- XUSBSE1 ;ISF/JLI,ISD/HGW - MODIFICATIONS FOR BSE ;12/02/14 13:29
- ;;8.0;KERNEL;**404,439,523,595,522,638**;Jul 10, 1995;Build 16
- ;Per VA Directive 6402, this routine should not be modified.
- ;
- SETVISIT(RES) ; .RPC "XUS SET VISITOR"
- ;Returns a BSE TOKEN
- N TOKEN,O,X
- S X=$$ACTIVE^XUSER(DUZ) I $P(X,U)<1 S RES=X Q ;User must be active
- S TOKEN=$$HANDLE^XUSRB4("XUSBSE",1)
- S ^XTMP(TOKEN,1)=$$ENCRYP^XUSRB1($$GET^XUESSO1(DUZ))
- S ^XTMP(TOKEN,3)=+$H ;Set expiration day
- L -^XTMP(TOKEN) ;Lock set in $$HANDLE^XUSRB4
- S RES=TOKEN
- Q
- ;
- GETVISIT(RES,TOKEN) ; .RPC "XUS GET VISITOR"
- ;Returns demographics for user indicated by TOKEN
- ; or "-1^error message" if user is not permitted to visit
- ; input - TOKEN - token value returned by remote site
- ; output - RES - passed by reference, contains user demographics on return
- N O,X
- S RES="",O=0
- I TOKEN="" S X=$$LOGERR("BSE NULL TOKEN") Q ;Shouldn't come in with a null token
- L +^XTMP(TOKEN):10 I '$T Q ; If ^XTMP is purged, token context will be lost
- I ($G(^XTMP(TOKEN,3))-$H) K ^XTMP(TOKEN) Q ;Check expiration time, and if it has passed
- S RES=$G(^XTMP(TOKEN,1)) S:$L(RES) RES=$$DECRYP^XUSRB1(RES)
- L -^XTMP(TOKEN) ;Lock set in $$HANDLE^XUSRB4
- S:'$L(RES) X=$$LOGERR("BSE GET USER ID") ;p595
- Q
- ;
- OLDCAPRI(XWBUSRNM) ; Intrinsic. The old CAPRI code, disable with system parameter XU522.
- ; Return 1 if a valid user, else 0.
- ; ZEXCEPT: DTIME - Kernel exemption
- N XVAL,XOPTION,XVAL522
- S XVAL522=$$GET^XPAR("SYS","XU522",1,"Q") ; p522 system parameter XU522 controls CAPRI login disabling, logging
- D:(XVAL522="E"!(XVAL522="L")) APPERROR^%ZTER("OLDCAPRI LOGIN ATTEMPT") ; p522 record CAPRI login attempt if XU522 = E or L
- Q:(XVAL522'="L")&(XVAL522'="N") 0 ; p522 fully activate BSE unless param XU522 = N or L
- S XVAL=$$PUT^XUESSO1($P(XWBUSRNM,U,3,99)) ; Sign in as Visitor
- I XVAL D
- . S XOPTION=$$FIND1^DIC(19,"","X","DVBA CAPRI GUI")
- . D SETCNTXT(XOPTION) S DTIME=$$DTIME^XUP(DUZ),DUZ(0)="",DUZ("REMAPP")="^Old CAPRI"
- Q $S(XVAL>0:1,1:0)
- ;
- CHKUSER(INPUTSTR) ; Extrinsic. Determines if a BSE sign-on is valid - called from XUSRB
- ; INPUTSTR - input - String of characters from client
- ; return value - 1 if a valid user and application, else 0
- ; ZEXCEPT: DTIME - Kernel exemption
- N X,XUCODE,XUENTRY,XUSTR,XUTOKEN
- I +INPUTSTR=-31,INPUTSTR["DVBA_" Q $$OLDCAPRI(INPUTSTR)
- I +INPUTSTR'=-35 S X=$$LOGERR("BSE LOGIN ERROR") Q 0 ; not a BSE login
- S INPUTSTR=$P(INPUTSTR,U,2,99)
- K ^TMP("XUSBSE1",$J)
- S XUCODE=$$DECRYP^XUSRB1(INPUTSTR)
- S XUCODE=$$EN^XUSHSH($P(XUCODE,U))
- S XUENTRY=$$FIND1^DIC(8994.5,"","X",XUCODE,"ACODE")
- I XUENTRY'>0 S X=$$LOGERR("BSE LOGIN ERROR - REMAPP") Q 0 ; invalid remote application
- S DUZ("REMAPP")=XUENTRY_U_$$GET1^DIQ(8994.5,XUENTRY_",",.01)
- S XUTOKEN=$P($$DECRYP^XUSRB1(INPUTSTR),U,2)
- S XUSTR=$P($$DECRYP^XUSRB1(INPUTSTR),U,3,4)
- S XUENTRY=$$BSEUSER(XUENTRY,XUTOKEN,XUSTR)
- S DTIME=$$DTIME^XUP(DUZ)
- I XUENTRY'>0 S X=$$LOGERR("BSE LOGIN ERROR - USER") Q 0 ; invalid user
- Q XUENTRY
- ;
- BSEUSER(ENTRY,TOKEN,STR) ; Intrinsic. Returns internal entry number for authenticated user
- ; ENTRY - input - internal entry number in REMOTE APPLICATION file
- ; TOKEN - input - token from authenticating site
- ; STR - input - remainder of input string (station #^TCP/IP port for station-based authentication)
- ; returns - IEN for authenticated user, or 0 if not authenticated
- ; ZEXCEPT: XWBSEC - Kernel exemption, contains error message returned to GUI application
- N X,XUIEN,XUCONTXT,XUDEMOG,XCNT,XVAL,ARRAY,XUCACHE,XUCONTXT
- S XUIEN=0,XUDEMOG="",XUCONTXT=0
- ; Check for cached user authentication (p638)
- I $D(^XTMP("XUSBSE1",TOKEN)) D
- . S XUCACHE=$G(^XTMP("XUSBSE1",TOKEN)) ; Retrieve cached values
- . I $P($P(XUCACHE,U,1),".",1)<$$DT^XLFDT() K ^XTMP("XUSBSE1",TOKEN) Q ; Do not use if expired (not from today)
- . I $P(XUCACHE,U,1)=$$HADD^XLFDT($$NOW^XLFDT(),0,0,0,600) K ^XTMP("XUSBSE1",TOKEN) Q ; Do not use if expired (older than 600s)
- . S XUDEMOG=$P(XUCACHE,U,3,99) ; Get demographics of authenticated user
- . I '$$PUT^XUESSO1(XUDEMOG) Q ; Set VISITOR entry, quit if failed
- . S XUIEN=$G(DUZ)
- . S XUCONTXT=$P(XUCACHE,U,2),^XUTL("XQ",$J,"DUZ(BSE)")=XUCONTXT ; Set Context Option
- . S:(XUIEN>0) ^XTMP("XUSBSE1",TOKEN)=$$NOW^XLFDT()_"^"_$G(XUCONTXT)_"^"_XUDEMOG ; Reset cache to keep authentication alive
- I (XUIEN>0)&(XUCONTXT>0) Q XUIEN ; p638 Use cached authentication
- ;
- S XCNT=0 F S XCNT=$O(^XWB(8994.5,ENTRY,1,XCNT)) Q:XCNT'>0 S XVAL=^(XCNT,0) D Q:XUDEMOG'=""
- . ; CODE TO HANDLE CONNECTION TYPE AND CONNECTIONS
- . I $P(XVAL,U)="M" S XUDEMOG=$$M2M($P(XVAL,U,3),$P(XVAL,U,2),TOKEN) D CLOSE^XWBM2MC() Q ; M2M-Broker authentication
- . I $P(XVAL,U)="R" S XUDEMOG=$$XWB($P(XVAL,U,3),$P(XVAL,U,2),TOKEN) Q ; RPC-Broker authentication
- . I $P(XVAL,U)="H" S XUDEMOG=$$POST1^XUSBSE2(.ARRAY,$P(XVAL,U,3),$P(XVAL,U,2),$P(XVAL,U,4),"xVAL="_TOKEN) Q ; HTTP authentication
- . I $P(XVAL,U)="S" S XUDEMOG=$$HOME(TOKEN,XVAL,STR) Q ; Station-number authentication
- . Q
- ; if invalid set XWBSEC so an error is reported in the GUI application
- I +XUDEMOG=-1 S XWBSEC="BSE ERROR - "_$P(XUDEMOG,"^",2)
- I $L(XUDEMOG,"^")>2 D
- . S XUCONTXT=$P($G(^XWB(8994.5,ENTRY,0)),U,2)
- . S XUIEN=$$SETUP(XUDEMOG,XUCONTXT)
- S:(XUIEN'>0) X=$$LOGERR("BSE LOGIN ERROR") ;p595
- S:(XUIEN>0) ^XTMP("XUSBSE1",TOKEN)=$$NOW^XLFDT()_"^"_$G(XUCONTXT)_"^"_XUDEMOG ; p638 Cache user authentication
- Q $S(XUIEN'>0:0,1:XUIEN)
- ;
- XWB(SERVER,PORT,TOKEN) ; Special Broker service
- N DEMOSTR,IO,XWBTDEV,XWBRBUF
- Q $$CALLBSE^XWBTCPM2(SERVER,PORT,TOKEN)
- ;
- M2M(SERVER,PORT,TOKEN) ; M2M Broker
- N DEMOGSTR,XWBCRLFL,RETRNVAL,XUSBSARR
- S DEMOGSTR=""
- N XWBSTAT,XWBPARMS,XWBTDEV,XWBNULL
- S XWBPARMS("ADDRESS")=SERVER,XWBPARMS("PORT")=PORT
- S XWBPARMS("RETRIES")=3 ;Retries 3 times to open
- ;
- I '$$OPEN^XWBRL(.XWBPARMS) Q "NO OPEN"
- S XWBPARMS("URI")="XUS GET VISITOR"
- D CLEARP^XWBM2MEZ
- D SETPARAM^XWBM2MEZ(1,"STRING",TOKEN)
- S XWBPARMS("URI")="XUS GET VISITOR"
- S XWBPARMS("RESULTS")=$NA(^TMP("XUSBSE1",$J))
- S XWBCRLFL=0
- D REQUEST^XWBRPCC(.XWBPARMS)
- I XWBCRLFL S RETRNVAL="XWBCRLFL IS TRUE" G M2MEXIT
- ;
- I '$$EXECUTE^XWBVLC(.XWBPARMS) S RETRNVAL="FAILURE ON EXECUTE" G M2MEXIT ;Run RPC and place raw XML results in ^TMP("XWBM2MVLC"
- D PARSE^XWBRPC(.XWBPARMS,"XUSBSARR") ;Parse out raw XML and place results in ^TMP("XWBM2MRPC"
- S RETRNVAL=$G(XUSBSARR(1))
- M2MEXIT ;
- D CLOSE^XWBM2MEZ
- Q RETRNVAL
- ;
- HOME(TOKEN,RAD,BSE) ; Call home station for token.
