shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-21 18:03:38 +03:00
Code Releases Wiki Activity

B #1869: Checked if token has expired to not ask external drivers

Browse Source
This commit is contained in:
juanmont 2018-03-23 11:08:12 +01:00 committed by Ruben S. Montero
parent 40483a5b51
commit 92df02542e
3 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/LoginToken.h
View File

@ -199,7 +199,7 @@ public:
* stores the effective gid. If the token is invali, it is removed
* from the pool.
*/
bool is_valid(const std::string& utk, int& egid);
bool is_valid(const std::string& utk, int& egid, bool& exists_token);
/**
* Load the tokens from its XML representation.

5
src/um/LoginToken.cc
View File

@ -120,7 +120,7 @@ void LoginTokenPool::reset_expired()
/* -------------------------------------------------------------------------- */
bool LoginTokenPool::is_valid(const std::string& utk, int& egid)
bool LoginTokenPool::is_valid(const std::string& utk, int& egid, bool& exists_token)
{
std::map<std::string, LoginToken *>::iterator it;
@ -129,9 +129,12 @@ bool LoginTokenPool::is_valid(const std::string& utk, int& egid)
if ( it == tokens.end() )
{
exists_token = false;
return false;
}
exists_token = true;
if ( it->second->is_valid(utk, egid) == true)
{
return true;

17
src/um/UserPool.cc
View File

@ -664,7 +664,9 @@ bool UserPool::authenticate_internal(User * user,
// -------------------------------------------------------------------------
// Check if token is a login or session token, and set EGID if needed
// -------------------------------------------------------------------------
if ( user->login_tokens.is_valid(token, egid) )
bool exists_token = false;
if ( user->login_tokens.is_valid(token, egid, exists_token) )
{
if ( egid != -1 && !user->is_in_group(egid) )
{
@ -695,6 +697,11 @@ bool UserPool::authenticate_internal(User * user,
user->unlock();
return true;
}
else if ( exists_token )
{
user->unlock();
goto auth_failure_token;
}
user->unlock();
// -------------------------------------------------------------------------
@ -864,12 +871,16 @@ auth_failure_driver:
NebulaLog::log("AuM",Log::ERROR,oss);
goto auth_failure;
auth_failure_token:
NebulaLog::log("AuM", Log::ERROR, "Token has expired.");
goto auth_failure;
auth_failure_nodriver:
NebulaLog::log("AuM",Log::ERROR,
"Auth Error: Authentication driver not enabled. "
"Check AUTH_MAD in oned.conf");
auth_failure:
user_id = -1;
group_id = -1;