HPCC-16677 Implement Sec Mgr Session Management

Add security token set/query to ISecUser/CLDAPSecUser. Don't authenticate if
security token is present in CLDAPSecUser.

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>

system/security/LdapSecurity/ldapsecurity.cpp

@@ -202,9 +202,19 @@ bool CLdapSecUser::setEncodedPassword(SecPasswordEncoding enc, void * pw, unsign
     return FALSE;  //not supported yet
 }
 
-bool CLdapSecUser::addToken(unsigned type, void * data, unsigned length)
+bool CLdapSecUser::addToken(MemoryBuffer * token)
 {
-    return FALSE;  //not supported yet
+    m_mbToken.clear().append(*token);
+    return true;
+}
+
+bool CLdapSecUser::getToken(MemoryBuffer * token)
+{
+    if (m_mbToken.length() == 0)
+        return false;
+    if(token)
+        token->append(m_mbToken);
+    return true;
 }
 
 void CLdapSecUser::copyTo(ISecUser& destination)
@@ -228,6 +238,7 @@ void CLdapSecUser::copyTo(ISecUser& destination)
     dest->setUserID(m_userid);
     dest->setPasswordExpiration(m_passwordExpiration);
     dest->setDistinguishedName(m_distinguishedName);
+    dest->credentials().addToken(&m_mbToken);
 }
 
 ISecUser * CLdapSecUser::clone()
@@ -645,13 +656,20 @@ bool CLdapSecManager::authenticate(ISecUser* user)
         return true;
     }
 
-    bool ok = m_ldap_client->authenticate(*user);
-    if(ok)
+    if (user->credentials().getToken(nullptr))//Token exist?
     {
+        user->setAuthenticateStatus(AS_AUTHENTICATED);
         if(m_permissionsCache->isCacheEnabled() && !m_usercache_off)
             m_permissionsCache->add(*user);
+        return true;
+    }
 
+    bool ok = m_ldap_client->authenticate(*user);
+    if(ok)
+    {
         user->setAuthenticateStatus(AS_AUTHENTICATED);
+        if(m_permissionsCache->isCacheEnabled() && !m_usercache_off)
+            m_permissionsCache->add(*user);
     }
 
     return ok;

system/security/LdapSecurity/ldapsecurity.ipp

@@ -67,6 +67,7 @@ private:
     StringAttr   m_sudoHost;
     StringAttr   m_sudoCommand;
     StringAttr   m_sudoOption;
+    MemoryBuffer m_mbToken;
 
 public:
     IMPLEMENT_IINTERFACE
@@ -153,7 +154,8 @@ public:
     bool setPassword(const char * pw);
     const char* getPassword();
     bool setEncodedPassword(SecPasswordEncoding enc, void * pw, unsigned length, void * salt, unsigned saltlen);
-    bool addToken(unsigned type, void * data, unsigned length);
+    bool addToken(MemoryBuffer * token);
+    bool getToken(MemoryBuffer * token);
 
 // Posix specific fields
     virtual void setGidnumber(const char* gidnumber)

system/security/shared/SecureUser.hpp

@@ -212,10 +212,16 @@ public:
         return m_pw.str();
     }
 
-    bool addToken(unsigned type, void * data, unsigned length)
+    bool addToken(MemoryBuffer * token)
     {
         return false;  //not supported yet
     }
+
+    bool getToken(MemoryBuffer * token)
+    {
+        return false; //not supported yet
+    }
+
     virtual unsigned getUserID()
     {
         return m_userID;
@@ -254,7 +260,6 @@ public:
         }
 
 
-        //addToken is not currently implemented....
 //      DBGLOG("Copied name %s to %s",getName(),destination.getName());
     }
 

system/security/shared/seclib.hpp

@@ -142,7 +142,8 @@ interface ISecCredentials : extends IInterface
 {
     virtual bool setPassword(const char * pw) = 0;
     virtual const char * getPassword() = 0;
-    virtual bool addToken(unsigned type, void * data, unsigned length) = 0;
+    virtual bool addToken(MemoryBuffer * token) = 0;
+    virtual bool getToken(MemoryBuffer * token) = 0;
     virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
     virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
     virtual int getPasswordDaysRemaining() = 0;