irods  4.2.8
About: iRODS (the integrated Rule Oriented Data System) is a distributed data-management system for creating data grids, digital libraries, persistent archives, and real-time data systems.
  Fossies Dox: irods-4.2.8.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

client_api_whitelist.cpp
Go to the documentation of this file.
2 
3 #include "apiNumber.h"
4 #include "rodsErrorTable.h"
5 #include "rodsLog.h"
8 
9 #include <exception>
10 
11 namespace
12 {
13  auto is_client_to_agent_connection() -> bool
14  {
15  try {
16  irods::get_server_property<std::string>(irods::AGENT_CONN_KW);
17  return false;
18  }
19  catch (const irods::exception&) {
20  rodsLog(LOG_DEBUG, "Connection is not an agent-to-agent connection");
21  }
22 
23  return true;
24  }
25 } // anonymous namespace
26 
27 namespace irods
28 {
30  {
31  static client_api_whitelist instance;
32  return instance;
33  }
34 
36  : api_numbers_{// 500 - 599 - Internal File I/O API calls
37  //FILE_CREATE_AN,
38  //FILE_OPEN_AN,
39  //FILE_WRITE_AN,
40  //FILE_CLOSE_AN,
41  //FILE_LSEEK_AN,
42  //FILE_READ_AN,
43  //FILE_UNLINK_AN,
44  //FILE_MKDIR_AN,
45  //FILE_CHMOD_AN,
46  //FILE_RMDIR_AN,
47  //FILE_STAT_AN,
48  //FILE_FSTAT_AN,
49  //FILE_FSYNC_AN,
50 
51  //FILE_STAGE_AN,
52  //FILE_GET_FS_FREE_SPACE_AN,
53  //FILE_OPENDIR_AN,
54  //FILE_CLOSEDIR_AN,
55  //FILE_READDIR_AN,
56  //FILE_PUT_AN,
57  //FILE_GET_AN,
58  //FILE_CHKSUM_AN,
59  //CHK_N_V_PATH_PERM_AN,
60  //FILE_RENAME_AN,
61  //FILE_TRUNCATE_AN,
62  //FILE_STAGE_TO_CACHE_AN,
63  //FILE_SYNC_TO_ARCH_AN,
64 
68  //DATA_PUT_AN,
70  //DATA_GET_AN,
71  //DATA_COPY_AN,
77  //MOD_DATA_OBJ_META_AN,
106  //GET_XMSG_TICKET_AN,
107  //SEND_XMSG_AN,
108  //RCV_XMSG_AN,
120  //L3_FILE_GET_SINGLE_BUF_AN,
121  //L3_FILE_PUT_SINGLE_BUF_AN,
127  COLL_REPL_AN,
129  RM_COLL_AN,
130  MOD_COLL_AN,
133  REG_COLL_AN,
136  //GET_HOST_FOR_PUT_AN,
140  PROC_STAT_AN,
141  //STREAM_READ_AN,
142  //EXEC_CMD_AN,
143  //STREAM_CLOSE_AN,
144  //GET_HOST_FOR_GET_AN,
150 
151  // 700 - 799 - Metadata API calls
154  GEN_QUERY_AN,
165  //GENERAL_ROW_INSERT_AN,
166  //GENERAL_ROW_PURGE_AN,
167  //END_TRANSACTION_AN,
168  //DATABASE_RESC_OPEN_AN,
169  //DATABASE_OBJ_CONTROL_AN,
170  //DATABASE_RESC_CLOSE_AN,
176 
177  // 1100 - 1200 - SSL API calls
178  SSL_START_AN,
179  SSL_END_AN,
180 
187 
191  {
192  }
193 
194  auto client_api_whitelist::enforce(const rsComm_t& comm) const noexcept -> bool
195  {
196  if (!irods::is_privileged_client(comm)) {
197  try {
198  using T = const std::string&;
199  const auto& keyword = irods::CFG_CLIENT_API_WHITELIST_POLICY_KW;
