dmlite  0.4
authn.h
Go to the documentation of this file.
1 /// @file include/dmlite/cpp/authn.h
2 /// @brief Authentication API. Any sort of security check is plugin-specific.
3 /// @author Alejandro Álvarez Ayllón <aalvarez@cern.ch>
4 #ifndef DMLITE_CPP_AUTHN_H
5 #define DMLITE_CPP_AUTHN_H
6 
7 #include <string>
8 #include <vector>
9 #include "base.h"
10 #include "exceptions.h"
11 #include "utils/extensible.h"
12 
13 namespace dmlite {
14 
15  // Forward declarations.
16  class PluginManager;
17  class StackInstance;
18 
19  /// Security credentials. To be filled by the front-end.
21  std::string mech;
22  std::string clientName;
23  std::string remoteAddress;
24  std::string sessionId;
25 
26  std::vector<std::string> fqans;
27 
28  bool operator == (const SecurityCredentials&) const;
29  bool operator != (const SecurityCredentials&) const;
30  bool operator < (const SecurityCredentials&) const;
31  bool operator > (const SecurityCredentials&) const;
32  };
33 
34  /// User information.
35  /// To be filled by the Authn plugin with whichever data
36  /// it is needed. (i.e. uid for LCGDM Adapter)
37  /// To be used by other plugins whenever they need it.
38  /// IMPORTANT: This means plugins must be compatible with the Authn
39  /// put in charge of security.
40  struct UserInfo: public Extensible {
41  std::string name;
42 
43  bool operator == (const UserInfo&) const;
44  bool operator != (const UserInfo&) const;
45  bool operator < (const UserInfo&) const;
46  bool operator > (const UserInfo&) const;
47  };
48 
49  /// Group information
50  /// See UserInfo
51  struct GroupInfo: public Extensible {
52  std::string name;
53 
54  bool operator == (const GroupInfo&) const;
55  bool operator != (const GroupInfo&) const;
56  bool operator < (const GroupInfo&) const;
57  bool operator > (const GroupInfo&) const;
58  };
59 
60 
61  /// Security context. To be created by the Authn.
62  struct SecurityContext {
64 
66  const UserInfo& u,
67  std::vector<GroupInfo>& g):
68  credentials(c), user(u), groups(g) {}
69 
71 
73  std::vector<GroupInfo> groups;
74 
75  bool operator == (const SecurityContext&) const;
76  bool operator != (const SecurityContext&) const;
77  bool operator < (const SecurityContext&) const;
78  bool operator > (const SecurityContext&) const;
79  };
80 
81 
82 
83  /// User and group handling.
84  ///@note This is the only interface not inheriting from BaseInterface.
85  class Authn {
86  public:
87  /// Destructor
88  virtual ~Authn();
89 
90  /// String ID of the user DB implementation.
91  virtual std::string getImplId(void) const throw() = 0;
92 
93  /// Create a security context from the credentials.
94  /// @param cred The security credentials.
95  /// @return A newly created SecurityContext.
96  virtual SecurityContext* createSecurityContext(const SecurityCredentials& cred) throw (DmException) = 0;
97 
98  /// Create a new group.
99  /// @param groupName The group name.
100  /// @return The new group.
101  virtual GroupInfo newGroup(const std::string& groupName) throw (DmException) = 0;
102 
103  /// Get a specific group.
104  /// @param groupName The group name.
105  /// @return The group.
106  virtual GroupInfo getGroup(const std::string& groupName) throw (DmException) = 0;
107 
108  /// Get a specific group using an alternative key.
109  /// @param key The key name.
110  /// @param value They value to search for.
111  /// @return The group.
112  /// @note The implementation will throw an exception if the field
113  /// can not be used as key.
114  virtual GroupInfo getGroup(const std::string& key,
115  const boost::any& value) throw (DmException) = 0;
116 
117  /// Get the group list.
118  virtual std::vector<GroupInfo> getGroups(void) throw (DmException) = 0;
119 
120  /// Update group info. 'name' identify uniquely the group.
121  /// @param group The group metadata to update.
122  virtual void updateGroup(const GroupInfo& group) throw (DmException) = 0;
123 
124  /// Delete a group.
125  virtual void deleteGroup(const std::string& groupName) throw (DmException) = 0;
126 
127  /// Create a new user.
128  /// @param userName The user name.
129  /// @return The new user.
130  virtual UserInfo newUser(const std::string& userName) throw (DmException) = 0;
131 
132  /// Get a specific user.
133  /// @param userName The user name.
134  /// @return The user.
135  virtual UserInfo getUser(const std::string& userName) throw (DmException) = 0;
136 
137  /// Get a specific user using an alternative key.
138  /// @param key The key name.
139  /// @param value They value to search for.
140  /// @return The user.
141  /// @note The implementation will throw an exception if the field
142  /// can not be used as key.
143  virtual UserInfo getUser(const std::string& key,
144  const boost::any& value) throw (DmException) = 0;
145 
146  /// Get the user list.
147  virtual std::vector<UserInfo> getUsers(void) throw (DmException) = 0;
148 
149  /// Update user info. 'name' identify uniquely the user.
150  /// @param user The user metadata to update.
151  virtual void updateUser(const UserInfo& user) throw (DmException) = 0;
152 
153  /// Delete a user.
154  virtual void deleteUser(const std::string& userName) throw (DmException) = 0;
155 
156  /// Get the mapping of a user/group. Additionaly, new users and groups MAY
157  /// be created by the implementation.
158  /// @param userName The user name.
159  /// @param groupNames The different groups. Can be empty.
160  /// @param user Pointer to an UserInfo struct where to put the data.
161  /// @param groups Pointer to a vector where the group mapping will be put.
162  /// @note If groupNames is empty, grid mapfile will be used to retrieve the default group.
163  virtual void getIdMap(const std::string& userName,
164  const std::vector<std::string>& groupNames,
165  UserInfo* user,
166  std::vector<GroupInfo>* groups) throw (DmException) = 0;
167  };
168 
169 
170  /// AuthnFactory
171  class AuthnFactory: public virtual BaseFactory {
172  public:
173  /// Destructor
174  virtual ~AuthnFactory();
175 
176  protected:
177  // Stack instance is allowed to instantiate Authn
178  friend class StackInstance;
179 
180  /// Children of AuthnFactory are allowed to instantiate too (decorator)
181  static Authn* createAuthn(AuthnFactory* factory,
182  PluginManager* pm) throw (DmException);
183 
184  /// Instantiate a implementation of Authn
185  virtual Authn* createAuthn(PluginManager* pm) throw (DmException) = 0;
186  };
187 
188 };
189 
190 #endif // DMLITE_CPP_AUTH_H