;
virtual ISecCredentials & credentials() = 0;
virtual unsigned getUserID() = 0;
virtual void copyTo(ISecUser & destination) = 0;
Something went wrong with that request. Please try again.