-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathAuthMap.cpp
More file actions
396 lines (349 loc) · 14.2 KB
/
AuthMap.cpp
File metadata and controls
396 lines (349 loc) · 14.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
// Local private includes
#include "AuthMap.hpp"
#include "DatabaseAPI.hpp"
using namespace std;
namespace SDMS {
namespace Core {
AuthMap::AuthMap(const AuthMap &auth_map) {
m_trans_active_increment = auth_map.m_trans_active_increment;
m_session_active_increment = auth_map.m_session_active_increment;
auth_map.m_trans_clients_mtx.lock();
m_trans_auth_clients = auth_map.m_trans_auth_clients;
auth_map.m_trans_clients_mtx.unlock();
auth_map.m_session_clients_mtx.lock();
m_session_auth_clients = auth_map.m_session_auth_clients;
auth_map.m_session_clients_mtx.unlock();
auth_map.m_persistent_clients_mtx.lock();
m_persistent_auth_clients = auth_map.m_persistent_auth_clients;
auth_map.m_persistent_clients_mtx.unlock();
m_db_url = auth_map.m_db_url;
m_db_user = auth_map.m_db_user;
m_db_pass = auth_map.m_db_pass;
}
AuthMap &AuthMap::operator=(const AuthMap &&auth_map) {
m_trans_active_increment = auth_map.m_trans_active_increment;
m_session_active_increment = auth_map.m_session_active_increment;
auth_map.m_trans_clients_mtx.lock();
const auto trans = auth_map.m_trans_auth_clients;
auth_map.m_trans_clients_mtx.unlock();
m_trans_clients_mtx.lock();
m_trans_auth_clients = trans;
m_trans_clients_mtx.unlock();
auth_map.m_session_clients_mtx.lock();
const auto session = auth_map.m_session_auth_clients;
auth_map.m_session_clients_mtx.unlock();
m_session_clients_mtx.lock();
m_session_auth_clients = session;
m_session_clients_mtx.unlock();
auth_map.m_persistent_clients_mtx.lock();
const auto persistent = auth_map.m_persistent_auth_clients;
auth_map.m_persistent_clients_mtx.unlock();
m_persistent_clients_mtx.lock();
m_persistent_auth_clients = persistent;
m_persistent_clients_mtx.unlock();
m_db_url = auth_map.m_db_url;
m_db_user = auth_map.m_db_user;
m_db_pass = auth_map.m_db_pass;
return *this;
}
std::vector<std::string>
AuthMap::getExpiredKeys(const PublicKeyType pub_key_type,
const time_t threshold) const noexcept {
auto expiredKeys = [=](const AuthMap::client_map_t &client_map,
const time_t expire_time) -> std::vector<std::string> {
std::vector<std::string> expired_keys;
for (const auto &element : client_map) {
if (element.second.expiration_time >= expire_time) {
expired_keys.push_back(element.first);
}
}
return expired_keys;
};
if (PublicKeyType::TRANSIENT == pub_key_type) {
lock_guard<mutex> lock(m_trans_clients_mtx);
return expiredKeys(m_trans_auth_clients, threshold);
} else if (PublicKeyType::SESSION == pub_key_type) {
lock_guard<mutex> lock(m_session_clients_mtx);
return expiredKeys(m_session_auth_clients, threshold);
}
return std::vector<std::string>();
}
void AuthMap::removeKey(const PublicKeyType pub_key_type,
const std::string &pub_key) {
if (PublicKeyType::TRANSIENT == pub_key_type) {
lock_guard<mutex> lock(m_trans_clients_mtx);
if (m_trans_auth_clients.count(pub_key)) {
m_trans_auth_clients.erase(pub_key);
}
} else if (PublicKeyType::SESSION == pub_key_type) {
lock_guard<mutex> lock(m_session_clients_mtx);
if (m_session_auth_clients.count(pub_key)) {
m_session_auth_clients.erase(pub_key);
}
} else if (PublicKeyType::PERSISTENT == pub_key_type) {
lock_guard<mutex> lock(m_persistent_clients_mtx);
if (m_persistent_auth_clients.count(pub_key)) {
m_persistent_auth_clients.erase(pub_key);
}
} else {
EXCEPT(1, "Unsupported PublicKey Type during execution of removeKey.");
}
}
void AuthMap::resetKey(const PublicKeyType pub_key_type,
const std::string &public_key) {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
if (m_trans_auth_clients.count(public_key)) {
m_trans_auth_clients[public_key].expiration_time =
time(0) + m_trans_active_increment;
m_trans_auth_clients[public_key].access_count = 0;
} else {
EXCEPT(1, "Missing public key cannot reset transient expiration.");
}
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
if (m_session_auth_clients.count(public_key)) {
m_session_auth_clients[public_key].expiration_time =
time(0) + m_session_active_increment;
