Startseite Erkunden Hilfe
Anmelden
RONCC
/
Big-Data-HPC-Platform
Beobachten 1
Favorit hinzufügen 0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: bdb20ec68c
Branches Tags
Big-Data-HPC...
/
system
/
security
/
shared
/
seclib.hpp

seclib.hpp 14 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383 
  1. /*##############################################################################
    2. 

  2. 

  3.     HPCC SYSTEMS software Copyright (C) 2012 HPCC Systems.
    4. 

  4. 

  5.     Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6.     you may not use this file except in compliance with the License.
    7. 

  7.     You may obtain a copy of the License at
    8. 

  8. 

  9.        http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10. 

  11.     Unless required by applicable law or agreed to in writing, software
    12. 

  12.     distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13.     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14.     See the License for the specific language governing permissions and
    15. 

  15.     limitations under the License.
    16. 

  16. ############################################################################## */
    17. 

  17. 

  18. #ifndef _SECLIB_HPP__
    19. 

  19. #define _SECLIB_HPP__
    20. 

  20. 

  21. #include "jlib.hpp"
    22. 

  22. #include "jtime.hpp"
    23. 

  23. #include "jexcept.hpp"
    24. 

  24. 

  25. #ifndef SECLIB_API
    26. 

  26. #ifdef _WIN32
    27. 

  27.     #ifndef SECLIB_EXPORTS
    28. 

  28.         #define SECLIB_API __declspec(dllimport)
    29. 

  29.     #else
    30. 

  30.         #define SECLIB_API __declspec(dllexport)
    31. 

  31.     #endif //SECLIB_EXPORTS
    32. 

  32. #else
    33. 

  33.     #define SECLIB_API
    34. 

  34. #endif //_WIN32
    35. 

  35. #endif 
    36. 

  36. 

  37. #ifdef _WIN32
    38. 

  38. #define SECLIB "seclib.dll"
    39. 

  39. #define LDAPSECLIB "LdapSecurity.dll"
    40. 

  40. #else
    41. 

  41. #define SECLIB "libseclib.so"
    42. 

  42. #define LDAPSECLIB "libLdapSecurity.so"
    43. 

  43. #endif
    44. 

  44. 

  45. enum NewSecAccessFlags
    46. 

  46. {
    47. 

  47.     NewSecAccess_None = 0,
    48. 

  48.     NewSecAccess_Access = 1,
    49. 

  49.     NewSecAccess_Read = 2,
    50. 

  50.     NewSecAccess_Write = 4,
    51. 

  51.     NewSecAccess_Full = 255
    52. 

  52. };
    53. 

  53. 

  54. 

  55. 

  56. enum SecAccessFlags
    57. 

  57. {
    58. 

  58.     SecAccess_Unknown = -255,
    59. 

  59.     SecAccess_None = 0,
    60. 

  60.     SecAccess_Access = 1,
    61. 

  61.     SecAccess_Read = 3,
    62. 

  62.     SecAccess_Write = 7,
    63. 

  63.     SecAccess_Full = 255
    64. 

  64. };
    65. 

  65. 

  66. 

  67. 

  68. enum SecResourceType
    69. 

  69. {
    70. 

  70.     RT_DEFAULT = 0,
    71. 

  71.     RT_MODULE = 1,
    72. 

  72.     RT_SERVICE = 2,
    73. 

  73.     RT_FILE_SCOPE = 3,
    74. 

  74.     RT_WORKUNIT_SCOPE = 4,
    75. 

  75.     RT_SUDOERS = 5,
    76. 

  76.     RT_TRIAL = 6,
    77. 

  77.     RT_SCOPE_MAX = 7
    78. 

  78. };
    79. 

  79. 

  80. 

  81. 

  82. const char* resTypeDesc(SecResourceType type);
    83. 

  83. 

  84. enum SecPermissionType
    85. 

  85. {
    86. 

  86.     PT_DEFAULT = 0,
    87. 

  87.     PT_ADMINISTRATORS_ONLY = 1,
    88. 

  88.     PT_ADMINISTRATORS_AND_USER = 2  //excludes Authenticated users
    89. 

  89. };
    90. 

  90. 

  91. 

  92. 

  93. #define DEFAULT_REQUIRED_ACCESS SecAccess_Read
    94. 

  94. 

  95. enum SecPasswordEncoding
    96. 

  96. {
    97. 

