Logo Search packages:      
Sourcecode: schroot version File versions  Download package

auth::status session::get_auth_status (  )  const [virtual]

Check if authentication is required, taking groups and root-groups membership or all chroots specified into account.

Reimplemented from sbuild::auth.

Reimplemented in dchroot::session.

Definition at line 214 of file sbuild-session.cc.

References sbuild::auth::change_auth(), chroots, config, sbuild::auth::get_ruid(), sbuild::auth::get_uid(), sbuild::auth::STATUS_FAIL, sbuild::auth::STATUS_NONE, and sbuild::auth::STATUS_USER.

{
  assert(!this->chroots.empty());
  if (this->config.get() == 0) return auth::STATUS_FAIL;

  auth::status status = auth::STATUS_NONE;

  /* @todo Use set difference rather than iteration and
     is_group_member. */
  for (string_list::const_iterator cur = this->chroots.begin();
       cur != this->chroots.end();
       ++cur)
    {
      const chroot::ptr chroot = this->config->find_alias(*cur);
      if (!chroot) // Should never happen, but cater for it anyway.
      {
        log_warning() << format(_("No chroot found matching alias '%1%'"))
          % *cur
                  << endl;
        status = change_auth(status, auth::STATUS_FAIL);
      }

      string_list const& groups = chroot->get_groups();
      string_list const& root_groups = chroot->get_root_groups();

      if (!groups.empty())
      {
        bool in_groups = false;
        bool in_root_groups = false;

        if (!groups.empty())
          {
            for (string_list::const_iterator gp = groups.begin();
               gp != groups.end();
               ++gp)
            if (is_group_member(*gp))
              in_groups = true;
          }

        if (!root_groups.empty())
          {
            for (string_list::const_iterator gp = root_groups.begin();
               gp != root_groups.end();
               ++gp)
            if (is_group_member(*gp))
              in_root_groups = true;
          }

        /*
         * No auth required if in root groups and changing to root,
         * or if the uid is not changing.  If not in a group,
         * authentication fails immediately.
         */
        if (in_groups == true &&
            ((this->get_uid() == 0 && in_root_groups == true) ||
             (this->get_ruid() == this->get_uid())))
          {
            status = change_auth(status, auth::STATUS_NONE);
          }
        else if (in_groups == true) // Auth required if not in root group
          {
            status = change_auth(status, auth::STATUS_USER);
          }
        else // Not in any groups
          {
            status = change_auth(status, auth::STATUS_FAIL);
          }
      }
      else // No available groups entries means no access to anyone
      {
        status = change_auth(status, auth::STATUS_FAIL);
      }
    }

  return status;
}


Generated by  Doxygen 1.6.0   Back to index