200  return "enforce" == irods::get_server_property<T>(keyword) && is_client_to_agent_connection();
201  }
202  catch (const irods::exception&) {
203  rodsLog(LOG_DEBUG, "Skipping client API whitelist. Server is not configured to enforce the API "
204  "or the connection is not a client-to-agent connection.");
205  }
206  }
207  else {
208  rodsLog(LOG_DEBUG, "Skipping client API whitelist. Client has administrative privileges.");
209  }
210 
211  return false;
212  }
213 
214  auto client_api_whitelist::contains(int api_number) const noexcept -> bool
215  {
216  const auto end = std::cend(api_numbers_);
217  return std::find(std::cbegin(api_numbers_), end, api_number) != end;
218  }
219 
220  auto client_api_whitelist::add(int api_number) -> void
221  {
222  if (contains(api_number)) {
223  rodsLog(LOG_DEBUG, "API number [%d] has already been added to the client API whitelist", api_number);
224  return;
225  }
226 
227  try {
228  api_numbers_.push_back(api_number);
229  rodsLog(LOG_DEBUG, "Added API number [%d] to the client API whitelist.", api_number);
230  }
231  catch (const std::exception& e) {
232  rodsLog(LOG_ERROR, "Could not add API number [%d] to whitelist [error_code => %d, exception => %s]",
233  api_number, SYS_INTERNAL_ERR, e.what());
234  }
235  }
236 } // namespace irods
237 
rodsLog
void rodsLog(int level, const char *formatStr,...)
Definition: rodsLog.cpp:86
SUB_STRUCT_FILE_CLOSE_AN
#define SUB_STRUCT_FILE_CLOSE_AN
Definition: apiNumber.h:69
EXEC_MY_RULE_AN
#define EXEC_MY_RULE_AN
Definition: apiNumber.h:57
GENERAL_ADMIN_AN
#define GENERAL_ADMIN_AN
Definition: apiNumber.h:130
rsComm_t
Definition: rcConnect.h:145
AUTH_PLUG_RESP_AN
#define AUTH_PLUG_RESP_AN
Definition: apiNumber.h:159
DATA_OBJ_TRIM_AN
#define DATA_OBJ_TRIM_AN
Definition: apiNumber.h:63
PROC_STAT_AN
#define PROC_STAT_AN
Definition: apiNumber.h:117
DATA_OBJ_GET_AN
#define DATA_OBJ_GET_AN
Definition: apiNumber.h:46
DATA_OBJ_LSEEK_AN
#define DATA_OBJ_LSEEK_AN
Definition: apiNumber.h:101
RM_COLL_AN
#define RM_COLL_AN
Definition: apiNumber.h:106
STRUCT_FILE_BUNDLE_AN
#define STRUCT_FILE_BUNDLE_AN
Definition: apiNumber.h:93
irods_server_properties.hpp
AUTH_RESPONSE_AN
#define AUTH_RESPONSE_AN
Definition: apiNumber.h:133
REG_DATA_OBJ_AN
#define REG_DATA_OBJ_AN
Definition: apiNumber.h:51
SUB_STRUCT_FILE_RENAME_AN
#define SUB_STRUCT_FILE_RENAME_AN
Definition: apiNumber.h:74
UNBUN_AND_REG_PHY_BUNFILE_AN
#define UNBUN_AND_REG_PHY_BUNFILE_AN
Definition: apiNumber.h:112
irods::AGENT_CONN_KW
const std::string AGENT_CONN_KW("agent_conn")
DATA_OBJ_OPEN_AND_STAT_AN
#define DATA_OBJ_OPEN_AND_STAT_AN
Definition: apiNumber.h:96
STRUCT_FILE_EXTRACT_AN
