2009-07-09 18:34:34 +04:00
/* -------------------------------------------------------------------------- */
2023-01-09 14:23:19 +03:00
/* Copyright 2002-2023, OpenNebula Project, OpenNebula Systems */
2009-07-09 18:34:34 +04:00
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
# ifndef USER_H_
# define USER_H_
2019-12-10 13:45:15 +03:00
# include "PoolObjectSQL.h"
2011-10-11 02:20:50 +04:00
# include "UserTemplate.h"
2013-08-23 14:39:14 +04:00
# include "ObjectCollection.h"
2014-01-22 02:21:18 +04:00
# include "QuotasSQL.h"
2014-09-03 16:10:45 +04:00
# include "LoginToken.h"
2019-09-09 14:13:52 +03:00
# include "VMActions.h"
# include "AuthRequest.h"
2014-01-22 02:21:18 +04:00
2009-07-09 18:34:34 +04:00
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
/**
2010-04-05 02:07:31 +04:00
* The User class .
2009-07-09 18:34:34 +04:00
*/
2016-03-02 01:31:31 +03:00
class User : public PoolObjectSQL
2009-07-09 18:34:34 +04:00
{
public :
2010-04-05 02:07:31 +04:00
2020-09-10 10:08:29 +03:00
virtual ~ User ( ) = default ;
2011-10-18 20:48:31 +04:00
/**
* Characters that can not be in a name
*/
2020-07-02 23:42:10 +03:00
static const std : : string INVALID_NAME_CHARS ;
2011-10-18 20:48:31 +04:00
2011-09-09 20:31:46 +04:00
/**
* Characters that can not be in a password
*/
2020-07-02 23:42:10 +03:00
static const std : : string INVALID_PASS_CHARS ;
2011-09-09 20:31:46 +04:00
2010-04-05 02:07:31 +04:00
/**
* Function to print the User object into a string in XML format
* @ param xml the resulting XML string
* @ return a reference to the generated string
*/
2020-07-02 23:42:10 +03:00
std : : string & to_xml ( std : : string & xml ) const override ;
2010-04-05 02:07:31 +04:00
2013-02-28 17:53:34 +04:00
/**
* Function to print the User object into a string in
* XML format . The extended XML includes the default quotas
* @ param xml the resulting XML string
* @ return a reference to the generated string
*/
2020-07-02 23:42:10 +03:00
std : : string & to_xml_extended ( std : : string & xml ) const ;
2013-02-28 17:53:34 +04:00
2009-07-09 18:34:34 +04:00
/**
* Check if the user is enabled
* @ return true if the user is enabled
*/
bool isEnabled ( ) const
{
return enabled ;
}
2010-04-05 02:07:31 +04:00
2009-07-09 18:34:34 +04:00
/**
* Returns user password
2011-10-20 21:22:42 +04:00
* @ return the User ' s password
2009-07-09 18:34:34 +04:00
*/
2020-07-02 23:42:10 +03:00
const std : : string & get_password ( ) const
2009-07-09 18:34:34 +04:00
{
2010-04-05 02:07:31 +04:00
return password ;
} ;
/**
2009-07-09 18:34:34 +04:00
* Enables the current user
2010-04-05 02:07:31 +04:00
*/
2009-07-09 18:34:34 +04:00
void enable ( )
{
enabled = true ;
} ;
2010-04-05 02:07:31 +04:00
2009-07-09 18:34:34 +04:00
/**
* Disables the current user
2010-04-05 02:07:31 +04:00
*/
2009-07-09 18:34:34 +04:00
void disable ( )
{
enabled = false ;
2014-09-03 19:15:13 +04:00
2017-10-19 17:41:42 +03:00
session - > reset ( ) ;
2016-08-31 15:52:33 +03:00
login_tokens . reset ( ) ;
2009-07-09 18:34:34 +04:00
} ;
2010-04-05 02:07:31 +04:00
2011-10-18 20:48:31 +04:00
/**
* Checks if a password is valid , i . e . it is not empty and does not
* contain invalid characters .
* @ param pass Password to be checked
* @ param error_str Returns the error reason , if any
* @ return true if the string is valid
*/
2020-07-02 23:42:10 +03:00
static bool pass_is_valid ( const std : : string & pass , std : : string & error_str ) ;
2011-09-09 20:31:46 +04:00
/**
* Sets user password . It checks that the new password does not contain
* forbidden chars .
