Keep track of the authenticated external users

Build a map containing all of the authenticated external
users to avoid having to rebuild that by iterating over
all of the connections when requested

Change-Id: I2e7779214b9ecf4eebe8f3ec6b7c85a946f1b3bf
Reviewed-on: http://review.couchbase.org/100261
Tested-by: Build Bot <[email protected]>
Reviewed-by: Daniel Owen <[email protected]>

Author: trondn

daemon/CMakeLists.txt

@@ -126,8 +126,6 @@ ADD_LIBRARY(memcached_daemon STATIC
             protocol/mcbp/flush_command_context.h
             protocol/mcbp/gat_context.cc
             protocol/mcbp/gat_context.h
-            protocol/mcbp/get_active_external_users_command_context.cc
-            protocol/mcbp/get_active_external_users_command_context.h
             protocol/mcbp/get_cmd_timer_executor.cc
             protocol/mcbp/get_context.cc
             protocol/mcbp/get_context.h

daemon/connection.cc

@@ -19,6 +19,7 @@
 
 #include "buckets.h"
 #include "connections.h"
+#include "external_auth_manager_thread.h"
 #include "mc_time.h"
 #include "mcaudit.h"
 #include "memcached.h"
@@ -240,6 +241,9 @@ nlohmann::json Connection::toJSON() const {
 }
 
 void Connection::restartAuthentication() {
+    if (authenticated && domain == cb::sasl::Domain::External) {
+        externalAuthManager->logoff(username);
+    }
     sasl_conn.reset();
     internal = false;
     authenticated = false;
@@ -1274,6 +1278,10 @@ Connection::Connection(SOCKET sfd, event_base* b, const ListeningPort& ifc)
 }
 
 Connection::~Connection() {
+    if (authenticated && domain == cb::sasl::Domain::External) {
+        externalAuthManager->logoff(username);
+    }
+
     releaseReservedItems();
     for (auto* ptr : temp_alloc) {
         cb_free(ptr);

daemon/external_auth_manager_thread.cc

@@ -267,3 +267,43 @@ void ExternalAuthManagerThread::purgePendingDeadConnections() {
         mutex.lock();
     }
 }
+
+void ExternalAuthManagerThread::login(const std::string& user) {
+    activeUsers.login(user);
+}
+
+void ExternalAuthManagerThread::logoff(const std::string& user) {
+    activeUsers.logoff(user);
+}
+
+nlohmann::json ExternalAuthManagerThread::getActiveUsers() const {
+    return activeUsers.to_json();
+}
+
+void ExternalAuthManagerThread::ActiveUsers::login(const std::string& user) {
+    std::lock_guard<std::mutex> guard(mutex);
+    users[user]++;
+}
+
+void ExternalAuthManagerThread::ActiveUsers::logoff(const std::string& user) {
+    std::lock_guard<std::mutex> guard(mutex);
+    auto iter = users.find(user);
+    if (iter == users.end()) {
+        throw std::runtime_error("ActiveUsers::logoff: Failed to find user");
+    }
+    iter->second--;
+    if (iter->second == 0) {
+        users.erase(iter);
+    }
+}
+
+nlohmann::json ExternalAuthManagerThread::ActiveUsers::to_json() const {
+    std::lock_guard<std::mutex> guard(mutex);
+    auto ret = nlohmann::json::array();
+
+    for (const auto& entry : users) {
+        ret.push_back(entry.first);
+    }
+
+    return ret;
+}

daemon/external_auth_manager_thread.h

@@ -18,10 +18,9 @@
 #pragma once
 
 #include <mcbp/protocol/response.h>
-
+#include <mcbp/protocol/status.h>
+#include <nlohmann/json_fwd.hpp>
 #include <platform/thread.h>
-
-#include <include/mcbp/protocol/status.h>
 #include <gsl/gsl>
 #include <mutex>
 #include <queue>
@@ -46,6 +45,21 @@ class ExternalAuthManagerThread : public Couchbase::Thread {
     }
     ExternalAuthManagerThread(const ExternalAuthManagerThread&) = delete;
 
+    /**
+     * The named (external) user logged on to the system
+     */
+    void login(const std::string& user);
+
+    /**
+     * The named (external) user logged off the system
+     */
+    void logoff(const std::string& user);
+
+    /**
+     * Get the list of active users defined in the system
+     */
+    nlohmann::json getActiveUsers() const;
+
     /**
      * Add the provided connection to the list of available authentication
      * providers
@@ -166,6 +180,19 @@ class ExternalAuthManagerThread : public Couchbase::Thread {
     std::queue<std::unique_ptr<AuthResponse>> incommingResponse;
 
     std::vector<Connection*> pendingRemoveConnection;
+
+    class ActiveUsers {
+    public:
+        void login(const std::string& user);
+
+        void logoff(const std::string& user);
+
+        nlohmann::json to_json() const;
+
+    private:
+        mutable std::mutex mutex;
+        std::unordered_map<std::string, uint32_t> users;
+    } activeUsers;
 };
 
 extern std::unique_ptr<ExternalAuthManagerThread> externalAuthManager;

daemon/mcbp_executors.cc

@@ -39,7 +39,6 @@
 #include "protocol/mcbp/executors.h"
 #include "protocol/mcbp/flush_command_context.h"
 #include "protocol/mcbp/gat_context.h"
-#include "protocol/mcbp/get_active_external_users_command_context.h"
 #include "protocol/mcbp/get_context.h"
 #include "protocol/mcbp/get_locked_context.h"
 #include "protocol/mcbp/get_meta_context.h"
@@ -560,7 +559,13 @@ static void auth_provider_executor(Cookie& cookie) {
 }
 
 static void get_active_external_users_executor(Cookie& cookie) {
-    cookie.obtainContext<GetActiveExternalUsersCommandContext>(cookie).drive();
+    auto users = externalAuthManager->getActiveUsers().dump();
+    cookie.sendResponse(cb::mcbp::Status::Success,
+                        {},
+                        {},
+                        cb::const_char_buffer{users},
+                        cb::mcbp::Datatype::JSON,
+                        0);
 }
 
 static void no_support_executor(Cookie& cookie) {

daemon/protocol/mcbp/get_active_external_users_command_context.cc

@@ -117,6 +117,7 @@ void StartSaslAuthTask::externalAuthResponse(cb::mcbp::Status status,
 void StartSaslAuthTask::successfull_external_auth() {
     try {
         response.first = cb::sasl::Error::OK;
+        externalAuthManager->login(serverContext.getUsername());
         serverContext.setDomain(cb::sasl::Domain::External);
     } catch (const std::exception& e) {
         LOG_WARNING(R"({} successfull_external_auth() failed. UUID[{}] "{}")",