CMS 3D CMS Logo
List of all members | Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends
cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes

struct  Permission
 

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 
 CredentialStore ()
 Standard Constructor. More...
 
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
 
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
 
std::pair< std::string, std::string > getUserCredentials (const std::string &connectionString, const std::string &role)
 
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
 import data More...
 
const std::string & keyPrincipalName ()
 
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
 
bool listPrincipals (std::vector< std::string > &destination)
 
std::string log ()
 
bool removeConnection (const std::string &connectionLabel)
 
bool removePrincipal (const std::string &principal)
 
bool resetAdmin (const std::string &userName, const std::string &password)
 
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
 
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
 
const std::string & serviceName ()
 
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
 
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
 
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters. More...
 
bool unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
 
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
 
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
 
virtual ~CredentialStore ()
 Standard Destructor. More...
 

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE
 

Private Member Functions

void closeSession (bool commit=true)
 
std::pair< std::string, std::string > openConnection (const std::string &connectionString)
 
void openSession (bool readOnly=true)
 
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
 
void startSession (bool readMode)
 
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
 

Private Attributes

std::shared_ptr< coral::IConnection > m_connection
 
auth::DecodingKey m_key
 
std::stringstream m_log
 
int m_principalId
 
std::string m_principalKey
 
const auth::ServiceCredentialsm_serviceData
 
std::string m_serviceName
 
std::shared_ptr< coral::ISession > m_session
 

Friends

class CSScopedSession
 

Detailed Description

Definition at line 78 of file CredentialStore.h.

Constructor & Destructor Documentation

◆ CredentialStore()

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 683 of file CredentialStore.cc.

684  : m_connection(),
685  m_session(),
686  m_principalId(-1),
687  m_principalKey(""),
688  m_serviceName(""),
689  m_serviceData(nullptr),
690  m_key(),
691  m_log() {}

◆ ~CredentialStore()

cond::CredentialStore::~CredentialStore ( )
virtual

Standard Destructor.

Definition at line 693 of file CredentialStore.cc.

693 {}

Member Function Documentation

◆ closeSession()

void cond::CredentialStore::closeSession ( bool  commit = true)
private

Definition at line 526 of file CredentialStore.cc.

526  {
527  if (m_session.get()) {
528  if (m_session->transaction().isActive()) {
529  if (commit) {
530  m_session->transaction().commit();
531  } else {
532  m_session->transaction().rollback();
533  }
534  }
535  m_session->endUserSession();
536  }
537  m_session.reset();
538  if (m_connection.get()) {
539  m_connection->disconnect();
540  }
541  m_connection.reset();
542  m_log << "Session has been closed." << std::endl;
543 }

◆ createSchema()

bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 753 of file CredentialStore.cc.

755  {
756  CSScopedSession session(*this);
757  session.startSuper(connectionString, userName, password);
758 
759  coral::ISchema& schema = m_session->nominalSchema();
760  if (schema.existsTable(COND_AUTHENTICATION_TABLE)) {
761  throwException("Credential database, already exists.", "CredentialStore::create");
762  }
763 
764  m_log << "Creating sequence table." << std::endl;
765  coral::TableDescription dseq;
766  dseq.setName(SEQUENCE_TABLE_NAME);
767 
768  dseq.insertColumn(SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>());
769  dseq.setNotNullConstraint(SEQUENCE_NAME_COL);
770  dseq.insertColumn(SEQUENCE_VALUE_COL, coral::AttributeSpecification::typeNameForType<int>());
771  dseq.setNotNullConstraint(SEQUENCE_VALUE_COL);
772  dseq.setPrimaryKey(std::vector<std::string>(1, SEQUENCE_NAME_COL));
773  schema.createTable(dseq);
774 
775  int columnSize = 2000;
776 
777  m_log << "Creating authentication table." << std::endl;
778  // authentication table
779  addSequence(schema, COND_AUTHENTICATION_TABLE);
780  coral::TableDescription descr0;
781  descr0.setName(COND_AUTHENTICATION_TABLE);
782  descr0.insertColumn(PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
783  descr0.insertColumn(
784  PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
785  descr0.insertColumn(
786  VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
787  descr0.insertColumn(
788  PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
789  descr0.insertColumn(ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
790  descr0.setNotNullConstraint(PRINCIPAL_ID_COL);
791  descr0.setNotNullConstraint(PRINCIPAL_NAME_COL);
792  descr0.setNotNullConstraint(VERIFICATION_COL);
793  descr0.setNotNullConstraint(PRINCIPAL_KEY_COL);
794  descr0.setNotNullConstraint(ADMIN_KEY_COL);
795  std::vector<std::string> columnsUnique;
796  columnsUnique.push_back(PRINCIPAL_NAME_COL);
797  descr0.setUniqueConstraint(columnsUnique);
798  std::vector<std::string> columnsForIndex;
799  columnsForIndex.push_back(PRINCIPAL_ID_COL);
800  descr0.setPrimaryKey(columnsForIndex);
801  schema.createTable(descr0);
802 
803  m_log << "Creating authorization table." << std::endl;
804  // authorization table
805  addSequence(schema, COND_AUTHORIZATION_TABLE);
806  coral::TableDescription descr1;
807  descr1.setName(COND_AUTHORIZATION_TABLE);
808  descr1.insertColumn(AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
809  descr1.insertColumn(P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
810  descr1.insertColumn(ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
811  descr1.insertColumn(SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
812  descr1.insertColumn(AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
813  descr1.insertColumn(C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
814  descr1.setNotNullConstraint(AUTH_ID_COL);
815  descr1.setNotNullConstraint(P_ID_COL);
816  descr1.setNotNullConstraint(ROLE_COL);
817  descr1.setNotNullConstraint(SCHEMA_COL);
818  descr1.setNotNullConstraint(AUTH_KEY_COL);
819  descr1.setNotNullConstraint(C_ID_COL);
820  columnsUnique.clear();
821  columnsUnique.push_back(P_ID_COL);
822  columnsUnique.push_back(ROLE_COL);
823  columnsUnique.push_back(SCHEMA_COL);
824  descr1.setUniqueConstraint(columnsUnique);
825  columnsForIndex.clear();
826  columnsForIndex.push_back(AUTH_ID_COL);
827  descr1.setPrimaryKey(columnsForIndex);
828  schema.createTable(descr1);
829 
830  m_log << "Creating credential table." << std::endl;
831  // credential table
832  addSequence(schema, COND_CREDENTIAL_TABLE);
833  coral::TableDescription descr2;
834  descr2.setName(COND_CREDENTIAL_TABLE);
835  descr2.insertColumn(CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
836  descr2.insertColumn(
837  CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
838  descr2.insertColumn(USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
839  descr2.insertColumn(PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
840  descr2.insertColumn(
841  VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
842  descr2.insertColumn(
843  CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
844  descr2.setNotNullConstraint(CONNECTION_ID_COL);
845  descr2.setNotNullConstraint(CONNECTION_LABEL_COL);
846  descr2.setNotNullConstraint(USERNAME_COL);
847  descr2.setNotNullConstraint(PASSWORD_COL);
848  descr2.setNotNullConstraint(VERIFICATION_KEY_COL);
849  descr2.setNotNullConstraint(CONNECTION_KEY_COL);
850  columnsUnique.clear();
851  columnsUnique.push_back(CONNECTION_LABEL_COL);
852  descr2.setUniqueConstraint(columnsUnique);
853  columnsForIndex.clear();
854  columnsForIndex.push_back(CONNECTION_ID_COL);
855  descr2.setPrimaryKey(columnsForIndex);
856  schema.createTable(descr2);
857 
858  try {
859  schema.tableHandle(COND_AUTHENTICATION_TABLE)
860  .privilegeManager()
861  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
862  schema.tableHandle(COND_AUTHORIZATION_TABLE)
863  .privilegeManager()
864  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
865  schema.tableHandle(COND_CREDENTIAL_TABLE)
866  .privilegeManager()
867  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
868  } catch (const coral::Exception& e) {
869  std::cout << "WARNING: Could not grant select access to user " << m_serviceData->userName << ": [" << e.what()
870  << "]" << std::endl;
871  }
872  m_log << "Granting ADMIN access permission." << std::endl;
873  auth::KeyGenerator gen;
874  m_principalKey = gen.make(auth::COND_DB_KEY_SIZE);
875  auto princData =
876  updatePrincipalData(schema, m_key.principalKey(), m_key.principalName(), m_principalKey, true, m_log);
877  std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
878  auto connParams =
879  updateConnectionData(schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
880  bool ret = setPermissionData(schema,
881  princData.first,
882  m_principalKey,
883  auth::COND_ADMIN_ROLE,
884  connectionString,
885  connParams.first,
886  connParams.second,
887  m_log);
888  session.close();
889  return ret;
890 }

