Merge pull request #568 from zowe/user/jstruga/merge-staging-rc

Merge staging into rc

.pax/pre-packaging.sh

@@ -19,6 +19,9 @@ SCRIPT_DIR=$(pwd)
 # build
 echo "$SCRIPT_NAME build zss ..."
 STEPLIB=CBC.SCCNCMP "$SCRIPT_DIR/content/build/build.sh"
+if [ $? != 0 ]; then
+  exit $?
+fi
 
 # clean up content folder
 echo "$SCRIPT_NAME cleaning up pax folder ..."
@@ -31,6 +34,7 @@ cd "$SCRIPT_DIR/content"
 mkdir LOADLIB SAMPLIB
 cp -X "//DEV.LOADLIB(ZWESIS01)" LOADLIB/ZWESIS01
 cp -X "//DEV.LOADLIB(ZWESAUX)" LOADLIB/ZWESAUX
+cp -X "//DEV.LOADLIB(ZWESISDL)" LOADLIB/ZWESISDL
 cp ../bak/samplib/zis/* SAMPLIB
 cp -r ../bak/bin .
 cp ../bak/manifest.yaml .

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to the ZSS package will be documented in this file.
 
 ## Recent Changes
 
+## `2.7.0`
+
+- Enhancement: A new ZIS plugin, "ZISDYNAMIC" is available within the LOADLIB as ZWESISDL. This plugin allows for ZIS plugins to access utility functions of the zowe-common-c libraries without needing to statically build them into the plugin itself.
+- Enhancement: New REST endpoint that maps distributed username to RACF user ID.
+- Bugfix: Fixed /unixfile/metadata not working when URL encoded spaces were present in file names
+
 ## `2.5.0`
 
 - Bugfix: In 2.3 and 2.4, 'safkeyring://' syntax stopped working, only allowing 'safkeyring:////'. Now, support for both is restored.

build/build.sh

@@ -32,3 +32,7 @@ fi
 if [ "$1" = "zss64" ] || [ "$1" = "" ]; then
   "${WORKING_DIR}/build_zss64.sh"
 fi
+
+if [ "$1" = "dynamic_zis_plugin" ] || [ "$1" = "" ]; then
+  "${WORKING_DIR}/build_dynamic.sh"
+fi

build/build_zss.sh

@@ -196,6 +196,7 @@ xlc \
   ${COMMON}/c/radmin.c \
   ${COMMON}/c/rawfd.c \
   ${COMMON}/c/recovery.c \
+  ${COMMON}/c/rusermap.c \
   ${COMMON}/jwt/rscrypto/rs_icsfp11.c \
   ${COMMON}/jwt/rscrypto/rs_rsclibc.c \
   ${COMMON}/c/scheduling.c \

build/build_zss64.sh

@@ -197,6 +197,7 @@ if ! c89 \
   ${COMMON}/c/radmin.c \
   ${COMMON}/c/rawfd.c \
   ${COMMON}/c/recovery.c \
+  ${COMMON}/c/rusermap.c \
   ${COMMON}/jwt/rscrypto/rs_icsfp11.c \
   ${COMMON}/jwt/rscrypto/rs_rsclibc.c \
   ${COMMON}/c/scheduling.c \

c/certificateService.c

@@ -26,10 +26,12 @@
 #include "httpserver.h"
 #include "json.h"
 #include "http.h"
+#include "rusermap.h"
 
 #pragma linkage(IRRSIM00, OS)
 
 #define MAP_CERTIFICATE_TO_USERNAME 0x0006
+#define MAP_DN_TO_USERNAME 0x0008
 #define SUCCESS_RC 0
 #define SUCCESS_RC_SAF 0
 #define SUCCESS_RC_RACF 0
@@ -46,33 +48,15 @@
 #define NOTRUST_CERTIFICATE_RC 32
 #define NO_IDENTITY_FILTER_RC 48
 
