xrootd
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1 
2 #include <string>
3 #include <memory>
4 #include <stdexcept>
5 #include <vector>
6 
8 
9 class XrdOucEnv;
10 class XrdOucStream;
11 class XrdSecEntity;
12 class XrdAccAuthorize;
13 
14 namespace Macaroons {
15 
16 enum LogMask {
17  Debug = 0x01,
18  Info = 0x02,
19  Warning = 0x04,
20  Error = 0x08,
21  All = 0xff
22 };
23 
24 // 'Normalize' the macaroon path. This only takes care of double slashes
25 // but, as is common in XRootD, it doesn't treat these as a hierarchy.
26 // For example, these result in the same path:
27 //
28 // /foo/bar -> /foo/bar
29 // //foo////bar -> /foo/bar
30 //
31 // These are all distinct:
32 //
33 // /foo/bar -> /foo/bar
34 // /foo/bar/ -> /foo/bar/
35 // /foo/baz//../bar -> /foo/baz/../bar
36 //
37 std::string NormalizeSlashes(const std::string &);
38 
39 class Handler : public XrdHttpExtHandler {
40 public:
41  Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
42  XrdAccAuthorize *chain) :
43  m_max_duration(86400),
44  m_chain(chain),
45  m_log(log)
46  {
47  AuthzBehavior behavior;
48  if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
49  {
50  throw std::runtime_error("Macaroon handler config failed.");
51  }
52  }
53 
58  };
59 
60  virtual ~Handler();
61 
62  virtual bool MatchesPath(const char *verb, const char *path) override;
63  virtual int ProcessReq(XrdHttpExtReq &req) override;
64 
65  virtual int Init(const char *cfgfile) override {return 0;}
66 
67  // Static configuration method; made static to allow Authz object to reuse
68  // this code.
69  static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
70  std::string &location, std::string &secret, ssize_t &max_duration,
71  AuthzBehavior &behavior);
72 
73 private:
74  std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
75  std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
76 
79  int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
80 
81  static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
82  static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
83  static bool xtrace(XrdOucStream &Config, XrdSysError *log);
84  static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
85 
86  ssize_t m_max_duration;
89  std::string m_location;
90  std::string m_secret;
91 };
92 
93 }
Definition: XrdMacaroonsHandler.hh:57
Definition: XrdMacaroonsAuthz.hh:8
XrdAccAuthorize * m_chain
Definition: XrdMacaroonsHandler.hh:87
virtual int ProcessReq(XrdHttpExtReq &req) override
Definition: XrdOucStream.hh:46
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition: XrdMacaroonsHandler.hh:41
ssize_t m_max_duration
Definition: XrdMacaroonsHandler.hh:86
Definition: XrdMacaroonsHandler.hh:55
Definition: XrdAccAuthorize.hh:65
Definition: XrdSysError.hh:89
static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location)
Definition: XrdMacaroonsHandler.hh:39
LogMask
Definition: XrdMacaroonsHandler.hh:16
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Definition: XrdMacaroonsHandler.hh:21
int ProcessTokenRequest(XrdHttpExtReq &req)
Definition: XrdOucEnv.hh:41
static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration)
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
AuthzBehavior
Definition: XrdMacaroonsHandler.hh:54
Definition: XrdHttpExtHandler.hh:79
static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret)
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition: XrdMacaroonsHandler.hh:65
std::string m_secret
Definition: XrdMacaroonsHandler.hh:90
std::string m_location
Definition: XrdMacaroonsHandler.hh:89
int GenerateMacaroonResponse(XrdHttpExtReq &req, const std::string &response, const std::vector< std::string > &, ssize_t validity, bool oauth_response)
Definition: XrdMacaroonsHandler.hh:20
std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const
Definition: XrdMacaroonsHandler.hh:19
std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector< std::string > &, const std::string &)
XrdSysError * m_log
Definition: XrdMacaroonsHandler.hh:88
Definition: XrdMacaroonsHandler.hh:18
Definition: XrdSecEntity.hh:63
Definition: XrdMacaroonsHandler.hh:17
static bool xtrace(XrdOucStream &Config, XrdSysError *log)
Definition: XrdMacaroonsHandler.hh:56
Definition: XrdHttpExtHandler.hh:45
int ProcessOAuthConfig(XrdHttpExtReq &req)
std::string NormalizeSlashes(const std::string &)