CernVM-FS  2.9.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
AuthzSessionManager Class Reference

#include <authz_session.h>

Inheritance diagram for AuthzSessionManager:
Collaboration diagram for AuthzSessionManager:

Classes

struct  PidKey
 
struct  SessionKey
 

Public Member Functions

 ~AuthzSessionManager ()
 
AuthzTokenGetTokenCopy (const pid_t pid, const std::string &membership)
 
bool IsMemberOf (const pid_t pid, const std::string &membership)
 
void ClearSessionCache ()
 

Static Public Member Functions

static AuthzSessionManagerCreate (AuthzFetcher *authz_fetcher, perf::Statistics *statistics)
 

Private Member Functions

 FRIEND_TEST (T_AuthzSession, GetPidInfo)
 
 FRIEND_TEST (T_AuthzSession, LookupAuthzData)
 
 FRIEND_TEST (T_AuthzSession, LookupSessionKey)
 
 AuthzSessionManager ()
 
bool GetPidInfo (pid_t pid, PidKey *pid_key)
 
bool LookupSessionKey (pid_t pid, PidKey *pid_key, SessionKey *session_key)
 
void MaySweepPids ()
 
void SweepPids (uint64_t now)
 
bool LookupAuthzData (const PidKey &pid_key, const SessionKey &session_key, const std::string &membership, AuthzData *authz_data)
 
void MaySweepCreds ()
 
void SweepCreds (uint64_t now)
 
- Private Member Functions inherited from SingleCopy
 SingleCopy ()
 

Static Private Member Functions

static uint32_t HashPidKey (const PidKey &key)
 
static uint32_t HashSessionKey (const SessionKey &key)
 

Private Attributes

SmallHashDynamic< PidKey,
SessionKey
pid2session_
 
pthread_mutex_t lock_pid2session_
 
uint64_t deadline_sweep_pids_
 
SmallHashDynamic< SessionKey,
AuthzData
session2cred_
 
pthread_mutex_t lock_session2cred_
 
uint64_t deadline_sweep_creds_
 
AuthzFetcherauthz_fetcher_
 
perf::Counterno_pid_
 
perf::Counterno_session_
 
perf::Countern_fetch_
 
perf::Countern_grant_
 
perf::Countern_deny_
 

Static Private Attributes

static const unsigned kSweepInterval = 5
 
static const unsigned kPidLifetime = 120
 

Detailed Description

The authorization manager maintains a list of sessions (sid and its birthday) and their associated credentials. It is used to pass the credentials to the download module and to control access to the repository. Every credential has a membership (a string) associated with it. The credential is thereby confirmed to be a member of the specified group. The group/membership can be anything, for instance a role in a certificate. It is stored in the cvmfs root file catalog.

An AuthzFetcher is used to gather credentials that are not cached. Note that the credentials are fetched using original pid/uid/gid but cached under the session.

Definition at line 38 of file authz_session.h.

Constructor & Destructor Documentation

AuthzSessionManager::~AuthzSessionManager ( )

Definition at line 49 of file authz_session.cc.

Here is the call graph for this function:

AuthzSessionManager::AuthzSessionManager ( )
private

Definition at line 29 of file authz_session.cc.

Referenced by Create().

Here is the call graph for this function:

Here is the caller graph for this function:

Member Function Documentation

void AuthzSessionManager::ClearSessionCache ( )

When the membership string in the root file catalog changes, all entries in the cache become invalid because they only vouch for the previous membership entry. This function is called by MountPoint::ReEvaluateAuthz.

Definition at line 65 of file authz_session.cc.

Referenced by MountPoint::ReEvaluateAuthz().

Here is the call graph for this function:

Here is the caller graph for this function:

AuthzSessionManager * AuthzSessionManager::Create ( AuthzFetcher authz_fetcher,
perf::Statistics statistics 
)
static

Definition at line 72 of file authz_session.cc.

Referenced by MountPoint::CreateAuthz().

Here is the call graph for this function:

Here is the caller graph for this function:

AuthzSessionManager::FRIEND_TEST ( T_AuthzSession  ,
GetPidInfo   
)
private
AuthzSessionManager::FRIEND_TEST ( T_AuthzSession  ,
LookupAuthzData   
)
private
AuthzSessionManager::FRIEND_TEST ( T_AuthzSession  ,
LookupSessionKey   
)
private
bool AuthzSessionManager::GetPidInfo ( pid_t  pid,
PidKey pid_key 
)
private

Gathers SID, birthday, uid, and gid from given PID.

Definition at line 96 of file authz_session.cc.

Referenced by LookupSessionKey().

Here is the call graph for this function:

Here is the caller graph for this function:

AuthzToken * AuthzSessionManager::GetTokenCopy ( const pid_t  pid,
const std::string &  membership 
)

Caller is responsible for freeing the returned token.

Definition at line 178 of file authz_session.cc.

Referenced by AuthzAttachment::ConfigureCurlHandle().

Here is the call graph for this function:

Here is the caller graph for this function:

static uint32_t AuthzSessionManager::HashPidKey ( const PidKey key)
inlinestaticprivate

Definition at line 109 of file authz_session.h.

Referenced by AuthzSessionManager().

Here is the call graph for this function:

Here is the caller graph for this function:

static uint32_t AuthzSessionManager::HashSessionKey ( const SessionKey key)
inlinestaticprivate

Definition at line 119 of file authz_session.h.

Referenced by AuthzSessionManager().

Here is the call graph for this function:

Here is the caller graph for this function:

bool AuthzSessionManager::IsMemberOf ( const pid_t  pid,
const std::string &  membership 
)

Definition at line 197 of file authz_session.cc.

Referenced by cvmfs::CheckVoms().

Here is the call graph for this function:

Here is the caller graph for this function:

bool AuthzSessionManager::LookupAuthzData ( const PidKey pid_key,
const SessionKey session_key,
const std::string &  membership,
AuthzData authz_data 
)
private

Calls out to the AuthzFetcher if the data is not cached. Verifies the membership.

Definition at line 216 of file authz_session.cc.

Referenced by GetTokenCopy(), and IsMemberOf().

Here is the call graph for this function:

Here is the caller graph for this function:

bool AuthzSessionManager::LookupSessionKey ( pid_t  pid,
PidKey pid_key,
SessionKey session_key 
)
private

Translate a PID and its birthday into an SID and its birthday. The Session ID and its birthday together with UID and GID make the Session Key. The translation result is cached in pid2session_.

Definition at line 276 of file authz_session.cc.

Referenced by GetTokenCopy(), and IsMemberOf().

Here is the call graph for this function:

Here is the caller graph for this function:

void AuthzSessionManager::MaySweepCreds ( )
private

Scan through old sessions only every so often.

Definition at line 331 of file authz_session.cc.

Referenced by LookupAuthzData().

Here is the call graph for this function:

Here is the caller graph for this function:

void AuthzSessionManager::MaySweepPids ( )
private

Scan through old PIDs only every so often.

Definition at line 343 of file authz_session.cc.

Referenced by LookupSessionKey().

Here is the call graph for this function:

Here is the caller graph for this function:

void AuthzSessionManager::SweepCreds ( uint64_t  now)
private

Remove cache PIDs with expired cache life time. TODO(jblomer): a generalized sweeping can become part of smallhash

Definition at line 356 of file authz_session.cc.

Referenced by MaySweepCreds().

Here is the call graph for this function:

Here is the caller graph for this function:

void AuthzSessionManager::SweepPids ( uint64_t  now)
private

Remove cache PIDs with expired cache life time. TODO(jblomer): a generalized sweeping can become part of smallhash

Definition at line 378 of file authz_session.cc.

Referenced by MaySweepPids().

Here is the call graph for this function:

Here is the caller graph for this function:

Member Data Documentation

AuthzFetcher* AuthzSessionManager::authz_fetcher_
private

The helper that takes care of bringing in credentials from the client context.

Definition at line 161 of file authz_session.h.

Referenced by Create(), and LookupAuthzData().

uint64_t AuthzSessionManager::deadline_sweep_creds_
private

Definition at line 155 of file authz_session.h.

Referenced by MaySweepCreds().

uint64_t AuthzSessionManager::deadline_sweep_pids_
private

Definition at line 148 of file authz_session.h.

Referenced by MaySweepPids().

const unsigned AuthzSessionManager::kPidLifetime = 120
staticprivate

Pid to session information is cached for 2 minutes.

Definition at line 67 of file authz_session.h.

Referenced by LookupSessionKey().

const unsigned AuthzSessionManager::kSweepInterval = 5
staticprivate

Sweep caches from old entries not more often than every 5 seconds.

Definition at line 62 of file authz_session.h.

Referenced by MaySweepCreds(), and MaySweepPids().

pthread_mutex_t AuthzSessionManager::lock_pid2session_
private

Definition at line 147 of file authz_session.h.

Referenced by AuthzSessionManager(), LookupSessionKey(), and ~AuthzSessionManager().

pthread_mutex_t AuthzSessionManager::lock_session2cred_
private
perf::Counter* AuthzSessionManager::n_deny_
private

Definition at line 167 of file authz_session.h.

Referenced by Create(), and LookupAuthzData().

perf::Counter* AuthzSessionManager::n_fetch_
private

Definition at line 165 of file authz_session.h.

Referenced by Create(), and LookupAuthzData().

perf::Counter* AuthzSessionManager::n_grant_
private

Definition at line 166 of file authz_session.h.

Referenced by Create(), and LookupAuthzData().

perf::Counter* AuthzSessionManager::no_pid_
private

Definition at line 163 of file authz_session.h.

Referenced by Create(), LookupSessionKey(), and SweepPids().

perf::Counter* AuthzSessionManager::no_session_
private

Definition at line 164 of file authz_session.h.

Referenced by ClearSessionCache(), Create(), LookupAuthzData(), and SweepCreds().

SmallHashDynamic<PidKey, SessionKey> AuthzSessionManager::pid2session_
private

Caches (extended) session information for an (extended) pid.

Definition at line 146 of file authz_session.h.

Referenced by AuthzSessionManager(), LookupSessionKey(), and SweepPids().

SmallHashDynamic<SessionKey, AuthzData> AuthzSessionManager::session2cred_
private

Caches credentials corresponding to a session.

Definition at line 153 of file authz_session.h.

Referenced by AuthzSessionManager(), ClearSessionCache(), LookupAuthzData(), SweepCreds(), and ~AuthzSessionManager().


The documentation for this class was generated from the following files: