HPCC-15047 Refactor HTPass into an embedded SecManager plugin

Refactor HTPasswrd security manager to be a true plugin. Add files for
configmanager to gather common plugin artifacts and custom HTPassword
specific

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>

esp/bindings/http/platform/httpbinding.cpp

@@ -187,7 +187,7 @@ EspHttpBinding::EspHttpBinding(IPropertyTree* tree, const char *bindname, const
                 if(proc_cfg.get() != NULL)
                 {
                     Owned<IPropertyTree> secMgrs;
-                    VStringBuffer sm("SecurityManagers/SecurityManager[@name='%s']", m_authmethod.str());
+                    VStringBuffer sm("SecurityManagers/SecurityManager[@name='%s']/HtpasswdSecurityManager", m_authmethod.str());
                     secMgrCfg.setown(proc_cfg->getPropTree(sm.str()));
                 }
 
@@ -237,20 +237,6 @@ EspHttpBinding::EspHttpBinding(IPropertyTree* tree, const char *bindname, const
                         m_secmgr.setown(SecLoader::loadSecManager("Local", "EspHttpBinding", NULL));
                         m_authmap.setown(m_secmgr->createAuthMap(authcfg));
                     }
-                    else if(stricmp(m_authmethod.str(), "htpasswd") == 0)
-                    {
-                        Owned<IPropertyTree> cfg;
-                        if(proc_cfg.get() != NULL)
-                            cfg.setown(proc_cfg->getPropTree("htpasswdSecurity"));
-                        if(cfg == NULL)
-                        {
-                            ERRLOG("can't find htpasswdSecurity in configuration");
-                            throw MakeStringException(-1, "can't find htpasswdSecurity in configuration");
-                        }
-
-                        m_secmgr.setown(SecLoader::loadSecManager("htpasswd", "EspHttpBinding", LINK(cfg)));
-                        m_authmap.setown(m_secmgr->createAuthMap(authcfg));
-                    }
                     IRestartManager* restartManager = dynamic_cast<IRestartManager*>(m_secmgr.get());
                     if(restartManager!=NULL)
                     {

initfiles/componentfiles/configxml/@temp/esp_service.xsl

@@ -215,14 +215,6 @@ xmlns:seisint="http://seisint.com"  xmlns:set="http://exslt.org/sets" exclude-re
                     </xsl:for-each>
                 </Authenticate>
             </xsl:when>
-            <xsl:when test="$authMethod='htpasswd'">
-              <Authenticate method="htpasswd">
-                <xsl:attribute name="htpasswdFile"> <xsl:value-of select="$bindingNode/../Authentication/@htpasswdFile"/> </xsl:attribute>
-                <xsl:for-each select="$bindingNode/Authenticate[@path='/']">
-                    <Location path="/" resource="{@resource}" required="{@access}" description="{@description}"/>
-                </xsl:for-each>
-              </Authenticate>
-            </xsl:when>
         </xsl:choose>
     </xsl:template>
 

initfiles/componentfiles/configxml/@temp/esp_service_WsSMC.xsl

@@ -706,14 +706,6 @@ This is required by its binding with ESP service '<xsl:value-of select="$espServ
             </xsl:if>
          </Authenticate>
       </xsl:when>
-      <xsl:when test="$authMethod='htpasswd'">
-        <Authenticate method="htpasswd">
-          <xsl:attribute name="htpasswdFile"> <xsl:value-of select="$bindingNode/../Authentication/@htpasswdFile"/> </xsl:attribute>
-            <xsl:for-each select="$bindingNode/Authenticate[@path='/']">
-              <Location path="/" resource="{@resource}" required="{@access}" description="{@description}"/>
-             </xsl:for-each>
-        </Authenticate>
-      </xsl:when>
         </xsl:choose>
     </xsl:template>
 

initfiles/componentfiles/configxml/@temp/esp_service_ecldirect.xsl

@@ -128,11 +128,6 @@
             </xsl:for-each>
             </Authenticate>
          </xsl:when>
-        <xsl:when test="$authMethod='htpasswd'">
-          <Authenticate method="htpasswd">
-            <xsl:attribute name="htpasswdFile"> <xsl:value-of select="$bindingNode/../Authentication/@htpasswdFile"/> </xsl:attribute>
-          </Authenticate>
-        </xsl:when>
       </xsl:choose>
     </xsl:template>
 

initfiles/componentfiles/configxml/@temp/esp_service_wsecl.xsl

@@ -231,12 +231,6 @@
             </Authenticate>
          </xsl:when>
 
-         <xsl:when test="$authMethod='htpasswd'">
-           <Authenticate method="htpasswd">
-             <xsl:attribute name="htpasswdFile"> <xsl:value-of select="$bindingNode/../Authentication/@htpasswdFile"/> </xsl:attribute>
-           </Authenticate>
-         </xsl:when>
-      </xsl:choose>
    </xsl:template>
    
 

initfiles/componentfiles/configxml/@temp/esp_service_wslogging.xsl

@@ -156,11 +156,6 @@ xmlns:seisint="http://seisint.com"  xmlns:set="http://exslt.org/sets" exclude-re
             </xsl:for-each>
             </Authenticate>
          </xsl:when>
-        <xsl:when test="$authMethod='htpasswd'">
-          <Authenticate method="htpasswd">
-            <xsl:attribute name="htpasswdFile"> <xsl:value-of select="$bindingNode/../Authentication/@htpasswdFile"/> </xsl:attribute>
-          </Authenticate>
-        </xsl:when>
       </xsl:choose>
     </xsl:template>
 

initfiles/componentfiles/configxml/esp.xsd.in

@@ -276,18 +276,10 @@
                                     <xs:enumeration value="local"/>
                                     <xs:enumeration value="ldap"/>
                                     <xs:enumeration value="ldaps"/>
-                                    <xs:enumeration value="htpasswd"/>
                                     <xs:enumeration value="secmgrPlugin"/>
                                 </xs:restriction>
                             </xs:simpleType>
                         </xs:attribute>
-                        <xs:attribute name="htpasswdFile" type="xs:string" use="optional" default="/etc/HPCCSystems/.htpasswd">
-                            <xs:annotation>
-                                <xs:appinfo>
-                                    <tooltip>The location of the file to use for htpasswd authentication.</tooltip>
-                                </xs:appinfo>
-                            </xs:annotation>
-                        </xs:attribute>
                         <xs:attribute name="ldapServer" type="ldapServerType" use="optional">
                             <xs:annotation>
                                 <xs:appinfo>

initfiles/componentfiles/configxml/esp.xsl

@@ -94,12 +94,6 @@
                         <xsl:with-param name="localDomain" select="/Environment/Hardware/Computer[@name=$computerName]/@domain"/>
                     </xsl:call-template>
                 </xsl:if>
-                 <xsl:if test="@method='htpasswd'">
-                    <xsl:call-template name="dohtpasswdSecurity">
-                        <xsl:with-param name="method" select="@method"/>
-                        <xsl:with-param name="htpasswdFile" select="@htpasswdFile"/>
-                    </xsl:call-template>
-                </xsl:if>
             </xsl:for-each>
 
             <xsl:if test="./Authentication/@method='secmgrPlugin'">

system/security/CMakeLists.txt

@@ -25,5 +25,5 @@ if (USE_ZLIB)
 endif()
 
 IF (USE_APR)
-  HPCC_ADD_SUBDIRECTORY (htpasswdSecurity)
+  HPCC_ADD_SUBDIRECTORY (plugins/htpasswdSecurity)
 ENDIF(USE_APR)

system/security/htpasswdSecurity/CMakeLists.txt

@@ -24,18 +24,20 @@
 
 project( htpasswdSecurity )
 
