Alon Bar-Lev has uploaded a new change for review. Change subject: aaa: use Authn.Capabilities.AUTHENTICATE_CREDENTIALS correctly ......................................................................
aaa: use Authn.Capabilities.AUTHENTICATE_CREDENTIALS correctly Topic: AAA Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1120720 Change-Id: I8ed1d4523ddf2bcefb3f1b1be868e4caf6c04ad7 Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthn.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthn.java 3 files changed, 26 insertions(+), 12 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/04/32804/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java index 843b94c..7f38e3a 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java @@ -182,7 +182,7 @@ return false; } - if (!isPasswordAuth(authnExtension)) { + if (!AuthzUtils.supportsPasswordAuthentication(authnExtension)) { log.errorFormat( "Can't login user \"{0}\" because the authentication profile \"{1}\" doesn't support password " + @@ -349,18 +349,26 @@ Authn.Capabilities.AUTHENTICATE_PASSWORD) != 0; } + private boolean isCredentialsAuth(ExtensionProxy authnExtension) { + return (authnExtension.getContext().<Long> get(Authn.ContextKeys.CAPABILITIES).longValue() & + Authn.Capabilities.AUTHENTICATE_CREDENTIALS) != 0; + } + private ExtMap authenticate(AuthenticationProfile profile, String user, String password) { ExtensionProxy authnExtension = profile.getAuthn(); ExtMap authRecord = null; - ExtensionProxy mapper = profile.getMapper(); - if (mapper != null) { - user = mapper.invoke(new ExtMap().mput( - Base.InvokeKeys.COMMAND, - Mapping.InvokeCommands.MAP_USER - ).mput( - Mapping.InvokeKeys.USER, - user), - true).<String> get(Mapping.InvokeKeys.USER, user); + + if (isCredentialsAuth(authnExtension)) { + ExtensionProxy mapper = profile.getMapper(); + if (mapper != null) { + user = mapper.invoke(new ExtMap().mput( + Base.InvokeKeys.COMMAND, + Mapping.InvokeCommands.MAP_USER + ).mput( + Mapping.InvokeKeys.USER, + user), + true).<String> get(Mapping.InvokeKeys.USER, user); + } } ExtMap outputMap = authnExtension.invoke(new ExtMap().mput( diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthn.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthn.java index 811af90..016d5eb 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthn.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthn.java @@ -77,7 +77,10 @@ "N/A" ).mput( Authn.ContextKeys.CAPABILITIES, - Authn.Capabilities.AUTHENTICATE_PASSWORD + ( + Authn.Capabilities.AUTHENTICATE_CREDENTIALS | + Authn.Capabilities.AUTHENTICATE_PASSWORD + ) ).mput( Base.ContextKeys.BUILD_INTERFACE_VERSION, Base.INTERFACE_VERSION_CURRENT); diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthn.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthn.java index 90b03bc..b09da6d 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthn.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthn.java @@ -71,7 +71,10 @@ "N/A" ).mput( Authn.ContextKeys.CAPABILITIES, - Authn.Capabilities.AUTHENTICATE_PASSWORD + ( + Authn.Capabilities.AUTHENTICATE_CREDENTIALS | + Authn.Capabilities.AUTHENTICATE_PASSWORD + ) ).mput( Base.ContextKeys.BUILD_INTERFACE_VERSION, Base.INTERFACE_VERSION_CURRENT); -- To view, visit http://gerrit.ovirt.org/32804 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8ed1d4523ddf2bcefb3f1b1be868e4caf6c04ad7 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