-typedef _Packed struct _RUsermapParamList {
-    char workarea[1024];
-    int safRcAlet, returnCode;
-    int racfRcAlet, returnCodeRacf;
-    int racfReasonAlet, reasonCodeRacf;
-    int fcAlet;
-    short functionCode;
-    int  optionWord;
-    char useridLengthRacf;
-    char useridRacf[8];
-    short applicationIdLength;
-    char applicationId[246];
-    short distinguishedNameLength;
-    char distinguishedName[246];
-    short registryNameLength;
-    char registryName[255];
-    int certificateLength;
-    char certificate[4096];
-} RUsermapParamList;
+#define MAX_URL_LENGTH 21
 
 static void setValidResponseCode(HttpResponse *response, int rc, int returnCode, int returnCodeRacf, int reasonCodeRacf) {
   if (rc == SUCCESS_RC && returnCode == SUCCESS_RC_SAF && returnCodeRacf == SUCCESS_RC_RACF && reasonCodeRacf == SUCCESS_REASON_CODE_RACF) {
     setResponseStatus(response, 200, "OK");
     return;
-  } else if(rc != SUCCESS_RC) {
-    if(returnCode == SAF_FAILURE_RC && returnCodeRacf == RACF_FAILURE_RC) {
-      if(reasonCodeRacf == PARAMETER_LIST_ERROR_RC) {
+  } else if (rc != SUCCESS_RC) {
+    if (returnCode == SAF_FAILURE_RC && returnCodeRacf == RACF_FAILURE_RC) {
+      if (reasonCodeRacf == PARAMETER_LIST_ERROR_RC) {
         setResponseStatus(response, 400, "Bad request");
         return;
       } else if (
@@ -109,110 +93,89 @@ static void respondWithInvalidMethod(HttpResponse *response) {
     finishResponse(response);
 }
 
-static void respondWithBadRequest(HttpResponse *response) {
-    jsonPrinter *p = respondWithJsonPrinter(response);
-
-    setResponseStatus(response, 400, "Bad Request");
-    setDefaultJSONRESTHeaders(response);
-    writeHeader(response);
-
-    jsonStart(p);
-    {
-      jsonAddString(p, "error", "The length of the certificate is longer than 4096 bytes");
-    }
-    jsonEnd(p);
-
-    finishResponse(response);
-}
-
-static int serveMappingService(HttpService *service, HttpResponse *response)
-{
+static int serveMappingService(HttpService *service, HttpResponse *response) {
   HttpRequest *request = response->request;
 
   if (!strcmp(request->method, methodPOST))
   {
-    RUsermapParamList *userMapCertificateStructure 
-      = (RUsermapParamList*)safeMalloc31(sizeof(RUsermapParamList),"RUsermapParamList");
-    memset(userMapCertificateStructure, 0, sizeof(RUsermapParamList));
 
-    if(request->contentLength > sizeof(userMapCertificateStructure->certificate) || request->contentLength < 0) {
-      respondWithBadRequest(response);
-      return 0;
+    int urlLength = strlen(request->uri);
+    if(urlLength < 0 || urlLength > MAX_URL_LENGTH) {
+        respondWithJsonError(response, "URI exceeded maximum number of characters.", 400, "Bad Request");
+        return 0;
     }
 
-    userMapCertificateStructure->certificateLength = request->contentLength;
-    memset(userMapCertificateStructure->certificate, 0, request->contentLength);
-    memcpy(userMapCertificateStructure->certificate, request->contentBody, request->contentLength);
+    char translatedURL[urlLength + 1];
+    strcpy(translatedURL, request->uri);
+    a2e(translatedURL, sizeof(translatedURL));
+    char *x509URI = strstr(translatedURL, "x509/map");
+    char *distinguishedNameURI = strstr(translatedURL, "dn");
 
