From 291779a4a9998e89dfada3c6b9d69db050dfe016 Mon Sep 17 00:00:00 2001 From: Maxim Mamontov Date: Sat, 10 Sep 2011 19:07:13 +0300 Subject: [PATCH] Move authorization from USER to USERS --- include/stg/user.h | 5 +- include/stg/users.h | 4 ++ projects/stargazer/users_impl.cpp | 105 +++++++++++++++++++++++------- projects/stargazer/users_impl.h | 17 +++-- 4 files changed, 100 insertions(+), 31 deletions(-) diff --git a/include/stg/user.h b/include/stg/user.h index f0f77bc0..9cc44df8 100644 --- a/include/stg/user.h +++ b/include/stg/user.h @@ -68,10 +68,10 @@ public: virtual bool GetConnected() const = 0; virtual time_t GetConnectedModificationTime() const = 0; virtual int GetAuthorized() const = 0; - virtual int Authorize(uint32_t ip, + /*virtual int Authorize(uint32_t ip, uint32_t enabledDirs, const AUTH * auth) = 0; - virtual void Unauthorize(const AUTH * auth) = 0; + virtual void Unauthorize(const AUTH * auth) = 0;*/ virtual bool IsAuthorizedBy(const AUTH * auth) const = 0; virtual int AddMessage(STG_MSG * msg) = 0; @@ -99,5 +99,6 @@ public: }; typedef USER * USER_PTR; +typedef const USER * CONST_USER_PTR; #endif diff --git a/include/stg/users.h b/include/stg/users.h index 86286656..80ee8478 100644 --- a/include/stg/users.h +++ b/include/stg/users.h @@ -43,6 +43,10 @@ public: virtual int Add(const std::string & login, const ADMIN * admin) = 0; virtual void Del(const std::string & login, const ADMIN * admin) = 0; + virtual bool Authorize(const std::string & login, uint32_t ip, + uint32_t enabledDirs, const AUTH * auth) = 0; + virtual bool Unauthorize(const std::string & login, const AUTH * auth) = 0; + virtual int ReadUsers() = 0; virtual size_t Count() const = 0; diff --git a/projects/stargazer/users_impl.cpp b/projects/stargazer/users_impl.cpp index fa726560..7b110431 100644 --- a/projects/stargazer/users_impl.cpp +++ b/projects/stargazer/users_impl.cpp @@ -56,8 +56,8 @@ USERS_IMPL::USERS_IMPL(SETTINGS_IMPL * s, STORE * st, TARIFFS * t, const ADMIN * : USERS(), users(), usersToDelete(), - userIPNotifiersBefore(), - userIPNotifiersAfter(), + /*userIPNotifiersBefore(), + userIPNotifiersAfter(),*/ ipIndex(), loginIndex(), settings(s), @@ -269,6 +269,56 @@ if (!priv->userAddDel) } } //----------------------------------------------------------------------------- +bool USERS_IMPL::Authorize(const std::string & login, uint32_t ip, + uint32_t enabledDirs, const AUTH * auth) +{ +user_iter iter; +STG_LOCKER lock(&mutex, __FILE__, __LINE__); +if (FindByNameNonLock(login, &iter)) + { + WriteServLog("Attempt to authorize non-existant user '%s'", login.c_str()); + return false; + } + +if (iter->Authorize(ip, enabledDirs, auth)) + return false; + +if (FindByIPIdx(ip, iter)) + { + if (iter->GetLogin() != login) + { + WriteServLog("Attempt to authorize user '%s' from ip %s which already occupied by '%s'", + login.c_str(), inet_ntostring(ip).c_str(), + iter->GetLogin().c_str()); + return false; + } + return true; + } + +AddToIPIdx(iter); +return true; +} +//----------------------------------------------------------------------------- +bool USERS_IMPL::Unauthorize(const std::string & login, const AUTH * auth) +{ +user_iter iter; +STG_LOCKER lock(&mutex, __FILE__, __LINE__); +if (FindByNameNonLock(login, &iter)) + { + WriteServLog("Attempt to unauthorize non-existant user '%s'", login.c_str()); + return false; + } + +uint32_t ip = iter->GetCurrIP(); + +iter->Unauthorize(auth); + +if (!iter->GetAuthorized()) + DelFromIPIdx(ip); + +return true; +} +//----------------------------------------------------------------------------- int USERS_IMPL::ReadUsers() { vector usersList; @@ -592,45 +642,54 @@ const map::iterator it( ipIndex.find(ip) ); -//assert(it != ipIndex.end() && "User is in index"); if (it == ipIndex.end()) - return; // User has not been added + return; ipIndex.erase(it); } //----------------------------------------------------------------------------- +bool USERS_IMPL::FindByIPIdx(uint32_t ip, user_iter & iter) const +{ +map::const_iterator it(ipIndex.find(ip)); +if (it == ipIndex.end()) + return false; +iter = it->second; +return true; +} +//----------------------------------------------------------------------------- int USERS_IMPL::FindByIPIdx(uint32_t ip, USER_PTR * usr) const { - USER_IMPL * ptr = NULL; - if (FindByIPIdx(ip, &ptr)) - return -1; - *usr = ptr; +STG_LOCKER lock(&mutex, __FILE__, __LINE__); + +user_iter iter; +if (FindByIPIdx(ip, iter)) + { + *usr = &(*iter); return 0; + } + +return -1; } //----------------------------------------------------------------------------- int USERS_IMPL::FindByIPIdx(uint32_t ip, USER_IMPL ** usr) const { STG_LOCKER lock(&mutex, __FILE__, __LINE__); -map::const_iterator it; -it = ipIndex.find(ip); - -if (it == ipIndex.end()) +user_iter iter; +if (FindByIPIdx(ip, iter)) { - //printfd(__FILE__, "User NOT found in IP_Index!!!