2010-05-28 00:27:29 +02:00
/* -------------------------------------------------------------------------- */
2018-01-02 18:27:37 +01:00
/* Copyright 2002-2018, OpenNebula Project, OpenNebula Systems */
2010-05-28 00:27:29 +02:00
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
# ifndef AUTH_MANAGER_H_
# define AUTH_MANAGER_H_
2010-07-06 12:35:47 +02:00
# include <time.h>
2010-05-28 00:27:29 +02:00
# include "MadManager.h"
2017-02-03 14:19:15 +01:00
# include "NebulaLog.h"
2010-05-28 00:27:29 +02:00
# include "ActionManager.h"
# include "AuthManagerDriver.h"
2012-01-03 02:58:23 +01:00
# include "PoolObjectSQL.h"
2010-05-28 00:27:29 +02:00
using namespace std ;
2012-01-02 19:21:54 +01:00
//Forward definitions
2010-07-06 12:35:47 +02:00
class AuthRequest ;
2012-01-02 21:17:20 +01:00
class PoolObjectAuth ;
2010-05-28 00:27:29 +02:00
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
2017-02-03 14:19:15 +01:00
class AMAction : public ActionRequest
{
public :
enum Actions
{
AUTHENTICATE ,
AUTHORIZE
} ;
AMAction ( Actions a , AuthRequest * r ) : ActionRequest ( ActionRequest : : USER ) ,
_action ( a ) , _request ( r ) { } ;
2017-02-08 12:24:42 +01:00
AMAction ( const AMAction & o ) : ActionRequest ( o . _type ) , _action ( o . _action ) ,
_request ( o . _request ) { } ;
2017-02-03 14:19:15 +01:00
Actions action ( ) const
{
return _action ;
}
AuthRequest * request ( ) const
{
return _request ;
}
2017-02-08 12:24:42 +01:00
ActionRequest * clone ( ) const
{
return new AMAction ( * this ) ;
}
2017-02-03 14:19:15 +01:00
private :
Actions _action ;
AuthRequest * _request ;
} ;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
2010-05-28 00:27:29 +02:00
extern " C " void * authm_action_loop ( void * arg ) ;
class AuthManager : public MadManager , public ActionListener
{
public :
AuthManager (
2012-05-31 18:38:14 +02:00
time_t timer ,
2016-02-04 13:10:42 +01:00
vector < const VectorAttribute * > & _mads ) :
2010-07-06 12:35:47 +02:00
MadManager ( _mads ) , timer_period ( timer )
2010-05-28 00:27:29 +02:00
{
am . addListener ( this ) ;
} ;
~ AuthManager ( ) { } ;
/**
* Triggers specific actions to the Auth Manager . This function
* wraps the ActionManager trigger function .
* @ param action the Auth Manager action
* @ param request an auth request
*/
2017-02-03 14:19:15 +01:00
void trigger ( AMAction : : Actions action , AuthRequest * request )
{
AMAction auth_ar ( action , request ) ;
am . trigger ( auth_ar ) ;
}
2010-05-28 00:27:29 +02:00
/**
* This functions starts the associated listener thread , and creates a
2010-05-29 03:42:30 +02:00
* new thread for the AuthManager . This thread will wait in
2010-05-28 00:27:29 +02:00
* an action loop till it receives ACTION_FINALIZE .
* @ return 0 on success .
*/
int start ( ) ;
2018-03-17 23:31:52 +01:00
/**
*
*/
void finalize ( )
{
am . finalize ( ) ;
} ;
2010-05-28 00:27:29 +02:00
/**
* Loads Virtual Machine Manager Mads defined in configuration file
* @ param uid of the user executing the driver . When uid is 0 the nebula
* identity will be used . Otherwise the Mad will be loaded through the
* sudo application .
*/
2013-10-25 15:16:44 +02:00
int load_mads ( int uid ) ;
2010-05-28 00:27:29 +02:00
/**
* Gets the thread identification .
* @ return pthread_t for the manager thread ( that in the action loop ) .
*/
pthread_t get_thread_id ( ) const
{
return authm_thread ;
} ;
2012-04-11 17:58:57 +02:00
/**
* Returns true if there is an authorization driver enabled
*
* @ return true if there is an authorization driver enabled
*/
bool is_authz_enabled ( )
{
return authz_enabled ;
} ;
2010-05-28 00:27:29 +02:00
private :
/**
* Thread id for the Transfer Manager
*/
pthread_t authm_thread ;
/**
* Action engine for the Manager
*/
2010-07-06 12:35:47 +02:00
ActionManager am ;
2010-05-28 00:27:29 +02:00
2010-07-06 12:35:47 +02:00
/**
* Timer for the Manager ( periocally triggers timer action )
*/
2010-07-08 15:45:00 +02:00
time_t timer_period ;
2010-05-28 00:27:29 +02:00
2010-07-08 18:50:32 +02:00
/**
* Generic name for the Auth driver
*/
2012-04-11 17:58:57 +02:00
static const char * auth_driver_name ;
/**
* True if there is an authorization driver enabled
*/
bool authz_enabled ;
2010-07-08 18:50:32 +02:00
2010-05-28 00:27:29 +02:00
/**
* Returns a pointer to a Auth Manager driver .
* @ param name of an attribute of the driver ( e . g . its type )
* @ param value of the attribute
* @ return the Auth driver with attribute name equal to value
* or 0 in not found
*/
const AuthManagerDriver * get (
const string & name ,
const string & value )
{
return static_cast < const AuthManagerDriver * >
( MadManager : : get ( 0 , name , value ) ) ;
} ;
/**
* Returns a pointer to a Auth Manager driver . The driver is
* searched by its name .
* @ param name the name of the driver
* @ return the TM driver owned by uid with attribute name equal to value
* or 0 in not found
*/
2010-07-08 18:50:32 +02:00
const AuthManagerDriver * get ( )
2010-05-28 00:27:29 +02:00
{
2010-07-08 18:50:32 +02:00
string name ( " NAME " ) ;
2010-05-28 00:27:29 +02:00
return static_cast < const AuthManagerDriver * >
2010-07-08 18:50:32 +02:00
( MadManager : : get ( 0 , name , auth_driver_name ) ) ;
2010-05-28 00:27:29 +02:00
} ;
/**
* This function authenticates a user
*/
void authenticate_action ( AuthRequest * ar ) ;
/**
* This function authorizes a user request
*/
void authorize_action ( AuthRequest * ar ) ;
2017-02-03 14:19:15 +01:00
/**
* Function to execute the Manager action loop method within a new pthread
* ( requires C linkage )
*/
friend void * authm_action_loop ( void * arg ) ;
// -------------------------------------------------------------------------
// Action Listener interface
// -------------------------------------------------------------------------
void timer_action ( const ActionRequest & ar )
{
check_time_outs_action ( ) ;
} ;
void finalize_action ( const ActionRequest & ar )
{
NebulaLog : : log ( " AuM " , Log : : INFO , " Stopping Authorization Manager... " ) ;
MadManager : : stop ( ) ;
} ;
void user_action ( const ActionRequest & ar ) ;
2010-05-28 00:27:29 +02:00
} ;
# endif /*AUTH_MANAGER_H*/