xrootd
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1 
2 #include <string>
3 #include <memory>
4 #include <stdexcept>
5 #include <vector>
6 
8 
9 class XrdOucEnv;
10 class XrdOucStream;
11 class XrdSecEntity;
12 class XrdAccAuthorize;
13 
14 namespace Macaroons {
15 
16 enum LogMask {
17  Debug = 0x01,
18  Info = 0x02,
19  Warning = 0x04,
20  Error = 0x08,
21  All = 0xff
22 };
23 
24 class Handler : public XrdHttpExtHandler {
25 public:
26  Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
27  XrdAccAuthorize *chain) :
28  m_max_duration(86400),
29  m_chain(chain),
30  m_log(log)
31  {
32  AuthzBehavior behavior;
33  if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
34  {
35  throw std::runtime_error("Macaroon handler config failed.");
36  }
37  }
38 
42  DENY
43  };
44 
45  virtual ~Handler();
46 
47  virtual bool MatchesPath(const char *verb, const char *path) override;
48  virtual int ProcessReq(XrdHttpExtReq &req) override;
49 
50  virtual int Init(const char *cfgfile) override {return 0;}
51 
52  // Static configuration method; made static to allow Authz object to reuse
53  // this code.
54  static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
55  std::string &location, std::string &secret, ssize_t &max_duration,
56  AuthzBehavior &behavior);
57 
58 private:
59  std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
60  std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
61 
64  int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
65 
66  static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
67  static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
68  static bool xtrace(XrdOucStream &Config, XrdSysError *log);
69  static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
70 
71  ssize_t m_max_duration;
74  std::string m_location;
75  std::string m_secret;
76 };
77 
78 }
Macaroons::Handler::xtrace
static bool xtrace(XrdOucStream &Config, XrdSysError *log)
Macaroons::Handler::DENY
@ DENY
Definition: XrdMacaroonsHandler.hh:42
Macaroons::Handler::ProcessReq
virtual int ProcessReq(XrdHttpExtReq &req) override
Macaroons::Handler
Definition: XrdMacaroonsHandler.hh:24
Macaroons::Handler::m_chain
XrdAccAuthorize * m_chain
Definition: XrdMacaroonsHandler.hh:72
Macaroons
Definition: XrdMacaroonsAuthz.hh:9
Macaroons::Error
@ Error
Definition: XrdMacaroonsHandler.hh:20
Macaroons::Handler::PASSTHROUGH
@ PASSTHROUGH
Definition: XrdMacaroonsHandler.hh:40
Macaroons::Handler::~Handler
virtual ~Handler()
Macaroons::Handler::m_max_duration
ssize_t m_max_duration
Definition: XrdMacaroonsHandler.hh:71
XrdHttpExtHandler
Definition: XrdHttpExtHandler.hh:79
Macaroons::Info
@ Info
Definition: XrdMacaroonsHandler.hh:18
Macaroons::Debug
@ Debug
Definition: XrdMacaroonsHandler.hh:17
XrdOucStream
Definition: XrdOucStream.hh:46
Macaroons::Warning
@ Warning
Definition: XrdMacaroonsHandler.hh:19
Macaroons::Handler::Handler
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition: XrdMacaroonsHandler.hh:26
Macaroons::Handler::xmaxduration
static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration)
XrdAccAuthorize
Definition: XrdAccAuthorize.hh:65
XrdHttpExtHandler.hh
XrdOucEnv
Definition: XrdOucEnv.hh:42
Macaroons::Handler::xsitename
static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location)
Macaroons::Handler::Config
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Macaroons::Handler::m_location
std::string m_location
Definition: XrdMacaroonsHandler.hh:74
Macaroons::Handler::ProcessTokenRequest
int ProcessTokenRequest(XrdHttpExtReq &req)
Macaroons::Handler::xsecretkey
static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret)
Macaroons::Handler::Init
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition: XrdMacaroonsHandler.hh:50
Macaroons::Handler::m_secret
std::string m_secret
Definition: XrdMacaroonsHandler.hh:75
Macaroons::LogMask
LogMask
Definition: XrdMacaroonsHandler.hh:16
Macaroons::Handler::GenerateMacaroonResponse
int GenerateMacaroonResponse(XrdHttpExtReq &req, const std::string &response, const std::vector< std::string > &, ssize_t validity, bool oauth_response)
Macaroons::Handler::MatchesPath
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
Macaroons::Handler::AuthzBehavior
AuthzBehavior
Definition: XrdMacaroonsHandler.hh:39
Macaroons::Handler::GenerateActivities
std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const
Macaroons::Handler::GenerateID
std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector< std::string > &, const std::string &)
XrdSecEntity
Definition: XrdSecEntity.hh:52
XrdHttpExtReq
Definition: XrdHttpExtHandler.hh:45
Macaroons::Handler::m_log
XrdSysError * m_log
Definition: XrdMacaroonsHandler.hh:73
Macaroons::Handler::ProcessOAuthConfig
int ProcessOAuthConfig(XrdHttpExtReq &req)
Macaroons::Handler::ALLOW
@ ALLOW
Definition: XrdMacaroonsHandler.hh:41
XrdSysError
Definition: XrdSysError.hh:90
Macaroons::All
@ All
Definition: XrdMacaroonsHandler.hh:21