Feature #1096: Change authorization MAD definition to detect if there is any authZ driver enabled

2025-03-28 14:50:08 +03:00 · 2012-04-11 17:58:57 +02:00 · 2012-04-11 17:58:57 +02:00 · a76be30312
commit a76be30312
parent f5ec948338
4 changed files with 42 additions and 4 deletions
--- a/include/AuthManager.h
+++ b/include/AuthManager.h
@ -125,6 +125,16 @@ public:
        return _time_out;
    }

+    /**
+     * Returns true if there is an authorization driver enabled
+     *
+     * @return true if there is an authorization driver enabled
+     */
+    bool is_authz_enabled()
+    {
+        return authz_enabled;
+    };
+
 private:
    /**
     *  Thread id for the Transfer Manager
@ -159,7 +169,12 @@ private:
    /**
     *  Generic name for the Auth driver
     */
-     static const char *  auth_driver_name;
+     static const char *    auth_driver_name;
+
+     /**
+      * True if there is an authorization driver enabled
+      */
+     bool                   authz_enabled;

    /**
     *  Returns a pointer to a Auth Manager driver.
--- a/share/etc/oned.conf
+++ b/share/etc/oned.conf
@ -422,8 +422,8 @@ HM_MAD = [

 AUTH_MAD = [
    executable = "one_auth_mad",
-    arguments  = "--authn ssh,x509,ldap,server_cipher,server_x509"
-#    arguments  = "--authz quota --authn ssh,x509,ldap,server_cipher,server_x509"
+    authn = "ssh,x509,ldap,server_cipher,server_x509"
+#   , authz = "quota"
 ]

 SESSION_EXPIRATION_TIME = 900
--- a/src/authm/AuthManager.cc
+++ b/src/authm/AuthManager.cc
@ -453,6 +453,29 @@ void AuthManager::load_mads(int uid)

    auth_conf.replace("NAME",auth_driver_name);

+    oss.str("");
+
+    string authn = auth_conf.vector_value("AUTHN");
+
+    if ( !authn.empty() )
+    {
+        oss << "--authn " << authn;
+    }
+
+    string authz = auth_conf.vector_value("AUTHZ");
+
+    if ( !authz.empty() )
+    {
+        authz_enabled = true;
+        oss << " --authz " << authz;
+    }
+    else
+    {
+        authz_enabled = false;
+    }
+
+    auth_conf.replace("ARGUMENTS", oss.str());
+
    authm_driver = new AuthManagerDriver(uid,auth_conf.value(),(uid!=0),this);

    rc = add(authm_driver);
--- a/src/um/UserPool.cc
+++ b/src/um/UserPool.cc
@ -735,7 +735,7 @@ int UserPool::authorize(AuthRequest& ar)
    AuthManager * authm = nd.get_authm();
    int           rc    = -1;

-    if (authm == 0)
+    if (authm == 0 || !authm->is_authz_enabled())
    {
        if (ar.core_authorize())
        {