* @ param _password the new pass
2011-09-13 19:50:45 +04:00
* @ param error_str Returns the error reason , if any
2011-09-09 20:31:46 +04:00
* @ returns - 1 if the password is not valid
2009-07-09 18:34:34 +04:00
*/
2020-07-02 23:42:10 +03:00
int set_password ( const std : : string & passwd , std : : string & error_str ) ;
2010-04-05 02:07:31 +04:00
2011-10-20 21:22:42 +04:00
/**
* Returns user password
* @ return the user ' s auth driver
*/
2020-07-02 23:42:10 +03:00
const std : : string & get_auth_driver ( ) const
2011-10-20 21:22:42 +04:00
{
return auth_driver ;
} ;
2011-10-17 17:08:00 +04:00
/**
* Sets the user auth driver .
*
* @ param _auth_driver the new auth . driver
* @ param error_str Returns the error reason , if any
* @ return 0 on success , - 1 otherwise
*/
2020-07-02 23:42:10 +03:00
int set_auth_driver ( const std : : string & _auth_driver , std : : string & error_str )
2011-10-17 17:08:00 +04:00
{
auth_driver = _auth_driver ;
2017-10-19 17:41:42 +03:00
session - > reset ( ) ;
2011-10-17 17:08:00 +04:00
return 0 ;
} ;
2009-07-09 18:34:34 +04:00
/**
* Splits an authentication token ( < usr > : < pass > )
* @ param secret , the authentication token
* @ param username
* @ param password
2010-04-05 02:07:31 +04:00
* @ return 0 on success
2009-07-09 18:34:34 +04:00
* */
2020-07-02 23:42:10 +03:00
static int split_secret ( const std : : string secret ,
std : : string & user ,
std : : string & pass ) ;
2009-07-09 18:34:34 +04:00
2011-10-11 02:20:50 +04:00
/**
* Factory method for image templates
*/
2020-09-15 12:16:00 +03:00
std : : unique_ptr < Template > get_new_template ( ) const override
2011-10-11 02:20:50 +04:00
{
2020-09-15 12:16:00 +03:00
return std : : make_unique < UserTemplate > ( ) ;
2011-10-11 02:20:50 +04:00
}
2012-05-29 02:36:13 +04:00
2013-01-21 17:38:07 +04:00
/**
* Returns the UMASK template attribute ( read as an octal number ) , or the
* default UMASK from oned . conf if it does not exist
*
* @ return the UMASK to create new objects
*/
int get_umask ( ) const ;
2014-05-27 14:58:46 +04:00
/**
* Returns the default UMASK attribute ( octal ) from oned . conf
*
* @ return the UMASK to create new objects
*/
static int get_default_umask ( ) ;
2013-08-23 14:39:14 +04:00
/**
* Returns a copy of the groups for the user
*/
2020-07-05 23:01:32 +03:00
const std : : set < int > & get_groups ( ) const
2013-08-23 14:39:14 +04:00
{
2020-07-05 23:01:32 +03:00
return groups . get_collection ( ) ;
2013-08-23 14:39:14 +04:00
} ;
// *************************************************************************
// Group IDs set Management
// *************************************************************************
/**
* Adds a group ID to the groups set .
*
* @ param id The new id
* @ return 0 on success , - 1 if the ID was already in the set
*/
int add_group ( int group_id )
{
2016-03-02 01:31:31 +03:00
return groups . add ( group_id ) ;
2013-08-23 14:39:14 +04:00
}
/**
* Deletes a group ID from the groups set .
*
* @ param id The id
* @ return 0 on success ,
* - 1 if the ID was not in the set ,
* - 2 if the group to delete is the main group
*/
int del_group ( int group_id )
{
2019-09-03 17:31:51 +03:00
if ( group_id = = gid )
2013-08-23 14:39:14 +04:00
{
return - 2 ;
}
2016-03-02 01:31:31 +03:00
return groups . del ( group_id ) ;
2013-08-23 14:39:14 +04:00
}
2016-08-31 19:24:15 +03:00
/**
* Check if user is in this group
* @ param gid id of group
*/
bool is_in_group ( int _group_id ) const
{
return groups . contains ( _group_id ) ;
}
2019-09-09 14:13:52 +03:00
/**
* @ return the operation level ( admin , manage or use ) associated to the
* given action for this group
*/
AuthRequest : : Operation get_vm_auth_op ( VMActions : : Action action ) const
{
return vm_actions . get_auth_op ( action ) ;
}
2014-01-22 21:54:48 +04:00
// *************************************************************************
// Quotas
// *************************************************************************
2014-09-07 00:22:40 +04:00
/**
* Object quotas , provides set and check interface
*/
UserQuotas quota ;
2014-01-22 21:54:48 +04:00
/**
* Writes / updates the User quotas fields in the database .
