dmlite
0.6
|
00001 /// @file include/dmlite/cpp/authn.h 00002 /// @brief Authentication API. Any sort of security check is plugin-specific. 00003 /// @author Alejandro Álvarez Ayllón <aalvarez@cern.ch> 00004 #ifndef DMLITE_CPP_AUTHN_H 00005 #define DMLITE_CPP_AUTHN_H 00006 00007 #include "../common/config.h" 00008 #include "base.h" 00009 #include "exceptions.h" 00010 #include "utils/extensible.h" 00011 00012 #include <string> 00013 #include <vector> 00014 00015 namespace dmlite { 00016 00017 // Forward declarations. 00018 class PluginManager; 00019 class StackInstance; 00020 00021 /// Security credentials. To be filled by the front-end. 00022 struct SecurityCredentials: public Extensible { 00023 std::string mech; 00024 std::string clientName; 00025 std::string remoteAddress; 00026 std::string sessionId; 00027 00028 std::vector<std::string> fqans; 00029 00030 bool operator == (const SecurityCredentials&) const; 00031 bool operator != (const SecurityCredentials&) const; 00032 bool operator < (const SecurityCredentials&) const; 00033 bool operator > (const SecurityCredentials&) const; 00034 }; 00035 00036 /// User information. 00037 /// To be filled by the Authn plugin with whichever data 00038 /// it is needed. (i.e. uid for LCGDM Adapter) 00039 /// To be used by other plugins whenever they need it. 00040 /// IMPORTANT: This means plugins must be compatible with the Authn 00041 /// put in charge of security. 00042 struct UserInfo: public Extensible { 00043 std::string name; 00044 00045 bool operator == (const UserInfo&) const; 00046 bool operator != (const UserInfo&) const; 00047 bool operator < (const UserInfo&) const; 00048 bool operator > (const UserInfo&) const; 00049 }; 00050 00051 /// Group information 00052 /// See UserInfo 00053 struct GroupInfo: public Extensible { 00054 std::string name; 00055 00056 bool operator == (const GroupInfo&) const; 00057 bool operator != (const GroupInfo&) const; 00058 bool operator < (const GroupInfo&) const; 00059 bool operator > (const GroupInfo&) const; 00060 }; 00061 00062 00063 /// Security context. To be created by the Authn. 00064 struct SecurityContext { 00065 SecurityContext() {} 00066 00067 SecurityContext(const SecurityCredentials& c, 00068 const UserInfo& u, 00069 std::vector<GroupInfo>& g): 00070 credentials(c), user(u), groups(g) {} 00071 00072 SecurityCredentials credentials; 00073 00074 UserInfo user; 00075 std::vector<GroupInfo> groups; 00076 00077 bool operator == (const SecurityContext&) const; 00078 bool operator != (const SecurityContext&) const; 00079 bool operator < (const SecurityContext&) const; 00080 bool operator > (const SecurityContext&) const; 00081 }; 00082 00083 00084 00085 /// User and group handling. 00086 ///@note This is the only interface not inheriting from BaseInterface. 00087 class Authn { 00088 public: 00089 /// Destructor 00090 virtual ~Authn(); 00091 00092 /// String ID of the user DB implementation. 00093 virtual std::string getImplId(void) const throw() = 0; 00094 00095 /// Create a security context from the credentials. 00096 /// @param cred The security credentials. 00097 /// @return A newly created SecurityContext. 00098 virtual SecurityContext* createSecurityContext(const SecurityCredentials& cred) throw (DmException); 00099 00100 /// Create a default security context. 00101 /// @return A newly created SecurityContext. 00102 virtual SecurityContext* createSecurityContext(void) throw (DmException); 00103 00104 /// Create a new group. 00105 /// @param groupName The group name. 00106 /// @return The new group. 00107 virtual GroupInfo newGroup(const std::string& groupName) throw (DmException); 00108 00109 /// Get a specific group. 00110 /// @param groupName The group name. 00111 /// @return The group. 00112 virtual GroupInfo getGroup(const std::string& groupName) throw (DmException); 00113 00114 /// Get a specific group using an alternative key. 00115 /// @param key The key name. 00116 /// @param value They value to search for. 00117 /// @return The group. 00118 /// @note The implementation will throw an exception if the field 00119 /// can not be used as key. 00120 virtual GroupInfo getGroup(const std::string& key, 00121 const boost::any& value) throw (DmException); 00122 00123 /// Get the group list. 00124 virtual std::vector<GroupInfo> getGroups(void) throw (DmException); 00125 00126 /// Update group info. 'name' identify uniquely the group. 00127 /// @param group The group metadata to update. 00128 virtual void updateGroup(const GroupInfo& group) throw (DmException); 00129 00130 /// Delete a group. 00131 virtual void deleteGroup(const std::string& groupName) throw (DmException); 00132 00133 /// Create a new user. 00134 /// @param userName The user name. 00135 /// @return The new user. 00136 virtual UserInfo newUser(const std::string& userName) throw (DmException); 00137 00138 /// Get a specific user. 00139 /// @param userName The user name. 00140 /// @return The user. 00141 virtual UserInfo getUser(const std::string& userName) throw (DmException); 00142 00143 /// Get a specific user using an alternative key. 00144 /// @param key The key name. 00145 /// @param value They value to search for. 00146 /// @return The user. 00147 /// @note The implementation will throw an exception if the field 00148 /// can not be used as key. 00149 virtual UserInfo getUser(const std::string& key, 00150 const boost::any& value) throw (DmException); 00151 00152 /// Get the user list. 00153 virtual std::vector<UserInfo> getUsers(void) throw (DmException); 00154 00155 /// Update user info. 'name' identify uniquely the user. 00156 /// @param user The user metadata to update. 00157 virtual void updateUser(const UserInfo& user) throw (DmException); 00158 00159 /// Delete a user. 00160 virtual void deleteUser(const std::string& userName) throw (DmException); 00161 00162 /// Get the mapping of a user/group. Additionaly, new users and groups MAY 00163 /// be created by the implementation. 00164 /// @param userName The user name. 00165 /// @param groupNames The different groups. Can be empty. 00166 /// @param user Pointer to an UserInfo struct where to put the data. 00167 /// @param groups Pointer to a vector where the group mapping will be put. 00168 /// @note If groupNames is empty, grid mapfile will be used to retrieve the default group. 00169 virtual void getIdMap(const std::string& userName, 00170 const std::vector<std::string>& groupNames, 00171 UserInfo* user, 00172 std::vector<GroupInfo>* groups) throw (DmException); 00173 }; 00174 00175 00176 /// AuthnFactory 00177 class AuthnFactory: public virtual BaseFactory { 00178 public: 00179 /// Destructor 00180 virtual ~AuthnFactory(); 00181 00182 protected: 00183 // Stack instance is allowed to instantiate Authn 00184 friend class StackInstance; 00185 00186 /// Children of AuthnFactory are allowed to instantiate too (decorator) 00187 static Authn* createAuthn(AuthnFactory* factory, 00188 PluginManager* pm) throw (DmException); 00189 00190 /// Instantiate a implementation of Authn 00191 virtual Authn* createAuthn(PluginManager* pm) throw (DmException); 00192 }; 00193 00194 }; 00195 00196 #endif // DMLITE_CPP_AUTH_H