/* * * Copyright (c) 1999 - 2011 my-Channels Ltd * Copyright (c) 2012 - 2017 Software AG, Darmstadt, Germany and/or Software AG USA Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors. * * Use, reproduction, transfer, publication or disclosure is prohibited except as specifically provided for in your License Agreement with Software AG. * */ #include "nSampleApp.h" #include "nRealmNode.h" #include "nRealmACLEntry.h" #include "nSessionAttributes.h" #include "nACL.h" #include #include namespace com { namespace pcbsys { namespace nirvana { namespace nAdminAPI { namespace apps { using namespace com::pcbsys::nirvana::client; using namespace com::pcbsys::nirvana::nAdminAPI; class delrealmacl { /// ///

* This application can be used to remove a subject from a realm /// * /// * You can also specify to remove an acl entry from all known realms within a namespace, by /// * recursively searching through looking for other realm nodes and removing the acl entry /// * /// * This is achieved by specifying -r as a command line parameter.

/// private: std::string m_realm; std::string m_name; std::string m_host; nSessionAttributes *m_pAttr; nRealmNode *m_pNode; bool m_bRecursive; public: /// ///

* Consruct an instance of this class using the command line arguments passed /// * when it is executed.

/// delrealmacl(int argc, char** argv) : m_pAttr(NULL), m_pNode(NULL), m_bRecursive(false) { try { getOptions(argc, argv); printf("Connecting to %s\n", m_realm.c_str()); // construct the session attributes from the realm m_pAttr = new nSessionAttributes(m_realm); // get the root realm node from the realm admin m_pNode = new nRealmNode(m_pAttr); if (!m_pNode->isAuthorised()) { printf("User not authorised on this node %s\n", m_realm.c_str()); return; } // wait for the entire node namespace to be constructed m_pNode->waitForEntireNameSpace(); printf("Removing entry for %s@%s\n", m_name.c_str(), m_host.c_str()); // create a new acl entry with the name and host nRealmACLEntry *pNewEntry = new nRealmACLEntry(m_name, m_host); m_pNode->removeRealmACLEntry(pNewEntry); printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); printf("Removed ACL entry for %s\n", m_pNode->getName().c_str()); printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); dump(); // if you specify -r as a command line parameter, you can choose to traverse the entire // realm namespace, including any realms that have been added to the root realm node if (m_bRecursive) { traverse(m_pNode); } m_pNode->close(); } catch (Exception e) { printf("%s\n", e.message().c_str()); } } /// ///

* recursively search through the nodes from a realm node looking for other realm nodes

/// virtual nRealmNode* traverse(nRealmNode *pNode) { // get the enumeration of child nodes from p_node fSortedList nodes = pNode->getNodes(); for (fSortedList::iterator iterator = nodes.begin(); iterator != nodes.end(); iterator++) { nNode *pObj = iterator->second; int type = pObj->getType(); // only deal with realm nodes if (type == fBase::REALMNODE) { nRealmNode *pNode = (nRealmNode*)pObj; try { pNode->removeRealmACLEntry(new nRealmACLEntry(m_name + "@" + m_host)); } catch (Exception e) { } printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); printf("Removed ACL entry for %s\n", pNode->getName().c_str()); printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); dump(); // now traverse the child nodes return traverse(pNode); } else if (type == fBase::CONTAINER) { nContainer *pCont = (nContainer*)pObj; searchNode(pCont->getNodes()); } } return NULL; } /// ///

* If you construct an instance of this class from another class, you can set the name /// * and host for the subject.

/// virtual void setSubject(const std::string& name, const std::string& host) { m_name = name; m_host = host; } virtual void getOptions(int argc, char** argv) { if ((argv == NULL) || (argc <= 3)) { Usage(); exit(1); } m_realm = argv[1]; if (m_realm == "") { Usage(); exit(1); } m_name = argv[2]; if (m_name == "") { Usage(); exit(1); } m_host = argv[3]; if (m_host == "") { Usage(); exit(1); } for (int i = 0; i < argc; i++) { if (strcmp (argv[i], "-r") == 0) { m_bRecursive = true; } } } /// ///

* Output to system.out the permissions that have been set

/// virtual void dump() { printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); printf("NAME : %s\n", m_name.c_str()); printf("HOST : %s\n", m_host.c_str()); printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); } private: /// ///

* Search the enumeration of nodes passed as a parameter

/// void searchNode(fSortedList &nodes) { try { for (fSortedList::iterator iterator = nodes.begin(); iterator != nodes.end(); iterator++) { nNode *pObj = iterator->second; int type = pObj->getType(); if (type == fBase::REALMNODE) { nRealmNode *pNode = (nRealmNode*)pObj; try { // get the acl for this realm node nACL *pAcl = pNode->getACLs(); // remove the entry from the acl pAcl->remove(m_name + "@" + m_host); // set the node acl to the acl list with the removed entry pNode->setACLs(pAcl); } catch (Exception e) { } printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); printf("Removed ACL entry for %s\n", pNode->getName().c_str()); printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"); dump(); } else if (type == fBase::CONTAINER) { searchNode(((nContainer*)pObj)->getNodes()); } } } catch (Exception ex) { } } /// ///

* Prints the usage message for this class

/// static void Usage() { printf("Usage ...\n\n"); printf("delrealmacl \n\n"); printf(" \n\n"); printf(" - the rname of the server to connect to\n"); printf(" - User name parameter for the ACL entry to delete\n"); printf(" - Host name parameter for the ACL entry to delete\n"); } }; } } } } } using namespace com::pcbsys::nirvana::nAdminAPI::apps; int main (int argc, char** argv) { delrealmacl *pDel = new delrealmacl (argc, argv); return 0; }