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, gather_cfg::cout, MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE_NAME(), SEQUENCE_VALUE_COL(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), cond::updatePrincipalData(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

◆ drop()

bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 892 of file CredentialStore.cc.

894  {
895  CSScopedSession session(*this);
896  session.startSuper(connectionString, userName, password);
897 
898  m_log << "Dropping AUTHORIZATION, CREDENTIAL, AUTHENTICATION and SEQUENCE tables." << std::endl;
899  coral::ISchema& schema = m_session->nominalSchema();
900  schema.dropIfExistsTable(COND_AUTHORIZATION_TABLE);
901  schema.dropIfExistsTable(COND_CREDENTIAL_TABLE);
902  schema.dropIfExistsTable(COND_AUTHENTICATION_TABLE);
903  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
904  session.close();
905  return true;
906 }

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), l1RCTOmdsFedVectorProducer_cfi::connectionString, EcalCondDBWriter_cfi::password, SEQUENCE_TABLE_NAME(), cond::CSScopedSession::startSuper(), and EcalCondDBWriter_cfi::userName.

◆ exportAll()

bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1427 of file CredentialStore.cc.

1427  {
1428  CSScopedSession session(*this);
1429  session.start(true);
1430  coral::ISchema& schema = m_session->nominalSchema();
1431  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1432  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1433  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1434  coral::AttributeList readBuff;
1435  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1436  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1437  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1438  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1439  readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
1440  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1441  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1442  coral::AttributeList whereData;
1443  std::stringstream whereClause;
1444  whereClause << "AUTHO." << C_ID_COL << "="
1445  << "CREDS." << CONNECTION_ID_COL;
1446 
1447  query->defineOutput(readBuff);
1448  query->addToOutputList("AUTHO." + ROLE_COL);
1449  query->addToOutputList("AUTHO." + SCHEMA_COL);
1450  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1451  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1452  query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
1453  query->addToOutputList("CREDS." + USERNAME_COL);
1454  query->addToOutputList("CREDS." + PASSWORD_COL);
1455  query->setCondition(whereClause.str(), whereData);
1456  coral::ICursor& cursor = query->execute();
1457  bool found = false;
1458  auth::Cipher cipher0(m_principalKey);
1459  while (cursor.next()) {
1460  const coral::AttributeList& row = cursor.currentRow();
1461  const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
1462  const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1463  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1464  const std::string& encryptedVerifKey = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
1465  const std::string& encryptedConnection = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
1466  std::string userName("");
1467  std::string password("");
1468  std::string connectionKey = cipher0.b64decrypt(encryptedConnection);
1469  auth::Cipher cipher1(connectionKey);
1470  std::string verifKey = cipher1.b64decrypt(encryptedVerifKey);
1471  if (verifKey == connectionLabel) {
1472  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1473  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1474  userName = cipher1.b64decrypt(encryptedUserName);
1475  password = cipher1.b64decrypt(encryptedPassword);
1476  }
1477  data.registerCredentials(connectionString, role, userName, password);
1478  found = true;
1479  }
1480  session.close();
1481  return found;
1482 }

References cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, data, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

◆ getUserCredentials()

std::pair< std::string, std::string > cond::CredentialStore::getUserCredentials ( const std::string &  connectionString,
const std::string &  role 
)

Definition at line 1197 of file CredentialStore.cc.

1198  {
1199  CSScopedSession session(*this);
1200  session.start(true);
1201  coral::ISchema& schema = m_session->nominalSchema();
1202 
1203  auth::Cipher cipher(m_principalKey);
1204 
1205  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1206  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1207  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1208  coral::AttributeList readBuff;
1209  readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
1210  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1211  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1212  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1213  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1214  coral::AttributeList whereData;
1215  whereData.extend<int>(P_ID_COL);
1216  whereData.extend<std::string>(SCHEMA_COL);
1217  whereData.extend<std::string>(ROLE_COL);
1218  whereData[P_ID_COL].data<int>() = m_principalId;
1219  whereData[SCHEMA_COL].data<std::string>() = connectionString;
1220  whereData[ROLE_COL].data<std::string>() = role;
1221  std::stringstream whereClause;
1222  whereClause << "AUTHO." << C_ID_COL << "="
1223  << "CREDS." << CONNECTION_ID_COL;
1224  whereClause << " AND "
1225  << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
1226  whereClause << " AND "
1227  << "AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
1228  whereClause << " AND "
1229  << "AUTHO." << ROLE_COL << " = :" << ROLE_COL;
1230  query->defineOutput(readBuff);
1231  query->addToOutputList("AUTHO." + AUTH_KEY_COL);
1232  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1233  query->addToOutputList("CREDS." + USERNAME_COL);
1234  query->addToOutputList("CREDS." + PASSWORD_COL);
1235  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1236  query->setCondition(whereClause.str(), whereData);
1237  coral::ICursor& cursor = query->execute();
1238  auto ret = std::make_pair(std::string(""), std::string(""));
1239  if (cursor.next()) {
1240  const coral::AttributeList& row = cursor.currentRow();
1241  const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
1242  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1243  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1244  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1245  const std::string& encryptedLabel = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
1246  std::string authKey = cipher.b64decrypt(encryptedAuthKey);
1247  auth::Cipher connCipher(authKey);
1248  if (connCipher.b64decrypt(encryptedLabel) == connectionLabel) {
1249  ret.first = connCipher.b64decrypt(encryptedUserName);
1250  ret.second = connCipher.b64decrypt(encryptedPassword);
1251  }
1252  }
1253  session.close();
1254  return ret;
1255 }