#define STRUCT_FILE_EXTRACT_AN
Definition: apiNumber.h:91
DATA_OBJ_OPEN_AN
#define DATA_OBJ_OPEN_AN
Definition: apiNumber.h:43
SUB_STRUCT_FILE_FSTAT_AN
#define SUB_STRUCT_FILE_FSTAT_AN
Definition: apiNumber.h:72
irods_rs_comm_query.hpp
SUB_STRUCT_FILE_GET_AN
#define SUB_STRUCT_FILE_GET_AN
Definition: apiNumber.h:86
irods::client_api_whitelist::add
auto add(int api_number) -> void
Definition: client_api_whitelist.cpp:220
GET_TEMP_PASSWORD_AN
#define GET_TEMP_PASSWORD_AN
Definition: apiNumber.h:138
GET_HIER_FROM_LEAF_ID_AN
#define GET_HIER_FROM_LEAF_ID_AN
Definition: apiNumber.h:161
SUB_STRUCT_FILE_WRITE_AN
#define SUB_STRUCT_FILE_WRITE_AN
Definition: apiNumber.h:68
irods::CFG_CLIENT_API_WHITELIST_POLICY_KW
const std::string CFG_CLIENT_API_WHITELIST_POLICY_KW
Definition: irods_configuration_keywords.hpp:43
GET_TEMP_PASSWORD_FOR_OTHER_AN
#define GET_TEMP_PASSWORD_FOR_OTHER_AN
Definition: apiNumber.h:150
REG_COLL_AN
#define REG_COLL_AN
Definition: apiNumber.h:110
QUERY_SPEC_COLL_AN
#define QUERY_SPEC_COLL_AN
Definition: apiNumber.h:75
irods::client_api_whitelist::contains
auto contains(int api_number) const noexcept -> bool
Definition: client_api_whitelist.cpp:214
SYNC_MOUNTED_COLL_AN
#define SYNC_MOUNTED_COLL_AN
Definition: apiNumber.h:88
STRUCT_FILE_EXT_AND_REG_AN
#define STRUCT_FILE_EXT_AND_REG_AN
Definition: apiNumber.h:92
irods::client_api_whitelist::client_api_whitelist
client_api_whitelist()
Definition: client_api_whitelist.cpp:35
LOG_ERROR
#define LOG_ERROR
Definition: rodsLog.h:43
irods::client_api_whitelist
Definition: client_api_whitelist.hpp:19
SUB_STRUCT_FILE_RMDIR_AN
#define SUB_STRUCT_FILE_RMDIR_AN
Definition: apiNumber.h:77
REG_REPLICA_AN
#define REG_REPLICA_AN
Definition: apiNumber.h:53
DATA_OBJ_UNLINK_AN
#define DATA_OBJ_UNLINK_AN
Definition: apiNumber.h:50
SPECIFIC_QUERY_AN
#define SPECIFIC_QUERY_AN
Definition: apiNumber.h:148
ZONE_REPORT_AN
#define ZONE_REPORT_AN
Definition: apiNumber.h:167
SYS_INTERNAL_ERR
@ SYS_INTERNAL_ERR
Definition: rodsErrorTable.h:211
SUB_STRUCT_FILE_CREATE_AN
#define SUB_STRUCT_FILE_CREATE_AN
Definition: apiNumber.h:65
irods::experimental::filesystem::client::end
auto end(const collection_iterator &) noexcept -> const collection_iterator
Definition: collection_iterator.hpp:88
SUB_STRUCT_FILE_LSEEK_AN
#define SUB_STRUCT_FILE_LSEEK_AN
Definition: apiNumber.h:73
SUB_STRUCT_FILE_UNLINK_AN
#define SUB_STRUCT_FILE_UNLINK_AN
Definition: apiNumber.h:70
DATA_OBJ_CREATE_AND_STAT_AN
#define DATA_OBJ_CREATE_AND_STAT_AN
Definition: apiNumber.h:99
DATA_OBJ_RSYNC_AN
#define DATA_OBJ_RSYNC_AN
Definition: apiNumber.h:60
DATA_OBJ_RENAME_AN
