CMS 3D CMS Logo

List of all members | Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends
cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes

struct  Permission
 

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 
 CredentialStore ()
 Standard Constructor. More...
 
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
 
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
 
std::pair< std::string, std::string > getUserCredentials (const std::string &connectionString, const std::string &role)
 
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
 import data More...
 
const std::string & keyPrincipalName ()
 
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
 
bool listPrincipals (std::vector< std::string > &destination)
 
std::string log ()
 
bool removeConnection (const std::string &connectionLabel)
 
bool removePrincipal (const std::string &principal)
 
bool resetAdmin (const std::string &userName, const std::string &password)
 
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
 
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
 
const std::string & serviceName ()
 
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
 
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
 
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters. More...
 
bool unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
 
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
 
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
 
virtual ~CredentialStore ()
 Standard Destructor. More...
 

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE
 

Private Member Functions

void closeSession (bool commit=true)
 
std::pair< std::string, std::string > openConnection (const std::string &connectionString)
 
void openSession (bool readOnly=true)
 
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
 
void startSession (bool readMode)
 
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
 

Private Attributes

std::shared_ptr< coral::IConnection > m_connection
 
auth::DecodingKey m_key
 
std::stringstream m_log
 
int m_principalId
 
std::string m_principalKey
 
const auth::ServiceCredentialsm_serviceData
 
std::string m_serviceName
 
std::shared_ptr< coral::ISession > m_session
 

Friends

class CSScopedSession
 

Detailed Description

Definition at line 78 of file CredentialStore.h.

Constructor & Destructor Documentation

◆ CredentialStore()

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 716 of file CredentialStore.cc.

717  : m_connection(),
718  m_session(),
719  m_principalId(-1),
720  m_principalKey(""),
721  m_serviceName(""),
722  m_serviceData(nullptr),
723  m_key(),
724  m_log() {}

◆ ~CredentialStore()

cond::CredentialStore::~CredentialStore ( )
virtual

Standard Destructor.

Definition at line 726 of file CredentialStore.cc.

726 {}

Member Function Documentation

◆ closeSession()

void cond::CredentialStore::closeSession ( bool  commit = true)
private

Definition at line 557 of file CredentialStore.cc.

557  {
558  if (m_session.get()) {
559  if (m_session->transaction().isActive()) {
560  if (commit) {
561  m_session->transaction().commit();
562  } else {
563  m_session->transaction().rollback();
564  }
565  }
566  m_session->endUserSession();
567  }
568  m_session.reset();
569  if (m_connection.get()) {
570  m_connection->disconnect();
571  }
572  m_connection.reset();
573  m_log << "Session has been closed." << std::endl;
574 }

◆ createSchema()

bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 786 of file CredentialStore.cc.

