Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce RBAC checking via custom authHandler function #218

Open
wants to merge 28 commits into
base: v1.x/staging
Choose a base branch
from
Open

Introduce RBAC checking via custom authHandler function #218

wants to merge 28 commits into from

Conversation

DivergentEuropeans
Copy link
Member

@DivergentEuropeans DivergentEuropeans commented May 24, 2021
edited
Loading

PR (2 of 2)
PR 1: zowe/zss#281

Signed-off-by: Leanid Astrakou [email protected]

@lchudinov
Copy link
Contributor

lchudinov commented May 24, 2021
edited by DivergentEuropeans
Loading

The code is questionable because it introduces a dependency on zss by calling functions defined there.

Could we introduce int registerHttpMiddleware(HttpServer *server, HttpMiddleware *middleware); where HttpMiddleware has a pointer to a callback that HttpServer would call at the beginning of serveRequest function. Here is a propotype:

typedef bool (*MiddlewareCallback)(HttpServer *server, HttpResponse *response, HttpMiddleware *middleware);

typedef struct HttpMiddleware {
  HttpMiddlewareCallback middlewareFunction;
  ///...
  HttpMIddleware *next;
} HttpMiddleware;

struct HttpServer {
  //...
  HttpMiddleware *middlewareList; // list of middleware
}
// in zss
HttpMiddleware *middleware = makeMiddleware(...);
middleware->middlewareFunction = myFunction;
registerHttpMiddleware(server, middleware);

Edit (@DivergentEuropeans ) : This has now been addressed

@DivergentEuropeans DivergentEuropeans changed the base branch from master to staging June 5, 2021 01:37
@DivergentEuropeans DivergentEuropeans changed the title (WIP) Some prototype RBAC checking + unfinished comments Introduce RBAC checking via custom authHandler function Jun 7, 2021
@DivergentEuropeans DivergentEuropeans marked this pull request as ready for review June 7, 2021 14:04
@DivergentEuropeans
Removed comment
c5c9bac 
Signed-off-by: Leanid Astrakou <[email protected]>
@DivergentEuropeans
Code review changes
20ad412 
Signed-off-by: Leanid Astrakou <[email protected]>
@DivergentEuropeans
Removed unneeded comment
1673b5f 
Signed-off-by: Leanid Astrakou <[email protected]>
@DivergentEuropeans DivergentEuropeans mentioned this pull request Jun 11, 2021
Open
Leonty Chudinov added 6 commits June 23, 2021 17:49
Some code cleanup
632cb11 
Signed-off-by: Leonty Chudinov <[email protected]>
Revert back to integer authType
517679b 
Signed-off-by: Leonty Chudinov <[email protected]>
Remove SERVICE_AUTH_NATIVE_WITH_SESSION_TOKEN_NO_RBAC
305ab94 
Signed-off-by: Leonty Chudinov <[email protected]>
Refactor authorization code
be35a36 
Signed-off-by: Leonty Chudinov <[email protected]>
Provide ability to pass userData into AuthorizationCheck
166c715 
Signed-off-by: Leonty Chudinov <[email protected]>
Minor refactoring
be5f0e5 
Signed-off-by: Leonty Chudinov <[email protected]>
ifakhrutdinov
ifakhrutdinov reviewed Jul 6, 2021
View reviewed changes
c/httpserver.c Outdated Show resolved Hide resolved
c/httpserver.c Show resolved Hide resolved
ifakhrutdinov
ifakhrutdinov reviewed Aug 31, 2021
View reviewed changes
c/httpserver.c Outdated Show resolved Hide resolved
Leonty Chudinov and others added 2 commits August 31, 2021 12:54
Add return code for registerHttpAuthorizationHandler
9d7f631 
Signed-off-by: Leonty Chudinov <[email protected]>
@lchudinov
Merge pull request #233 from lchudinov/feature/add-return-code-for-re…
2a1ab84 
…gisterHttpAuthorizationHandler

Add return code for registerHttpAuthorizationHandler
ifakhrutdinov
ifakhrutdinov reviewed Aug 31, 2021
View reviewed changes
h/httpserver.h Outdated Show resolved Hide resolved
Leonty Chudinov and others added 2 commits August 31, 2021 13:48
Rename AuthorizationHandler to HttpAuthorize
e736e8d 
Signed-off-by: Leonty Chudinov <[email protected]>
@ifakhrutdinov
Merge pull request #234 from lchudinov/feature/rename-authorization-h…
2f45fb2 
…andler

Rename AuthorizationHandler to HttpAuthorize
ifakhrutdinov
ifakhrutdinov approved these changes Aug 31, 2021
View reviewed changes
Copy link
Contributor

@ifakhrutdinov ifakhrutdinov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, @lchudinov please also have a look, I think you're more familiar with the changes and the goals of those changes

ifakhrutdinov
ifakhrutdinov approved these changes Oct 21, 2021
View reviewed changes
Copy link
Contributor

@ifakhrutdinov ifakhrutdinov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, @rocketjared, perhaps you're interested in these changes.

@lchudinov, please re-review, it's always good to go over changes related to security multiple times

c/httpserver.c
if (!head) {
server->authorizationHandlerList = handler;
} else {
while (head->next != NULL) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A nit: you could've used first/last pointers to do O(1) insertion:

if (server->firstAuthHandler) {
  server->lastAuthHandler->next = handler;
} else {
  server->firstAuthHandler = handler;
}
server->lastAuthHandler = handler;

Or if you don't care about the current order:

handler->next = server->authorizationHandlerList;
server->authorizationHandlerList = handler;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The implementation not so critical for now as we have only one authorization handler. It can be improved in the future when we for sure know what we want to optimize.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lchudinov lchudinov lchudinov approved these changes

@ifakhrutdinov ifakhrutdinov ifakhrutdinov approved these changes

@1000TurquoisePogs 1000TurquoisePogs Awaiting requested review from 1000TurquoisePogs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DivergentEuropeans @lchudinov @ifakhrutdinov