Revision a3e99f53 src/um/UserPool.cc
| src/um/UserPool.cc | ||
|---|---|---|
| 397 | 397 |
string auth_driver; |
| 398 | 398 |
string username; |
| 399 | 399 |
|
| 400 |
bool driver_managed_groups = false; |
|
| 401 |
bool update_groups; |
|
| 402 |
const VectorAttribute* auth_conf; |
|
| 403 |
int new_gid = -1; |
|
| 404 |
set<int> new_group_ids; |
|
| 405 |
|
|
| 406 |
set<int> groups_remove; |
|
| 407 |
set<int> groups_add; |
|
| 408 |
set<int>::iterator it; |
|
| 409 |
|
|
| 410 |
int rc; |
|
| 411 |
|
|
| 400 | 412 |
Nebula& nd = Nebula::instance(); |
| 401 | 413 |
AuthManager * authm = nd.get_authm(); |
| 402 | 414 |
|
| 415 |
Group* group; |
|
| 416 |
GroupPool* gpool = nd.get_gpool(); |
|
| 417 |
|
|
| 403 | 418 |
username = user->name; |
| 404 | 419 |
password = user->password; |
| 405 | 420 |
|
| ... | ... | |
| 430 | 445 |
return true; |
| 431 | 446 |
} |
| 432 | 447 |
|
| 448 |
if (nd.get_auth_conf_attribute(auth_driver, auth_conf) == 0) |
|
| 449 |
{
|
|
| 450 |
auth_conf->vector_value("DRIVER_MANAGED_GROUPS", driver_managed_groups);
|
|
| 451 |
} |
|
| 452 |
|
|
| 433 | 453 |
AuthRequest ar(user_id, group_ids); |
| 434 | 454 |
|
| 435 | 455 |
if ( auth_driver == UserPool::CORE_AUTH ) |
| ... | ... | |
| 457 | 477 |
{
|
| 458 | 478 |
goto auth_failure_driver; |
| 459 | 479 |
} |
| 480 |
|
|
| 481 |
if (driver_managed_groups) |
|
| 482 |
{
|
|
| 483 |
//------------------------------------------------------------------ |
|
| 484 |
// Parse driver response |
|
| 485 |
//------------------------------------------------------------------ |
|
| 486 |
|
|
| 487 |
string driver_name; |
|
| 488 |
string mad_name; |
|
| 489 |
string mad_pass; |
|
| 490 |
string error_str; |
|
| 491 |
|
|
| 492 |
rc = parse_auth_msg(ar, new_gid, new_group_ids, |
|
| 493 |
driver_name, mad_name, mad_pass, error_str); |
|
| 494 |
|
|
| 495 |
if (rc != 0) |
|
| 496 |
{
|
|
| 497 |
oss << "An error ocurred parsing the driver message. " |
|
| 498 |
<< error_str; |
|
| 499 |
NebulaLog::log("AuM",Log::WARNING,oss);
|
|
| 500 |
|
|
| 501 |
oss.str("");
|
|
| 502 |
} |
|
| 503 |
} |
|
| 460 | 504 |
} |
| 461 | 505 |
else |
| 462 | 506 |
{
|
| 463 | 507 |
goto auth_failure_nodriver; |
| 464 | 508 |
} |
| 465 | 509 |
|
| 510 |
update_groups = (driver_managed_groups && |
|
| 511 |
(new_gid != -1) && (new_group_ids != group_ids)); |
|
| 512 |
|
|
| 513 |
if (update_groups && (new_group_ids.count(group_id) == 0)) |
|
| 514 |
{
|
|
| 515 |
// Old primary group disappears from the list of new groups |
|
| 516 |
group = gpool->get(new_gid, true); |
|
| 517 |
|
|
| 518 |
if (group != 0) |
|
| 519 |
{
|
|
| 520 |
group_id = new_gid; |
|
| 521 |
gname = group->get_name(); |
|
| 522 |
|
|
| 523 |
group->unlock(); |
|
| 524 |
} |
|
| 525 |
} |
|
| 526 |
|
|
| 466 | 527 |
user = get(user_id, true); |
| 467 | 528 |
|
| 468 | 529 |
if (user != 0) |
| 469 | 530 |
{
|
| 470 | 531 |
user->session.set(token, _session_expiration_time); |
| 532 |
|
|
| 533 |
if (update_groups) |
|
| 534 |
{
|
|
| 535 |
// Previous groups that were not returned this time |
|
| 536 |
std::set_difference(group_ids.begin(), group_ids.end(), |
|
| 537 |
new_group_ids.begin(), new_group_ids.end(), |
|
| 538 |
std::inserter(groups_remove, groups_remove.end())); |
|
| 539 |
|
|
| 540 |
// New groups |
|
| 541 |
std::set_difference(new_group_ids.begin(), new_group_ids.end(), |
|
| 542 |
group_ids.begin(), group_ids.end(), |
|
| 543 |
std::inserter(groups_add, groups_add.end())); |
|
| 544 |
|
|
| 545 |
// Set main group |
|
