diff --git a/plugins/database/src/db_plugin.cpp b/plugins/database/src/db_plugin.cpp index fb6d49ec14..963b4cbf0b 100644 --- a/plugins/database/src/db_plugin.cpp +++ b/plugins/database/src/db_plugin.cpp @@ -6596,9 +6596,7 @@ irods::error db_check_auth_op( expireTime = atoll( goodPwExpiry ); getNowStr( myTime ); - /* Check for PAM_AUTH type passwords */ - - if (const auto err = get_auth_config("authentication::pam_password", ac); !err.ok()) { + if (const auto err = get_auth_config("authentication", ac); !err.ok()) { log_db::error("Failed to get auth configuration. [{}]", err.result()); return err; } @@ -7095,7 +7093,7 @@ irods::error db_make_limited_pw_op( getNowStr( myTime ); auth_config ac{}; - if (const auto err = get_auth_config("authentication::native", ac); !err.ok()) { + if (const auto err = get_auth_config("authentication", ac); !err.ok()) { log_db::error("Failed to get auth configuration. [{}]", err.result()); return err; } @@ -7235,7 +7233,7 @@ auto db_update_pam_password_op(irods::plugin_context& _ctx, getNowStr( myTime ); auth_config ac{}; - if (const auto err = get_auth_config("authentication::pam_password", ac); !err.ok()) { + if (const auto err = get_auth_config("authentication", ac); !err.ok()) { log_db::error("Failed to get auth configuration. [{}]", err.result()); return err; } @@ -7573,7 +7571,7 @@ irods::error db_mod_user_op( if ( strncmp( _option, "rmPamPw", 9 ) == 0 ) { auth_config ac{}; - if (const auto err = get_auth_config("authentication::pam_password", ac); !err.ok()) { + if (const auto err = get_auth_config("authentication", ac); !err.ok()) { log_db::error("Failed to get auth configuration. [{}]", err.result()); return err; } diff --git a/scripts/irods/database_upgrade.py b/scripts/irods/database_upgrade.py index ea58f67c8b..fa296b94bc 100644 --- a/scripts/irods/database_upgrade.py +++ b/scripts/irods/database_upgrade.py @@ -175,10 +175,10 @@ def run_update(irods_config, cursor): 'password_max_time': str(pam_password_config.get('password_max_time', 1209600)) } - scheme_namespaces = ['authentication::pam_password', 'authentication::native'] + scheme_namespaces = ['authentication'] statement_str = "insert into R_GRID_CONFIGURATION (namespace, option_name, option_value) values ('{}','{}','{}');" # pam_password configurations for password lifetime have always been used with native authentication as well. - # The configurations are now separately configurable. + # The new configurations shall continue to configure both schemes, but under a more generic namespace. for scheme in scheme_namespaces: for option in password_config_dict: database_connect.execute_sql_statement(cursor, statement_str.format(scheme, option, password_config_dict[option])) diff --git a/scripts/irods/test/test_iadmin_set_grid_configuration.py b/scripts/irods/test/test_iadmin_set_grid_configuration.py index 07a198d0d8..3f6cfe0943 100644 --- a/scripts/irods/test/test_iadmin_set_grid_configuration.py +++ b/scripts/irods/test/test_iadmin_set_grid_configuration.py @@ -42,7 +42,7 @@ def test_nonexistent_namespace(self): f'Failed to get grid configuration for namespace [{bad_namespace}] and option [{option_name}] [ec=-808000]') def test_no_option_name(self): - namespace = 'authentication::native' + namespace = 'authentication' self.admin.assert_icommand( ['iadmin', 'get_grid_configuration', namespace], 'STDERR', 'Error: option name must be between 1 and 2699 characters.') @@ -51,7 +51,7 @@ def test_really_long_option_name(self): # The input buffer to set_grid_configuration_value API is only 2700 characters long. If a value of 2700 # characters or more is fed to the input struct for the set_pam_password_config API, packstruct gives an error. # iadmin will catch this case and show a slightly more presentable error, which is checked in this test. - namespace = 'authentication::native' + namespace = 'authentication' really_long_option_name = 'this_is_27_characters_long_' * 100 self.admin.assert_icommand( @@ -59,7 +59,7 @@ def test_really_long_option_name(self): 'STDERR', 'Error: option name must be between 1 and 2699 characters.') def test_nonexistent_option_name(self): - namespace = 'authentication::native' + namespace = 'authentication' bad_option_name = 'nopes' self.admin.assert_icommand( @@ -67,7 +67,7 @@ def test_nonexistent_option_name(self): f'Failed to get grid configuration for namespace [{namespace}] and option [{bad_option_name}] [ec=-808000]') def test_get_grid_configuration_valid(self): - namespace = 'authentication::native' + namespace = 'authentication' option_name = 'password_max_time' # Assert that a value is returned and that there are no errors. @@ -112,7 +112,7 @@ def test_nonexistent_namespace(self): f'Failed to set grid configuration for namespace [{bad_namespace}] and option [{option_name}] [ec=-808000]') def test_no_option_name(self): - namespace = 'authentication::native' + namespace = 'authentication' self.admin.assert_icommand( ['iadmin', 'set_grid_configuration', namespace], 'STDERR', 'Error: option name must be between 1 and 2699 characters.') @@ -121,7 +121,7 @@ def test_really_long_option_name(self): # The input buffer to set_grid_configuration_value API is only 2700 characters long. If a value of 2700 # characters or more is fed to the input struct for the set_pam_password_config API, packstruct gives an error. # iadmin will catch this case and show a slightly more presentable error, which is checked in this test. - namespace = 'authentication::native' + namespace = 'authentication' really_long_option_name = 'this_is_27_characters_long_' * 100 option_value = '1000' @@ -130,7 +130,7 @@ def test_really_long_option_name(self): 'STDERR', 'Error: option name must be between 1 and 2699 characters.') def test_nonexistent_option_name(self): - namespace = 'authentication::native' + namespace = 'authentication' bad_option_name = 'nopes' option_value = '1000' @@ -139,14 +139,14 @@ def test_nonexistent_option_name(self): f'Failed to set grid configuration for namespace [{namespace}] and option [{bad_option_name}] [ec=-808000]') def test_no_option_value(self): - namespace = 'authentication::native' + namespace = 'authentication' option_name = 'password_max_time' self.admin.assert_icommand( ['iadmin', 'set_grid_configuration', namespace, option_name], 'STDERR', 'Error: option value must be between 1 and 2699 characters.') def test_really_long_option_value(self): - namespace = 'authentication::native' + namespace = 'authentication' option_name = 'password_max_time' # The input buffer to set_grid_configuration_value API is only 2700 characters long. If a value of 2700 @@ -167,7 +167,7 @@ def test_really_long_option_value(self): self.admin.assert_icommand(['iadmin', 'get_grid_configuration', namespace, option_name], 'STDOUT')[1]) def test_set_grid_configuration_valid(self): - namespace = 'authentication::native' + namespace = 'authentication' option_name = 'password_max_time' original_value = self.admin.assert_icommand( @@ -188,7 +188,7 @@ def test_set_grid_configuration_valid(self): self.admin.run_icommand(['iadmin', 'set_grid_configuration', namespace, option_name, original_value]) def test_set_invalid_grid_configuration_with_option_name_that_is_protected_in_another_namespace(self): - namespace = 'authentication::native' + namespace = 'authentication' option_name = 'schema_version' # Make sure this namespace doesn't have the option_name used in the test... @@ -274,7 +274,7 @@ def test_set_delay_server_namespace_is_protected_even_with_invalid_option_name(s def test_set_delay_server_namespace_is_protected_even_with_option_name_from_unprotected_namespaces(self): namespace = 'delay_server' - other_namespace = 'authentication::native' + other_namespace = 'authentication' option_name = 'password_max_time' option_value = 'shenanigans!'