[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [2860] Don't add the security domain `AuthDomain' by d
From: |
Giuseppe Scrivano |
Subject: |
[myserver-commit] [2860] Don't add the security domain `AuthDomain' by default. |
Date: |
Fri, 03 Oct 2008 10:59:14 +0000 |
Revision: 2860
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=2860
Author: gscrivano
Date: 2008-10-03 10:59:13 +0000 (Fri, 03 Oct 2008)
Log Message:
-----------
Don't add the security domain `AuthDomain' by default. It must be done
explicitly.
Modified Paths:
--------------
branches/myserver_sec_new/include/conf/security/security_domain.h
branches/myserver_sec_new/include/conf/security/security_manager.h
branches/myserver_sec_new/include/conf/security/validator.h
branches/myserver_sec_new/include/protocol/http/Makefile.am
branches/myserver_sec_new/src/conf/security/auth_domain.cpp
branches/myserver_sec_new/src/conf/security/security_cache.cpp
branches/myserver_sec_new/src/conf/security/security_manager.cpp
branches/myserver_sec_new/src/conf/security/validator.cpp
branches/myserver_sec_new/src/conf/security/xml_validator.cpp
branches/myserver_sec_new/tests/test_security_manager.cpp
branches/myserver_sec_new/tests/test_validator.cpp
branches/myserver_sec_new/tests/test_xml_validator.cpp
Modified: branches/myserver_sec_new/include/conf/security/security_domain.h
===================================================================
--- branches/myserver_sec_new/include/conf/security/security_domain.h
2008-10-02 19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/include/conf/security/security_domain.h
2008-10-03 10:59:13 UTC (rev 2860)
@@ -33,7 +33,7 @@
SecurityDomain (string &name);
virtual ~SecurityDomain ();
virtual string *getValue (string &name);
- const string& getName(){return name;}
+ string& getName(){return name;}
protected:
string name;
};
Modified: branches/myserver_sec_new/include/conf/security/security_manager.h
===================================================================
--- branches/myserver_sec_new/include/conf/security/security_manager.h
2008-10-02 19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/include/conf/security/security_manager.h
2008-10-03 10:59:13 UTC (rev 2860)
@@ -29,6 +29,8 @@
using namespace std;
+class AuthMethod;
+class Validator;
class SecurityDomain;
class AuthMethodFactory;
class ValidatorFactory;
@@ -76,9 +78,7 @@
/*! Resource that the user tried to access. */
string *resource;
- /*!
- *Permission mask.
- */
+ /*! Permission mask. */
int mask;
/*!
@@ -88,17 +88,13 @@
*/
string neededPassword;
- /*!
- *The provided password is correct.
- */
+ /*! The provided password is correct. */
bool authenticated;
- /*!
- *The obtained mask if password were correct.
- */
+ /*! The obtained mask if password were correct. */
int providedMask;
-
+ /*! Stored values. */
HashMap<string,string*> values;
/*! If it is true the security manager will use the cached values. */
@@ -126,12 +122,22 @@
SecurityManager(ValidatorFactory*, AuthMethodFactory*);
~SecurityManager();
- int getPermissionMask(SecurityToken* st,
- list<SecurityDomain*> *domains,
- string& validator,
- string& authMethod);
+ int getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ string& validator,
+ string& authMethod);
+ int getPermissionMask (SecurityToken* st,
+ list<SecurityDomain*> *domains,
+ string& validator,
+ string& authMethod);
+
private:
+ int getValidatorAndAuthMethod (string &validatorName,
+ string &authMethodName,
+ Validator **validator,
+ AuthMethod **authMethod);
+
ValidatorFactory *validatorFactory;
AuthMethodFactory *authMethodFactory;
};
Modified: branches/myserver_sec_new/include/conf/security/validator.h
===================================================================
--- branches/myserver_sec_new/include/conf/security/validator.h 2008-10-02
19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/include/conf/security/validator.h 2008-10-03
10:59:13 UTC (rev 2860)
@@ -37,6 +37,10 @@
virtual ~Validator ();
int getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ AuthMethod* authMethod);
+
+ int getPermissionMask (SecurityToken* st,
list<SecurityDomain*> *domains,
AuthMethod* authMethod);
@@ -48,10 +52,16 @@
string *getValue (HashMap<string, SecurityDomain*> *hashedDomains,
string &name);
protected:
