irods  4.2.8
About: iRODS (the integrated Rule Oriented Data System) is a distributed data-management system for creating data grids, digital libraries, persistent archives, and real-time data systems.
  Fossies Dox: irods-4.2.8.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

rsAuthResponse.cpp
Go to the documentation of this file.
1 
4 /* See authResponse.h for a description of this API call.*/
5 
6 // =-=-=-=-=-=-=-
8 #include "irods_auth_object.hpp"
9 #include "irods_auth_factory.hpp"
10 #include "irods_auth_plugin.hpp"
11 #include "irods_auth_manager.hpp"
12 #include "irods_auth_constants.hpp"
15 #include "rsAuthResponse.hpp"
16 
17 // =-=-=-=-=-=-=-
18 // irods includes
19 #include "authRequest.h"
20 #include "authResponse.h"
21 #include "authCheck.h"
22 #include "miscServerFunct.hpp"
23 
25  rsComm_t* _comm,
26  authResponseInp_t* _resp ) {
27  // =-=-=-=-=-=-=-
28  // check our incoming params
29  if ( !_comm ) {
30  rodsLog( LOG_ERROR, "rsAuthRequest - null comm pointer" );
32  }
33  if ( !_resp ) {
34  rodsLog( LOG_ERROR, "rsAuthRequest - null auth response pointer" );
36  }
37 
38  // =-=-=-=-=-=-=-
39  // get the auth scheme from the singleton cache and
40  // if it is not empty use that as our auth scheme
41  // native is the default scheme otherwise
43  std::string auth_scheme = plug_a.get( );
44  if ( auth_scheme.empty() ) {
45  auth_scheme = irods::AUTH_NATIVE_SCHEME;
46  }
47 
48  // =-=-=-=-=-=-=-
49  // empty out the scheme for good measure
50  plug_a.set( "" );
51 
52  // =-=-=-=-=-=-=-
53  // construct an auth object given the scheme
54  irods::auth_object_ptr auth_obj;
55  irods::error ret = irods::auth_factory( auth_scheme, &_comm->rError, auth_obj );
56  if ( !ret.ok() ) {
57  irods::log( PASS( ret ) );
58  return ret.code();
59  }
60 
61  // =-=-=-=-=-=-=-
62  // resolve an auth plugin given the auth object
64  ret = auth_obj->resolve( irods::AUTH_INTERFACE, ptr );
65  if ( !ret.ok() ) {
66  irods::log( PASS( ret ) );
67  return ret.code();
68  }
69  irods::auth_ptr auth_plugin = boost::dynamic_pointer_cast< irods::auth >( ptr );
70 
71  // =-=-=-=-=-=-=-
72  // call client side init - 'establish creds'
73  ret = auth_plugin->call < authResponseInp_t* > ( _comm, irods::AUTH_AGENT_AUTH_RESPONSE, auth_obj, _resp );
74  if ( !ret.ok() ) {
75  irods::log( PASS( ret ) );
76  return ret.code();
77  }
78 
79  // =-=-=-=-=-=-=-
80  // win!
81  return 0;
82 
83 
84 } // rsAuthResponse
85 
86 int
87 chkProxyUserPriv( rsComm_t *rsComm, int proxyUserPriv ) {
88  if ( strcmp( rsComm->proxyUser.userName, rsComm->clientUser.userName )
89  == 0 ) {
90  return 0;
91  }
92 
93  /* remote privileged user can only do things on behalf of users from
94  * the same zone */
95  if ( proxyUserPriv >= LOCAL_PRIV_USER_AUTH ||
96  ( proxyUserPriv >= REMOTE_PRIV_USER_AUTH &&
97  strcmp( rsComm->proxyUser.rodsZone, rsComm->clientUser.rodsZone ) == 0 ) ) {
98  return 0;
99  }
100  else {
102  "rsAuthResponse: proxyuser %s with %d no priv to auth clientUser %s",
103  rsComm->proxyUser.userName,
104  proxyUserPriv,
105  rsComm->clientUser.userName );
106  return SYS_PROXYUSER_NO_PRIV;
107  }
108 }
rodsLog
void rodsLog(int level, const char *formatStr,...)
