2013-02-27 21:49:03 +01:00
|
|
|
/******************************************************************************
|
|
|
|
* Icinga 2 *
|
2014-03-19 01:02:29 +01:00
|
|
|
* Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
|
2013-02-27 21:49:03 +01:00
|
|
|
* *
|
|
|
|
* This program is free software; you can redistribute it and/or *
|
|
|
|
* modify it under the terms of the GNU General Public License *
|
|
|
|
* as published by the Free Software Foundation; either version 2 *
|
|
|
|
* of the License, or (at your option) any later version. *
|
|
|
|
* *
|
|
|
|
* This program is distributed in the hope that it will be useful, *
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
|
* GNU General Public License for more details. *
|
|
|
|
* *
|
|
|
|
* You should have received a copy of the GNU General Public License *
|
|
|
|
* along with this program; if not, write to the Free Software Foundation *
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
|
|
|
******************************************************************************/
|
|
|
|
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "icinga/usergroup.hpp"
|
|
|
|
#include "config/objectrule.hpp"
|
|
|
|
#include "base/dynamictype.hpp"
|
|
|
|
#include "base/objectlock.hpp"
|
|
|
|
#include "base/logger_fwd.hpp"
|
|
|
|
#include "base/context.hpp"
|
|
|
|
#include "base/workqueue.hpp"
|
2013-03-16 21:18:53 +01:00
|
|
|
#include <boost/foreach.hpp>
|
2013-02-27 21:49:03 +01:00
|
|
|
|
|
|
|
using namespace icinga;
|
|
|
|
|
2013-03-01 12:07:52 +01:00
|
|
|
REGISTER_TYPE(UserGroup);
|
2013-02-27 21:49:03 +01:00
|
|
|
|
2014-04-23 12:44:36 +02:00
|
|
|
INITIALIZE_ONCE(&UserGroup::RegisterObjectRuleHandler);
|
|
|
|
|
|
|
|
void UserGroup::RegisterObjectRuleHandler(void)
|
|
|
|
{
|
2014-08-17 17:57:20 +02:00
|
|
|
ObjectRule::RegisterType("UserGroup", &UserGroup::EvaluateObjectRules);
|
2014-04-23 12:44:36 +02:00
|
|
|
}
|
|
|
|
|
2014-08-17 17:57:20 +02:00
|
|
|
bool UserGroup::EvaluateObjectRuleOne(const User::Ptr& user, const ObjectRule& rule)
|
2014-04-23 12:44:36 +02:00
|
|
|
{
|
|
|
|
DebugInfo di = rule.GetDebugInfo();
|
|
|
|
|
|
|
|
std::ostringstream msgbuf;
|
|
|
|
msgbuf << "Evaluating 'object' rule (" << di << ")";
|
|
|
|
CONTEXT(msgbuf.str());
|
|
|
|
|
|
|
|
Dictionary::Ptr locals = make_shared<Dictionary>();
|
|
|
|
locals->Set("user", user);
|
|
|
|
|
|
|
|
if (!rule.EvaluateFilter(locals))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
std::ostringstream msgbuf2;
|
|
|
|
msgbuf2 << "Assigning membership for group '" << rule.GetName() << "' to user '" << user->GetName() << "' for rule " << di;
|
2014-05-28 13:45:45 +02:00
|
|
|
Log(LogDebug, "UserGroup", msgbuf2.str());
|
2014-04-23 12:44:36 +02:00
|
|
|
|
|
|
|
String group_name = rule.GetName();
|
|
|
|
UserGroup::Ptr group = UserGroup::GetByName(group_name);
|
|
|
|
|
|
|
|
if (!group) {
|
2014-05-28 13:45:45 +02:00
|
|
|
Log(LogCritical, "UserGroup", "Invalid membership assignment. Group '" + group_name + "' does not exist.");
|
2014-04-23 12:44:36 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* assign user group membership */
