CernVM-FS  2.12.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
authz_fetch.h
Go to the documentation of this file.
1 
5 #ifndef CVMFS_AUTHZ_AUTHZ_FETCH_H_
6 #define CVMFS_AUTHZ_AUTHZ_FETCH_H_
7 
8 #include <inttypes.h>
9 #include <pthread.h>
10 #include <unistd.h>
11 
12 #include <string>
13 
14 #include "authz/authz.h"
15 #include "gtest/gtest_prod.h"
16 #include "json_document.h"
17 #include "util/single_copy.h"
18 
19 class OptionsManager;
20 
21 class AuthzFetcher {
22  public:
23  struct QueryInfo {
24  QueryInfo(pid_t p, uid_t u, gid_t g, const std::string &m)
25  : pid(p), uid(u), gid(g), membership(m) { }
26  pid_t pid;
27  uid_t uid;
28  gid_t gid;
29  std::string membership;
30  };
31 
32  virtual ~AuthzFetcher() { }
33 
38  virtual AuthzStatus Fetch(const QueryInfo &query_info,
39  AuthzToken *authz_token,
40  unsigned *ttl) = 0;
41 };
42 
43 
48  public:
49  AuthzStaticFetcher(AuthzStatus s, unsigned ttl) : status_(s), ttl_(ttl) { }
50  virtual ~AuthzStaticFetcher() { }
51  virtual AuthzStatus Fetch(const QueryInfo &query_info,
52  AuthzToken *authz_token,
53  unsigned *ttl)
54  {
55  *authz_token = AuthzToken();
56  *ttl = ttl_;
57  return status_;
58  }
59 
60  private:
62  unsigned ttl_;
63 };
64 
65 
76 };
77 
78 
86  struct {
89  uint32_t ttl;
90  } permit;
91 };
92 
93 
102  FRIEND_TEST(T_AuthzFetch, ExecHelper);
103  FRIEND_TEST(T_AuthzFetch, ExecHelperSlow);
104  FRIEND_TEST(T_AuthzFetch, ParseMsg);
105  FRIEND_TEST(T_AuthzFetch, Handshake);
106 
107  public:
112  static const uint32_t kProtocolVersion; // = 1;
113 
114  AuthzExternalFetcher(const std::string &fqrn,
115  const std::string &progname,
116  const std::string &search_path,
117  OptionsManager *options_manager);
118  AuthzExternalFetcher(const std::string &fqrn, int fd_send, int fd_recv);
119  virtual ~AuthzExternalFetcher();
120 
121  virtual AuthzStatus Fetch(const QueryInfo &query_info,
122  AuthzToken *authz_token,
123  unsigned *ttl);
124 
125  private:
129  static const unsigned kChildTimeout = 5;
130 
134  static const int kMinTtl; // = 0
135 
139  static const unsigned kDefaultTtl = 120;
140 
141  void InitLock();
142  std::string FindHelper(const std::string &membership);
143  void ExecHelper();
144  bool Handshake();
145 
146  bool Send(const std::string &msg);
147  bool Recv(std::string *msg);
148  void EnterFailState();
149 
150  void StripAuthzSchema(const std::string &membership,
151  std::string *authz_schema,
152  std::string *pure_membership);
153  bool ParseMsg(const std::string &json_msg,
154  const AuthzExternalMsgIds expected_msgid,
155  AuthzExternalMsg *binary_msg);
156  bool ParseMsgId(JSON *json_authz, AuthzExternalMsg *binary_msg);
157  bool ParseRevision(JSON *json_authz, AuthzExternalMsg *binary_msg);
158  bool ParsePermit(JSON *json_authz, AuthzExternalMsg *binary_msg);
159 
160  void ReapHelper();
161 
165  std::string fqrn_;
166 
170  std::string progname_;
171 
175  std::string search_path_;
176 
180  int fd_send_;
181 
185  int fd_recv_;
186 
190  pid_t pid_;
191 
197 
202 
206  pthread_mutex_t lock_;
207 
212  uint64_t next_start_;
213 };
214 
215 #endif // CVMFS_AUTHZ_AUTHZ_FETCH_H_
AuthzExternalMsgIds msgid
Definition: authz_fetch.h:84
std::string search_path_
Definition: authz_fetch.h:175
AuthzExternalFetcher(const std::string &fqrn, const std::string &progname, const std::string &search_path, OptionsManager *options_manager)
QueryInfo(pid_t p, uid_t u, gid_t g, const std::string &m)
Definition: authz_fetch.h:24
std::string membership
Definition: authz_fetch.h:29
virtual AuthzStatus Fetch(const QueryInfo &query_info, AuthzToken *authz_token, unsigned *ttl)=0
static const unsigned kChildTimeout
Definition: authz_fetch.h:129
Helper: &quot;I verified, cvmfs, here&#39;s the result&quot;.
