dmlite  0.6
authn.h
Go to the documentation of this file.
1 /// @file include/dmlite/cpp/authn.h
2 /// @brief Authentication API. Any sort of security check is plugin-specific.
3 /// @author Alejandro Álvarez Ayllón <aalvarez@cern.ch>
4 #ifndef DMLITE_CPP_AUTHN_H
5 #define DMLITE_CPP_AUTHN_H
6 
7 #include "dmlite/common/config.h"
8 #include "base.h"
9 #include "exceptions.h"
10 #include "utils/extensible.h"
11 
12 #include <string>
13 #include <vector>
14 
15 namespace dmlite {
16 
17  // Forward declarations.
18  class PluginManager;
19  class StackInstance;
20 
21  /// Security credentials. To be filled by the front-end.
23  std::string mech;
24  std::string clientName;
25  std::string remoteAddress;
26  std::string sessionId;
27 
28  std::vector<std::string> fqans;
29 
30  bool operator == (const SecurityCredentials&) const;
31  bool operator != (const SecurityCredentials&) const;
32  bool operator < (const SecurityCredentials&) const;
33  bool operator > (const SecurityCredentials&) const;
34  };
35 
36  /// User information.
37  /// To be filled by the Authn plugin with whichever data
38  /// it is needed. (i.e. uid for LCGDM Adapter)
39  /// To be used by other plugins whenever they need it.
40  /// IMPORTANT: This means plugins must be compatible with the Authn
41  /// put in charge of security.
42  struct UserInfo: public Extensible {
43  std::string name;
44 
45  bool operator == (const UserInfo&) const;
46  bool operator != (const UserInfo&) const;
47  bool operator < (const UserInfo&) const;
48  bool operator > (const UserInfo&) const;
49  };
50 
51  /// Group information
52  /// See UserInfo
53  struct GroupInfo: public Extensible {
54  std::string name;
55 
56  bool operator == (const GroupInfo&) const;
57  bool operator != (const GroupInfo&) const;
58  bool operator < (const GroupInfo&) const;
59  bool operator > (const GroupInfo&) const;
60  };
61 
62 
63  /// Security context. To be created by the Authn.
64  struct SecurityContext {
66 
68  const UserInfo& u,
69  std::vector<GroupInfo>& g):
70  credentials(c), user(u), groups(g) {}
71 
73 
75  std::vector<GroupInfo> groups;
76 
77  bool operator == (const SecurityContext&) const;
78  bool operator != (const SecurityContext&) const;
79  bool operator < (const SecurityContext&) const;
80  bool operator > (const SecurityContext&) const;
81  };
82 
83 
84 
85  /// User and group handling.
86  ///@note This is the only interface not inheriting from BaseInterface.
87  class Authn {
88  public:
89  /// Destructor
90  virtual ~Authn();
91 
92  /// String ID of the user DB implementation.
93  virtual std::string getImplId(void) const throw() = 0;
94 
95  /// Create a security context from the credentials.
96  /// @param cred The security credentials.
97  /// @return A newly created SecurityContext.
99 
100  /// Create a default security context.
101  /// @return A newly created SecurityContext.
102  virtual SecurityContext* createSecurityContext(void) throw (DmException);
103 
104  /// Create a new group.
105  /// @param groupName The group name.
106  /// @return The new group.
107  virtual GroupInfo newGroup(const std::string& groupName) throw (DmException);
108 
109  /// Get a specific group.
110  /// @param groupName The group name.
111  /// @return The group.
112  virtual GroupInfo getGroup(const std::string& groupName) throw (DmException);
113 
114  /// Get a specific group using an alternative key.
115  /// @param key The key name.
116  /// @param value They value to search for.
117  /// @return The group.
118  /// @note The implementation will throw an exception if the field
119  /// can not be used as key.
120  virtual GroupInfo getGroup(const std::string& key,
121  const boost::any& value) throw (DmException);
122 
123  /// Get the group list.
124  virtual std::vector<GroupInfo> getGroups(void) throw (DmException);
125 
126  /// Update group info. 'name' identify uniquely the group.
127  /// @param group The group metadata to update.
128  virtual void updateGroup(const GroupInfo& group) throw (DmException);
129 
130  /// Delete a group.
131  virtual void deleteGroup(const std::string& groupName) throw (DmException);
132 
133  /// Create a new user.
134  /// @param userName The user name.
135  /// @return The new user.
136  virtual UserInfo newUser(const std::string& userName) throw (DmException);
137 
138  /// Get a specific user.
139  /// @param userName The user name.
140  /// @return The user.
141  virtual UserInfo getUser(const std::string& userName) throw (DmException);
142 
143  /// Get a specific user using an alternative key.
144  /// @param key The key name.
145  /// @param value They value to search for.
146  /// @return The user.
147  /// @note The implementation will throw an exception if the field
148  /// can not be used as key.
149  virtual UserInfo getUser(const std::string& key,
150  const boost::any& value) throw (DmException);
151 
152  /// Get the user list.
