ldapsecuritytest.cpp 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403
  1. /*##############################################################################
  2. HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems®.
  3. Licensed under the Apache License, Version 2.0 (the "License");
  4. you may not use this file except in compliance with the License.
  5. You may obtain a copy of the License at
  6. http://www.apache.org/licenses/LICENSE-2.0
  7. Unless required by applicable law or agreed to in writing, software
  8. distributed under the License is distributed on an "AS IS" BASIS,
  9. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  10. See the License for the specific language governing permissions and
  11. limitations under the License.
  12. ############################################################################## */
  13. #include <stdlib.h>
  14. #include <stdio.h>
  15. #include "seclib.hpp"
  16. #include "ldapsecurity.hpp"
  17. #include "jliball.hpp"
  18. #include "thirdparty.h"
  19. #include <set>
  20. #include <string.h>
  21. #ifdef _WIN32
  22. #include <conio.h>
  23. #else
  24. #include <unistd.h>
  25. #endif
  26. Mutex m_mutex;
  27. void usage()
  28. {
  29. printf("usage: ldapsecuritytest -ac|-au|-ar|-cp -c configfile [-u <username>] [-p <password>] [-r <resource>] [-t <resourcetype>] [-np <newpassword>] [-fn <firstname>] [-ln lastname]\n");
  30. printf("-ca: check access\n");
  31. printf("-au: add user\n");
  32. printf("-ar: add resource\n");
  33. printf("-cp: change password\n");
  34. printf("-t <resourcetype>: resource type can be one of the following values - \n");
  35. printf(" resource, module, filescope, workunit\n");
  36. printf(" default is resource\n");
  37. }
  38. void inputpassword(const char* prompt, StringBuffer& passwd)
  39. {
  40. passwd.clear();
  41. #ifdef _WIN32
  42. printf("%s", prompt);
  43. char input=0;
  44. short num_entries=0;
  45. while (0x0d != (input = (char)getch()))
  46. {
  47. if (input == '\b')
  48. {
  49. printf("\b \b");
  50. if (num_entries)
  51. {
  52. num_entries--;
  53. }
  54. continue;
  55. }
  56. passwd.append(input);
  57. num_entries++;
  58. printf("*");
  59. }
  60. printf("\n");
  61. #else
  62. const char* pass = getpass(prompt);
  63. passwd.append(pass);
  64. #endif
  65. }
  66. void getpassword(const char* prompt, StringBuffer& passwd, bool verify = true)
  67. {
  68. passwd.clear();
  69. StringBuffer passwd1, passwd2;
  70. int tries = 0;
  71. while(1)
  72. {
  73. if(tries++ >= 3)
  74. {
  75. exit(-1);
  76. }
  77. inputpassword(prompt, passwd1);
  78. if(!verify)
  79. break;
  80. inputpassword("Verifying password, retype: ", passwd2);
  81. if(passwd1.length() < 4)
  82. {
  83. printf("password too short, should be 4 characters or longer\n");
  84. }
  85. else if(strcmp(passwd1.str(), passwd2.str()) != 0)
  86. {
  87. printf("passwords don't match.\n");
  88. }
  89. else
  90. break;
  91. }
  92. passwd.append(passwd1.str());
  93. }
  94. class CPermissionCheckThread : public Thread
  95. {
  96. ISecManager* m_secmgr;
  97. StringAttr m_user, m_passwd, m_resource;
  98. SecResourceType m_rtype;
  99. int m_rounds;
  100. public:
  101. IMPLEMENT_IINTERFACE;
  102. CPermissionCheckThread(ISecManager* secmgr, const char* user, const char* passwd, const char* r, SecResourceType rtype, int rounds)
  103. {
  104. m_secmgr = secmgr;
  105. m_user.set(user);
  106. m_passwd.set(passwd);
  107. m_resource.set(r);
  108. m_rtype = rtype;
  109. m_rounds = rounds;
  110. }
  111. virtual int run()
  112. {
  113. int access = 0;
  114. int total = 0, mint = -1, maxt = 0;
