Home/Support/Support Forum/Advanced Web Server (AWS) CGI security
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Advanced Web Server (AWS) CGI security

0 votes
I still have issues with CGI and with AWS in generale but this is CGI related
I know I have to user naCgiSetAccess and naCgiCheckAccess to limit function access
but I have no idea how to get caller autorization level form inside RpExternalCgi

this is what i'm doing with minimal comments.

void RpExternalCgi(void *theDataPtr, rpCgiPtr theCgiPtr) {

// GET request
// Path is "enpoint"
if (theCgiPtr->fHttpRequest == eRpCgiHttpGet && strncmp(
theCgiPtr->fPathPtr, "/enpoint", 8) == 0) {

// Set authorization.
unsigned int authLevel = // ?????? should be the caller auth level...but how to get it?
naCgiSetAccess(theDataPtr, theCgiPtr, authLevel );

// Security only administrator should be allowed.
rpPasswordState password_state = naCgiCheckAccess(theDataPtr, theCgiPtr, NASYSACC_LEVEL_ADMINISTRATOR);

if (password_state == eRpPasswordNotAuthorized) {...}else{...}

}

}
asked Mar 5, 2018 in NET+OS by gavello New to the Community (16 points)

Please log in or register to answer this question.

1 Answer

0 votes
if someone is interested I'm self answering my question

get caller sys access with:

unsigned naGetSysAccessByUsrAndPsswd(const char * username, const char * password, NAIpAddress_t * ipAddrPtr);
answered Mar 7, 2018 by gavello New to the Community (16 points)
...