[mapserver-commits] r10059 - trunk/mapserver
svn at osgeo.org
svn at osgeo.org
Tue Apr 6 19:26:55 EDT 2010
Author: warmerdam
Date: 2010-04-06 19:26:54 -0400 (Tue, 06 Apr 2010)
New Revision: 10059
Modified:
trunk/mapserver/HISTORY.TXT
trunk/mapserver/mapraster.c
trunk/mapserver/maprasterquery.c
trunk/mapserver/mapwcs.c
Log:
implement support for raster filename encryption per RFC 18 (#3416)
Modified: trunk/mapserver/HISTORY.TXT
===================================================================
--- trunk/mapserver/HISTORY.TXT 2010-04-06 23:23:07 UTC (rev 10058)
+++ trunk/mapserver/HISTORY.TXT 2010-04-06 23:26:54 UTC (rev 10059)
@@ -14,6 +14,8 @@
Current Version (SVN trunk):
----------------------------
+- Implement support for filename encryption per RFC 18 for rasters (#3416)
+
- Fixed segfault when using shapefile with empty geometry and tileindex (#3365)
- Avoid race condition on core_lock on win32 mutex init (#3396)
Modified: trunk/mapserver/mapraster.c
===================================================================
--- trunk/mapserver/mapraster.c 2010-04-06 23:23:07 UTC (rev 10058)
+++ trunk/mapserver/mapraster.c 2010-04-06 23:26:54 UTC (rev 10059)
@@ -343,6 +343,7 @@
shapeObj tshp;
char szPath[MS_MAXPATHLEN];
+ char *decrypted_path;
int final_status = MS_SUCCESS;
rectObj searchrect;
@@ -534,8 +535,19 @@
msTryBuildPath3(szPath, map->mappath, map->shapepath, filename);
}
+ /*
+ ** Note: because we do decryption after the above path expansion
+ ** which depends on actually finding a file, it essentially means that
+ ** fancy path manipulation is essentially disabled when using encrypted
+ ** components. But that is mostly ok, since stuff like sde,postgres and
+ ** oracle georaster do not use real paths.
+ */
+ decrypted_path = msDecryptStringTokens( map, szPath );
+ if( decrypted_path == NULL )
+ return MS_FAILURE;
+
msAcquireLock( TLOCK_GDAL );
- hDS = GDALOpenShared(szPath, GA_ReadOnly );
+ hDS = GDALOpenShared( decrypted_path, GA_ReadOnly );
/*
** If GDAL doesn't recognise it, and it wasn't successfully opened
@@ -543,16 +555,35 @@
*/
if(hDS == NULL) {
int ignore_missing = msMapIgnoreMissingData(map);
+ const char *cpl_error_msg = CPLGetLastErrorMsg();
+ /* we wish to avoid reporting decrypted paths */
+ if( cpl_error_msg != NULL
+ && strstr(cpl_error_msg,decrypted_path) != NULL
+ && strcmp(decrypted_path,szPath) != 0 )
+ cpl_error_msg = NULL;
+
+ /* we wish to avoid reporting the stock GDALOpen error messages */
+ if( cpl_error_msg != NULL
+ && (strstr(cpl_error_msg,"not recognised as a supported") != NULL
+ || strstr(cpl_error_msg,"does not exist") != NULL) )
+ cpl_error_msg = NULL;
+
+ if( cpl_error_msg == NULL )
+ cpl_error_msg = "";
+
+ msFree( decrypted_path );
+ decrypted_path = NULL;
+
msReleaseLock( TLOCK_GDAL );
if(ignore_missing == MS_MISSING_DATA_FAIL) {
- msSetError(MS_IOERR, "Corrupt, empty or missing file '%s' for layer '%s'", "msDrawRasterLayerLow()", szPath, layer->name);
+ msSetError(MS_IOERR, "Corrupt, empty or missing file '%s' for layer '%s'. %s", "msDrawRasterLayerLow()", szPath, layer->name, cpl_error_msg );
return(MS_FAILURE);
}
else if( ignore_missing == MS_MISSING_DATA_LOG ) {
if( layer->debug || layer->map->debug ) {
- msDebug( "Corrupt, empty or missing file '%s' for layer '%s' ... ignoring this missing data.\n", szPath, layer->name );
+ msDebug( "Corrupt, empty or missing file '%s' for layer '%s' ... ignoring this missing data. %s\n", szPath, layer->name, cpl_error_msg );
}
continue;
}
@@ -566,6 +597,9 @@
}
}
+ msFree( decrypted_path );
+ decrypted_path = NULL;
+
/*
** Generate the projection information if using AUTO.
*/
Modified: trunk/mapserver/maprasterquery.c
===================================================================
--- trunk/mapserver/maprasterquery.c 2010-04-06 23:23:07 UTC (rev 10058)
+++ trunk/mapserver/maprasterquery.c 2010-04-06 23:26:54 UTC (rev 10059)
@@ -775,6 +775,7 @@
for(t=0; t<numtiles && status == MS_SUCCESS; t++) {
GDALDatasetH hDS;
+ char *decrypted_path = NULL;
rlinfo->current_tile = t;
@@ -812,30 +813,50 @@
msTryBuildPath3(szPath, map->mappath, map->shapepath, filename);
}
+ decrypted_path = msDecryptStringTokens( map, szPath );
+ if( !decrypted_path )
+ return MS_FAILURE;
+
msAcquireLock( TLOCK_GDAL );
- hDS = GDALOpen(szPath, GA_ReadOnly );
+ hDS = GDALOpen(decrypted_path, GA_ReadOnly );
if( hDS == NULL )
{
int ignore_missing = msMapIgnoreMissingData( map );
+ const char *cpl_error_msg = CPLGetLastErrorMsg();
+
+ /* we wish to avoid reporting decrypted paths */
+ if( cpl_error_msg != NULL
+ && strstr(cpl_error_msg,decrypted_path) != NULL
+ && strcmp(decrypted_path,szPath) != 0 )
+ cpl_error_msg = NULL;
+ if( cpl_error_msg == NULL )
+ cpl_error_msg = "";
+
+ msFree( decrypted_path );
+ decrypted_path = NULL;
+
msReleaseLock( TLOCK_GDAL );
if ( ignore_missing == MS_MISSING_DATA_FAIL ) {
if( layer->debug || map->debug )
msSetError( MS_IMGERR,
"Unable to open file %s for layer %s ... fatal error.\n%s",
- szPath, layer->name, CPLGetLastErrorMsg(),
+ szPath, layer->name, cpl_error_msg,
"msRasterQueryByRect()" );
return(MS_FAILURE);
}
if( ignore_missing == MS_MISSING_DATA_LOG ) {
if( layer->debug || map->debug )
msDebug( "Unable to open file %s for layer %s ... ignoring this missing data.\n%s",
- filename, layer->name, CPLGetLastErrorMsg() );
+ filename, layer->name, cpl_error_msg );
}
continue;
}
+ msFree( decrypted_path );
+ decrypted_path = NULL;
+
/* -------------------------------------------------------------------- */
/* Update projectionObj if AUTO. */
/* -------------------------------------------------------------------- */
@@ -1382,6 +1403,7 @@
shapefileObj *tileshpfile;
int tilelayerindex = -1;
CPLErr eErr = CE_Failure;
+ char *decrypted_path;
/*
** For the time being we only automatically derive extents from
@@ -1424,9 +1446,16 @@
}
msTryBuildPath3(szPath, map->mappath, map->shapepath, layer->data);
+ decrypted_path = msDecryptStringTokens( map, szPath );
msAcquireLock( TLOCK_GDAL );
- hDS = GDALOpen(szPath, GA_ReadOnly );
+ if( decrypted_path )
+ {
+ hDS = GDALOpen(decrypted_path, GA_ReadOnly );
+ msFree( decrypted_path );
+ }
+ else
+ hDS = NULL;
if( hDS != NULL )
{
Modified: trunk/mapserver/mapwcs.c
===================================================================
--- trunk/mapserver/mapwcs.c 2010-04-06 23:23:07 UTC (rev 10058)
+++ trunk/mapserver/mapwcs.c 2010-04-06 23:26:54 UTC (rev 10059)
@@ -2050,17 +2050,39 @@
GDALDatasetH hDS;
GDALRasterBandH hBand;
char szPath[MS_MAXPATHLEN];
-
+ char *decrypted_path;
+
msGDALInitialize();
msTryBuildPath3(szPath, layer->map->mappath, layer->map->shapepath, layer->data);
+ decrypted_path = msDecryptStringTokens( layer->map, szPath );
+ if( !decrypted_path )
+ return MS_FAILURE;
+
msAcquireLock( TLOCK_GDAL );
- hDS = GDALOpen( szPath, GA_ReadOnly );
+
+ hDS = GDALOpen( decrypted_path, GA_ReadOnly );
if( hDS == NULL ) {
+ const char *cpl_error_msg = CPLGetLastErrorMsg();
+
+ /* we wish to avoid reporting decrypted paths */
+ if( cpl_error_msg != NULL
+ && strstr(cpl_error_msg,decrypted_path) != NULL
+ && strcmp(decrypted_path,szPath) != 0 )
+ cpl_error_msg = NULL;
+
+ if( cpl_error_msg == NULL )
+ cpl_error_msg = "";
+
msReleaseLock( TLOCK_GDAL );
- msSetError( MS_IOERR, "%s", "msWCSGetCoverageMetadata()", CPLGetLastErrorMsg() );
+
+ msSetError( MS_IOERR, "%s", "msWCSGetCoverageMetadata()",
+ cpl_error_msg );
+
+ msFree( decrypted_path );
return MS_FAILURE;
}
+ msFree( decrypted_path );
msGetGDALGeoTransform( hDS, layer->map, layer, cm->geotransform );
More information about the mapserver-commits
mailing list