CernVM-FS  2.13.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
authz_session.h
Go to the documentation of this file.
1 
5 #ifndef CVMFS_AUTHZ_AUTHZ_SESSION_H_
6 #define CVMFS_AUTHZ_AUTHZ_SESSION_H_
7 
8 #include <inttypes.h>
9 #include <pthread.h>
10 #include <unistd.h>
11 
12 #include <string>
13 
14 #include "authz/authz.h"
15 #include "gtest/gtest_prod.h"
16 #include "smallhash.h"
17 #include "statistics.h"
18 #include "util/murmur.hxx"
19 #include "util/single_copy.h"
20 
21 class AuthzFetcher;
22 
23 // TODO(jblomer): add audit log
24 
39  FRIEND_TEST(T_AuthzSession, GetPidInfo);
40  FRIEND_TEST(T_AuthzSession, LookupAuthzData);
41  FRIEND_TEST(T_AuthzSession, LookupSessionKey);
42 
43  public:
44  static AuthzSessionManager *Create(AuthzFetcher *authz_fetcher,
45  perf::Statistics *statistics);
47 
48  AuthzToken *GetTokenCopy(const pid_t pid, const std::string &membership);
49  bool IsMemberOf(const pid_t pid, const std::string &membership);
50 
56  void ClearSessionCache();
57 
58  private:
62  static const unsigned kSweepInterval = 5;
63 
67  static const unsigned kPidLifetime = 120;
68 
72  struct PidKey {
73  PidKey() : pid(-1), uid(-1), gid(-1), sid(-1), pid_bday(0), deadline(0) { }
74  pid_t pid;
75  uid_t uid;
76  gid_t gid;
77  pid_t sid;
78  uint64_t pid_bday;
79  uint64_t deadline;
80 
81  bool operator==(const PidKey &other) const {
82  return (pid == other.pid) && (pid_bday == other.pid_bday);
83  }
84 
85  bool operator!=(const PidKey &other) const { return !(*this == other); }
86  };
87 
91  struct SessionKey {
92  SessionKey() : sid(-1), sid_bday(0) { }
93  pid_t sid;
94  uint64_t sid_bday;
95 
96  bool operator==(const SessionKey &other) const {
97  return (sid == other.sid) && (sid_bday == other.sid_bday);
98  }
99 
100  bool operator!=(const SessionKey &other) const { return !(*this == other); }
101  };
102 
103  static uint32_t HashPidKey(const PidKey &key) {
104  struct {
105  uint64_t bday;
106  pid_t pid;
107  } __attribute__((packed)) key_info;
108  key_info.pid = key.pid;
109  key_info.bday = key.pid_bday;
110  return MurmurHash2(&key_info, sizeof(key_info), 0x07387a4f);
111  }
112 
113  static uint32_t HashSessionKey(const SessionKey &key) {
114  struct {
115  uint64_t bday;
116  pid_t pid;
117  } __attribute__((packed)) key_info;
118  key_info.pid = key.sid;
119  key_info.bday = key.sid_bday;
120  return MurmurHash2(&key_info, sizeof(key_info), 0x07387a4f);
121  }
122 
124 
125  bool GetPidInfo(pid_t pid, PidKey *pid_key);
126  bool LookupSessionKey(pid_t pid, PidKey *pid_key, SessionKey *session_key);
127  void MaySweepPids();
128  void SweepPids(uint64_t now);
129 
130  bool LookupAuthzData(const PidKey &pid_key,
131  const SessionKey &session_key,
132  const std::string &membership,
133  AuthzData *authz_data);
134  void MaySweepCreds();
135  void SweepCreds(uint64_t now);
136 
141  pthread_mutex_t lock_pid2session_;
143 
148  pthread_mutex_t lock_session2cred_;
150 
156 
162 };
163 
164 #endif // CVMFS_AUTHZ_AUTHZ_SESSION_H_
bool operator==(const PidKey &other) const
Definition: authz_session.h:81
SmallHashDynamic< PidKey, SessionKey > pid2session_
pthread_mutex_t lock_pid2session_
perf::Counter * n_deny_
bool LookupAuthzData(const PidKey &pid_key, const SessionKey &session_key, const std::string &membership, AuthzData *authz_data)
bool LookupSessionKey(pid_t pid, PidKey *pid_key, SessionKey *session_key)
static const unsigned kPidLifetime
Definition: authz_session.h:67
static uint32_t HashSessionKey(const SessionKey &key)
void SweepCreds(uint64_t now)
bool operator!=(const PidKey &other) const
Definition: authz_session.h:85
SmallHashDynamic< SessionKey, AuthzData > session2cred_
bool GetPidInfo(pid_t pid, PidKey *pid_key)
AuthzFetcher * authz_fetcher_
AuthzToken * GetTokenCopy(const pid_t pid, const std::string &membership)
struct cvmcache_object_info __attribute__
Definition: atomic.h:24
void SweepPids(uint64_t now)
uint64_t deadline_sweep_creds_
perf::Counter * no_session_
static AuthzSessionManager * Create(AuthzFetcher *authz_fetcher, perf::Statistics *statistics)
static uint32_t HashPidKey(const PidKey &key)
bool IsMemberOf(const pid_t pid, const std::string &membership)
pthread_mutex_t lock_session2cred_
perf::Counter * no_pid_
bool operator==(const SessionKey &other) const
Definition: authz_session.h:96
FRIEND_TEST(T_AuthzSession, GetPidInfo)
perf::Counter * n_grant_
bool operator!=(const SessionKey &other) const
perf::Counter * n_fetch_
static const unsigned kSweepInterval
Definition: authz_session.h:62
uint64_t deadline_sweep_pids_
uint32_t MurmurHash2(const void *key, int len, uint32_t seed)
Definition: murmur.hxx:23