788  {
789  CSScopedSession session(*this);
790  session.startSuper(connectionString, userName, password);
791 
792  coral::ISchema& schema = m_session->nominalSchema();
793  std::string authentication_table_name = tname(AUTHENTICATION_TABLE, m_key.version());
794  if (schema.existsTable(authentication_table_name)) {
795  throwException("Credential database, already exists.", "CredentialStore::create");
796  }
797 
798  m_log << "Creating sequence table." << std::endl;
799  std::string sequence_table_name = tname(SEQUENCE_TABLE, m_key.version());
800  coral::TableDescription dseq;
801  dseq.setName(sequence_table_name);
802  dseq.insertColumn(SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>());
803  dseq.setNotNullConstraint(SEQUENCE_NAME_COL);
804  dseq.insertColumn(SEQUENCE_VALUE_COL, coral::AttributeSpecification::typeNameForType<int>());
805  dseq.setNotNullConstraint(SEQUENCE_VALUE_COL);
806  dseq.setPrimaryKey(std::vector<std::string>(1, SEQUENCE_NAME_COL));
807  schema.createTable(dseq);
808 
809  int columnSize = 2000;
810 
811  m_log << "Creating authentication table." << std::endl;
812  // authentication table
813  addSequence(m_key.version(), schema, authentication_table_name);
814  coral::TableDescription descr0;
815  descr0.setName(authentication_table_name);
816  descr0.insertColumn(PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
817  descr0.insertColumn(
818  PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
819  descr0.insertColumn(
820  VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
821  descr0.insertColumn(
822  PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
823  descr0.insertColumn(ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
824  descr0.setNotNullConstraint(PRINCIPAL_ID_COL);
825  descr0.setNotNullConstraint(PRINCIPAL_NAME_COL);
826  descr0.setNotNullConstraint(VERIFICATION_COL);
827  descr0.setNotNullConstraint(PRINCIPAL_KEY_COL);
828  descr0.setNotNullConstraint(ADMIN_KEY_COL);
829  std::vector<std::string> columnsUnique;
830  columnsUnique.push_back(PRINCIPAL_NAME_COL);
831  descr0.setUniqueConstraint(columnsUnique);
832  std::vector<std::string> columnsForIndex;
833  columnsForIndex.push_back(PRINCIPAL_ID_COL);
834  descr0.setPrimaryKey(columnsForIndex);
835  schema.createTable(descr0);
836 
837  m_log << "Creating authorization table." << std::endl;
838  std::string authorization_table_name = tname(AUTHORIZATION_TABLE, m_key.version());
839  // authorization table
840  addSequence(m_key.version(), schema, authorization_table_name);
841  coral::TableDescription descr1;
842  descr1.setName(authorization_table_name);
843  descr1.insertColumn(AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
844  descr1.insertColumn(P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
845  descr1.insertColumn(ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
846  descr1.insertColumn(SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
847  descr1.insertColumn(AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
848  descr1.insertColumn(C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
849  descr1.setNotNullConstraint(AUTH_ID_COL);
850  descr1.setNotNullConstraint(P_ID_COL);
851  descr1.setNotNullConstraint(ROLE_COL);
852  descr1.setNotNullConstraint(SCHEMA_COL);
853  descr1.setNotNullConstraint(AUTH_KEY_COL);
854  descr1.setNotNullConstraint(C_ID_COL);
855  columnsUnique.clear();
856  columnsUnique.push_back(P_ID_COL);
857  columnsUnique.push_back(ROLE_COL);
858  columnsUnique.push_back(SCHEMA_COL);
859  descr1.setUniqueConstraint(columnsUnique);
860  columnsForIndex.clear();
861  columnsForIndex.push_back(AUTH_ID_COL);
862  descr1.setPrimaryKey(columnsForIndex);
863  schema.createTable(descr1);
864 
865  m_log << "Creating credential table." << std::endl;
866  std::string credential_table_name = tname(CREDENTIAL_TABLE, m_key.version());
867  // credential table
868  addSequence(m_key.version(), schema, credential_table_name);
869  coral::TableDescription descr2;
870  descr2.setName(credential_table_name);
871  descr2.insertColumn(CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
872  descr2.insertColumn(
873  CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
874  descr2.insertColumn(USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
875  descr2.insertColumn(PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
876  descr2.insertColumn(
877  VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
878  descr2.insertColumn(
879  CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
880  descr2.setNotNullConstraint(CONNECTION_ID_COL);
881  descr2.setNotNullConstraint(CONNECTION_LABEL_COL);
882  descr2.setNotNullConstraint(USERNAME_COL);
883  descr2.setNotNullConstraint(PASSWORD_COL);
884  descr2.setNotNullConstraint(VERIFICATION_KEY_COL);
885  descr2.setNotNullConstraint(CONNECTION_KEY_COL);
886  columnsUnique.clear();
887  columnsUnique.push_back(CONNECTION_LABEL_COL);
888  descr2.setUniqueConstraint(columnsUnique);
889  columnsForIndex.clear();
890  columnsForIndex.push_back(CONNECTION_ID_COL);
891  descr2.setPrimaryKey(columnsForIndex);
892  schema.createTable(descr2);
893 
894  try {
895  schema.tableHandle(authentication_table_name)
896  .privilegeManager()
897  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
898  schema.tableHandle(authorization_table_name)
899  .privilegeManager()
900  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
901  schema.tableHandle(credential_table_name)
902  .privilegeManager()
903  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
904  } catch (const coral::Exception& e) {
905  std::cout << "WARNING: Could not grant select access to user " << m_serviceData->userName << ": [" << e.what()
906  << "]" << std::endl;
907  }
908  m_log << "Granting ADMIN access permission." << std::endl;
909  auth::KeyGenerator gen;
911  auto princData = updatePrincipalData(
913  std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
914  auto connParams = updateConnectionData(
915  m_key.version(), schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
917  schema,
918  princData.first,
922  connParams.first,
923  connParams.second,
924  m_log);
925  session.close();
926  return ret;
927 }

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, gather_cfg::cout, CREDENTIAL_TABLE(), MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE(), SEQUENCE_VALUE_COL(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), tname(), cond::updateConnectionData(), cond::updatePrincipalData(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

◆ drop()

bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 929 of file CredentialStore.cc.

931  {
932  CSScopedSession session(*this);
933  session.startSuper(connectionString, userName, password);
934 
935  m_log << "Dropping AUTHORIZATION, CREDENTIAL, AUTHENTICATION and SEQUENCE tables." << std::endl;
936  coral::ISchema& schema = m_session->nominalSchema();
937  schema.dropIfExistsTable(tname(AUTHORIZATION_TABLE, m_key.version()));
938  schema.dropIfExistsTable(tname(CREDENTIAL_TABLE, m_key.version()));
939  schema.dropIfExistsTable(tname(AUTHENTICATION_TABLE, m_key.version()));
940  schema.dropIfExistsTable(tname(SEQUENCE_TABLE, m_key.version()));
941  session.close();
942  return true;
943 }

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), EcalCondDBWriter_cfi::password, SEQUENCE_TABLE(), cond::CSScopedSession::startSuper(), tname(), and EcalCondDBWriter_cfi::userName.

◆ exportAll()

bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1476 of file CredentialStore.cc.

1476  {
1477  CSScopedSession session(*this);
1478  session.start(true);
1479  coral::ISchema& schema = m_session->nominalSchema();
1480  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1481  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1482  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1483  coral::AttributeList readBuff;
1484  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1485  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1486  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1487  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1488  readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
1489  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1490  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1491  coral::AttributeList whereData;
1492  std::stringstream whereClause;
1493  whereClause << "AUTHO." << C_ID_COL << "="
1494  << "CREDS." << CONNECTION_ID_COL;
1495 
1496  query->defineOutput(readBuff);
1497  query->addToOutputList("AUTHO." + ROLE_COL);
1498  query->addToOutputList("AUTHO." + SCHEMA_COL);
1499  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1500  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1501  query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
1502  query->addToOutputList("CREDS." + USERNAME_COL);
1503  query->addToOutputList("CREDS." + PASSWORD_COL);
1504  query->setCondition(whereClause.str(), whereData);
1505  coral::ICursor& cursor = query->execute();
1506  bool found = false;
1507  auth::Cipher cipher0(m_principalKey);
1508  while (cursor.next()) {
1509  const coral::AttributeList& row = cursor.currentRow();
1510  const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
1511  const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1512  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1513  const std::string& encryptedVerifKey = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
1514  const std::string& encryptedConnection = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
1515  std::string userName("");
1516  std::string password("");
1517  std::string connectionKey = cipher0.b64decrypt(encryptedConnection);
1518  auth::Cipher cipher1(connectionKey);
1519  std::string verifKey = cipher1.b64decrypt(encryptedVerifKey);
1520  if (verifKey == connectionLabel) {
1521  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1522  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1523  userName = cipher1.b64decrypt(encryptedUserName);
1524  password = cipher1.b64decrypt(encryptedPassword);
1525  }
1526  data.registerCredentials(connectionString, role, userName, password);
1527  found = true;
1528  }
1529  session.close();
1530  return found;
1531 }

References AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), data, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

◆ getUserCredentials()

std::pair< std::string, std::string > cond::CredentialStore::getUserCredentials ( const std::string &  connectionString,
const std::string &  role 
)

Definition at line 1239 of file CredentialStore.cc.

1240  {
1241  CSScopedSession session(*this);
1242  session.start(true);
1243  coral::ISchema& schema = m_session->nominalSchema();
1244 
1245  auth::Cipher cipher(m_principalKey);
1246 
1247  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1248  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1249  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1250  coral::AttributeList readBuff;
1251  readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
1252  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1253  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1254  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1255  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1256  coral::AttributeList whereData;
1257  whereData.extend<int>(P_ID_COL);
1258  whereData.extend<std::string>(SCHEMA_COL);
1259  whereData.extend<std::string>(ROLE_COL);
1260  whereData[P_ID_COL].data<int>() = m_principalId;
1261  whereData[SCHEMA_COL].data<std::string>() = connectionString;
1262  whereData[ROLE_COL].data<std::string>() = role;
1263  std::stringstream whereClause;
1264  whereClause << "AUTHO." << C_ID_COL << "="
1265  << "CREDS." << CONNECTION_ID_COL;
1266  whereClause << " AND "
1267  << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
1268  whereClause << " AND "
1269  << "AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
1270  whereClause << " AND "
1271  << "AUTHO." << ROLE_COL << " = :" << ROLE_COL;
1272  query->defineOutput(readBuff);
1273  query->addToOutputList("AUTHO." + AUTH_KEY_COL);
1274  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1275  query->addToOutputList("CREDS." + USERNAME_COL);
1276  query->addToOutputList("CREDS." + PASSWORD_COL);
1277  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1278  query->setCondition(whereClause.str(), whereData);
1279  coral::ICursor& cursor = query->execute();
1280  auto ret = std::make_pair(std::string(""), std::string(""));
1281  if (cursor.next()) {
1282  const coral::AttributeList& row = cursor.currentRow();
1283  const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
1284  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1285  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1286  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1287  std::string authKey = cipher.b64decrypt(encryptedAuthKey);
1288  auth::Cipher connCipher(authKey);
1289  std::string verificationString = connCipher.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
1290  if (verificationString == connectionLabel) {
1291  ret.first = connCipher.b64decrypt(encryptedUserName);
1292  ret.second = connCipher.b64decrypt(encryptedPassword);
1293  }
1294  }
1295  session.close();
1296  return ret;
1297 }

References AUTH_KEY_COL(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::getDbCredentials().

◆ importForPrincipal()

bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data,
bool  forceUpdateConnection = false 
)

import data

Definition at line 1299 of file CredentialStore.cc.

1301  {
1302  CSScopedSession session(*this);
1303  session.start(false);
1304  coral::ISchema& schema = m_session->nominalSchema();
1305 
1306  PrincipalData princData;
1307  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1308 
1309  if (!found) {
1310  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1311  throwException(msg, "CredentialStore::importForPrincipal");
1312  }
1313 
1314  bool imported = false;
1315  auth::Cipher cipher(m_principalKey);
1316  std::string princKey = cipher.b64decrypt(princData.adminKey);
1317 
1318  const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& creds = dataSource.data();
1319  for (std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>::const_iterator iConn =
1320  creds.begin();
1321  iConn != creds.end();
1322  ++iConn) {
1323  const std::string& connectionString = iConn->first.first;
1324  coral::URIParser parser;
1325  parser.setURI(connectionString);
1326  std::string serviceName = parser.hostName();
1327  const std::string& role = iConn->first.second;
1328  std::string userName = iConn->second->valueForItem(coral::IAuthenticationCredentials::userItem());
1329  std::string password = iConn->second->valueForItem(coral::IAuthenticationCredentials::passwordItem());
1330  // first import the connections
1331  std::pair<int, std::string> conn = updateConnectionData(m_key.version(),
1332  schema,
1335  userName,
1336  password,
1337  forceUpdateConnection,
1338  m_log);
1339  auth::Cipher cipher(m_principalKey);
1340  // than set the permission for the specific role
1342  m_key.version(), schema, princData.id, princKey, role, connectionString, conn.first, conn.second, m_log);
1343  imported = true;
1344  }
1345  session.close();
1346  return imported;
1347 }

