OPENBUS-3008 nova operação em validadores de senha

A API passou a esperar o retorno de duas funções caso a carga seja
feita corretamente. A segunda função retornada será usada para o término
do ciclo de vida do validador, seja na recarga dele ou no término do
busservices.
parent 2edd21cc
......@@ -358,6 +358,20 @@ function AccessControl:shutdown()
unschedule(sweeper)
end
self.sweeper = false -- indicate no sweeper shall run anymore
for _, validator in pairs(self.passwordValidators) do
if type(validator) == "table" and type(validator.finalize) == "function" then
local ok, errmsg = xpcall(validator.finalize, traceback)
if not ok then
log:exception(msg.FailedPasswordValidatorFinalization:tag{
validator = validator.name,
errmsg = errmsg,
})
end
log:admin(msg.PasswordValidatorTerminated:tag{
validator = validator.name
})
end
end
log:admin(msg.AccessControlShutDown)
end
......@@ -410,8 +424,8 @@ function AccessControl:loginByPassword(entity, pubkey, encrypted)
log:exception(msg.TooManyFailedValidations:tag{entity=entity,wait=wait})
NO_RESOURCES{ completed = "COMPLETED_YES", minor = 0x42555000 }
end
for validator, validate in pairs(self.passwordValidators) do
local ok, valid, errmsg = xpcall(validate, traceback, entity, decoded.data)
for _, validator in pairs(self.passwordValidators) do
local ok, valid, errmsg = xpcall(validator.validate, traceback, entity, decoded.data)
if not ok then
ServiceFailure{
message = msg.FailedPasswordValidation:tag{
......
......@@ -158,27 +158,37 @@ return function(...)
})
return false, errcode.UnableToLoadPasswordValidator, result
end
local validate, errmsg = result(Configs)
local validate, finalize = result(Configs)
if validate == nil then
local errmsg = finalize
log:misconfig(msg.UnableToInitializePasswordValidator:tag{
validator = package,
error = errmsg,
})
return false, errcode.UnableToInitializePasswordValidator, result
return false, errcode.UnableToInitializePasswordValidator, errmsg
end
return true, validate
return true, validate, finalize
end
local validators = {}
local function loadValidator(validator)
local loaded
if validators[validator] then
pcall(validators[validator].finalize)
package.loaded[validator] = nil
loaded = true
end
local res, validate, errmsg = loadValidatorModule(validator)
if res then
validators[validator] = validate
local ok, validate, finalize = loadValidatorModule(validator)
if not ok then
local errcode = validate
local errmsg = finalize
return false, errcode, errmsg
else
validators[validator] = {
name = validator,
validate = validate,
finalize = finalize,
}
local suffix
if loaded then
suffix = "Reloaded"
......@@ -187,18 +197,16 @@ return function(...)
end
local phrase = "PasswordValidator"..suffix
log:config(msg[phrase]:tag{name=validator})
else
return nil, validate, errmsg
end
return true
end
local function loadValidators(action)
local function loadValidators()
local hasValidator = false
for _, validator in pairs(Configs.validator) do
if not hasValidator then hasValidator = true end
local res, validate = loadValidator(validator)
if not res then return false, validate end
local ok, errcode, errmsg = loadValidator(validator)
if not ok then return false, errcode, errmsg end
end
if not hasValidator then
log:misconfig(msg.NoPasswordValidators)
......@@ -259,7 +267,7 @@ return function(...)
setLogLevel("oil", Configs.oilloglevel)
resetMaxChannels(orb, Configs.maxchannels)
setAdminUsers()
loadValidators("reload")
loadValidators()
end
end
......
......@@ -89,12 +89,11 @@ return function(configs)
})
]=])
local openldap
local openldap, service
do
local oil = require "oil"
local orb = oil.init{ flavor = "cooperative.client;corba.client" }
orb:loadidl(idl)
local service
repeat
local ior = oil.readfrom(iorpath)
if ior ~= nil then
......@@ -108,8 +107,9 @@ return function(configs)
end
end
return
-- validate function to be used in runtime
return function(entity, password)
function(entity, password)
-- avoid blank password because this may be allowed as an anonymous bind
local blankpatt ="^[%s%c%z]*$"
if type(entity) ~= "string" or entity:match(blankpatt) or
......@@ -138,5 +138,9 @@ return function(configs)
end
end
return nil, msg.LdapAccessFailed:tag{errmsg=concat(errmsg,"; ")}
end,
-- finalize function to be used when shutting down the main process
function()
service:shutdown()
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment