CernVM-FS  2.12.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
authz_session.h
Go to the documentation of this file.
1 
5 #ifndef CVMFS_AUTHZ_AUTHZ_SESSION_H_
6 #define CVMFS_AUTHZ_AUTHZ_SESSION_H_
7 
8 #include <inttypes.h>
9 #include <pthread.h>
10 #include <unistd.h>
11 
12 #include <string>
13 
14 #include "authz/authz.h"
15 #include "gtest/gtest_prod.h"
16 #include "smallhash.h"
17 #include "statistics.h"
18 #include "util/murmur.hxx"
19 #include "util/single_copy.h"
20 
21 class AuthzFetcher;
22 
23 // TODO(jblomer): add audit log
24 
39  FRIEND_TEST(T_AuthzSession, GetPidInfo);
40  FRIEND_TEST(T_AuthzSession, LookupAuthzData);
41  FRIEND_TEST(T_AuthzSession, LookupSessionKey);
42 
43  public:
44  static AuthzSessionManager *Create(AuthzFetcher *authz_fetcher,
45  perf::Statistics *statistics);
47 
48  AuthzToken *GetTokenCopy(const pid_t pid, const std::string &membership);
49  bool IsMemberOf(const pid_t pid, const std::string &membership);
50 
56  void ClearSessionCache();
57 
58  private:
62  static const unsigned kSweepInterval = 5;
63 
67  static const unsigned kPidLifetime = 120;
68 
72  struct PidKey {
73  PidKey() : pid(-1), uid(-1), gid(-1), sid(-1), pid_bday(0), deadline(0) { }
74  pid_t pid;
75  uid_t uid;
76  gid_t gid;
77  pid_t sid;
78  uint64_t pid_bday;
79  uint64_t deadline;
80 
81  bool operator ==(const PidKey &other) const {
82  return (pid == other.pid) &&
83  (pid_bday == other.pid_bday);
84  }
85 
86  bool operator !=(const PidKey &other) const {
87  return !(*this == other);
88  }
89  };
90 
94  struct SessionKey {
95  SessionKey() : sid(-1), sid_bday(0) { }
96  pid_t sid;
97  uint64_t sid_bday;
98 
99  bool operator ==(const SessionKey &other) const {
100  return (sid == other.sid) &&
101  (sid_bday == other.sid_bday);
102  }
103 
104  bool operator !=(const SessionKey &other) const {
105  return !(*this == other);
106  }
107  };
108 
109  static uint32_t HashPidKey(const PidKey &key) {
110  struct {
111  uint64_t bday;
112  pid_t pid;
113  } __attribute__((packed)) key_info;
114  key_info.pid = key.pid;
115  key_info.bday = key.pid_bday;
116  return MurmurHash2(&key_info, sizeof(key_info), 0x07387a4f);
117  }
118 
119  static uint32_t HashSessionKey(const SessionKey &key) {
120  struct {
121  uint64_t bday;
122  pid_t pid;
123  } __attribute__((packed)) key_info;
124  key_info.pid = key.sid;
125  key_info.bday = key.sid_bday;
126  return MurmurHash2(&key_info, sizeof(key_info), 0x07387a4f);
127  }
128 
130 
131  bool GetPidInfo(pid_t pid, PidKey *pid_key);
132  bool LookupSessionKey(pid_t pid, PidKey *pid_key, SessionKey *session_key);
133  void MaySweepPids();
134  void SweepPids(uint64_t now);
135 
136  bool LookupAuthzData(const PidKey &pid_key,
137  const SessionKey &session_key,
138  const std::string &membership,
139  AuthzData *authz_data);
140  void MaySweepCreds();
141  void SweepCreds(uint64_t now);
142 
147  pthread_mutex_t lock_pid2session_;
149 
154  pthread_mutex_t lock_session2cred_;
156 
162 
168 };
169 
170 #endif // CVMFS_AUTHZ_AUTHZ_SESSION_H_
bool operator==(const PidKey &other) const
Definition: authz_session.h:81
SmallHashDynamic< PidKey, SessionKey > pid2session_
pthread_mutex_t lock_pid2session_
perf::Counter * n_deny_
bool LookupAuthzData(const PidKey &pid_key, const SessionKey &session_key, const std::string &membership, AuthzData *authz_data)
bool LookupSessionKey(pid_t pid, PidKey *pid_key, SessionKey *session_key)
static const unsigned kPidLifetime
Definition: authz_session.h:67
static uint32_t HashSessionKey(const SessionKey &key)
void SweepCreds(uint64_t now)
bool operator!=(const PidKey &other) const
Definition: authz_session.h:86
SmallHashDynamic< SessionKey, AuthzData > session2cred_
bool GetPidInfo(pid_t pid, PidKey *pid_key)
AuthzFetcher * authz_fetcher_
AuthzToken * GetTokenCopy(const pid_t pid, const std::string &membership)
struct cvmcache_object_info __attribute__
Definition: atomic.h:24
void SweepPids(uint64_t now)
uint64_t deadline_sweep_creds_
perf::Counter * no_session_
static AuthzSessionManager * Create(AuthzFetcher *authz_fetcher, perf::Statistics *statistics)
static uint32_t HashPidKey(const PidKey &key)
bool IsMemberOf(const pid_t pid, const std::string &membership)
pthread_mutex_t lock_session2cred_
perf::Counter * no_pid_
bool operator==(const SessionKey &other) const
Definition: authz_session.h:99
FRIEND_TEST(T_AuthzSession, GetPidInfo)
perf::Counter * n_grant_
bool operator!=(const SessionKey &other) const
perf::Counter * n_fetch_
static const unsigned kSweepInterval
Definition: authz_session.h:62
uint64_t deadline_sweep_pids_
uint32_t MurmurHash2(const void *key, int len, uint32_t seed)
Definition: murmur.hxx:23