-    userMapCertificateStructure->functionCode = MAP_CERTIFICATE_TO_USERNAME;
+    char useridRacf[9];
+    int returnCodeRacf = 0;
+    int reasonCodeRacf = 0;
     int rc;
-
-#ifdef _LP64 
-    __asm(ASM_PREFIX
-	  /* We get the routine pointer for IRRSIM00 by an, *ahem*, direct approach.
-	     These offsets are stable, and this avoids linker/pragma mojo */
-	  " LA 15,X'10' \n"
-          " LG 15,X'220'(,15) \n" /* CSRTABLE */
-          " LG 15,X'28'(,15) \n" /* Some RACF Routin Vector */
-          " LG 15,X'A0'(,15) \n" /* IRRSIM00 itself */
-	  " LG 1,%0 \n"
-	  " SAM31 \n"
-	  " BALR 14,15 \n"
-          " SAM64 \n"
-          " ST 15,%0"
-	  :
-	  :"m"(userMapCertificateStructure),"m"(rc)
-	  :"r14","r15");
-#else
-    rc = IRRSIM00(
-        &userMapCertificateStructure->workarea, // WORKAREA
-        &userMapCertificateStructure->safRcAlet  , // ALET
-        &userMapCertificateStructure->returnCode,
-        &userMapCertificateStructure->racfRcAlet,
-        &userMapCertificateStructure->returnCodeRacf,
-        &userMapCertificateStructure->racfReasonAlet,
-        &userMapCertificateStructure->reasonCodeRacf,
-        &userMapCertificateStructure->fcAlet,
-        &userMapCertificateStructure->functionCode,
-        &userMapCertificateStructure->optionWord,
-        &userMapCertificateStructure->useridLengthRacf,
-        &userMapCertificateStructure->certificateLength,
-        &userMapCertificateStructure->applicationIdLength,
-        &userMapCertificateStructure->distinguishedNameLength,
-        &userMapCertificateStructure->registryNameLength
-    );
-#endif
+    if(x509URI != NULL) {
+    //  Certificate to user mapping
+        if (request->contentLength < 1) {
+          respondWithJsonError(response, "The length of the certificate is less then 1", 400, "Bad Request");
+          return 0;
+        }
+        rc = getUseridByCertificate(request->contentBody, request->contentLength, useridRacf, &returnCodeRacf, &reasonCodeRacf);
+    } else if (distinguishedNameURI != NULL) {
+    //    Distinguished name to user mapping
+        char *bodyNativeEncoding = copyStringToNative(request->slh, request->contentBody, request->contentLength);
+        char errorBuffer[2048];
+        Json *body = jsonParseUnterminatedString(request->slh, bodyNativeEncoding, request->contentLength, errorBuffer, sizeof(errorBuffer));
+        if (body == NULL) {
+            respondWithJsonError(response, "JSON in request body has incorrect structure.", 400, "Bad Request");
+            return 0;
+        }
+        JsonObject *jsonObject = jsonAsObject(body);
+        if (jsonObject == NULL) {
+            respondWithJsonError(response, "Object in request body is not a JSON type.", 400, "Bad Request");
+            return 0;
+        }
+        char *distinguishedId = jsonObjectGetString(jsonObject, "dn");
+        char *registry = jsonObjectGetString(jsonObject, "registry");
+        if (distinguishedId == NULL || registry == NULL) {
+            respondWithJsonError(response, "Object in request is missing dn or registry parameter.", 400, "Bad Request");
+            return 0;
+        }
+        rc = getUseridByDN(distinguishedId, strlen(distinguishedId), registry, strlen(registry), useridRacf, &returnCodeRacf, &reasonCodeRacf);
+
+    } else {
+        respondWithJsonError(response, "Endpoint not found.", 404, "Not Found");
+        return 0;
+    }
 
     jsonPrinter *p = respondWithJsonPrinter(response);
 
-    setValidResponseCode(response, rc, userMapCertificateStructure->returnCode, userMapCertificateStructure->returnCodeRacf, userMapCertificateStructure->reasonCodeRacf);
+    setValidResponseCode(response, rc, rc, returnCodeRacf, reasonCodeRacf);
     setDefaultJSONRESTHeaders(response);
     writeHeader(response);
-    
+
     jsonStart(p);
     {
-      jsonAddString(p, "userid", userMapCertificateStructure->useridRacf);
+      jsonAddString(p, "userid", useridRacf);
       jsonAddInt(p, "returnCode", rc);
-      jsonAddInt(p, "safReturnCode", userMapCertificateStructure->returnCode);
-      jsonAddInt(p, "racfReturnCode", userMapCertificateStructure->returnCodeRacf);
-      jsonAddInt(p, "racfReasonCode", userMapCertificateStructure->reasonCodeRacf);
+      jsonAddInt(p, "safReturnCode", rc);
+      jsonAddInt(p, "racfReturnCode", returnCodeRacf);
+      jsonAddInt(p, "racfReasonCode", reasonCodeRacf);
     }
     jsonEnd(p);
 
-    safeFree31((char*)userMapCertificateStructure,sizeof(RUsermapParamList));
     finishResponse(response);
   }
   else
   {
      respondWithInvalidMethod(response);
   }
-
   return 0;
 }
 