m_session_auth_clients[public_key].access_count = 0;
} else {
EXCEPT(1, "Missing public key cannot reset session expiration.");
}
} else {
EXCEPT(1, "Unsupported PublicKey Type during execution of resetKey.");
}
}
void AuthMap::addKey(const PublicKeyType pub_key_type,
const std::string &public_key, const std::string &id) {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
AuthElement element = {id, time(0) + m_trans_active_increment, 0};
m_trans_auth_clients[public_key] = element;
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
AuthElement element = {id, time(0) + m_session_active_increment, 0};
m_session_auth_clients[public_key] = element;
} else if (pub_key_type == PublicKeyType::PERSISTENT) {
lock_guard<mutex> lock(m_persistent_clients_mtx);
m_persistent_auth_clients[public_key] = id;
} else {
EXCEPT(1, "Unsupported PublicKey Type during execution of addKey.");
}
}
size_t AuthMap::size(const PublicKeyType pub_key_type) const {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
return m_trans_auth_clients.size();
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
return m_session_auth_clients.size();
} else {
// Don't support size of persistent keys
EXCEPT(1, "Unsupported PublicKey Type during execution of size.");
}
}
void AuthMap::incrementKeyAccessCounter(const PublicKeyType pub_key_type,
const std::string &public_key,
LogContext log_context) {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
if (m_trans_auth_clients.count(public_key)) {
m_trans_auth_clients.at(public_key).access_count++;
}
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
if (m_session_auth_clients.count(public_key)) {
m_session_auth_clients.at(public_key).access_count++;
}
}
}
bool AuthMap::hasKey(const PublicKeyType pub_key_type,
const std::string &public_key,
LogContext log_context) const {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
return m_trans_auth_clients.count(public_key) > 0;
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
return m_session_auth_clients.count(public_key) > 0;
} else if (pub_key_type == PublicKeyType::PERSISTENT) {
// Check to see if it is a repository key FIRST
{
lock_guard<mutex> lock(m_persistent_clients_mtx);
if (m_persistent_auth_clients.count(public_key) > 0) {
return true;
}
}
// Only check database for user keys if not found in memory
try {
DatabaseAPI db(m_db_url, m_db_user, m_db_pass);
std::string uid;
if (db.uidByPubKey(public_key, uid, log_context)) {
return true;
}
} catch (const std::exception& e) {
// Database is down, but we already checked memory map
// TODO: Caller should log this failure for monitoring/alerting
}
} else {
EXCEPT(1, "Unrecognized PublicKey Type during execution of hasKey.");
}
return false;
}
std::string AuthMap::getUID(const PublicKeyType pub_key_type,
const std::string &public_key,
LogContext log_context) const {
std::string uid = getUIDSafe(pub_key_type, public_key, log_context);
if (uid.empty()) {
if (pub_key_type == PublicKeyType::TRANSIENT) {
EXCEPT(1, "Missing transient public key unable to map to uid.");
} else if (pub_key_type == PublicKeyType::SESSION) {
EXCEPT(1, "Missing session public key unable to map to uid.");
} else if (pub_key_type == PublicKeyType::PERSISTENT) {
EXCEPT(1, "Missing persistent public key unable to map to user id or "
"repo id. Possibly, cannot connect to database.");
} else {
EXCEPT(1, "Unrecognized PublicKey Type during execution of getId.");
}
}
return uid;
}
std::string AuthMap::getUIDSafe(const PublicKeyType pub_key_type,
const std::string &public_key,
LogContext log_context) const {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
if (m_trans_auth_clients.count(public_key)) {
return m_trans_auth_clients.at(public_key).uid;
}
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
if (m_session_auth_clients.count(public_key)) {
return m_session_auth_clients.at(public_key).uid;
}
} else if (pub_key_type == PublicKeyType::PERSISTENT) {
// Check repository keys first (with proper locking)
{
lock_guard<mutex> lock(m_persistent_clients_mtx);
if (m_persistent_auth_clients.count(public_key)) {
return m_persistent_auth_clients.at(public_key);
}
}
// Check database for user keys
