mirror of https://gitee.com/bigwinds/arangodb
fix nullptr access to usermanager object (#7095)
This commit is contained in:
Jan
GitHub
parent
78af18dfd2
commit
8d88cb49df
|
|
@ -50,10 +50,10 @@ AuthenticationFeature::AuthenticationFeature(
|
|||
_authCache(nullptr),
|
||||
_authenticationUnixSockets(true),
|
||||
_authenticationSystemOnly(true),
|
||||
_authenticationTimeout(0.0),
|
||||
_localAuthentication(true),
|
||||
_jwtSecretProgramOption(""),
|
||||
_active(true) {
|
||||
_active(true),
|
||||
_authenticationTimeout(0.0),
|
||||
_jwtSecretProgramOption("") {
|
||||
setOptional(false);
|
||||
startsAfter("BasicsPhase");
|
||||
|
||||
|
|
|
|||
|
|
@ -77,11 +77,11 @@ class AuthenticationFeature final
|
|||
std::unique_ptr<auth::TokenCache> _authCache;
|
||||
bool _authenticationUnixSockets;
|
||||
bool _authenticationSystemOnly;
|
||||
double _authenticationTimeout;
|
||||
bool _localAuthentication;
|
||||
bool _active;
|
||||
double _authenticationTimeout;
|
||||
|
||||
std::string _jwtSecretProgramOption;
|
||||
bool _active;
|
||||
|
||||
static AuthenticationFeature* INSTANCE;
|
||||
|
||||
|
|
|
|||
|
|
@ -214,7 +214,11 @@ GeneralCommTask::RequestFlow GeneralCommTask::prepareExecution(GeneralRequest& r
|
|||
// prevent guessing database names (issue #5030)
|
||||
auth::Level lvl = auth::Level::NONE;
|
||||
if (req.authenticated()) {
|
||||
lvl = _auth->userManager()->databaseAuthLevel(req.user(), req.databaseName());
|
||||
if (_auth->userManager() != nullptr) {
|
||||
lvl = _auth->userManager()->databaseAuthLevel(req.user(), req.databaseName());
|
||||
} else {
|
||||
lvl = auth::Level::RW;
|
||||
}
|
||||
}
|
||||
if (lvl == auth::Level::NONE) {
|
||||
addErrorResponse(rest::ResponseCode::UNAUTHORIZED, req.contentTypeResponse(),
|
||||
|
|
|
|||
|
|
@ -154,8 +154,13 @@ void RestAdminServerHandler::handleMode() {
|
|||
|
||||
AuthenticationFeature* af = AuthenticationFeature::instance();
|
||||
if (af->isEnabled() && !_request->user().empty()) {
|
||||
auth::Level lvl = af->userManager()->databaseAuthLevel(_request->user(),
|
||||
TRI_VOC_SYSTEM_DATABASE, /*configured*/true);
|
||||
auth::Level lvl = auth::Level::NONE;
|
||||
if (af->userManager() != nullptr) {
|
||||
lvl = af->userManager()->databaseAuthLevel(_request->user(),
|
||||
TRI_VOC_SYSTEM_DATABASE, /*configured*/true);
|
||||
} else {
|
||||
lvl = auth::Level::RW;
|
||||
}
|
||||
if (lvl < auth::Level::RW) {
|
||||
generateError(rest::ResponseCode::FORBIDDEN, TRI_ERROR_FORBIDDEN);
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -52,7 +52,12 @@ RestStatus RestShutdownHandler::execute() {
|
|||
|
||||
AuthenticationFeature* af = AuthenticationFeature::instance();
|
||||
if (af->isEnabled() && !_request->user().empty()) {
|
||||
auth::Level lvl = af->userManager()->databaseAuthLevel(_request->user(), "_system", /*configured*/true);
|
||||
auth::Level lvl = auth::Level::NONE;
|
||||
if (af->userManager() != nullptr) {
|
||||
lvl = af->userManager()->databaseAuthLevel(_request->user(), "_system", /*configured*/true);
|
||||
} else {
|
||||
lvl = auth::Level::RW;
|
||||
}
|
||||
if (lvl < auth::Level::RW) {
|
||||
generateError(rest::ResponseCode::FORBIDDEN, TRI_ERROR_HTTP_FORBIDDEN,
|
||||
"you need admin rights to trigger shutdown");
|
||||
|
|
|
|||
|
|
@ -52,6 +52,9 @@ ExecContext* ExecContext::create(std::string const& user,
|
|||
if (af->isActive()) {
|
||||
auth::UserManager* um = af->userManager();
|
||||
TRI_ASSERT(um != nullptr);
|
||||
if (um == nullptr) {
|
||||
THROW_ARANGO_EXCEPTION_MESSAGE(TRI_ERROR_INTERNAL, "unable to find userManager instance");
|
||||
}
|
||||
dbLvl = sysLvl = um->databaseAuthLevel(user, dbname);
|
||||
if (dbname != TRI_VOC_SYSTEM_DATABASE) {
|
||||
sysLvl = um->databaseAuthLevel(user, TRI_VOC_SYSTEM_DATABASE);
|
||||
|
|
@ -70,7 +73,12 @@ bool ExecContext::canUseDatabase(std::string const& db,
|
|||
AuthenticationFeature* af = AuthenticationFeature::instance();
|
||||
TRI_ASSERT(af != nullptr);
|
||||
if (af->isActive()) {
|
||||
auth::Level allowed = af->userManager()->databaseAuthLevel(_user, db);
|
||||
auth::UserManager* um = af->userManager();
|
||||
TRI_ASSERT(um != nullptr);
|
||||
if (um == nullptr) {
|
||||
THROW_ARANGO_EXCEPTION_MESSAGE(TRI_ERROR_INTERNAL, "unable to find userManager instance");
|
||||
}
|
||||
auth::Level allowed = um->databaseAuthLevel(_user, db);
|
||||
return requested <= allowed;
|
||||
}
|
||||
return true;
|
||||
|
|
@ -102,5 +110,8 @@ auth::Level ExecContext::collectionAuthLevel(std::string const& dbname,
|
|||
|
||||
auth::UserManager* um = af->userManager();
|
||||
TRI_ASSERT(um != nullptr);
|
||||
if (um == nullptr) {
|
||||
THROW_ARANGO_EXCEPTION_MESSAGE(TRI_ERROR_INTERNAL, "unable to find userManager instance");
|
||||
}
|
||||
return um->collectionAuthLevel(_user, dbname, coll);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -183,8 +183,12 @@ static void JS_UpdateUser(v8::FunctionCallbackInfo<v8::Value> const& args) {
|
|||
}
|
||||
}
|
||||
|
||||
AuthenticationFeature* af = AuthenticationFeature::instance();
|
||||
af->userManager()->updateUser(username, [&](auth::User& u) {
|
||||
auth::UserManager* um = AuthenticationFeature::instance()->userManager();
|
||||
if (um == nullptr) {
|
||||
TRI_V8_THROW_EXCEPTION_MESSAGE(TRI_ERROR_NOT_IMPLEMENTED,
|
||||
"users are not supported on this server");
|
||||
}
|
||||
um->updateUser(username, [&](auth::User& u) {
|
||||
if (args.Length() > 1 && args[1]->IsString()) {
|
||||
u.updatePassword(TRI_ObjectToString(args[1]));
|
||||
}
|
||||
|
|
@ -355,7 +359,6 @@ static void JS_GrantCollection(
|
|||
}
|
||||
|
||||
auth::UserManager* um = AuthenticationFeature::instance()->userManager();
|
||||
|
||||
if (um == nullptr) {
|
||||
TRI_V8_THROW_EXCEPTION_MESSAGE(TRI_ERROR_NOT_IMPLEMENTED,
|
||||
"user are not supported on this server");
|
||||
|
|
|
|||
Loading…
Reference in New Issue