xrootd
XrdMacaroonsAuthz.hh
Go to the documentation of this file.
1 
2 #include "XrdAcc/XrdAccAuthorize.hh"
3 #include "XrdSciTokens/XrdSciTokensHelper.hh"
4 #include "XrdSys/XrdSysError.hh"
5 
6 
7 class XrdSysError;
8 
9 namespace Macaroons
10 {
11 
12 class Authz final : public XrdAccAuthorize, public XrdSciTokensHelper
13 {
14 public:
15  Authz(XrdSysLogger *lp, const char *parms, XrdAccAuthorize *chain);
16 
17  virtual ~Authz() {}
18 
19  virtual XrdAccPrivs Access(const XrdSecEntity *Entity,
20  const char *path,
21  const Access_Operation oper,
22  XrdOucEnv *env) override;
23 
24  // Do a minimal validation that this is a non-expired token; used
25  // for session tokens.
26  virtual bool Validate(const char *token,
27  std::string &emsg,
28  long long *expT,
29  XrdSecEntity *entP) override;
30 
31  virtual int Audit(const int accok, const XrdSecEntity *Entity,
32  const char *path, const Access_Operation oper,
33  XrdOucEnv *Env) override
34  {
35  return 0;
36  }
37 
38  virtual int Test(const XrdAccPrivs priv,
39  const Access_Operation oper) override
40  {
41  return 0;
42  }
43 
44  // Macaroons don't have a concept off an "issuers"; return an empty
45  // list.
46  virtual Issuers IssuerList() {return Issuers();}
47 
48 private:
49  XrdAccPrivs OnMissing(const XrdSecEntity *Entity,
50  const char *path,
51  const Access_Operation oper,
52  XrdOucEnv *env);
53 
54  ssize_t m_max_duration;
55  XrdAccAuthorize *m_chain;
56  XrdSysError m_log;
57  std::string m_secret;
58  std::string m_location;
59  int m_authz_behavior;
60 };
61 
62 }
Access_Operation
Access_Operation
The following are supported operations.
Definition: XrdAccAuthorize.hh:41
XrdAccPrivs
XrdAccPrivs
Definition: XrdAccPrivs.hh:39
Macaroons::Authz
Definition: XrdMacaroonsAuthz.hh:13
Macaroons::Authz::m_location
std::string m_location
Definition: XrdMacaroonsAuthz.hh:58
Macaroons::Authz::Audit
virtual int Audit(const int accok, const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *Env) override
Definition: XrdMacaroonsAuthz.hh:31
Macaroons::Authz::m_authz_behavior
int m_authz_behavior
Definition: XrdMacaroonsAuthz.hh:59
Macaroons::Authz::Test
virtual int Test(const XrdAccPrivs priv, const Access_Operation oper) override
Definition: XrdMacaroonsAuthz.hh:38
Macaroons::Authz::m_max_duration
ssize_t m_max_duration
Definition: XrdMacaroonsAuthz.hh:54
Macaroons::Authz::~Authz
virtual ~Authz()
Definition: XrdMacaroonsAuthz.hh:17
Macaroons::Authz::IssuerList
virtual Issuers IssuerList()
Definition: XrdMacaroonsAuthz.hh:46
Macaroons::Authz::m_log
XrdSysError m_log
Definition: XrdMacaroonsAuthz.hh:56
Macaroons::Authz::Validate
virtual bool Validate(const char *token, std::string &emsg, long long *expT, XrdSecEntity *entP) override
Macaroons::Authz::m_secret
std::string m_secret
Definition: XrdMacaroonsAuthz.hh:57
Macaroons::Authz::Authz
Authz(XrdSysLogger *lp, const char *parms, XrdAccAuthorize *chain)
Macaroons::Authz::m_chain
XrdAccAuthorize * m_chain
Definition: XrdMacaroonsAuthz.hh:55
Macaroons::Authz::OnMissing
XrdAccPrivs OnMissing(const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *env)
Macaroons::Authz::Access
virtual XrdAccPrivs Access(const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *env) override
XrdAccAuthorize
Definition: XrdAccAuthorize.hh:68
XrdOucEnv
Definition: XrdOucEnv.hh:42
XrdSciTokensHelper
Definition: XrdSciTokensHelper.hh:21
XrdSciTokensHelper::Issuers
std::vector< ValidIssuer > Issuers
Definition: XrdSciTokensHelper.hh:37
XrdSecEntity
Definition: XrdSecEntity.hh:64
XrdSysError
Definition: XrdSysError.hh:90
XrdSysLogger
Definition: XrdSysLogger.hh:53
Macaroons
Definition: XrdMacaroonsAuthz.hh:10
Generated by doxygen 1.9.1