References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::getDbCredentials().

◆ importForPrincipal()

bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data,
bool  forceUpdateConnection = false 
)

import data

Definition at line 1257 of file CredentialStore.cc.

1259  {
1260  CSScopedSession session(*this);
1261  session.start(false);
1262  coral::ISchema& schema = m_session->nominalSchema();
1263 
1264  PrincipalData princData;
1265  bool found = selectPrincipal(schema, principal, princData);
1266 
1267  if (!found) {
1268  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1269  throwException(msg, "CredentialStore::importForPrincipal");
1270  }
1271 
1272  bool imported = false;
1273  auth::Cipher cipher(m_principalKey);
1274  std::string princKey = cipher.b64decrypt(princData.adminKey);
1275 
1276  const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& creds = dataSource.data();
1277  for (std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>::const_iterator iConn =
1278  creds.begin();
1279  iConn != creds.end();
1280  ++iConn) {
1281  const std::string& connectionString = iConn->first.first;
1282  coral::URIParser parser;
1283  parser.setURI(connectionString);
1284  std::string serviceName = parser.hostName();
1285  const std::string& role = iConn->first.second;
1286  std::string userName = iConn->second->valueForItem(coral::IAuthenticationCredentials::userItem());
1287  std::string password = iConn->second->valueForItem(coral::IAuthenticationCredentials::passwordItem());
1288  // first import the connections
1289  std::pair<int, std::string> conn = updateConnectionData(
1290  schema, m_principalKey, schemaLabel(serviceName, userName), userName, password, forceUpdateConnection, m_log);
1291  auth::Cipher cipher(m_principalKey);
1292  // than set the permission for the specific role
1293  setPermissionData(schema, princData.id, princKey, role, connectionString, conn.first, conn.second, m_log);
1294  imported = true;
1295  }
1296  session.close();
1297  return imported;
1298 }

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), SiStripCommissioningClient_cfg::conn, l1RCTOmdsFedVectorProducer_cfi::connectionString, L1TdeStage2CaloLayer1_cfi::dataSource, newFWLiteAna::found, cond::PrincipalData::id, genParticles_cff::map, mps_check::msg, writedatasetfile::parser, EcalCondDBWriter_cfi::password, cond::schemaLabel(), cond::selectPrincipal(), serviceName, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

◆ keyPrincipalName()

const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1486 of file CredentialStore.cc.

1486 { return m_key.principalName(); }

◆ listConnections()

bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1321 of file CredentialStore.cc.

1321  {
1322  CSScopedSession session(*this);
1323  session.start(true);
1324  coral::ISchema& schema = m_session->nominalSchema();
1325 
1326  std::unique_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
1327  coral::AttributeList readBuff;
1328  readBuff.extend<std::string>(CONNECTION_LABEL_COL);
1329  readBuff.extend<std::string>(USERNAME_COL);
1330  readBuff.extend<std::string>(PASSWORD_COL);
1331  readBuff.extend<std::string>(VERIFICATION_KEY_COL);
1332  readBuff.extend<std::string>(CONNECTION_KEY_COL);
1333  query->defineOutput(readBuff);
1334  query->addToOutputList(CONNECTION_LABEL_COL);
1335  query->addToOutputList(USERNAME_COL);
1336  query->addToOutputList(PASSWORD_COL);
1337  query->addToOutputList(VERIFICATION_KEY_COL);
1338  query->addToOutputList(CONNECTION_KEY_COL);
1339  coral::ICursor& cursor = query->execute();
1340  bool found = false;
1341  auth::Cipher cipher0(m_principalKey);
1342  while (cursor.next()) {
1343  std::string userName("");
1344  std::string password("");
1345  const coral::AttributeList& row = cursor.currentRow();
1346  const std::string& connLabel = row[CONNECTION_LABEL_COL].data<std::string>();
1347  const std::string& encryptedKey = row[CONNECTION_KEY_COL].data<std::string>();
1348  const std::string& encryptedVerif = row[VERIFICATION_KEY_COL].data<std::string>();
1349  std::string connKey = cipher0.b64decrypt(encryptedKey);
1350  auth::Cipher cipher1(connKey);
1351  std::string verif = cipher1.b64decrypt(encryptedVerif);
1352  if (verif == connLabel) {
1353  const std::string& encryptedUserName = row[USERNAME_COL].data<std::string>();
1354  const std::string& encryptedPassword = row[PASSWORD_COL].data<std::string>();
1355  userName = cipher1.b64decrypt(encryptedUserName);
1356  password = cipher1.b64decrypt(encryptedPassword);
1357  }
1358  destination.insert(std::make_pair(connLabel, std::make_pair(userName, password)));
1359  found = true;
1360  }
1361  session.close();
1362  return found;
1363 }

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

◆ listPrincipals()

bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1300 of file CredentialStore.cc.

1300  {
1301  CSScopedSession session(*this);
1302  session.start(true);
1303  coral::ISchema& schema = m_session->nominalSchema();
1304 
1305  std::unique_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
1306  coral::AttributeList readBuff;
1307  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1308  query->defineOutput(readBuff);
1309  query->addToOutputList(PRINCIPAL_NAME_COL);
1310  coral::ICursor& cursor = query->execute();
1311  bool found = false;
1312  while (cursor.next()) {
1313  found = true;
1314  const coral::AttributeList& row = cursor.currentRow();
1315  destination.push_back(row[PRINCIPAL_NAME_COL].data<std::string>());
1316  }
1317  session.close();
1318  return found;
1319 }

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, PRINCIPAL_NAME_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

◆ log()

std::string cond::CredentialStore::log ( )

Definition at line 1488 of file CredentialStore.cc.

