123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383 |
- /*##############################################################################
- HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ############################################################################## */
- #ifndef _SECLIB_HPP__
- #define _SECLIB_HPP__
- #include "jlib.hpp"
- #include "jtime.hpp"
- #include "jexcept.hpp"
- #ifndef SECLIB_API
- #ifdef _WIN32
- #ifndef SECLIB_EXPORTS
- #define SECLIB_API __declspec(dllimport)
- #else
- #define SECLIB_API __declspec(dllexport)
- #endif //SECLIB_EXPORTS
- #else
- #define SECLIB_API
- #endif //_WIN32
- #endif
- #ifdef _WIN32
- #define SECLIB "seclib.dll"
- #define LDAPSECLIB "LdapSecurity.dll"
- #else
- #define SECLIB "libseclib.so"
- #define LDAPSECLIB "libLdapSecurity.so"
- #endif
- enum NewSecAccessFlags
- {
- NewSecAccess_None = 0,
- NewSecAccess_Access = 1,
- NewSecAccess_Read = 2,
- NewSecAccess_Write = 4,
- NewSecAccess_Full = 255
- };
- enum SecAccessFlags
- {
- SecAccess_Unknown = -255,
- SecAccess_None = 0,
- SecAccess_Access = 1,
- SecAccess_Read = 3,
- SecAccess_Write = 7,
- SecAccess_Full = 255
- };
- enum SecResourceType
- {
- RT_DEFAULT = 0,
- RT_MODULE = 1,
- RT_SERVICE = 2,
- RT_FILE_SCOPE = 3,
- RT_WORKUNIT_SCOPE = 4,
- RT_SUDOERS = 5,
- RT_TRIAL = 6,
- RT_SCOPE_MAX = 7
- };
- const char* resTypeDesc(SecResourceType type);
- enum SecPermissionType
- {
- PT_DEFAULT = 0,
- PT_ADMINISTRATORS_ONLY = 1,
- PT_ADMINISTRATORS_AND_USER = 2 //excludes Authenticated users
- };
- #define DEFAULT_REQUIRED_ACCESS SecAccess_Read
- enum SecPasswordEncoding
- {
- SecPwEnc_unknown = 0,
- SecPwEnc_plain_text = 1,
- SecPwEnc_salt_sha1 = 2,
- SecPwEnc_salt_md5 = 3,
- SecPwEnc_Rijndael = 4,
- SecPwEnc_salt_accurint_md5 = 5
- };
-
- enum SecUserStatus
- {
- SecUserStatus_Inhouse = 0,
- SecUserStatus_Active = 1,
- SecUserStatus_Exempt = 2,
- SecUserStatus_FreeTrial = 3,
- SecUserStatus_csdemo = 4,
- SecUserStatus_Rollover = 5,
- SecUserStatus_Suspended = 6,
- SecUserStatus_Terminated = 7,
- SecUserStatus_TrialExpired = 8,
- SecUserStatus_Status_Hold = 9,
- SecUserStatus_Unknown = 10
- };
- interface ISecCredentials : extends IInterface
- {
- virtual bool setPassword(const char * pw) = 0;
- virtual const char * getPassword() = 0;
- virtual bool addToken(unsigned type, void * data, unsigned length) = 0;
- virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
- virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
- virtual int getPasswordDaysRemaining() = 0;
- };
- //LDAP authentication status
- enum authStatus
- {
- AS_AUTHENTICATED = 0,
- AS_UNKNOWN = 1,//have not attempted to authenticate
- AS_UNEXPECTED_ERROR = 2,
- AS_INVALID_CREDENTIALS = 3,
- AS_PASSWORD_EXPIRED = 4
- };
- class CDateTime;
- interface ISecUser : extends IInterface
- {
- virtual const char * getName() = 0;
- virtual bool setName(const char * name) = 0;
- virtual const char * getFullName() = 0;
- virtual bool setFullName(const char * name) = 0;
- virtual const char * getFirstName() = 0;
- virtual bool setFirstName(const char * fname) = 0;
- virtual const char * getLastName() = 0;
- virtual bool setLastName(const char * lname) = 0;
- virtual const char * getRealm() = 0;
- virtual bool setRealm(const char * realm) = 0;
- virtual const char * getFqdn() = 0;
- virtual bool setFqdn(const char * Fqdn) = 0;
- virtual const char * getPeer() = 0;
- virtual bool setPeer(const char * Peer) = 0;
- virtual SecUserStatus getStatus() = 0;
- virtual bool setStatus(SecUserStatus Status) = 0;
- virtual authStatus getAuthenticateStatus() = 0;
- virtual void setAuthenticateStatus(authStatus status) = 0;
- virtual ISecCredentials & credentials() = 0;
- virtual unsigned getUserID() = 0;
- virtual void copyTo(ISecUser & destination) = 0;
- virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
- virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
- virtual int getPasswordDaysRemaining() = 0;
- virtual void setProperty(const char * name, const char * value) = 0;
- virtual const char * getProperty(const char * name) = 0;
- virtual void setPropertyInt(const char * name, int value) = 0;
- virtual int getPropertyInt(const char * name) = 0;
- virtual ISecUser * clone() = 0;
- };
- interface ISecAuthenticEvents : extends IInterface
- {
- virtual bool onAuthenticationSuccess(ISecUser & User) = 0;
- virtual bool onAuthenticationFailure(ISecUser & User, unsigned reason, const char * description) = 0;
- virtual bool onRealmRequired(ISecUser & User) = 0;
- virtual bool onPasswordRequired(ISecUser & User, void * salt, unsigned salt_len) = 0;
- virtual bool onTokenRequired(ISecUser & User, unsigned type, void * salt, unsigned salt_len) = 0;
- };
- interface ISecProperty : extends IInterface
- {
- virtual const char * getName() = 0;
- virtual const char * getValue() = 0;
- };
- interface ISecResource : extends ISecProperty
- {
- virtual void setAccessFlags(int flags) = 0;
- virtual int getAccessFlags() = 0;
- virtual void setRequiredAccessFlags(int flags) = 0;
- virtual int getRequiredAccessFlags() = 0;
- virtual int addParameter(const char * name, const char * value) = 0;
- virtual const char * getParameter(const char * name) = 0;
- virtual void setDescription(const char * description) = 0;
- virtual const char * getDescription() = 0;
- virtual ISecResource * clone() = 0;
- virtual void copy(ISecResource * from) = 0;
- virtual SecResourceType getResourceType() = 0;
- virtual void setResourceType(SecResourceType resourcetype) = 0;
- virtual StringBuffer & toString(StringBuffer & s) = 0;
- };
- interface ISecPropertyIterator : extends IIteratorOf<ISecProperty>
- {
- };
- interface ISecPropertyList : extends IInterface
- {
- virtual ISecPropertyIterator * getPropertyItr() = 0;
- virtual ISecProperty * findProperty(const char * name) = 0;
- };
- interface ISecResourceList : extends ISecPropertyList
- {
- virtual bool isAuthorizationComplete() = 0;
- virtual ISecResourceList * clone() = 0;
- virtual bool copyTo(ISecResourceList & destination) = 0;
- virtual void clear() = 0;
- virtual ISecResource * addResource(const char * name) = 0;
- virtual void addResource(ISecResource * resource) = 0;
- virtual bool addCustomResource(const char * name, const char * config) = 0;
- virtual ISecResource * getResource(const char * feature) = 0;
- virtual ISecResource * queryResource(unsigned seq) = 0;
- virtual int count() = 0;
- virtual const char * getName() = 0;
- virtual StringBuffer & toString(StringBuffer & s) = 0;
- };
- typedef IArrayOf<ISecUser> IUserArray;
- typedef IArrayOf<ISecResource> IResourceArray;
- typedef IArrayOf<ISecProperty> IPropertyArray;
- interface ISecUserIterator : extends IIteratorOf<ISecUser>
- {
- };
- interface IAuthMap : extends IInterface
- {
- virtual int add(const char * path, ISecResourceList * resourceList) = 0;
- virtual bool shouldAuth(const char * path) = 0;
- virtual ISecResourceList * queryResourceList(const char * path) = 0;
- virtual ISecResourceList * getResourceList(const char * path) = 0;
- };
- interface ISecManager : extends IInterface
- {
- virtual ISecUser * createUser(const char * user_name) = 0;
- virtual ISecResourceList * createResourceList(const char * rlname) = 0;
- virtual bool subscribe(ISecAuthenticEvents & events) = 0;
- virtual bool unsubscribe(ISecAuthenticEvents & events) = 0;
- virtual bool authorize(ISecUser & user, ISecResourceList * resources) = 0;
- virtual bool authorizeEx(SecResourceType rtype, ISecUser & user, ISecResourceList * resources) = 0;
- virtual int authorizeEx(SecResourceType rtype, ISecUser & user, const char * resourcename) = 0;
- virtual int getAccessFlagsEx(SecResourceType rtype, ISecUser & user, const char * resourcename) = 0;
- virtual int authorizeFileScope(ISecUser & user, const char * filescope) = 0;
- virtual bool authorizeFileScope(ISecUser & user, ISecResourceList * resources) = 0;
- virtual bool addResources(ISecUser & user, ISecResourceList * resources) = 0;
- virtual bool addResourcesEx(SecResourceType rtype, ISecUser & user, ISecResourceList * resources, SecPermissionType ptype, const char * basedn) = 0;
- virtual bool addResourceEx(SecResourceType rtype, ISecUser & user, const char * resourcename, SecPermissionType ptype, const char * basedn) = 0;
- virtual bool getResources(SecResourceType rtype, const char * basedn, IResourceArray & resources) = 0;
- virtual bool updateResources(ISecUser & user, ISecResourceList * resources) = 0;
- virtual bool updateSettings(ISecUser & user, ISecPropertyList * resources) = 0;
- virtual bool addUser(ISecUser & user) = 0;