#define DATA_OBJ_RENAME_AN
Definition: apiNumber.h:59
client_api_whitelist.hpp
UNREG_DATA_OBJ_AN
#define UNREG_DATA_OBJ_AN
Definition: apiNumber.h:52
CLIENT_HINTS_AN
#define CLIENT_HINTS_AN
Definition: apiNumber.h:168
LOG_DEBUG
#define LOG_DEBUG
Definition: rodsLog.h:23
DATA_OBJ_READ_AN
#define DATA_OBJ_READ_AN
Definition: apiNumber.h:102
irods
Definition: apiHandler.hpp:35
DATA_OBJ_CHKSUM_AN
#define DATA_OBJ_CHKSUM_AN
Definition: apiNumber.h:61
TICKET_ADMIN_AN
#define TICKET_ADMIN_AN
Definition: apiNumber.h:149
GET_HIER_FOR_RESC_AN
#define GET_HIER_FOR_RESC_AN
Definition: apiNumber.h:160
RULE_EXEC_SUBMIT_AN
#define RULE_EXEC_SUBMIT_AN
Definition: apiNumber.h:55
MOD_AVU_METADATA_AN
#define MOD_AVU_METADATA_AN
Definition: apiNumber.h:135
DATA_OBJ_REPL_AN
#define DATA_OBJ_REPL_AN
Definition: apiNumber.h:122
GET_MISC_SVR_INFO_AN
#define GET_MISC_SVR_INFO_AN
Definition: apiNumber.h:129
terminate_irods_processes.e
e
Definition: terminate_irods_processes.py:19
SUB_STRUCT_FILE_OPENDIR_AN
#define SUB_STRUCT_FILE_OPENDIR_AN
Definition: apiNumber.h:78
BULK_DATA_OBJ_PUT_AN
#define BULK_DATA_OBJ_PUT_AN
Definition: apiNumber.h:116
GENERAL_UPDATE_AN
#define GENERAL_UPDATE_AN
Definition: apiNumber.h:139
GET_RESC_QUOTA_AN
#define GET_RESC_QUOTA_AN
Definition: apiNumber.h:114
MOD_ACCESS_CONTROL_AN
#define MOD_ACCESS_CONTROL_AN
Definition: apiNumber.h:136
PAM_AUTH_REQUEST_AN
#define PAM_AUTH_REQUEST_AN
Definition: apiNumber.h:151
irods::client_api_whitelist::instance
static auto instance() -> client_api_whitelist &
Definition: client_api_whitelist.cpp:29
DATA_OBJ_CREATE_AN
#define DATA_OBJ_CREATE_AN
Definition: apiNumber.h:42
rodsLog.h
SUB_STRUCT_FILE_TRUNCATE_AN
#define SUB_STRUCT_FILE_TRUNCATE_AN
Definition: apiNumber.h:82
RULE_EXEC_DEL_AN
#define RULE_EXEC_DEL_AN
Definition: apiNumber.h:56
DATA_OBJ_FSYNC_AN
#define DATA_OBJ_FSYNC_AN
Definition: apiNumber.h:125
apiNumber.h
MOD_COLL_AN
#define MOD_COLL_AN
Definition: apiNumber.h:107
irods::is_privileged_client
bool is_privileged_client(const rsComm_t &_comm) noexcept
Definition: irods_rs_comm_query.cpp:5
AUTH_REQUEST_AN
#define AUTH_REQUEST_AN
Definition: apiNumber.h:132
DATA_OBJ_CLOSE_AN
#define DATA_OBJ_CLOSE_AN
Definition: apiNumber.h:100
SSL_START_AN
#define SSL_START_AN
Definition: apiNumber.h:155
OPR_COMPLETE_AN
#define OPR_COMPLETE_AN
Definition: apiNumber.h:58
SSL_END_AN
#define SSL_END_AN
Definition: apiNumber.h:156
GEN_QUERY_AN
#define GEN_QUERY_AN
Definition: apiNumber.h:131
READ_COLLECTION_AN
#define READ_COLLECTION_AN
Definition: apiNumber.h:140
RULE_EXEC_MOD_AN
#define RULE_EXEC_MOD_AN
Definition: apiNumber.h:137
AUTH_CHECK_AN
#define AUTH_CHECK_AN
