shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-16 22:50:10 +03:00
Code Releases Wiki Activity

Bug #847: Change the expected session token for server users to allow session caching

Browse Source
This commit is contained in:
Carlos Martín 2011-10-24 18:04:00 +02:00
parent 1ee23da08a
commit 0bd23e33d9
2 changed files with 150 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
include/UserPool.h
View File

@ -177,6 +177,17 @@ private:
int& group_id,
string& uname,
string& gname);
/**
* Function to authenticate internal users using a server driver
*/
bool authenticate_server(User * user,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname);
/**
* Function to authenticate external (not known) users

173
src/um/UserPool.cc
View File

@ -271,7 +271,7 @@ bool UserPool::authenticate_internal(User * user,
{
return true;
}
AuthRequest ar(user_id, group_id);
if ( auth_driver == UserPool::CORE_AUTH )
@ -281,7 +281,7 @@ bool UserPool::authenticate_internal(User * user,
if (!ar.core_authenticate())
{
goto auth_failure;
}
}
}
else if (auth_driver == UserPool::PUBLIC_AUTH )
{
@ -296,52 +296,27 @@ bool UserPool::authenticate_internal(User * user,
ar.wait();
if (ar.result!=true) //User was not authenticated
{
{
goto auth_failure_driver;
}
if (auth_driver == UserPool::SERVER_AUTH)
{
user = get(ar.message,true);
if (user == 0)
{
goto auth_failure_user;
}
user_id = user->oid;
group_id = user->gid;
uname = user->name;
gname = user->gname;
user->unlock();
}
}
}
else
{
goto auth_failure_nodriver;
}
user = get(username, true);
user = get(user_id, true);
if (user != 0)
{
user->set_session(token, _session_expiration_time);
user->unlock();
}
}
return true;
auth_failure_public:
oss << "User: " << username << "attempted a direct authentication.";
NebulaLog::log("AuM",Log::ERROR,oss);
goto auth_failure;
auth_failure_user:
oss << "User: " << ar.message
<< ", does not exist. Returned by server auth.";
oss << "User: " << username << " attempted a direct authentication.";
NebulaLog::log("AuM",Log::ERROR,oss);
goto auth_failure;
@ -366,7 +341,130 @@ auth_failure:
return false;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool UserPool::authenticate_server(User * user,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname)
{
bool result = false;
ostringstream oss;
string server_password;
string auth_driver;
string server_username;
string target_username;
string second_token;
Nebula& nd = Nebula::instance();
AuthManager * authm = nd.get_authm();
server_username = user->name;
server_password = user->password;
auth_driver = user->auth_driver;
AuthRequest ar(user->oid, user->gid);
user->unlock();
// token = target_username:second_token
int rc = User::split_secret(token,target_username,second_token);
if ( rc != 0 )
{
goto wrong_server_token;
}
user = get(target_username,true);
if ( user == 0 )
{
goto auth_failure_user;
}
user_id = user->oid;
group_id = user->gid;
uname = user->name;
gname = user->gname;
result = user->valid_session(second_token);
user->unlock();
if (result)
{
return true;
}
if ( authm == 0 )
{
goto auth_failure_nodriver;
}
//Initialize authentication request and call the driver
ar.add_authenticate(auth_driver,server_username,server_password,token);
authm->trigger(AuthManager::AUTHENTICATE,&ar);
ar.wait();
if (ar.result!=true) //User was not authenticated
{
goto auth_failure_driver;
}
user = get(user_id, true);
if (user != 0)
{
user->set_session(second_token, _session_expiration_time);
user->unlock();
}
return true;
wrong_server_token:
oss << "Wrong token format";
NebulaLog::log("AuM",Log::ERROR,oss);
goto auth_failure;
auth_failure_user:
oss << "User: " << target_username
<< " does not exist. Returned by server auth";
NebulaLog::log("AuM",Log::ERROR,oss);
goto auth_failure;
auth_failure_driver:
oss << "Auth Error: " << ar.message;
NebulaLog::log("AuM",Log::ERROR,oss);
goto auth_failure;
auth_failure_nodriver:
NebulaLog::log("AuM",Log::ERROR,
"Auth Error: Authentication driver not enabled. "
"Check AUTH_MAD in oned.conf");
auth_failure:
user_id = -1;
group_id = -1;
uname = "";
gname = "";
return false;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -504,7 +602,14 @@ bool UserPool::authenticate(const string& session,
if (user != 0 ) //User known to OpenNebula
{
ar = authenticate_internal(user,token,user_id,group_id,uname,gname);
if ( user->get_auth_driver() == UserPool::SERVER_AUTH )
{
ar = authenticate_server(user,token,user_id,group_id,uname,gname);
}
else
{
ar = authenticate_internal(user,token,user_id,group_id,uname,gname);
}
}
else
{