\n"); - return -1; + *usr = &(*iter); + return 0; } -*usr = &(*it->second); -//printfd(__FILE__, "User found in IP_Index\n"); -return 0; + +return -1; } //----------------------------------------------------------------------------- bool USERS_IMPL::IsIPInIndex(uint32_t ip) const { STG_LOCKER lock(&mutex, __FILE__, __LINE__); -map::const_iterator it; -it = ipIndex.find(ip); +map::const_iterator it(ipIndex.find(ip)); return it != ipIndex.end(); } @@ -746,21 +805,21 @@ void USERS_IMPL::SetUserNotifiers(user_iter user) { STG_LOCKER lock(&mutex, __FILE__, __LINE__); -PROPERTY_NOTIFER_IP_BEFORE nb(*this, user); +/*PROPERTY_NOTIFER_IP_BEFORE nb(*this, user); PROPERTY_NOTIFER_IP_AFTER na(*this, user); userIPNotifiersBefore.push_front(nb); userIPNotifiersAfter.push_front(na); user->AddCurrIPBeforeNotifier(&(*userIPNotifiersBefore.begin())); -user->AddCurrIPAfterNotifier(&(*userIPNotifiersAfter.begin())); +user->AddCurrIPAfterNotifier(&(*userIPNotifiersAfter.begin()));*/ } //----------------------------------------------------------------------------- void USERS_IMPL::UnSetUserNotifiers(user_iter user) { STG_LOCKER lock(&mutex, __FILE__, __LINE__); -list::iterator bi; +/*list::iterator bi; list::iterator ai; bi = userIPNotifiersBefore.begin(); @@ -787,7 +846,7 @@ while (ai != userIPNotifiersAfter.end()) break; } ++ai; - } + }*/ } //----------------------------------------------------------------------------- void USERS_IMPL::AddUserIntoIndexes(user_iter user) diff --git a/projects/stargazer/users_impl.h b/projects/stargazer/users_impl.h index 4c586b06..de1a2d40 100644 --- a/projects/stargazer/users_impl.h +++ b/projects/stargazer/users_impl.h @@ -56,7 +56,7 @@ typedef std::list::const_iterator const_user_iter; class USERS_IMPL; //----------------------------------------------------------------------------- -class PROPERTY_NOTIFER_IP_BEFORE: public PROPERTY_NOTIFIER_BASE { +/*class PROPERTY_NOTIFER_IP_BEFORE: public PROPERTY_NOTIFIER_BASE { public: PROPERTY_NOTIFER_IP_BEFORE(USERS_IMPL & us, user_iter u) : users(us), user(u) {} void Notify(const uint32_t & oldValue, const uint32_t & newValue); @@ -74,7 +74,7 @@ public: private: USERS_IMPL & users; user_iter user; -}; +};*/ //----------------------------------------------------------------------------- struct USER_TO_DEL { USER_TO_DEL() @@ -113,6 +113,10 @@ public: int Add(const std::string & login, const ADMIN * admin); void Del(const std::string & login, const ADMIN * admin); + bool Authorize(const std::string & login, uint32_t ip, + uint32_t enabledDirs, const AUTH * auth); + bool Unauthorize(const std::string & login, const AUTH * auth); + int ReadUsers(); size_t Count() const { return users.size(); } @@ -131,6 +135,7 @@ public: private: void AddToIPIdx(user_iter user); void DelFromIPIdx(uint32_t ip); + bool FindByIPIdx(uint32_t ip, user_iter & iter) const; int FindByNameNonLock(const std::string & login, user_iter * user); @@ -152,8 +157,8 @@ private: std::list users; std::list usersToDelete; - std::list userIPNotifiersBefore; - std::list userIPNotifiersAfter; + /*std::list userIPNotifiersBefore; + std::list userIPNotifiersAfter;*/ std::map ipIndex; std::map loginIndex; @@ -179,7 +184,7 @@ private: std::set*> onDelNotifiersImpl; }; //----------------------------------------------------------------------------- -inline +/*inline void PROPERTY_NOTIFER_IP_BEFORE::Notify(const uint32_t & oldValue, const uint32_t &) { @@ -201,6 +206,6 @@ if (!newValue) //EVENT_LOOP_SINGLETON::GetInstance().Enqueue(users, &USERS::AddToIPIdx, user); // Using explicit call to assure that index is valid, because fast reconnect with delayed call can result in authorization error users.AddToIPIdx(user); -} +}*/ //----------------------------------------------------------------------------- #endif -- 2.44.2