CMS 3D CMS Logo

List of all members | Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends
cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes

struct  Permission
 

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 
 CredentialStore ()
 Standard Constructor. More...
 
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
 
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
 
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
 import data More...
 
const std::string & keyPrincipalName ()
 
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
 
bool listPrincipals (std::vector< std::string > &destination)
 
bool removeConnection (const std::string &connectionLabel)
 
bool removePrincipal (const std::string &principal)
 
bool resetAdmin (const std::string &userName, const std::string &password)
 
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
 
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
 
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
 
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
 
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters. More...
 
bool unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
 
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
 
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
 
virtual ~CredentialStore ()
 Standard Destructor. More...
 

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE
 

Private Member Functions

void closeSession (bool commit=true)
 
std::pair< std::string, std::string > openConnection (const std::string &connectionString)
 
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
 
void openSession (bool readOnly=true)
 
void startSession (bool readMode)
 
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
 

Private Attributes

std::shared_ptr< coral::IConnection > m_connection
 
auth::DecodingKey m_key
 
int m_principalId
 
std::string m_principalKey
 
const auth::ServiceCredentialsm_serviceData
 
std::string m_serviceName
 
std::shared_ptr< coral::ISession > m_session
 

Friends

class CSScopedSession
 

Detailed Description

Definition at line 83 of file CredentialStore.h.

Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 709 of file CredentialStore.cc.

709  :
710  m_connection(),
711  m_session(),
712  m_principalId(-1),
713  m_principalKey(""),
714  m_serviceName(""),
715  m_serviceData(nullptr),
716  m_key(){
717 }
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
const auth::ServiceCredentials * m_serviceData
cond::CredentialStore::~CredentialStore ( )
virtual

Standard Destructor.

Definition at line 719 of file CredentialStore.cc.

References AlCaHLTBitMon_QueryRunRegistry::string.

719  {
720 }

Member Function Documentation

void cond::CredentialStore::closeSession ( bool  commit = true)
private

Definition at line 548 of file CredentialStore.cc.

548  {
549 
550  if( m_session.get() ){
551  if(m_session->transaction().isActive()){
552  if( commit ){
553  m_session->transaction().commit();
554  } else {
555  m_session->transaction().rollback();
556  }
557  }
558  m_session->endUserSession();
559  }
560  m_session.reset();
561  if( m_connection.get() ){
562  m_connection->disconnect();
563  }
564  m_connection.reset();
565 }
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 781 of file CredentialStore.cc.

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), gather_cfg::cout, MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), m_key, m_principalKey, m_serviceData, m_serviceName, m_session, cond::auth::KeyGenerator::make(), P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), cond::auth::DecodingKey::principalKey(), cond::auth::DecodingKey::principalName(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE_NAME(), SEQUENCE_VALUE_COL(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), funct::true, cond::updateConnectionData(), cond::updatePrincipalData(), cond::auth::ServiceCredentials::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

781  {
782  CSScopedSession session( *this );
783  session.startSuper( connectionString, userName, password );
784 
785  coral::ISchema& schema = m_session->nominalSchema();
786  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
787  throwException("Credential database, already exists.","CredentialStore::create");
788  }
789 
790  coral::TableDescription dseq;
791  dseq.setName( SEQUENCE_TABLE_NAME );
792 
793  dseq.insertColumn( SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>() );
794  dseq.setNotNullConstraint( SEQUENCE_NAME_COL );
795  dseq.insertColumn( SEQUENCE_VALUE_COL,coral::AttributeSpecification::typeNameForType<int>() );
796  dseq.setNotNullConstraint( SEQUENCE_VALUE_COL );
797  dseq.setPrimaryKey( std::vector< std::string >( 1, SEQUENCE_NAME_COL ) );
798  schema.createTable( dseq );
799 
800  int columnSize = 2000;
801 
802  // authentication table
803 
805  coral::TableDescription descr0;
806  descr0.setName( COND_AUTHENTICATION_TABLE );
807  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
808  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
809  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
810  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
811  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
812  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
813  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
814  descr0.setNotNullConstraint( VERIFICATION_COL );
815  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
816  descr0.setNotNullConstraint( ADMIN_KEY_COL );
817  std::vector<std::string> columnsUnique;
818  columnsUnique.push_back( PRINCIPAL_NAME_COL);
819  descr0.setUniqueConstraint( columnsUnique );
820  std::vector<std::string> columnsForIndex;
821  columnsForIndex.push_back(PRINCIPAL_ID_COL);
822  descr0.setPrimaryKey( columnsForIndex );
823  schema.createTable( descr0 );
824 
825  // authorization table
827  coral::TableDescription descr1;
828  descr1.setName( COND_AUTHORIZATION_TABLE );
829  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
830  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
831  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
832  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
833  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
834  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
835  descr1.setNotNullConstraint( AUTH_ID_COL );
836  descr1.setNotNullConstraint( P_ID_COL );
837  descr1.setNotNullConstraint( ROLE_COL );
838  descr1.setNotNullConstraint( SCHEMA_COL );
839  descr1.setNotNullConstraint( AUTH_KEY_COL );
840  descr1.setNotNullConstraint( C_ID_COL );
841  columnsUnique.clear();
842  columnsUnique.push_back( P_ID_COL);
843  columnsUnique.push_back( ROLE_COL);
844  columnsUnique.push_back( SCHEMA_COL);
845  descr1.setUniqueConstraint( columnsUnique );
846  columnsForIndex.clear();
847  columnsForIndex.push_back(AUTH_ID_COL);
848  descr1.setPrimaryKey( columnsForIndex );
849  schema.createTable( descr1 );
850 
851  // credential table
853  coral::TableDescription descr2;
854  descr2.setName( COND_CREDENTIAL_TABLE );
855  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
856  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
857  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
858  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
859  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
860  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
861  descr2.setNotNullConstraint( CONNECTION_ID_COL );
862  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
863  descr2.setNotNullConstraint( USERNAME_COL );
864  descr2.setNotNullConstraint( PASSWORD_COL );
865  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
866  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
867  columnsUnique.clear();
868  columnsUnique.push_back( CONNECTION_LABEL_COL);
869  descr2.setUniqueConstraint( columnsUnique );
870  columnsForIndex.clear();
871  columnsForIndex.push_back(CONNECTION_ID_COL);
872  descr2.setPrimaryKey( columnsForIndex );
873  schema.createTable( descr2 );
874 
875  try{
876  schema.tableHandle( COND_AUTHENTICATION_TABLE ).privilegeManager().grantToUser( m_serviceData->userName, coral::ITablePrivilegeManager::Select );
877  schema.tableHandle( COND_AUTHORIZATION_TABLE ).privilegeManager().grantToUser( m_serviceData->userName, coral::ITablePrivilegeManager::Select );
878  schema.tableHandle( COND_CREDENTIAL_TABLE ).privilegeManager().grantToUser( m_serviceData->userName, coral::ITablePrivilegeManager::Select );
879  } catch ( const coral::Exception& e ){
880  std::cout <<"WARNING: Could not grant select access to user "<<m_serviceData->userName<<": ["<<e.what()<<"]"<<std::endl;
881  }
882  auth::KeyGenerator gen;
884  auto princData = updatePrincipalData( schema, m_key.principalKey(), m_key.principalName(), m_principalKey, true );
885  std::string credentialAccessLabel = schemaLabel( m_serviceName, userName );
886  auto connParams = updateConnectionData( schema, m_principalKey, credentialAccessLabel, userName, password, true );
887  bool ret = setPermissionData( schema, princData.first, m_principalKey, auth::COND_ADMIN_ROLE, connectionString, connParams.first, connParams.second );
888  session.close();
889  return ret;
890 }
std::pair< int, std::string > updatePrincipalData(coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init=false)
static const std::string SEQUENCE_VALUE_COL("VALUE")
std::pair< int, std::string > updateConnectionData(coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
static const std::string SEQUENCE_NAME_COL("NAME")
const std::string & principalName() const
Definition: DecodingKey.h:107
static const std::string USERNAME_COL("CRED4")
def gen(fragment, howMuch)
Production test section ####.
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
void addSequence(coral::ISchema &schema, const std::string &name)
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string P_ID_COL("P_ID")
const std::string & principalKey() const
Definition: DecodingKey.h:113
const auth::ServiceCredentials * m_serviceData
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
bool setPermissionData(coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
static const std::string AUTH_KEY_COL("CRED3")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 893 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), m_session, dataDML::schema, SEQUENCE_TABLE_NAME(), dataDML::session, and cond::CSScopedSession::startSuper().