- ; input TOKEN - token to identify user to authenticating server
- ; input RAD - Zero node of application data from REMOTE APPLICATION file (#8994.5)
- ; input BSE - Station #^TCP/IP port
- ; returns - string of demographic characteristics or "-1^error message"
- N X,XUESSO,PORT,STN,IP,STNIEN,XUCACHE,STNPRNT
- D:$G(XWBDEBUG) LOG^XWBDLOG("ENTERED HOME BSE: "_BSE) ; DEBUG
- Q:$P(RAD,U,2)'=-1 "" ;Not setup right
- ;Set Station #, port from passed in data
- S STN=$P(BSE,U),PORT=$P(BSE,U,2),XUESSO=""
- ; Check if STN is a valid station number in the INSTITUTION file (security check)
- S STNIEN=$$LKUP^XUAF4(STN) I STNIEN=0 S XUESSO="-1^"_STN_" WAS NOT FOUND IN FILE 4" Q XUESSO
- ; Check if STN is an active facility (security check)
- I '$$ACTIVE^XUAF4(STNIEN) S XUESSO="-1^"_STN_" IS NOT AN ACTIVE VA FACILITY" Q XUESSO
- S IP=""
- ; Look for a valid cached DNS address (less than 1800 seconds old)
- S STNPRNT=$P($$PRNT^XUAF4(STN),U,2) S:'+STNPRNT STNPRNT=STN ; Convert subdivision to parent station
- S XUCACHE=$G(^XTMP("XUSBSE1",STNPRNT))
- I ($D(XUCACHE))&($$HDIFF^XLFDT($H,$P(XUCACHE,U,2),2)<1800) S IP=$P(XUCACHE,U,1)
- I '$L(IP) S IP=$$IPFLOC(STNPRNT) ; Get the IP address from HL LOGICAL LINK file (#870)
- I '$L(IP) S IP=$$SITESVC(STNPRNT) ; Get the IP address from VASITESERVICE
- I '$L(IP) S XUESSO="-1^ADDRESS FOR STN "_STN_" NOT FOUND"
- D:$G(XWBDEBUG) LOG^XWBDLOG("HOME BSE IP: "_IP_" PORT:"_PORT)
- I $L(IP) S XUESSO=$$CALLBSE^XWBTCPM2(IP,PORT,TOKEN,STN)
- D:$G(XWBDEBUG) LOG^XWBDLOG("LEAVING HOME XUESSO: "_XUESSO)
- I XUESSO="Didn't open connection." S XUESSO="-1^COULD NOT CONNECT TO STN "_STN_" USING PORT "_PORT
- I XUESSO="No Response" S XUESSO="-1^BSE TOKEN EXPIRED"
- Q XUESSO
- ;
- IPFLOC(STN) ;Get the address from the station number from HL LOGICAL LINK file (#870)
- ; input STN - station number
- ; returns - IP address or null
- N XUSBSE,I,RET,ADD,IP,STNPRNT
- S STNPRNT=$P($$PRNT^XUAF4(STN),U,2) S:'+STNPRNT STNPRNT=STN ; Convert subdivision to parent station
- ; Look for station number in HL LOGICAL LINK file (#870)
- D FIND^DIC(870,,".03;.08","X",STNPRNT,,"C",,,"XUSBSE") ; IA# 5449 "C" index lookup
- Q:+$G(XUSBSE("DILIST",0))=0 ""
- S I=0,ADD="",IP=""
- F S I=$O(XUSBSE("DILIST","ID",I)) Q:'I D Q:IP
- . ;HL LOGICAL LINK file (#870) DNS DOMAIN field (#.08)
- . S ADD=XUSBSE("DILIST","ID",I,.08) I $L(ADD) D Q:IP'=""
- . . I $$VALIDATE^XLFIPV(ADD) S IP=ADD Q ;ICR #5844
- . . S IP=$$ADDRESS^XLFNSLK(ADD) S:IP="" IP=$$ADDRESS^XLFNSLK(ADD,"A") ; Make 2 attempts to get IP, force IPv4 on second attempt
- . . Q
- . ;HL LOGICAL LINK file (#870) MAILMAIN DOMAIN field (#.03)
- . S ADD=XUSBSE("DILIST","ID",I,.03) I $L(ADD) D Q:IP'=""
- . . I $$VALIDATE^XLFIPV(ADD) S IP=ADD Q ;ICR #5844
- . . S IP=$$ADDRESS^XLFNSLK("VISTA."_ADD) S:IP="" IP=$$ADDRESS^XLFNSLK("VISTA."_ADD,"A") ; Make 2 attempts to get IP, force IPv4 on second attempt
- . . Q
- I $L(IP) S ^XTMP("XUSBSE1",STNPRNT)=IP_"^"_$H ; Cache the IP address
- Q IP
- ;
- SITESVC(STN) ;Get IP from the stn# from VISTASITESERVICE
- ; input STN - station number
- ; returns - IP address or null
- N DNSADD,IP,STNPRNT
- S IP=""
- S STNPRNT=$P($$PRNT^XUAF4(STN),U,2) S:'+STNPRNT STNPRNT=STN ; Convert subdivision to parent station
- S DNSADD=$$WEBADDRS(STNPRNT)
- I $L(DNSADD) S IP=$$ADDRESS^XLFNSLK(DNSADD) S:IP="" IP=$$ADDRESS^XLFNSLK(DNSADD,"A") ; Make 2 attempts to get IP, force IPv4 on second attempt
- I $L(IP) S ^XTMP("XUSBSE1",STNPRNT)=IP_"^"_$H ; Cache the IP address
- Q IP
- ;
- WEBADDRS(STNNUM) ;
- N IP,URL,XUSBSE,RESULTS,I,X,POP
- D FIND^DIC(2005.2,,"1","MO","VISTASITESERVICE",,,,,"XUSBSE")
- S URL=$G(XUSBSE("DILIST","ID",1,1))
- D EN1^XUSBSE2(URL_"/getSite?siteID="_STNNUM,.RESULTS)
- S X="" F I=1:1 Q:'$D(RESULTS(I)) I RESULTS(I)["hostname>" S X=$P($P(RESULTS(I),"<hostname>",2),"</hostname>") Q
- Q X
- ;
- SETUP(XUDEMOG,XUCONTXT) ; Setup user as visitor, add context option
- ; input XUDEMOG - string of demographic characteristics
- ; input XUCONTXT - context option to be given to user
- ; return value = internal entry number for user, or 0
- I '$$PUT^XUESSO1(XUDEMOG) Q 0
- I $G(DUZ)'>0 Q 0
- D SETCNTXT(XUCONTXT)
- Q DUZ
- ;
- SETCNTXT(XOPT) ;
- N OPT,XUCONTXT,X
- S XUCONTXT="`"_XOPT
- I $$FIND1^DIC(19,"","X",XUCONTXT)'>0 S X=$$LOGERR("BSE LOGIN ERROR - CONTEXT") Q ;Context option not in option file
- ;Have to use $D because of screen in 200.03 keeps FIND1^DIC from working.
- I '$D(^VA(200,DUZ,203,"B",XOPT)) D
- . ; Have to give the user a delegated option
- . N XARR S XARR(200.19,"+1,"_DUZ_",",.01)=XUCONTXT
- . D UPDATE^DIE("E","XARR")
- . ; And now she can give himself the context option
- . K XARR S XARR(200.03,"+1,"_DUZ_",",.01)=XUCONTXT
- . D UPDATE^DIE("E","XARR") ; Give context option as a secondary menu item
- . S ^XUTL("XQ",$J,"DUZ(BSE)")=XUCONTXT
- . ; But now we have to remove the delegated option
- . S OPT=$$FIND1^DIC(200.19,","_DUZ_",","X",XUCONTXT)
- . I OPT>0 D
- . . K XARR S XARR(200.19,(OPT_","_DUZ_","),.01)="@"
- . . D FILE^DIE("E","XARR")
- . . Q
- . Q
- Q
- ;
- STNTEST ; tests station#-to-IP conversion (IPFLOC,WEBADDRS) used by HOME station#-based callback
- N XUSLSTI,XUSLSTV,XUSSTN,XUSIP1,XUSIP2,XUSBSE
- W !,"Broker Security Enhancement (BSE) Station Number-to-IP conversion test (for BSE"
- W !,"callbacks to home system). Note: It is not necessarily wrong if results differ"
- W !,"or are blank. 2 methods' results are listed: HL LOGICAL LINK/VISTASITESERVICE"
- ;
- D FIND^DIC(2005.2,,"1","MO","VISTASITESERVICE",,,,,"XUSBSE")
- W !!," local VISTASITESERVICE server:",!," ",$G(XUSBSE("DILIST","ID",1,1)),"",!
- K ^TMP($J,"XUSBSE1")
- DO LIST^DIC(4,,"@;.01;11;99;101","IP",,,,"D",,,$NA(^TMP($J,"XUSBSE1")))
- S XUSLSTI=0 F S XUSLSTI=$O(^TMP($J,"XUSBSE1","DILIST",XUSLSTI)) Q:'+XUSLSTI D
- . S XUSLSTV=^TMP($J,"XUSBSE1","DILIST",XUSLSTI,0)
- . Q:+$P(XUSLSTV,U,5)
- . S XUSSTN=$P(XUSLSTV,U,4) Q:'$$TF^XUAF4(XUSSTN)
- . S XUSIP1=$$IPFLOC(XUSSTN),XUSIP2=$$SITESVC(XUSSTN)
- . I $L(XUSIP1)!$L(XUSIP2) D
- . . W !,XUSSTN,?8,"(",$P(XUSLSTV,U,2),"): " W $S($L(XUSIP1):XUSIP1,1:"blank"),"/",$S($L(XUSIP2):XUSIP2,1:"blank")
- . . I $L(XUSIP1),$L(XUSIP2),(XUSIP1'=XUSIP2) W " ***DIFFERENT***"
- K ^TMP($J,"XUSBSE1")
- Q
- LOGERR(XUSETXT) ; log an error in error trap for failed login attempts ; p595
- ; XUSETXT is the error subject line $ZE
- ; The function returns 0 if the error was screened, and 1 if an error was trapped
- N XUSAPP
- ; ZEXCEPT: XWBSEC - Kernel exemption
- ; ZEXCEPT: XUDEMOG - Kernel exemption
- S XUSAPP=$P($G(DUZ("REMAPP")),U,2)
- I $P($G(XUDEMOG),U,2)="BSE TOKEN EXPIRED" Q 0 ; screen out "TOKEN EXPIRED" errors
- I $G(XWBSEC)="BSE ERROR - BSE TOKEN EXPIRED" Q 0 ; screen out "TOKEN EXPIRED" errors
- I XUSAPP'="" S XUSETXT=XUSETXT_" ("_XUSAPP_")"
- D APPERROR^%ZTER($E(XUSETXT,1,32))
- Q 1
- XUSBSE1 ;ISF/JLI,ISD/HGW - MODIFICATIONS FOR BSE ;12/02/14 13:29
- +1 ;;8.0;KERNEL;**404,439,523,595,522,638**;Jul 10, 1995;Build 16
- +2 ;Per VA Directive 6402, this routine should not be modified.
- +3 ;
- SETVISIT(RES) ; .RPC "XUS SET VISITOR"
- +1 ;Returns a BSE TOKEN
- +2 NEW TOKEN,O,X
- +3 ;User must be active
- SET X=$$ACTIVE^XUSER(DUZ)
- IF $PIECE(X,U)<1
- SET RES=X
- QUIT
- +4 SET TOKEN=$$HANDLE^XUSRB4("XUSBSE",1)
- +5 SET ^XTMP(TOKEN,1)=$$ENCRYP^XUSRB1($$GET^XUESSO1(DUZ))
- +6 ;Set expiration day
- SET ^XTMP(TOKEN,3)=+$HOROLOG
- +7 ;Lock set in $$HANDLE^XUSRB4
- LOCK -^XTMP(TOKEN)
- +8 SET RES=TOKEN
- +9 QUIT
- +10 ;
- GETVISIT(RES,TOKEN) ; .RPC "XUS GET VISITOR"
- +1 ;Returns demographics for user indicated by TOKEN
- +2 ; or "-1^error message" if user is not permitted to visit
- +3 ; input - TOKEN - token value returned by remote site
- +4 ; output - RES - passed by reference, contains user demographics on return
- +5 NEW O,X
- +6 SET RES=""
- SET O=0
- +7 ;Shouldn't come in with a null token
- IF TOKEN=""
- SET X=$$LOGERR("BSE NULL TOKEN")
- QUIT
- +8 ; If ^XTMP is purged, token context will be lost
- LOCK +^XTMP(TOKEN):10
- IF '$TEST
- QUIT
- +9 ;Check expiration time, and if it has passed
- IF ($GET(^XTMP(TOKEN,3))-$HOROLOG)
- KILL ^XTMP(TOKEN)
- QUIT
- +10 SET RES=$GET(^XTMP(TOKEN,1))
- IF $LENGTH(RES)
- SET RES=$$DECRYP^XUSRB1(RES)
- +11 ;Lock set in $$HANDLE^XUSRB4
- LOCK -^XTMP(TOKEN)
- +12 ;p595
- IF '$LENGTH(RES)
- SET X=$$LOGERR("BSE GET USER ID")
- +13 QUIT
- +14 ;
- OLDCAPRI(XWBUSRNM) ; Intrinsic. The old CAPRI code, disable with system parameter XU522.
- +1 ; Return 1 if a valid user, else 0.
- +2 ; ZEXCEPT: DTIME - Kernel exemption
- +3 NEW XVAL,XOPTION,XVAL522
- +4 ; p522 system parameter XU522 controls CAPRI login disabling, logging
- SET XVAL522=$$GET^XPAR("SYS","XU522",1,"Q")
- +5 ; p522 record CAPRI login attempt if XU522 = E or L
- IF (XVAL522="E"!(XVAL522="L"))
- DO APPERROR^%ZTER("OLDCAPRI LOGIN ATTEMPT")
- +6 ; p522 fully activate BSE unless param XU522 = N or L
- IF (XVAL522'="L")&(XVAL522'="N")
- QUIT 0
- +7 ; Sign in as Visitor
- SET XVAL=$$PUT^XUESSO1($PIECE(XWBUSRNM,U,3,99))
- +8 IF XVAL
- Begin DoDot:1
- +9 SET XOPTION=$$FIND1^DIC(19,"","X","DVBA CAPRI GUI")
- +10 DO SETCNTXT(XOPTION)
- SET DTIME=$$DTIME^XUP(DUZ)
- SET DUZ(0)=""
- SET DUZ("REMAPP")="^Old CAPRI"
- End DoDot:1
- +11 QUIT $SELECT(XVAL>0:1,1:0)
- +12 ;
- CHKUSER(INPUTSTR) ; Extrinsic. Determines if a BSE sign-on is valid - called from XUSRB
- +1 ; INPUTSTR - input - String of characters from client
- +2 ; return value - 1 if a valid user and application, else 0
- +3 ; ZEXCEPT: DTIME - Kernel exemption
- +4 NEW X,XUCODE,XUENTRY,XUSTR,XUTOKEN
- +5 IF +INPUTSTR=-31
- IF INPUTSTR["DVBA_"
- QUIT $$OLDCAPRI(INPUTSTR)
- +6 ; not a BSE login
- IF +INPUTSTR'=-35
- SET X=$$LOGERR("BSE LOGIN ERROR")
- QUIT 0
- +7 SET INPUTSTR=$PIECE(INPUTSTR,U,2,99)
- +8 KILL ^TMP("XUSBSE1",$JOB)
- +9 SET XUCODE=$$DECRYP^XUSRB1(INPUTSTR)
- +10 SET XUCODE=$$EN^XUSHSH($PIECE(XUCODE,U))
- +11 SET XUENTRY=$$FIND1^DIC(8994.5,"","X",XUCODE,"ACODE")
- +12 ; invalid remote application
- IF XUENTRY'>0
- SET X=$$LOGERR("BSE LOGIN ERROR - REMAPP")
- QUIT 0
- +13 SET DUZ("REMAPP")=XUENTRY_U_$$GET1^DIQ(8994.5,XUENTRY_",",.01)
- +14 SET XUTOKEN=$PIECE($$DECRYP^XUSRB1(INPUTSTR),U,2)
- +15 SET XUSTR=$PIECE($$DECRYP^XUSRB1(INPUTSTR),U,3,4)
- +16 SET XUENTRY=$$BSEUSER(XUENTRY,XUTOKEN,XUSTR)
- +17 SET DTIME=$$DTIME^XUP(DUZ)
- +18 ; invalid user
- IF XUENTRY'>0
- SET X=$$LOGERR("BSE LOGIN ERROR - USER")
- QUIT 0
- +19 QUIT XUENTRY
- +20 ;
- BSEUSER(ENTRY,TOKEN,STR) ; Intrinsic. Returns internal entry number for authenticated user
- +1 ; ENTRY - input - internal entry number in REMOTE APPLICATION file
- +2 ; TOKEN - input - token from authenticating site
- +3 ; STR - input - remainder of input string (station #^TCP/IP port for station-based authentication)
- +4 ; returns - IEN for authenticated user, or 0 if not authenticated
- +5 ; ZEXCEPT: XWBSEC - Kernel exemption, contains error message returned to GUI application
- +6 NEW X,XUIEN,XUCONTXT,XUDEMOG,XCNT,XVAL,ARRAY,XUCACHE,XUCONTXT
- +7 SET XUIEN=0
- SET XUDEMOG=""
- SET XUCONTXT=0
- +8 ; Check for cached user authentication (p638)
- +9 IF $DATA(^XTMP("XUSBSE1",TOKEN))
- Begin DoDot:1
- +10 ; Retrieve cached values
- SET XUCACHE=$GET(^XTMP("XUSBSE1",TOKEN))
- +11 ; Do not use if expired (not from today)
- IF $PIECE($PIECE(XUCACHE,U,1),".",1)<$$DT^XLFDT()
- KILL ^XTMP("XUSBSE1",TOKEN)
- QUIT
- +12 ; Do not use if expired (older than 600s)
- IF $PIECE(XUCACHE,U,1)=$$HADD^XLFDT($$NOW^XLFDT(),0,0,0,600)
- KILL ^XTMP("XUSBSE1",TOKEN)
- QUIT
