Merge pull request #3772 from RussWhitehead/fixLdap

HPCC-8406 Create hpccinternal::user file scope for existing users

Reviewed-By: Jake Smith <jake.smith@lexisnexis.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>

system/security/LdapSecurity/ldapconnection.cpp

@@ -5089,6 +5089,16 @@ private:
 
         return true;
     }
+
+    bool createUserScope(ISecUser& user)
+    {
+        //Add tempfile scope for given user (spill, paused and checkpoint
+        //files will be created under this user specific scope)
+        StringBuffer resName(queryDfsXmlBranchName(DXB_Internal));
+        resName.append("::").append(user.getName());
+        Owned<ISecResource> resource = new CLdapSecResource(resName.str());
+        return addResource(RT_FILE_SCOPE, user, resource, PT_ADMINISTRATORS_AND_USER, m_ldapconfig->getResourceBasedn(RT_FILE_SCOPE));
+    }
 };
 
 int LdapUtils::getServerInfo(const char* ldapserver, int ldapport, StringBuffer& domainDN, LdapServerType& stype, const char* domainname)

system/security/LdapSecurity/ldapconnection.hpp

@@ -187,6 +187,7 @@ interface ILdapClient : extends IInterface
     virtual int countResources(const char* basedn, const char* searchstr, int limit) = 0;
     virtual ILdapConfig* queryConfig() = 0;
     virtual const char* getPasswordStorageScheme() = 0;
+    virtual bool createUserScope(ISecUser& user) = 0;
 };
 
 ILdapClient* createLdapClient(IPropertyTree* cfg);

system/security/LdapSecurity/ldapsecurity.cpp

@@ -1216,6 +1216,19 @@ bool CLdapSecManager::getUserInfo(ISecUser& user, const char* infotype)
     return m_ldap_client->getUserInfo(user, infotype);
 }
 
+bool CLdapSecManager::createUserScopes()
+{
+    Owned<ISecUserIterator> it = getAllUsers();
+    it->first();
+    while(it->isValid())
+    {
+        ISecUser &user = it->get();
+        if (!m_ldap_client->createUserScope(user))
+            PROGLOG("Error creating scope for user '%s'", user.getName());
+        it->next();
+    }
+    return true;
+}
 
 extern "C"
 {

system/security/LdapSecurity/ldapsecurity.ipp

@@ -438,6 +438,7 @@ public:
     {
         return m_passwordExpirationWarningDays;
     }
+    virtual bool createUserScopes();
 };
 
 #endif

system/security/shared/basesecurity.hpp

@@ -284,6 +284,8 @@ public:
         return m_passwordExpirationWarningDays;
     }
 
+    virtual bool createUserScopes() {UNIMPLEMENTED; return false;}
+
 protected:
     const char* getServer(){return m_dbserver.toCharArray();}
     const char* getUser(){return m_dbuser.toCharArray();}

system/security/shared/defaultsecuritymanager.hpp

@@ -79,7 +79,7 @@ public:
 
         return true;
     }
-
+    virtual bool createUserScopes() { return false; }
 };
 
 class CLocalSecurityManager : public CDefaultSecurityManager

system/security/shared/seclib.hpp

@@ -298,6 +298,7 @@ interface ISecManager : extends IInterface
     virtual bool authorizeWorkunitScope(ISecUser & user, ISecResourceList * resources) = 0;
     virtual const char * getDescription() = 0;
     virtual unsigned getPasswordExpirationWarningDays() = 0;
+    virtual bool createUserScopes() = 0;
 };
 
 interface IExtSecurityManager

tools/CMakeLists.txt

@@ -16,6 +16,7 @@
 HPCC_ADD_SUBDIRECTORY (esdl)
 HPCC_ADD_SUBDIRECTORY (hidl)
 HPCC_ADD_SUBDIRECTORY (backupnode "PLATFORM")
+HPCC_ADD_SUBDIRECTORY (addScopes "PLATFORM")
 HPCC_ADD_SUBDIRECTORY (combine "PLATFORM")
 HPCC_ADD_SUBDIRECTORY (dumpkey "PLATFORM")
 HPCC_ADD_SUBDIRECTORY (keydiff "PLATFORM")

tools/addScopes/CMakeLists.txt

@@ -0,0 +1,52 @@
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+
+# Component: addScopes 
+
+#####################################################
+# Description:
+# ------------
+#    Cmake Input File for addScopes
+#####################################################
+
+
+project( addScopes ) 
+
+set (    SRCS 
+         addScopes.cpp 
+    )
+
+include_directories ( 
+         ./../../system/security/LdapSecurity
+         ./../../system/security/shared 
+         ./../../system/jlib 
+         ./../../system/include 
+    )
+
+ADD_DEFINITIONS( -D_CONSOLE )
+
+
+HPCC_ADD_EXECUTABLE ( addScopes ${SRCS} )
+install ( TARGETS addScopes RUNTIME DESTINATION ${EXEC_DIR} )
+
+
+
+target_link_libraries ( addScopes 
+         jlib
+         LdapSecurity 
+    )
+
+

tools/addScopes/addScopes.cpp

@@ -0,0 +1,76 @@
+/*##############################################################################
+
+    HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+############################################################################## */
+
+#include "seclib.hpp"
+#include "ldapsecurity.hpp"
+#include "jliball.hpp"
+
+#ifndef _WIN32
+#include <unistd.h>
+#endif
+
+int main(int argc, char* argv[])
+{
+    if(argc != 2)
+    {
+        printf("usage: addScopes daliconf.xml\n");
+        printf("\n\n\tCreates user-specific LDAP private file scopes 'hpccinternal::<user>'\n\tand grants users access to their scope. The configuration file\n\tdaliconf.xml is the dali configuration file, typically\n\tfound in /var/lib/HPCCSystems/mydali");
+        return -1;
+    }
+
+    InitModuleObjects();
+
+    try
+    {
+        Owned<IPropertyTree> cfg = createPTreeFromXMLFile(argv[1]);
+        Owned<IPropertyTree> seccfg = cfg->getPropTree(".//ldapSecurity");
+        if(seccfg == NULL)
+        {
+            printf("ldapSecurity not found\n");
+            return -1;
+        }
+#ifdef _NO_LDAP
+        printf("System was built with _NO_LDAP\n");
+        return -1;
+#else
+        Owned<ISecManager> secmgr = newLdapSecManager("addScopes", *LINK(seccfg));
+        if(secmgr == NULL)
+        {
+            printf("Security manager can't be created\n");
+            return -1;
+        }
+        bool ok = secmgr->createUserScopes();
+        if(ok)
+            printf("User scopes added\n");
+        else
+            printf("Some scopes not added\n");
+#endif
+    }
+    catch(IException* e)
+    {
+        StringBuffer errmsg;
+        e->errorMessage(errmsg);
+        printf("%s\n", errmsg.str());
+    }
+    catch(...)
+    {
+        printf("Unknown exception\n");
+    }
+
+    releaseAtoms();
+    return 0;
+}

tools/addScopes/sourcedoc.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+################################################################################
+#    HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+################################################################################
+-->
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+<section>
+    <title>tools/addScopes</title>
+
+    <para>
+        The tools/addScopes directory contains the sources for the tools/addScopes tool.
+    </para>
+</section>