HPCC-31574 Add option in Dali LDAP support to ignore default file user

[kenrowland]

Added option to disable use of default user.
Deny access if no user provided and default user is not defined.
Do not automatically set user to authenticated.

Signed-Off-By: Kenneth Rowland [email protected]

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Cloud-compatibility
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Smoketest:

• Send notifications about my Pull Request position in Smoketest queue.
• Test my draft Pull Request.

Testing:

[github-actions]

Jira Issue: https://hpccsystems.atlassian.net//browse/HPCC-31574

Jirabot Action Result:
Workflow Transition: Merge Pending
Updated PR
Assigning user: [email protected]

[jakesmith]

I don't think this should be changed.
It was deliberate to treat calls to Dali getPermissions as from a trusted user.
See : https://hpccsystems.atlassian.net/browse/HPCC-22415

[kenrowland]

I made an update that sets a passed in user as authenticated, but forces authentication for the default user. Otherwise any user/pw combination would have access in these cases.

[jakesmith]

@kenrowland - looks good, but the user->setAuthenticateStatus(AS_AUTHENTICATED) was deliberate/shouldn't be changed in this PR.

[jakesmith]

minor: should this be above the if (disabledFileDefaultUser) so still useful when option on?

Also, I think it is already called before each call to this function in 1 context (in getPermissionsLDAP), that call should prob. be removed and just have 1 here. Not that it will make much difference as it only logs once per minute anyway.

[kenrowland]

I moved the logNullUser above the disable check. It would continue to be a good idea to have the information while we are analyzing each case. I did see it's called before this method is called as well. I am going assess what logging is best and make appropriate changes. Right now, more is probably better, and at only once per minute we should be OK until those changes are made.

changes made

[jakesmith]

@kenrowland - 1 minor comment, but looks good.

[jakesmith]

@kenrowland - please squash

[kenrowland]

@ghalliday Squashed and ready for merge.

[ghalliday]

minor: password is not used by the rest of the function.

[ghalliday]

@kenrowland one question

[ghalliday]

Is this really needed? What is it protecting against? The downside of using it is that the password needs to be included in the helm configuration - which is not secure.

[kenrowland]

The default files user is not currently included in our helm charts, so both the username and password are empty.

[kenrowland]

This change has the implication of essentially forcing containerized deployments to always provide a user. Currently, the default user is not included in our helm charts which results in an empty username. Since that user for all intents and purposes has no permissions granted, access falls back to default file permissions. The TFE cluster was operating with a setting that allowed all access to any authenticated user. Since the user was marked as authenticated (the empty user) all scope requests were granted. IMO this is clearly not how it should operate.

This change denies access if no user is provided and either no default user is defined or the flag disabling this support is set.

W/o changes to fix all null users or adding the default user to the helm chart, once this is merged, access requests w/o a user will be denied.