893  {
894  CSScopedSession session( *this );
895  session.startSuper( connectionString, userName, password );
896 
897  coral::ISchema& schema = m_session->nominalSchema();
898  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
899  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
900  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
901  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
902  session.close();
903  return true;
904 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
friend class CSScopedSession
std::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1413 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1413  {
1414  CSScopedSession session( *this );
1415  session.start( true );
1416  coral::ISchema& schema = m_session->nominalSchema();
1417  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1418  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1419  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1420  coral::AttributeList readBuff;
1421  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1422  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1423  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1424  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1425  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
1426  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1427  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1428  coral::AttributeList whereData;
1429  std::stringstream whereClause;
1430  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1431 
1432  query->defineOutput(readBuff);
1433  query->addToOutputList( "AUTHO."+ROLE_COL );
1434  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1435  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1436  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1437  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
1438  query->addToOutputList( "CREDS."+USERNAME_COL );
1439  query->addToOutputList( "CREDS."+PASSWORD_COL );
1440  query->setCondition( whereClause.str(), whereData );
1441  coral::ICursor& cursor = query->execute();
1442  bool found = false;
1443  auth::Cipher cipher0( m_principalKey );
1444  while ( cursor.next() ) {
1445  const coral::AttributeList& row = cursor.currentRow();
1446  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1447  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1448  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1449  const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1450  const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
1451  std::string userName("");
1452  std::string password("");
1453  std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
1454  auth::Cipher cipher1( connectionKey );
1455  std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
1456  if( verifKey == connectionLabel ){
1457  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
1458  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
1459  userName = cipher1.b64decrypt( encryptedUserName );
1460  password = cipher1.b64decrypt( encryptedPassword );
1461  }
1462  data.registerCredentials( connectionString, role, userName, password );
1463  found = true;
1464  }
1465  session.close();
1466  return found;
1467 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
std::shared_ptr< coral::ISession > m_session
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data,
bool  forceUpdateConnection = false 
)

import data

Definition at line 1246 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), coral_bridge::AuthenticationCredentialSet::data(), runEdmFileComparison::found, cond::PrincipalData::id, m_principalKey, m_session, genParticles_cff::map, mps_check::msg, createfilelist::parser, dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updateConnectionData().

1248  {
1249  CSScopedSession session( *this );
1250  session.start( false );
1251  coral::ISchema& schema = m_session->nominalSchema();
1252 
1253  PrincipalData princData;
1254  bool found = selectPrincipal( schema, principal, princData );
1255 
1256  if( ! found ){
1257  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1258  throwException( msg, "CredentialStore::importForPrincipal");
1259  }
1260 
1261  bool imported = false;
1262  auth::Cipher cipher( m_principalKey );
1263  std::string princKey = cipher.b64decrypt( princData.adminKey);
1264 
1265  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
1266  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
1267  const std::string& connectionString = iConn->first.first;
1268  coral::URIParser parser;
1269  parser.setURI( connectionString );
1270  std::string serviceName = parser.hostName();
1271  const std::string& role = iConn->first.second;
1272  std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
1273  std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
1274  // first import the connections
1275  std::pair<int,std::string> conn = updateConnectionData( schema, m_principalKey, schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
1276  auth::Cipher cipher( m_principalKey );
1277  // than set the permission for the specific role
1278  setPermissionData( schema, princData.id, princKey, role, connectionString, conn.first, conn.second );
1279  imported = true;
1280  }
1281  session.close();
1282  return imported;
1283 }
std::pair< int, std::string > updateConnectionData(coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)
static const std::string serviceName
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
bool setPermissionData(coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1469 of file CredentialStore.cc.

References m_key, and cond::auth::DecodingKey::principalName().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

1469  {
1470  return m_key.principalName();
1471 }
const std::string & principalName() const
Definition: DecodingKey.h:107
auth::DecodingKey m_key
bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1308 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cmsStageWithFailover::destination, runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1308  {
1309  CSScopedSession session( *this );
1310  session.start( true );
1311  coral::ISchema& schema = m_session->nominalSchema();
1312 
1313  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
1314  coral::AttributeList readBuff;
1315  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
1316  readBuff.extend<std::string>( USERNAME_COL );
1317  readBuff.extend<std::string>( PASSWORD_COL );
1318  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
1319  readBuff.extend<std::string>( CONNECTION_KEY_COL );
1320  query->defineOutput(readBuff);
1321  query->addToOutputList( CONNECTION_LABEL_COL );
1322  query->addToOutputList( USERNAME_COL );
1323  query->addToOutputList( PASSWORD_COL );
1324  query->addToOutputList( VERIFICATION_KEY_COL );
1325  query->addToOutputList( CONNECTION_KEY_COL );
1326  coral::ICursor& cursor = query->execute();
1327  bool found = false;
1328  auth::Cipher cipher0(m_principalKey );
1329  while ( cursor.next() ) {
1330  std::string userName("");
1331  std::string password("");
1332  const coral::AttributeList& row = cursor.currentRow();
1333  const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
1334  const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
1335  const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
1336  std::string connKey = cipher0.b64decrypt( encryptedKey );
1337  auth::Cipher cipher1( connKey );
1338  std::string verif = cipher1.b64decrypt( encryptedVerif );
1339  if( verif == connLabel ){
1340  const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
1341  const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
1342  userName = cipher1.b64decrypt( encryptedUserName );
1343  password = cipher1.b64decrypt( encryptedPassword );
1344  }
1345  destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
1346  found = true;
1347  }
1348  session.close();
1349  return found;
1350 }
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
std::shared_ptr< coral::ISession > m_session
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1285 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), runEdmFileComparison::found, m_session, PRINCIPAL_NAME_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

1285  {
1286 
1287  CSScopedSession session( *this );
1288  session.start( true );
1289  coral::ISchema& schema = m_session->nominalSchema();
1290 
1291  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
1292  coral::AttributeList readBuff;
1293  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1294  query->defineOutput(readBuff);
1295  query->addToOutputList( PRINCIPAL_NAME_COL );
1296  coral::ICursor& cursor = query->execute();
1297  bool found = false;
1298  while ( cursor.next() ) {
1299  found = true;
1300  const coral::AttributeList& row = cursor.currentRow();
1301  destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
1302  }
1303  session.close();
1304  return found;
1305 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
def query(query_str, verbose=False)
Definition: das.py:5
Definition: query.py:1
friend class CSScopedSession
std::shared_ptr< coral::ISession > m_session
static const std::string PRINCIPAL_NAME_COL("P_NAME")
std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString)
private

Definition at line 567 of file CredentialStore.cc.

References instance.

567  {
568  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
569  if ( ! relationalService.isValid() ){
570  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
571  relationalService = coral::Context::instance().query<coral::IRelationalService>();
572  }
573  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
574  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
575  m_connection.reset( domain.newConnection( connTokens.first ) );
576  m_connection->connect();
577  return connTokens;
578 }
static PFTauRenderPlugin instance
std::shared_ptr< coral::IConnection > m_connection
void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
)
private

Definition at line 580 of file CredentialStore.cc.

References lumiQueryAPI::accessMode.

583  {
584  coral::AccessMode accessMode = coral::ReadOnly;
585  if( !readMode ) accessMode = coral::Update;
586  m_session.reset( m_connection->newSession( schemaName, accessMode) );
587  m_session->startUserSession( userName, password );
588  // open read-only transaction
589  m_session->transaction().start( readMode );
590 }
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
void cond::CredentialStore::openSession ( bool  readOnly = true)
private
bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1159 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), runEdmFileComparison::found, cond::CredentialData::id, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1159  {
1160  CSScopedSession session( *this );
1161  session.start( false );
1162  coral::ISchema& schema = m_session->nominalSchema();
1163 
1164  CredentialData credsData;
1165  bool found = selectConnection( schema, connectionLabel, credsData );
1166 
1167  if( ! found ){
1168  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1169  throwException( msg, "CredentialStore::removeConnection");
1170  }
1171 
1172  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1173 
1174  coral::AttributeList deleteData0;
1175  deleteData0.extend<int>( C_ID_COL );
1176  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
1177  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
1178  editor0.deleteRows( whereClause0 , deleteData0 );
1179 
1180  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
1181 
1182  coral::AttributeList deleteData1;
1183  deleteData1.extend<int>( CONNECTION_ID_COL );
1184  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
1185  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
1186  editor1.deleteRows( whereClause1 , deleteData1 );
1187 
1188  session.close();
1189 
1190  return true;
1191 }
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string C_ID_COL("C_ID")
bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1125 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), dataDML::schema, cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1125  {
1126  CSScopedSession session( *this );
1127  session.start( false );
1128  coral::ISchema& schema = m_session->nominalSchema();
1129 
1130  PrincipalData princData;
1131  bool found = selectPrincipal( schema, principal, princData );
1132 
1133  if( ! found ){
1134  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1135  throwException( msg, "CredentialStore::removePrincipal");
1136  }
1137 
1138  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1139 
1140  coral::AttributeList deleteData0;
1141  deleteData0.extend<int>( P_ID_COL );
1142  deleteData0[ P_ID_COL ].data<int>() = princData.id;
1143  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
1144  editor0.deleteRows( whereClause0 , deleteData0 );
1145 
1146  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
1147 
1148  coral::AttributeList deleteData1;
1149  deleteData1.extend<int>( PRINCIPAL_ID_COL );
1150  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
1151  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
1152  editor1.deleteRows( whereClause1 , deleteData1 );
1153 
1154  session.close();
1155 
1156  return true;
1157 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
static const std::string PRINCIPAL_ID_COL("P_ID")
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
bool cond::CredentialStore::resetAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 906 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::auth::ServiceCredentials::connectionString, m_key, m_principalKey, m_serviceData, m_serviceName, m_session, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, cond::auth::DecodingKey::principalKey(), cond::PrincipalData::principalKey, cond::auth::DecodingKey::principalName(), dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and cond::updatePrincipalData().

906  {
907  if(!m_serviceData){
908  throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );
909  }
910  const std::string& connectionString = m_serviceData->connectionString;
911 
912  CSScopedSession session( *this );
913  session.startSuper( connectionString, userName, password );
914 
915  coral::ISchema& schema = m_session->nominalSchema();
916  const std::string& principalName = m_key.principalName();
917  const std::string& authenticationKey = m_key.principalKey();
918  PrincipalData princData;
919  if(!selectPrincipal( schema, principalName, princData ) ) {
920  std::string msg("User \"");
921  msg += principalName + "\" has not been found.";
922  throwException(msg,"CredentialStore::resetAdmin");
923  }
924  auth::Cipher cipher0( authenticationKey );
925  m_principalKey = cipher0.b64decrypt( princData.principalKey );
926 
927  auto p = updatePrincipalData( schema, authenticationKey, principalName, m_principalKey );
928  std::string credentialAccessLabel = schemaLabel( m_serviceName, userName );
929  auto connParams = updateConnectionData( schema, m_principalKey, credentialAccessLabel, userName, password, true );
930  bool ret = setPermissionData( schema, p.first, m_principalKey, auth::COND_ADMIN_ROLE, connectionString, connParams.first, connParams.second );
931  session.close();
932  return ret;
933 }
std::pair< int, std::string > updatePrincipalData(coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init=false)
std::pair< int, std::string > updateConnectionData(coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
friend class CSScopedSession
const std::string & principalName() const
Definition: DecodingKey.h:107
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
auth::DecodingKey m_key
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
const std::string & principalKey() const
Definition: DecodingKey.h:113
const auth::ServiceCredentials * m_serviceData
bool setPermissionData(coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1193 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), m_principalId, m_principalKey, m_session, P_ID_COL(), PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

1193  {
1194  CSScopedSession session( *this );
1195  session.start( true );
1196  coral::ISchema& schema = m_session->nominalSchema();
1197 
1198  auth::Cipher cipher( m_principalKey );
1199 
1200  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1201  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1202  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1203  coral::AttributeList readBuff;
1204  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1205  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1206  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
1207  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1208  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1209  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1210  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1211  coral::AttributeList whereData;
1212  whereData.extend<int>(P_ID_COL);
1213  whereData[ P_ID_COL ].data<int>() = m_principalId;
1214  std::stringstream whereClause;
1215  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1216  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
1217  query->defineOutput(readBuff);
1218  query->addToOutputList( "AUTHO."+ROLE_COL );
1219  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1220  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
1221  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1222  query->addToOutputList( "CREDS."+USERNAME_COL );
1223  query->addToOutputList( "CREDS."+PASSWORD_COL );
1224  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1225  query->setCondition( whereClause.str(), whereData );
1226  coral::ICursor& cursor = query->execute();
1227  while ( cursor.next() ) {
1228  const coral::AttributeList& row = cursor.currentRow();
1229  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1230  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1231  const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
1232  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1233  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
1234  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
1235  const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1236  std::string authKey = cipher.b64decrypt( encryptedAuthKey );
1237  auth::Cipher connCipher( authKey );
1238  if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
1239  destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ), connCipher.b64decrypt( encryptedPassword ) );
1240  }
1241  }
1242  session.close();
1243  return true;
1244 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
std::shared_ptr< coral::ISession > m_session
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1352 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, runEdmFileComparison::found, m_session, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, das::query(), cond::CredentialStore::Permission::role, ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by updatePrincipal().

1355  {
1356  CSScopedSession session( *this );
1357  session.start( true );
1358  coral::ISchema& schema = m_session->nominalSchema();
1359  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1360  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
1361  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1362  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1363  coral::AttributeList readBuff;
1364  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
1365  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1366  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1367  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1368  coral::AttributeList whereData;
1369  std::stringstream whereClause;
1370  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
1371  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1372  if( !principalName.empty() ){
1373  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1374  whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
1375  whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
1376  }
1377  if( !role.empty() ){
1378  whereData.extend<std::string>(ROLE_COL);
1379  whereData[ ROLE_COL ].data<std::string>() = role;
1380  whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
1381  }
1382  if( !connectionString.empty() ){
1383  whereData.extend<std::string>(SCHEMA_COL);
1384  whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
1385  whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1386  }
1387 
1388  query->defineOutput(readBuff);
1389  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
1390  query->addToOutputList( "AUTHO."+ROLE_COL );
1391  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1392  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1393  query->setCondition( whereClause.str(), whereData );
1394  query->addToOrderList( "AUTHO."+SCHEMA_COL );
1395  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL );
1396  query->addToOrderList( "AUTHO."+ROLE_COL );
1397  coral::ICursor& cursor = query->execute();
1398  bool found = false;
1399  while ( cursor.next() ) {
1400  const coral::AttributeList& row = cursor.currentRow();
1401  destination.resize( destination.size()+1 );
1402  Permission& perm = destination.back();
1403  perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
1404  perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1405  perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1406  perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1407  found = true;
1408  }
1409  session.close();
1410  return found;
1411 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
Definition: query.py:1
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 1048 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, runEdmFileComparison::found, cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), cond::selectPrincipal(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1051  {
1052  CSScopedSession session( *this );
1053  session.start( false );
1054 
1055  coral::ISchema& schema = m_session->nominalSchema();
1056 
1057  PrincipalData princData;
1058  bool found = selectPrincipal( schema, principal, princData );
1059 
1060  if( ! found ){
1061  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1062  throwException( msg, "CredentialStore::setPermission");
1063  }
1064 
1065  CredentialData credsData;
1066  found = selectConnection( schema, connectionLabel, credsData );
1067 
1068  if( ! found ){
1069  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1070  throwException( msg, "CredentialStore::setPermission");
1071  }
1072 
1073  auth::Cipher cipher( m_principalKey );
1074  bool ret = setPermissionData( schema, princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
1075  session.close();
1076  return ret;
1077 }
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
bool setPermissionData(coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 755 of file CredentialStore.cc.

References instance, serviceName, setUpForService(), and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

756  {
757  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
758  if ( ! relationalService.isValid() ){
759  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
760  relationalService = coral::Context::instance().query<coral::IRelationalService>();
761  }
762  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
763  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
764  std::string& serviceName = connTokens.first;
765  return setUpForService( serviceName, authPath );
766 }
static PFTauRenderPlugin instance
static const std::string serviceName
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 723 of file CredentialStore.cc.

References cond::auth::COND_KEY, cond::auth::ServiceCredentials::connectionString, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, cond::auth::DecodingKey::init(), m_key, m_serviceData, m_serviceName, mps_check::msg, callgraph::path, serviceName, cond::auth::DecodingKey::services(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

Referenced by setUpForConnectionString().

724  {
725  if( serviceName.empty() ){
726  throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );
727  }
728  m_serviceName.clear();
729  m_serviceData = nullptr;
730 
731  if( authPath.empty() ){
732  throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
733  }
734  boost::filesystem::path fullPath( authPath );
735  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
736  throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
737  }
739  fullPath /= file;
740 
741  m_key.init( fullPath.string(), auth::COND_KEY );
742 
743  std::map< std::string, auth::ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
744  if( iK == m_key.services().end() ){
745  std::string msg("");
746  msg += "Service \""+serviceName+"\" can't be open with the current key.";
747  throwException( msg,"cond::CredentialStore::setUpConnection" );
748  }
750  m_serviceData = &iK->second;
752 }
size_t init(const std::string &keyFileName, const std::string &password, bool readMode=true)
Definition: DecodingKey.cc:109
const std::map< std::string, ServiceCredentials > & services() const
Definition: DecodingKey.h:131
static const std::string serviceName
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
auth::DecodingKey m_key
tuple msg
Definition: mps_check.py:277
static constexpr const char *const FILE_PATH
Definition: DecodingKey.h:39
const auth::ServiceCredentials * m_serviceData
static constexpr const char *const COND_KEY
Definition: Auth.h:22
void cond::CredentialStore::startSession ( bool  readMode)
private

Definition at line 600 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, das::query(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

600  {
601  if(!m_serviceData){
602  throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );
603  }
604  const std::string& storeConnectionString = m_serviceData->connectionString;
605 
606  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );
607 
608  const std::string& userName = m_serviceData->userName;
609  const std::string& password = m_serviceData->password;
610 
611  openSession( connTokens.second, userName, password, true );
612 
613  coral::ISchema& schema = m_session->nominalSchema();
614  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
615  !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
616  !schema.existsTable(COND_CREDENTIAL_TABLE) ){
617  throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
618  }
619 
620  const std::string& principalName = m_key.principalName();
621  // now authenticate...
622  PrincipalData princData;
623  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
624  throwException( "Invalid credentials provided.(0)",
625  "CredentialStore::startSession");
626  }
627  auth::Cipher cipher0( m_key.principalKey() );
628  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
629  if( verifStr != principalName ){
630  throwException( "Invalid credentials provided (1)",
631  "CredentialStore::startSession");
632  }
633  // ok, authenticated!
634  m_principalId = princData.id;
635  m_principalKey = cipher0.b64decrypt( princData.principalKey );
636 
637  if(!readMode ) {
638 
639  auth::Cipher cipher0( m_principalKey );
640  std::string adminKey = cipher0.b64decrypt( princData.adminKey );
641  if( adminKey != m_principalKey ){
642  // not admin user!
643  throwException( "Provided credentials does not allow admin operation.",
644  "CredentialStore::openSession");
645  }
646 
647  // first find the credentials for WRITING in the security tables
648  std::auto_ptr<coral::IQuery> query(schema.newQuery());
649  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
650  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
651  coral::AttributeList readBuff;
652  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
653  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
654  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
655  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
656  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
657  coral::AttributeList whereData;
658  whereData.extend<int>(P_ID_COL);
659  whereData.extend<std::string>(ROLE_COL);
660  whereData.extend<std::string>(SCHEMA_COL);
661  whereData[ P_ID_COL ].data<int>() = m_principalId;
662  whereData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
663  whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
664  std::stringstream whereClause;
665  whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
666  whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
667  whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
668  whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
669  query->defineOutput(readBuff);
670  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
671  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
672  query->addToOutputList( "CREDS."+USERNAME_COL );
673  query->addToOutputList( "CREDS."+PASSWORD_COL );
674  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
675  query->setCondition( whereClause.str(), whereData );
676  coral::ICursor& cursor = query->execute();
677  bool found = false;
678  std::string writeUserName("");
679  std::string writePassword("");
680  if ( cursor.next() ) {
681  const coral::AttributeList& row = cursor.currentRow();
682  const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
683  const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
684  std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
685  auth::Cipher cipher1( connectionKey );
686  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
687  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
688  const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
689  if( cipher1.b64decrypt( verificationKey ) != connLabel ){
690  throwException( "Could not decrypt credentials.Provided key is invalid.",
691  "CredentialStore::startSession");
692  }
693  writeUserName = cipher1.b64decrypt( encryptedUserName );
694  writePassword = cipher1.b64decrypt( encryptedPassword );
695  found = true;
696  }
697  if( ! found ){
698  throwException( "Provided credentials are invalid for write access.",
699  "CredentialStore::openSession");
700  }
701  m_session->transaction().commit();
702  m_session->endUserSession();
703  openSession( connTokens.second, writeUserName, writePassword, false );
704 
705  }
706 }
static const std::string ROLE_COL("C_ROLE")
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
const std::string & principalName() const
Definition: DecodingKey.h:107
static const std::string USERNAME_COL("CRED4")
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
static const std::string P_ID_COL("P_ID")
const std::string & principalKey() const
Definition: DecodingKey.h:113
const auth::ServiceCredentials * m_serviceData
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)
private

Definition at line 592 of file CredentialStore.cc.

594  {
595  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
596  openSession( connTokens.second, userName, password, false );
597 }
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
bool cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 1079 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1081  {
1082  CSScopedSession session( *this );
1083  session.start( false );
1084  coral::ISchema& schema = m_session->nominalSchema();
1085 
1086  PrincipalData princData;
1087  bool found = selectPrincipal( schema, principal, princData );
1088 
1089  if( ! found ){
1090  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1091  throwException( msg, "CredentialStore::unsetPermission");
1092  }
1093 
1094  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1095  coral::AttributeList deleteData;
1096  deleteData.extend<int>( P_ID_COL );
1097  deleteData.extend<std::string>( ROLE_COL );
1098  deleteData.extend<std::string>( SCHEMA_COL );
1099  deleteData[ P_ID_COL ].data<int>() = princData.id;
1100  deleteData[ ROLE_COL ].data<std::string>() = role;
1101  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
1102  std::stringstream whereClause;
1103  whereClause << P_ID_COL+" = :"+P_ID_COL;
1104  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
1105  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1106  editor.deleteRows( whereClause.str(), deleteData );
1107  session.close();
1108  return true;
1109 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1111 of file CredentialStore.cc.

References cond::CSScopedSession::close(), m_principalKey, m_session, dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and cond::updateConnectionData().

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

1113  {
1114  CSScopedSession session( *this );
1115  session.start( false );
1116 
1117  m_session->transaction().start();
1118  coral::ISchema& schema = m_session->nominalSchema();
1119  updateConnectionData( schema, m_principalKey, connectionLabel, userName, password, true );
1120 
1121  session.close();
1122  return true;
1123 }
std::pair< int, std::string > updateConnectionData(coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)
friend class CSScopedSession
std::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::updatePrincipal ( const std::string &  principalName,
const std::string &  authenticationKey,
bool  setAdmin = false 
)

bool cond::CredentialStore::installAdmin( const std::string& userName, const std::string& password ){ if(!m_serviceData){ throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" ); } const std::string& connectionString = m_serviceData->connectionString; const std::string& principalName = m_key.principalName();

CSScopedSession session( *this ); session.startSuper( connectionString, userName, password );

coral::ISchema& schema = m_session->nominalSchema();

PrincipalData princData; bool found = selectPrincipal( schema, principalName, princData );

if( found ){ std::string msg("Principal \""); msg += principalName + "" has been installed already."; throwException(msg,"CredentialStore::installAdmin"); }

auth::KeyGenerator gen; m_principalKey = gen.make( auth::COND_DB_KEY_SIZE );

coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

int principalId = -1; if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::installAdmin" );

auth::Cipher cipher0( m_key.principalKey() ); auth::Cipher cipher1( m_principalKey );

coral::AttributeList authData; editor0.rowBuffer(authData); authData[ PRINCIPAL_ID_COL ].data<int>() = principalId; authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName; authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName ); authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey ); authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey ); editor0.insertRow( authData );

std::string connLabel = schemaLabelForCredentialStore( connectionString ); auth::DecodingKey tmpKey; std::string connectionKey = gen.make( auth::COND_DB_KEY_SIZE ); std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );

auth::Cipher cipher2( connectionKey ); std::string encryptedUserName = cipher2.b64encrypt( userName ); std::string encryptedPassword = cipher2.b64encrypt( password ); std::string encryptedLabel = cipher2.b64encrypt( connLabel );

int connId = -1; if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::installAdmin" );

coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor(); coral::AttributeList connectionData; editor1.rowBuffer(connectionData); connectionData[ CONNECTION_ID_COL ].data<int>() = connId; connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel; connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName; connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword; connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel; connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey; editor1.insertRow( connectionData );

int authId = -1; if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, authId ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::installAdmin" );

coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor(); coral::AttributeList permissionData; editor2.rowBuffer(permissionData); permissionData[ AUTH_ID_COL ].data<int>() = authId; permissionData[ P_ID_COL ].data<int>() = principalId; permissionData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE; permissionData[ SCHEMA_COL ].data<std::string>() = connectionString; permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey; permissionData[ C_ID_COL ].data<int>() = connId; editor2.insertRow( permissionData );

session.close(); return true; }

Definition at line 1020 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::auth::ServiceCredentials::connectionString, cond::CredentialData::id, m_key, m_principalKey, m_serviceData, m_session, cond::auth::DecodingKey::principalName(), dataDML::schema, cond::selectConnection(), selectPermissions(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().

1022  {
1023  CSScopedSession session( *this );
1024  session.start( false );
1025  coral::ISchema& schema = m_session->nominalSchema();
1026  auto princData = updatePrincipalData( schema, m_principalKey, principalName, authenticationKey );
1027  bool ret = false;
1028  if(setAdmin){
1029  int princId = princData.first;
1030  std::string princKey = m_principalKey;
1032  std::vector<Permission> permissions;
1033  if( !selectPermissions( m_key.principalName(), auth::COND_ADMIN_ROLE, connString, permissions ) ){
1034  throwException("The current operating user is not admin user on the underlying Credential Store.","CredentialStore::updatePrincipal");
1035  }
1036  std::string connLabel = permissions.front().connectionLabel;
1037  CredentialData credsData;
1038  if(!selectConnection( schema, connLabel, credsData )){
1039  throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
1040  }
1041  auth::Cipher adminCipher( m_principalKey );
1042  ret = setPermissionData( schema, princId, princKey, auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
1043  }
1044  session.close();
1045  return ret;
1046 }
std::pair< int, std::string > updatePrincipalData(coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init=false)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
const std::string & principalName() const
Definition: DecodingKey.h:107
auth::DecodingKey m_key
bool selectPermissions(const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
std::shared_ptr< coral::ISession > m_session
const auth::ServiceCredentials * m_serviceData
bool setPermissionData(coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)

Friends And Related Function Documentation

friend class CSScopedSession
friend

Definition at line 144 of file CredentialStore.h.

Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE
static

Definition at line 87 of file CredentialStore.h.

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection
private

Definition at line 157 of file CredentialStore.h.

auth::DecodingKey cond::CredentialStore::m_key
private
int cond::CredentialStore::m_principalId
private

Definition at line 160 of file CredentialStore.h.

Referenced by selectForUser().

std::string cond::CredentialStore::m_principalKey
private
const auth::ServiceCredentials* cond::CredentialStore::m_serviceData
private

Definition at line 165 of file CredentialStore.h.

Referenced by createSchema(), resetAdmin(), setUpForService(), and updatePrincipal().

std::string cond::CredentialStore::m_serviceName
private

Definition at line 164 of file CredentialStore.h.

Referenced by createSchema(), resetAdmin(), and setUpForService().

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session
private