- +13 ; Get demographics of authenticated user
- SET XUDEMOG=$PIECE(XUCACHE,U,3,99)
- +14 ; Set VISITOR entry, quit if failed
- IF '$$PUT^XUESSO1(XUDEMOG)
- QUIT
- +15 SET XUIEN=$GET(DUZ)
- +16 ; Set Context Option
- SET XUCONTXT=$PIECE(XUCACHE,U,2)
- SET ^XUTL("XQ",$JOB,"DUZ(BSE)")=XUCONTXT
- +17 ; Reset cache to keep authentication alive
- IF (XUIEN>0)
- SET ^XTMP("XUSBSE1",TOKEN)=$$NOW^XLFDT()_"^"_$GET(XUCONTXT)_"^"_XUDEMOG
- End DoDot:1
- +18 ; p638 Use cached authentication
- IF (XUIEN>0)&(XUCONTXT>0)
- QUIT XUIEN
- +19 ;
- +20 SET XCNT=0
- FOR
- SET XCNT=$ORDER(^XWB(8994.5,ENTRY,1,XCNT))
- IF XCNT'>0
- QUIT
- SET XVAL=^(XCNT,0)
- Begin DoDot:1
- +21 ; CODE TO HANDLE CONNECTION TYPE AND CONNECTIONS
- +22 ; M2M-Broker authentication
- IF $PIECE(XVAL,U)="M"
- SET XUDEMOG=$$M2M($PIECE(XVAL,U,3),$PIECE(XVAL,U,2),TOKEN)
- DO CLOSE^XWBM2MC()
- QUIT
- +23 ; RPC-Broker authentication
- IF $PIECE(XVAL,U)="R"
- SET XUDEMOG=$$XWB($PIECE(XVAL,U,3),$PIECE(XVAL,U,2),TOKEN)
- QUIT
- +24 ; HTTP authentication
- IF $PIECE(XVAL,U)="H"
- SET XUDEMOG=$$POST1^XUSBSE2(.ARRAY,$PIECE(XVAL,U,3),$PIECE(XVAL,U,2),$PIECE(XVAL,U,4),"xVAL="_TOKEN)
- QUIT
- +25 ; Station-number authentication
- IF $PIECE(XVAL,U)="S"
- SET XUDEMOG=$$HOME(TOKEN,XVAL,STR)
- QUIT
- +26 QUIT
- End DoDot:1
- IF XUDEMOG'=""
- QUIT
- +27 ; if invalid set XWBSEC so an error is reported in the GUI application
- +28 IF +XUDEMOG=-1
- SET XWBSEC="BSE ERROR - "_$PIECE(XUDEMOG,"^",2)
- +29 IF $LENGTH(XUDEMOG,"^")>2
- Begin DoDot:1
- +30 SET XUCONTXT=$PIECE($GET(^XWB(8994.5,ENTRY,0)),U,2)
- +31 SET XUIEN=$$SETUP(XUDEMOG,XUCONTXT)
- End DoDot:1
- +32 ;p595
- IF (XUIEN'>0)
- SET X=$$LOGERR("BSE LOGIN ERROR")
- +33 ; p638 Cache user authentication
- IF (XUIEN>0)
- SET ^XTMP("XUSBSE1",TOKEN)=$$NOW^XLFDT()_"^"_$GET(XUCONTXT)_"^"_XUDEMOG
- +34 QUIT $SELECT(XUIEN'>0:0,1:XUIEN)
- +35 ;
- XWB(SERVER,PORT,TOKEN) ; Special Broker service
- +1 NEW DEMOSTR,IO,XWBTDEV,XWBRBUF
- +2 QUIT $$CALLBSE^XWBTCPM2(SERVER,PORT,TOKEN)
- +3 ;
- M2M(SERVER,PORT,TOKEN) ; M2M Broker
- +1 NEW DEMOGSTR,XWBCRLFL,RETRNVAL,XUSBSARR
- +2 SET DEMOGSTR=""
- +3 NEW XWBSTAT,XWBPARMS,XWBTDEV,XWBNULL
- +4 SET XWBPARMS("ADDRESS")=SERVER
- SET XWBPARMS("PORT")=PORT
- +5 ;Retries 3 times to open
- SET XWBPARMS("RETRIES")=3
- +6 ;
- +7 IF '$$OPEN^XWBRL(.XWBPARMS)
- QUIT "NO OPEN"
- +8 SET XWBPARMS("URI")="XUS GET VISITOR"
- +9 DO CLEARP^XWBM2MEZ
- +10 DO SETPARAM^XWBM2MEZ(1,"STRING",TOKEN)
- +11 SET XWBPARMS("URI")="XUS GET VISITOR"
- +12 SET XWBPARMS("RESULTS")=$NAME(^TMP("XUSBSE1",$JOB))
- +13 SET XWBCRLFL=0
- +14 DO REQUEST^XWBRPCC(.XWBPARMS)
- +15 IF XWBCRLFL
- SET RETRNVAL="XWBCRLFL IS TRUE"
- GOTO M2MEXIT
- +16 ;
- +17 ;Run RPC and place raw XML results in ^TMP("XWBM2MVLC"
- IF '$$EXECUTE^XWBVLC(.XWBPARMS)
- SET RETRNVAL="FAILURE ON EXECUTE"
- GOTO M2MEXIT
- +18 ;Parse out raw XML and place results in ^TMP("XWBM2MRPC"
- DO PARSE^XWBRPC(.XWBPARMS,"XUSBSARR")
- +19 SET RETRNVAL=$GET(XUSBSARR(1))
- M2MEXIT ;
- +1 DO CLOSE^XWBM2MEZ
- +2 QUIT RETRNVAL
- +3 ;
- HOME(TOKEN,RAD,BSE) ; Call home station for token.
