Merge remote-tracking branch 'origin/closedown-4.0.x'

Signed-off-by: Richard Chapman <rchapman@hpccsystems.com>

dali/base/dacoven.cpp

@@ -37,7 +37,7 @@ extern void closedownDFS();
 // base is saved in store whenever block exhausted, so replacement coven servers can restart 
 
 // server side versioning.
-#define ServerVersion    "3.9"
+#define ServerVersion    "3.10"
 #define MinClientVersion "1.5"
 
 
@@ -327,7 +327,6 @@ public:
         if (comm)
             comm->cancel(srcrank,tag);
     }
-
 };
 
 

dali/base/dacoven.hpp

@@ -50,7 +50,6 @@ interface ICoven: extends ICommunicator // ICoven can be used to communicate wit
     virtual rank_t          chooseServer(DALI_UID uid, int tag=0)=0;    // choose a server deterministically based on UID and tag
 
     inline ICommunicator &queryComm() { return *this; }
-
 };
 
 class da_decl CDaliVersion

dali/base/dasess.cpp

@@ -85,6 +85,8 @@ interface ISessionManagerServer: implements IConnectionMonitor
     virtual void start() = 0;
     virtual void ready() = 0;
     virtual void stop() = 0;
+    virtual bool queryScopeScansEnabled(IUserDescriptor *udesc, int * err, StringBuffer &retMsg) = 0;
+    virtual bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err, StringBuffer &retMsg) = 0;
 };
 
 
@@ -366,7 +368,53 @@ enum MSessionRequestKind {
     MSR_IMPORT_CAPABILITIES,
     MSR_LOOKUP_LDAP_PERMISSIONS,
     MSR_CLEAR_PERMISSIONS_CACHE,
-    MSR_EXIT // TBD
+    MSR_EXIT, // TBD
+    MSR_QUERY_SCOPE_SCANS_ENABLED,
+    MSR_ENABLE_SCOPE_SCANS
+};
+
+class CQueryScopeScansEnabledReq : implements IMessageWrapper
+{
+public:
+    bool enabled;
+    Linked<IUserDescriptor> udesc;
+
+    CQueryScopeScansEnabledReq(IUserDescriptor *_udesc) : udesc(_udesc) {}
+    CQueryScopeScansEnabledReq() {}
+
+    void serializeReq(CMessageBuffer &mb)
+    {
+        mb.append(MSR_QUERY_SCOPE_SCANS_ENABLED);
+        udesc->serialize(mb);
+    }
+
+    void deserializeReq(CMessageBuffer &mb)
+    {
+        udesc.setown(createUserDescriptor(mb));
+    }
+};
+
+class CEnableScopeScansReq : implements IMessageWrapper
+{
+public:
+    bool doEnable;
+    Linked<IUserDescriptor> udesc;
+
+    CEnableScopeScansReq(IUserDescriptor *_udesc, bool _doEnable) : udesc(_udesc), doEnable(_doEnable) {}
+    CEnableScopeScansReq() {}
+
+    void serializeReq(CMessageBuffer &mb)
+    {
+        mb.append(MSR_ENABLE_SCOPE_SCANS);
+        udesc->serialize(mb);
+        mb.append(doEnable);
+    }
+
+    void deserializeReq(CMessageBuffer &mb)
+    {
+        udesc.setown(createUserDescriptor(mb));
+        mb.read(doEnable);
+    }
 };
 
 class CSessionRequestServer: public Thread
@@ -537,6 +585,41 @@ public:
                 coven.reply(mb);
             }
             break;
+        case MSR_QUERY_SCOPE_SCANS_ENABLED:{
+                CQueryScopeScansEnabledReq req;
+                req.deserializeReq(mb);
+                int err;
+                StringBuffer retMsg;
+                bool enabled = manager.queryScopeScansEnabled(req.udesc, &err, retMsg);
+                mb.clear().append(err);
+                mb.append(enabled);
+                mb.append(retMsg.str());
+                if (err != 0 || retMsg.length())
+                {
+                    StringBuffer user;
+                    req.udesc->getUserName(user);
+                    DBGLOG("Error %d querying scope scan status for %s : %s", err, user.str(), retMsg.str());
+                }
+                coven.reply(mb);
+            }
+            break;
+        case MSR_ENABLE_SCOPE_SCANS:{
+                CEnableScopeScansReq req;
+                req.deserializeReq(mb);
+                int err;
+                StringBuffer retMsg;
+                bool ok = manager.enableScopeScans(req.udesc, req.doEnable, &err, retMsg);
+                mb.clear().append(err);
+                mb.append(retMsg.str());
+                if (err != 0 || retMsg.length())
+                {
+                    StringBuffer user;
+                    req.udesc->getUserName(user);
+                    DBGLOG("Error %d %sing Scope Scan Status for %s: %s", err, req.doEnable?"Enabl":"Disabl", user.str(), retMsg.str());
+                }
+                coven.reply(mb);
+            }
+            break;
         }
     }
 