| 546 |
user->set_group(group_id, gname); |
|
| 547 |
|
|
| 548 |
// Add secondary group ids in the user object |
|
| 549 |
for(it = groups_add.begin(); it != groups_add.end(); it++) |
|
| 550 |
{
|
|
| 551 |
if (gpool->get(*it, false) != 0) |
|
| 552 |
{
|
|
| 553 |
user->add_group(*it); |
|
| 554 |
} |
|
| 555 |
else |
|
| 556 |
{
|
|
| 557 |
oss << "Driver " << auth_driver |
|
| 558 |
<< " returned the non-existing group ID " << *it |
|
| 559 |
<< " for user " << uname; |
|
| 560 |
NebulaLog::log("AuM",Log::WARNING,oss);
|
|
| 561 |
|
|
| 562 |
oss.str("");
|
|
| 563 |
} |
|
| 564 |
} |
|
| 565 |
|
|
| 566 |
// Remove secondary group ids from the user object |
|
| 567 |
for(it = groups_remove.begin(); it != groups_remove.end(); it++) |
|
| 568 |
{
|
|
| 569 |
user->del_group(*it); |
|
| 570 |
} |
|
| 571 |
|
|
| 572 |
// Update the list of groups to return |
|
| 573 |
group_ids = user->get_groups(); |
|
| 574 |
|
|
| 575 |
update(user); |
|
| 576 |
} |
|
| 577 |
|
|
| 471 | 578 |
user->unlock(); |
| 472 | 579 |
} |
| 473 | 580 |
|
| 581 |
// Add/remove user ID from the group objects |
|
| 582 |
|
|
| 583 |
for(it = groups_add.begin(); it != groups_add.end(); it++) |
|
| 584 |
{
|
|
| 585 |
group = gpool->get(*it, true); |
|
| 586 |
|
|
| 587 |
if (group == 0) |
|
| 588 |
{
|
|
| 589 |
continue; |
|
| 590 |
} |
|
| 591 |
|
|
| 592 |
group->add_user(user_id); |
|
| 593 |
|
|
| 594 |
gpool->update(group); |
|
| 595 |
|
|
| 596 |
group->unlock(); |
|
| 597 |
} |
|
| 598 |
|
|
| 599 |
for(it = groups_remove.begin(); it != groups_remove.end(); it++) |
|
| 600 |
{
|
|
| 601 |
group = gpool->get(*it, true); |
|
| 602 |
|
|
| 603 |
if (group == 0) |
|
| 604 |
{
|
|
| 605 |
continue; |
|
| 606 |
} |
|
| 607 |
|
|
| 608 |
group->del_user(user_id); |
|
| 609 |
|
|
| 610 |
gpool->update(group); |
|
| 611 |
|
|
| 612 |
group->unlock(); |
|
| 613 |
} |
|
| 614 |
|
|
| 474 | 615 |
return true; |
| 475 | 616 |
|
| 476 | 617 |
auth_failure_public: |
| ... | ... | |
| 650 | 791 |
/* -------------------------------------------------------------------------- */ |
| 651 | 792 |
/* -------------------------------------------------------------------------- */ |
| 652 | 793 |
|
| 794 |
int UserPool::parse_auth_msg( |
|
| 795 |
AuthRequest &ar, |
|
| 796 |
int &gid, |
|
| 797 |
set<int> &group_ids, |
|
| 798 |
string &driver_name, |
|
| 799 |
string &mad_name, |
|
| 800 |
string &mad_pass, |
|
| 801 |
string &error_str) |
|
| 802 |
{
|
|
| 803 |
istringstream is; |
|
| 804 |
|
|
| 805 |
//-------------------------------------------------------------------------- |
|
| 806 |
// Parse driver response format is: |
|
| 807 |
// <driver> <username> <passwd> [gid...] |
|
| 808 |
//-------------------------------------------------------------------------- |
|
| 809 |
|
|
| 810 |
is.str(ar.message); |
|
| 811 |
|
|
| 812 |
if ( is.good() ) |
|
| 813 |
{
|
|
| 814 |
is >> driver_name >> ws; |
|
| 815 |
} |
|
| 816 |
|
|
| 817 |
if ( !is.fail() ) |
|
| 818 |
{
|
|
| 819 |
is >> mad_name >> ws; |
|
| 820 |
} |
|
| 821 |
|
|
| 822 |
if ( !is.fail() ) |
|
| 823 |
{
|
|
| 824 |
is >> mad_pass >> ws; |
|
| 825 |
} |
|
| 826 |
|
|
| 827 |
while ( is.good() ) |
|
| 828 |
{
|
|
| 829 |
int tmp_gid; |
|
| 830 |
|
|
| 831 |
is >> tmp_gid >> ws; |
|
| 832 |
|
|
| 833 |
if ( is.fail() ) |
|
| 834 |
{
|
|
| 835 |
error_str = "One or more group IDs are malformed"; |
|
| 836 |
return -1; |
|
| 837 |
} |
|
| 838 |
|
|
| 839 |
if ( Nebula::instance().get_gpool()->get(tmp_gid, false) == 0 ) |
|
| 840 |
{
|
|
| 841 |
error_str = "One or more group IDs do not exist"; |
|
| 842 |
return -1; |
|
| 843 |
} |
|
| 844 |
|
|
| 845 |
if ( gid == -1 ) //Keep the first id for primary group |
|
| 846 |
{
|
|
| 847 |
gid = tmp_gid; |
|
| 848 |
} |
|
| 849 |
|
|
| 850 |
group_ids.insert(tmp_gid); |
|
| 851 |
} |
|
| 852 |
|
|
| 853 |
return 0; |
|
| 854 |
} |
|
| 855 |
|
|
| 856 |
/* -------------------------------------------------------------------------- */ |
|
| 857 |
/* -------------------------------------------------------------------------- */ |
|
| 858 |
|
|
| 653 | 859 |
bool UserPool::authenticate_external(const string& username, |
| 654 | 860 |
const string& token, |
| 655 | 861 |
string& password, |
| ... | ... | |
| 661 | 867 |
int& umask) |
| 662 | 868 |
{
|
| 663 | 869 |
ostringstream oss; |
| 664 |
istringstream is; |
|
| 665 | 870 |
|
| 666 | 871 |
string driver_name; |
| 667 | 872 |
string mad_name; |
| ... | ... | |
| 678 | 883 |
Group* group; |
| 679 | 884 |
|
| 680 | 885 |
int gid = -1; |
| 886 |
int rc; |
|
| 681 | 887 |
|
| 682 | 888 |
set<int>::iterator it; |
| 683 | 889 |
set<int> empty_set; |
| ... | ... | |
| 702 | 908 |
goto auth_failure_driver; |
| 703 | 909 |
} |
| 704 | 910 |
|
| 705 |
is.str(ar.message); |
|
| 706 |
|
|
| 707 | 911 |
user_id = -1; |
| 708 | 912 |
|
| 709 | 913 |
//-------------------------------------------------------------------------- |
| 710 |
// Parse driver response format is: |
|
| 711 |
// <driver> <username> <passwd> [gid...] |
|
| 914 |
// Parse driver response |
|
| 712 | 915 |
//-------------------------------------------------------------------------- |
| 713 | 916 |
|
| 714 |
if ( is.good() ) |
|
| 715 |
{
|
|
| 716 |
is >> driver_name >> ws; |
|
| 717 |
} |
|
| 718 |
|
|
| 719 |
if ( !is.fail() ) |
|
| 720 |
{
|
|
| 721 |
is >> mad_name >> ws; |
|
| 722 |
} |
|
| 917 |
rc = parse_auth_msg(ar, gid, group_ids, |
|
| 918 |
driver_name, mad_name, mad_pass, error_str); |
|
| 723 | 919 |
|
| 724 |
if ( !is.fail() )
|
|
| 920 |
if (rc != 0)
|
|
| 725 | 921 |
{
|
| 726 |
is >> mad_pass >> ws; |
|
| 727 |
} |
|
| 728 |
|
|
| 729 |
while ( is.good() ) |
|
| 730 |
{
|
|
| 731 |
int tmp_gid; |
|
| 732 |
|
|
| 733 |
is >> tmp_gid >> ws; |
|
| 734 |
|
|
| 735 |
if ( is.fail() ) |
|
| 736 |
{
|
|
| 737 |
error_str = "One or more group IDs are malformed"; |
|
| 738 |
goto auth_failure_user; |
|
| 739 |
} |
|
| 740 |
|
|
| 741 |
if ( gpool->get(tmp_gid, false) == 0 ) |
|
| 742 |
{
|
|
| 743 |
error_str = "One or more group IDs do not exist"; |
|
| 744 |
goto auth_failure_user; |
|
| 745 |
} |
|
| 746 |
|
|
| 747 |
if ( gid == -1 ) //Keep the first id for primary group |
|
| 748 |
{
|
|
| 749 |
gid = tmp_gid; |
|
| 750 |
} |
|
| 751 |
|
|
| 752 |
group_ids.insert(tmp_gid); |
|
| 922 |
goto auth_failure_user; |
|
| 753 | 923 |
} |
| 754 | 924 |
|
| 755 | 925 |
//-------------------------------------------------------------------------- |
| ... | ... | |
| 780 | 950 |
group->unlock(); |
| 781 | 951 |
} |
| 782 | 952 |
|
| 783 |
if ( !is.fail() ) |
|
| 784 |
{
|
|
| 785 |
allocate(&user_id, |
|
| 786 |
group_id, |
|
| 787 |
mad_name, |
|
| 788 |
gname, |
|
| 789 |
mad_pass, |
|
| 790 |
driver_name, |
|
| 791 |
true, |
|
| 792 |
error_str); |
|
| 793 |
} |
|
| 953 |
allocate(&user_id, |
|
| 954 |
group_id, |
|
| 955 |
mad_name, |
|
| 956 |
gname, |
|
| 957 |
mad_pass, |
|
| 958 |
driver_name, |
|
| 959 |
true, |
|
| 960 |
error_str); |
|
| 794 | 961 |
|
| 795 | 962 |
if ( user_id == -1 ) |
| 796 | 963 |
{
|
Also available in: Unified diff