- +1 ; input TOKEN - token to identify user to authenticating server
- +2 ; input RAD - Zero node of application data from REMOTE APPLICATION file (#8994.5)
- +3 ; input BSE - Station #^TCP/IP port
- +4 ; returns - string of demographic characteristics or "-1^error message"
- +5 NEW X,XUESSO,PORT,STN,IP,STNIEN,XUCACHE,STNPRNT
- +6 ; DEBUG
- IF $GET(XWBDEBUG)
- DO LOG^XWBDLOG("ENTERED HOME BSE: "_BSE)
- +7 ;Not setup right
- IF $PIECE(RAD,U,2)'=-1
- QUIT ""
- +8 ;Set Station #, port from passed in data
- +9 SET STN=$PIECE(BSE,U)
- SET PORT=$PIECE(BSE,U,2)
- SET XUESSO=""
- +10 ; Check if STN is a valid station number in the INSTITUTION file (security check)
- +11 SET STNIEN=$$LKUP^XUAF4(STN)
- IF STNIEN=0
- SET XUESSO="-1^"_STN_" WAS NOT FOUND IN FILE 4"
- QUIT XUESSO
- +12 ; Check if STN is an active facility (security check)
- +13 IF '$$ACTIVE^XUAF4(STNIEN)
- SET XUESSO="-1^"_STN_" IS NOT AN ACTIVE VA FACILITY"
- QUIT XUESSO
- +14 SET IP=""
- +15 ; Look for a valid cached DNS address (less than 1800 seconds old)
- +16 ; Convert subdivision to parent station
- SET STNPRNT=$PIECE($$PRNT^XUAF4(STN),U,2)
- IF '+STNPRNT
- SET STNPRNT=STN
- +17 SET XUCACHE=$GET(^XTMP("XUSBSE1",STNPRNT))
- +18 IF ($DATA(XUCACHE))&($$HDIFF^XLFDT($HOROLOG,$PIECE(XUCACHE,U,2),2)<1800)
- SET IP=$PIECE(XUCACHE,U,1)
- +19 ; Get the IP address from HL LOGICAL LINK file (#870)
- IF '$LENGTH(IP)
- SET IP=$$IPFLOC(STNPRNT)
- +20 ; Get the IP address from VASITESERVICE
- IF '$LENGTH(IP)
- SET IP=$$SITESVC(STNPRNT)
- +21 IF '$LENGTH(IP)
- SET XUESSO="-1^ADDRESS FOR STN "_STN_" NOT FOUND"
- +22 IF $GET(XWBDEBUG)
- DO LOG^XWBDLOG("HOME BSE IP: "_IP_" PORT:"_PORT)
- +23 IF $LENGTH(IP)
- SET XUESSO=$$CALLBSE^XWBTCPM2(IP,PORT,TOKEN,STN)
- +24 IF $GET(XWBDEBUG)
- DO LOG^XWBDLOG("LEAVING HOME XUESSO: "_XUESSO)
- +25 IF XUESSO="Didn't open connection."
- SET XUESSO="-1^COULD NOT CONNECT TO STN "_STN_" USING PORT "_PORT
- +26 IF XUESSO="No Response"
- SET XUESSO="-1^BSE TOKEN EXPIRED"
- +27 QUIT XUESSO
- +28 ;
- IPFLOC(STN) ;Get the address from the station number from HL LOGICAL LINK file (#870)
- +1 ; input STN - station number
- +2 ; returns - IP address or null
- +3 NEW XUSBSE,I,RET,ADD,IP,STNPRNT
- +4 ; Convert subdivision to parent station
- SET STNPRNT=$PIECE($$PRNT^XUAF4(STN),U,2)
- IF '+STNPRNT
- SET STNPRNT=STN
- +5 ; Look for station number in HL LOGICAL LINK file (#870)
- +6 ; IA# 5449 "C" index lookup
- DO FIND^DIC(870,,".03;.08","X",STNPRNT,,"C",,,"XUSBSE")
- +7 IF +$GET(XUSBSE("DILIST",0))=0
- QUIT ""
- +8 SET I=0
- SET ADD=""
- SET IP=""
- +9 FOR
- SET I=$ORDER(XUSBSE("DILIST","ID",I))
- IF 'I
- QUIT
- Begin DoDot:1
- +10 ;HL LOGICAL LINK file (#870) DNS DOMAIN field (#.08)
- +11 SET ADD=XUSBSE("DILIST","ID",I,.08)
- IF $LENGTH(ADD)
- Begin DoDot:2
- +12 ;ICR #5844
- IF $$VALIDATE^XLFIPV(ADD)
- SET IP=ADD
- QUIT
- +13 ; Make 2 attempts to get IP, force IPv4 on second attempt
- SET IP=$$ADDRESS^XLFNSLK(ADD)
- IF IP=""
- SET IP=$$ADDRESS^XLFNSLK(ADD,"A")
- +14 QUIT
- End DoDot:2
- IF IP'=""
- QUIT
- +15 ;HL LOGICAL LINK file (#870) MAILMAIN DOMAIN field (#.03)
- +16 SET ADD=XUSBSE("DILIST","ID",I,.03)
- IF $LENGTH(ADD)
- Begin DoDot:2
- +17 ;ICR #5844
- IF $$VALIDATE^XLFIPV(ADD)
- SET IP=ADD
- QUIT
- +18 ; Make 2 attempts to get IP, force IPv4 on second attempt
- SET IP=$$ADDRESS^XLFNSLK("VISTA."_ADD)
- IF IP=""
- SET IP=$$ADDRESS^XLFNSLK("VISTA."_ADD,"A")
- +19 QUIT
- End DoDot:2
- IF IP'=""
- QUIT
- End DoDot:1
- IF IP
- QUIT
- +20 ; Cache the IP address
- IF $LENGTH(IP)
- SET ^XTMP("XUSBSE1",STNPRNT)=IP_"^"_$HOROLOG
- +21 QUIT IP
- +22 ;
- SITESVC(STN) ;Get IP from the stn# from VISTASITESERVICE
- +1 ; input STN - station number
- +2 ; returns - IP address or null
- +3 NEW DNSADD,IP,STNPRNT
- +4 SET IP=""
- +5 ; Convert subdivision to parent station
- SET STNPRNT=$PIECE($$PRNT^XUAF4(STN),U,2)
- IF '+STNPRNT
- SET STNPRNT=STN
- +6 SET DNSADD=$$WEBADDRS(STNPRNT)
- +7 ; Make 2 attempts to get IP, force IPv4 on second attempt
- IF $LENGTH(DNSADD)
- SET IP=$$ADDRESS^XLFNSLK(DNSADD)
- IF IP=""
- SET IP=$$ADDRESS^XLFNSLK(DNSADD,"A")
- +8 ; Cache the IP address
- IF $LENGTH(IP)
- SET ^XTMP("XUSBSE1",STNPRNT)=IP_"^"_$HOROLOG
- +9 QUIT IP
- +10 ;
- WEBADDRS(STNNUM) ;
- +1 NEW IP,URL,XUSBSE,RESULTS,I,X,POP
- +2 DO FIND^DIC(2005.2,,"1","MO","VISTASITESERVICE",,,,,"XUSBSE")
- +3 SET URL=$GET(XUSBSE("DILIST","ID",1,1))
- +4 DO EN1^XUSBSE2(URL_"/getSite?siteID="_STNNUM,.RESULTS)
- +5 SET X=""
- FOR I=1:1
- IF '$DATA(RESULTS(I))
- QUIT
- IF RESULTS(I)["hostname>"
- SET X=$PIECE($PIECE(RESULTS(I),"<hostname>",2),"</hostname>")
- QUIT
- +6 QUIT X
- +7 ;
- SETUP(XUDEMOG,XUCONTXT) ; Setup user as visitor, add context option
- +1 ; input XUDEMOG - string of demographic characteristics
- +2 ; input XUCONTXT - context option to be given to user
- +3 ; return value = internal entry number for user, or 0
- +4 IF '$$PUT^XUESSO1(XUDEMOG)
- QUIT 0
- +5 IF $GET(DUZ)'>0
- QUIT 0
- +6 DO SETCNTXT(XUCONTXT)
- +7 QUIT DUZ
- +8 ;
- SETCNTXT(XOPT) ;
- +1 NEW OPT,XUCONTXT,X
- +2 SET XUCONTXT="`"_XOPT
- +3 ;Context option not in option file
- IF $$FIND1^DIC(19,"","X",XUCONTXT)'>0
- SET X=$$LOGERR("BSE LOGIN ERROR - CONTEXT")
- QUIT
- +4 ;Have to use $D because of screen in 200.03 keeps FIND1^DIC from working.
