xrootd
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1 
2 #include <string>
3 #include <memory>
4 #include <stdexcept>
5 #include <vector>
6 
8 
9 class XrdOucEnv;
10 class XrdOucStream;
11 class XrdSecEntity;
12 class XrdAccAuthorize;
13 
14 namespace Macaroons {
15 
16 enum LogMask {
17  Debug = 0x01,
18  Info = 0x02,
19  Warning = 0x04,
20  Error = 0x08,
21  All = 0xff
22 };
23 
24 class Handler : public XrdHttpExtHandler {
25 public:
26  Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
27  XrdAccAuthorize *chain) :
28  m_max_duration(86400),
29  m_chain(chain),
30  m_log(log)
31  {
32  AuthzBehavior behavior;
33  if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
34  {
35  throw std::runtime_error("Macaroon handler config failed.");
36  }
37  }
38 
42  DENY
43  };
44 
45  virtual ~Handler();
46 
47  virtual bool MatchesPath(const char *verb, const char *path) override;
48  virtual int ProcessReq(XrdHttpExtReq &req) override;
49 
50  virtual int Init(const char *cfgfile) override {return 0;}
51 
52  // Static configuration method; made static to allow Authz object to reuse
53  // this code.
54  static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
55  std::string &location, std::string &secret, ssize_t &max_duration,
56  AuthzBehavior &behavior);
57 
58 private:
59  std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
60  std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
61 
64  int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
65 
66  static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
67  static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
68  static bool xtrace(XrdOucStream &Config, XrdSysError *log);
69  static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
70 
71  ssize_t m_max_duration;
74  std::string m_location;
75  std::string m_secret;
76 };
77 
78 }
Definition: XrdMacaroonsHandler.hh:24
std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector< std::string > &, const std::string &)
std::string m_location
Definition: XrdMacaroonsHandler.hh:74
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition: XrdMacaroonsHandler.hh:26
ssize_t m_max_duration
Definition: XrdMacaroonsHandler.hh:71
static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret)
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition: XrdMacaroonsHandler.hh:50
AuthzBehavior
Definition: XrdMacaroonsHandler.hh:39
@ DENY
Definition: XrdMacaroonsHandler.hh:42
@ ALLOW
Definition: XrdMacaroonsHandler.hh:41
@ PASSTHROUGH
Definition: XrdMacaroonsHandler.hh:40
XrdAccAuthorize * m_chain
Definition: XrdMacaroonsHandler.hh:72
int ProcessOAuthConfig(XrdHttpExtReq &req)
XrdSysError * m_log
Definition: XrdMacaroonsHandler.hh:73
int GenerateMacaroonResponse(XrdHttpExtReq &req, const std::string &response, const std::vector< std::string > &, ssize_t validity, bool oauth_response)
static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration)
virtual int ProcessReq(XrdHttpExtReq &req) override
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
static bool xtrace(XrdOucStream &Config, XrdSysError *log)
std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const
static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location)
int ProcessTokenRequest(XrdHttpExtReq &req)
std::string m_secret
Definition: XrdMacaroonsHandler.hh:75
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
Definition: XrdAccAuthorize.hh:66
Definition: XrdHttpExtHandler.hh:79
Definition: XrdHttpExtHandler.hh:45
Definition: XrdOucEnv.hh:42
Definition: XrdOucStream.hh:47
Definition: XrdSecEntity.hh:64
Definition: XrdSysError.hh:90
Definition: XrdMacaroonsAuthz.hh:9
LogMask
Definition: XrdMacaroonsHandler.hh:16
@ Debug
Definition: XrdMacaroonsHandler.hh:17
@ Error
Definition: XrdMacaroonsHandler.hh:20
@ Info
Definition: XrdMacaroonsHandler.hh:18
@ Warning
Definition: XrdMacaroonsHandler.hh:19
@ All
Definition: XrdMacaroonsHandler.hh:21