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), SiStripCommissioningClient_cfg::conn, l1RCTOmdsFedVectorProducer_cfi::connectionString, L1TdeStage2CaloLayer1_cfi::dataSource, newFWLiteAna::found, cond::PrincipalData::id, genParticles_cff::map, mps_check::msg, writedatasetfile::parser, EcalCondDBWriter_cfi::password, cond::schemaLabel(), cond::selectPrincipal(), serviceName, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

◆ keyPrincipalName()

const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1535 of file CredentialStore.cc.

1535 { return m_key.principalName(); }

◆ listConnections()

bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1370 of file CredentialStore.cc.

1370  {
1371  CSScopedSession session(*this);
1372  session.start(true);
1373  coral::ISchema& schema = m_session->nominalSchema();
1374 
1375  std::unique_ptr<coral::IQuery> query(schema.tableHandle(tname(CREDENTIAL_TABLE, m_key.version())).newQuery());
1376  coral::AttributeList readBuff;
1377  readBuff.extend<std::string>(CONNECTION_LABEL_COL);
1378  readBuff.extend<std::string>(USERNAME_COL);
1379  readBuff.extend<std::string>(PASSWORD_COL);
1380  readBuff.extend<std::string>(VERIFICATION_KEY_COL);
1381  readBuff.extend<std::string>(CONNECTION_KEY_COL);
1382  query->defineOutput(readBuff);
1383  query->addToOutputList(CONNECTION_LABEL_COL);
1384  query->addToOutputList(USERNAME_COL);
1385  query->addToOutputList(PASSWORD_COL);
1386  query->addToOutputList(VERIFICATION_KEY_COL);
1387  query->addToOutputList(CONNECTION_KEY_COL);
1388  coral::ICursor& cursor = query->execute();
1389  bool found = false;
1390  auth::Cipher cipher0(m_principalKey);
1391  while (cursor.next()) {
1392  std::string userName("");
1393  std::string password("");
1394  const coral::AttributeList& row = cursor.currentRow();
1395  const std::string& connLabel = row[CONNECTION_LABEL_COL].data<std::string>();
1396  const std::string& encryptedKey = row[CONNECTION_KEY_COL].data<std::string>();
1397  const std::string& encryptedVerif = row[VERIFICATION_KEY_COL].data<std::string>();
1398  std::string connKey = cipher0.b64decrypt(encryptedKey);
1399  auth::Cipher cipher1(connKey);
1400  std::string verif = cipher1.b64decrypt(encryptedVerif);
1401  if (verif == connLabel) {
1402  const std::string& encryptedUserName = row[USERNAME_COL].data<std::string>();
1403  const std::string& encryptedPassword = row[PASSWORD_COL].data<std::string>();
1404  userName = cipher1.b64decrypt(encryptedUserName);
1405  password = cipher1.b64decrypt(encryptedPassword);
1406  }
1407  destination.insert(std::make_pair(connLabel, std::make_pair(userName, password)));
1408  found = true;
1409  }
1410  session.close();
1411  return found;
1412 }

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), CREDENTIAL_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

◆ listPrincipals()

bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1349 of file CredentialStore.cc.

1349  {
1350  CSScopedSession session(*this);
1351  session.start(true);
1352  coral::ISchema& schema = m_session->nominalSchema();
1353 
1354  std::unique_ptr<coral::IQuery> query(schema.tableHandle(tname(AUTHENTICATION_TABLE, m_key.version())).newQuery());
1355  coral::AttributeList readBuff;
1356  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1357  query->defineOutput(readBuff);
1358  query->addToOutputList(PRINCIPAL_NAME_COL);
1359  coral::ICursor& cursor = query->execute();
1360  bool found = false;
1361  while (cursor.next()) {
1362  found = true;
1363  const coral::AttributeList& row = cursor.currentRow();
1364  destination.push_back(row[PRINCIPAL_NAME_COL].data<std::string>());
1365  }
1366  session.close();
1367  return found;
1368 }

References AUTHENTICATION_TABLE(), cond::CSScopedSession::close(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, PRINCIPAL_NAME_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and tname().

◆ log()

std::string cond::CredentialStore::log ( )

◆ openConnection()

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString)
private

Definition at line 576 of file CredentialStore.cc.

576  {
577  coral::IHandle<coral::IRelationalService> relationalService =
578  coral::Context::instance().query<coral::IRelationalService>();
579  if (!relationalService.isValid()) {
580  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
581  relationalService = coral::Context::instance().query<coral::IRelationalService>();
582  }
583  coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
584  std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
585  m_connection.reset(domain.newConnection(connTokens.first));
586  m_connection->connect();
587  return connTokens;
588 }

References l1RCTOmdsFedVectorProducer_cfi::connectionString, and instance.

