XRootD
Loading...
Searching...
No Matches
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1
2#include <string>
3#include <memory>
4#include <stdexcept>
5#include <vector>
6
8
9class XrdOucEnv;
10class XrdOucStream;
11class XrdSecEntity;
12class XrdAccAuthorize;
13
14namespace Macaroons {
15
16enum LogMask {
17 Debug = 0x01,
18 Info = 0x02,
19 Warning = 0x04,
20 Error = 0x08,
21 All = 0xff
22};
23
24// 'Normalize' the macaroon path. This only takes care of double slashes
25// but, as is common in XRootD, it doesn't treat these as a hierarchy.
26// For example, these result in the same path:
27//
28// /foo/bar -> /foo/bar
29// //foo////bar -> /foo/bar
30//
31// These are all distinct:
32//
33// /foo/bar -> /foo/bar
34// /foo/bar/ -> /foo/bar/
35// /foo/baz//../bar -> /foo/baz/../bar
36//
37std::string NormalizeSlashes(const std::string &);
38
39class Handler : public XrdHttpExtHandler {
40public:
41 Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
42 XrdAccAuthorize *chain) :
43 m_max_duration(86400),
44 m_chain(chain),
45 m_log(log)
46 {
47 AuthzBehavior behavior;
48 if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
49 {
50 throw std::runtime_error("Macaroon handler config failed.");
51 }
52 }
53
57 DENY
58 };
59
60 virtual ~Handler();
61
62 virtual bool MatchesPath(const char *verb, const char *path) override;
63 virtual int ProcessReq(XrdHttpExtReq &req) override;
64
65 virtual int Init(const char *cfgfile) override {return 0;}
66
67 // Static configuration method; made static to allow Authz object to reuse
68 // this code.
69 static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
70 std::string &location, std::string &secret, ssize_t &max_duration,
71 AuthzBehavior &behavior);
72
73private:
74 std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
75 std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
76
77 int ProcessOAuthConfig(XrdHttpExtReq &req);
78 int ProcessTokenRequest(XrdHttpExtReq& req);
79 int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
80
81 static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
82 static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
83 static bool xtrace(XrdOucStream &Config, XrdSysError *log);
84 static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
85
86 ssize_t m_max_duration;
87 XrdAccAuthorize *m_chain;
88 XrdSysError *m_log;
89 std::string m_location;
90 std::string m_secret;
91};
92
93}
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
virtual int ProcessReq(XrdHttpExtReq &req) override
std::string NormalizeSlashes(const std::string &)