  115. for(int i = 0; i < m_rounds; i++)
  116. {
  117. time_t start, stop;
  118. time(&start);
  119. {
  120. //synchronized block(m_mutex);
  121. Owned<ISecUser> usr = m_secmgr->createUser(m_user.get());
  122. usr->credentials().setPassword(m_passwd.get());
  123. //access = m_secmgr->authorizeFileScope(*usr, m_resource.get());
  124. access = m_secmgr->authorizeEx(m_rtype, *usr, m_resource.get());
  125. }
  126. time(&stop);
  127. int span = (int)(stop - start);
  128. total += span;
  129. if(mint == -1 || mint > span)
  130. mint = span;
  131. if(maxt < span)
  132. maxt = span;
  133. if((i+1)%100 == 0)
  134. DBGLOG("Finished %d times\n", i+1);
  135. }
  136. DBGLOG("Permission: %d, min: %d, max: %d, average:%f", access, mint, maxt, total*1.0/m_rounds);
  137. return 0;
  138. }
  139. };
  140. int main(int argc, char* argv[])
  141. {
  142. if(argc < 2)
  143. {
  144. usage();
  145. return -1;
  146. }
  147. InitModuleObjects();
  148. const char *action = NULL, *configfile = NULL, *username = NULL, *passwd = NULL,
  149. *resource = NULL, *resourcetype = NULL, *newpasswd = NULL, *firstname = NULL, *lastname=NULL;
  150. bool stress = false;
  151. int numthrds = 0;
  152. int numrounds = 0;
  153. int numfiles = 0;
  154. int i = 1;
  155. while(i<argc)
  156. {
  157. if (stricmp(argv[i], "-ac")==0 || stricmp(argv[i], "-au") == 0 || stricmp(argv[i], "-ar") == 0|| stricmp(argv[i], "-cp") == 0)
  158. {
  159. action = argv[i++];
  160. }
  161. else if (stricmp(argv[i], "-c")==0)
  162. {
  163. i++;
  164. configfile = argv[i++];
  165. }
  166. else if (stricmp(argv[i],"-u")==0)
  167. {
  168. i++;
  169. username = argv[i++];
  170. }
  171. else if (stricmp(argv[i], "-p")==0)
  172. {
  173. i++;
  174. passwd = argv[i++];
  175. }
  176. else if (stricmp(argv[i], "-r")==0)
  177. {
  178. i++;
  179. resource = argv[i++];
  180. }
  181. else if (stricmp(argv[i], "-t") == 0)
  182. {
  183. i++;
  184. resourcetype = argv[i++];
  185. }
  186. else if (stricmp(argv[i], "-np") == 0)
  187. {
  188. i++;
  189. newpasswd = argv[i++];
  190. }
  191. else if (stricmp(argv[i], "-fn") == 0)
  192. {
  193. i++;
  194. firstname = argv[i++];
  195. }
  196. else if (stricmp(argv[i], "-ln") == 0)
  197. {
  198. i++;
  199. lastname = argv[i++];
  200. }
  201. else if (stricmp(argv[i], "-stress") == 0)
  202. {
  203. stress = true;
  204. i++;
  205. numthrds = atoi(argv[i++]);
  206. numrounds = atoi(argv[i++]);
  207. }
  208. else if (stricmp(argv[i], "-open") == 0)
  209. {
  210. i++;
  211. numfiles = atoi(argv[i++]);
  212. }
  213. else
  214. {
  215. printf("Error: command format error\n");
  216. usage();
  217. return -1;
  218. }
  219. }
  220. if(configfile == NULL || *configfile == '\0')
  221. {
  222. printf("You have to specify the config file");
  223. return -1;
  224. }
  225. try
  226. {
  227. Owned<IPropertyTree> cfg = createPTreeFromXMLFile(configfile);
  228. Owned<IPropertyTree> seccfg = cfg->getPropTree(".//ldapSecurity");
  229. if(seccfg == NULL)
  230. {
  231. printf("ldapSecurity not found\n");
  232. return -1;
  233. }
  234. #ifdef _NO_LDAP
  235. printf("System was built with _NO_LDAP\n");
  236. return -1;
  237. #else
  238. Owned<ISecManager> secmgr = newLdapSecManager("test", *LINK(seccfg));
  239. if(secmgr == NULL)
  240. {
  241. printf("security manager can't be created\n");
  242. return -1;
  243. }
  244. if(action == NULL || stricmp(action, "-ac") == 0)
  245. {
  246. if(username == NULL || *username == '\0')
  247. {
  248. printf("missing username\n");
  249. return -1;
  250. }
  251. if(resource == NULL || *resource == '\0')