◆ openSession() [1/2]

void cond::CredentialStore::openSession ( bool  readOnly = true)
private

◆ openSession() [2/2]

void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
)
private

Definition at line 590 of file CredentialStore.cc.

593  {
594  coral::AccessMode accessMode = coral::ReadOnly;
595  if (!readMode)
596  accessMode = coral::Update;
597  m_session.reset(m_connection->newSession(schemaName, accessMode));
598  m_session->startUserSession(userName, password);
599  // open read-only transaction
600  m_session->transaction().start(readMode);
601  m_log << "New session opened." << std::endl;
602 }

References EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

◆ removeConnection()

bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1148 of file CredentialStore.cc.

1148  {
1149  CSScopedSession session(*this);
1150  session.start(false);
1151  coral::ISchema& schema = m_session->nominalSchema();
1152 
1153  CredentialData credsData;
1154  bool found = selectConnection(m_key.version(), schema, connectionLabel, credsData);
1155 
1156  if (!found) {
1157  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1158  throwException(msg, "CredentialStore::removeConnection");
1159  }
1160 
1161  m_log << "Removing connection " << connectionLabel << std::endl;
1162  coral::ITableDataEditor& editor0 = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
1163 
1164  coral::AttributeList deleteData0;
1165  deleteData0.extend<int>(C_ID_COL);
1166  deleteData0[C_ID_COL].data<int>() = credsData.id;
1167  std::string whereClause0 = C_ID_COL + " = :" + C_ID_COL;
1168  editor0.deleteRows(whereClause0, deleteData0);
1169 
1170  coral::ITableDataEditor& editor1 = schema.tableHandle(tname(CREDENTIAL_TABLE, m_key.version())).dataEditor();
1171 
1172  coral::AttributeList deleteData1;
1173  deleteData1.extend<int>(CONNECTION_ID_COL);
1174  deleteData1[CONNECTION_ID_COL].data<int>() = credsData.id;
1175  std::string whereClause1 = CONNECTION_ID_COL + " = :" + CONNECTION_ID_COL;
1176  editor1.deleteRows(whereClause1, deleteData1);
1177 
1178  session.close();
1179 
1180  return true;
1181 }

References AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CREDENTIAL_TABLE(), newFWLiteAna::found, cond::CredentialData::id, mps_check::msg, cond::selectConnection(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

◆ removePrincipal()

bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1112 of file CredentialStore.cc.

1112  {
1113  CSScopedSession session(*this);
1114  session.start(false);
1115  coral::ISchema& schema = m_session->nominalSchema();
1116 
1117  PrincipalData princData;
1118  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1119 
1120  if (!found) {
1121  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1122  throwException(msg, "CredentialStore::removePrincipal");
1123  }
1124 
1125  m_log << "Removing principal " << principal << " (id: " << princData.id << ")" << std::endl;
1126 
1127  coral::ITableDataEditor& editor0 = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
1128 
1129  coral::AttributeList deleteData0;
1130  deleteData0.extend<int>(P_ID_COL);
1131  deleteData0[P_ID_COL].data<int>() = princData.id;
1132  std::string whereClause0 = P_ID_COL + " = :" + P_ID_COL;
1133  editor0.deleteRows(whereClause0, deleteData0);
1134 
1135  coral::ITableDataEditor& editor1 = schema.tableHandle(tname(AUTHENTICATION_TABLE, m_key.version())).dataEditor();
1136 
1137  coral::AttributeList deleteData1;
1138  deleteData1.extend<int>(PRINCIPAL_ID_COL);
1139  deleteData1[PRINCIPAL_ID_COL].data<int>() = princData.id;
1140  std::string whereClause1 = PRINCIPAL_ID_COL + " = :" + PRINCIPAL_ID_COL;
1141  editor1.deleteRows(whereClause1, deleteData1);
1142 
1143  session.close();
1144 
1145  return true;
1146 }

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), newFWLiteAna::found, cond::PrincipalData::id, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

◆ resetAdmin()

bool cond::CredentialStore::resetAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 945 of file CredentialStore.cc.

945  {
946  if (!m_serviceData) {
947  throwException("The credential store has not been initialized.", "cond::CredentialStore::installAdmin");
948  }
950 
951  CSScopedSession session(*this);
952  session.startSuper(connectionString, userName, password);
953 
954  coral::ISchema& schema = m_session->nominalSchema();
955  const std::string& principalName = m_key.principalName();
956  const std::string& authenticationKey = m_key.principalKey();
957  PrincipalData princData;
958  if (!selectPrincipal(m_key.version(), schema, principalName, princData)) {
959  std::string msg("User \"");
960  msg += principalName + "\" has not been found.";
961  throwException(msg, "CredentialStore::resetAdmin");
962  }
963  auth::Cipher cipher0(authenticationKey);
964  m_principalKey = cipher0.b64decrypt(princData.principalKey);
965 
966  auto p = updatePrincipalData(m_key.version(), schema, authenticationKey, principalName, m_principalKey, false, m_log);
967  std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
968  auto connParams = updateConnectionData(
969  m_key.version(), schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
971  schema,
972  p.first,
976  connParams.first,
977  connParams.second,
978  m_log);
979  session.close();
980  return ret;
981 }

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, l1RCTOmdsFedVectorProducer_cfi::connectionString, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, EcalCondDBWriter_cfi::password, cond::PrincipalData::principalKey, runTheMatrix::ret, cond::schemaLabel(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), cond::updatePrincipalData(), and EcalCondDBWriter_cfi::userName.

