| Directory: | cvmfs/ |
|---|---|
| File: | cvmfs/authz/authz.h |
| Date: | 2025-02-09 02:34:19 |
| Exec | Total | Coverage | |
|---|---|---|---|
| Lines: | 4 | 4 | 100.0% |
| Branches: | 4 | 4 | 100.0% |
| Line | Branch | Exec | Source |
|---|---|---|---|
| 1 | /** | ||
| 2 | * This file is part of the CernVM File System. | ||
| 3 | * | ||
| 4 | * Shared data structures for client-side authorization. | ||
| 5 | */ | ||
| 6 | |||
| 7 | #ifndef CVMFS_AUTHZ_AUTHZ_H_ | ||
| 8 | #define CVMFS_AUTHZ_AUTHZ_H_ | ||
| 9 | |||
| 10 | #include <inttypes.h> | ||
| 11 | |||
| 12 | #include <string> | ||
| 13 | |||
| 14 | /** | ||
| 15 | * X.509 certificates are needed by the download manager to authenticate the | ||
| 16 | * user. Other credential types might be added in the future. | ||
| 17 | */ | ||
| 18 | enum AuthzTokenType { | ||
| 19 | kTokenUnknown = 0, | ||
| 20 | kTokenX509, | ||
| 21 | kTokenBearer, | ||
| 22 | }; | ||
| 23 | |||
| 24 | /** | ||
| 25 | * The credentials as a bag of bytes that can be passed to the download | ||
| 26 | * manager. Ownership of tokens is with the AuthzSessionManager. | ||
| 27 | */ | ||
| 28 | struct AuthzToken { | ||
| 29 | 1009 | AuthzToken() : type(kTokenUnknown), data(NULL), size(0) { } | |
| 30 | AuthzToken *DeepCopy(); | ||
| 31 | |||
| 32 | AuthzTokenType type; | ||
| 33 | void *data; | ||
| 34 | unsigned size; | ||
| 35 | }; | ||
| 36 | |||
| 37 | |||
| 38 | enum AuthzStatus { | ||
| 39 | kAuthzOk = 0, | ||
| 40 | kAuthzNotFound, | ||
| 41 | kAuthzInvalid, | ||
| 42 | kAuthzNotMember, | ||
| 43 | kAuthzNoHelper, | ||
| 44 | kAuthzUnknown, | ||
| 45 | }; | ||
| 46 | |||
| 47 | |||
| 48 | /** | ||
| 49 | * The credentials together with the membership string it was verified for. | ||
| 50 | * Entries expire. Negative credential verification can be represented, too, | ||
| 51 | * with status != kAuthzOk. | ||
| 52 | */ | ||
| 53 | struct AuthzData { | ||
| 54 | 996 | AuthzData() : deadline(0), status(kAuthzUnknown) { } | |
| 55 | /** | ||
| 56 | * The verification of the deadline is not included. | ||
| 57 | */ | ||
| 58 | 7 | bool IsGranted(const std::string &expected_membership) const { | |
| 59 |
4/4✓ Branch 0 taken 6 times.
✓ Branch 1 taken 1 times.
✓ Branch 3 taken 2 times.
✓ Branch 4 taken 4 times.
|
7 | return (status == kAuthzOk) && (membership == expected_membership); |
| 60 | } | ||
| 61 | AuthzToken token; | ||
| 62 | uint64_t deadline; | ||
| 63 | std::string membership; | ||
| 64 | AuthzStatus status; | ||
| 65 | }; | ||
| 66 | |||
| 67 | #endif // CVMFS_AUTHZ_AUTHZ_H_ | ||
| 68 |