-void installCertificateService(HttpServer *server)
-{
-  HttpService *httpService = makeGeneratedService("CertificateService", "/certificate/x509/**");
+void installUserMappingService(HttpServer *server) {
+  HttpService *httpService = makeGeneratedService("UserMappingService", "/certificate/**");
   httpService->authType = SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN;
   httpService->serviceFunction = serveMappingService;
   httpService->runInSubtask = TRUE;

c/unixFileService.c

@@ -934,7 +934,8 @@ static int serveUnixFileChangeMode(HttpService *service, HttpResponse *response)
 static int serveUnixFileMetadata(HttpService *service, HttpResponse *response) {
   HttpRequest *request = response->request;
   char *fileFrag = stringListPrint(request->parsedFile, 2, 1000, "/", 0);
-  char *fileName = stringConcatenate(response->slh, "/", fileFrag);
+  char *encodedFileName = stringConcatenate(response->slh, "/", fileFrag);
+  char *fileName = cleanURLParamValue(response->slh, encodedFileName);
 
   if (!strcmp(request->method, methodGET)) {
     respondWithUnixFileMetadata(response, fileName);

c/zss.c

@@ -1847,7 +1847,7 @@ int main(int argc, char **argv){
       loadWebServerConfigV2(server, configmgr, htUsers, htGroups, defaultSeconds);
       readWebPluginDefinitions(server, slh, pluginsDir, configmgr, apimlStorageSettings);
       configureJwt(server, jwkSettings);
-      installCertificateService(server);
+      installUserMappingService(server);
       installUnixFileContentsService(server);
       installUnixFileRenameService(server);
       installUnixFileCopyService(server);

h/certificateService.h

@@ -15,7 +15,7 @@
 
 #include "httpserver.h"
 
-void installCertificateService(HttpServer *server);
+void installUserMappingService(HttpServer *server);
 
 #endif /* __CERT_SERVICE_H__ */
 

h/zis/message.h

@@ -289,11 +289,11 @@
 #define ZISDYN_LOG_STUB_CREATED_MSG             ZISDYN_LOG_STUB_CREATED_MSG_ID" "ZISDYN_LOG_STUB_CREATED_MSG_TEXT
 
 #define ZISDYN_LOG_STUB_REUSED_MSG_ID           ZIS_MSG_PRFX"0210I"
-#define ZISDYN_LOG_STUB_REUSED_MSG_TEXT         "Stub vector at % p has been reused"
+#define ZISDYN_LOG_STUB_REUSED_MSG_TEXT         "Stub vector at %p has been reused"
 #define ZISDYN_LOG_STUB_REUSED_MSG              ZISDYN_LOG_STUB_REUSED_MSG_ID" "ZISDYN_LOG_STUB_REUSED_MSG_TEXT
 
 #define ZISDYN_LOG_STUB_DELETED_MSG_ID          ZIS_MSG_PRFX"0211I"
-#define ZISDYN_LOG_STUB_DELETED_MSG_TEXT        "Stub vector at % p has been deleted"
+#define ZISDYN_LOG_STUB_DELETED_MSG_TEXT        "Stub vector at %p has been deleted"
 #define ZISDYN_LOG_STUB_DELETED_MSG             ZISDYN_LOG_STUB_DELETED_MSG_ID" "ZISDYN_LOG_STUB_DELETED_MSG_TEXT
 
 #define ZISDYN_LOG_STUB_DISCARDED_MSG_ID        ZIS_MSG_PRFX"0212W"

samplib/zis/ZWESIP00

@@ -57,9 +57,15 @@
 //*                                                                  */
 //********************************************************************/
 
+//* This plugin should be first. The order of plugins is important   */
+//*   because a plugin that is a dependency of another should be     */
+//*   higher in the list for access as early as needed               */
+ZWES.PLUGIN.ZISDYNAMIC=ZWESISDL
+
 * ZWES.PLUGIN.ECHO=ECHOPL01
 * ZWES.PLUGIN.MAGICNUMBER=MNUMBER
 
+
 ZWES.AUTH.CLASS=ZOWE
 
 ZWES.SECMGMT.CLASS=ZOWE

schemas/zss-config.json

@@ -328,8 +328,8 @@
           "description": "Controls logging of lpa library functions",
           "$ref": "#/$defs/logLevel"
         },
-        "_zss.resetdataset": {
-          "description": "Controls logging of resetdataset functions",
+        "_zss.restdataset": {
+          "description": "Controls logging of restdataset functions",
           "$ref": "#/$defs/logLevel"
         },
         "_zss.restfile": {

version.txt

@@ -1 +1 @@
-2.6.0
+2.7.0