shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-11 05:17:41 +03:00
Code Releases Wiki Activity

feature #203: Prevent race condition when a AuthRequests timeout. Now timeout timers are handled by the AuthManager.

Browse Source
This commit is contained in:
Ruben S. Montero 2010-07-06 12:35:47 +02:00
parent ebedca1f63
commit a707f730f2
3 changed files with 284 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

439
include/AuthManager.h
View File

@ -17,6 +17,8 @@
#ifndef AUTH_MANAGER_H_
#define AUTH_MANAGER_H_
#include <time.h>
#include "MadManager.h"
#include "ActionManager.h"
@ -24,8 +26,225 @@
using namespace std;
//Forward definition of the AuthManager
class AuthManager;
//Forward definition of the AuthRequest
class AuthRequest;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
extern "C" void * authm_action_loop(void *arg);
class AuthManager : public MadManager, public ActionListener
{
public:
AuthManager(
time_t timer,
time_t __time_out,
vector<const Attribute*>& _mads):
MadManager(_mads), timer_period(timer)
{
_time_out = __time_out;
am.addListener(this);
pthread_mutex_init(&mutex,0);
};
~AuthManager(){};
enum Actions
{
AUTHENTICATE,
AUTHORIZE,
FINALIZE
};
/**
* Triggers specific actions to the Auth Manager. This function
* wraps the ActionManager trigger function.
* @param action the Auth Manager action
* @param request an auth request
*/
void trigger(
Actions action,
AuthRequest * request);
/**
* This functions starts the associated listener thread, and creates a
* new thread for the AuthManager. This thread will wait in
* an action loop till it receives ACTION_FINALIZE.
* @return 0 on success.
*/
int start();
/**
* Loads Virtual Machine Manager Mads defined in configuration file
* @param uid of the user executing the driver. When uid is 0 the nebula
* identity will be used. Otherwise the Mad will be loaded through the
* sudo application.
*/
void load_mads(int uid);
/**
* Gets the thread identification.
* @return pthread_t for the manager thread (that in the action loop).
*/
pthread_t get_thread_id() const
{
return authm_thread;
};
/**
* Notify the result of an auth request
*/
void notify_request(int auth_id, bool result, const string& message);
/**
* Discards a pending request. Call this before freeing not notified or
* timeout requests.
*/
void discard_request(int auth_id)
{
lock();
auth_requests.erase(auth_id);
unlock();
}
/**
* Gets default timeout for Auth requests
*/
static time_t time_out()
{
return _time_out;
}
private:
/**
* Thread id for the Transfer Manager
*/
pthread_t authm_thread;
/**
* Action engine for the Manager
*/
ActionManager am;
/**
* List of pending requests
*/
map<int, AuthRequest *> auth_requests;
/**
* Mutex to access the auth_requests
*/
pthread_mutex_t mutex;
/**
* Default timeout for Auth requests
*/
static time_t _time_out;
/**
* Timer for the Manager (periocally triggers timer action)
*/
time_t timer_period;
/**
* Returns a pointer to a Auth Manager driver.
* @param name of an attribute of the driver (e.g. its type)
* @param value of the attribute
* @return the Auth driver with attribute name equal to value
* or 0 in not found
*/
const AuthManagerDriver * get(
const string& name,
const string& value)
{
return static_cast<const AuthManagerDriver *>
(MadManager::get(0,name,value));
};
/**
* Returns a pointer to a Auth Manager driver. The driver is
* searched by its name.
* @param name the name of the driver
* @return the TM driver owned by uid with attribute name equal to value
* or 0 in not found
*/
const AuthManagerDriver * get(const string& name)
{
string _name("NAME");
return static_cast<const AuthManagerDriver *>
(MadManager::get(0,_name,name));
};
/**
* Function to execute the Manager action loop method within a new pthread
* (requires C linkage)
*/
friend void * authm_action_loop(void *arg);
/**
* The action function executed when an action is triggered.
* @param action the name of the action
* @param arg arguments for the action function
*/
void do_action(
const string & action,
void * arg);
/**
* This function authenticates a user
*/
void authenticate_action(AuthRequest * ar);
/**
* This function authorizes a user request
*/
void authorize_action(AuthRequest * ar);
/**
* This function is periodically executed to check time_outs on requests
*/
void timer_action();
/**
* Function to lock the pool
*/
void lock()
{
pthread_mutex_lock(&mutex);
};
/**
* Function to unlock the pool
*/
void unlock()
{
pthread_mutex_unlock(&mutex);
};
/**
* Add a new request to the Request map
* @param ar pointer to the AuthRequest
* @return the id for the request
*/
int add_request(AuthRequest *ar);
/**
* Gets request from the Request map
* @param id for the request
* @return pointer to the AuthRequest
*/
AuthRequest * get_request(int id);
};
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
/**
* The AuthRequest class is used to pass an Authorization or Authentication
@ -39,7 +258,8 @@ public:
result(false),
timeout(false),
auth_driver(_auth_driver),
uid(_uid)
uid(_uid),
time_out(0)
{
am.addListener(this);
};
@ -135,9 +355,11 @@ public:
/**
* Wait for the AuthRequest to be completed
*/
void wait(time_t timeout=30)
void wait()
{
am.loop(timeout,0);
time_out = time(0) + AuthManager::time_out();
am.loop(0,0);
};
/**
@ -180,7 +402,12 @@ private:
int uid;
/**
* Authentication challenge
* Timeout for this request
*/
time_t time_out;
/**
* Authentication challenge, as sent in the XML-RPC call
*/
string challenge;
@ -190,205 +417,9 @@ private:
vector<string> auths;
/**
*
* No actions defined for the Auth request, just FINALIZE when done
*/
void do_action(const string &name, void *args)
{
if (name == ACTION_TIMER)
{
result = false;
timeout = true;
am.trigger(ActionListener::ACTION_FINALIZE,0);
}
}
};
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
extern "C" void * authm_action_loop(void *arg);
class AuthManager : public MadManager, public ActionListener
{
public:
AuthManager(
vector<const Attribute*>& _mads):
MadManager(_mads)
{
am.addListener(this);
pthread_mutex_init(&mutex,0);
};
~AuthManager(){};
enum Actions
{
AUTHENTICATE,
AUTHORIZE,
FINALIZE
};
/**
* Triggers specific actions to the Auth Manager. This function
* wraps the ActionManager trigger function.
* @param action the Auth Manager action
* @param request an auth request
*/
void trigger(
Actions action,
AuthRequest * request);
/**
* This functions starts the associated listener thread, and creates a
* new thread for the AuthManager. This thread will wait in
* an action loop till it receives ACTION_FINALIZE.
* @return 0 on success.
*/
int start();
/**
* Loads Virtual Machine Manager Mads defined in configuration file
* @param uid of the user executing the driver. When uid is 0 the nebula
* identity will be used. Otherwise the Mad will be loaded through the
* sudo application.
*/
void load_mads(int uid);
/**
* Gets the thread identification.
* @return pthread_t for the manager thread (that in the action loop).
*/
pthread_t get_thread_id() const
{
return authm_thread;
};
/**
* Notify the result of an auth request
*/
void notify_request(int auth_id, bool result, const string& message);
/**
* Discards a pending request. Call this before freeing not notified or
* timeout requests.
*/
void discard_request(int auth_id)
{
lock();
auth_requests.erase(auth_id);
unlock();
}
private:
/**
* Thread id for the Transfer Manager
*/
pthread_t authm_thread;
/**
* Action engine for the Manager
*/
ActionManager am;
/**
* Action engine for the Manager
*/
map<int, AuthRequest *> auth_requests;
/**
* Mutex to access the auth_requests
*/
pthread_mutex_t mutex;
/**
* Returns a pointer to a Auth Manager driver.
* @param name of an attribute of the driver (e.g. its type)
* @param value of the attribute
* @return the Auth driver with attribute name equal to value
* or 0 in not found
*/
const AuthManagerDriver * get(
const string& name,
const string& value)
{
return static_cast<const AuthManagerDriver *>
(MadManager::get(0,name,value));
};
/**
* Returns a pointer to a Auth Manager driver. The driver is
* searched by its name.
* @param name the name of the driver
* @return the TM driver owned by uid with attribute name equal to value
* or 0 in not found
*/
const AuthManagerDriver * get(const string& name)
{
string _name("NAME");
return static_cast<const AuthManagerDriver *>
(MadManager::get(0,_name,name));
};
/**
* Function to execute the Manager action loop method within a new pthread
* (requires C linkage)
*/
friend void * authm_action_loop(void *arg);
/**
* The action function executed when an action is triggered.
* @param action the name of the action
* @param arg arguments for the action function
*/
void do_action(
const string & action,
void * arg);
/**
* This function authenticates a user
*/
void authenticate_action(AuthRequest * ar);
/**
* This function authorizes a user request
*/
void authorize_action(AuthRequest * ar);
/**
* Function to lock the pool
*/
void lock()
{
pthread_mutex_lock(&mutex);
};
/**
* Function to unlock the pool
*/
void unlock()
{
pthread_mutex_unlock(&mutex);
};
/**
* Add a new request to the Request map
* @param ar pointer to the AuthRequest
* @return the id for the request
*/
int add_request(AuthRequest *ar);
/**
* Gets request from the Request map
* @param id for the request
* @return pointer to the AuthRequest
*/
AuthRequest * get_request(int id);
void do_action(const string &name, void *args){};
};
#endif /*AUTH_MANAGER_H*/