+HPCC_ADD_SUBDIRECTORY (initfiles)
+
 set (    SRCS
-         ../shared/authmap.cpp
-         ../shared/caching.cpp
-         ./htpasswdSecurity.cpp
+         ${HPCC_SOURCE_DIR}/system/security/shared/authmap.cpp
+         ${HPCC_SOURCE_DIR}/system/security/shared/caching.cpp
+         ${CMAKE_CURRENT_SOURCE_DIR}/htpasswdSecurity.cpp
     )
 
 include_directories (
-         ./../../include
-         ./../shared
-         ./../../jlib
-         ./../../../esp/platform
-         ./../../../dali/base
+         ${HPCC_SOURCE_DIR}/system/include
+         ${HPCC_SOURCE_DIR}/system/security/shared
+         ${HPCC_SOURCE_DIR}/system/jlib
+         ${HPCC_SOURCE_DIR}/esp/platform
+         ${HPCC_SOURCE_DIR}/dali/base
          ${APR_INCLUDE_DIR}
          ${APRUTIL_INCLUDE_DIR}
     )

system/security/htpasswdSecurity/htpasswdSecurity.cpp

@@ -25,11 +25,13 @@
 class CHtpasswdSecurityManager : public CBaseSecurityManager
 {
 public:
-    CHtpasswdSecurityManager(const char *serviceName, IPropertyTree *authconfig) : CBaseSecurityManager(serviceName, (IPropertyTree *)NULL)
+    CHtpasswdSecurityManager(const char *serviceName, IPropertyTree *secMgrCfg, IPropertyTree *authconfig) : CBaseSecurityManager(serviceName, (IPropertyTree *)NULL)
 	{
-		if (authconfig)
-			authconfig->getProp("@htpasswdFile", pwFile);
-		apr_initialized = false;
+        if (secMgrCfg)
+            pwFile.set(secMgrCfg->queryProp("@htpasswdFile"));
+        if(pwFile.isEmpty())
+            throw MakeStringException(-1, "htpasswdFile not found in configuration");
+        apr_initialized = false;
 	}
 
 	~CHtpasswdSecurityManager()
@@ -242,9 +244,10 @@ private:
 
 extern "C"
 {
-    HTPASSWDSECURITY_API ISecManager * newHtpasswdSecManager(const char *serviceName, IPropertyTree &config)
+    HTPASSWDSECURITY_API ISecManager * createInstance(const char *serviceName, IPropertyTree &secMgrCfg, IPropertyTree &authCfg)
     {
-        return new CHtpasswdSecurityManager(serviceName, &config);
+        return new CHtpasswdSecurityManager(serviceName, &secMgrCfg, &authCfg);
     }
+
 }
 

system/security/htpasswdSecurity/htpasswdSecurity.hpp

@@ -34,7 +34,7 @@
 
 extern "C" 
 {
-    HTPASSWDSECURITY_API ISecManager * newHtpasswdSecManager(const char *serviceName, IPropertyTree &config);
+    HTPASSWDSECURITY_API ISecManager * createInstance(const char *serviceName, IPropertyTree &secMgrCfg, IPropertyTree &authCfg);
 }
 
 #endif // HTPASSWDSECURITY_HPP_

system/security/plugins/htpasswdSecurity/initfiles/CMakeLists.txt

@@ -0,0 +1,20 @@
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2014 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+
+cmake_minimum_required(VERSION 2.8)
+PROJECT(initfiles)
+
+ADD_SUBDIRECTORY(componentfiles)

system/security/plugins/htpasswdSecurity/initfiles/componentfiles/CMakeLists.txt

@@ -0,0 +1,17 @@
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2014 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+
+ADD_SUBDIRECTORY(configxml)

system/security/plugins/htpasswdSecurity/initfiles/componentfiles/configxml/CMakeLists.txt

@@ -0,0 +1,19 @@
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2014 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+
+Install ( FILES "${CMAKE_CURRENT_SOURCE_DIR}/htpasswd_secmgr.xsd"  DESTINATION "componentfiles/configxml" COMPONENT Runtime)
+Install ( FILES "${CMAKE_CURRENT_SOURCE_DIR}/buildset.xml"         DESTINATION "componentfiles/configxml/plugins/htpasswd_secmgr" COMPONENT Runtime)
+Install ( FILES "${CMAKE_CURRENT_SOURCE_DIR}/genenvrules.conf"     DESTINATION "componentfiles/configxml/plugins/htpasswd_secmgr" COMPONENT Runtime)

system/security/plugins/htpasswdSecurity/initfiles/componentfiles/configxml/buildset.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2014 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+-->
+<Environment>
+  <Programs>
+    <Build name="_" url="/opt/HPCCSystems">
+      <BuildSet deployable="no"
+                installSet="deploy_map.xml"
+                name="htpasswdsecmgr"
+                path="componentfiles/htpasswdsecmgr"
+                processName="HtpasswdSecurityManager"
+                schema="htpasswd_secmgr.xsd">
+      </BuildSet>
+    </Build>
+  </Programs>
+</Environment>
+ 

system/security/plugins/htpasswdSecurity/initfiles/componentfiles/configxml/genenvrules.conf

