Merge pull request #17 from fkovinAtRocket/feature/rbac

RBAC: Remove the username and class from the url
zowe · Mar 28, 2019 · 0b7f61b · 0b7f61b
2 parents b2c6ed9 + 2190d7b
commit 0b7f61b
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/c/authService.c b/c/authService.c
@@ -33,6 +33,8 @@
 #include "zis/client.h"
 #include "httpserver.h"
 
+#define SAF_CLASS "ZOWE"
+
 /*
  * A handler performing the SAF_AUTH check: checks if the user has the
  * specified access to the specified entity in the specified class
@@ -66,8 +68,7 @@ int installAuthCheckService(HttpServer *server) {
   return 0;
 }
 
-static int extractQuery(StringList *path, char **userName, char **class,
-    char **entity, char **access) {
+static int extractQuery(StringList *path, char **entity, char **access) {
   const StringListElt *pathElt;
 
 #define TEST_NEXT_AND_SET($ptr) do { \
@@ -85,8 +86,6 @@ static int extractQuery(StringList *path, char **userName, char **class,
   if (pathElt == NULL) {
     return -1;
   }
-  TEST_NEXT_AND_SET(userName);
-  TEST_NEXT_AND_SET(class);
   TEST_NEXT_AND_SET(entity);
   TEST_NEXT_AND_SET(access);
   return 0;
@@ -146,13 +145,14 @@ static void respond(HttpResponse *res, int rc, const ZISAuthServiceStatus
 
 static int serveAuthCheck(HttpService *service, HttpResponse *res) {
   HttpRequest *req = res->request;
-  char *userName, *class, *entity, *accessStr;
+  char *entity, *accessStr;
   int access = 0;
   int rc = 0, rsn = 0, safStatus = 0;
   ZISAuthServiceStatus reqStatus = {0};
   CrossMemoryServerName *privilegedServerName;
+  const char *userName = req->username, *class = SAF_CLASS;
 
-  rc = extractQuery(req->parsedFile, &userName, &class, &entity, &accessStr);
+  rc = extractQuery(req->parsedFile, &entity, &accessStr);
   if (rc != 0) {
     respondWithError(res, HTTP_STATUS_BAD_REQUEST, "Broken auth query");
     return 0;

diff --git a/c/zss.c b/c/zss.c
@@ -771,6 +771,17 @@ static int validateConfigPermissionsInner(const char *path) {
   return 0;
 }
 
+#ifdef ZSS_IGNORE_PERMISSION_PROBLEMS
+
+static int validateFilePermissions(const char *filePath) {
+  zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_SEVERE,
+    "Skipping validation of file permissions: disabled during compilation, "
+    "file %s.\n", filePath);
+  return 0;
+}
+
+#else /* ZSS_IGNORE_PERMISSION_PROBLEMS */
+
 /* Validates that both file AND parent folder meet requirements */
 static int validateFilePermissions(const char *filePath) {
   if (!filePath) {
@@ -804,6 +815,8 @@ static int validateFilePermissions(const char *filePath) {
   }
 }
 
+#endif /* ZSS_IGNORE_PERMISSION_PROBLEMS */
+
 int main(int argc, char **argv){
   if (argc == 1) { 
     printf("Usage: zssServer <path to zssServer.json or zluxServer.json file>\n");