Definition: rodsLog.cpp:86
irods::plugin_ptr
boost::shared_ptr< plugin_base > plugin_ptr
Definition: irods_first_class_object.hpp:18
rsComm_t
Definition: rcConnect.h:145
irods_native_auth_object.hpp
userInfo_t::userName
char userName[64]
Definition: rodsUser.h:66
irods::pluggable_auth_scheme
Definition: irods_pluggable_auth_scheme.hpp:9
PASS
#define PASS(prev_error_)
Definition: irods_error.hpp:118
irods::auth_factory
irods::error auth_factory(const std::string &, rError_t *, irods::auth_object_ptr &)
Definition: irods_auth_factory.cpp:16
irods::pluggable_auth_scheme::get_instance
static pluggable_auth_scheme & get_instance()
Definition: irods_pluggable_auth_scheme.cpp:5
chkProxyUserPriv
int chkProxyUserPriv(rsComm_t *rsComm, int proxyUserPriv)
Definition: rsAuthResponse.cpp:87
irods::auth_object_ptr
boost::shared_ptr< auth_object > auth_object_ptr
Definition: irods_auth_object.hpp:86
rsAuthResponse.hpp
irods::AUTH_AGENT_AUTH_RESPONSE
const std::string AUTH_AGENT_AUTH_RESPONSE("auth_agent_auth_response")
irods_pluggable_auth_scheme.hpp
irods::AUTH_NATIVE_SCHEME
const std::string AUTH_NATIVE_SCHEME("native")
irods::pluggable_auth_scheme::get
std::string get() const
Definition: irods_pluggable_auth_scheme.cpp:10
irods::AUTH_INTERFACE
const std::string AUTH_INTERFACE("irods_auth_interface")
LOG_ERROR
#define LOG_ERROR
Definition: rodsLog.h:43
SYS_INVALID_INPUT_PARAM
@ SYS_INVALID_INPUT_PARAM
Definition: rodsErrorTable.h:195
authRequest.h
irods_auth_constants.hpp
rsAuthResponse
int rsAuthResponse(rsComm_t *_comm, authResponseInp_t *_resp)
Definition: rsAuthResponse.cpp:24
irods_auth_object.hpp
rsComm_t::rError
rError_t rError
Definition: rcConnect.h:158
irods::error::code
long long code() const
Definition: irods_error.cpp:194
irods_auth_factory.hpp
rsComm_t::proxyUser
userInfo_t proxyUser
Definition: rcConnect.h:152
authResponseInp_t
Definition: authResponse.h:6
authCheck.h
REMOTE_PRIV_USER_AUTH
#define REMOTE_PRIV_USER_AUTH
Definition: rodsUser.h:35
LOCAL_PRIV_USER_AUTH
#define LOCAL_PRIV_USER_AUTH
Definition: rodsUser.h:36
irods_auth_manager.hpp
userInfo_t::rodsZone
char rodsZone[64]
Definition: rodsUser.h:67
irods::log
void log(const error &)
Definition: irods_log.cpp:13
rsComm_t::clientUser
userInfo_t clientUser
Definition: rcConnect.h:153
irods::error
Definition: irods_error.hpp:23
miscServerFunct.hpp
irods_auth_plugin.hpp
authResponse.h
irods::pluggable_auth_scheme::set
void set(const std::string &)
Definition: irods_pluggable_auth_scheme.cpp:14
irods_kvp_string_parser.hpp
irods::error::ok
bool ok()
Definition: irods_error.cpp:258
irods::auth_ptr
boost::shared_ptr< auth > auth_ptr
Definition: irods_auth_types.hpp:19
SYS_PROXYUSER_NO_PRIV
@ SYS_PROXYUSER_NO_PRIV
Definition: rodsErrorTable.h:106