@@ -0,0 +1 @@
+do_not_generate=htpasswdsecmgr

system/security/plugins/htpasswdSecurity/initfiles/componentfiles/configxml/htpasswd_secmgr.xsd

@@ -0,0 +1,71 @@
+<!--
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2016 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+-->
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
+  <xs:element name="HtpasswdSecMgr">
+    <xs:complexType>
+
+      <xs:attribute name="htpasswdFile" type="xs:string" use="required">
+        <xs:annotation>
+          <xs:appinfo>
+            <tooltip>The fully qualified HTPASSWD filespec</tooltip>
+          </xs:appinfo>
+        </xs:annotation>
+      </xs:attribute>
+
+      <!-- All SecurityManager Plugins must define the type="SecurityManager" attribute -->
+      <xs:attribute name="type" type="SecurityManager" use="required" default="SecurityManager">
+        <xs:annotation>
+          <xs:appinfo>
+            <viewType>hidden</viewType>
+          </xs:appinfo>
+        </xs:annotation>
+      </xs:attribute>
+
+      <!-- All SecurityManager Plugins must define the libName attribute -->
+      <xs:attribute name="libName" type="xs:string" use="optional" default="libhtpasswdSecurity.so">
+        <xs:annotation>
+          <xs:appinfo>
+            <tooltip>The Security Manager library name (.so) and optional path</tooltip>
+          </xs:appinfo>
+        </xs:annotation>
+      </xs:attribute>
+
+      <!-- All SecurityManager Plugins must define the instanceFactoryName attribute -->
+      <xs:attribute name="instanceFactoryName" type="xs:string" use="optional" default="createInstance">
+        <xs:annotation>
+          <xs:appinfo>
+            <tooltip>Class Factory method name in the Security Manager library (.so)</tooltip>
+          </xs:appinfo>
+        </xs:annotation>
+      </xs:attribute>
+
+      <!-- All SecurityManager Plugins must define the (instance) name attribute -->
+      <xs:attribute name="name" type="xs:string" use="required">
+        <xs:annotation>
+          <xs:appinfo>
+            <tooltip>Name for this htpasswd Security Manager instance</tooltip>
+            <required>true</required>
+          </xs:appinfo>
+        </xs:annotation>
+      </xs:attribute>
+
+    </xs:complexType>
+  </xs:element>
+</xs:schema>

system/security/shared/seclib.hpp

@@ -36,7 +36,6 @@
 
 #define SECLIB "seclib"
 #define LDAPSECLIB "LdapSecurity"
-#define HTPASSWDSECLIB "htpasswdSecurity"
 
 enum NewSecAccessFlags
 {

system/security/shared/secloader.hpp

@@ -92,21 +92,6 @@ public:
             else
                 throw MakeStringException(-1, "procedure newLdapSecManager of %s can't be loaded", realName.str());
         }
-        else if(stricmp(model_name, "htpasswd") == 0)
-        {
-            realName.append(SharedObjectPrefix).append(HTPASSWDSECLIB).append(SharedObjectExtension);
-            HINSTANCE htpasswdseclib = LoadSharedObject(realName.str(), true, false);
-            if(htpasswdseclib == NULL)
-                throw MakeStringException(-1, "can't load library %s", realName.str());
-
-            newSecManager_t_ xproc = NULL;
-            xproc = (newSecManager_t_)GetSharedProcedure(htpasswdseclib, "newHtpasswdSecManager");
-
-            if (xproc)
-                return xproc(servicename, *cfg);
-            else
-                throw MakeStringException(-1, "procedure newHtpasswdSecManager of %s can't be loaded", realName.str());
-        }
         else
             throw MakeStringException(-1, "Security model %s not supported", model_name);
     }