  97.     SecPwEnc_unknown = 0,
    98. 

  98.     SecPwEnc_plain_text = 1,
    99. 

  99.     SecPwEnc_salt_sha1 = 2,
    100. 

  100.     SecPwEnc_salt_md5 = 3,
    101. 

  101.     SecPwEnc_Rijndael = 4,
    102. 

  102.     SecPwEnc_salt_accurint_md5 = 5
    103. 

  103. };
    104. 

  104. 

  105. 

  106.  
    107. 

  107. enum SecUserStatus
    108. 

  108. {
    109. 

  109.     SecUserStatus_Inhouse = 0,
    110. 

  110.     SecUserStatus_Active = 1,
    111. 

  111.     SecUserStatus_Exempt = 2,
    112. 

  112.     SecUserStatus_FreeTrial = 3,
    113. 

  113.     SecUserStatus_csdemo = 4,
    114. 

  114.     SecUserStatus_Rollover = 5,
    115. 

  115.     SecUserStatus_Suspended = 6,
    116. 

  116.     SecUserStatus_Terminated = 7,
    117. 

  117.     SecUserStatus_TrialExpired = 8,
    118. 

  118.     SecUserStatus_Status_Hold = 9,
    119. 

  119.     SecUserStatus_Unknown = 10
    120. 

  120. };
    121. 

  121. 

  122. 

  123. 

  124. interface ISecCredentials : extends IInterface
    125. 

  125. {
    126. 

  126.     virtual bool setPassword(const char * pw) = 0;
    127. 

  127.     virtual const char * getPassword() = 0;
    128. 

  128.     virtual bool addToken(unsigned type, void * data, unsigned length) = 0;
    129. 

  129.     virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
    130. 

  130.     virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
    131. 

  131.     virtual int getPasswordDaysRemaining() = 0;
    132. 

  132. };
    133. 

  133. 

  134. //LDAP authentication status
    135. 

  135. enum authStatus
    136. 

  136. {
    137. 

  137.     AS_AUTHENTICATED = 0,
    138. 

  138.     AS_UNKNOWN = 1,//have not attempted to authenticate
    139. 

  139.     AS_UNEXPECTED_ERROR = 2,
    140. 

  140.     AS_INVALID_CREDENTIALS = 3,
    141. 

  141.     AS_PASSWORD_EXPIRED = 4
    142. 

  142. };
    143. 

  143. 

  144. class CDateTime;
    145. 

  145. interface ISecUser : extends IInterface
    146. 

  146. {
    147. 

  147.     virtual const char * getName() = 0;
    148. 

  148.     virtual bool setName(const char * name) = 0;
    149. 

  149.     virtual const char * getFullName() = 0;
    150. 

  150.     virtual bool setFullName(const char * name) = 0;
    151. 

  151.     virtual const char * getFirstName() = 0;
    152. 

  152.     virtual bool setFirstName(const char * fname) = 0;
    153. 

  153.     virtual const char * getLastName() = 0;
    154. 

  154.     virtual bool setLastName(const char * lname) = 0;
    155. 

  155.     virtual const char * getRealm() = 0;
    156. 

  156.     virtual bool setRealm(const char * realm) = 0;
    157. 

  157.     virtual const char * getFqdn() = 0;
    158. 

  158.     virtual bool setFqdn(const char * Fqdn) = 0;
    159. 

  159.     virtual const char * getPeer() = 0;
    160. 

  160.     virtual bool setPeer(const char * Peer) = 0;
    161. 

  161.     virtual SecUserStatus getStatus() = 0;
    162. 

  162.     virtual bool setStatus(SecUserStatus Status) = 0;
    163. 

  163.     virtual authStatus getAuthenticateStatus() = 0;
    164. 

  164.     virtual void setAuthenticateStatus(authStatus status) = 0;
    165. 

  165.     virtual ISecCredentials & credentials() = 0;
    166. 

  166.     virtual unsigned getUserID() = 0;
    167. 

  167.     virtual void copyTo(ISecUser & destination) = 0;
    168. 

  168.     virtual CDateTime & getPasswordExpiration(CDateTime & expirationDate) = 0;
    169. 

  169.     virtual bool setPasswordExpiration(CDateTime & expirationDate) = 0;
    170. 

  170.     virtual int getPasswordDaysRemaining() = 0;
    171. 

  171.     virtual void setProperty(const char * name, const char * value) = 0;
    172. 

  172.     virtual const char * getProperty(const char * name) = 0;
    173. 

  173.     virtual void setPropertyInt(const char * name, int value) = 0;
    174. 

  174.     virtual int getPropertyInt(const char * name) = 0;
    175. 

  175.     virtual ISecUser * clone() = 0;
    176. 

