dmlite  0.6
authn.h
Go to the documentation of this file.
1 /// @file include/dmlite/cpp/authn.h
2 /// @brief Authentication API. Any sort of security check is plugin-specific.
3 /// @author Alejandro Álvarez Ayllón <aalvarez@cern.ch>
4 #ifndef DMLITE_CPP_AUTHN_H
5 #define DMLITE_CPP_AUTHN_H
6 
7 #include "dmlite/common/config.h"
8 #include "base.h"
9 #include "exceptions.h"
10 #include "utils/extensible.h"
11 #include "utils/logger.h"
12 
13 #include <string>
14 #include <vector>
15 
16 namespace dmlite {
17 
18  // Forward declarations.
19  class PluginManager;
20  class StackInstance;
21 
22  /// Security credentials. To be filled by the front-end.
24  public:
25  std::string mech;
26  std::string clientName;
27  std::string remoteAddress;
28  std::string sessionId;
29 
30  // These fields may come from openid-connect
31  std::string oidc_audience;
32  std::string oidc_issuer;
33  std::string oidc_scope;
34 
35  std::vector<std::string> fqans;
36 
37  bool operator == (const SecurityCredentials&) const;
38  bool operator != (const SecurityCredentials&) const;
39  bool operator < (const SecurityCredentials&) const;
40  bool operator > (const SecurityCredentials&) const;
41  };
42 
43  /// User information.
44  /// To be filled by the Authn plugin with whichever data
45  /// it is needed. (i.e. uid for LCGDM Adapter)
46  /// To be used by other plugins whenever they need it.
47  /// IMPORTANT: This means plugins must be compatible with the Authn
48  /// put in charge of security.
49  class UserInfo: public Extensible {
50  public:
51  std::string name;
52 
53  bool operator == (const UserInfo&) const;
54  bool operator != (const UserInfo&) const;
55  bool operator < (const UserInfo&) const;
56  bool operator > (const UserInfo&) const;
57  };
58 
59  /// Group information
60  /// See UserInfo
61  class GroupInfo: public Extensible {
62  public:
63  std::string name;
64 
65  bool operator == (const GroupInfo&) const;
66  bool operator != (const GroupInfo&) const;
67  bool operator < (const GroupInfo&) const;
68  bool operator > (const GroupInfo&) const;
69  };
70 
71 
72  /// Security context. To be created by the Authn.
74  public:
76 
78  const UserInfo& u,
79  std::vector<GroupInfo>& g):
80  credentials(c), user(u), groups(g) {}
81 
83 
85  std::vector<GroupInfo> groups;
86 
87  const std::string prettystring() {
88  std::string r;
89  r += SSTR("user: " << user.name << "(" << user.getLong("uid") << "," << user.getLong("banned", 0) << ") groups: '");
90  for (std::vector<GroupInfo>::iterator i = groups.begin(); i != groups.end(); i++) {
91  if (r.length()) r.append(",");
92 
93  r.append( SSTR( i->name << "(" << i->getLong("gid", -1) << "," << i->getLong("banned", 0) << ")") );
94 
95  }
96 
97  r += "'";
98  return r;
99  }
100 
101  // We store here a sort of little log of the authorization phase
102  // This is supposed to describe why a user has been denied access (or granted)
103  // And it's supposed to be easy to pass around.
104  std::string AuthNprocessing_msg;
105 
106 
107  void AuthNprocessing_append(const char *str) {
108  std::string s(str);
109 
110  if (AuthNprocessing_msg.length() > 0)
111  AuthNprocessing_msg.append(" - ");
112 
113  AuthNprocessing_msg += s;
114  };
115 
116 
117  bool operator == (const SecurityContext&) const;
118  bool operator != (const SecurityContext&) const;
119  bool operator < (const SecurityContext&) const;
120  bool operator > (const SecurityContext&) const;
121  };
122 
123 
124 
125  /// User and group handling.
126  ///@note This is the only interface not inheriting from BaseInterface.
127  class Authn {
128  public:
129  /// Destructor
130  virtual ~Authn();
131 
132  /// String ID of the user DB implementation.
133  virtual std::string getImplId(void) const throw() = 0;
134 
135  /// Create a security context from the credentials.
136  /// @param cred The security credentials.
137  /// @return A newly created SecurityContext.
139 
140  /// Create a default security context.
141  /// @return A newly created SecurityContext.
142  virtual SecurityContext* createSecurityContext(void) ;
143 
144  /// Create a new group.
145  /// @param groupName The group name.
146  /// @return The new group.
147  virtual GroupInfo newGroup(const std::string& groupName) ;
148 
149  /// Get a specific group.
150  /// @param groupName The group name.
151  /// @return The group.
152  virtual GroupInfo getGroup(const std::string& groupName) ;
153 
154  /// Get a specific group using an alternative key.
155  /// @param key The key name.
156  /// @param value They value to search for.
157  /// @return The group.
158  /// @note The implementation will throw an exception if the field
159  /// can not be used as key.
160  virtual GroupInfo getGroup(const std::string& key,
161  const boost::any& value) ;
162 
163  /// Get the group list.
164  virtual std::vector<GroupInfo> getGroups(void) ;
165 
166  /// Update group info. 'name' identify uniquely the group.
167  /// @param group The group metadata to update.
168  virtual void updateGroup(const GroupInfo& group) ;
169 
170  /// Delete a group.
171  virtual void deleteGroup(const std::string& groupName) ;
172 
173  /// Create a new user.
174  /// @param userName The user name.
175  /// @return The new user.
176  virtual UserInfo newUser(const std::string& userName) ;
177 
178  /// Get a specific user.
179  /// @param userName The user name.
180  /// @return The user.
