XRootD
Loading...
Searching...
No Matches
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1#include "XrdHttp/XrdHttpExtHandler.hh"
2
3#include <memory>
4#include <stdexcept>
5#include <string>
6#include <vector>
7
8class XrdAccAuthorize;
9class XrdOucEnv;
10class XrdOucStream;
11class XrdSecEntity;
12
13namespace Macaroons {
14
15enum LogMask {
16 Debug = 0x01,
17 Info = 0x02,
18 Warning = 0x04,
19 Error = 0x08,
20 All = 0xff
21};
22
23// 'Normalize' the macaroon path. This only takes care of double slashes
24// but, as is common in XRootD, it doesn't treat these as a hierarchy.
25// For example, these result in the same path:
26//
27// /foo/bar -> /foo/bar
28// //foo////bar -> /foo/bar
29//
30// These are all distinct:
31//
32// /foo/bar -> /foo/bar
33// /foo/bar/ -> /foo/bar/
34// /foo/baz//../bar -> /foo/baz/../bar
35//
36std::string NormalizeSlashes(const std::string &);
37
38class Handler : public XrdHttpExtHandler {
39public:
40 Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
41 XrdAccAuthorize *chain) :
42 m_max_duration(86400),
43 m_chain(chain),
44 m_log(log)
45 {
46 AuthzBehavior behavior;
47 if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
48 {
49 throw std::runtime_error("Macaroon handler config failed.");
50 }
51 }
52
58
59 virtual ~Handler();
60
61 virtual bool MatchesPath(const char *verb, const char *path) override;
62 virtual int ProcessReq(XrdHttpExtReq &req) override;
63
64 virtual int Init(const char *cfgfile) override {return 0;}
65
66 // Static configuration method; made static to allow Authz object to reuse
67 // this code.
68 static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
69 std::string &location, std::string &secret, ssize_t &max_duration,
70 AuthzBehavior &behavior);
71
72private:
73 std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
74 std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
75
76 int ProcessOAuthConfig(XrdHttpExtReq &req);
77 int ProcessTokenRequest(XrdHttpExtReq& req);
78 int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
79
80 static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
81 static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
82 static bool xtrace(XrdOucStream &Config, XrdSysError *log);
83 static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
84
85 ssize_t m_max_duration;
86 XrdAccAuthorize *m_chain;
87 XrdSysError *m_log;
88 std::string m_location;
89 std::string m_secret;
90};
91
92} // namespace Macaroons
Macaroons::Handler::Config
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Definition XrdMacaroonsConfigure.cc:36
Macaroons::Handler::Handler
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition XrdMacaroonsHandler.hh:40
Macaroons::Handler::Init
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition XrdMacaroonsHandler.hh:64
Macaroons::Handler::MatchesPath
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
Definition XrdMacaroonsHandler.cc:200
Macaroons::Handler::ProcessReq
virtual int ProcessReq(XrdHttpExtReq &req) override
Definition XrdMacaroonsHandler.cc:356
XrdHttpExtHandler::XrdHttpExtHandler
XrdHttpExtHandler()
Constructor.
Definition XrdHttpExtHandler.hh:110
Macaroons::NormalizeSlashes
std::string NormalizeSlashes(const std::string &)
Definition XrdMacaroonsHandler.cc:53