From 9f871c65b203a4a0057f2174473aede665782f10 Mon Sep 17 00:00:00 2001
From: Dmitry Ivanov <ivadmi5@gmail.com>
Date: Fri, 30 Jun 2023 22:10:38 +0300
Subject: [PATCH] feat: Pass user to auth_method::authenticator_check_request
This is required for LDAP authentication, because we need
username to format the corresponding DN.
NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch
---
src/box/auth_chap_sha1.c | 2 ++
src/box/auth_md5.c | 2 ++
src/box/authentication.c | 4 ++--
src/box/authentication.h | 9 ++++++---
4 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/box/auth_chap_sha1.c b/src/box/auth_chap_sha1.c
index af2b1534e3..113f7016fc 100644
--- a/src/box/auth_chap_sha1.c
+++ b/src/box/auth_chap_sha1.c
@@ -250,10 +250,12 @@ auth_chap_sha1_authenticator_delete(struct authenticator *auth_)
/** auth_method::authenticator_check_request */
static bool
auth_chap_sha1_authenticate_request(const struct authenticator *auth_,
+ const char *user,
const char *salt,
const char *auth_request,
const char *auth_request_end)
{
+ (void)user;
const struct auth_chap_sha1_authenticator *auth =
(const struct auth_chap_sha1_authenticator *)auth_;
uint32_t scramble_len;
diff --git a/src/box/auth_md5.c b/src/box/auth_md5.c
index 17ce39087c..b373ba1eb0 100644
--- a/src/box/auth_md5.c
+++ b/src/box/auth_md5.c
@@ -205,10 +205,12 @@ auth_md5_authenticator_delete(struct authenticator *auth_)
/** auth_method::authenticator_check_request */
static bool
auth_md5_authenticate_request(const struct authenticator *auth_,
+ const char *user,
const char *salt,
const char *auth_request,
const char *auth_request_end)
{
+ (void)user;
const struct auth_md5_authenticator *auth =
(const struct auth_md5_authenticator *)auth_;
uint32_t client_pass_len;
diff --git a/src/box/authentication.c b/src/box/authentication.c
index 602e59d293..9e2f020675 100644
--- a/src/box/authentication.c
+++ b/src/box/authentication.c
@@ -49,7 +49,7 @@ authenticate_password(const struct authenticator *auth,
const char *auth_request, *auth_request_end;
auth_request_prepare(auth->method, password, password_len, user, salt,
&auth_request, &auth_request_end);
- bool ret = authenticate_request(auth, salt, auth_request,
+ bool ret = authenticate_request(auth, user, salt, auth_request,
auth_request_end);
region_truncate(region, region_svp);
return ret;
@@ -109,7 +109,7 @@ authenticate(const char *user_name, uint32_t user_name_len,
return -1;
if (user == NULL || user->def->auth == NULL ||
user->def->auth->method != method ||
- !authenticate_request(user->def->auth, salt,
+ !authenticate_request(user->def->auth, user->def->name, salt,
auth_request, auth_request_end)) {
auth_res.is_authenticated = false;
if (session_run_on_auth_triggers(&auth_res) != 0)
diff --git a/src/box/authentication.h b/src/box/authentication.h
index 1c1b932bf8..35fd4cfe21 100644
--- a/src/box/authentication.h
+++ b/src/box/authentication.h
@@ -138,6 +138,7 @@ struct auth_method {
*/
bool
(*authenticate_request)(const struct authenticator *auth,
+ const char *user,
const char *salt,
const char *auth_request,
const char *auth_request_end);
@@ -191,13 +192,15 @@ authenticator_delete(struct authenticator *auth)
* NOTE: the request must be well-formed (checked by auth_request_check).
*/
static inline bool
-authenticate_request(const struct authenticator *auth, const char *salt,
+authenticate_request(const struct authenticator *auth,
+ const char *user, const char *salt,
const char *auth_request, const char *auth_request_end)
{
assert(auth->method->auth_request_check(auth->method, auth_request,
auth_request_end) == 0);
- return auth->method->authenticate_request(
- auth, salt, auth_request, auth_request_end);
+ return auth->method->authenticate_request(auth, user, salt,
+ auth_request,
+ auth_request_end);
}
/**
--
GitLab