- int initializeDomains (HashMap<string, SecurityDomain*> *hashedDomains,
- SecurityToken* st,
- list<SecurityDomain*> *domains);
- void clearDomains (HashMap<string, SecurityDomain*> *hashedDomains);
+ inline void addDomain (HashMap<string, SecurityDomain*> *hashedDomains,
+ SecurityDomain *domain)
+ {
+ string &name = domain->getName ();
+ hashedDomains->put (name, domain);
+ }
+
+ int getPermissionMaskInt (SecurityToken* st,
+ HashMap<string, SecurityDomain*> *hashedDomains,
+ AuthMethod* authMethod);
};
#endif
Modified: branches/myserver_sec_new/include/protocol/http/Makefile.am
===================================================================
--- branches/myserver_sec_new/include/protocol/http/Makefile.am 2008-10-02
19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/include/protocol/http/Makefile.am 2008-10-03
10:59:13 UTC (rev 2860)
@@ -1,4 +1,4 @@
httpincludedir=$(includedir)/myserver/include/protocol/http
-httpinclude_HEADERS = http_data_handler.h http_data_read.h http_errors.h
http.h http_header_checker.h http_header.h http_headers.h http_request.h
http_req_security_domain.cpp http_response.h http_thread_context.h
+httpinclude_HEADERS = http_data_handler.h http_data_read.h http_errors.h
http.h http_header_checker.h http_header.h http_headers.h http_request.h
http_req_security_domain.h http_response.h http_thread_context.h
SUBDIRS = env
Modified: branches/myserver_sec_new/src/conf/security/auth_domain.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/auth_domain.cpp 2008-10-02
19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/src/conf/security/auth_domain.cpp 2008-10-03
10:59:13 UTC (rev 2860)
@@ -22,7 +22,7 @@
AuthDomain::AuthDomain (SecurityToken *st)
{
- this->name.assign("");
+ this->name.assign ("auth");
securityToken = st;
}
@@ -45,7 +45,7 @@
if (!name.compare ("directory"))
return securityToken->directory;
- if (!name.compare("sysdirectory"))
+ if (!name.compare ("sysdirectory"))
return securityToken->sysdirectory;
return NULL;
Modified: branches/myserver_sec_new/src/conf/security/security_cache.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/security_cache.cpp
2008-10-02 19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/src/conf/security/security_cache.cpp
2008-10-03 10:59:13 UTC (rev 2860)
@@ -17,6 +17,7 @@
#include <include/conf/security/security_cache.h>
#include <include/conf/security/security_manager.h>
+#include <include/conf/security/auth_domain.h>
#include <include/base/file/file.h>
#include <include/base/file/files_utility.h>
@@ -39,7 +40,10 @@
validatorFactory.addValidator (xml, xmlV);
authMethodFactory.addAuthMethod (xml, (AuthMethod*) xmlV);
}
- return sm.getPermissionMask (st, NULL, xml, xml);
+
+ AuthDomain auth (st);
+ SecurityDomain* domains[] = {&auth, NULL};
+ return sm.getPermissionMask (st, domains, xml, xml);
}
/////////////////////////////////////////////////////////////////////////////////////
Modified: branches/myserver_sec_new/src/conf/security/security_manager.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/security_manager.cpp
2008-10-02 19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/src/conf/security/security_manager.cpp
2008-10-03 10:59:13 UTC (rev 2860)
@@ -74,23 +74,64 @@
*Get the permission mask for the requested resource.
*/
int SecurityManager::getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ string &validator,
+ string &authMethod)
+{
+ Validator *v;
+ AuthMethod *am;
+
+ if (getValidatorAndAuthMethod (validator, authMethod, &v, &am))
+ return 0;
+
+ return v->getPermissionMask (st, domains, am);
+}
+
+/*!
+ *Get the permission mask for the requested resource.
+ */
+int SecurityManager::getPermissionMask (SecurityToken* st,
list<SecurityDomain*> *domains,
string &validator,
string &authMethod)
{
+ Validator *v;
+ AuthMethod *am;
+
+ if (getValidatorAndAuthMethod (validator, authMethod, &v, &am))
+ return 0;
+
+ return v->getPermissionMask (st, domains, am);
+}
+
+
+/*!
+ *Initialize the pointers to the specified Validator and AuthMethod.
+ *\param validatorName The validator name to find.
+ *\param authMethodName The auth method name to find.
+ *\param validator Pointer to the Validator to initialize.
+ *\param validator Pointer to the AuthMethod initialize.
+ *\return 0 if the pointers were successfully initialized.