Definition: apiNumber.h:134
DATA_OBJ_UNLOCK_AN
#define DATA_OBJ_UNLOCK_AN
Definition: apiNumber.h:109
SUB_STRUCT_FILE_PUT_AN
#define SUB_STRUCT_FILE_PUT_AN
Definition: apiNumber.h:87
SET_RR_CTX_AN
#define SET_RR_CTX_AN
Definition: apiNumber.h:162
SUB_STRUCT_FILE_OPEN_AN
#define SUB_STRUCT_FILE_OPEN_AN
Definition: apiNumber.h:66
EXEC_RULE_EXPRESSION_AN
#define EXEC_RULE_EXPRESSION_AN
Definition: apiNumber.h:163
CLOSE_COLLECTION_AN
#define CLOSE_COLLECTION_AN
Definition: apiNumber.h:90
PHY_BUNDLE_COLL_AN
#define PHY_BUNDLE_COLL_AN
Definition: apiNumber.h:111
DATA_OBJ_PUT_AN
#define DATA_OBJ_PUT_AN
Definition: apiNumber.h:44
CHK_OBJ_PERM_AND_STAT_AN
#define CHK_OBJ_PERM_AND_STAT_AN
Definition: apiNumber.h:94
irods::exception
Definition: irods_exception.hpp:15
COLL_REPL_AN
#define COLL_REPL_AN
Definition: apiNumber.h:104
SUB_STRUCT_FILE_STAT_AN
#define SUB_STRUCT_FILE_STAT_AN
Definition: apiNumber.h:71
DATA_OBJ_PHYMV_AN
#define DATA_OBJ_PHYMV_AN
Definition: apiNumber.h:124
rodsErrorTable.h
DATA_OBJ_WRITE_AN
#define DATA_OBJ_WRITE_AN
Definition: apiNumber.h:103
OBJ_STAT_AN
#define OBJ_STAT_AN
Definition: apiNumber.h:64
PHY_PATH_REG_AN
#define PHY_PATH_REG_AN
Definition: apiNumber.h:62
DATA_OBJ_LOCK_AN
#define DATA_OBJ_LOCK_AN
Definition: apiNumber.h:126
DATA_OBJ_TRUNCATE_AN
#define DATA_OBJ_TRUNCATE_AN
Definition: apiNumber.h:81
SUB_STRUCT_FILE_CLOSEDIR_AN
#define SUB_STRUCT_FILE_CLOSEDIR_AN
Definition: apiNumber.h:80
SUB_STRUCT_FILE_READ_AN
#define SUB_STRUCT_FILE_READ_AN
Definition: apiNumber.h:67
USER_ADMIN_AN
#define USER_ADMIN_AN
Definition: apiNumber.h:141
COLL_CREATE_AN
#define COLL_CREATE_AN
Definition: apiNumber.h:108
GET_LIMITED_PASSWORD_AN
#define GET_LIMITED_PASSWORD_AN
Definition: apiNumber.h:152
DATA_OBJ_COPY_AN
#define DATA_OBJ_COPY_AN
Definition: apiNumber.h:123
irods::client_api_whitelist::enforce
auto enforce(const rsComm_t &comm) const noexcept -> bool
Definition: client_api_whitelist.cpp:194
BULK_DATA_OBJ_REG_AN
#define BULK_DATA_OBJ_REG_AN
Definition: apiNumber.h:115
SIMPLE_QUERY_AN
#define SIMPLE_QUERY_AN
Definition: apiNumber.h:49
GET_REMOTE_ZONE_RESC_AN
#define GET_REMOTE_ZONE_RESC_AN
Definition: apiNumber.h:95
AUTH_PLUG_REQ_AN
#define AUTH_PLUG_REQ_AN
Definition: apiNumber.h:158
OPEN_COLLECTION_AN
#define OPEN_COLLECTION_AN
Definition: apiNumber.h:105
SERVER_REPORT_AN
#define SERVER_REPORT_AN
Definition: apiNumber.h:166
SUB_STRUCT_FILE_READDIR_AN
#define SUB_STRUCT_FILE_READDIR_AN
Definition: apiNumber.h:79
STRUCT_FILE_SYNC_AN
#define STRUCT_FILE_SYNC_AN
Definition: apiNumber.h:89
SUB_STRUCT_FILE_MKDIR_AN
#define SUB_STRUCT_FILE_MKDIR_AN
Definition: apiNumber.h:76