Skip to content

Commit

Permalink
Adapt to the new API, change dbus API to align too.
Browse files Browse the repository at this point in the history
Co-authored-by: Jean-Baptiste Lallement <[email protected]>
  • Loading branch information
didrocks and jibel committed Aug 9, 2023
1 parent 886eb65 commit 9c9f544
Show file tree
Hide file tree
Showing 7 changed files with 49 additions and 45 deletions.
18 changes: 9 additions & 9 deletions internal/brokers/broker.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ type brokerer interface {
NewSession(ctx context.Context, username, lang string) (sessionID, encryptionKey string, err error)
GetAuthenticationModes(ctx context.Context, sessionID string, supportedUILayouts []map[string]string) (authenticationModes []map[string]string, err error)
SelectAuthenticationMode(ctx context.Context, sessionID, authenticationModeName string) (uiLayoutInfo map[string]string, err error)
IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access, infoUser string, err error)
IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access, data string, err error)
EndSession(ctx context.Context, sessionID string) (err error)
CancelIsAuthorized(ctx context.Context, sessionID string)
}
Expand Down Expand Up @@ -94,7 +94,7 @@ func (b Broker) GetAuthenticationModes(ctx context.Context, sessionID string, su
}

for _, a := range authenticationModes {
for _, key := range []string{"name", "label"} {
for _, key := range []string{"id", "label"} {
if _, exists := a[key]; !exists {
return nil, fmt.Errorf("invalid authentication mode, missing %q key: %v", key, a)
}
Expand All @@ -116,13 +116,13 @@ func (b Broker) SelectAuthenticationMode(ctx context.Context, sessionID, authent
}

// IsAuthorized calls the broker corresponding method, stripping broker ID prefix from sessionID.
func (b Broker) IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access string, userInfo string, err error) {
func (b Broker) IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access string, data string, err error) {
sessionID = b.parseSessionID(sessionID)

// monitor ctx in goroutine to call cancel
done := make(chan struct{})
go func() {
access, userInfo, err = b.brokerer.IsAuthorized(ctx, sessionID, authenticationData)
access, data, err = b.brokerer.IsAuthorized(ctx, sessionID, authenticationData)
close(done)
}()

Expand All @@ -142,14 +142,14 @@ func (b Broker) IsAuthorized(ctx context.Context, sessionID, authenticationData
}

// Validate json
if userInfo == "" {
userInfo = "{}"
if data == "" {
data = "{}"
}
if !json.Valid([]byte(userInfo)) {
return "", "", fmt.Errorf("invalid user information (not json formatted): %v", userInfo)
if !json.Valid([]byte(data)) {
return "", "", fmt.Errorf("invalid user information (not json formatted): %v", data)
}

return access, userInfo, nil
return access, data, nil
}

// EndSession calls the broker corresponding method, stripping broker ID prefix from sessionID.
Expand Down
6 changes: 3 additions & 3 deletions internal/brokers/dbusbroker.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,18 +103,18 @@ func (b dbusBroker) SelectAuthenticationMode(ctx context.Context, sessionID, aut
}

// IsAuthorized calls the corresponding method on the broker bus and returns the user information and access.
func (b dbusBroker) IsAuthorized(_ context.Context, sessionID, authenticationData string) (access, infoUser string, err error) {
func (b dbusBroker) IsAuthorized(_ context.Context, sessionID, authenticationData string) (access, data string, err error) {
dbusMethod := b.interfaceName + ".IsAuthorized"

call := b.dbusObject.Call(dbusMethod, 0, sessionID, authenticationData)
if err = call.Err; err != nil {
return "", "", err
}
if err = call.Store(&access, &infoUser); err != nil {
if err = call.Store(&access, &data); err != nil {
return "", "", err
}

return access, infoUser, nil
return access, data, nil
}

// EndSession calls the corresponding method on the broker bus.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
<arg type="s" direction="in" name="sessionID"/>
<arg type="s" direction="in" name="authenticationData"/>
<arg type="s" direction="out" name="access"/>
<arg type="s" direction="out" name="infoUser"/>
<arg type="s" direction="out" name="data"/>
</method>
<method name="EndSession">
<arg type="s" direction="in" name="sessionID"/>
Expand Down
28 changes: 14 additions & 14 deletions internal/brokers/examplebroker/examplebroker.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,24 +227,24 @@ func (b *Broker) GetAuthenticationModes(ctx context.Context, sessionID string, s
}
b.userLastSelectedModeMu.Unlock()

