XRootD
XrdMacaroonsHandler.hh
Go to the documentation of this file.
1 #include "XrdHttp/XrdHttpExtHandler.hh"
2 #include "XrdMacaroonsUtils.hh"
3 
4 #include <memory>
5 #include <stdexcept>
6 #include <string>
7 #include <vector>
8 
9 class XrdAccAuthorize;
10 class XrdOucEnv;
11 class XrdOucStream;
12 class XrdSecEntity;
13 
14 namespace Macaroons {
15 
16 enum LogMask {
17  Debug = 0x01,
18  Info = 0x02,
19  Warning = 0x04,
20  Error = 0x08,
21  All = 0xff
22 };
23 
24 class Handler : public XrdHttpExtHandler {
25 public:
26  Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
27  XrdAccAuthorize *chain) :
28  m_max_duration(86400),
29  m_chain(chain),
30  m_log(log)
31  {
32  AuthzBehavior behavior;
33  if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
34  {
35  throw std::runtime_error("Macaroon handler config failed.");
36  }
37  }
38 
39  enum AuthzBehavior {
40  PASSTHROUGH,
41  ALLOW,
42  DENY
43  };
44 
45  virtual ~Handler();
46 
47  virtual bool MatchesPath(const char *verb, const char *path) override;
48  virtual int ProcessReq(XrdHttpExtReq &req) override;
49 
50  virtual int Init(const char *cfgfile) override {return 0;}
51 
52  // Static configuration method; made static to allow Authz object to reuse
53  // this code.
54  static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
55  std::string &location, std::string &secret, ssize_t &max_duration,
56  AuthzBehavior &behavior);
57 
58 private:
59  std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
60  std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
61 
62  int ProcessOAuthConfig(XrdHttpExtReq &req);
63  int ProcessTokenRequest(XrdHttpExtReq& req);
64  int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
65 
66  static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
67  static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
68  static bool xtrace(XrdOucStream &Config, XrdSysError *log);
69  static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
70 
71  ssize_t m_max_duration;
72  XrdAccAuthorize *m_chain;
73  XrdSysError *m_log;
74  std::string m_location;
75  std::string m_secret;
76 };
77 
78 } // namespace Macaroons
Macaroons::Handler::Config
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
Definition: XrdMacaroonsConfigure.cc:36
Macaroons::Handler::Handler
Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv, XrdAccAuthorize *chain)
Definition: XrdMacaroonsHandler.hh:26
Macaroons::Handler::Init
virtual int Init(const char *cfgfile) override
Initializes the external request handler.
Definition: XrdMacaroonsHandler.hh:50
Macaroons::Handler::MatchesPath
virtual bool MatchesPath(const char *verb, const char *path) override
Tells if the incoming path is recognized as one of the paths that have to be processed.
Definition: XrdMacaroonsHandler.cc:135
Macaroons::Handler::ProcessReq
virtual int ProcessReq(XrdHttpExtReq &req) override
Definition: XrdMacaroonsHandler.cc:291