Modified: webservices/rampart/trunk/c/src/util/rampart_username_token.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_username_token.c?rev=574450&r1=574449&r2=574450&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_username_token.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_username_token.c Mon Sep 10 21:41:08 2007 @@ -73,8 +73,8 @@ username = rampart_context_get_user(rampart_context, env); if(!username) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] User is not specified."); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] User is not specified."); return AXIS2_FAILURE; } @@ -88,8 +88,8 @@ param = rampart_context_get_ctx(rampart_context, env); if(!param) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] Param is not set."); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] Param is not set."); return AXIS2_FAILURE; } password = (*password_function)(env, username, param); @@ -99,8 +99,8 @@ password_callback = rampart_context_get_password_callback(rampart_context, env); if(!password_callback) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] password callback module is not loaded. ERROR"); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] password callback module is not loaded. ERROR"); return AXIS2_FAILURE; } password = rampart_callback_password(env, password_callback, username); @@ -108,8 +108,8 @@ } if (!password) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] Cannot find the password for user %s. ERROR", username); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] Cannot find the password for user %s. ERROR", username); return AXIS2_FAILURE; } @@ -129,8 +129,8 @@ { axiom_namespace_increment_ref(sec_ns_obj, env); - un_ele = axiom_element_create(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_USERNAME, sec_ns_obj, &un_node); + un_ele = axiom_element_create(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_USERNAME, sec_ns_obj, &un_node); if (un_ele) { axiom_element_set_text(un_ele, env, username, un_node); @@ -138,7 +138,7 @@ password_type = rampart_context_get_password_type(rampart_context, env); if(!password_type) - { + { password_type = RAMPART_PASSWORD_TEXT; } @@ -154,29 +154,29 @@ axiom_namespace_increment_ref(sec_ns_obj, env); - pw_ele = axiom_element_create(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node); + pw_ele = axiom_element_create(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node); if (pw_ele) { axiom_element_set_text(pw_ele, env, digest_val, pw_node); - om_attr = axiom_attribute_create(env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE, - RAMPART_PASSWORD_DIGEST_URI, NULL); + om_attr = axiom_attribute_create(env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE, + RAMPART_PASSWORD_DIGEST_URI, NULL); axiom_element_add_attribute(pw_ele, env, om_attr, pw_node); } - nonce_ele = axiom_element_create(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_NONCE, sec_ns_obj, &nonce_node); + nonce_ele = axiom_element_create(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_NONCE, sec_ns_obj, &nonce_node); if (nonce_ele) { axiom_element_set_text(nonce_ele, env, nonce_val , nonce_node); } - created_ele = axiom_element_create(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_CREATED, wsu_ns_obj, &created_node); + created_ele = axiom_element_create(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_CREATED, wsu_ns_obj, &created_node); if (created_ele) { axiom_element_set_text(created_ele, env, created_val, created_node); @@ -200,14 +200,14 @@ else /*default is passwordText*/ { - pw_ele = axiom_element_create(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node); + pw_ele = axiom_element_create(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node); if (pw_ele) { axiom_element_set_text(pw_ele, env, password, pw_node); - om_attr = axiom_attribute_create(env, - RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE, RAMPART_PASSWORD_TEXT_URI, NULL); + om_attr = axiom_attribute_create(env, + RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE, RAMPART_PASSWORD_TEXT_URI, NULL); axiom_element_add_attribute(pw_ele, env, om_attr, pw_node); } @@ -246,37 +246,37 @@ ut_ele = axiom_node_get_data_element(ut_node, env); if(!ut_ele) - { - + { + return AXIS2_FAILURE; } /*Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD*/ - if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, RAMPART_WSSE_XMLNS, RAMPART_WSSE)) + if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, RAMPART_WSSE_XMLNS, RAMPART_WSSE)) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Username token must not have more than one password"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Username token must not have more than one password"); return AXIS2_FAILURE; } /*Check: Any USERNAME_TOKEN MUST NOT have more than one CREATED*/ - if (1 < oxs_axiom_get_number_of_children_with_qname(env, - ut_node, RAMPART_SECURITY_USERNAMETOKEN_CREATED, RAMPART_WSSE_XMLNS, RAMPART_WSSE)) + if (1 < oxs_axiom_get_number_of_children_with_qname(env, + ut_node, RAMPART_SECURITY_USERNAMETOKEN_CREATED, RAMPART_WSSE_XMLNS, RAMPART_WSSE)) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Username token must not have more than one creted element"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Username token must not have more than one creted element"); return AXIS2_FAILURE; } /*Check: Any USERNAME_TOKEN MUST NOT have more than one NONCE*/ - if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, - RAMPART_SECURITY_USERNAMETOKEN_NONCE, RAMPART_WSSE_XMLNS, RAMPART_WSSE)) + if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, + RAMPART_SECURITY_USERNAMETOKEN_NONCE, RAMPART_WSSE_XMLNS, RAMPART_WSSE)) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Username