- virtual ISecUser * findUser(const char * username) = 0;
- virtual ISecUser * lookupUser(unsigned uid) = 0;
- virtual ISecUserIterator * getAllUsers() = 0;
- virtual void getAllGroups(StringArray & groups) = 0;
- virtual bool updateUserPassword(ISecUser & user, const char * newPassword, const char* currPassword = 0) = 0;
- virtual bool initUser(ISecUser & user) = 0;
- virtual void setExtraParam(const char * name, const char * value) = 0;
- virtual IAuthMap * createAuthMap(IPropertyTree * authconfig) = 0;
- virtual IAuthMap * createFeatureMap(IPropertyTree * authconfig) = 0;
- virtual IAuthMap * createSettingMap(IPropertyTree * authconfig) = 0;
- virtual void deleteResource(SecResourceType rtype, const char * name, const char * basedn) = 0;
- virtual void renameResource(SecResourceType rtype, const char * oldname, const char * newname, const char * basedn) = 0;
- virtual void copyResource(SecResourceType rtype, const char * oldname, const char * newname, const char * basedn) = 0;
- virtual void cacheSwitch(SecResourceType rtype, bool on) = 0;
- virtual bool authTypeRequired(SecResourceType rtype) = 0;
- virtual int authorizeWorkunitScope(ISecUser & user, const char * filescope) = 0;
- virtual bool authorizeWorkunitScope(ISecUser & user, ISecResourceList * resources) = 0;
- virtual const char * getDescription() = 0;
- virtual unsigned getPasswordExpirationWarningDays() = 0;
- virtual bool createUserScopes() = 0;
- };
- interface IExtSecurityManager
- {
- virtual bool getExtensionTag(ISecUser & user, const char * tagName, StringBuffer & value) = 0;
- };
- interface IRestartHandler : extends IInterface
- {
- virtual void Restart() = 0;
- };
- interface IRestartManager : extends IInterface
- {
- virtual void setRestartHandler(IRestartHandler * pRestartHandler) = 0;
- };
- const char* const sec_CompanyName = "sec_company_name";
- const char* const sec_CompanyAddress = "sec_company_address";
- const char* const sec_CompanyCity = "sec_company_city";
- const char* const sec_CompanyState = "sec_company_state";
- const char* const sec_CompanyZip = "sec_company_zip";
- typedef ISecManager* (*createSecManager_t)(const char *model_name, const char *serviceName, IPropertyTree &config);
- typedef IAuthMap* (*createDefaultAuthMap_t)(IPropertyTree* config);
- typedef ISecManager* (*newLdapSecManager_t)(const char *serviceName, IPropertyTree &config);
- extern "C" SECLIB_API ISecManager *createSecManager(const char *model_name, const char *serviceName, IPropertyTree &config);
- extern "C" SECLIB_API IAuthMap *createDefaultAuthMap(IPropertyTree* config);
- class SecLibLoader
- {
- public:
- static ISecManager* loadSecManager(const char* model_name, const char* servicename, IPropertyTree* cfg)
- {
- if(model_name && stricmp(model_name, "LdapSecurity") == 0)
- {
- HINSTANCE ldapseclib = LoadSharedObject(LDAPSECLIB, true, false);
- if(ldapseclib == NULL)
- throw MakeStringException(-1, "can't load library %s", LDAPSECLIB);
-
- newLdapSecManager_t xproc = NULL;
- xproc = (newLdapSecManager_t)GetSharedProcedure(ldapseclib, "newLdapSecManager");
- if (xproc)
- return xproc(servicename, *cfg);
- else
- throw MakeStringException(-1, "procedure newLdapSecManager of %s can't be loaded", LDAPSECLIB);
- }
- else
- {
- HINSTANCE seclib = LoadSharedObject(SECLIB, true, false); // ,false,true may actually be more helpful, could delete next two lines.
- if(seclib == NULL)
- throw MakeStringException(-1, "can't load library %s", SECLIB);
- createSecManager_t xproc = NULL;
- xproc = (createSecManager_t)GetSharedProcedure(seclib, "createSecManager");
- if (xproc)
- return xproc(model_name, servicename, *cfg);
- else
- throw MakeStringException(-1, "procedure createSecManager of %s can't be loaded", SECLIB);
- }
- }
- static IAuthMap* loadDefaultAuthMap(IPropertyTree* cfg)
- {
- HINSTANCE seclib = LoadSharedObject(SECLIB, true, false); // ,false,true may actually be more helpful.
- if(seclib == NULL)
- throw MakeStringException(-1, "can't load library %s", SECLIB);
- createDefaultAuthMap_t xproc = NULL;
- xproc = (createDefaultAuthMap_t)GetSharedProcedure(seclib, "createDefaultAuthMap");
- if (xproc)
- return xproc(cfg);
- else
- throw MakeStringException(-1, "procedure createDefaultAuthMap of %s can't be loaded", SECLIB);
- }
- };
- #endif
|