rpms / pcs

Clone
Source Code
GIT

Blame SOURCES/bz1158571-02-check-and-refresh-user-auth-info-upon-each-request.patch

c4 c5 c5-plus c6 c6-plus c7 c7-armhfp c7-beta c8 c8-beta c8-init-modify c8s c9 c9-beta
  1.   71541afe6a4d13246538985a94f8a8d50d1974f3
  2.   SOURCES
  3.   bz1158571-02-check-and-refresh-user-auth-info-upon-each-request.patch
Blob History Raw
71541a 
From 00ef3951514889791a11318124c271309d8b4958 Mon Sep 17 00:00:00 2001
71541a 
From: Tomas Jelinek <tojeline@redhat.com>
71541a 
Date: Fri, 4 Sep 2015 16:01:00 +0200
71541a 
Subject: [PATCH] check and refresh user auth info upon each request
71541a
71541a 
---
71541a 
 pcs/cluster.py         |  2 ++
71541a 
 pcs/utils.py           |  2 ++
71541a 
 pcsd/auth.rb           | 16 ++++++++++++----
71541a 
 pcsd/test/test_auth.rb |  1 +
71541a 
 4 files changed, 17 insertions(+), 4 deletions(-)
71541a
71541a 
diff --git a/pcs/cluster.py b/pcs/cluster.py
71541a 
index d2a80a8..5a2128a 100644
71541a 
--- a/pcs/cluster.py
71541a 
+++ b/pcs/cluster.py
71541a 
@@ -235,6 +235,8 @@ def auth_nodes_do(nodes, username, password, force, local):
71541a 
         'local': local,
71541a 
     }
71541a 
     output, retval = utils.run_pcsdcli('auth', pcsd_data)
71541a 
+    if retval == 0 and output['status'] == 'access_denied':
71541a 
+        utils.err('Access denied')
71541a 
     if retval == 0 and output['status'] == 'ok' and output['data']:
71541a 
         failed = False
71541a 
         try:
71541a 
diff --git a/pcs/utils.py b/pcs/utils.py
71541a 
index c91b50e..757c159 100644
71541a 
--- a/pcs/utils.py
71541a 
+++ b/pcs/utils.py
71541a 
@@ -803,6 +803,8 @@ def call_local_pcsd(argv, interactive_auth=False, std_in=None):
71541a 
         return [['Unable to communicate with pcsd'], 1, '', '']
71541a 
     if output_json['status'] == 'bad_command':
71541a 
         return [['Command not allowed'], 1, '', '']
71541a 
+    if output_json['status'] == 'access_denied':
71541a 
+        return [['Access denied'], 1, '', '']
71541a 
     if output_json['status'] != "ok" or not output_json["data"]:
71541a 
         return [['Unable to communicate with pcsd'], 1, '', '']
71541a 
     try:
71541a 
diff --git a/pcsd/auth.rb b/pcsd/auth.rb
71541a 
index 22d7868..53712ed 100644
71541a 
--- a/pcsd/auth.rb
71541a 
+++ b/pcsd/auth.rb
71541a 
@@ -19,7 +19,7 @@ class PCSAuth
71541a
71541a 
   def self.validUser(username, password, generate_token = false)
71541a 
     $logger.info("Attempting login by '#{username}'")
71541a 
-    if not Rpam.auth(username,password, :service => "pcsd")
71541a 
+    if not Rpam.auth(username, password, :service => "pcsd")
71541a 
       $logger.info("Failed login by '#{username}' (bad username or password)")
71541a 
       return nil
71541a 
     end
71541a 
@@ -59,7 +59,7 @@ class PCSAuth
71541a 
     return [true, stdout.join(' ').split(nil)]
71541a 
   end
71541a
71541a 
-  def self.isUserAllowedToLogin(username)
71541a 
+  def self.isUserAllowedToLogin(username, log_success=true)
71541a 
     success, groups = getUsersGroups(username)
71541a 
     if not success
71541a 
       $logger.info(
71541a 
@@ -73,7 +73,9 @@ class PCSAuth
71541a 
       )
71541a 
       return false
71541a 
     end
71541a 
-    $logger.info("Successful login by '#{username}'")
71541a 
+    if log_success
71541a 
+      $logger.info("Successful login by '#{username}'")
71541a 
+    end
71541a 
     return true
71541a 
   end
71541a
71541a 
@@ -131,7 +133,13 @@ class PCSAuth
71541a 
   end
71541a
71541a 
   def self.isLoggedIn(session)
71541a 
-    return session[:username] != nil
71541a 
+    username = session[:username]
71541a 
+    if (username != nil) and isUserAllowedToLogin(username, false)
71541a 
+      success, groups = getUsersGroups(username)
71541a 
+      session[:usergroups] = success ? groups : []
71541a 
+      return true
71541a 
+    end
71541a 
+    return false
71541a 
   end
71541a
71541a 
   def self.getSuperuserSession()
71541a 
--
71541a 
1.9.1
71541a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation