Inicio Explorar Axuda
Iniciar sesión
RONCC
/
Big-Data-HPC-Platform
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 1c40c407af
Ramas Etiquetas
Big-Data-HPC...
/
system
/
security
/
shared
/
seclib.hpp

seclib.hpp 13 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372 
  1. /*##############################################################################
    2. 

  2. 

  3.     Copyright (C) 2011 HPCC Systems.
    4. 

  4. 

  5.     All rights reserved. This program is free software: you can redistribute it and/or modify
    6. 

  6.     it under the terms of the GNU Affero General Public License as
    7. 

  7.     published by the Free Software Foundation, either version 3 of the
    8. 

  8.     License, or (at your option) any later version.
    9. 

  9. 

  10.     This program is distributed in the hope that it will be useful,
    11. 

  11.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13.     GNU Affero General Public License for more details.
    14. 

  14. 

  15.     You should have received a copy of the GNU Affero General Public License
    16. 

  16.     along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. ############################################################################## */
    18. 

  18. 

  19. #ifndef _SECLIB_HPP__
    20. 

  20. #define _SECLIB_HPP__
    21. 

  21. 

  22. #include "jlib.hpp"
    23. 

  23. #include "jtime.hpp"
    24. 

  24. #include "jexcept.hpp"
    25. 

  25. 

  26. #ifndef SECLIB_API
    27. 

  27. #ifdef _WIN32
    28. 

  28.     #ifndef SECLIB_EXPORTS
    29. 

  29.         #define SECLIB_API __declspec(dllimport)
    30. 

  30.     #else
    31. 

  31.         #define SECLIB_API __declspec(dllexport)
    32. 

  32.     #endif //SECLIB_EXPORTS
    33. 

  33. #else
    34. 

  34.     #define SECLIB_API
    35. 

  35. #endif //_WIN32
    36. 

  36. #endif 
    37. 

  37. 

  38. #ifdef _WIN32
    39. 

  39. #define SECLIB "seclib.dll"
    40. 

  40. #define LDAPSECLIB "LdapSecurity.dll"
    41. 

  41. #else
    42. 

  42. #define SECLIB "libseclib.so"
    43. 

  43. #define LDAPSECLIB "libLdapSecurity.so"
    44. 

  44. #endif
    45. 

  45. 

  46. enum NewSecAccessFlags
    47. 

  47. {
    48. 

  48.     NewSecAccess_None = 0,
    49. 

  49.     NewSecAccess_Access = 1,
    50. 

  50.     NewSecAccess_Read = 2,
    51. 

  51.     NewSecAccess_Write = 4,
    52. 

  52.     NewSecAccess_Full = 255
    53. 

  53. };
    54. 

  54. 

  55. 

  56. 

  57. enum SecAccessFlags
    58. 

  58. {
    59. 

  59.     SecAccess_Unknown = -255,
    60. 

  60.     SecAccess_None = 0,
    61. 

  61.     SecAccess_Access = 1,
    62. 

  62.     SecAccess_Read = 3,
    63. 

  63.     SecAccess_Write = 7,
    64. 

  64.     SecAccess_Full = 255
    65. 

  65. };
    66. 

  66. 

  67. 

  68. 

  69. enum SecResourceType
    70. 

  70. {
    71. 

  71.     RT_DEFAULT = 0,
    72. 

  72.     RT_MODULE = 1,
    73. 

  73.     RT_SERVICE = 2,
    74. 

  74.     RT_FILE_SCOPE = 3,
    75. 

  75.     RT_WORKUNIT_SCOPE = 4,
    76. 

  76.     RT_SUDOERS = 5,
    77. 

  77.     RT_TRIAL = 6,
    78. 

  78.     RT_SCOPE_MAX = 7
    79. 

  79. };
    80. 

  80. 

  81. 

  82. 

  83. const char* resTypeDesc(SecResourceType type);
    84. 

  84. 

  85. enum SecPermissionType
    86. 

  86. {
    87. 

  87.     PT_DEFAULT = 0,
    88. 

  88.     PT_ADMINISTRATORS_ONLY = 1
    89. 

  89. };
    90. 

  90. 

  91. 

  92. 

  93. #define DEFAULT_REQUIRED_ACCESS SecAccess_Read
    94. 

  94. 

  95. enum SecPasswordEncoding
    96. 

  96. {
    97. 

  97.     SecPwEnc_unknown = 0,
    98. 

  98.     SecPwEnc_plain_text = 1,
    99. 

  99.     SecPwEnc_salt_sha1 = 2,
    100. 

  100.     SecPwEnc_salt_md5 = 3,
    101. 

  101.     SecPwEnc_Rijndael = 4,
    102. 

  102.     SecPwEnc_salt_accurint_md5 = 5
    103. 

  103. };
    104. 

  104. 

  105. 

  106.  
    107. 

  107. enum SecUserStatus
    108. 

  108. {
    109. 

  109.     SecUserStatus_Inhouse = 0,
    110. 

  110.     SecUserStatus_Active = 1,
    111. 

  111.     SecUserStatus_Exempt = 2,
    112. 

  112.     SecUserStatus_FreeTrial = 3,
    113. 

  113.     SecUserStatus_csdemo = 4,
    114. 

  114.     SecUserStatus_Rollover = 5,
    115. 

  115.     SecUserStatus_Suspended = 6,
    116. 

  116.     SecUserStatus_Terminated = 7,
    117. 

  117.     SecUserStatus_TrialExpired = 8,
    118. 

  118.     SecUserStatus_Status_Hold = 9,
    119. 

  119.     SecUserStatus_Unknown = 10
    120. 

  120. };
    121. 

  121. 

  122. 

  123. 

  124. interface ISecCredentials : extends IInterface
    125. 

  125. {
    126. 

  126.     virtual bool setPassword(const char * pw) = 0;
    127. 

  127.     virtual const char * getPassword() = 0;
    128. 

  128.     virtual bool addToken(unsigned type, void * data, unsigned length) = 0;
    129. 

  129.     virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
    130. 

  130.     virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
    131. 

  131.     virtual int getPasswordDaysRemaining() = 0;
    132. 

  132. };
    133. 

  133. 

  134. 

  135. class CDateTime;
    136. 

  136. interface ISecUser : extends IInterface
    137. 

  137. {
    138. 

  138.     virtual const char * getName() = 0;
    139. 

  139.     virtual bool setName(const char * name) = 0;
    140. 

  140.     virtual const char * getFullName() = 0;
    141. 

  141.     virtual bool setFullName(const char * name) = 0;
    142. 

  142.     virtual const char * getFirstName() = 0;
    143. 

  143.     virtual bool setFirstName(const char * fname) = 0;
    144. 

  144.     virtual const char * getLastName() = 0;
    145. 

  145.     virtual bool setLastName(const char * lname) = 0;
    146. 

  146.     virtual const char * getRealm() = 0;
    147. 

  147.     virtual bool setRealm(const char * realm) = 0;
    148. 

  148.     virtual const char * getFqdn() = 0;
    149. 

  149.     virtual bool setFqdn(const char * Fqdn) = 0;
    150. 

  150.     virtual const char * getPeer() = 0;
    151. 

  151.     virtual bool setPeer(const char * Peer) = 0;
    152. 

  152.     virtual SecUserStatus getStatus() = 0;
    153. 

  153.     virtual bool setStatus(SecUserStatus Status) = 0;
    154. 

  154.     virtual bool isAuthenticated() = 0;
    155. 

  155.     virtual void setAuthenticated(bool authenticated) = 0;
    156. 

  156.     virtual ISecCredentials & credentials() = 0;
    157. 

  157.     virtual unsigned getUserID() = 0;
    158. 

  158.     virtual void copyTo(ISecUser & destination) = 0;
    159. 

  159.     virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
    160. 

  160.     virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
    161. 

  161.     virtual int getPasswordDaysRemaining() = 0;
    162. 

  162.     virtual void setProperty(const char * name, const char * value) = 0;
    163. 

  163.     virtual const char * getProperty(const char * name) = 0;
    164. 

  164.     virtual void setPropertyInt(const char * name, int value) = 0;
    165. 

  165.     virtual int getPropertyInt(const char * name) = 0;
    166. 

  166.     virtual ISecUser * clone() = 0;
    167. 

  167. };
    168. 

  168. 

  169. 

  170. interface ISecAuthenticEvents : extends IInterface
    171. 

  171. {
    172. 

  172.     virtual bool onAuthenticationSuccess(ISecUser & User) = 0;
    173. 

  173.     virtual bool onAuthenticationFailure(ISecUser & User, unsigned reason, const char * description) = 0;
    174. 

  174.     virtual bool onRealmRequired(ISecUser & User) = 0;
    175. 

  175.     virtual bool onPasswordRequired(ISecUser & User, void * salt, unsigned salt_len) = 0;
    176. 

  176.     virtual bool onTokenRequired(ISecUser & User, unsigned type, void * salt, unsigned salt_len) = 0;
    177. 

  177. };
    178. 

  178. 

  179. 

  180. 

  181. 

  182. interface ISecProperty : extends IInterface
    183. 

  183. {
    184. 

  184.     virtual const char * getName() = 0;
    185. 

  185.     virtual const char * getValue() = 0;
    186. 

  186. };
    187. 

  187. 

  188. 

  189. 

  190. 

  191. 

  192. interface ISecResource : extends ISecProperty
    193. 

  193. {
    194. 

  194.     virtual void setAccessFlags(int flags) = 0;
    195. 

  195.     virtual int getAccessFlags() = 0;
    196. 

  196.     virtual void setRequiredAccessFlags(int flags) = 0;
    197. 

  197.     virtual int getRequiredAccessFlags() = 0;
    198. 

  198.     virtual int addParameter(const char * name, const char * value) = 0;
    199. 

  199.     virtual const char * getParameter(const char * name) = 0;
    200. 

  200.     virtual void setDescription(const char * description) = 0;
    201. 

  201.     virtual const char * getDescription() = 0;
    202. 

  202.     virtual ISecResource * clone() = 0;
    203. 

  203.     virtual void copy(ISecResource * from) = 0;
    204. 

  204.     virtual SecResourceType getResourceType() = 0;
    205. 

  205.     virtual void setResourceType(SecResourceType resourcetype) = 0;
    206. 

  206.     virtual StringBuffer & toString(StringBuffer & s) = 0;
    207. 

  207. };
    208. 

  208. 

  209. 

  210. interface ISecPropertyIterator : extends IIteratorOf<ISecProperty>
    211. 

  211. {
    212. 

  212. };
    213. 

  213. 

  214. interface ISecPropertyList : extends IInterface
    215. 

  215. {
    216. 

  216.     virtual ISecPropertyIterator * getPropertyItr() = 0;
    217. 

  217.     virtual ISecProperty * findProperty(const char * name) = 0;
    218. 

  218. };
    219. 

  219. 

  220. 

  221. interface ISecResourceList : extends ISecPropertyList
    222. 

  222. {
    223. 

  223.     virtual bool isAuthorizationComplete() = 0;
    224. 

  224.     virtual ISecResourceList * clone() = 0;
    225. 

  225.     virtual bool copyTo(ISecResourceList & destination) = 0;
    226. 

  226.     virtual void clear() = 0;
    227. 

  227.     virtual ISecResource * addResource(const char * name) = 0;
    228. 

  228.     virtual void addResource(ISecResource * resource) = 0;
    229. 

  229.     virtual bool addCustomResource(const char * name, const char * config) = 0;
    230. 

  230.     virtual ISecResource * getResource(const char * feature) = 0;
    231. 

  231.     virtual ISecResource * queryResource(unsigned seq) = 0;
    232. 

  232.     virtual int count() = 0;
    233. 

  233.     virtual const char * getName() = 0;
    234. 

  234.     virtual StringBuffer & toString(StringBuffer & s) = 0;
    235. 

  235. };
    236. 

  236. 

  237. 

  238. typedef IArrayOf<ISecUser> IUserArray;
    239. 

  239. typedef IArrayOf<ISecResource> IResourceArray;
    240. 

  240. typedef IArrayOf<ISecProperty> IPropertyArray;
    241. 

  241. 

  242. interface ISecUserIterator : extends IIteratorOf<ISecUser>
    243. 

  243. {
    244. 

  244. };
    245. 

  245. 

  246. interface IAuthMap : extends IInterface
    247. 

  247. {
    248. 

  248.     virtual int add(const char * path, ISecResourceList * resourceList) = 0;
    249. 

  249.     virtual bool shouldAuth(const char * path) = 0;
    250. 

  250.     virtual ISecResourceList * queryResourceList(const char * path) = 0;
    251. 

  251.     virtual ISecResourceList * getResourceList(const char * path) = 0;
    252. 

  252. };
    253. 

  253. 

  254. interface ISecManager : extends IInterface
    255. 

  255. {
    256. 

  256.     virtual ISecUser * createUser(const char * user_name) = 0;
    257. 

  257.     virtual ISecResourceList * createResourceList(const char * rlname) = 0;
    258. 

  258.     virtual bool subscribe(ISecAuthenticEvents & events) = 0;
    259. 

  259.     virtual bool unsubscribe(ISecAuthenticEvents & events) = 0;
    260. 

  260.     virtual bool authorize(ISecUser & user, ISecResourceList * resources) = 0;
    261. 

  261.     virtual bool authorizeEx(SecResourceType rtype, ISecUser & user, ISecResourceList * resources) = 0;
    262. 

  262.     virtual int authorizeEx(SecResourceType rtype, ISecUser & user, const char * resourcename) = 0;
    263. 

  263.     virtual int getAccessFlagsEx(SecResourceType rtype, ISecUser & user, const char * resourcename) = 0;
    264. 

  264.     virtual int authorizeFileScope(ISecUser & user, const char * filescope) = 0;
    265. 

  265.     virtual bool authorizeFileScope(ISecUser & user, ISecResourceList * resources) = 0;
    266. 

  266.     virtual bool addResources(ISecUser & user, ISecResourceList * resources) = 0;
    267. 

  267.     virtual bool addResourcesEx(SecResourceType rtype, ISecUser & user, ISecResourceList * resources, SecPermissionType ptype, const char * basedn) = 0;
    268. 

  268.     virtual bool addResourceEx(SecResourceType rtype, ISecUser & user, const char * resourcename, SecPermissionType ptype, const char * basedn) = 0;
    269. 

  269.     virtual bool getResources(SecResourceType rtype, const char * basedn, IResourceArray & resources) = 0;
    270. 

  270.     virtual bool updateResources(ISecUser & user, ISecResourceList * resources) = 0;
    271. 

  271.     virtual bool updateSettings(ISecUser & user, ISecPropertyList * resources) = 0;
    272. 

  272.     virtual bool addUser(ISecUser & user) = 0;
    273. 

  273.     virtual ISecUser * findUser(const char * username) = 0;
    274. 

  274.     virtual ISecUser * lookupUser(unsigned uid) = 0;
    275. 

  275.     virtual ISecUserIterator * getAllUsers() = 0;
    276. 

  276.     virtual void getAllGroups(StringArray & groups) = 0;
    277. 

  277.     virtual bool updateUser(ISecUser & user, const char * newPassword) = 0;
    278. 

  278.     virtual bool initUser(ISecUser & user) = 0;
    279. 

  279.     virtual void setExtraParam(const char * name, const char * value) = 0;
    280. 

  280.     virtual IAuthMap * createAuthMap(IPropertyTree * authconfig) = 0;
    281. 

  281.     virtual IAuthMap * createFeatureMap(IPropertyTree * authconfig) = 0;
    282. 

  282.     virtual IAuthMap * createSettingMap(IPropertyTree * authconfig) = 0;
    283. 

  283.     virtual void deleteResource(SecResourceType rtype, const char * name, const char * basedn) = 0;
    284. 

  284.     virtual void renameResource(SecResourceType rtype, const char * oldname, const char * newname, const char * basedn) = 0;
    285. 

  285.     virtual void copyResource(SecResourceType rtype, const char * oldname, const char * newname, const char * basedn) = 0;
    286. 

  286.     virtual void cacheSwitch(SecResourceType rtype, bool on) = 0;
    287. 

  287.     virtual bool authTypeRequired(SecResourceType rtype) = 0;
    288. 

  288.     virtual int authorizeWorkunitScope(ISecUser & user, const char * filescope) = 0;
    289. 

  289.     virtual bool authorizeWorkunitScope(ISecUser & user, ISecResourceList * resources) = 0;
    290. 

  290.     virtual const char * getDescription() = 0;
    291. 

  291. };
    292. 

  292. 

  293. interface IExtSecurityManager
    294. 

  294. {
    295. 

  295.     virtual bool getExtensionTag(ISecUser & user, const char * tagName, StringBuffer & value) = 0;
    296. 

  296. };
    297. 

  297. 

  298. interface IRestartHandler : extends IInterface
    299. 

  299. {
    300. 

  300.     virtual void Restart() = 0;
    301. 

  301. };
    302. 

  302. 

  303. interface IRestartManager : extends IInterface
    304. 