* @ param db pointer to the db
* @ return 0 on success
*/
int update_quotas ( SqlDB * db )
{
2019-06-07 17:57:01 +03:00
return quota . update ( oid , db - > get_local_db ( ) ) ;
2019-09-09 14:13:52 +03:00
}
2014-01-22 21:54:48 +04:00
2014-09-07 00:22:40 +04:00
// *************************************************************************
2016-08-31 15:52:33 +03:00
// Login tokens
2014-09-07 00:22:40 +04:00
// *************************************************************************
/**
* The login token object , provides the set & reset interface for the token
*/
2016-08-31 15:52:33 +03:00
LoginTokenPool login_tokens ;
2014-09-07 00:22:40 +04:00
2009-07-09 18:34:34 +04:00
private :
// -------------------------------------------------------------------------
// Friends
// -------------------------------------------------------------------------
2010-04-05 02:07:31 +04:00
friend class UserPool ;
2020-09-10 10:08:29 +03:00
friend class PoolSQL ;
2009-07-09 18:34:34 +04:00
// -------------------------------------------------------------------------
// User Attributes
// -------------------------------------------------------------------------
/**
* User ' s password
*/
2020-07-02 23:42:10 +03:00
std : : string password ;
2009-07-09 18:34:34 +04:00
2011-10-11 21:15:13 +04:00
/**
* Authentication driver for this user
*/
2020-07-02 23:42:10 +03:00
std : : string auth_driver ;
2011-10-11 21:15:13 +04:00
2009-07-09 18:34:34 +04:00
/**
* Flag marking user enabled / disabled
*/
bool enabled ;
2010-04-05 02:07:31 +04:00
2016-03-02 01:31:31 +03:00
/**
* Collection og group ids for this user
*/
ObjectCollection groups ;
2019-09-09 14:13:52 +03:00
/**
* List of VM actions and rights for this user
*/
VMActions vm_actions ;
2011-10-20 13:55:44 +04:00
// *************************************************************************
2016-08-31 15:52:33 +03:00
// Authentication session used to cache authentication calls
2011-10-20 13:55:44 +04:00
// *************************************************************************
2017-10-19 17:41:42 +03:00
SessionToken * session ;
2011-10-20 13:55:44 +04:00
2009-07-09 18:34:34 +04:00
// *************************************************************************
// DataBase implementation (Private)
// *************************************************************************
2010-04-26 20:14:00 +04:00
/**
* Execute an INSERT or REPLACE Sql query .
* @ param db The SQL DB
* @ param replace Execute an INSERT or a REPLACE
2011-12-19 20:07:32 +04:00
* @ param error_str Returns the error reason , if any
2010-04-26 20:14:00 +04:00
* @ return 0 one success
*/
2020-07-02 23:42:10 +03:00
int insert_replace ( SqlDB * db , bool replace , std : : string & error_str ) ;
2010-04-26 20:14:00 +04:00
2009-07-09 18:34:34 +04:00
/**
* Bootstraps the database table ( s ) associated to the User
2011-10-10 17:14:46 +04:00
* @ return 0 on success
2009-07-09 18:34:34 +04:00
*/
2011-10-10 17:14:46 +04:00
static int bootstrap ( SqlDB * db )
2010-04-05 02:07:31 +04:00
{
2020-07-02 23:42:10 +03:00
std : : ostringstream oss_user ( one_db : : user_db_bootstrap ) ;
2010-04-05 02:07:31 +04:00
2017-04-21 20:16:45 +03:00
return db - > exec_local_wr ( oss_user ) ;
2019-09-09 14:13:52 +03:00
}
2009-07-09 18:34:34 +04:00
2020-09-10 10:08:29 +03:00
protected :
2014-01-15 19:27:50 +04:00
/**
* Reads the User ( identified with its OID ) from the database .