  176. };
    177. 

  177. 

  178. 

  179. interface ISecAuthenticEvents : extends IInterface
    180. 

  180. {
    181. 

  181.     virtual bool onAuthenticationSuccess(ISecUser & User) = 0;
    182. 

  182.     virtual bool onAuthenticationFailure(ISecUser & User, unsigned reason, const char * description) = 0;
    183. 

  183.     virtual bool onRealmRequired(ISecUser & User) = 0;
    184. 

  184.     virtual bool onPasswordRequired(ISecUser & User, void * salt, unsigned salt_len) = 0;
    185. 

  185.     virtual bool onTokenRequired(ISecUser & User, unsigned type, void * salt, unsigned salt_len) = 0;
    186. 

  186. };
    187. 

  187. 

  188. 

  189. 

  190. 

  191. interface ISecProperty : extends IInterface
    192. 

  192. {
    193. 

  193.     virtual const char * getName() = 0;
    194. 

  194.     virtual const char * getValue() = 0;
    195. 

  195. };
    196. 

  196. 

  197. 

  198. 

  199. 

  200. 

  201. interface ISecResource : extends ISecProperty
    202. 

  202. {
    203. 

  203.     virtual void setAccessFlags(int flags) = 0;
    204. 

  204.     virtual int getAccessFlags() = 0;
    205. 

  205.     virtual void setRequiredAccessFlags(int flags) = 0;
    206. 

  206.     virtual int getRequiredAccessFlags() = 0;
    207. 

  207.     virtual int addParameter(const char * name, const char * value) = 0;
    208. 

  208.     virtual const char * getParameter(const char * name) = 0;
    209. 

  209.     virtual void setDescription(const char * description) = 0;
    210. 

  210.     virtual const char * getDescription() = 0;
    211. 

  211.     virtual ISecResource * clone() = 0;
    212. 

  212.     virtual void copy(ISecResource * from) = 0;
    213. 

  213.     virtual SecResourceType getResourceType() = 0;
    214. 

  214.     virtual void setResourceType(SecResourceType resourcetype) = 0;
    215. 

  215.     virtual StringBuffer & toString(StringBuffer & s) = 0;
    216. 

  216. };
    217. 

  217. 

  218. 

  219. interface ISecPropertyIterator : extends IIteratorOf<ISecProperty>
    220. 

  220. {
    221. 

  221. };
    222. 

  222. 

  223. interface ISecPropertyList : extends IInterface
    224. 

  224. {
    225. 

  225.     virtual ISecPropertyIterator * getPropertyItr() = 0;
    226. 

  226.     virtual ISecProperty * findProperty(const char * name) = 0;
    227. 

  227. };
    228. 

  228. 

  229. 

  230. interface ISecResourceList : extends ISecPropertyList
    231. 

  231. {
    232. 

  232.     virtual bool isAuthorizationComplete() = 0;
    233. 

  233.     virtual ISecResourceList * clone() = 0;
    234. 

  234.     virtual bool copyTo(ISecResourceList & destination) = 0;
    235. 

  235.     virtual void clear() = 0;
    236. 

  236.     virtual ISecResource * addResource(const char * name) = 0;
    237. 

  237.     virtual void addResource(ISecResource * resource) = 0;
    238. 

  238.     virtual bool addCustomResource(const char * name, const char * config) = 0;
    239. 

  239.     virtual ISecResource * getResource(const char * feature) = 0;
    240. 

  240.     virtual ISecResource * queryResource(unsigned seq) = 0;
    241. 

  241.     virtual int count() = 0;
    242. 

  242.     virtual const char * getName() = 0;
    243. 

  243.     virtual StringBuffer & toString(StringBuffer & s) = 0;
    244. 

  244. };
    245. 

  245. 

  246. 

  247. typedef IArrayOf<ISecUser> IUserArray;
    248. 

  248. typedef IArrayOf<ISecResource> IResourceArray;
    249. 

  249. typedef IArrayOf<ISecProperty> IPropertyArray;
    250. 

  250. 

  251. interface ISecUserIterator : extends IIteratorOf<ISecUser>
    252. 

  252. {
    253. 

  253. };
    254. 

  254. 

  255. interface IAuthMap : extends IInterface
    256. 

  256. {
    257. 

  257.     virtual int add(const char * path, ISecResourceList * resourceList) = 0;
    258. 

  258.     virtual bool shouldAuth(const char * path) = 0;
    259. 

  259.     virtual ISecResourceList * queryResourceList(const char * path) = 0;
    260. 