@@ -823,6 +906,89 @@ public:
         udesc->serialize(mb);
         return queryCoven().sendRecv(mb,RANK_RANDOM,MPTAG_DALI_SESSION_REQUEST,SESSIONREPLYTIMEOUT);
     }
+
+    bool queryScopeScansEnabled(IUserDescriptor *udesc, int * err, StringBuffer &retMsg)
+    {
+        if (queryDaliServerVersion().compare("3.10") < 0)
+        {
+            *err = -1;
+            StringBuffer ver;
+            queryDaliServerVersion().toString(ver);
+            retMsg.appendf("Scope Scan status feature requires Dali V3.10 or newer, current Dali version %s",ver.str());
+            return false;
+        }
+        if (securitydisabled)
+        {
+            *err = -1;
+            retMsg.append("Security not enabled");
+            return false;
+        }
+        if (queryDaliServerVersion().compare("1.8") < 0) {
+            *err = -1;
+            retMsg.append("Security not enabled");
+            securitydisabled = true;
+            return false;
+        }
+        CMessageBuffer mb;
+        CQueryScopeScansEnabledReq req(udesc);
+        req.serializeReq(mb);
+        if (!queryCoven().sendRecv(mb,RANK_RANDOM,MPTAG_DALI_SESSION_REQUEST,SESSIONREPLYTIMEOUT))
+        {
+            *err = -1;
+            retMsg.append("DALI Send/Recv error");
+            return false;
+        }
+        int rc;
+        bool enabled;
+        mb.read(rc).read(enabled).read(retMsg);
+        *err = rc;
+        return enabled;
+    }
+
+    bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err, StringBuffer &retMsg)
+    {
+        if (queryDaliServerVersion().compare("3.10") < 0)
+        {
+            *err = -1;
+            StringBuffer ver;
+            queryDaliServerVersion().toString(ver);
+            retMsg.appendf("Scope Scan enable/disable feature requires Dali V3.10 or newer, current Dali version %s",ver.str());
+            return false;
+        }
+
+        if (securitydisabled)
+        {
+            *err = -1;
+            retMsg.append("Security not enabled");
+            return false;
+        }
+        if (queryDaliServerVersion().compare("1.8") < 0) {
+            *err = -1;
+            retMsg.append("Security not enabled");
+            securitydisabled = true;
+            return false;
+        }
+        CMessageBuffer mb;
+        CEnableScopeScansReq req(udesc,enable);
+        req.serializeReq(mb);
+        if (!queryCoven().sendRecv(mb,RANK_RANDOM,MPTAG_DALI_SESSION_REQUEST,SESSIONREPLYTIMEOUT))
+        {
+            *err = -1;
+            retMsg.append("DALI Send/Recv error");
+            return false;
+        }
+        int rc;
+        mb.read(rc).read(retMsg);
+        *err = rc;
+        if (rc == 0)
+        {
+            StringBuffer user;
+            udesc->getUserName(user);
+            DBGLOG("Scope Scans %sabled by %s",enable ? "En" : "Dis", user.str());
+        }
+        return rc == 0;
+    }
+
     bool checkScopeScansLDAP()
     {
         assertex(!"checkScopeScansLDAP called on client");
@@ -1299,6 +1465,37 @@ public:
 #endif
         return ok;
     }
+
+    virtual bool queryScopeScansEnabled(IUserDescriptor *udesc, int * err, StringBuffer &retMsg)
+    {
+#ifdef _NO_LDAP
+        *err = -1;
+        retMsg.append("LDAP not enabled");
+        return false;
+#else
+        *err = 0;
+        return checkScopeScansLDAP();
+#endif
+    }
+
+    virtual bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err, StringBuffer &retMsg)
+    {
+#ifdef _NO_LDAP
+        *err = -1;
+        retMsg.append("LDAP not supporteded");
+        return false;
+#else
+        if (!ldapconn)
+        {
+            *err = -1;
+            retMsg.append("LDAP not connected");
+            return false;
+        }
+
+        return ldapconn->enableScopeScans(udesc, enable, err);
+#endif
+    }
+
     virtual bool checkScopeScansLDAP()
     {
 #ifdef _NO_LDAP
@@ -1756,7 +1953,12 @@ IUserDescriptor *createUserDescriptor()
     return new CUserDescriptor;
 }
 
-
+IUserDescriptor *createUserDescriptor(MemoryBuffer &mb)
+{
+    IUserDescriptor * udesc = createUserDescriptor();
+    udesc->deserialize(mb);
+    return udesc;
+}
 
 MODULE_INIT(INIT_PRIORITY_DALI_DASESS)
 {

dali/base/dasess.hpp

@@ -78,6 +78,7 @@ interface IUserDescriptor: extends serializable
 };
 
 extern da_decl IUserDescriptor *createUserDescriptor();
+extern da_decl IUserDescriptor *createUserDescriptor(MemoryBuffer &mb);
 
 const static IUserDescriptor * unknownUser = NULL;//use of this should be avoided
 #define UNKNOWN_USER (IUserDescriptor*)unknownUser
@@ -111,7 +112,8 @@ interface ISessionManager: extends IInterface
     virtual unsigned getLDAPflags()=0;
     virtual void setLDAPflags(unsigned flags)=0;
     virtual bool clearPermissionsCache(IUserDescriptor *udesc)=0;
-
+    virtual bool queryScopeScansEnabled(IUserDescriptor *udesc, int * err, StringBuffer &retMsg)=0;
+    virtual bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err, StringBuffer &retMsg)=0;
 };
 
 // the following are getPermissionsLDAP input flags for audit reporting
@@ -127,7 +129,12 @@ extern da_decl ISessionManager &querySessionManager();
 
 #define myProcessSession() (querySessionManager().lookupProcessSession())
 
-
+interface IMessageWrapper
+{
+public:
+    virtual void serializeReq(CMessageBuffer &mb) = 0;
+    virtual void deserializeReq(CMessageBuffer &mb) = 0;
+};
 
 // for server use
 interface IDaliServer;

dali/server/daldap.cpp

@@ -187,6 +187,37 @@ public:
         user->credentials().setPassword(password);
         return ldapsecurity->clearPermissionsCache(*user);
     }
+
+    bool enableScopeScans(IUserDescriptor *udesc, bool enable, int * err)
+    {
+        bool superUser;
+        StringBuffer username;
+        StringBuffer password;
+        udesc->getUserName(username);
+        udesc->getPassword(password);
+        Owned<ISecUser> user = ldapsecurity->createUser(username);
+        user->credentials().setPassword(password);
+        if (!ldapsecurity->authenticateUser(*user,superUser) || !superUser)
+        {
+            *err = -1;
+            return false;
+        }
+        unsigned flags = getLDAPflags();
+        if (enable)
+        {
+            DBGLOG("Scope Scans Enabled by user %s",username.str());
+            flags |= (unsigned)DLF_SCOPESCANS;
+        }
+        else
+        {
+            DBGLOG("Scope Scans Disabled by user %s",username.str());
+            flags &= ~(unsigned)DLF_SCOPESCANS;
+        }
+        setLDAPflags(flags);
+        *err = 0;
+        return true;
+    }
+
     bool checkScopeScans()
     {
         return (ldapflags&DLF_SCOPESCANS)!=0;

dali/server/daldap.hpp

@@ -31,6 +31,7 @@ interface IDaliLdapConnection: extends IInterface
     virtual unsigned getLDAPflags() = 0;
     virtual void setLDAPflags(unsigned flags) = 0;
     virtual bool clearPermissionsCache(IUserDescriptor *udesc) = 0;
+    virtual bool enableScopeScans(IUserDescriptor *udesc, bool enable, int *err) = 0;
 };
 
 extern IDaliLdapConnection *createDaliLdapConnection(IPropertyTree *proptree);