◆ selectForUser()

bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1183 of file CredentialStore.cc.

1183  {
1184  CSScopedSession session(*this);
1185  session.start(true);
1186  coral::ISchema& schema = m_session->nominalSchema();
1187 
1188  auth::Cipher cipher(m_principalKey);
1189 
1190  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1191  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1192  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1193  coral::AttributeList readBuff;
1194  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1195  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1196  readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
1197  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1198  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1199  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1200  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1201  coral::AttributeList whereData;
1202  whereData.extend<int>(P_ID_COL);
1203  whereData[P_ID_COL].data<int>() = m_principalId;
1204  std::stringstream whereClause;
1205  whereClause << "AUTHO." << C_ID_COL << "="
1206  << "CREDS." << CONNECTION_ID_COL;
1207  whereClause << " AND "
1208  << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
1209  query->defineOutput(readBuff);
1210  query->addToOutputList("AUTHO." + ROLE_COL);
1211  query->addToOutputList("AUTHO." + SCHEMA_COL);
1212  query->addToOutputList("AUTHO." + AUTH_KEY_COL);
1213  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1214  query->addToOutputList("CREDS." + USERNAME_COL);
1215  query->addToOutputList("CREDS." + PASSWORD_COL);
1216  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1217  query->setCondition(whereClause.str(), whereData);
1218  coral::ICursor& cursor = query->execute();
1219  while (cursor.next()) {
1220  const coral::AttributeList& row = cursor.currentRow();
1221  const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
1222  const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1223  const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
1224  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1225  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1226  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1227  std::string authKey = cipher.b64decrypt(encryptedAuthKey);
1228  auth::Cipher connCipher(authKey);
1229  std::string verificationString = connCipher.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
1230  if (verificationString == connectionLabel) {
1231  destinationData.registerCredentials(
1232  connectionString, role, connCipher.b64decrypt(encryptedUserName), connCipher.b64decrypt(encryptedPassword));
1233  }
1234  }
1235  session.close();
1236  return true;
1237 }

References AUTH_KEY_COL(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), USERNAME_COL(), and VERIFICATION_KEY_COL().

◆ selectPermissions()

bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1414 of file CredentialStore.cc.

1417  {
1418  CSScopedSession session(*this);
1419  session.start(true);
1420  coral::ISchema& schema = m_session->nominalSchema();
1421  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1422  query->addToTableList(tname(AUTHENTICATION_TABLE, m_key.version()), "AUTHE");
1423  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1424  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1425  coral::AttributeList readBuff;
1426  readBuff.extend<std::string>("AUTHE." + PRINCIPAL_NAME_COL);
1427  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1428  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1429  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1430  coral::AttributeList whereData;
1431  std::stringstream whereClause;
1432  whereClause << "AUTHE." << PRINCIPAL_ID_COL << "= AUTHO." << P_ID_COL;
1433  whereClause << " AND AUTHO." << C_ID_COL << "="
1434  << "CREDS." << CONNECTION_ID_COL;
1435  if (!principalName.empty()) {
1436  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1437  whereData[PRINCIPAL_NAME_COL].data<std::string>() = principalName;
1438  whereClause << " AND AUTHE." << PRINCIPAL_NAME_COL << " = :" << PRINCIPAL_NAME_COL;
1439  }
1440  if (!role.empty()) {
1441  whereData.extend<std::string>(ROLE_COL);
1442  whereData[ROLE_COL].data<std::string>() = role;
1443  whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
1444  }
1445  if (!connectionString.empty()) {
1446  whereData.extend<std::string>(SCHEMA_COL);
1447  whereData[SCHEMA_COL].data<std::string>() = connectionString;
1448  whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
1449  }
1450 
1451  query->defineOutput(readBuff);
1452  query->addToOutputList("AUTHE." + PRINCIPAL_NAME_COL);
1453  query->addToOutputList("AUTHO." + ROLE_COL);
1454  query->addToOutputList("AUTHO." + SCHEMA_COL);
1455  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1456  query->setCondition(whereClause.str(), whereData);
1457  query->addToOrderList("AUTHO." + SCHEMA_COL);
1458  query->addToOrderList("AUTHE." + PRINCIPAL_NAME_COL);
1459  query->addToOrderList("AUTHO." + ROLE_COL);
1460  coral::ICursor& cursor = query->execute();
1461  bool found = false;
1462  while (cursor.next()) {
1463  const coral::AttributeList& row = cursor.currentRow();
1464  destination.resize(destination.size() + 1);
1465  Permission& perm = destination.back();
1466  perm.principalName = row["AUTHE." + PRINCIPAL_NAME_COL].data<std::string>();
1467  perm.role = row["AUTHO." + ROLE_COL].data<std::string>();
1468  perm.connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1469  perm.connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1470  found = true;
1471  }
1472  session.close();
1473  return found;
1474 }

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, l1RCTOmdsFedVectorProducer_cfi::connectionString, cond::CredentialStore::Permission::connectionString, CREDENTIAL_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, contentValuesFiles::query, cond::CredentialStore::Permission::role, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and tname().

