WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

[Xen-API] [PATCH] CA-40755: session-subject-identifier-{list, logout} sh

To: xen-api <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-API] [PATCH] CA-40755: session-subject-identifier-{list, logout} should handle group sids
From: Marcus Granado <marcus.granado@xxxxxxxxxx>
Date: Thu, 22 Apr 2010 17:44:35 +0100
Delivery-date: Thu, 22 Apr 2010 09:48:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mercurial-patchbomb/1.4.3
 ocaml/xapi/xapi_session.ml |  30 ++++++++++++++++++++++++++++--
 1 files changed, 28 insertions(+), 2 deletions(-)


# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1271953741 -3600
# Node ID 57d03d3de165d5272ba269b0aa73b9b92cd19a78
# Parent  7098db83d64668d4457d606bb2568ee70d413651
CA-40755: session-subject-identifier-{list,logout} should handle group sids

Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>

diff -r 7098db83d646 -r 57d03d3de165 ocaml/xapi/xapi_session.ml
--- a/ocaml/xapi/xapi_session.ml        Thu Apr 22 17:29:01 2010 +0100
+++ b/ocaml/xapi/xapi_session.ml        Thu Apr 22 17:29:01 2010 +0100
@@ -624,6 +624,19 @@
        let session_id = Context.get_session_id __context in
        Xapi_local_session.destroy ~__context ~self:session_id
 
+
+let get_group_subject_identifier_from_session ~__context ~session =
+       let subj = Db.Session.get_subject ~__context ~self:session in
+       try
+               Db.Subject.get_subject_identifier ~__context ~self:subj
+       with
+       |       Db_exn.DBCache_NotFound ("missing row",_,_) ->
+               (* expected error: subject was removed from subject list *)
+               ""
+       | e -> (* unexpected error *)
+               debug "error obtaining sid from subject %s from session %s: %s" 
(Ref.string_of subj) (Ref.string_of session) (ExnHelper.string_of_exn e);
+               ""
+
 let get_all_subject_identifiers ~__context = 
        let all_sessions = Db.Session.get_all ~__context in
        let all_extauth_sessions = List.filter (fun session ->
@@ -631,11 +644,17 @@
                not (Db.Session.get_is_local_superuser ~__context ~self:session)
                ) all_sessions in
        (* we only want to return sids of externally-authenticated sessions *)
-       let all_sids = List.map (fun session ->
+       let all_auth_user_sids_in_sessions = List.map (fun session ->
                Db.Session.get_auth_user_sid ~__context ~self:session
        ) all_extauth_sessions in
+       let all_subject_list_sids_in_sessions = (List.filter (fun e->e<>"")
+               (List.map (fun session ->
+                       (* TODO: better to look up the membership closure *)
+                       get_group_subject_identifier_from_session ~__context 
~session
+               ) all_extauth_sessions)
+       ) in
        (* avoid returning repeated sids *)
-       Listext.List.setify all_sids
+       Listext.List.setify 
(all_auth_user_sids_in_sessions@all_subject_list_sids_in_sessions)
        
 let logout_subject_identifier ~__context ~subject_identifier=
        let all_sessions = Db.Session.get_all ~__context in
@@ -651,7 +670,14 @@
                (Db.Session.get_uuid ~__context ~self:s) <> 
(Db.Session.get_uuid ~__context ~self:current_session)
                &&
                (* 3. we only consider those sessions associated with the 
specific subject_id received as parameter *)
+               (
+               (* 3.1. the sid of the authenticated user *)
                (Db.Session.get_auth_user_sid ~__context ~self:s) = 
subject_identifier
+                       or
+               (* 3.2. any sids of the group that authenticated the user *)
+               (* TODO: better to look up the membership closure *)
+               (get_group_subject_identifier_from_session ~__context 
~session:s)       = subject_identifier
+               )
                
        ) all_sessions in
        debug "This session %s (user=%s subject_identifier=%s) is forcing the 
logout of these other sessions associated with subject_identifier=%s: 
trackids=[%s]"

Attachment: xen-api.hg.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>