docs/HPCCClientTools/CT_Mods/CT_ECL_CLI.xml

@@ -303,6 +303,13 @@ ecl deploy --target=roxie --name=FindPersonService libW20120224-125557.so
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -538,6 +545,13 @@ ecl publish --target=roxie --name=FindPersonService --no-activate findperson.ecl
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -663,6 +677,13 @@ ecl unpublish roxie "FindpersonService*"
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -810,6 +831,13 @@ ecl run --target=thor --input="&lt;request&gt;&lt;LName&gt;JONES&lt;/LName&gt;&l
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -947,6 +975,13 @@ ecl run --target=thor --input="&lt;request&gt;&lt;LName&gt;JONES&lt;/LName&gt;&l
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1030,6 +1065,13 @@ ecl run --target=thor --input="&lt;request&gt;&lt;LName&gt;JONES&lt;/LName&gt;&l
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1162,6 +1204,13 @@ ecl queries list roxie --target=roxie --show=A </programlisting>
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1319,6 +1368,13 @@ ecl queries copy //192.168.1.10:8010/thor/findperson thor
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1442,6 +1498,13 @@ ecl queries copy //192.168.1.10:8010/thor/findperson thor
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1563,6 +1626,13 @@ ecl packagemap add roxie mypackagemap.pkg --daliip=192.168.11.11
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1638,6 +1708,13 @@ ecl packagemap add roxie mypackagemap.pkg --daliip=192.168.11.11
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1721,6 +1798,13 @@ ecl packagemap add roxie mypackagemap.pkg --daliip=192.168.11.11
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1803,6 +1887,13 @@ ecl packagemap add roxie mypackagemap.pkg --daliip=192.168.11.11
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1888,6 +1979,13 @@ ecl packagemap add roxie mypackagemap.pkg --daliip=192.168.11.11
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -1974,6 +2072,13 @@ ecl packagemap add roxie mypackagemap.pkg --daliip=192.168.11.11
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -2113,6 +2218,13 @@ ecl packagemap validate roxie --active</programlisting>
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -2178,6 +2290,13 @@ ecl packagemap validate roxie --active</programlisting>
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -2243,6 +2362,13 @@ ecl packagemap validate roxie --active</programlisting>
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -2308,6 +2434,13 @@ ecl packagemap validate roxie --active</programlisting>
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>-u, --username</entry>
 
                   <entry>The username (if necessary)</entry>
@@ -2346,7 +2479,7 @@ ecl packagemap validate roxie --active</programlisting>
                 <row>
                   <entry>ecl roxie check</entry>
 
-                  <entry>Checks the state of the roxie process </entry>
+                  <entry>Checks the state of the roxie process</entry>
                 </row>
 
                 <row>
@@ -2373,6 +2506,13 @@ ecl packagemap validate roxie --active</programlisting>
                 </row>
 
                 <row>
+                  <entry>-ssl</entry>
+
+                  <entry>Use SSL to secure the connection to the
+                  server.</entry>
+                </row>
+
+                <row>
                   <entry>--wait=<emphasis>&lt;ms&gt;</emphasis></entry>
 
                   <entry>Max time to wait in milliseconds</entry>
@@ -2788,7 +2928,7 @@ ecl bundle use myBundle 2
                 <row>
                   <entry>--check-packagemaps</entry>
 
-                  <entry> Exclude files referenced in active
+                  <entry>Exclude files referenced in active
                   packagemaps</entry>
                 </row>
 

esp/eclwatch/ws_XSLT/CMakeLists.txt

@@ -139,6 +139,8 @@ FOREACH ( iFILES
     ${CMAKE_CURRENT_SOURCE_DIR}/access_adduser.xslt
     ${CMAKE_CURRENT_SOURCE_DIR}/access_basedns.xslt
     ${CMAKE_CURRENT_SOURCE_DIR}/access_clearpermissionscache.xslt
+    ${CMAKE_CURRENT_SOURCE_DIR}/access_enablescopescans.xslt
+    ${CMAKE_CURRENT_SOURCE_DIR}/access_disablescopescans.xslt
     ${CMAKE_CURRENT_SOURCE_DIR}/access_filepermission.xslt
     ${CMAKE_CURRENT_SOURCE_DIR}/access_groupadd.xslt
     ${CMAKE_CURRENT_SOURCE_DIR}/access_groupdelete.xslt

esp/eclwatch/ws_XSLT/access_disablescopescans.xslt

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:fo="http://www.w3.org/1999/XSL/Format">
+  <xsl:output method="html"/>
+  <xsl:template match="/">
+    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+      <head>
+        <script type="text/javascript" src="/esp/files/scripts/espdefault.js">&#160;</script>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+        <title>Scope Scanning</title>
+      </head>
+      <body class="yui-skin-sam" onload="nof5();">
+        <xsl:apply-templates/>
+      </body>
+    </html>
+  </xsl:template>
+  
+  <xsl:template match="DisableScopeScansResponse/scopeScansStatus">
+    <table>
+      <tbody>
+        <th align="left">
+          <h2>Disable Scope Scans Result</h2>
+        </th>
+        <tr>
+          <td>
+            <xsl:choose>
+              <xsl:when test="retcode=0">
+                Scope Scans Disabled
+              </xsl:when>
+              <xsl:otherwise>
+                Scope Scans Disable failed :
+              </xsl:otherwise>
+            </xsl:choose>
+            <xsl:value-of select="retmsg"/>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+    
+  </xsl:template>
+</xsl:stylesheet>