  304. {
    305. 

  305.     virtual void setRestartHandler(IRestartHandler * pRestartHandler) = 0;
    306. 

  306. };
    307. 

  307. 

  308. const char* const sec_CompanyName       = "sec_company_name";
    309. 

  309. const char* const sec_CompanyAddress    = "sec_company_address";
    310. 

  310. const char* const sec_CompanyCity       = "sec_company_city";
    311. 

  311. const char* const sec_CompanyState      = "sec_company_state";
    312. 

  312. const char* const sec_CompanyZip        = "sec_company_zip";
    313. 

  313. 

  314. typedef ISecManager* (*createSecManager_t)(const char *model_name, const char *serviceName, IPropertyTree &config);
    315. 

  315. typedef IAuthMap* (*createDefaultAuthMap_t)(IPropertyTree* config);
    316. 

  316. typedef ISecManager* (*newLdapSecManager_t)(const char *serviceName, IPropertyTree &config);
    317. 

  317. 

  318. extern "C" SECLIB_API ISecManager *createSecManager(const char *model_name, const char *serviceName, IPropertyTree &config);
    319. 

  319. extern "C" SECLIB_API IAuthMap *createDefaultAuthMap(IPropertyTree* config);
    320. 

  320. 

  321. class SecLibLoader
    322. 

  322. {
    323. 

  323. public:
    324. 

  324.     static ISecManager* loadSecManager(const char* model_name, const char* servicename, IPropertyTree* cfg)
    325. 

  325.     {
    326. 

  326.         if(model_name && stricmp(model_name, "LdapSecurity") == 0)
    327. 

  327.         {
    328. 

  328.             HINSTANCE ldapseclib = LoadSharedObject(LDAPSECLIB, true, false);
    329. 

  329.             if(ldapseclib == NULL)
    330. 

  330.                 throw MakeStringException(-1, "can't load library %s", LDAPSECLIB);
    331. 

  331.             
    332. 

  332.             newLdapSecManager_t xproc = NULL;
    333. 

  333.             xproc = (newLdapSecManager_t)GetSharedProcedure(ldapseclib, "newLdapSecManager");
    334. 

  334. 

  335.             if (xproc)
    336. 

  336.                 return xproc(servicename, *cfg);
    337. 

  337.             else
    338. 

  338.                 throw MakeStringException(-1, "procedure newLdapSecManager of %s can't be loaded", LDAPSECLIB);
    339. 

  339.         }
    340. 

  340.         else
    341. 

  341.         {
    342. 

  342.             HINSTANCE seclib = LoadSharedObject(SECLIB, true, false);       // ,false,true may actually be more helpful, could delete next two lines.
    343. 

  343.             if(seclib == NULL)
    344. 

  344.                 throw MakeStringException(-1, "can't load library %s", SECLIB);
    345. 

  345. 

  346.             createSecManager_t xproc = NULL;
    347. 

  347.             xproc = (createSecManager_t)GetSharedProcedure(seclib, "createSecManager");
    348. 

  348. 

  349.             if (xproc)
    350. 

  350.                 return xproc(model_name, servicename, *cfg);
    351. 

  351.             else
    352. 

  352.                 throw MakeStringException(-1, "procedure createSecManager of %s can't be loaded", SECLIB);
    353. 

  353.         }
    354. 

  354.     }   
    355. 

  355.     static IAuthMap* loadDefaultAuthMap(IPropertyTree* cfg)
    356. 

  356.     {
    357. 

  357.         HINSTANCE seclib = LoadSharedObject(SECLIB, true, false);       // ,false,true may actually be more helpful.
    358. 

  358.         if(seclib == NULL)
    359. 

  359.             throw MakeStringException(-1, "can't load library %s", SECLIB);
    360. 

  360. 

  361.         createDefaultAuthMap_t xproc = NULL;
    362. 

  362.         xproc = (createDefaultAuthMap_t)GetSharedProcedure(seclib, "createDefaultAuthMap");
    363. 

  363. 

  364.         if (xproc)
    365. 

  365.             return xproc(cfg);
    366. 

  366.         else
    367. 

  367.             throw MakeStringException(-1, "procedure createDefaultAuthMap of %s can't be loaded", SECLIB);
    368. 

  368.     }   
    369. 

  369. };
    370. 

  370. 

  371. #endif
    372. 

  372.