2009-07-09 18:34:34 +04:00
/* -------------------------------------------------------------------------- */
2012-01-12 15:29:18 +04:00
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) */
2009-07-09 18:34:34 +04:00
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
# ifndef USER_POOL_H_
# define USER_POOL_H_
# include "PoolSQL.h"
# include "User.h"
Feature #407: Add 'GID' attribute to some pool objects; change *pool.info XML-RPC flag meaning; update onedb migrator; fix tests.
* VM, VMTEMPLATE, VNET & IMAGE objects have a GID attribute, and a table column. The group id is inherited from the user creating the object, except for VMs created from Templates, that inherit the Template's group.
* The new flag meaning has been modified in src/rm sources and CLI commands for one.(vm,template,vnet,image)pool.info . It changes from
-2 all, -1 mine & public, >=0 UID
to
-3 mine, -2 all, -1 mine & group
* USER has a group, but not secondary ones. The user_pool table doesn't have a GID column, we'll deal with it later when the group-users relations are implemented.
* onedb migrator 1.rb: deleted USERNAME, and GID added.
2011-05-16 19:00:27 +04:00
# include "GroupPool.h"
2009-07-09 18:34:34 +04:00
# include <time.h>
# include <sstream>
# include <iostream>
# include <vector>
using namespace std ;
2010-07-08 21:45:00 +04:00
class AuthRequest ; //Forward definition of AuthRequest
2009-07-09 18:34:34 +04:00
/**
* The User Pool class . . . .
*/
class UserPool : public PoolSQL
{
public :
2011-10-20 14:53:36 +04:00
UserPool ( SqlDB * db ,
time_t __session_expiration_time ) ;
2009-07-09 18:34:34 +04:00
~ UserPool ( ) { } ;
/**
* Function to allocate a new User object
* @ param oid the id assigned to the User
2010-04-28 20:37:45 +04:00
* @ return the oid assigned to the object or - 1 in case of failure
2009-07-09 18:34:34 +04:00
*/
int allocate (
2010-08-05 21:28:28 +04:00
int * oid ,
2011-05-23 00:30:36 +04:00
int gid ,
2011-06-30 13:31:00 +04:00
const string & uname ,
const string & gname ,
const string & password ,
2011-10-11 21:15:13 +04:00
const string & auth ,
2010-08-05 21:28:28 +04:00
bool enabled ,
string & error_str ) ;
2009-07-09 18:34:34 +04:00
/**
* Function to get a User from the pool , if the object is not in memory
* it is loaded from the DB
* @ param oid User unique id
* @ param lock locks the User mutex
2011-03-14 21:06:39 +03:00
* @ return a pointer to the User , 0 if the User could not be loaded
2009-07-09 18:34:34 +04:00
*/
2011-03-09 14:47:49 +03:00
User * get ( int oid , bool lock )
2009-07-09 18:34:34 +04:00
{
2011-03-09 14:47:49 +03:00
return static_cast < User * > ( PoolSQL : : get ( oid , lock ) ) ;
2011-03-14 21:06:39 +03:00
} ;
2009-07-09 18:34:34 +04:00
/**
* Function to get a User from the pool , if the object is not in memory
* it is loaded from the DB
* @ param username
* @ param lock locks the User mutex
* @ return a pointer to the User , 0 if the User could not be loaded
*/
2011-03-09 14:47:49 +03:00
User * get ( string name , bool lock )
2009-07-09 18:34:34 +04:00
{
2011-03-09 14:47:49 +03:00
return static_cast < User * > ( PoolSQL : : get ( name , - 1 , lock ) ) ;
2011-03-14 21:06:39 +03:00
} ;
2009-07-09 18:34:34 +04:00
2010-04-05 02:07:31 +04:00
/** Update a particular User
2009-07-09 18:34:34 +04:00
* @ param user pointer to User
* @ return 0 on success
*/
int update ( User * user )
{
2010-04-05 02:07:31 +04:00
return user - > update ( db ) ;
2009-07-09 18:34:34 +04:00
} ;
2010-04-05 02:07:31 +04:00
2009-07-09 18:34:34 +04:00
/**
* Bootstraps the database table ( s ) associated to the User pool
2011-10-10 17:14:46 +04:00
* @ return 0 on success
2009-07-09 18:34:34 +04:00
*/
2011-10-10 17:14:46 +04:00
static int bootstrap ( SqlDB * _db )
2009-07-09 18:34:34 +04:00