1488 { return m_log.str(); }

Referenced by personalPlayback.Playback::do_create_lumi(), personalPlayback.Playback::do_exec(), personalPlayback.FrameworkJob::do_exec(), conddbCopyTest.CopyTest::execute(), personalPlayback.FrameworkJob::start_run(), and conditionUploadTest.UploadTest::upload().

◆ openConnection()

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString)
private

Definition at line 545 of file CredentialStore.cc.

545  {
546  coral::IHandle<coral::IRelationalService> relationalService =
547  coral::Context::instance().query<coral::IRelationalService>();
548  if (!relationalService.isValid()) {
549  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
550  relationalService = coral::Context::instance().query<coral::IRelationalService>();
551  }
552  coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
553  std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
554  m_connection.reset(domain.newConnection(connTokens.first));
555  m_connection->connect();
556  return connTokens;
557 }

References l1RCTOmdsFedVectorProducer_cfi::connectionString, and instance.

◆ openSession() [1/2]

void cond::CredentialStore::openSession ( bool  readOnly = true)
private

◆ openSession() [2/2]

void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
)
private

Definition at line 559 of file CredentialStore.cc.

562  {
563  coral::AccessMode accessMode = coral::ReadOnly;
564  if (!readMode)
565  accessMode = coral::Update;
566  m_session.reset(m_connection->newSession(schemaName, accessMode));
567  m_session->startUserSession(userName, password);
568  // open read-only transaction
569  m_session->transaction().start(readMode);
570  m_log << "New session opened." << std::endl;
571 }

References EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

◆ removeConnection()

bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1106 of file CredentialStore.cc.

1106  {
1107  CSScopedSession session(*this);
1108  session.start(false);
1109  coral::ISchema& schema = m_session->nominalSchema();
1110 
1111  CredentialData credsData;
1112  bool found = selectConnection(schema, connectionLabel, credsData);
1113 
1114  if (!found) {
1115  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1116  throwException(msg, "CredentialStore::removeConnection");
1117  }
1118 
1119  m_log << "Removing connection " << connectionLabel << std::endl;
1120  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1121 
1122  coral::AttributeList deleteData0;
1123  deleteData0.extend<int>(C_ID_COL);
1124  deleteData0[C_ID_COL].data<int>() = credsData.id;
1125  std::string whereClause0 = C_ID_COL + " = :" + C_ID_COL;
1126  editor0.deleteRows(whereClause0, deleteData0);
1127 
1128  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
1129 
1130  coral::AttributeList deleteData1;
1131  deleteData1.extend<int>(CONNECTION_ID_COL);
1132  deleteData1[CONNECTION_ID_COL].data<int>() = credsData.id;
1133  std::string whereClause1 = CONNECTION_ID_COL + " = :" + CONNECTION_ID_COL;
1134  editor1.deleteRows(whereClause1, deleteData1);
1135 
1136  session.close();
1137 
1138  return true;
1139 }

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), newFWLiteAna::found, cond::CredentialData::id, mps_check::msg, cond::selectConnection(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ removePrincipal()

bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1070 of file CredentialStore.cc.

1070  {
1071  CSScopedSession session(*this);
1072  session.start(false);
1073  coral::ISchema& schema = m_session->nominalSchema();
1074 
1075  PrincipalData princData;
1076  bool found = selectPrincipal(schema, principal, princData);
1077 
1078  if (!found) {
1079  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1080  throwException(msg, "CredentialStore::removePrincipal");
1081  }
1082 
1083  m_log << "Removing principal " << principal << " (id: " << princData.id << ")" << std::endl;
1084 
1085  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1086 
1087  coral::AttributeList deleteData0;
1088  deleteData0.extend<int>(P_ID_COL);
1089  deleteData0[P_ID_COL].data<int>() = princData.id;
1090  std::string whereClause0 = P_ID_COL + " = :" + P_ID_COL;
1091  editor0.deleteRows(whereClause0, deleteData0);
1092 
1093  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
1094 
1095  coral::AttributeList deleteData1;
1096  deleteData1.extend<int>(PRINCIPAL_ID_COL);
1097  deleteData1[PRINCIPAL_ID_COL].data<int>() = princData.id;
1098  std::string whereClause1 = PRINCIPAL_ID_COL + " = :" + PRINCIPAL_ID_COL;
1099  editor1.deleteRows(whereClause1, deleteData1);
1100 
1101  session.close();
1102 
1103  return true;
1104 }

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ resetAdmin()

bool cond::CredentialStore::resetAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 908 of file CredentialStore.cc.

908  {
909  if (!m_serviceData) {
910  throwException("The credential store has not been initialized.", "cond::CredentialStore::installAdmin");
911  }
912  const std::string& connectionString = m_serviceData->connectionString;
913 
914  CSScopedSession session(*this);
915  session.startSuper(connectionString, userName, password);
916 
917  coral::ISchema& schema = m_session->nominalSchema();
918  const std::string& principalName = m_key.principalName();
919  const std::string& authenticationKey = m_key.principalKey();
920  PrincipalData princData;
921  if (!selectPrincipal(schema, principalName, princData)) {
922  std::string msg("User \"");
923  msg += principalName + "\" has not been found.";
924  throwException(msg, "CredentialStore::resetAdmin");
925  }
926  auth::Cipher cipher0(authenticationKey);
927  m_principalKey = cipher0.b64decrypt(princData.principalKey);
928 
929  auto p = updatePrincipalData(schema, authenticationKey, principalName, m_principalKey, false, m_log);
930  std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
931  auto connParams =
932  updateConnectionData(schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
933  bool ret = setPermissionData(schema,
934  p.first,
935  m_principalKey,
936  auth::COND_ADMIN_ROLE,
937  connectionString,
938  connParams.first,
939  connParams.second,
940  m_log);
941  session.close();
942  return ret;
943 }

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, l1RCTOmdsFedVectorProducer_cfi::connectionString, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, EcalCondDBWriter_cfi::password, cond::PrincipalData::principalKey, runTheMatrix::ret, cond::schemaLabel(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), cond::updatePrincipalData(), and EcalCondDBWriter_cfi::userName.

◆ selectForUser()

bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1141 of file CredentialStore.cc.

