xrootd
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1 
2 #include <string>
3 #include <memory>
4 #include <stdexcept>
5 #include <vector>
6 
8 
9 class XrdOucEnv;
10 class XrdOucStream;
11 class XrdSecEntity;
12 class XrdAccAuthorize;
13 
14 namespace Macaroons {
15 
16 enum LogMask {
17  Debug = 0x01,
18  Info = 0x02,
19  Warning = 0x04,
20  Error = 0x08,
21  All = 0xff
22 };
23 
24 // 'Normalize' the macaroon path. This only takes care of double slashes
25 // but, as is common in XRootD, it doesn't treat these as a hierarchy.
26 // For example, these result in the same path:
27 //
28 // /foo/bar -> /foo/bar
29 // //foo////bar -> /foo/bar
30 //
31 // These are all distinct:
32 //
33 // /foo/bar -> /foo/bar
34 // /foo/bar/ -> /foo/bar/
35 // /foo/baz//../bar -> /foo/baz/../bar
36 //
37 std::string NormalizeSlashes(const std::string &);
38 
39 class Handler : public XrdHttpExtHandler {
40 public:
41  Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
42  XrdAccAuthorize *chain) :
43  m_max_duration(86400),
44  m_chain(chain),
45  m_log(log)
46  {
47  AuthzBehavior behavior;
48  if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
49  {
50  throw std::runtime_error("Macaroon handler config failed.");
51  }
52  }
53 
57  DENY
58  };
59 
60  virtual ~Handler();
61 
62  virtual bool MatchesPath(const char *verb, const char *path) override;
63  virtual int ProcessReq(XrdHttpExtReq &req) override;
64 
65  virtual int Init(const char *cfgfile) override {return 0;}
66 
67  // Static configuration method; made static to allow Authz object to reuse
68  // this code.
69  static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
70  std::string &location, std::string &secret, ssize_t &max_duration,
71  AuthzBehavior &behavior);
72 
73 private:
74  std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
75  std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
76 
79  int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
80 
81  static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
82  static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
83  static bool xtrace(XrdOucStream &Config, XrdSysError *log);
84  static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
85 
86  ssize_t m_max_duration;
89  std::string m_location;
90  std::string m_secret;
91 };
92 
93 }
Macaroons::Handler::xtrace
static bool xtrace(XrdOucStream &Config, XrdSysError *log)
Macaroons::Handler::DENY
@ DENY
Definition: XrdMacaroonsHandler.hh:57
Macaroons::Handler::ProcessReq
virtual int ProcessReq(XrdHttpExtReq &req) override
Macaroons::Handler
Definition: XrdMacaroonsHandler.hh:39
Macaroons::Handler::m_chain
XrdAccAuthorize * m_chain
Definition: XrdMacaroonsHandler.hh:87
Macaroons
Definition: XrdMacaroonsAuthz.hh:9
Macaroons::Error
@ Error
Definition: XrdMacaroonsHandler.hh:20
Macaroons::Handler::PASSTHROUGH
@ PASSTHROUGH
Definition: XrdMacaroonsHandler.hh:55
Macaroons::Handler::~Handler
virtual ~Handler()
Macaroons::Handler::m_max_duration
ssize_t m_max_duration
Definition: XrdMacaroonsHandler.hh:86
XrdHttpExtHandler
Definition: XrdHttpExtHandler.hh:79
Macaroons::Info
@ Info
Definition: XrdMacaroonsHandler.hh:18
Macaroons::Debug
@ Debug
Definition: XrdMacaroonsHandler.hh:17
XrdOucStream
Definition: XrdOucStream.hh:47
Macaroons::Warning
@ Warning
Definition: XrdMacaroonsHandler.hh:19
Macaroons::Handler::Handler
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition: XrdMacaroonsHandler.hh:41
Macaroons::Handler::xmaxduration
static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration)
XrdAccAuthorize
Definition: XrdAccAuthorize.hh:66
XrdHttpExtHandler.hh
XrdOucEnv
Definition: XrdOucEnv.hh:42
Macaroons::Handler::xsitename
static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location)
Macaroons::Handler::Config
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Macaroons::Handler::m_location
std::string m_location
Definition: XrdMacaroonsHandler.hh:89
Macaroons::Handler::ProcessTokenRequest
int ProcessTokenRequest(XrdHttpExtReq &req)
Macaroons::Handler::xsecretkey
static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret)
Macaroons::Handler::Init
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition: XrdMacaroonsHandler.hh:65
Macaroons::Handler::m_secret
std::string m_secret
Definition: XrdMacaroonsHandler.hh:90
Macaroons::LogMask
LogMask
Definition: XrdMacaroonsHandler.hh:16
Macaroons::Handler::GenerateMacaroonResponse
int GenerateMacaroonResponse(XrdHttpExtReq &req, const std::string &response, const std::vector< std::string > &, ssize_t validity, bool oauth_response)
Macaroons::Handler::MatchesPath
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
Macaroons::Handler::AuthzBehavior
AuthzBehavior
Definition: XrdMacaroonsHandler.hh:54
Macaroons::Handler::GenerateActivities
std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const
Macaroons::Handler::GenerateID
std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector< std::string > &, const std::string &)
XrdSecEntity
Definition: XrdSecEntity.hh:64
XrdHttpExtReq
Definition: XrdHttpExtHandler.hh:45
Macaroons::Handler::m_log
XrdSysError * m_log
Definition: XrdMacaroonsHandler.hh:88
Macaroons::Handler::ProcessOAuthConfig
int ProcessOAuthConfig(XrdHttpExtReq &req)
Macaroons::Handler::ALLOW
@ ALLOW
Definition: XrdMacaroonsHandler.hh:56
XrdSysError
Definition: XrdSysError.hh:90
Macaroons::All
@ All
Definition: XrdMacaroonsHandler.hh:21
Macaroons::NormalizeSlashes
std::string NormalizeSlashes(const std::string &)