Definition: authz_fetch.h:73
void StripAuthzSchema(const std::string &membership, std::string *authz_schema, std::string *pure_membership)
Definition: authz_fetch.cc:607
pthread_mutex_t lock_
Definition: authz_fetch.h:206
bool ParseMsgId(JSON *json_authz, AuthzExternalMsg *binary_msg)
Definition: authz_fetch.cc:418
virtual ~AuthzFetcher()
Definition: authz_fetch.h:32
static const uint32_t kProtocolVersion
Definition: authz_fetch.h:112
Helper: &quot;Yes, cvmfs, I&#39;m here&quot;.
Definition: authz_fetch.h:71
std::string progname_
Definition: authz_fetch.h:170
AuthzToken token
Definition: authz_fetch.h:88
OptionsManager * options_manager_
Definition: authz_fetch.h:201
bool ParsePermit(JSON *json_authz, AuthzExternalMsg *binary_msg)
Definition: authz_fetch.cc:451
bool Recv(std::string *msg)
Definition: authz_fetch.cc:566
virtual ~AuthzStaticFetcher()
Definition: authz_fetch.h:50
virtual AuthzStatus Fetch(const QueryInfo &query_info, AuthzToken *authz_token, unsigned *ttl)
Definition: authz_fetch.h:51
std::string FindHelper(const std::string &membership)
Definition: authz_fetch.cc:279
Cvmfs: &quot;Please verify, helper&quot;.
Definition: authz_fetch.h:72
AuthzStatus status
Definition: authz_fetch.h:87
struct AuthzExternalMsg::@0 permit
bool ParseRevision(JSON *json_authz, AuthzExternalMsg *binary_msg)
Definition: authz_fetch.cc:539
virtual ~AuthzExternalFetcher()
Definition: authz_fetch.cc:71
static const int kMinTtl
Definition: authz_fetch.h:134
virtual AuthzStatus Fetch(const QueryInfo &query_info, AuthzToken *authz_token, unsigned *ttl)
Definition: authz_fetch.cc:220
bool ParseMsg(const std::string &json_msg, const AuthzExternalMsgIds expected_msgid, AuthzExternalMsg *binary_msg)
Definition: authz_fetch.cc:372
bool Send(const std::string &msg)
Definition: authz_fetch.cc:338
Cvmfs: &quot;Hello, helper, are you there?&quot;.
Definition: authz_fetch.h:70
Cvmfs: &quot;Please shutdown, helper&quot;.
Definition: authz_fetch.h:74
AuthzStaticFetcher(AuthzStatus s, unsigned ttl)
Definition: authz_fetch.h:49
FRIEND_TEST(T_AuthzFetch, ExecHelper)
AuthzExternalMsgIds
Definition: authz_fetch.h:69
static const unsigned kDefaultTtl
Definition: authz_fetch.h:139
First invalid message id.
Definition: authz_fetch.h:75
struct json_value JSON
Definition: helper_allow.cc:11
AuthzStatus
Definition: authz.h:38
AuthzStatus status_
Definition: authz_fetch.h:61