* @ param db pointer to the db
* @ return 0 on success
*/
2019-09-03 17:31:51 +03:00
int select ( SqlDB * db ) override ;
2014-01-15 19:27:50 +04:00
/**
* Reads the User ( identified with its OID ) from the database .
* @ param db pointer to the db
* @ param name of the user
* @ param uid of the owner
*
* @ return 0 on success
*/
2020-07-02 23:42:10 +03:00
int select ( SqlDB * db , const std : : string & name , int uid ) override ;
2014-01-15 19:27:50 +04:00
/**
* Drops the user from the database
* @ param db pointer to the db
* @ return 0 on success
*/
2019-09-03 17:31:51 +03:00
int drop ( SqlDB * db ) override ;
2014-01-15 19:27:50 +04:00
2011-03-04 19:04:28 +03:00
/**
* Rebuilds the object from an xml formatted string
* @ param xml_str The xml - formatted string
*
* @ return 0 on success , - 1 otherwise
*/
2020-07-02 23:42:10 +03:00
int from_xml ( const std : : string & xml_str ) override ;
2011-03-04 19:04:28 +03:00
2013-02-28 17:53:34 +04:00
/**
* Function to print the User object into a string in
* XML format
* @ param xml the resulting XML string
* @ param extended If true , default quotas are included
* @ return a reference to the generated string
*/
2020-07-02 23:42:10 +03:00
std : : string & to_xml_extended ( std : : string & xml , bool extended ) const ;
2011-06-03 18:58:42 +04:00
2009-07-09 18:34:34 +04:00
protected :
2010-04-05 02:07:31 +04:00
2009-07-09 18:34:34 +04:00
// *************************************************************************
// Constructor
// *************************************************************************
2020-07-02 23:42:10 +03:00
User ( int id ,
int _gid ,
const std : : string & _uname ,
const std : : string & _gname ,
const std : : string & _password ,
const std : : string & _auth_driver ,
bool _enabled ) :
2020-06-29 13:14:00 +03:00
PoolObjectSQL ( id , USER , _uname , - 1 , _gid , " " , _gname , one_db : : user_table ) ,
2014-01-15 19:27:50 +04:00
quota ( ) ,
2011-06-30 13:31:00 +04:00
password ( _password ) ,
2011-10-11 21:15:13 +04:00
auth_driver ( _auth_driver ) ,
2016-03-02 01:31:31 +03:00
enabled ( _enabled ) ,
2017-10-20 15:17:55 +03:00
groups ( " GROUPS " ) ,
session ( 0 )
2011-10-11 02:20:50 +04:00
{
2020-09-15 12:16:00 +03:00
obj_template = std : : make_unique < UserTemplate > ( ) ;
2019-09-09 14:13:52 +03:00
}
2009-07-09 18:34:34 +04:00
// *************************************************************************
// DataBase implementation
// *************************************************************************
2010-04-05 02:07:31 +04:00
2009-07-09 18:34:34 +04:00
/**
* Writes the User in the database .
* @ param db pointer to the db
* @ return 0 on success
*/
2020-07-02 23:42:10 +03:00
int insert ( SqlDB * db , std : : string & error_str ) override ;
2009-07-09 18:34:34 +04:00
/**
2014-01-22 21:54:48 +04:00
* Writes / updates the User data fields in the database . This method does
* not update the user ' s quotas
2009-07-09 18:34:34 +04:00
* @ param db pointer to the db
* @ return 0 on success
*/
2019-09-03 17:31:51 +03:00
int update ( SqlDB * db ) override
2014-01-22 21:54:48 +04:00
{
2020-07-02 23:42:10 +03:00
std : : string error_str ;
2014-01-22 21:54:48 +04:00
return insert_replace ( db , true , error_str ) ;
2019-09-09 14:13:52 +03:00
}
2020-03-26 21:21:16 +03:00
/* Checks the validity of template attributes
* @ param error string describing the error if any
* @ return 0 on success
*/
2020-07-02 23:42:10 +03:00
int post_update_template ( std : : string & error ) override ;
2009-07-09 18:34:34 +04:00
} ;
2012-01-03 01:14:43 +04:00
# endif /*USER_H_*/