- +5 IF '$DATA(^VA(200,DUZ,203,"B",XOPT))
- Begin DoDot:1
- +6 ; Have to give the user a delegated option
- +7 NEW XARR
- SET XARR(200.19,"+1,"_DUZ_",",.01)=XUCONTXT
- +8 DO UPDATE^DIE("E","XARR")
- +9 ; And now she can give himself the context option
- +10 KILL XARR
- SET XARR(200.03,"+1,"_DUZ_",",.01)=XUCONTXT
- +11 ; Give context option as a secondary menu item
- DO UPDATE^DIE("E","XARR")
- +12 SET ^XUTL("XQ",$JOB,"DUZ(BSE)")=XUCONTXT
- +13 ; But now we have to remove the delegated option
- +14 SET OPT=$$FIND1^DIC(200.19,","_DUZ_",","X",XUCONTXT)
- +15 IF OPT>0
- Begin DoDot:2
- +16 KILL XARR
- SET XARR(200.19,(OPT_","_DUZ_","),.01)="@"
- +17 DO FILE^DIE("E","XARR")
- +18 QUIT
- End DoDot:2
- +19 QUIT
- End DoDot:1
- +20 QUIT
- +21 ;
- STNTEST ; tests station#-to-IP conversion (IPFLOC,WEBADDRS) used by HOME station#-based callback
- +1 NEW XUSLSTI,XUSLSTV,XUSSTN,XUSIP1,XUSIP2,XUSBSE
- +2 WRITE !,"Broker Security Enhancement (BSE) Station Number-to-IP conversion test (for BSE"
- +3 WRITE !,"callbacks to home system). Note: It is not necessarily wrong if results differ"
- +4 WRITE !,"or are blank. 2 methods' results are listed: HL LOGICAL LINK/VISTASITESERVICE"
- +5 ;
- +6 DO FIND^DIC(2005.2,,"1","MO","VISTASITESERVICE",,,,,"XUSBSE")
- +7 WRITE !!," local VISTASITESERVICE server:",!," ",$GET(XUSBSE("DILIST","ID",1,1)),"",!
- +8 KILL ^TMP($JOB,"XUSBSE1")
- +9 DO LIST^DIC(4,,"@;.01;11;99;101","IP",,,,"D",,,$NAME(^TMP($JOB,"XUSBSE1")))
- +10 SET XUSLSTI=0
- FOR
- SET XUSLSTI=$ORDER(^TMP($JOB,"XUSBSE1","DILIST",XUSLSTI))
- IF '+XUSLSTI
- QUIT
- Begin DoDot:1
- +11 SET XUSLSTV=^TMP($JOB,"XUSBSE1","DILIST",XUSLSTI,0)
- +12 IF +$PIECE(XUSLSTV,U,5)
- QUIT
- +13 SET XUSSTN=$PIECE(XUSLSTV,U,4)
- IF '$$TF^XUAF4(XUSSTN)
- QUIT
- +14 SET XUSIP1=$$IPFLOC(XUSSTN)
- SET XUSIP2=$$SITESVC(XUSSTN)
- +15 IF $LENGTH(XUSIP1)!$LENGTH(XUSIP2)
- Begin DoDot:2
- +16 WRITE !,XUSSTN,?8,"(",$PIECE(XUSLSTV,U,2),"): "
- WRITE $SELECT($LENGTH(XUSIP1):XUSIP1,1:"blank"),"/",$SELECT($LENGTH(XUSIP2):XUSIP2,1:"blank")
- +17 IF $LENGTH(XUSIP1)
- IF $LENGTH(XUSIP2)
- IF (XUSIP1'=XUSIP2)
- WRITE " ***DIFFERENT***"
- End DoDot:2
- End DoDot:1
- +18 KILL ^TMP($JOB,"XUSBSE1")
- +19 QUIT
- LOGERR(XUSETXT) ; log an error in error trap for failed login attempts ; p595
- +1 ; XUSETXT is the error subject line $ZE
- +2 ; The function returns 0 if the error was screened, and 1 if an error was trapped
- +3 NEW XUSAPP
- +4 ; ZEXCEPT: XWBSEC - Kernel exemption
- +5 ; ZEXCEPT: XUDEMOG - Kernel exemption
- +6 SET XUSAPP=$PIECE($GET(DUZ("REMAPP")),U,2)
- +7 ; screen out "TOKEN EXPIRED" errors
- IF $PIECE($GET(XUDEMOG),U,2)="BSE TOKEN EXPIRED"
- QUIT 0
- +8 ; screen out "TOKEN EXPIRED" errors
- IF $GET(XWBSEC)="BSE ERROR - BSE TOKEN EXPIRED"
- QUIT 0
- +9 IF XUSAPP'=""
- SET XUSETXT=XUSETXT_" ("_XUSAPP_")"
- +10 DO APPERROR^%ZTER($EXTRACT(XUSETXT,1,32))
- +11 QUIT 1