◆ serviceName()

const std::string & cond::CredentialStore::serviceName ( )

Definition at line 1533 of file CredentialStore.cc.

1533 { return m_serviceName; }

◆ setPermission()

bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 1021 of file CredentialStore.cc.

1024  {
1025  CSScopedSession session(*this);
1026  session.start(false);
1027 
1028  coral::ISchema& schema = m_session->nominalSchema();
1029 
1030  PrincipalData princData;
1031  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1032 
1033  if (!found) {
1034  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1035  throwException(msg, "CredentialStore::setPermission");
1036  }
1037 
1038  m_log << "Principal " << principal << " id: " << princData.id << std::endl;
1039  CredentialData credsData;
1040  found = selectConnection(m_key.version(), schema, connectionLabel, credsData);
1041 
1042  if (!found) {
1043  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1044  throwException(msg, "CredentialStore::setPermission");
1045  }
1046 
1047  auth::Cipher cipher(m_principalKey);
1049  schema,
1050  princData.id,
1051  cipher.b64decrypt(princData.adminKey),
1052  role,
1054  credsData.id,
1055  cipher.b64decrypt(credsData.connectionKey),
1056  m_log);
1057  session.close();
1058  return ret;
1059 }

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, l1RCTOmdsFedVectorProducer_cfi::connectionString, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, mps_check::msg, runTheMatrix::ret, cond::selectConnection(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ setUpForConnectionString()

std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 760 of file CredentialStore.cc.

761  {
762  coral::IHandle<coral::IRelationalService> relationalService =
763  coral::Context::instance().query<coral::IRelationalService>();
764  if (!relationalService.isValid()) {
765  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
766  relationalService = coral::Context::instance().query<coral::IRelationalService>();
767  }
768  coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
769  std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
770  std::string& serviceName = connTokens.first;
772 }

References lumi_dqm_sourceclient-live_cfg::authPath, l1RCTOmdsFedVectorProducer_cfi::connectionString, instance, serviceName, and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::getDbCredentials().

◆ setUpForService()

std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 728 of file CredentialStore.cc.

728  {
729  if (serviceName.empty()) {
730  throwException("Service name has not been provided.", "cond::CredentialStore::setUpConnection");
731  }
732  m_serviceName.clear();
733  m_serviceData = nullptr;
734 
735  if (authPath.empty()) {
736  throwException("The authentication Path has not been provided.", "cond::CredentialStore::setUpForService");
737  }
739  if (!std::filesystem::exists(authPath) || !std::filesystem::is_directory(authPath)) {
740  throwException("Authentication Path is invalid.", "cond::CredentialStore::setUpForService");
741  }
743  fullPath /= file;
744 
745  m_key.init(fullPath.string(), auth::COND_KEY);
746 
747  std::map<std::string, auth::ServiceCredentials>::const_iterator iK = m_key.services().find(serviceName);
748  if (iK == m_key.services().end()) {
749  std::string msg("");
750  msg += "Service \"" + serviceName + "\" can't be open with the current key.";
751  throwException(msg, "cond::CredentialStore::setUpConnection");
752  }
754  m_serviceData = &iK->second;
755  m_log << "Opening Credential Store for service " << m_serviceName << " on " << m_serviceData->connectionString
756  << std::endl;
758 }

References lumi_dqm_sourceclient-live_cfg::authPath, cond::auth::COND_KEY, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, contentValuesFiles::fullPath, mps_check::msg, castor_dqm_sourceclient_file_cfg::path, serviceName, AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

◆ startSession()

void cond::CredentialStore::startSession ( bool  readMode)
private

Definition at line 612 of file CredentialStore.cc.

