XRootD
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1 #include "XrdHttp/XrdHttpExtHandler.hh"
2 
3 #include <memory>
4 #include <stdexcept>
5 #include <string>
6 #include <vector>
7 
8 class XrdAccAuthorize;
9 class XrdOucEnv;
10 class XrdOucStream;
11 class XrdSecEntity;
12 
13 namespace Macaroons {
14 
15 enum LogMask {
16  Debug = 0x01,
17  Info = 0x02,
18  Warning = 0x04,
19  Error = 0x08,
20  All = 0xff
21 };
22 
23 // 'Normalize' the macaroon path. This only takes care of double slashes
24 // but, as is common in XRootD, it doesn't treat these as a hierarchy.
25 // For example, these result in the same path:
26 //
27 // /foo/bar -> /foo/bar
28 // //foo////bar -> /foo/bar
29 //
30 // These are all distinct:
31 //
32 // /foo/bar -> /foo/bar
33 // /foo/bar/ -> /foo/bar/
34 // /foo/baz//../bar -> /foo/baz/../bar
35 //
36 std::string NormalizeSlashes(const std::string &);
37 
38 class Handler : public XrdHttpExtHandler {
39 public:
40  Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
41  XrdAccAuthorize *chain) :
42  m_max_duration(86400),
43  m_chain(chain),
44  m_log(log)
45  {
46  AuthzBehavior behavior;
47  if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
48  {
49  throw std::runtime_error("Macaroon handler config failed.");
50  }
51  }
52 
53  enum AuthzBehavior {
54  PASSTHROUGH,
55  ALLOW,
56  DENY
57  };
58 
59  virtual ~Handler();
60 
61  virtual bool MatchesPath(const char *verb, const char *path) override;
62  virtual int ProcessReq(XrdHttpExtReq &req) override;
63 
64  virtual int Init(const char *cfgfile) override {return 0;}
65 
66  // Static configuration method; made static to allow Authz object to reuse
67  // this code.
68  static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
69  std::string &location, std::string &secret, ssize_t &max_duration,
70  AuthzBehavior &behavior);
71 
72 private:
73  std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
74  std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
75 
76  int ProcessOAuthConfig(XrdHttpExtReq &req);
77  int ProcessTokenRequest(XrdHttpExtReq& req);
78  int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
79 
80  static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
81  static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
82  static bool xtrace(XrdOucStream &Config, XrdSysError *log);
83  static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
84 
85  ssize_t m_max_duration;
86  XrdAccAuthorize *m_chain;
87  XrdSysError *m_log;
88  std::string m_location;
89  std::string m_secret;
90 };
91 
92 } // namespace Macaroons
Macaroons::Handler::Config
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Definition: XrdMacaroonsConfigure.cc:36
Macaroons::Handler::Handler
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition: XrdMacaroonsHandler.hh:40
Macaroons::Handler::Init
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition: XrdMacaroonsHandler.hh:64
Macaroons::Handler::MatchesPath
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
Definition: XrdMacaroonsHandler.cc:200
Macaroons::Handler::ProcessReq
virtual int ProcessReq(XrdHttpExtReq &req) override
Definition: XrdMacaroonsHandler.cc:356
Macaroons::NormalizeSlashes
std::string NormalizeSlashes(const std::string &)
Definition: XrdMacaroonsHandler.cc:53