153  virtual std::vector<UserInfo> getUsers(void) throw (DmException);
154 
155  /// Update user info. 'name' identify uniquely the user.
156  /// @param user The user metadata to update.
157  virtual void updateUser(const UserInfo& user) throw (DmException);
158 
159  /// Delete a user.
160  virtual void deleteUser(const std::string& userName) throw (DmException);
161 
162  /// Get the mapping of a user/group. Additionaly, new users and groups MAY
163  /// be created by the implementation.
164  /// @param userName The user name.
165  /// @param groupNames The different groups. Can be empty.
166  /// @param user Pointer to an UserInfo struct where to put the data.
167  /// @param groups Pointer to a vector where the group mapping will be put.
168  /// @note If groupNames is empty, grid mapfile will be used to retrieve the default group.
169  virtual void getIdMap(const std::string& userName,
170  const std::vector<std::string>& groupNames,
171  UserInfo* user,
172  std::vector<GroupInfo>* groups) throw (DmException);
173  };
174 
175 
176  /// AuthnFactory
177  class AuthnFactory: public virtual BaseFactory {
178  public:
179  /// Destructor
180  virtual ~AuthnFactory();
181 
182  protected:
183  // Stack instance is allowed to instantiate Authn
184  friend class StackInstance;
185 
186  /// Children of AuthnFactory are allowed to instantiate too (decorator)
187  static Authn* createAuthn(AuthnFactory* factory,
188  PluginManager* pm) throw (DmException);
189 
190  /// Instantiate a implementation of Authn
191  virtual Authn* createAuthn(PluginManager* pm) throw (DmException);
192  };
193 
194 };
195 
196 #endif // DMLITE_CPP_AUTH_H
std::string remoteAddress
Definition: authn.h:25
virtual void updateUser(const UserInfo &user)
Definition: authn.h:42
bool operator<(const UserInfo &) const
bool operator<(const SecurityCredentials &) const
bool operator==(const UserInfo &) const
std::string name
Definition: authn.h:43
std::vector< std::string > fqans
Definition: authn.h:28
virtual GroupInfo getGroup(const std::string &groupName)
virtual std::string getImplId(void) const =0
String ID of the user DB implementation.
static Authn * createAuthn(AuthnFactory *factory, PluginManager *pm)
Children of AuthnFactory are allowed to instantiate too (decorator)
bool operator!=(const SecurityContext &) const
bool operator<(const SecurityContext &) const
virtual ~AuthnFactory()
Destructor.
Definition: dmlite.h:161
bool operator!=(const SecurityCredentials &) const
SecurityContext()
Definition: authn.h:65
virtual void deleteGroup(const std::string &groupName)
Delete a group.
bool operator==(const SecurityCredentials &) const
Security context. To be created by the Authn.
Definition: authn.h:64
Header generated by CMake with the build configuration used.
SecurityContext(const SecurityCredentials &c, const UserInfo &u, std::vector< GroupInfo > &g)
Definition: authn.h:67
Base exception class.
Definition: exceptions.h:17
std::string mech
Definition: authn.h:23
bool operator<(const GroupInfo &) const
CatalogInterface can only be instantiated through this class.
Definition: dmlite.h:42
bool operator>(const SecurityCredentials &) const
Definition: authn.h:87
bool operator!=(const UserInfo &) const
bool operator==(const SecurityContext &) const
bool operator>(const GroupInfo &) const
virtual UserInfo getUser(const std::string &userName)
bool operator!=(const GroupInfo &) const
bool operator>(const UserInfo &) const
AuthnFactory.
Definition: authn.h:177
virtual UserInfo newUser(const std::string &userName)
std::vector< GroupInfo > groups
Definition: authn.h:75
Exceptions used by the API.
UserInfo user
Definition: authn.h:74
Helpful typedef for KeyValue containers.
Definition: extensible.h:20
Base class for factories.
Definition: base.h:48
virtual ~Authn()
Destructor.
Definition: authn.h:53
bool operator==(const GroupInfo &) const
virtual void updateGroup(const GroupInfo &group)
SecurityCredentials credentials
Definition: authn.h:72
std::string clientName
Definition: authn.h:24
virtual void deleteUser(const std::string &userName)
Delete a user.
virtual std::vector< UserInfo > getUsers(void)
Get the user list.
Extensible types (hold metadata).
virtual std::vector< GroupInfo > getGroups(void)
Get the group list.
bool operator>(const SecurityContext &) const
Base interfaces.
std::string name
Definition: authn.h:54
virtual SecurityContext * createSecurityContext(void)
std::string sessionId
Definition: authn.h:26
Security credentials. To be filled by the front-end.
Definition: authn.h:22
virtual GroupInfo newGroup(const std::string &groupName)
virtual void getIdMap(const std::string &userName, const std::vector< std::string > &groupNames, UserInfo *user, std::vector< GroupInfo > *groups)