+ */
+int SecurityManager::getValidatorAndAuthMethod (string &validatorName,
+ string &authMethodName,
+ Validator **validator,
+ AuthMethod **authMethod)
+{
+
string xml ("xml");
- Validator *v = validatorFactory->getValidator (validator);
- AuthMethod *am = authMethodFactory->getAuthMethod (authMethod);
+ *validator = validatorFactory->getValidator (validatorName);
+ *authMethod = authMethodFactory->getAuthMethod (authMethodName);
- if (!v)
- v = validatorFactory->getValidator (xml);
+ if (!(*validator))
+ *validator = validatorFactory->getValidator (xml);
- if (!am)
- am = authMethodFactory->getAuthMethod (xml);
+ if (!(*authMethod))
+ *authMethod = authMethodFactory->getAuthMethod (xml);
- if (!am || !v)
+ if (*validator && *authMethod)
return 0;
- return v->getPermissionMask (st, domains, am);
+ return 1;
}
Modified: branches/myserver_sec_new/src/conf/security/validator.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/validator.cpp 2008-10-02
19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/src/conf/security/validator.cpp 2008-10-03
10:59:13 UTC (rev 2860)
@@ -29,9 +29,10 @@
}
+
/*!
*Get the permission mask for the requested resource.
- *Decorate getPermissionMaskImpl.
+ *Delegate the problem to getPermissionMaskInt.
*/
int Validator::getPermissionMask (SecurityToken* st,
list<SecurityDomain*> *domains,
@@ -42,76 +43,77 @@
if (st->done)
return st->mask;
- int ret = initializeDomains (&hashedDomains, st, domains);
+ if (domains)
+ {
+ for (list<SecurityDomain*>::iterator it = domains->begin ();
+ it != domains->end (); it++)
+ {
+ addDomain (&hashedDomains, *it);
+ }
+ }
- if(ret)
- return ret;
-
- if (authMethod)
- ret = authMethod->getPermissionMask (st);
-
- if (!getPermissionMaskImpl (st, &hashedDomains, authMethod))
- ret = 0;
-
- clearDomains (&hashedDomains);
-
- st->done = true;
-
- return ret;
+ return getPermissionMaskInt (st, &hashedDomains, authMethod);
}
-
/*!
*Get the permission mask for the requested resource.
+ *Delegate the problem to getPermissionMaskInt.
*/
-int Validator::getPermissionMaskImpl (SecurityToken* st,
- HashMap<string, SecurityDomain*>
*hashedDomains,
- AuthMethod* authMethod)
+int Validator::getPermissionMask (SecurityToken* st,
+ SecurityDomain **domains,
+ AuthMethod* authMethod)
{
- return 0;
-}
+ HashMap<string, SecurityDomain*> hashedDomains;
+ if (st->done)
+ return st->mask;
-
-/*!
- *Initialize the domains.
- */
-int Validator::initializeDomains (HashMap<string, SecurityDomain*>
*hashedDomains,
- SecurityToken* st,
- list<SecurityDomain*> *domains)
-{
- string authName ("auth");
-
- hashedDomains->put (authName, new AuthDomain(st));
-
if (domains)
{
- for (list<SecurityDomain*>::iterator it = domains->begin (); it !=
domains->end (); it++)
+ for (u_int i = 0; domains[i]; i++)
{
- SecurityDomain *domain = *it;
- string name = domain->getName ();
- hashedDomains->put (name, domain);
+ addDomain (&hashedDomains, domains[i]);
}
}
- return 0;
+ return getPermissionMaskInt (st, &hashedDomains, authMethod);
}
+
+
/*!
- *Clear the resources used by the domains.
+ *Get the permission mask for the requested resource.
+ *Decorate getPermissionMaskImpl.
*/
-void Validator::clearDomains (HashMap<string, SecurityDomain*> *hashedDomains)
+int Validator::getPermissionMaskInt (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod)
{
- HashMap<string, SecurityDomain*>::Iterator it = hashedDomains->begin();
+ int ret = 0;
+
+ if (authMethod)
+ ret = authMethod->getPermissionMask (st);
- for (;it != hashedDomains->end(); it++)
- {
- delete *it;
- }
+ if (!getPermissionMaskImpl (st, hashedDomains, authMethod))
+ ret = 0;
+
+ st->done = true;
+ return ret;
}
+
/*!
+ *Get the permission mask for the requested resource.
+ */
+int Validator::getPermissionMaskImpl (SecurityToken* st,
+ HashMap<string, SecurityDomain*>
*hashedDomains,
+ AuthMethod* authMethod)
+{
+ return 0;
+}
+
+/*!
*Get the value for [name] in the form domain.variable.
*\param hashedDomains Registered security domains.
*\param name Variable name.
Modified: branches/myserver_sec_new/src/conf/security/xml_validator.cpp
===================================================================
--- branches/myserver_sec_new/src/conf/security/xml_validator.cpp
2008-10-02 19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/src/conf/security/xml_validator.cpp
2008-10-03 10:59:13 UTC (rev 2860)
@@ -110,12 +110,10 @@
int permissions = getPermissions (attrs, &name, &password);
- if (!name || !password)
+ if (!name || !password ||
+ xmlStrcmp (name, (const xmlChar *)st->user.c_str ()))
continue;
- if (xmlStrcmp (name, (const xmlChar *)st->user.c_str ()))
- continue;
-
st->providedMask = permissions;
if (xmlStrcmp (password, (const xmlChar *)st->password.c_str ()))
@@ -152,26 +150,26 @@
attrs->children && attrs->children->content)
*user = attrs->children->content;
- if (password && !xmlStrcmp (attrs->name, (const xmlChar *)"password") &&
+ else if (password && !xmlStrcmp (attrs->name, (const xmlChar
*)"password") &&
attrs->children && attrs->children->content)
*password = attrs->children->content;
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"read") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"read") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_READ;
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"write") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"write") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_WRITE;
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"execute") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"execute") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_EXECUTE;
- if (!xmlStrcmp (attrs->name, (const xmlChar *)"browse") &&
+ else if (!xmlStrcmp (attrs->name, (const xmlChar *)"browse") &&
attrs->children && attrs->children->content &&
!xmlStrcmp(attrs->children->content, (const xmlChar *) "YES"))
permissions |= MYSERVER_PERMISSION_BROWSE;
Modified: branches/myserver_sec_new/tests/test_security_manager.cpp
===================================================================
--- branches/myserver_sec_new/tests/test_security_manager.cpp 2008-10-02
19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/tests/test_security_manager.cpp 2008-10-03
10:59:13 UTC (rev 2860)
@@ -55,8 +55,8 @@
{
SecurityToken secToken;
string xml("xml");
- CPPUNIT_ASSERT_EQUAL(securityManager->getPermissionMask(&secToken, NULL,
xml, xml), 0);
-
+ CPPUNIT_ASSERT_EQUAL(securityManager->getPermissionMask(&secToken,
(list<SecurityDomain*>*)NULL, xml, xml), 0);
+ CPPUNIT_ASSERT_EQUAL(securityManager->getPermissionMask(&secToken,
(SecurityDomain**)NULL, xml, xml), 0);
}
};
Modified: branches/myserver_sec_new/tests/test_validator.cpp
===================================================================
--- branches/myserver_sec_new/tests/test_validator.cpp 2008-10-02 19:20:25 UTC
(rev 2859)
+++ branches/myserver_sec_new/tests/test_validator.cpp 2008-10-03 10:59:13 UTC
(rev 2860)
@@ -52,9 +52,9 @@
{
string val ("value");
SecurityToken secToken;
- CPPUNIT_ASSERT_EQUAL (validator->getPermissionMask (&secToken, NULL,
NULL), 0);
-
- }
+ CPPUNIT_ASSERT_EQUAL (validator->getPermissionMask (&secToken,
(SecurityDomain**) NULL, NULL), 0);
+ CPPUNIT_ASSERT_EQUAL (validator->getPermissionMask (&secToken,
(list<SecurityDomain*>*) NULL, NULL), 0);
+ }
};
Modified: branches/myserver_sec_new/tests/test_xml_validator.cpp
===================================================================
--- branches/myserver_sec_new/tests/test_xml_validator.cpp 2008-10-02
19:20:25 UTC (rev 2859)
+++ branches/myserver_sec_new/tests/test_xml_validator.cpp 2008-10-03
10:59:13 UTC (rev 2860)
@@ -52,10 +52,9 @@
void testGetPermissionMask()
{
- string val("value");
SecurityToken secToken;
- CPPUNIT_ASSERT_EQUAL(xmlValidator->getPermissionMask(&secToken, NULL,
NULL), 0);
-
+ CPPUNIT_ASSERT_EQUAL (xmlValidator->getPermissionMask (&secToken,
(SecurityDomain**) NULL, NULL), 0);
+ CPPUNIT_ASSERT_EQUAL (xmlValidator->getPermissionMask (&secToken,
(list<SecurityDomain*>*) NULL, NULL), 0);
}
};
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [2860] Don't add the security domain `AuthDomain' by default.,
Giuseppe Scrivano <=