|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-API] [PATCH] CA-40755: session-subject-identifier-{list, logout} should handle group sids
ocaml/xapi/xapi_session.ml | 30 ++++++++++++++++++++++++++++--
1 files changed, 28 insertions(+), 2 deletions(-)
# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1271953741 -3600
# Node ID 57d03d3de165d5272ba269b0aa73b9b92cd19a78
# Parent 7098db83d64668d4457d606bb2568ee70d413651
CA-40755: session-subject-identifier-{list,logout} should handle group sids
Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>
diff -r 7098db83d646 -r 57d03d3de165 ocaml/xapi/xapi_session.ml
--- a/ocaml/xapi/xapi_session.ml Thu Apr 22 17:29:01 2010 +0100
+++ b/ocaml/xapi/xapi_session.ml Thu Apr 22 17:29:01 2010 +0100
@@ -624,6 +624,19 @@
let session_id = Context.get_session_id __context in
Xapi_local_session.destroy ~__context ~self:session_id
+
+let get_group_subject_identifier_from_session ~__context ~session =
+ let subj = Db.Session.get_subject ~__context ~self:session in
+ try
+ Db.Subject.get_subject_identifier ~__context ~self:subj
+ with
+ | Db_exn.DBCache_NotFound ("missing row",_,_) ->
+ (* expected error: subject was removed from subject list *)
+ ""
+ | e -> (* unexpected error *)
+ debug "error obtaining sid from subject %s from session %s: %s"
(Ref.string_of subj) (Ref.string_of session) (ExnHelper.string_of_exn e);
+ ""
+
let get_all_subject_identifiers ~__context =
let all_sessions = Db.Session.get_all ~__context in
let all_extauth_sessions = List.filter (fun session ->
@@ -631,11 +644,17 @@
not (Db.Session.get_is_local_superuser ~__context ~self:session)
) all_sessions in
(* we only want to return sids of externally-authenticated sessions *)
- let all_sids = List.map (fun session ->
+ let all_auth_user_sids_in_sessions = List.map (fun session ->
Db.Session.get_auth_user_sid ~__context ~self:session
) all_extauth_sessions in
+ let all_subject_list_sids_in_sessions = (List.filter (fun e->e<>"")
+ (List.map (fun session ->
+ (* TODO: better to look up the membership closure *)
+ get_group_subject_identifier_from_session ~__context
~session
+ ) all_extauth_sessions)
+ ) in
(* avoid returning repeated sids *)
- Listext.List.setify all_sids
+ Listext.List.setify
(all_auth_user_sids_in_sessions@all_subject_list_sids_in_sessions)
let logout_subject_identifier ~__context ~subject_identifier=
let all_sessions = Db.Session.get_all ~__context in
@@ -651,7 +670,14 @@
(Db.Session.get_uuid ~__context ~self:s) <>
(Db.Session.get_uuid ~__context ~self:current_session)
&&
(* 3. we only consider those sessions associated with the
specific subject_id received as parameter *)
+ (
+ (* 3.1. the sid of the authenticated user *)
(Db.Session.get_auth_user_sid ~__context ~self:s) =
subject_identifier
+ or
+ (* 3.2. any sids of the group that authenticated the user *)
+ (* TODO: better to look up the membership closure *)
+ (get_group_subject_identifier_from_session ~__context
~session:s) = subject_identifier
+ )
) all_sessions in
debug "This session %s (user=%s subject_identifier=%s) is forcing the
logout of these other sessions associated with subject_identifier=%s:
trackids=[%s]"
Attachment:
xen-api.hg.patch _______________________________________________ xen-api mailing list xen-api@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/mailman/listinfo/xen-api
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |