Advanced Web Server (AWS) CGI security

gavello · March 5, 2018, 11:06am

I still have issues with CGI and with AWS in generale but this is CGI related
I know I have to user naCgiSetAccess and naCgiCheckAccess to limit function access
but I have no idea how to get caller autorization level form inside RpExternalCgi

this is what i’m doing with minimal comments.

void RpExternalCgi(void *theDataPtr, rpCgiPtr theCgiPtr) {

 // GET request
 // Path is "enpoint" 
 if (theCgiPtr-&gt;fHttpRequest == eRpCgiHttpGet &amp;&amp; strncmp(
 theCgiPtr-&gt;fPathPtr, "/enpoint", 8) == 0) {
     
     // Set authorization.
     unsigned int authLevel = // ?????? should be the caller auth level...but how to get it? 
     naCgiSetAccess(theDataPtr, theCgiPtr, authLevel );
     
     // Security only administrator should be allowed.
     rpPasswordState password_state = naCgiCheckAccess(theDataPtr, theCgiPtr, NASYSACC_LEVEL_ADMINISTRATOR);

     if (password_state == eRpPasswordNotAuthorized) {...}else{...}

 }

}

gavello · March 7, 2018, 7:16am

if someone is interested I’m self answering my question

get caller sys access with:

unsigned naGetSysAccessByUsrAndPsswd(const char * username, const char * password, NAIpAddress_t * ipAddrPtr);

Topic		Replies	Views
CGI Security NET+OS	1	761	April 29, 2016
9210 CGI password NET+OS net , password , os , cgi	2	696	October 1, 2013
authentication log out NET+OS http , out , log , authentication	6	1115	February 19, 2015
How can a CGI get the username of the session? Rabbit	1	684	September 21, 2010
RpFormInput Type=FILE NET+OS	4	820	August 2, 2010

Advanced Web Server (AWS) CGI security

Related topics