1141  {
1142  CSScopedSession session(*this);
1143  session.start(true);
1144  coral::ISchema& schema = m_session->nominalSchema();
1145 
1146  auth::Cipher cipher(m_principalKey);
1147 
1148  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1149  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1150  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1151  coral::AttributeList readBuff;
1152  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1153  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1154  readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
1155  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1156  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1157  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1158  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1159  coral::AttributeList whereData;
1160  whereData.extend<int>(P_ID_COL);
1161  whereData[P_ID_COL].data<int>() = m_principalId;
1162  std::stringstream whereClause;
1163  whereClause << "AUTHO." << C_ID_COL << "="
1164  << "CREDS." << CONNECTION_ID_COL;
1165  whereClause << " AND "
1166  << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
1167  query->defineOutput(readBuff);
1168  query->addToOutputList("AUTHO." + ROLE_COL);
1169  query->addToOutputList("AUTHO." + SCHEMA_COL);
1170  query->addToOutputList("AUTHO." + AUTH_KEY_COL);
1171  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1172  query->addToOutputList("CREDS." + USERNAME_COL);
1173  query->addToOutputList("CREDS." + PASSWORD_COL);
1174  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1175  query->setCondition(whereClause.str(), whereData);
1176  coral::ICursor& cursor = query->execute();
1177  while (cursor.next()) {
1178  const coral::AttributeList& row = cursor.currentRow();
1179  const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
1180  const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1181  const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
1182  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1183  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1184  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1185  const std::string& encryptedLabel = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
1186  std::string authKey = cipher.b64decrypt(encryptedAuthKey);
1187  auth::Cipher connCipher(authKey);
1188  if (connCipher.b64decrypt(encryptedLabel) == connectionLabel) {
1189  destinationData.registerCredentials(
1190  connectionString, role, connCipher.b64decrypt(encryptedUserName), connCipher.b64decrypt(encryptedPassword));
1191  }
1192  }
1193  session.close();
1194  return true;
1195 }

References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

◆ selectPermissions()

bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1365 of file CredentialStore.cc.

1368  {
1369  CSScopedSession session(*this);
1370  session.start(true);
1371  coral::ISchema& schema = m_session->nominalSchema();
1372  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1373  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
1374  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1375  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1376  coral::AttributeList readBuff;
1377  readBuff.extend<std::string>("AUTHE." + PRINCIPAL_NAME_COL);
1378  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1379  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1380  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1381  coral::AttributeList whereData;
1382  std::stringstream whereClause;
1383  whereClause << "AUTHE." << PRINCIPAL_ID_COL << "= AUTHO." << P_ID_COL;
1384  whereClause << " AND AUTHO." << C_ID_COL << "="
1385  << "CREDS." << CONNECTION_ID_COL;
1386  if (!principalName.empty()) {
1387  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1388  whereData[PRINCIPAL_NAME_COL].data<std::string>() = principalName;
1389  whereClause << " AND AUTHE." << PRINCIPAL_NAME_COL << " = :" << PRINCIPAL_NAME_COL;
1390  }
1391  if (!role.empty()) {
1392  whereData.extend<std::string>(ROLE_COL);
1393  whereData[ROLE_COL].data<std::string>() = role;
1394  whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
1395  }
1396  if (!connectionString.empty()) {
1397  whereData.extend<std::string>(SCHEMA_COL);
1398  whereData[SCHEMA_COL].data<std::string>() = connectionString;
1399  whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
1400  }
1401 
1402  query->defineOutput(readBuff);
1403  query->addToOutputList("AUTHE." + PRINCIPAL_NAME_COL);
1404  query->addToOutputList("AUTHO." + ROLE_COL);
1405  query->addToOutputList("AUTHO." + SCHEMA_COL);
1406  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1407  query->setCondition(whereClause.str(), whereData);
1408  query->addToOrderList("AUTHO." + SCHEMA_COL);
1409  query->addToOrderList("AUTHE." + PRINCIPAL_NAME_COL);
1410  query->addToOrderList("AUTHO." + ROLE_COL);
1411  coral::ICursor& cursor = query->execute();
1412  bool found = false;
1413  while (cursor.next()) {
1414  const coral::AttributeList& row = cursor.currentRow();
1415  destination.resize(destination.size() + 1);
1416  Permission& perm = destination.back();
1417  perm.principalName = row["AUTHE." + PRINCIPAL_NAME_COL].data<std::string>();
1418  perm.role = row["AUTHO." + ROLE_COL].data<std::string>();
1419  perm.connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1420  perm.connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1421  found = true;
1422  }
1423  session.close();
1424  return found;
1425 }

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, l1RCTOmdsFedVectorProducer_cfi::connectionString, cond::CredentialStore::Permission::connectionString, HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, contentValuesFiles::query, cond::CredentialStore::Permission::role, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

◆ serviceName()

const std::string & cond::CredentialStore::serviceName ( )

Definition at line 1484 of file CredentialStore.cc.

1484 { return m_serviceName; }

◆ setPermission()

bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 981 of file CredentialStore.cc.

984  {
985  CSScopedSession session(*this);
986  session.start(false);
987 
988  coral::ISchema& schema = m_session->nominalSchema();
989 
990  PrincipalData princData;
991  bool found = selectPrincipal(schema, principal, princData);
992 
993  if (!found) {
994  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
995  throwException(msg, "CredentialStore::setPermission");
996  }
997 
998  m_log << "Principal " << principal << " id: " << princData.id << std::endl;
999  CredentialData credsData;
1000  found = selectConnection(schema, connectionLabel, credsData);
1001 
1002  if (!found) {
1003  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1004  throwException(msg, "CredentialStore::setPermission");
1005  }
1006 
1007  auth::Cipher cipher(m_principalKey);
1008  bool ret = setPermissionData(schema,
1009  princData.id,
1010  cipher.b64decrypt(princData.adminKey),
1011  role,
1012  connectionString,
1013  credsData.id,
1014  cipher.b64decrypt(credsData.connectionKey),
1015  m_log);
1016  session.close();
1017  return ret;
1018 }

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, l1RCTOmdsFedVectorProducer_cfi::connectionString, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, mps_check::msg, runTheMatrix::ret, cond::selectConnection(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ setUpForConnectionString()

std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 727 of file CredentialStore.cc.

728  {
729  coral::IHandle<coral::IRelationalService> relationalService =
730  coral::Context::instance().query<coral::IRelationalService>();
731  if (!relationalService.isValid()) {
732  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
733  relationalService = coral::Context::instance().query<coral::IRelationalService>();
734  }
735  coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
736  std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
737  std::string& serviceName = connTokens.first;
738  return setUpForService(serviceName, authPath);
739 }

References lumi_dqm_sourceclient-live_cfg::authPath, l1RCTOmdsFedVectorProducer_cfi::connectionString, instance, serviceName, and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::getDbCredentials().

◆ setUpForService()

std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 695 of file CredentialStore.cc.

695  {
696  if (serviceName.empty()) {
697  throwException("Service name has not been provided.", "cond::CredentialStore::setUpConnection");
698  }
699  m_serviceName.clear();
700  m_serviceData = nullptr;
701 
702  if (authPath.empty()) {
703  throwException("The authentication Path has not been provided.", "cond::CredentialStore::setUpForService");
704  }
705  std::filesystem::path fullPath(authPath);
706  if (!std::filesystem::exists(authPath) || !std::filesystem::is_directory(authPath)) {
707  throwException("Authentication Path is invalid.", "cond::CredentialStore::setUpForService");
708  }
709  std::filesystem::path file(auth::DecodingKey::FILE_PATH);
710  fullPath /= file;
711 
712  m_key.init(fullPath.string(), auth::COND_KEY);
713 
714  std::map<std::string, auth::ServiceCredentials>::const_iterator iK = m_key.services().find(serviceName);
715  if (iK == m_key.services().end()) {
716  std::string msg("");
717  msg += "Service \"" + serviceName + "\" can't be open with the current key.";
718  throwException(msg, "cond::CredentialStore::setUpConnection");
719  }
720  m_serviceName = serviceName;
721  m_serviceData = &iK->second;
722  m_log << "Opening Credential Store for service " << m_serviceName << " on " << m_serviceData->connectionString
723  << std::endl;
724  return m_serviceData->connectionString;
725 }

References lumi_dqm_sourceclient-live_cfg::authPath, cond::auth::COND_KEY, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, contentValuesFiles::fullPath, mps_check::msg, castor_dqm_sourceclient_file_cfg::path, serviceName, AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ startSession()

void cond::CredentialStore::startSession ( bool  readMode)
private

Definition at line 581 of file CredentialStore.cc.

581  {
582  if (!m_serviceData) {
583  throwException("The credential store has not been initialized.", "cond::CredentialStore::openConnection");
584  }
585  const std::string& storeConnectionString = m_serviceData->connectionString;
586 
587  std::pair<std::string, std::string> connTokens = openConnection(storeConnectionString);
588 
589  const std::string& userName = m_serviceData->userName;
590  const std::string& password = m_serviceData->password;
591 
592  openSession(connTokens.second, userName, password, true);
593 
594  coral::ISchema& schema = m_session->nominalSchema();
595  if (!schema.existsTable(COND_AUTHENTICATION_TABLE) || !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
596  !schema.existsTable(COND_CREDENTIAL_TABLE)) {
597  throwException("Credential database does not exists in \"" + storeConnectionString + "\"",
598  "CredentialStore::startSession");
599  }
600 
601  const std::string& principalName = m_key.principalName();
602  // now authenticate...
603  PrincipalData princData;
604  if (!selectPrincipal(m_session->nominalSchema(), principalName, princData)) {
605  throwException("Invalid credentials provided.(0)", "CredentialStore::startSession");
606  }
607  auth::Cipher cipher0(m_key.principalKey());
608  std::string verifStr = cipher0.b64decrypt(princData.verifKey);
609  if (verifStr != principalName) {
610  throwException("Invalid credentials provided (1)", "CredentialStore::startSession");
611  }
612  // ok, authenticated!
613  m_principalId = princData.id;
614  m_principalKey = cipher0.b64decrypt(princData.principalKey);
615 
616  if (!readMode) {
617  auth::Cipher cipher0(m_principalKey);
618  std::string adminKey = cipher0.b64decrypt(princData.adminKey);
619  if (adminKey != m_principalKey) {
620  // not admin user!
621  throwException("Provided credentials does not allow admin operation.", "CredentialStore::openSession");
622  }
623 
624  // first find the credentials for WRITING in the security tables
625  std::unique_ptr<coral::IQuery> query(schema.newQuery());
626  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
627  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
628  coral::AttributeList readBuff;
629  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
630  readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
631  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
632  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
633  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
634  coral::AttributeList whereData;
635  whereData.extend<int>(P_ID_COL);
636  whereData.extend<std::string>(ROLE_COL);
637  whereData.extend<std::string>(SCHEMA_COL);
638  whereData[P_ID_COL].data<int>() = m_principalId;
639  whereData[ROLE_COL].data<std::string>() = auth::COND_ADMIN_ROLE;
640  whereData[SCHEMA_COL].data<std::string>() = storeConnectionString;
641  std::stringstream whereClause;
642  whereClause << "AUTHO." << C_ID_COL << " = CREDS." << CONNECTION_ID_COL;
643  whereClause << " AND AUTHO." << P_ID_COL << " = :" << P_ID_COL;
644  whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
645  whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
646  query->defineOutput(readBuff);
647  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
648  query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
649  query->addToOutputList("CREDS." + USERNAME_COL);
650  query->addToOutputList("CREDS." + PASSWORD_COL);
651  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
652  query->setCondition(whereClause.str(), whereData);
653  coral::ICursor& cursor = query->execute();
654  bool found = false;
655  std::string writeUserName("");
656  std::string writePassword("");
657  if (cursor.next()) {
658  const coral::AttributeList& row = cursor.currentRow();
659  const std::string& connLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
660  const std::string& encryptedConnectionKey = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
661  std::string connectionKey = cipher0.b64decrypt(encryptedConnectionKey);
662  auth::Cipher cipher1(connectionKey);
663  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
664  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
665  const std::string& verificationKey = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
666  if (cipher1.b64decrypt(verificationKey) != connLabel) {
667  throwException("Could not decrypt credentials.Provided key is invalid.", "CredentialStore::startSession");
668  }
669  writeUserName = cipher1.b64decrypt(encryptedUserName);
670  writePassword = cipher1.b64decrypt(encryptedPassword);
671  found = true;
672  }
673  if (!found) {
674  throwException("Provided credentials are invalid for write access.", "CredentialStore::openSession");
675  }
676  m_session->transaction().commit();
677  m_session->endUserSession();
678  openSession(connTokens.second, writeUserName, writePassword, false);
679  }
680 }

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), cond::PrincipalData::principalKey, contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

◆ startSuperSession()

void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)
private

Definition at line 573 of file CredentialStore.cc.

575  {
576  std::pair<std::string, std::string> connTokens = openConnection(connectionString);
577  openSession(connTokens.second, userName, password, false);
578 }

References l1RCTOmdsFedVectorProducer_cfi::connectionString, EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

◆ unsetPermission()

bool cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 1020 of file CredentialStore.cc.

1022  {
1023  if (cond::auth::ROLES.find(role) == cond::auth::ROLES.end()) {
1024  throwException(std::string("Role ") + role + " does not exists.", "CredentialStore::unsetPermission");
1025  }
1026  CSScopedSession session(*this);
1027  session.start(false);
1028  coral::ISchema& schema = m_session->nominalSchema();
1029 
1030  PrincipalData princData;
1031  bool found = selectPrincipal(schema, principal, princData);
1032 
1033  if (!found) {
1034  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1035  throwException(msg, "CredentialStore::unsetPermission");
1036  }
1037  m_log << "Removing permission for principal " << principal << " (id: " << princData.id << ") to access resource "
1038  << connectionString << " with role " << role << std::endl;
1039  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1040  coral::AttributeList deleteData;
1041  deleteData.extend<int>(P_ID_COL);
1042  deleteData.extend<std::string>(ROLE_COL);
1043  deleteData.extend<std::string>(SCHEMA_COL);
1044  deleteData[P_ID_COL].data<int>() = princData.id;
1045  deleteData[ROLE_COL].data<std::string>() = role;
1046  deleteData[SCHEMA_COL].data<std::string>() = connectionString;
1047  std::stringstream whereClause;
1048  whereClause << P_ID_COL + " = :" + P_ID_COL;
1049  whereClause << " AND " << ROLE_COL << " = :" << ROLE_COL;
1050  whereClause << " AND " << SCHEMA_COL << " = :" << SCHEMA_COL;
1051  editor.deleteRows(whereClause.str(), deleteData);
1052  session.close();
1053  return true;
1054 }

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), l1RCTOmdsFedVectorProducer_cfi::connectionString, mps_fire::end, spr::find(), newFWLiteAna::found, cond::PrincipalData::id, mps_check::msg, P_ID_COL(), ROLE_COL(), cond::auth::ROLES, SCHEMA_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ updateConnection()

bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1056 of file CredentialStore.cc.

1058  {
1059  CSScopedSession session(*this);
1060  session.start(false);
1061 
1062  m_session->transaction().start();
1063  coral::ISchema& schema = m_session->nominalSchema();
1064  updateConnectionData(schema, m_principalKey, connectionLabel, userName, password, true, m_log);
1065 
1066  session.close();
1067  return true;
1068 }

References cond::CSScopedSession::close(), EcalCondDBWriter_cfi::password, cond::CSScopedSession::start(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

◆ updatePrincipal()

bool cond::CredentialStore::updatePrincipal ( const std::string &  principal,
const std::string &  principalKey,
bool  setAdmin = false 
)

Definition at line 945 of file CredentialStore.cc.

947  {
948  CSScopedSession session(*this);
949  session.start(false);
950  coral::ISchema& schema = m_session->nominalSchema();
951  auto princData = updatePrincipalData(schema, authenticationKey, principalName, m_principalKey, false, m_log);
952  bool ret = false;
953  if (setAdmin) {
954  int princId = princData.first;
955  std::string princKey = m_principalKey;
956  std::string connString = m_serviceData->connectionString;
957  std::vector<Permission> permissions;
958  if (!selectPermissions(m_key.principalName(), auth::COND_ADMIN_ROLE, connString, permissions)) {
959  throwException("The current operating user is not admin user on the underlying Credential Store.",
960  "CredentialStore::updatePrincipal");
961  }
962  std::string connLabel = permissions.front().connectionLabel;
963  CredentialData credsData;
964  if (!selectConnection(schema, connLabel, credsData)) {
965  throwException("Credential Store connection has not been defined.", "CredentialStore::updatePrincipal");
966  }
967  auth::Cipher adminCipher(m_principalKey);
968  ret = setPermissionData(schema,
969  princId,
970  princKey,
971  auth::COND_ADMIN_ROLE,
972  connString,
973  credsData.id,
974  adminCipher.b64decrypt(credsData.connectionKey),
975  m_log);
976  }
977  session.close();
978  return ret;
979 }

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::CredentialData::id, cmsHarvester::permissions, runTheMatrix::ret, cond::selectConnection(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().

Friends And Related Function Documentation

◆ CSScopedSession

friend class CSScopedSession
friend

Definition at line 151 of file CredentialStore.h.

Member Data Documentation

◆ DEFAULT_DATA_SOURCE

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE
static

Definition at line 81 of file CredentialStore.h.

◆ m_connection

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection
private

Definition at line 168 of file CredentialStore.h.

◆ m_key

auth::DecodingKey cond::CredentialStore::m_key
private

Definition at line 178 of file CredentialStore.h.

◆ m_log

std::stringstream cond::CredentialStore::m_log
private

Definition at line 180 of file CredentialStore.h.

◆ m_principalId

int cond::CredentialStore::m_principalId
private

Definition at line 171 of file CredentialStore.h.

◆ m_principalKey

std::string cond::CredentialStore::m_principalKey
private

Definition at line 173 of file CredentialStore.h.

◆ m_serviceData

const auth::ServiceCredentials* cond::CredentialStore::m_serviceData
private

Definition at line 176 of file CredentialStore.h.

◆ m_serviceName

std::string cond::CredentialStore::m_serviceName
private

Definition at line 175 of file CredentialStore.h.

◆ m_session

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session
private

Definition at line 169 of file CredentialStore.h.