{
2011-10-10 17:14:46 +04:00
return User : : bootstrap ( _db ) ;
2009-07-09 18:34:34 +04:00
} ;
2010-04-05 02:07:31 +04:00
2011-05-24 17:15:23 +04:00
/**
* Returns whether there is a user with given username / password or not
* @ param session , colon separated username and password string
* @ param uid of the user if authN succeeded - 1 otherwise
* @ param gid of the user if authN succeeded - 1 otherwise
2011-06-30 13:31:00 +04:00
* @ param uname of the user if authN succeeded " " otherwise
* @ param gname of the group if authN succeeded " " otherwise
2011-07-07 21:01:04 +04:00
*
2011-05-24 17:15:23 +04:00
* @ return false if authn failed , true otherwise
*/
2011-06-30 13:31:00 +04:00
bool authenticate ( const string & session ,
int & uid ,
int & gid ,
string & uname ,
2011-07-07 21:01:04 +04:00
string & gname ) ;
2010-07-08 21:45:00 +04:00
/**
* Returns whether there is a user with given username / password or not
* @ param ar , an Authorization Request
* @ return - 1 if authz failed , 0 otherwise
*/
2010-07-09 14:10:05 +04:00
static int authorize ( AuthRequest & ar ) ;
2010-07-08 21:45:00 +04:00
2009-07-09 18:34:34 +04:00
/**
* Dumps the User pool in XML format . A filter can be also added to the
* query
* @ param oss the output stream to dump the pool contents
* @ param where filter for the objects , defaults to all
*
* @ return 0 on success
*/
2011-03-09 15:23:01 +03:00
int dump ( ostringstream & oss , const string & where )
{
return PoolSQL : : dump ( oss , " USER_POOL " , User : : table , where ) ;
2011-03-14 21:06:39 +03:00
} ;
2009-07-09 18:34:34 +04:00
2011-10-11 21:15:13 +04:00
/**
* Name for the OpenNebula core authentication process
*/
static const char * CORE_AUTH ;
2011-10-21 03:17:46 +04:00
/**
* Name for the OpenNebula server ( delegated ) authentication process
*/
static const char * SERVER_AUTH ;
/**
* Name for the OpenNebula public authentication process . It only
* allows delegated
*/
static const char * PUBLIC_AUTH ;
/**
* Name for the default auth driver to be used for not registered users
*/
static const char * DEFAULT_AUTH ;
2011-10-25 20:48:24 +04:00
/**
* Name for the default Sunstone server user
*/
static const char * SERVER_NAME ;
2011-10-21 03:17:46 +04:00
2009-07-09 18:34:34 +04:00
private :
2011-10-20 14:53:36 +04:00
//--------------------------------------------------------------------------
// Configuration Attributes for Users
// -------------------------------------------------------------------------
/**
* Authentication session expiration time
* */
static time_t _session_expiration_time ;
2011-10-21 03:17:46 +04:00
/**
* Function to authenticate internal ( known ) users
*/
2011-10-21 12:15:26 +04:00
bool authenticate_internal ( User * user ,
2011-10-21 03:17:46 +04:00
const string & token ,
2011-10-21 12:15:26 +04:00
int & user_id ,
int & group_id ,
string & uname ,
string & gname ) ;
2011-10-24 20:04:00 +04:00
/**
* Function to authenticate internal users using a server driver
*/
bool authenticate_server ( User * user ,
const string & token ,
int & user_id ,
int & group_id ,
string & uname ,
string & gname ) ;
2011-10-21 03:17:46 +04:00
/**
* Function to authenticate external ( not known ) users
*/
bool authenticate_external ( const string & username ,
const string & token ,
int & user_id ,
int & group_id ,
string & uname ,
string & gname ) ;
2009-07-09 18:34:34 +04:00
/**
* Factory method to produce User objects
* @ return a pointer to the new User
*/
PoolObjectSQL * create ( )
{
2011-10-11 21:15:13 +04:00
return new User ( - 1 , - 1 , " " , " " , " " , UserPool : : CORE_AUTH , true ) ;
2009-07-09 18:34:34 +04:00
} ;
2011-10-21 03:17:46 +04:00
2009-07-09 18:34:34 +04:00
} ;
2010-09-02 22:44:14 +04:00
# endif /*USER_POOL_H_*/