diff options
Diffstat (limited to 'src/modules/UserConfigBackendKrb5')
-rw-r--r-- | src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.cpp | 53 | ||||
-rw-r--r-- | src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.h | 11 |
2 files changed, 43 insertions, 21 deletions
diff --git a/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.cpp b/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.cpp index 94e3506..b10dbcf 100644 --- a/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.cpp +++ b/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.cpp @@ -21,13 +21,15 @@ #include <Core/ConfigEntry.h> #include <Core/ThreadManager.h> +#include <boost/thread/locks.hpp> + #include <cstring> namespace Mad { namespace Modules { namespace UserConfigBackendKrb5 { -void UserConfigBackendKrb5::connect() { +void UserConfigBackendKrb5::_connect() { if(principal.empty()) { application->log(Core::Logger::LOG_USER, Core::Logger::LOG_ERROR, "UserConfigBackendKrb5: no principal given"); return; @@ -96,6 +98,8 @@ bool UserConfigBackendKrb5::handleConfigEntry(const Core::ConfigEntry &entry, bo if(!entry[1].getKey().matches("Krb5")) return false; + boost::lock_guard<boost::mutex> lock(mutex); + if(entry[2].getKey().matches("Realm")) { if(entry[3].empty()) realm = entry[2][0]; @@ -122,6 +126,11 @@ bool UserConfigBackendKrb5::handleConfigEntry(const Core::ConfigEntry &entry, bo return true; } +void UserConfigBackendKrb5::configFinished() { + boost::lock_guard<boost::mutex> lock(mutex); + _connect(); +} + void UserConfigBackendKrb5::checkUserInfo(const Common::UserInfo &userInfo) throw(Core::Exception) { if(std::strcspn(userInfo.getUsername().c_str(), "/@") != userInfo.getUsername().length()) @@ -129,11 +138,13 @@ void UserConfigBackendKrb5::checkUserInfo(const Common::UserInfo &userInfo) thro } void UserConfigBackendKrb5::addUser(const Common::UserInfo &userInfo) throw(Core::Exception) { + application->getThreadManager()->detach(); + + boost::lock_guard<boost::mutex> lock(mutex); + if(!context || !handle) throw Core::Exception(Core::Exception::NOT_AVAILABLE); - application->getThreadManager()->detach(); - std::string princStr = userInfo.getUsername() + "@" + realm; kadm5_principal_ent_rec princ; @@ -154,7 +165,7 @@ void UserConfigBackendKrb5::addUser(const Common::UserInfo &userInfo) throw(Core err = kadm5_create_principal(handle, &princ, KADM5_PRINCIPAL|KADM5_ATTRIBUTES, dummybuf); if(err == KADM5_RPC_ERROR && retryCount > 0) { application->log(Core::Logger::LOG_USER, Core::Logger::LOG_VERBOSE, "Connection to kerberos admin server lost. Reconnecting..."); - connect(); + _connect(); --retryCount; } } while(err == KADM5_RPC_ERROR && retryCount >= 0); @@ -167,7 +178,7 @@ void UserConfigBackendKrb5::addUser(const Common::UserInfo &userInfo) throw(Core err = kadm5_randkey_principal(handle, princ.principal, 0, 0); if(err == KADM5_RPC_ERROR && retryCount > 0) { application->log(Core::Logger::LOG_USER, Core::Logger::LOG_VERBOSE, "Connection to kerberos admin server lost. Reconnecting..."); - connect(); + _connect(); --retryCount; } } while(err == KADM5_RPC_ERROR && retryCount >= 0); @@ -181,7 +192,7 @@ void UserConfigBackendKrb5::addUser(const Common::UserInfo &userInfo) throw(Core err = kadm5_modify_principal(handle, &princ, KADM5_ATTRIBUTES); if(err == KADM5_RPC_ERROR && retryCount > 0) { application->log(Core::Logger::LOG_USER, Core::Logger::LOG_VERBOSE, "Connection to kerberos admin server lost. Reconnecting..."); - connect(); + _connect(); --retryCount; } } while(err == KADM5_RPC_ERROR && retryCount >= 0); @@ -193,22 +204,30 @@ void UserConfigBackendKrb5::addUser(const Common::UserInfo &userInfo) throw(Core } void UserConfigBackendKrb5::updateUser(const Common::UserInfo &oldUserInfo, const Common::UserInfo &userInfo) throw(Core::Exception) { - if(!context || !handle) - throw Core::Exception(Core::Exception::NOT_AVAILABLE); + application->getThreadManager()->detach(); - if(oldUserInfo.getUsername() == userInfo.getUsername()) - return; + { + boost::lock_guard<boost::mutex> lock(mutex); + + if(!context || !handle) + throw Core::Exception(Core::Exception::NOT_AVAILABLE); + + if(oldUserInfo.getUsername() == userInfo.getUsername()) + return; + } deleteUser(oldUserInfo); addUser(userInfo); } void UserConfigBackendKrb5::deleteUser(const Common::UserInfo &userInfo) throw(Core::Exception) { + application->getThreadManager()->detach(); + + boost::lock_guard<boost::mutex> lock(mutex); + if(!context || !handle) throw Core::Exception(Core::Exception::NOT_AVAILABLE); - application->getThreadManager()->detach(); - std::string princStr = userInfo.getUsername() + "@" + realm; krb5_principal princ; @@ -223,7 +242,7 @@ void UserConfigBackendKrb5::deleteUser(const Common::UserInfo &userInfo) throw(C err = kadm5_delete_principal(handle, princ); if(err == KADM5_RPC_ERROR && retryCount > 0) { application->log(Core::Logger::LOG_USER, Core::Logger::LOG_VERBOSE, "Connection to kerberos admin server lost. Reconnecting..."); - connect(); + _connect(); --retryCount; } } while(err == KADM5_RPC_ERROR && retryCount >= 0); @@ -235,11 +254,13 @@ void UserConfigBackendKrb5::deleteUser(const Common::UserInfo &userInfo) throw(C } void UserConfigBackendKrb5::setPassword(const Common::UserInfo &userInfo, const std::string &password) throw(Core::Exception) { + application->getThreadManager()->detach(); + + boost::lock_guard<boost::mutex> lock(mutex); + if(!context || !handle) throw Core::Exception(Core::Exception::NOT_AVAILABLE); - application->getThreadManager()->detach(); - std::string princStr = userInfo.getUsername() + "@" + realm; krb5_principal princ; @@ -253,7 +274,7 @@ void UserConfigBackendKrb5::setPassword(const Common::UserInfo &userInfo, const err = kadm5_chpass_principal(handle, princ, const_cast<char*>(password.c_str())); if(err == KADM5_RPC_ERROR && retryCount > 0) { application->log(Core::Logger::LOG_USER, Core::Logger::LOG_VERBOSE, "Connection to kerberos admin server lost. Reconnecting..."); - connect(); + _connect(); --retryCount; } } while(err == KADM5_RPC_ERROR && retryCount >= 0); diff --git a/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.h b/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.h index 11c7187..c2b35fe 100644 --- a/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.h +++ b/src/modules/UserConfigBackendKrb5/UserConfigBackendKrb5.h @@ -26,6 +26,8 @@ #include <Core/Configurable.h> #include <Core/ConfigManager.h> +#include <boost/thread/mutex.hpp> + #define USE_KADM5_API_VERSION 2 #include <kadm5/admin.h> @@ -37,20 +39,19 @@ class UserConfigBackendKrb5 : public Common::UserConfigBackend, private Core::Co private: Common::Application *application; + boost::mutex mutex; + std::string realm, principal, server; std::string password, keytab; krb5_context context; void *handle; - void connect(); + void _connect(); protected: virtual bool handleConfigEntry(const Core::ConfigEntry &entry, bool handled); - - virtual void configFinished() { - connect(); - } + virtual void configFinished(); virtual void checkUserInfo(const Common::UserInfo &userInfo) throw(Core::Exception); |