50
src/authm/AuthManager.cc
View File

@ -22,6 +22,11 @@
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
time_t AuthManager::_time_out;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
extern "C" void * authm_action_loop(void *arg)
{
AuthManager * authm;
@ -35,7 +40,7 @@ extern "C" void * authm_action_loop(void *arg)
NebulaLog::log("AuM",Log::INFO,"Authorization Manager started.");
authm->am.loop(0,0);
authm->am.loop(authm->timer_period,0);
NebulaLog::log("AuM",Log::INFO,"Authorization Manager stopped.");
@ -101,21 +106,20 @@ void AuthManager::do_action(const string &action, void * arg)
{
AuthRequest * request;
if ( arg == 0 && action != ACTION_FINALIZE )
{
return;
}
request = static_cast<AuthRequest *>(arg);
if (action == "AUTHENTICATE")
if (action == "AUTHENTICATE" && request != 0)
{
authenticate_action(request);
}
else if (action == "AUTHORIZE")
else if (action == "AUTHORIZE" && request != 0)
{
authorize_action(request);
}
else if (action == ACTION_TIMER)
{
timer_action();
}
else if (action == ACTION_FINALIZE)
{
NebulaLog::log("AuM",Log::INFO,"Stopping Authorization Manager...");
@ -209,6 +213,35 @@ error_driver:
ar->message = "Could not find Authorization driver";
ar->notify();
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AuthManager::timer_action()
{
map<int,AuthRequest *>::iterator it;
time_t the_time = time(0);
lock();
for (it=auth_requests.begin();it!=auth_requests.end();it++)
{
if (the_time > it->second->time_out)
{
AuthRequest * ar = it->second;
auth_requests.erase(it);
ar->result = false;
ar->timeout = true;
ar->message.clear();
ar->notify();
}
}
unlock();
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -229,6 +262,7 @@ int AuthManager::add_request(AuthRequest *ar)
return id;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
AuthRequest * AuthManager::get_request(int id)

11
src/authm/test/AuthManagerTest.cc
View File

@ -42,7 +42,7 @@ class AuthManagerTest : public CppUnit::TestFixture
CPPUNIT_TEST_SUITE (AuthManagerTest);
CPPUNIT_TEST (load);
CPPUNIT_TEST (timeout);
//CPPUNIT_TEST (timeout);
CPPUNIT_TEST (authenticate);
CPPUNIT_TEST (authorize);
@ -75,7 +75,7 @@ public:
t->get("AUTH_MAD", am_mads);
am = new AuthManager(am_mads);
am = new AuthManager(1,3,am_mads);
};
void tearDown()
@ -101,6 +101,7 @@ public:
CPPUNIT_ASSERT(0==0);
}
//This test needs a driver that takes more than 3 secs to AUTHENTICATE
void timeout()
{
int rc;
@ -112,8 +113,10 @@ public:
am->load_mads(0);
am->trigger(AuthManager::AUTHENTICATE,&ar);
ar.set_challenge("the_secret");
ar.wait(1);
ar.wait();
CPPUNIT_ASSERT(ar.result==false);
CPPUNIT_ASSERT(ar.timeout==true);
@ -141,7 +144,7 @@ public:
ar.set_challenge("the_secret");
am->trigger(AuthManager::AUTHENTICATE,&ar);
ar.wait(300);
ar.wait();
CPPUNIT_ASSERT(ar.result==true);