token must not have more than one nonce element"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Username token must not have more than one nonce element"); return AXIS2_FAILURE; } @@ -295,43 +295,43 @@ element = axiom_node_get_data_element(node, env); localname = axiom_element_get_localname(element, env); - if (0 == axutil_strcmp(localname, - RAMPART_SECURITY_USERNAMETOKEN_USERNAME)) + if (0 == axutil_strcmp(localname, + RAMPART_SECURITY_USERNAMETOKEN_USERNAME)) { username = axiom_element_get_text(element, env, node); } - else if (0 == axutil_strcmp(localname , - RAMPART_SECURITY_USERNAMETOKEN_PASSWORD)) + else if (0 == axutil_strcmp(localname , + RAMPART_SECURITY_USERNAMETOKEN_PASSWORD)) { - password_type = axiom_element_get_attribute_value_by_name(element, - env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE); + password_type = axiom_element_get_attribute_value_by_name(element, + env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE); if (!password_type) { /*R4201 Any PASSWORD MUST specify a Type attribute */ - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Password Type is not specified in the password element"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Password Type is not specified in the password element"); return AXIS2_FAILURE; } /*Then we must check the password type with policy*/ password_type_pol = rampart_context_get_password_type(rampart_context, env); if(!password_type_pol) - { + { password_type_pol = RP_PLAINTEXT; - } + } if(axutil_strcmp(password_type_pol, RP_DIGEST)==0) { if(0 != axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI)) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][shp] Password Type is Wrong "); + "[rampart][shp] Password Type is Wrong "); rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, - "Password Type is Wrong. Should be Digested.", - RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); - + "Password Type is Wrong. Should be Digested.", + RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); + return AXIS2_FAILURE; } } @@ -340,38 +340,38 @@ if(0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI)) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][shp] Password Type is Wrong "); + "[rampart][shp] Password Type is Wrong "); rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, - "Password Type is Wrong. Should be PlainText.", - RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); - + "Password Type is Wrong. Should be PlainText.", + RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); + return AXIS2_FAILURE; } } password = axiom_element_get_text(element, env, node); } - else if (0 == axutil_strcmp(localname, - RAMPART_SECURITY_USERNAMETOKEN_NONCE)) + else if (0 == axutil_strcmp(localname, + RAMPART_SECURITY_USERNAMETOKEN_NONCE)) { nonce = axiom_element_get_text(element, env, node); - rampart_set_security_processed_result(env, msg_ctx, - RAMPART_SPR_UT_NONCE, nonce); + rampart_set_security_processed_result(env, msg_ctx, + RAMPART_SPR_UT_NONCE, nonce); } - else if (0 == axutil_strcmp(localname , - RAMPART_SECURITY_USERNAMETOKEN_CREATED)) + else if (0 == axutil_strcmp(localname , + RAMPART_SECURITY_USERNAMETOKEN_CREATED)) { created = axiom_element_get_text(element, env, node); - rampart_set_security_processed_result(env, - msg_ctx, RAMPART_SPR_UT_CREATED, created); + rampart_set_security_processed_result(env, + msg_ctx, RAMPART_SPR_UT_CREATED, created); } else { - AXIS2_LOG_INFO(env->log, - "\n[rampart][rampart_usernametoken] Unknown element found %s -> %s", - localname, axiom_element_get_text(element, env, node)); + AXIS2_LOG_INFO(env->log, + "\n[rampart][rampart_usernametoken] Unknown element found %s -> %s", + localname, axiom_element_get_text(element, env, node)); } @@ -379,8 +379,8 @@ } else { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Cannot find child elements of Usernametoken"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Cannot find child elements of Usernametoken"); return AXIS2_FAILURE; } @@ -388,14 +388,14 @@ if (!username) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Username is not specified"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Username is not specified"); return AXIS2_FAILURE; } /*Set the username to the SPR*/ - rampart_set_security_processed_result(env, - msg_ctx, RAMPART_SPR_UT_USERNAME, username); + rampart_set_security_processed_result(env, + msg_ctx, RAMPART_SPR_UT_USERNAME, username); ctx = axis2_msg_ctx_get_base(msg_ctx, env); /** @@ -413,24 +413,24 @@ if (0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI)) { authenticate_with_digest = rampart_context_get_auth_digest_function( - rampart_context, env); + rampart_context, env); if(authenticate_with_digest) { - auth_status = authenticate_with_digest(env, - username, nonce, created, password); + auth_status = authenticate_with_digest(env, + username, nonce, created, password); if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] User authenticated"); - rampart_set_security_processed_result(env, - msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] User authenticated"); + rampart_set_security_processed_result(env, + msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES); return AXIS2_SUCCESS; } else { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", - username, auth_status); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", + username, auth_status); return AXIS2_FAILURE; } } @@ -438,7 +438,7 @@ else { - authenticate_with_password = + authenticate_with_password = rampart_context_get_auth_password_function(rampart_context, env); if(authenticate_with_password) { @@ -446,15 +446,15 @@ if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status) { AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated"); - rampart_set_security_processed_result(env, - msg_ctx, RAMPART_SPR_UT_CHECKED, RAMPART_YES); + rampart_set_security_processed_result(env, + msg_ctx, RAMPART_SPR_UT_CHECKED, RAMPART_YES); return AXIS2_SUCCESS; } else { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", - username, auth_status); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", + username, auth_status); return AXIS2_FAILURE; } } @@ -462,22 +462,22 @@ authn_provider = rampart_context_get_authn_provider(rampart_context, env); if(authn_provider) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] Password authentication using AUTH MODULE"); - auth_status = rampart_authenticate_un_pw(env, authn_provider, - username, password, nonce, created, password_type, msg_ctx); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] Password authentication using AUTH MODULE"); + auth_status = rampart_authenticate_un_pw(env, authn_provider, + username, password, nonce, created, password_type, msg_ctx); if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status) { AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated"); - rampart_set_security_processed_result(env, msg_ctx, - RAMPART_SPR_UT_CHECKED, RAMPART_YES); + rampart_set_security_processed_result(env, msg_ctx, + RAMPART_SPR_UT_CHECKED, RAMPART_YES); return AXIS2_SUCCESS; } else { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", - username, auth_status); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", + username, auth_status); return AXIS2_FAILURE; } @@ -488,7 +488,7 @@ /*First we must check the password in rampart_context.*/ password_from_svr = rampart_context_get_password( - rampart_context, env); + rampart_context, env); /*If not then check the call back function*/ if(!password_from_svr) @@ -500,9 +500,9 @@ if(!param) { rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK, - "Error in the Internal configuration.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); + "Error in the Internal configuration.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Error in the pwcb function."); + "[rampart][rampart_usernametoken] Error in the pwcb function."); return AXIS2_FAILURE; } password_from_svr = (*password_function)(env, username, param); @@ -513,22 +513,22 @@ if(!password_callback) { rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK, - "Error in the Internal configuration.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); + "Error in the Internal configuration.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx); AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Password callback module is not specified"); - + "[rampart][rampart_usernametoken] Password callback module is not specified"); + return AXIS2_FAILURE; } - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] Password authentication using CALLBACK MODULE "); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] Password authentication using CALLBACK MODULE "); password_from_svr = rampart_callback_password(env, password_callback, username); } } if (!password_from_svr) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Cannot get the password for user %s", username); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Cannot get the password for user %s", username); return AXIS2_FAILURE; } @@ -536,35 +536,35 @@ if (0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI)) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] Generating digest to compare from the password"); - password_to_compare = rampart_crypto_sha1(env, nonce, - created, password_from_svr); - rampart_set_security_processed_result(env, msg_ctx, - RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_DIGEST_URI); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] Generating digest to compare from the password"); + password_to_compare = rampart_crypto_sha1(env, nonce, + created, password_from_svr); + rampart_set_security_processed_result(env, msg_ctx, + RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_DIGEST_URI); } else { password_to_compare = password_from_svr; - rampart_set_security_processed_result(env, msg_ctx, - RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_TEXT_URI); + rampart_set_security_processed_result(env, msg_ctx, + RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_TEXT_URI); } /*The BIG moment. Compare passwords*/ if (0 == axutil_strcmp(password_to_compare , password)) { - AXIS2_LOG_INFO(env->log, - "[rampart][rampart_usernametoken] Password comparison SUCCESS"); - rampart_set_security_processed_result(env, msg_ctx, - RAMPART_SPR_UT_CHECKED, RAMPART_YES); + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_usernametoken] Password comparison SUCCESS"); + rampart_set_security_processed_result(env, msg_ctx, + RAMPART_SPR_UT_CHECKED, RAMPART_YES); return AXIS2_SUCCESS; } else { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_usernametoken] Password is not valid for user %s", - username); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_usernametoken] Password is not valid for user %s", + username); return AXIS2_FAILURE; } }
Modified: webservices/rampart/trunk/c/src/util/rampart_util.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_util.c?rev=574450&r1=574449&r2=574450&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_util.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_util.c Mon Sep 10 21:41:08 2007 @@ -59,7 +59,7 @@ axutil_param_set_value_free(impl_info_param, env, axutil_dll_desc_free_void_arg); axutil_class_loader_init(env); ptr = axutil_class_loader_create_dll(env, impl_info_param); - + *param = impl_info_param; if (!ptr)
