authz_fetch.h

Go to the documentation of this file.

#ifndef CVMFS_AUTHZ_AUTHZ_FETCH_H_
#define CVMFS_AUTHZ_AUTHZ_FETCH_H_

#include <inttypes.h>
#include <pthread.h>
#include <unistd.h>

#include <string>

#include "authz/authz.h"
#include "gtest/gtest_prod.h"
#include "json_document.h"
#include "util/single_copy.h"

class OptionsManager;

class AuthzFetcher {
 public:
  struct QueryInfo {
    QueryInfo(pid_t p, uid_t u, gid_t g, const std::string &m)
        : pid(p), uid(u), gid(g), membership(m) { }
    pid_t pid;
    uid_t uid;
    gid_t gid;
    std::string membership;
  };

  virtual ~AuthzFetcher() { }

  virtual AuthzStatus Fetch(const QueryInfo &query_info,
                            AuthzToken *authz_token,
                            unsigned *ttl) = 0;
};


class AuthzStaticFetcher : public AuthzFetcher {
 public:
  AuthzStaticFetcher(AuthzStatus s, unsigned ttl) : status_(s), ttl_(ttl) { }
  virtual ~AuthzStaticFetcher() { }
  virtual AuthzStatus Fetch(const QueryInfo &query_info,
                            AuthzToken *authz_token,
                            unsigned *ttl) {
    *authz_token = AuthzToken();
    *ttl = ttl_;
    return status_;
  }

 private:
  AuthzStatus status_;
  unsigned ttl_;
};


enum AuthzExternalMsgIds {
  kAuthzMsgHandshake = 0,  
  kAuthzMsgReady,          
  kAuthzMsgVerify,         
  kAuthzMsgPermit,         
  kAuthzMsgQuit,           
  kAuthzMsgInvalid         
};


struct AuthzExternalMsg {
  AuthzExternalMsgIds msgid;
  int protocol_revision;
  struct {
    AuthzStatus status;
    AuthzToken token;
    uint32_t ttl;
  } permit;
};


class AuthzExternalFetcher : public AuthzFetcher, SingleCopy {
  FRIEND_TEST(T_AuthzFetch, ExecHelper);
  FRIEND_TEST(T_AuthzFetch, ExecHelperSlow);
  FRIEND_TEST(T_AuthzFetch, ParseMsg);
  FRIEND_TEST(T_AuthzFetch, Handshake);

 public:
  static const uint32_t kProtocolVersion;  // = 1;

  AuthzExternalFetcher(const std::string &fqrn,
                       const std::string &progname,
                       const std::string &search_path,
                       OptionsManager *options_manager);
  AuthzExternalFetcher(const std::string &fqrn, int fd_send, int fd_recv);
  virtual ~AuthzExternalFetcher();

  virtual AuthzStatus Fetch(const QueryInfo &query_info,
                            AuthzToken *authz_token,
                            unsigned *ttl);

 private:
  static const unsigned kChildTimeout = 5;

  static const int kMinTtl;  // = 0

  static const unsigned kDefaultTtl = 120;

  void InitLock();
  std::string FindHelper(const std::string &membership);
  void ExecHelper();
  bool Handshake();

  bool Send(const std::string &msg);
  bool Recv(std::string *msg);
  void EnterFailState();

  void StripAuthzSchema(const std::string &membership,
                        std::string *authz_schema,
                        std::string *pure_membership);
  bool ParseMsg(const std::string &json_msg,
                const AuthzExternalMsgIds expected_msgid,
                AuthzExternalMsg *binary_msg);
  bool ParseMsgId(JSON *json_authz, AuthzExternalMsg *binary_msg);
  bool ParseRevision(JSON *json_authz, AuthzExternalMsg *binary_msg);
  bool ParsePermit(JSON *json_authz, AuthzExternalMsg *binary_msg);

  void ReapHelper();

  std::string fqrn_;

  std::string progname_;

  std::string search_path_;

  int fd_send_;

  int fd_recv_;

  pid_t pid_;

  bool fail_state_;

  OptionsManager *options_manager_;

  pthread_mutex_t lock_;

  uint64_t next_start_;
};

#endif  // CVMFS_AUTHZ_AUTHZ_FETCH_H_