181  virtual UserInfo getUser(const std::string& userName) ;
182 
183  /// Get a specific user using an alternative key.
184  /// @param key The key name.
185  /// @param value They value to search for.
186  /// @return The user.
187  /// @note The implementation will throw an exception if the field
188  /// can not be used as key.
189  virtual UserInfo getUser(const std::string& key,
190  const boost::any& value) ;
191 
192  /// Get the user list.
193  virtual std::vector<UserInfo> getUsers(void) ;
194 
195  /// Update user info. 'name' identify uniquely the user.
196  /// @param user The user metadata to update.
197  virtual void updateUser(const UserInfo& user) ;
198 
199  /// Delete a user.
200  virtual void deleteUser(const std::string& userName) ;
201 
202  /// Get the mapping of a user/group. Additionaly, new users and groups MAY
203  /// be created by the implementation.
204  /// @param userName The user name.
205  /// @param groupNames The different groups. Can be empty.
206  /// @param user Pointer to an UserInfo struct where to put the data.
207  /// @param groups Pointer to a vector where the group mapping will be put.
208  /// @note If groupNames is empty, grid mapfile will be used to retrieve the default group.
209  virtual void getIdMap(const std::string& userName,
210  const std::vector<std::string>& groupNames,
211  UserInfo* user,
212  std::vector<GroupInfo>* groups) ;
213  };
214 
215 
216  /// AuthnFactory
217  class AuthnFactory: public virtual BaseFactory {
218  public:
219  /// Destructor
220  virtual ~AuthnFactory();
221 
222  protected:
223  // Stack instance is allowed to instantiate Authn
224  friend class StackInstance;
225 
226  /// Children of AuthnFactory are allowed to instantiate too (decorator)
227  static Authn* createAuthn(AuthnFactory* factory,
228  PluginManager* pm) ;
229 
230  /// Instantiate a implementation of Authn
231  virtual Authn* createAuthn(PluginManager* pm) ;
232  };
233 
234 };
235 
236 #endif // DMLITE_CPP_AUTH_H
std::vector< std::string > fqans
Definition: authn.h:35
bool operator>(const UserInfo &) const
Security context. To be created by the Authn.
Definition: authn.h:73
virtual void updateUser(const UserInfo &user)
std::string clientName
Definition: authn.h:26
virtual GroupInfo getGroup(const std::string &groupName)
virtual std::string getImplId(void) const =0
String ID of the user DB implementation.
static Authn * createAuthn(AuthnFactory *factory, PluginManager *pm)
Children of AuthnFactory are allowed to instantiate too (decorator)
bool operator>(const SecurityContext &) const
bool operator!=(const GroupInfo &) const
virtual ~AuthnFactory()
Destructor.
SecurityContext(const SecurityCredentials &c, const UserInfo &u, std::vector< GroupInfo > &g)
Definition: authn.h:77
Definition: dmlite.h:161
bool operator>(const GroupInfo &) const
SecurityCredentials credentials
Definition: authn.h:82
virtual void deleteGroup(const std::string &groupName)
Delete a group.
bool operator<(const SecurityCredentials &) const
void AuthNprocessing_append(const char *str)
Definition: authn.h:107
std::string name
Definition: authn.h:63
long getLong(const std::string &key, long defaultValue=0) const
Gets an integer. May be able to perform some conversions.
CatalogInterface can only be instantiated through this class.
Definition: dmlite.h:42
Security credentials. To be filled by the front-end.
Definition: authn.h:23
std::string sessionId
Definition: authn.h:28
Definition: authn.h:127
std::vector< GroupInfo > groups
Definition: authn.h:85
bool operator<(const GroupInfo &) const
bool operator==(const SecurityCredentials &) const
std::string AuthNprocessing_msg
Definition: authn.h:104
bool operator!=(const SecurityCredentials &) const
bool operator>(const SecurityCredentials &) const
virtual UserInfo getUser(const std::string &userName)
bool operator==(const GroupInfo &) const
std::string oidc_audience
Definition: authn.h:31
AuthnFactory.
Definition: authn.h:217
virtual UserInfo newUser(const std::string &userName)
Exceptions used by the API.
bool operator!=(const UserInfo &) const
std::string oidc_issuer
Definition: authn.h:32
Base class for factories.
Definition: base.h:48
bool operator!=(const SecurityContext &) const
virtual ~Authn()
Destructor.
virtual void updateGroup(const GroupInfo &group)
virtual void deleteUser(const std::string &userName)
Delete a user.
virtual std::vector< UserInfo > getUsers(void)
Get the user list.
bool operator==(const UserInfo &) const
Extensible types (hold metadata).
virtual std::vector< GroupInfo > getGroups(void)
Get the group list.
std::string mech
Definition: authn.h:25
const std::string prettystring()
Definition: authn.h:87
Helpful typedef for KeyValue containers.
Definition: extensible.h:20
bool operator<(const SecurityContext &) const
Base interfaces.
bool operator==(const SecurityContext &) const
virtual SecurityContext * createSecurityContext(void)
std::string oidc_scope
Definition: authn.h:33
Definition: authn.h:49
SecurityContext()
Definition: authn.h:75
std::string name
Definition: authn.h:51
std::string remoteAddress
Definition: authn.h:27
UserInfo user
Definition: authn.h:84
virtual GroupInfo newGroup(const std::string &groupName)
Namespace for the dmlite C++ API.
Definition: authn.h:16
bool operator<(const UserInfo &) const
#define SSTR(message)
Definition: logger.h:51
Definition: authn.h:61
virtual void getIdMap(const std::string &userName, const std::vector< std::string > &groupNames, UserInfo *user, std::vector< GroupInfo > *groups)