  260.     virtual ISecResourceList * getResourceList(const char * path) = 0;
    261. 

  261. };
    262. 

  262. 

  263. interface ISecManager : extends IInterface
    264. 

  264. {
    265. 

  265.     virtual ISecUser * createUser(const char * user_name) = 0;
    266. 

  266.     virtual ISecResourceList * createResourceList(const char * rlname) = 0;
    267. 

  267.     virtual bool subscribe(ISecAuthenticEvents & events) = 0;
    268. 

  268.     virtual bool unsubscribe(ISecAuthenticEvents & events) = 0;
    269. 

  269.     virtual bool authorize(ISecUser & user, ISecResourceList * resources) = 0;
    270. 

  270.     virtual bool authorizeEx(SecResourceType rtype, ISecUser & user, ISecResourceList * resources) = 0;
    271. 

  271.     virtual int authorizeEx(SecResourceType rtype, ISecUser & user, const char * resourcename) = 0;
    272. 

  272.     virtual int getAccessFlagsEx(SecResourceType rtype, ISecUser & user, const char * resourcename) = 0;
    273. 

  273.     virtual int authorizeFileScope(ISecUser & user, const char * filescope) = 0;
    274. 

  274.     virtual bool authorizeFileScope(ISecUser & user, ISecResourceList * resources) = 0;
    275. 

  275.     virtual bool addResources(ISecUser & user, ISecResourceList * resources) = 0;
    276. 

  276.     virtual bool addResourcesEx(SecResourceType rtype, ISecUser & user, ISecResourceList * resources, SecPermissionType ptype, const char * basedn) = 0;
    277. 

  277.     virtual bool addResourceEx(SecResourceType rtype, ISecUser & user, const char * resourcename, SecPermissionType ptype, const char * basedn) = 0;
    278. 

  278.     virtual bool getResources(SecResourceType rtype, const char * basedn, IResourceArray & resources) = 0;
    279. 

  279.     virtual bool updateResources(ISecUser & user, ISecResourceList * resources) = 0;
    280. 

  280.     virtual bool updateSettings(ISecUser & user, ISecPropertyList * resources) = 0;
    281. 

  281.     virtual bool addUser(ISecUser & user) = 0;
    282. 

  282.     virtual ISecUser * findUser(const char * username) = 0;
    283. 

  283.     virtual ISecUser * lookupUser(unsigned uid) = 0;
    284. 

  284.     virtual ISecUserIterator * getAllUsers() = 0;
    285. 

  285.     virtual void getAllGroups(StringArray & groups) = 0;
    286. 

  286.     virtual bool updateUserPassword(ISecUser & user, const char * newPassword, const char* currPassword = 0) = 0;
    287. 

  287.     virtual bool initUser(ISecUser & user) = 0;
    288. 

  288.     virtual void setExtraParam(const char * name, const char * value) = 0;
    289. 

  289.     virtual IAuthMap * createAuthMap(IPropertyTree * authconfig) = 0;
    290. 

  290.     virtual IAuthMap * createFeatureMap(IPropertyTree * authconfig) = 0;
    291. 

  291.     virtual IAuthMap * createSettingMap(IPropertyTree * authconfig) = 0;
    292. 

  292.     virtual void deleteResource(SecResourceType rtype, const char * name, const char * basedn) = 0;
    293. 

  293.     virtual void renameResource(SecResourceType rtype, const char * oldname, const char * newname, const char * basedn) = 0;
    294. 

  294.     virtual void copyResource(SecResourceType rtype, const char * oldname, const char * newname, const char * basedn) = 0;
    295. 

  295.     virtual void cacheSwitch(SecResourceType rtype, bool on) = 0;
    296. 

  296.     virtual bool authTypeRequired(SecResourceType rtype) = 0;
    297. 

  297.     virtual int authorizeWorkunitScope(ISecUser & user, const char * filescope) = 0;
    298. 

  298.     virtual bool authorizeWorkunitScope(ISecUser & user, ISecResourceList * resources) = 0;
    299. 

  299.     virtual const char * getDescription() = 0;
    300. 

  300.     virtual unsigned getPasswordExpirationWarningDays() = 0;
    301. 

  301.     virtual bool createUserScopes() = 0;
    302. 

  302. };
    303. 

  303. 

  304. interface IExtSecurityManager
    305. 

  305. {
    306. 

  306.     virtual bool getExtensionTag(ISecUser & user, const char * tagName, StringBuffer & value) = 0;
    307. 

  307. };
    308. 

  308. 

  309. interface IRestartHandler : extends IInterface
    310. 

