HPCC-10126 htpasswd Authentication Modify Users Issue

When HTPASSWD authentication is enabled, LDAP specific features such as
permissions, grouping,etc are not supported. This pull request adds a new
error message "LDAP Security manager is required for this feature. Please
 enable LDAP in the system configuration" that is now displayed any time
these features are selected

Signed-off-by: William Whitehead <william.whitehead@lexisnexis.com>

esp/services/ws_access/ws_accessService.cpp

@@ -26,6 +26,7 @@
 #include <set>
 
 #define MSG_SEC_MANAGER_IS_NULL "Security manager is not found. Please check if the system authentication is set up correctly"
+#define MSG_SEC_MANAGER_ISNT_LDAP "LDAP Security manager is required for this feature. Please enable LDAP in the system configuration"
 
 #define MAX_USERS_DISPLAY 400
 #define MAX_RESOURCES_DISPLAY 3000
@@ -167,6 +168,14 @@ void Cws_accessEx::init(IPropertyTree *cfg, const char *process, const char *ser
 
 }
 
+CLdapSecManager* Cws_accessEx::queryLDAPSecurityManager(IEspContext &context)
+{
+    ISecManager* secMgr = context.querySecManager();
+    if(secMgr && secMgr->querySecMgrType() != SMT_LDAP)
+        throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_ISNT_LDAP);
+    return dynamic_cast<CLdapSecManager*>(secMgr);
+}
+
 void Cws_accessEx::setBasedns(IEspContext &context)
 {
     CLdapSecManager* secmgr = (CLdapSecManager*)(context.querySecManager());
@@ -364,7 +373,7 @@ bool Cws_accessEx::onUsers(IEspContext &context, IEspUserRequest &req, IEspUserR
 {
     try
     {
-        CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
+        CLdapSecManager* secmgr = queryLDAPSecurityManager(context);
 
         double version = context.getClientVersion();
         if (version > 1.03)
@@ -597,7 +606,7 @@ bool Cws_accessEx::onGroups(IEspContext &context, IEspGroupRequest &req, IEspGro
 {
     try
     {
-        CLdapSecManager* secmgr0 = dynamic_cast<CLdapSecManager*>(context.querySecManager());
+        CLdapSecManager* secmgr0 = queryLDAPSecurityManager(context);
 
         double version = context.getClientVersion();
         if (version > 1.03)
@@ -836,7 +845,7 @@ bool Cws_accessEx::onGroupAction(IEspContext &context, IEspGroupActionRequest &r
     {
         checkUser(context);
 
-        CLdapSecManager* secmgr = (CLdapSecManager*)(context.querySecManager());
+        CLdapSecManager* secmgr = queryLDAPSecurityManager(context);
         if(secmgr == NULL)
             throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
 
@@ -1267,7 +1276,7 @@ bool Cws_accessEx::onPermissions(IEspContext &context, IEspBasednsRequest &req,
 {
     try
     {
-        CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
+        CLdapSecManager* secmgr = queryLDAPSecurityManager(context);
 
         double version = context.getClientVersion();
         if (version > 1.03)
@@ -1307,7 +1316,7 @@ bool Cws_accessEx::onResources(IEspContext &context, IEspResourcesRequest &req,
     {
         checkUser(context);
 
-        CLdapSecManager* secmgr = (CLdapSecManager*)context.querySecManager();
+        CLdapSecManager* secmgr = queryLDAPSecurityManager(context);
         if(secmgr == NULL)
             throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
 
@@ -2416,13 +2425,11 @@ bool Cws_accessEx::onPermissionAction(IEspContext &context, IEspPermissionAction
         resp.setRtype(req.getRtype());
         resp.setRtitle(req.getRtitle());
         resp.setPrefix(req.getPrefix());
-        ISecManager* secmgr = context.querySecManager();
+        CLdapSecManager* ldapsecmgr = queryLDAPSecurityManager(context);
 
-        if(secmgr == NULL)
+        if(ldapsecmgr == NULL)
             throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
 
-        CLdapSecManager* ldapsecmgr = (CLdapSecManager*)secmgr;
-
         CPermissionAction paction;
         paction.m_basedn.append(req.getBasedn());
 
@@ -2985,9 +2992,9 @@ bool Cws_accessEx::onAccountPermissions(IEspContext &context, IEspAccountPermiss
 
         double version = context.getClientVersion();
 
-        ISecManager* secmgr = context.querySecManager();
+        CLdapSecManager* ldapsecmgr = queryLDAPSecurityManager(context);
 
-        if(secmgr == NULL)
+        if(ldapsecmgr == NULL)
             throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
 
         const char* username = req.getAccountName();
@@ -3003,7 +3010,6 @@ bool Cws_accessEx::onAccountPermissions(IEspContext &context, IEspAccountPermiss
             setBasedns(context);
         }
 
-        CLdapSecManager* ldapsecmgr = (CLdapSecManager*)secmgr;
         StringArray groupnames;
         if (version > 1.02 && !bGroupAccount && bIncludeGroup)
         {
@@ -3100,7 +3106,7 @@ bool Cws_accessEx::onAccountPermissions(IEspContext &context, IEspAccountPermiss
             }
 
             IArrayOf<ISecResource> resources;
-            if(secmgr->getResources(rtype, aBasedn, resources))
+            if(ldapsecmgr->getResources(rtype, aBasedn, resources))
             {
                 ForEachItemIn(y1, resources)
                 {
@@ -3315,7 +3321,7 @@ bool Cws_accessEx::onFilePermission(IEspContext &context, IEspFilePermissionRequ
 {
     try
     {
-        CLdapSecManager* secmgr = dynamic_cast<CLdapSecManager*>(context.querySecManager());
+        CLdapSecManager* secmgr = queryLDAPSecurityManager(context);
         double version = context.getClientVersion();
         if (version > 1.03)
         {

esp/services/ws_access/ws_accessService.hpp

@@ -78,6 +78,7 @@ class Cws_accessEx : public Cws_access
     void getBaseDNsForAddingPermssionToAccount(CLdapSecManager* secmgr, const char* prefix, const char* accountName, 
         int accountType, StringArray& basednNames);
     int enableDisableScopeScans(IEspContext &context, bool doEnable, StringBuffer &retMsg);
+    CLdapSecManager* queryLDAPSecurityManager(IEspContext &context);
 
 public:
     IMPLEMENT_IINTERFACE;

system/security/LdapSecurity/ldapsecurity.ipp

@@ -442,6 +442,7 @@ public:
     virtual int queryDefaultPermission(ISecUser& user);
     virtual bool clearPermissionsCache(ISecUser &user);
     virtual bool authenticateUser(ISecUser & user, bool &superUser);
+    virtual secManagerType querySecMgrType() { return SMT_LDAP; }
 };
 
 #endif

system/security/htpasswdSecurity/htpasswdSecurity.cpp

@@ -37,6 +37,11 @@ public:
 		userMap.kill();
 	}
 
+	secManagerType querySecMgrType()
+	{
+		return SMT_HTPasswd;
+	}
+
 	IAuthMap * createAuthMap(IPropertyTree * authconfig)
 	{
 		CAuthMap* authmap = new CAuthMap(this);

system/security/shared/defaultsecuritymanager.hpp

@@ -82,6 +82,7 @@ public:
     virtual bool createUserScopes() { return false; }
     virtual aindex_t getManagedFileScopes(IArrayOf<ISecResource>& scopes) { return 0; }
     virtual int queryDefaultPermission(ISecUser& user) { return SecAccess_Full; }
+    virtual secManagerType querySecMgrType() { return SMT_Default; }
 };
 
 class CLocalSecurityManager : public CDefaultSecurityManager
@@ -93,6 +94,7 @@ public:
     IAuthMap * createAuthMap(IPropertyTree * authconfig);
 protected:
     virtual bool IsPasswordValid(ISecUser& sec_user);
+    virtual secManagerType querySecMgrType() { return SMT_Local; }
 };
 
 

system/security/shared/seclib.hpp

@@ -257,6 +257,14 @@ interface IAuthMap : extends IInterface
     virtual ISecResourceList * getResourceList(const char * path) = 0;
 };
 
+enum secManagerType
+{
+    SMT_New,
+    SMT_Default,
+    SMT_Local,
+    SMT_LDAP,
+    SMT_HTPasswd
+};
 interface ISecManager : extends IInterface
 {
     virtual ISecUser * createUser(const char * user_name) = 0;
@@ -300,6 +308,7 @@ interface ISecManager : extends IInterface
     virtual int queryDefaultPermission(ISecUser& user) = 0;
     virtual bool clearPermissionsCache(ISecUser & user) = 0;
     virtual bool authenticateUser(ISecUser & user, bool &superUser) = 0;
+    virtual secManagerType querySecMgrType() = 0;
 };
 
 interface IExtSecurityManager