runTheMatrix.ret
ret
prodAgent to be discontinued
Definition: runTheMatrix.py:367
lumi_dqm_sourceclient-live_cfg.authPath
authPath
Definition: lumi_dqm_sourceclient-live_cfg.py:33
ROLE_COL
static const std::string ROLE_COL("C_ROLE")
cond::CredentialStore::m_session
std::shared_ptr< coral::ISession > m_session
Definition: CredentialStore.h:169
SCHEMA_COL
static const std::string SCHEMA_COL("C_SCHEMA")
cond::auth::COND_ADMIN_ROLE
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:19
addSequence
void addSequence(coral::ISchema &schema, const std::string &name)
Definition: CredentialStore.cc:741
cond::CredentialStore::m_serviceData
const auth::ServiceCredentials * m_serviceData
Definition: CredentialStore.h:176
cond::updateConnectionData
std::pair< int, std::string > updateConnectionData(coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate, std::stringstream &log)
Definition: CredentialStore.cc:455
cond::auth::DecodingKey::principalName
const std::string & principalName() const
Definition: DecodingKey.h:94
C_ID_COL
static const std::string C_ID_COL("C_ID")
cond::CredentialStore::m_serviceName
std::string m_serviceName
Definition: CredentialStore.h:175
contentValuesFiles.fullPath
fullPath
Definition: contentValuesFiles.py:64
AlCaHLTBitMon_ParallelJobs.p
p
Definition: AlCaHLTBitMon_ParallelJobs.py:153
AUTH_KEY_COL
static const std::string AUTH_KEY_COL("CRED3")
PRINCIPAL_NAME_COL
static const std::string PRINCIPAL_NAME_COL("P_NAME")
cond::auth::ServiceCredentials::connectionString
std::string connectionString
Definition: DecodingKey.h:15
gather_cfg.cout
cout
Definition: gather_cfg.py:144
CONNECTION_LABEL_COL
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
SiStripCommissioningClient_cfg.conn
conn
Definition: SiStripCommissioningClient_cfg.py:5
VERIFICATION_KEY_COL
static const std::string VERIFICATION_KEY_COL("CRED6")
writedatasetfile.parser
parser
Definition: writedatasetfile.py:7
cond::CredentialStore::m_key
auth::DecodingKey m_key
Definition: CredentialStore.h:178
cond::CredentialStore::openConnection
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
Definition: CredentialStore.cc:545
mps_check.msg
tuple msg
Definition: mps_check.py:285
cond::auth::DecodingKey::init
size_t init(const std::string &keyFileName, const std::string &password, bool readMode=true)
Definition: DecodingKey.cc:111
spr::find
void find(edm::Handle< EcalRecHitCollection > &hits, DetId thisDet, std::vector< EcalRecHitCollection::const_iterator > &hit, bool debug=false)
Definition: FindCaloHit.cc:19
newFWLiteAna.found
found
Definition: newFWLiteAna.py:118
ADMIN_KEY_COL
static const std::string ADMIN_KEY_COL("CRED2")
COND_AUTHORIZATION_TABLE
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
EcalCondDBWriter_cfi.userName
userName
Definition: EcalCondDBWriter_cfi.py:61
CONNECTION_KEY_COL
static const std::string CONNECTION_KEY_COL("CRED7")
cond::updatePrincipalData
std::pair< int, std::string > updatePrincipalData(coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init, std::stringstream &log)
Definition: CredentialStore.cc:341
EcalCondDBWriter_cfi.password
password
Definition: EcalCondDBWriter_cfi.py:62
query
Definition: query.py:1
cmsHarvester.permissions
permissions
Definition: cmsHarvester.py:1650
cond::CredentialStore::setUpForService
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
Definition: CredentialStore.cc:695
SEQUENCE_NAME_COL
static const std::string SEQUENCE_NAME_COL("NAME")
mps_fire.end
end
Definition: mps_fire.py:242
USERNAME_COL
static const std::string USERNAME_COL("CRED4")
SEQUENCE_TABLE_NAME
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
cond::auth::DecodingKey::FILE_PATH
static constexpr const char *const FILE_PATH
Definition: DecodingKey.h:34
COND_CREDENTIAL_TABLE
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
gen
Definition: PythiaDecays.h:13
PASSWORD_COL
static const std::string PASSWORD_COL("CRED5")
CONNECTION_ID_COL
static const std::string CONNECTION_ID_COL("CONN_ID")
cond::CredentialStore::serviceName
const std::string & serviceName()
Definition: CredentialStore.cc:1484
AlCaHLTBitMon_QueryRunRegistry.string
string
Definition: AlCaHLTBitMon_QueryRunRegistry.py:256
cond::selectConnection
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
Definition: CredentialStore.cc:230
cond::auth::COND_KEY
static constexpr const char *const COND_KEY
Definition: Auth.h:28
L1TdeStage2CaloLayer1_cfi.dataSource
dataSource
Definition: L1TdeStage2CaloLayer1_cfi.py:5
coral_bridge::AuthenticationCredentialSet::registerCredentials
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:66
cond::CredentialStore::CSScopedSession
friend class CSScopedSession
Definition: CredentialStore.h:151
FrontierConditions_GlobalTag_cff.file
file
Definition: FrontierConditions_GlobalTag_cff.py:13
P_ID_COL
static const std::string P_ID_COL("P_ID")
cond::auth::ServiceCredentials::password
std::string password
Definition: DecodingKey.h:17
cond::CredentialStore::m_principalKey
std::string m_principalKey
Definition: CredentialStore.h:173
VERIFICATION_COL
static const std::string VERIFICATION_COL("CRED0")
cond::CredentialStore::m_principalId
int m_principalId
Definition: CredentialStore.h:171
instance
static PFTauRenderPlugin instance
Definition: PFTauRenderPlugin.cc:70
HLTMuonOfflineAnalyzer_cff.destination
destination
Definition: HLTMuonOfflineAnalyzer_cff.py:50
cond::setPermissionData
bool setPermissionData(coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
Definition: CredentialStore.cc:401
cond::selectPrincipal
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
Definition: CredentialStore.cc:191
cond::auth::DecodingKey::services
const std::map< std::string, ServiceCredentials > & services() const
Definition: DecodingKey.h:102
AUTH_ID_COL
static const std::string AUTH_ID_COL("AUTH_ID")
Exception
Definition: hltDiff.cc:246
PRINCIPAL_KEY_COL
static const std::string PRINCIPAL_KEY_COL("CRED1")
PRINCIPAL_ID_COL
static const std::string PRINCIPAL_ID_COL("P_ID")
cond::CredentialStore::m_log
std::stringstream m_log
Definition: CredentialStore.h:180
relval_steps.gen
def gen(fragment, howMuch)
Production test section ####.
Definition: relval_steps.py:509
data
char data[epos_bytes_allocation]
Definition: EPOS_Wrapper.h:79
cond::CredentialStore::selectPermissions
bool selectPermissions(const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
Definition: CredentialStore.cc:1365
cond::schemaLabel
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
Definition: CredentialStore.cc:154
cond::CredentialStore::m_connection
std::shared_ptr< coral::IConnection > m_connection
Definition: CredentialStore.h:168
contentValuesFiles.query
query
Definition: contentValuesFiles.py:38
castor_dqm_sourceclient_file_cfg.path
path
Definition: castor_dqm_sourceclient_file_cfg.py:37
genParticles_cff.map
map
Definition: genParticles_cff.py:11
cond::auth::ROLES
static const std::set< std::string > ROLES
Definition: Auth.h:21
l1RCTOmdsFedVectorProducer_cfi.connectionString
connectionString
Definition: l1RCTOmdsFedVectorProducer_cfi.py:4
SEQUENCE_VALUE_COL
static const std::string SEQUENCE_VALUE_COL("VALUE")
cond::auth::ServiceCredentials::userName
std::string userName
Definition: DecodingKey.h:16
cond::auth::COND_DB_KEY_SIZE
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:31
cond::CredentialStore::openSession
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
Definition: CredentialStore.cc:559
MillePedeFileConverter_cfg.e
e
Definition: MillePedeFileConverter_cfg.py:37
cond::throwException
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
COND_AUTHENTICATION_TABLE
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
cond::auth::DecodingKey::principalKey
const std::string & principalKey() const
Definition: DecodingKey.h:96
Generated for CMSSW Reference Manual by doxygen 1.8.16