  310. {
    311. 

  311.     virtual void Restart() = 0;
    312. 

  312. };
    313. 

  313. 

  314. interface IRestartManager : extends IInterface
    315. 

  315. {
    316. 

  316.     virtual void setRestartHandler(IRestartHandler * pRestartHandler) = 0;
    317. 

  317. };
    318. 

  318. 

  319. const char* const sec_CompanyName       = "sec_company_name";
    320. 

  320. const char* const sec_CompanyAddress    = "sec_company_address";
    321. 

  321. const char* const sec_CompanyCity       = "sec_company_city";
    322. 

  322. const char* const sec_CompanyState      = "sec_company_state";
    323. 

  323. const char* const sec_CompanyZip        = "sec_company_zip";
    324. 

  324. 

  325. typedef ISecManager* (*createSecManager_t)(const char *model_name, const char *serviceName, IPropertyTree &config);
    326. 

  326. typedef IAuthMap* (*createDefaultAuthMap_t)(IPropertyTree* config);
    327. 

  327. typedef ISecManager* (*newLdapSecManager_t)(const char *serviceName, IPropertyTree &config);
    328. 

  328. 

  329. extern "C" SECLIB_API ISecManager *createSecManager(const char *model_name, const char *serviceName, IPropertyTree &config);
    330. 

  330. extern "C" SECLIB_API IAuthMap *createDefaultAuthMap(IPropertyTree* config);
    331. 

  331. 

  332. class SecLibLoader
    333. 

  333. {
    334. 

  334. public:
    335. 

  335.     static ISecManager* loadSecManager(const char* model_name, const char* servicename, IPropertyTree* cfg)
    336. 

  336.     {
    337. 

  337.         if(model_name && stricmp(model_name, "LdapSecurity") == 0)
    338. 

  338.         {
    339. 

  339.             HINSTANCE ldapseclib = LoadSharedObject(LDAPSECLIB, true, false);
    340. 

  340.             if(ldapseclib == NULL)
    341. 

  341.                 throw MakeStringException(-1, "can't load library %s", LDAPSECLIB);
    342. 

  342.             
    343. 

  343.             newLdapSecManager_t xproc = NULL;
    344. 

  344.             xproc = (newLdapSecManager_t)GetSharedProcedure(ldapseclib, "newLdapSecManager");
    345. 

  345. 

  346.             if (xproc)
    347. 

  347.                 return xproc(servicename, *cfg);
    348. 

  348.             else
    349. 

  349.                 throw MakeStringException(-1, "procedure newLdapSecManager of %s can't be loaded", LDAPSECLIB);
    350. 

  350.         }
    351. 

  351.         else
    352. 

  352.         {
    353. 

  353.             HINSTANCE seclib = LoadSharedObject(SECLIB, true, false);       // ,false,true may actually be more helpful, could delete next two lines.
    354. 

  354.             if(seclib == NULL)
    355. 

  355.                 throw MakeStringException(-1, "can't load library %s", SECLIB);
    356. 

  356. 

  357.             createSecManager_t xproc = NULL;
    358. 

  358.             xproc = (createSecManager_t)GetSharedProcedure(seclib, "createSecManager");
    359. 

  359. 

  360.             if (xproc)
    361. 

  361.                 return xproc(model_name, servicename, *cfg);
    362. 

  362.             else
    363. 

  363.                 throw MakeStringException(-1, "procedure createSecManager of %s can't be loaded", SECLIB);
    364. 

  364.         }
    365. 

  365.     }   
    366. 

  366.     static IAuthMap* loadDefaultAuthMap(IPropertyTree* cfg)
    367. 

  367.     {
    368. 

  368.         HINSTANCE seclib = LoadSharedObject(SECLIB, true, false);       // ,false,true may actually be more helpful.
    369. 

  369.         if(seclib == NULL)
    370. 

  370.             throw MakeStringException(-1, "can't load library %s", SECLIB);
    371. 

  371. 

  372.         createDefaultAuthMap_t xproc = NULL;
    373. 

  373.         xproc = (createDefaultAuthMap_t)GetSharedProcedure(seclib, "createDefaultAuthMap");
    374. 

  374. 

  375.         if (xproc)
    376. 

  376.             return xproc(cfg);
    377. 

  377.         else
    378. 

  378.             throw MakeStringException(-1, "procedure createDefaultAuthMap of %s can't be loaded", SECLIB);
    379. 

  379.     }   
    380. 

  380. };
    381. 

  381. 

  382. #endif
    383. 

  383.