Merge pull request #584 from zowe/Jordan-branch

Client Certificate Authentication with R_usermap
zowe · Aug 11, 2023 · 67da919 · 67da919
2 parents eed62c1 + bd8a920
commit 67da919
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 3 deletions.
diff --git a/c/zis/client.c b/c/zis/client.c
@@ -196,6 +196,22 @@ int zisCheckUsernameAndPassword(const CrossMemoryServerName *serverName,
   return authRequest(serverName, &parmList, status);
 }
 
+int zisCheckUsername(const CrossMemoryServerName *serverName,
+                     const char *userName,
+                     ZISAuthServiceStatus *status) {
+  AuthServiceParmList parmList = {0};
+
+  memcpy(&parmList.eyecatcher[0], ZIS_AUTH_SERVICE_PARMLIST_EYECATCHER,
+      sizeof(parmList.eyecatcher));
+  parmList.fc = ZIS_AUTH_SERVICE_PARMLIST_FC_VERIFY_USER;
+  if (strlen(userName) >= sizeof (parmList.userIDNullTerm)) {
+    status->baseStatus.serviceRC = RC_ZIS_AUTHSRV_INPUT_STRING_TOO_LONG;
+    return RC_ZIS_SRVC_SERVICE_FAILED;
+  }
+  strncpy(parmList.userIDNullTerm, userName, sizeof(parmList.userIDNullTerm));
+  return authRequest(serverName, &parmList, status);
+}
+
 int zisCheckEntity(const CrossMemoryServerName *serverName,
                    const char *userName, const char *class, const char *entity,
                    int access, ZISAuthServiceStatus *status) {

diff --git a/c/zis/services/auth.c b/c/zis/services/auth.c
@@ -29,6 +29,53 @@
 
 #define ZIS_PARMLIB_PARM_AUTH_USER_CLASS    CMS_PROD_ID".AUTH.CLASS"
 
+static int handleVerifyUser(AuthServiceParmList *parmList,
+                            const CrossMemoryServerGlobalArea *globalArea) {
+  ACEE *acee = NULL;
+  int safRC = 0, racfRC = 0, racfRsn = 0;
+  int deleteSAFRC = 0, deleteRACFRC = 0, deleteRACFRsn = 0;
+  int rc = RC_ZIS_AUTHSRV_OK;
+
+  CMS_DEBUG(globalArea, "handleVerifyUser(): username = %s\n",
+      parmList->userIDNullTerm);
+
+  if (parmList->_padding0[0] & ZIS_AUTH_SERVICE_SAFIDT_OPTION_RESERVED) {
+    return RC_ZIS_AUTHSRV_BAD_SAF_SERVICE_VERSION;
+  }
+
+ int options = VERIFY_CREATE | VERIFY_WITHOUT_PASSWORD;
+
+ safRC = safVerify(options,
+                   parmList->userIDNullTerm,
+                   NULL,
+                   &acee,
+                   &racfRC,
+                   &racfRsn);
+
+  CMS_DEBUG(globalArea, "safVerify(VERIFY_CREATE) safStatus = %d, RACF RC = %d, "
+      "RSN = %d, ACEE=0x%p\n", safRC, racfRC, racfRsn, acee);
+
+  if (safRC != 0) {
+    rc = RC_ZIS_AUTHSRV_SAF_ERROR;
+    goto acee_deleted;
+  }
+  deleteSAFRC = safVerify(VERIFY_DELETE, NULL, NULL, &acee, &deleteRACFRC,
+      &deleteRACFRsn);
+  CMS_DEBUG(globalArea, "safVerify(VERIFY_DELETE) safStatus = %d, RACF RC = %d, "
+      "RSN = %d, ACEE=0x%p\n", deleteSAFRC, deleteRACFRC, deleteRACFRsn,
+      acee);
+  if (deleteSAFRC != 0) {
+    rc = RC_ZIS_AUTHSRV_DELETE_FAILED;
+  }
+  acee_deleted:
+
+  FILL_SAF_STATUS(&parmList->safStatus, safRC, racfRC, racfRsn);
+  CMS_DEBUG(globalArea, "handleVerifyPassword() done\n");
+  return rc;
+
+
+}
+
 static int handleVerifyPassword(AuthServiceParmList *parmList,
                                 const CrossMemoryServerGlobalArea *globalArea) {
   ACEE *acee = NULL;
@@ -393,6 +440,9 @@ int zisAuthServiceFunction(CrossMemoryServerGlobalArea *globalArea,
   case ZIS_AUTH_SERVICE_PARMLIST_FC_GENERATE_TOKEN:
     handlerRC = handleGenerateToken(&localParmList, globalArea);
     break;
+  case ZIS_AUTH_SERVICE_PARMLIST_FC_VERIFY_USER:
+    handlerRC = handleVerifyUser(&localParmList, globalArea);
+    break;
   default:
     handlerRC = RC_ZIS_AUTHSRV_UNKNOWN_FUNCTION_CODE;
   }

diff --git a/c/zss.c b/c/zss.c
@@ -221,16 +221,16 @@ static int extractAuthorizationFromJson(HttpService *service, HttpRequest *reque
     } else {
       request->username = jsonAsString(username);
     }
-
     if (password == NULL){
       return -1;
     } else if (!jsonIsString(password)){
       return -1;
     } else {
       request->password = jsonAsString(password);
     }
+    return 0;
   }
-  return 0;
+  return -1;
 }
 
 static

diff --git a/deps/zowe-common-c b/deps/zowe-common-c
diff --git a/h/zis/client.h b/h/zis/client.h
@@ -175,6 +175,11 @@ typedef struct ZISAuthServiceStatus_tag {
     _ZIS_FORMAT_CALL_STATUS_TMPL($rc, $status, $printf, \
         _ZIS_AUTH_SERVICE_ERROR_CASES, ZIS_AUTH_RC_DESCRIPTION)
 
+
+int zisCheckUsername(const CrossMemoryServerName *serverName,
+                     const char *userName,
+                     ZISAuthServiceStatus *status);
+
 int zisCheckUsernameAndPassword(const CrossMemoryServerName *serverName,
                                 const char *userName, const char *password,
                                 ZISAuthServiceStatus *status);

diff --git a/h/zis/services/auth.h b/h/zis/services/auth.h
@@ -69,6 +69,7 @@ typedef struct AuthServiceParmList_tag {
 #define ZIS_AUTH_SERVICE_PARMLIST_FC_ENTITY_CHECK 1
 #define ZIS_AUTH_SERVICE_PARMLIST_FC_GET_ACCESS 2
 #define ZIS_AUTH_SERVICE_PARMLIST_FC_GENERATE_TOKEN 3
+#define ZIS_AUTH_SERVICE_PARMLIST_FC_VERIFY_USER 4
   char userIDNullTerm[ZIS_AUTH_SERVICE_USER_ID_MAX_LENGTH + 1];
   char passwordNullTerm[ZIS_AUTH_SERVICE_PASSWORD_MAX_LENGTH + 1];
   /* up to 8 characters: */