var allNames []string
var allModeIDs []string
for n := range allModes {
if n == "password" || n == lastSelection {
continue
}
allNames = append(allNames, n)
allModeIDs = append(allModeIDs, n)
}
sort.Strings(allNames)
sort.Strings(allModeIDs)
if lastSelection != "" && lastSelection != "password" {
allNames = append([]string{lastSelection, "password"}, allNames...)
allModeIDs = append([]string{lastSelection, "password"}, allModeIDs...)
} else {
allNames = append([]string{"password"}, allNames...)
allModeIDs = append([]string{"password"}, allModeIDs...)
}

for _, name := range allNames {
authMode := allModes[name]
for _, id := range allModeIDs {
authMode := allModes[id]
authenticationModes = append(authenticationModes, map[string]string{
"name": name,
"id": id,
"label": authMode["selection_label"],
})
}
Expand Down Expand Up @@ -308,7 +308,7 @@ func (b *Broker) SelectAuthenticationMode(ctx context.Context, sessionID, authen
}

// IsAuthorized evaluates the provided authenticationData and returns the authorisation level of the user.
func (b *Broker) IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access, infoUser string, err error) {
func (b *Broker) IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access, data string, err error) {
sessionInfo, err := b.sessionInfo(sessionID)
if err != nil {
return "", "", err
Expand Down Expand Up @@ -338,18 +338,18 @@ func (b *Broker) IsAuthorized(ctx context.Context, sessionID, authenticationData
b.isAuthorizedCallsMu.Unlock()
}()

access, infoUser, err = b.handleIsAuthorized(b.isAuthorizedCalls[sessionID].ctx, sessionInfo, authData)
access, data, err = b.handleIsAuthorized(b.isAuthorizedCalls[sessionID].ctx, sessionInfo, authData)

// Store last successful authentication mode for this user in the broker.
b.userLastSelectedModeMu.Lock()
b.userLastSelectedMode[sessionInfo.username] = sessionInfo.selectedMode
b.userLastSelectedModeMu.Unlock()

return access, infoUser, err
return access, data, err
}

//nolint:unparam // This is an static example implementation, so we don't return an error other than nil.
func (b *Broker) handleIsAuthorized(ctx context.Context, sessionInfo sessionInfo, authData map[string]string) (access, infoUser string, err error) {
func (b *Broker) handleIsAuthorized(ctx context.Context, sessionInfo sessionInfo, authData map[string]string) (access, data string, err error) {
// Note that the "wait" authentication can be cancelled and switch to another mode with a challenge.
// Take into account the cancellation.
switch sessionInfo.selectedMode {
Expand Down Expand Up @@ -437,12 +437,12 @@ func (b *Broker) handleIsAuthorized(ctx context.Context, sessionInfo sessionInfo
}
}

infoUser, exists := users[sessionInfo.username]
data, exists := users[sessionInfo.username]
if !exists {
return responses.AuthDenied, "", nil
}

return responses.AuthAllowed, infoUser, nil
return responses.AuthAllowed, data, nil
}

// EndSession ends the requested session and triggers the necessary clean up steps, if any.
Expand Down
6 changes: 3 additions & 3 deletions internal/brokers/examplebroker/examplebrokerbus.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,12 @@ func (b *Bus) SelectAuthenticationMode(sessionID, authenticationModeName string)
}

// IsAuthorized is the method through which the broker and the daemon will communicate once dbusInterface.IsAuthorized is called.
func (b *Bus) IsAuthorized(sessionID, authenticationData string) (access, infoUser string, dbusErr *dbus.Error) {
access, infoUser, err := b.broker.IsAuthorized(context.Background(), sessionID, authenticationData)
func (b *Bus) IsAuthorized(sessionID, authenticationData string) (access, data string, dbusErr *dbus.Error) {
access, data, err := b.broker.IsAuthorized(context.Background(), sessionID, authenticationData)
if err != nil {
return "", "", dbus.MakeFailedError(err)
}
return access, infoUser, nil
return access, data, nil
}

