Merge branch 'candidate-5.6.6' into candidate-6.0.4

Signed-off-by: Gavin Halliday <gavin.halliday@lexisnexis.com>

Conflicts:
	system/security/shared/basesecurity.hpp
	version.cmake

dali/server/daldap.cpp

@@ -144,12 +144,20 @@ public:
             Owned<ISecUser> user = ldapsecurity->createUser(username);
             if (user) {
                 user->credentials().setPassword(password);
-                if (filescope)
-                    perm=ldapsecurity->authorizeFileScope(*user, obj);
-                else if (wuscope)
-                    perm=ldapsecurity->authorizeWorkunitScope(*user, obj);
-                if (perm==-1)
-                    perm = 0;
+                if (!ldapsecurity->authenticateUser(*user, NULL))
+                {
+                    PROGLOG("LDAP: getPermissions(%s) scope=%s user=%s fails authentication",key?key:"NULL",obj?obj:"NULL",username.str());
+                    perm = SecAccess_None;//deny
+                }
+                else
+                {
+                    if (filescope)
+                        perm=ldapsecurity->authorizeFileScope(*user, obj);
+                    else if (wuscope)
+                        perm=ldapsecurity->authorizeWorkunitScope(*user, obj);
+                    if (perm==-1)
+                        perm = 0;
+                }
             }
             unsigned taken = msTick()-start;
 #ifndef _DEBUG
@@ -175,7 +183,6 @@ public:
         }
         return 255;
     }
-
     bool clearPermissionsCache(IUserDescriptor *udesc)
     {
         if (!ldapsecurity || ((getLDAPflags() & DLF_ENABLED) == 0))
@@ -198,7 +205,7 @@ public:
         udesc->getPassword(password);
         Owned<ISecUser> user = ldapsecurity->createUser(username);
         user->credentials().setPassword(password);
-        if (!ldapsecurity->authenticateUser(*user,superUser) || !superUser)
+        if (!ldapsecurity->authenticateUser(*user, &superUser) || !superUser)
         {
             *err = -1;
             return false;

system/security/LdapSecurity/ldapsecurity.cpp

@@ -1307,11 +1307,12 @@ bool CLdapSecManager::clearPermissionsCache(ISecUser& user)
     }
     return true;
 }
-bool CLdapSecManager::authenticateUser(ISecUser & user, bool &superUser)
+bool CLdapSecManager::authenticateUser(ISecUser & user, bool *superUser)
 {
     if (!authenticate(&user))
         return false;
-    superUser = isSuperUser(&user);
+    if (superUser)
+        *superUser = isSuperUser(&user);
     return true;
 }
 

system/security/LdapSecurity/ldapsecurity.ipp

@@ -446,7 +446,7 @@ public:
     virtual aindex_t getManagedFileScopes(IArrayOf<ISecResource>& scopes);
     virtual int queryDefaultPermission(ISecUser& user);
     virtual bool clearPermissionsCache(ISecUser &user);
-    virtual bool authenticateUser(ISecUser & user, bool &superUser);
+    virtual bool authenticateUser(ISecUser & user, bool * superUser);
     virtual secManagerType querySecMgrType() { return SMT_LDAP; }
     inline virtual const char* querySecMgrTypeName() { return "LdapSecurity"; }
 };

system/security/shared/seclib.hpp

@@ -310,7 +310,7 @@ interface ISecManager : extends IInterface
     virtual aindex_t getManagedFileScopes(IArrayOf<ISecResource>& scopes) = 0;
     virtual int queryDefaultPermission(ISecUser& user) = 0;
     virtual bool clearPermissionsCache(ISecUser & user) = 0;
-    virtual bool authenticateUser(ISecUser & user, bool &superUser) = 0;
+    virtual bool authenticateUser(ISecUser & user, bool * superUser) = 0;
     virtual secManagerType querySecMgrType() = 0;
     virtual const char* querySecMgrTypeName() = 0;
 };