esp/eclwatch/ws_XSLT/access_enablescopescans.xslt

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:fo="http://www.w3.org/1999/XSL/Format">
+  <xsl:output method="html"/>
+  <xsl:template match="/">
+    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+      <head>
+        <script type="text/javascript" src="/esp/files/scripts/espdefault.js">&#160;</script>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+        <title>Scope Scanning</title>
+      </head>
+      <body class="yui-skin-sam" onload="nof5();">
+        <xsl:apply-templates/>
+      </body>
+    </html>
+  </xsl:template>
+  
+  <xsl:template match="EnableScopeScansResponse/scopeScansStatus">
+    <table>
+      <tbody>
+        <th align="left">
+          <h2>Enable Scope Scans Result</h2>
+        </th>
+        <tr>
+          <td>
+            <xsl:choose>
+              <xsl:when test="retcode=0">
+                Scope Scans Enabled
+              </xsl:when>
+              <xsl:otherwise>
+                Scope Scans Enable failed :
+              </xsl:otherwise>
+            </xsl:choose>
+            <xsl:value-of select="retmsg"/>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+    
+  </xsl:template>
+</xsl:stylesheet>

esp/eclwatch/ws_XSLT/access_resources.xslt

@@ -193,6 +193,24 @@
                   <input id="clearPermissionsCacheBtn" class="sbutton" type="submit" name="action" value="Clear Permissions Cache" onclick="return confirm('Are you sure you want to clear the DALI and ESP permissions caches? Running workunit performance might degrade significantly until the caches have been refreshed.')"/>
                 </form>
             </td>
+
+            <xsl:if test="scopeScansStatus/retcode=0">
+              <xsl:if test="scopeScansStatus/isEnabled=0">
+                <td>
+                  <form action="/ws_access/EnableScopeScans">
+                    <input id="EnableScopeScansBtn" class="sbutton" type="submit"  name="action" value="Enable Scope Scans" onclick="return confirm('Are you sure you want to enable Scope Scans?')"/>
+                  </form>
+                </td>
+              </xsl:if>
+              <xsl:if test="scopeScansStatus/isEnabled=1">
+                <td>
+                  <form action="/ws_access/DisableScopeScans">
+                    <input id="DisableScopeScansBtn" class="sbutton" type="submit"  name="action" value="Disable Scope Scans" onclick="return confirm('Are you sure you want to disable Scope Scans?')"/>
+                  </form>
+                </td>
+              </xsl:if>
+            </xsl:if>
+
                 </tr>
             </table>
       <form action="/ws_access/ResourceAddInput" id="addform">

esp/eclwatch/ws_XSLT/clusterprocesses.xslt

@@ -732,17 +732,22 @@
           <xsl:text disable-output-escaping="yes"><![CDATA[ <br /> ]]></xsl:text>
           <xsl:value-of select="$memNode/Total"/> MB Total
         </xsl:attribute>
-         <xsl:if test="$threshold != 0">
-                <xsl:choose>
-                        <xsl:when test="$thresholdType=0 and $memNode/PercentAvail &lt; $threshold">
-                    <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
-                        </xsl:when>
-                        <xsl:when test="$thresholdType=1 and $memNode/Available &lt; $threshold">
-                    <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
-                        </xsl:when>
-                    </xsl:choose>
-         </xsl:if>
-         <xsl:value-of select="$memNode/PercentAvail"/>%
+        <xsl:choose>
+          <xsl:when test="$memNode/Total=0">N/A</xsl:when>
+          <xsl:otherwise>
+            <xsl:if test="$threshold != 0">
+              <xsl:choose>
+                <xsl:when test="$thresholdType=0 and $memNode/PercentAvail &lt; $threshold">
+                  <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="$thresholdType=1 and $memNode/Available &lt; $threshold">
+                  <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
+                </xsl:when>
+              </xsl:choose>
+            </xsl:if>
+            <xsl:value-of select="$memNode/PercentAvail"/>%
+          </xsl:otherwise>
+        </xsl:choose>
       </td>            
    </xsl:template>
   

esp/scm/ws_access.ecm

@@ -362,6 +362,13 @@ ESPstruct Resource
     bool isSpecial;
 };
 
+ESPstruct ScopeScanStatusStruct
+{
+    bool    isEnabled;
+    int     retcode;
+    string  retmsg;
+};
+
 ESPresponse ResourcesResponse
 {
     string basedn;
@@ -373,6 +380,7 @@ ESPresponse ResourcesResponse
     string default_name;
     string prefix;
     [min_ver("1.05")] bool toomany;
+    [min_ver("1.08")] ESPstruct ScopeScanStatusStruct scopeScansStatus;
 };
 
 ESPrequest ResourceAddInputRequest
@@ -561,6 +569,34 @@ ESPresponse ClearPermissionsCacheResponse
 {
     int retcode;
 };
+
+ESPrequest QueryScopeScansEnabledRequest
+{
+};
+
+ESPresponse QueryScopeScansEnabledResponse
+{
+    [min_ver("1.08")] ESPstruct ScopeScanStatusStruct scopeScansStatus;
+};
+
+ESPrequest EnableScopeScansRequest
+{
+};
+
+ESPresponse EnableScopeScansResponse
+{
+    [min_ver("1.08")] ESPstruct ScopeScanStatusStruct scopeScansStatus;
+};
+
+ESPrequest DisableScopeScansRequest
+{
+};
+
+ESPresponse DisableScopeScansResponse
+{
+    [min_ver("1.08")] ESPstruct ScopeScanStatusStruct scopeScansStatus;
+};
+
 ESPrequest PermissionActionRequest
 {
     string basedn;
@@ -655,7 +691,7 @@ ESPresponse [nil_remove] UserAccountExportResponse
 };
 
 
-ESPservice [version("1.07"), default_client_version("1.07"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
+ESPservice [version("1.08"), default_client_version("1.08"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
 {
     ESPmethod [client_xslt("/esp/xslt/access_users.xslt")] Users(UserRequest, UserResponse);
     ESPmethod [client_xslt("/esp/xslt/access_useredit.xslt")] UserEdit(UserEditRequest, UserEditResponse);
@@ -690,6 +726,9 @@ ESPservice [version("1.07"), default_client_version("1.07"), exceptions_inline("
     ESPmethod [client_xslt("/esp/xslt/access_permissionresetinput.xslt")] PermissionsResetInput(PermissionsResetInputRequest, PermissionsResetInputResponse);
     ESPmethod [client_xslt("/esp/xslt/access_permissionsreset.xslt")] PermissionsReset(PermissionsResetRequest, PermissionsResetResponse);
     ESPmethod [client_xslt("/esp/xslt/access_clearpermissionscache.xslt")] ClearPermissionsCache(ClearPermissionsCacheRequest, ClearPermissionsCacheResponse);
+    ESPmethod QueryScopeScansEnabled(QueryScopeScansEnabledRequest, QueryScopeScansEnabledResponse);
+    ESPmethod [client_xslt("/esp/xslt/access_enablescopescans.xslt")] EnableScopeScans(EnableScopeScansRequest, EnableScopeScansResponse);
+    ESPmethod [client_xslt("/esp/xslt/access_disablescopescans.xslt")] DisableScopeScans(DisableScopeScansRequest, DisableScopeScansResponse);
     //ESPmethod [client_xslt("/esp/xslt/access_useraccountexport.xslt")] UserAccountExport(UserAccountExportRequest, UserAccountExportResponse);
     ESPmethod UserAccountExport(UserAccountExportRequest, UserAccountExportResponse);
 

esp/services/ws_access/ws_accessService.cpp

@@ -1436,6 +1436,20 @@ bool Cws_accessEx::onResources(IEspContext &context, IEspResourcesRequest &req,
 
