Merge branch 'auth'

* auth:
  fix osdGetRoles
  oops
  Add showauth executable
  getgrouplist() on OSX has different sig.
  auth fix mingw static
  fix search PeerInfo
  PeerInfo in pva/server.h and pva/sharedstate.h
  make PeerInfo available during search phase
  auth status void accidental success.
  minor doc
  always need to link with netapi32 now
  authorize with local group lookup
  Add osdGetRoles()
  authorization framework
  pvasr show PeerInfo
  redo security (aka. access control)
  remove asCheck

# Conflicts:
#	src/server/pv/responseHandlers.h
#	src/server/responseHandlers.cpp
This commit is contained in:
Michael Davidsaver
2019-05-12 14:40:29 -07:00
38 changed files with 1139 additions and 911 deletions

View File

@@ -115,7 +115,7 @@ void ServerContextImpl::loadConfiguration()
Configuration::const_shared_pointer config = configuration;
// TODO for now just a simple switch
int32 debugLevel = config->getPropertyAsInteger(PVACCESS_DEBUG, 0);
int32 debugLevel = config->getPropertyAsInteger(PVACCESS_DEBUG, 0); // actually $EPICS_PVA_DEBUG
if (debugLevel > 0)
SET_LOG_LEVEL(logLevelDebug);
@@ -398,7 +398,7 @@ void ServerContextImpl::printInfo(ostream& str, int lvl)
{
const Transport::shared_pointer& transport(*it);
str<<"client "<<transport->getType()<<"://"<<transport->getRemoteName()
str<<" "<<transport->getType()<<"://"<<transport->getRemoteName()
<<" ver="<<unsigned(transport->getRevision())
<<" "<<(transport->isClosed()?"closed!":"");
@@ -406,6 +406,31 @@ void ServerContextImpl::printInfo(ostream& str, int lvl)
if(casTransport) {
str<<" "<<(casTransport ? casTransport->getChannelCount() : size_t(-1))<<" channels";
PeerInfo::const_shared_pointer peer;
{
epicsGuard<epicsMutex> G(casTransport->_mutex);
peer = casTransport->_peerInfo;
}
if(peer) {
str<<" user: "<<peer->authority<<"/"<<peer->account;
if(!peer->realm.empty())
str<<"@"<<peer->realm;
if(lvl>=2 && !peer->roles.empty()) {
str<<" groups:";
int n=0;
for(PeerInfo::roles_t::const_iterator it(peer->roles.begin()), end(peer->roles.end()); it!=end; ++it, ++n) {
if(n)
str<<',';
str<<(*it);
}
}
if(lvl>=3 && peer->aux) {
str<<" aux. auth.:\n";
format::indent_scope I(str);
str<<(*peer->aux);
}
}
}
str<<"\n";
@@ -533,12 +558,6 @@ epicsTimeStamp& ServerContextImpl::getStartTime()
return _startTime;
}
const Context::securityPlugins_t& ServerContextImpl::getSecurityPlugins()
{
return SecurityPluginRegistry::instance().getServerSecurityPlugins();
}
ServerContext::shared_pointer startPVAServer(std::string const & providerNames, int timeToRun, bool runInSeparateThread, bool printInfo)
{
ServerContext::shared_pointer ret(ServerContext::create(ServerContext::Config()