  252. {
  253. printf("missing resource\n");
  254. return -1;
  255. }
  256. SecResourceType rtype = RT_DEFAULT;
  257. if((resourcetype != NULL) && (stricmp(resourcetype, "filescope") == 0))
  258. rtype = RT_FILE_SCOPE;
  259. else if((resourcetype != NULL) && (stricmp(resourcetype, "workunit") == 0))
  260. rtype = RT_WORKUNIT_SCOPE;
  261. StringBuffer passbuf;
  262. if(passwd == NULL || *passwd == '\0')
  263. {
  264. getpassword("Enter password: ", passbuf, false);
  265. passwd = passbuf.str();
  266. }
  267. if(!stress)
  268. {
  269. Owned<ISecUser> usr = secmgr->createUser(username);
  270. usr->credentials().setPassword(passwd);
  271. int access = secmgr->authorizeEx(rtype, *usr, resource);
  272. printf("%s's permission = %d \n", resource, access);
  273. }
  274. else
  275. {
  276. CPermissionCheckThread** thrds = new CPermissionCheckThread*[numthrds];
  277. for(int i = 0; i < numthrds; i++)
  278. thrds[i] = new CPermissionCheckThread(secmgr, username, passwd, resource, rtype, numrounds);
  279. for(int j = 0; j < numthrds; j++)
  280. thrds[j]->start();
  281. for(int k = 0; k < numthrds; k++)
  282. thrds[k]->join();
  283. }
  284. }
  285. else if(stricmp(action, "-au") == 0)
  286. {
  287. if(username == NULL || *username == '\0')
  288. {
  289. printf("missing username\n");
  290. return -1;
  291. }
  292. Owned<ISecUser> usr = secmgr->createUser(username);
  293. if(firstname != NULL)
  294. usr->setFirstName(firstname);
  295. if(lastname != NULL)
  296. usr->setLastName(lastname);
  297. usr->credentials().setPassword(passwd);
  298. bool ok = usr?secmgr->addUser(*usr):false;
  299. if(ok)
  300. printf("user %s added\n", username);
  301. else
  302. printf("user %s not added\n", username);
  303. }
  304. else if(stricmp(action, "-ar") == 0)
  305. {
  306. if(resource == NULL || *resource == '\0')
  307. {
  308. printf("missing resource\n");
  309. return -1;
  310. }
  311. SecResourceType rtype = RT_DEFAULT;
  312. if((resourcetype != NULL) && (stricmp(resourcetype, "filescope") == 0))
  313. rtype = RT_FILE_SCOPE;
  314. else if((resourcetype != NULL) && (stricmp(resourcetype, "workunit") == 0))
  315. rtype = RT_WORKUNIT_SCOPE;
  316. Owned<ISecUser> usr;
  317. if(username != NULL && *username != '\0')
  318. usr.setown(secmgr->createUser(username));
  319. bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_ADMINISTRATORS_ONLY, NULL);
  320. if(!ok)
  321. printf("resource not added\n");
  322. else
  323. printf("resource %s added\n", resource);
  324. }
  325. else if(stricmp(action, "-cp") == 0)
  326. {
  327. if(username == NULL || *username == '\0')
  328. {
  329. printf("missing username\n");
  330. return -1;
  331. }
  332. StringBuffer passbuf, newpassbuf;
  333. if(passwd == NULL || *passwd == '\0')
  334. {
  335. getpassword("Enter password: ", passbuf, false);
  336. passwd = passbuf.str();
  337. }
  338. if(newpasswd == NULL || *newpasswd == '\0')
  339. {
  340. getpassword("\nEnter new password: ", newpassbuf, true);
  341. newpasswd = newpassbuf.str();
  342. }
  343. Owned<ISecUser> usr = secmgr->createUser(username);
  344. usr->credentials().setPassword(passwd);
  345. bool ok = secmgr->updateUserPassword(*usr, newpasswd);
  346. if(ok)
  347. printf("user password changed\n");
  348. else
  349. printf("user password not changed\n");
  350. }
  351. #endif
  352. }
  353. catch(IException* e)
  354. {
  355. StringBuffer errmsg;
  356. e->errorMessage(errmsg);
  357. printf("%s\n", errmsg.str());
  358. }
  359. catch(...)
  360. {
  361. printf("Unknown exception\n");
  362. }
  363. releaseAtoms();
  364. return 0;
  365. }