             rarray.append(*oneresource.getLink());
         }
+        if (version >= 1.08)
+        {
+            Owned<IUserDescriptor> userdesc;
+            userdesc.setown(createUserDescriptor());
+            userdesc->set(context.queryUserId(), context.queryPassword());
+            int retCode;
+            StringBuffer retMsg;
+            bool isEnabled = querySessionManager().queryScopeScansEnabled(userdesc, &retCode, retMsg);
+            if (retCode != 0)
+                DBGLOG("Error %d querying scope scan status : %s", retCode, retMsg.str());
+            resp.updateScopeScansStatus().setIsEnabled(isEnabled);
+            resp.updateScopeScansStatus().setRetcode(retCode);
+            resp.updateScopeScansStatus().setRetmsg(retMsg.str());
+        }
         resp.setResources(rarray);
     }
     catch(IException* e)
@@ -1918,6 +1932,64 @@ bool Cws_accessEx::onClearPermissionsCache(IEspContext &context, IEspClearPermis
     resp.setRetcode(ok ? 0 : -1);
     return true;
 }
+
+bool Cws_accessEx::onQueryScopeScansEnabled(IEspContext &context, IEspQueryScopeScansEnabledRequest &req, IEspQueryScopeScansEnabledResponse &resp)
+{
+    ISecManager* secmgr = context.querySecManager();
+    if(secmgr == NULL)
+        throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
+
+    Owned<IUserDescriptor> userdesc;
+    userdesc.setown(createUserDescriptor());
+    userdesc->set(context.queryUserId(), context.queryPassword());
+    int retCode;
+    StringBuffer retMsg;
+    bool isEnabled = querySessionManager().queryScopeScansEnabled(userdesc, &retCode, retMsg);
+    if (retCode != 0)
+        throw MakeStringException(ECLWATCH_OLD_CLIENT_VERSION, "Error %d querying scope scan status : %s", retCode, retMsg.str());
+    resp.updateScopeScansStatus().setIsEnabled(isEnabled);
+    resp.updateScopeScansStatus().setRetcode(retCode);
+    resp.updateScopeScansStatus().setRetmsg(retMsg.str());
+    return true;
+
+}
+
+bool Cws_accessEx::onEnableScopeScans(IEspContext &context, IEspEnableScopeScansRequest &req, IEspEnableScopeScansResponse &resp)
+{
+    StringBuffer retMsg;
+    int rc = enableDisableScopeScans(context, true, retMsg);
+    resp.updateScopeScansStatus().setIsEnabled(rc == 0);
+    resp.updateScopeScansStatus().setRetcode(rc);
+    resp.updateScopeScansStatus().setRetmsg(retMsg.str());
+    return true;
+}
+
+bool Cws_accessEx::onDisableScopeScans(IEspContext &context, IEspDisableScopeScansRequest &req, IEspDisableScopeScansResponse &resp)
+{
+    StringBuffer retMsg;
+    int rc = enableDisableScopeScans(context, false, retMsg);
+    resp.updateScopeScansStatus().setIsEnabled(rc != 0);
+    resp.updateScopeScansStatus().setRetcode(rc);
+    resp.updateScopeScansStatus().setRetmsg(retMsg.str());
+    return true;
+}
+
+int Cws_accessEx::enableDisableScopeScans(IEspContext &context, bool doEnable, StringBuffer &retMsg)
+{
+    ISecManager* secmgr = context.querySecManager();
+    if(secmgr == NULL)
+        throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
+
+    Owned<IUserDescriptor> userdesc;
+    userdesc.setown(createUserDescriptor());
+    userdesc->set(context.queryUserId(), context.queryPassword());
+    int retCode;
+    bool rc = querySessionManager().enableScopeScans(userdesc, doEnable, &retCode, retMsg);
+    if (!rc || retCode != 0)
+        DBGLOG("Error %d enabling Scope Scans : %s", retCode, retMsg.str());
+    return retCode;
+}
+
 bool Cws_accessEx::permissionsReset(CLdapSecManager* ldapsecmgr, const char* basedn, const char* rtype0, const char* prefix,
         const char* resourceName, ACT_TYPE accountType, const char* accountName,
         bool allow_access, bool allow_read, bool allow_write, bool allow_full,

esp/services/ws_access/ws_accessService.hpp

@@ -77,6 +77,7 @@ class Cws_accessEx : public Cws_access
         bool deny_access, bool deny_read, bool deny_write, bool deny_full);
     void getBaseDNsForAddingPermssionToAccount(CLdapSecManager* secmgr, const char* prefix, const char* accountName, 
         int accountType, StringArray& basednNames);
+    int enableDisableScopeScans(IEspContext &context, bool doEnable, StringBuffer &retMsg);
 
 public:
     IMPLEMENT_IINTERFACE;
@@ -117,6 +118,9 @@ public:
     virtual bool onPermissionsReset(IEspContext &context, IEspPermissionsResetRequest &req, IEspPermissionsResetResponse &resp);
     virtual bool onUserAccountExport(IEspContext &context, IEspUserAccountExportRequest &req, IEspUserAccountExportResponse &resp);
     virtual bool onClearPermissionsCache(IEspContext &context, IEspClearPermissionsCacheRequest &req, IEspClearPermissionsCacheResponse &resp);
+    virtual bool onQueryScopeScansEnabled(IEspContext &context, IEspQueryScopeScansEnabledRequest &req, IEspQueryScopeScansEnabledResponse &resp);
+    virtual bool onEnableScopeScans(IEspContext &context, IEspEnableScopeScansRequest &req, IEspEnableScopeScansResponse &resp);
+    virtual bool onDisableScopeScans(IEspContext &context, IEspDisableScopeScansRequest &req, IEspDisableScopeScansResponse &resp);
 };
 