|
|
|
|
group->ResolveGroupMembership(user, true);
|
|
|
|
|
2014-05-01 23:53:38 +02:00
|
|
|
/* update groups attribute for apply */
|
|
|
|
user->AddGroup(group_name);
|
|
|
|
|
2014-04-23 12:44:36 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-05-17 20:13:25 +02:00
|
|
|
void UserGroup::EvaluateObjectRule(const ObjectRule& rule)
|
|
|
|
{
|
2014-09-02 13:02:22 +02:00
|
|
|
BOOST_FOREACH(const User::Ptr& user, DynamicType::GetObjectsByType<User>()) {
|
2014-05-17 20:13:25 +02:00
|
|
|
CONTEXT("Evaluating group membership in '" + rule.GetName() + "' for user '" + user->GetName() + "'");
|
|
|
|
|
|
|
|
EvaluateObjectRuleOne(user, rule);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-04-23 12:44:36 +02:00
|
|
|
void UserGroup::EvaluateObjectRules(const std::vector<ObjectRule>& rules)
|
|
|
|
{
|
2014-05-17 20:13:25 +02:00
|
|
|
ParallelWorkQueue upq;
|
2014-04-23 12:44:36 +02:00
|
|
|
|
2014-05-17 20:13:25 +02:00
|
|
|
BOOST_FOREACH(const ObjectRule& rule, rules) {
|
|
|
|
upq.Enqueue(boost::bind(UserGroup::EvaluateObjectRule, boost::cref(rule)));
|
2014-04-23 12:44:36 +02:00
|
|
|
}
|
2014-05-17 20:13:25 +02:00
|
|
|
|
|
|
|
upq.Join();
|
2014-04-23 12:44:36 +02:00
|
|
|
}
|
|
|
|
|
2013-08-20 11:06:04 +02:00
|
|
|
std::set<User::Ptr> UserGroup::GetMembers(void) const
|
2013-02-27 21:49:03 +01:00
|
|
|
{
|
2014-03-11 10:40:37 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_UserGroupMutex);
|
2013-08-20 11:06:04 +02:00
|
|
|
return m_Members;
|
2013-02-27 21:49:03 +01:00
|
|
|
}
|
|
|
|
|
2013-08-20 11:06:04 +02:00
|
|
|
void UserGroup::AddMember(const User::Ptr& user)
|
2013-02-27 21:49:03 +01:00
|
|
|
{
|
2014-03-11 10:40:37 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_UserGroupMutex);
|
2013-08-20 11:06:04 +02:00
|
|
|
m_Members.insert(user);
|
2013-02-27 21:49:03 +01:00
|
|
|
}
|
|
|
|
|
2013-08-20 11:06:04 +02:00
|
|
|
void UserGroup::RemoveMember(const User::Ptr& user)
|
2013-02-27 21:49:03 +01:00
|
|
|
{
|
2014-03-11 10:40:37 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_UserGroupMutex);
|
2013-08-20 11:06:04 +02:00
|
|
|
m_Members.erase(user);
|
2013-02-27 21:49:03 +01:00
|
|
|
}
|
2014-04-14 20:59:41 +02:00
|
|
|
|
|
|
|
bool UserGroup::ResolveGroupMembership(User::Ptr const& user, bool add, int rstack) {
|
|
|
|
|
|
|
|
if (add && rstack > 20) {
|
2014-05-28 13:45:45 +02:00
|
|
|
Log(LogWarning, "UserGroup", "Too many nested groups for group '" + GetName() + "': User '" +
|
2014-04-14 20:59:41 +02:00
|
|
|
user->GetName() + "' membership assignment failed.");
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
Array::Ptr groups = GetGroups();
|
|
|
|
|
|
|
|
if (groups && groups->GetLength() > 0) {
|
|
|
|
ObjectLock olock(groups);
|
|
|
|
|
|
|
|
BOOST_FOREACH(const String& name, groups) {
|
|
|
|
UserGroup::Ptr group = UserGroup::GetByName(name);
|
|
|
|
|
|
|
|
if (group && !group->ResolveGroupMembership(user, add, rstack + 1))
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (add)
|
|
|
|
AddMember(user);
|
|
|
|
else
|
|
|
|
RemoveMember(user);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|