DatabaseAPI db(m_db_url, m_db_user, m_db_pass);
std::string uid;
if (db.uidByPubKey(public_key, uid, log_context)) {
return uid;
}
}
return ""; // Return empty string instead of throwing
}
bool AuthMap::hasKeyType(const PublicKeyType pub_key_type,
const std::string &public_key) const {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
return m_trans_auth_clients.count(public_key);
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
return m_session_auth_clients.count(public_key);
} else {
EXCEPT(1, "Unsupported PublicKey Type during execution of hasKeyType.");
}
}
void AuthMap::setAccessCount(const PublicKeyType pub_key_type,
const std::string &public_key,
const size_t count) {
if (pub_key_type == PublicKeyType::TRANSIENT) {
std::lock_guard<std::mutex> lock(m_trans_clients_mtx);
if (m_trans_auth_clients.count(public_key)) {
m_trans_auth_clients.at(public_key).access_count = count;
}
} else if (pub_key_type == PublicKeyType::SESSION) {
std::lock_guard<std::mutex> lock(m_session_clients_mtx);
if (m_session_auth_clients.count(public_key)) {
m_session_auth_clients.at(public_key).access_count = count;
}
} else {
EXCEPT(1, "Unsupported PublicKey Type during execution of setAccessCount.");
}
}
size_t AuthMap::getAccessCount(const PublicKeyType pub_key_type,
const std::string &public_key) const {
if (pub_key_type == PublicKeyType::TRANSIENT) {
lock_guard<mutex> lock(m_trans_clients_mtx);
if (m_trans_auth_clients.count(public_key)) {
return m_trans_auth_clients.at(public_key).access_count;
}
} else if (pub_key_type == PublicKeyType::SESSION) {
lock_guard<mutex> lock(m_session_clients_mtx);
if (m_session_auth_clients.count(public_key)) {
return m_session_auth_clients.at(public_key).access_count;
}
} else {
EXCEPT(1, "Unsupported PublicKey Type during execution of getAccessCount.");
}
return 0;
}
bool isSupportedMigration(const PublicKeyType from, const PublicKeyType to) {
// Only support the following migrations
// TRANSIENT -> SESSION
// SESSION -> PERSISTENT
if ((from == PublicKeyType::TRANSIENT && to == PublicKeyType::SESSION ) ||
(from == PublicKeyType::SESSION && to == PublicKeyType::PERSISTENT )) {
return true;
}
return false;
}
void AuthMap::migrateKey(const PublicKeyType from_type,
const PublicKeyType to_type,
const std::string &public_key,
const std::string &id) {
if( from_type == to_type ) {
return;
}
if ( ! isSupportedMigration(from_type, to_type) ) {
EXCEPT(1, "Unsupported key migration attempted, only allowed to migrate to TRANSIENT -> SESSION or SESSION -> PERSISTENT");
}
if (from_type == PublicKeyType::TRANSIENT) {
// TRANSIENT -> SESSION
std::lock_guard<std::mutex> lock_trans(m_trans_clients_mtx);
// Make sure TRANSIENT key exists before trying to remove it.
if (! m_trans_auth_clients.count(public_key)) {
EXCEPT(1, "Missing TRANSIENT key, unable to migrate key (TRANSIENT->SESSION)!");
}
std::lock_guard<std::mutex> lock_sess(m_session_clients_mtx);
m_trans_auth_clients.erase(public_key);
// Make sure SESSION key does not exist before trying to add it.
if ( m_session_auth_clients.count(public_key) == 0 ) {
AuthElement element = {id, time(0) + m_trans_active_increment, 0};
m_session_auth_clients[public_key] = element;
}
} else if (from_type == PublicKeyType::SESSION) {
// SESSION -> PERSISTENT
std::lock_guard<std::mutex> lock_sess(m_session_clients_mtx);
// Make sure SESSION key exists before trying to remove it.
if (! m_session_auth_clients.count(public_key)) {
EXCEPT(1, "Missing SESSION key, unable to migrate key (SESSION->PERSISTENT)!");
}
std::lock_guard<std::mutex> lock_pers(m_persistent_clients_mtx);
m_session_auth_clients.erase(public_key);
// Make sure PERSISTENT key does not exist before trying to add it.
if ( m_persistent_auth_clients.count(public_key) == 0 ) {
m_persistent_auth_clients[public_key] = id;
}
}
}
void AuthMap::clearTransientKeys() {
std::lock_guard<std::mutex> lock(m_trans_clients_mtx);
m_trans_auth_clients.clear();
}
void AuthMap::clearSessionKeys() {
std::lock_guard<std::mutex> lock(m_session_clients_mtx);
m_session_auth_clients.clear();
}
void AuthMap::clearAllNonPersistentKeys() {
clearTransientKeys();
clearSessionKeys();
}
} // namespace Core
} // namespace SDMS