 #endif //_ESPWIZ_ws_access_HPP__

esp/services/ws_machine/machines.xslt

@@ -647,17 +647,22 @@
           <xsl:text disable-output-escaping="yes"><![CDATA[ <br /> ]]></xsl:text>
           <xsl:value-of select="$memNode/Total"/> MB Total
         </xsl:attribute>
-         <xsl:if test="$threshold != 0">
-                <xsl:choose>
-                        <xsl:when test="$thresholdType=0 and $memNode/PercentAvail &lt; $threshold">
-                    <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
-                        </xsl:when>
-                        <xsl:when test="$thresholdType=1 and $memNode/Available &lt; $threshold">
-                    <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
-                        </xsl:when>
-                    </xsl:choose>
-         </xsl:if>
-         <xsl:value-of select="$memNode/PercentAvail"/>%
+        <xsl:choose>
+          <xsl:when test="$memNode/Total=0">N/A</xsl:when>
+          <xsl:otherwise>
+            <xsl:if test="$threshold != 0">
+              <xsl:choose>
+                <xsl:when test="$thresholdType=0 and $memNode/PercentAvail &lt; $threshold">
+                  <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="$thresholdType=1 and $memNode/Available &lt; $threshold">
+                  <xsl:attribute name="bgcolor">FF8800</xsl:attribute>
+                </xsl:when>
+              </xsl:choose>
+            </xsl:if>
+            <xsl:value-of select="$memNode/PercentAvail"/>%
+          </xsl:otherwise>
+        </xsl:choose>
       </td>            
    </xsl:template>
   

esp/xslt/wsecl_tabview.xsl

@@ -66,9 +66,7 @@
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/reset-fonts-grids/reset-fonts-grids.css"/>
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/resize/assets/skins/sam/resize.css"/>
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/button/assets/skins/sam/button.css"/>
-                <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/menu/assets/skins/sam/menu.css"/>
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/tabview/assets/skins/sam/tabview.css"/>
-                <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/treeview/assets/skins/sam/treeview.css"/>
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/paginator/assets/skins/sam/paginator.css"/>
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/datatable/assets/skins/sam/datatable.css"/>
                 <link rel="stylesheet" type="text/css" href="/esp/files/yui/build/container/assets/skins/sam/container.css"/>

system/security/LdapSecurity/ldapsecurity.cpp

@@ -1273,6 +1273,13 @@ bool CLdapSecManager::clearPermissionsCache(ISecUser& user)
     }
     return true;
 }
+bool CLdapSecManager::authenticateUser(ISecUser & user, bool &superUser)
+{
+    if (!authenticate(&user))
+        return false;
+    superUser = isSuperUser(&user);
+    return true;
+}
 
 extern "C"
 {

system/security/LdapSecurity/ldapsecurity.ipp

@@ -441,6 +441,7 @@ public:
     virtual aindex_t getManagedFileScopes(IArrayOf<ISecResource>& scopes);
     virtual int queryDefaultPermission(ISecUser& user);
     virtual bool clearPermissionsCache(ISecUser &user);
+    virtual bool authenticateUser(ISecUser & user, bool &superUser);
 };
 
 #endif

system/security/shared/basesecurity.hpp

@@ -288,6 +288,7 @@ public:
     virtual aindex_t getManagedFileScopes(IArrayOf<ISecResource>& scopes) {UNIMPLEMENTED; }
     virtual int queryDefaultPermission(ISecUser& user) {UNIMPLEMENTED; }
     virtual bool clearPermissionsCache(ISecUser& user) {return false;}
+    virtual bool authenticateUser(ISecUser & user, bool &superUser) {return false;}
 protected:
     const char* getServer(){return m_dbserver.toCharArray();}
     const char* getUser(){return m_dbuser.toCharArray();}

system/security/shared/seclib.hpp

@@ -299,6 +299,7 @@ interface ISecManager : extends IInterface
     virtual aindex_t getManagedFileScopes(IArrayOf<ISecResource>& scopes) = 0;
     virtual int queryDefaultPermission(ISecUser& user) = 0;
     virtual bool clearPermissionsCache(ISecUser & user) = 0;
+    virtual bool authenticateUser(ISecUser & user, bool &superUser) = 0;
 };
 
 interface IExtSecurityManager