// EndSession is the method through which the broker and the daemon will communicate once dbusInterface.EndSession is called.
Expand Down
2 changes: 1 addition & 1 deletion internal/brokers/localbroker.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func (b localBroker) SelectAuthenticationMode(ctx context.Context, sessionID, au
}

//nolint:unused // We still need localBroker to implement the brokerer interface, even though this method should never be called on it.
func (b localBroker) IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access, infoUser string, err error) {
func (b localBroker) IsAuthorized(ctx context.Context, sessionID, authenticationData string) (access, data string, err error) {
return "", "", errors.New("IsAuthorized should never be called on local broker")
}

Expand Down
32 changes: 18 additions & 14 deletions internal/services/pam/pam.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,7 @@ func NewService(ctx context.Context, brokerManager *brokers.Manager) Service {
}

// AvailableBrokers returns the list of all brokers with their details.
// It can return the previous broker set for a given user, if any and if provided.
func (s Service) AvailableBrokers(ctx context.Context, req *authd.ABRequest) (*authd.ABResponse, error) {
func (s Service) AvailableBrokers(ctx context.Context, _ *authd.Empty) (*authd.ABResponse, error) {
var r authd.ABResponse

for _, b := range s.brokerManager.AvailableBrokers() {
Expand All @@ -43,11 +42,16 @@ func (s Service) AvailableBrokers(ctx context.Context, req *authd.ABRequest) (*a
})
}

if req.GetUserName() != "" {
b := s.brokerManager.BrokerForUser(req.GetUserName())
if b != nil {
r.PreviousBroker = &b.ID
}
return &r, nil
}

// GetPreviousBroker returns the previous broker set for a given user, if any.
func (s Service) GetPreviousBroker(ctx context.Context, req *authd.GPBRequest) (*authd.GPBResponse, error) {
var r authd.GPBResponse

b := s.brokerManager.BrokerForUser(req.GetUsername())
if b != nil {
r.PreviousBroker = &b.ID
}

return &r, nil
Expand Down Expand Up @@ -121,7 +125,7 @@ func (s Service) GetAuthenticationModes(ctx context.Context, req *authd.GAMReque
var authModes []*authd.GAMResponse_AuthenticationMode
for _, a := range authenticationModes {
authModes = append(authModes, &authd.GAMResponse_AuthenticationMode{
Name: a["name"],
Id: a["id"],
Label: a["label"],
})
}
Expand All @@ -136,12 +140,12 @@ func (s Service) SelectAuthenticationMode(ctx context.Context, req *authd.SAMReq
defer decorate.OnError(&err, "can't select authentication mode")

sessionID := req.GetSessionId()
authenticationModeName := req.GetAuthenticationModeName()
authenticationModeID := req.GetAuthenticationModeId()

if sessionID == "" {
return nil, errors.New("no session ID provided")
}
if authenticationModeName == "" {
if authenticationModeID == "" {
return nil, errors.New("no authentication mode provided")
}

Expand All @@ -150,7 +154,7 @@ func (s Service) SelectAuthenticationMode(ctx context.Context, req *authd.SAMReq
return nil, err
}

uiLayoutInfo, err := broker.SelectAuthenticationMode(ctx, sessionID, authenticationModeName)
uiLayoutInfo, err := broker.SelectAuthenticationMode(ctx, sessionID, authenticationModeID)
if err != nil {
return nil, err
}
Expand All @@ -174,14 +178,14 @@ func (s Service) IsAuthorized(ctx context.Context, req *authd.IARequest) (resp *
return nil, err
}

access, userInfo, err := broker.IsAuthorized(ctx, sessionID, req.GetAuthenticationData())
access, data, err := broker.IsAuthorized(ctx, sessionID, req.GetAuthenticationData())
if err != nil {
return nil, err
}

return &authd.IAResponse{
Access: access,
UserInfo: userInfo,
Access: access,
Data: data,
}, nil
}

Expand Down

0 comments on commit 9c9f544

Please sign in to comment.