612  {
613  if (!m_serviceData) {
614  throwException("The credential store has not been initialized.", "cond::CredentialStore::openConnection");
615  }
616  const std::string& storeConnectionString = m_serviceData->connectionString;
617 
618  std::pair<std::string, std::string> connTokens = openConnection(storeConnectionString);
619 
622 
623  openSession(connTokens.second, userName, password, true);
624 
625  coral::ISchema& schema = m_session->nominalSchema();
626  const std::string& schemaVersion = m_key.version();
627  if (!schema.existsTable(tname(AUTHENTICATION_TABLE, schemaVersion)) ||
628  !schema.existsTable(tname(AUTHORIZATION_TABLE, schemaVersion)) ||
629  !schema.existsTable(tname(CREDENTIAL_TABLE, schemaVersion))) {
630  throwException("Credential database does not exists in \"" + storeConnectionString + "\"",
631  "CredentialStore::startSession");
632  }
633 
634  const std::string& principalName = m_key.principalName();
635  // now authenticate...
636  PrincipalData princData;
637  if (!selectPrincipal(schemaVersion, m_session->nominalSchema(), principalName, princData)) {
638  throwException("Invalid credentials provided.(0)", "CredentialStore::startSession");
639  }
640  auth::Cipher cipher0(m_key.principalKey());
641  std::string verifStr = cipher0.b64decrypt(princData.verifKey);
642  if (verifStr != principalName) {
643  throwException("Invalid credentials provided (1)", "CredentialStore::startSession");
644  }
645  // ok, authenticated!
646  m_principalId = princData.id;
647  m_principalKey = cipher0.b64decrypt(princData.principalKey);
648 
649  if (!readMode) {
650  auth::Cipher cipher0(m_principalKey);
651  std::string adminKey = cipher0.b64decrypt(princData.adminKey);
652  if (adminKey != m_principalKey) {
653  // not admin user!
654  throwException("Provided credentials does not allow admin operation.", "CredentialStore::openSession");
655  }
656 
657  // first find the credentials for WRITING in the security tables
658  std::unique_ptr<coral::IQuery> query(schema.newQuery());
659  query->addToTableList(tname(AUTHORIZATION_TABLE, schemaVersion), "AUTHO");
660  query->addToTableList(tname(CREDENTIAL_TABLE, schemaVersion), "CREDS");
661  coral::AttributeList readBuff;
662  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
663  readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
664  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
665  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
666  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
667  coral::AttributeList whereData;
668  whereData.extend<int>(P_ID_COL);
669  whereData.extend<std::string>(ROLE_COL);
670  whereData.extend<std::string>(SCHEMA_COL);
671  whereData[P_ID_COL].data<int>() = m_principalId;
672  whereData[ROLE_COL].data<std::string>() = auth::COND_ADMIN_ROLE;
673  whereData[SCHEMA_COL].data<std::string>() = storeConnectionString;
674  std::stringstream whereClause;
675  whereClause << "AUTHO." << C_ID_COL << " = CREDS." << CONNECTION_ID_COL;
676  whereClause << " AND AUTHO." << P_ID_COL << " = :" << P_ID_COL;
677  whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
678  whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
679  query->defineOutput(readBuff);
680  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
681  query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
682  query->addToOutputList("CREDS." + USERNAME_COL);
683  query->addToOutputList("CREDS." + PASSWORD_COL);
684  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
685  query->setCondition(whereClause.str(), whereData);
686  coral::ICursor& cursor = query->execute();
687  bool found = false;
688  std::string writeUserName("");
689  std::string writePassword("");
690  if (cursor.next()) {
691  const coral::AttributeList& row = cursor.currentRow();
692  const std::string& connLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
693  const std::string& encryptedConnectionKey = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
694  std::string connectionKey = cipher0.b64decrypt(encryptedConnectionKey);
695  auth::Cipher cipher1(connectionKey);
696  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
697  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
698  std::string verificationKey = cipher1.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
699  if (verificationKey != connLabel) {
700  throwException("Could not decrypt credentials.Provided key is invalid.", "CredentialStore::startSession");
701  }
702  writeUserName = cipher1.b64decrypt(encryptedUserName);
703  writePassword = cipher1.b64decrypt(encryptedPassword);
704  found = true;
705  }
706  if (!found) {
707  throwException("Provided credentials are invalid for write access.", "CredentialStore::openSession");
708  }
709  m_session->transaction().commit();
710  m_session->endUserSession();
711  openSession(connTokens.second, writeUserName, writePassword, false);
712  }
713 }

References cond::PrincipalData::adminKey, AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), CREDENTIAL_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), cond::PrincipalData::principalKey, contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

◆ startSuperSession()

void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)
private

Definition at line 604 of file CredentialStore.cc.

606  {
607  std::pair<std::string, std::string> connTokens = openConnection(connectionString);
608  openSession(connTokens.second, userName, password, false);
609 }

References l1RCTOmdsFedVectorProducer_cfi::connectionString, EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

◆ unsetPermission()

bool cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 1061 of file CredentialStore.cc.

1063  {
1064  if (cond::auth::ROLES.find(role) == cond::auth::ROLES.end()) {
1065  throwException(std::string("Role ") + role + " does not exists.", "CredentialStore::unsetPermission");
1066  }
1067  CSScopedSession session(*this);
1068  session.start(false);
1069  coral::ISchema& schema = m_session->nominalSchema();
1070 
1071  PrincipalData princData;
1072  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1073 
1074  if (!found) {
1075  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1076  throwException(msg, "CredentialStore::unsetPermission");
1077  }
1078  m_log << "Removing permission for principal " << principal << " (id: " << princData.id << ") to access resource "
1079  << connectionString << " with role " << role << std::endl;
1080  coral::ITableDataEditor& editor = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
1081  coral::AttributeList deleteData;
1082  deleteData.extend<int>(P_ID_COL);
1083  deleteData.extend<std::string>(ROLE_COL);
1084  deleteData.extend<std::string>(SCHEMA_COL);
1085  deleteData[P_ID_COL].data<int>() = princData.id;
1086  deleteData[ROLE_COL].data<std::string>() = role;
1087  deleteData[SCHEMA_COL].data<std::string>() = connectionString;
1088  std::stringstream whereClause;
1089  whereClause << P_ID_COL + " = :" + P_ID_COL;
1090  whereClause << " AND " << ROLE_COL << " = :" << ROLE_COL;
1091  whereClause << " AND " << SCHEMA_COL << " = :" << SCHEMA_COL;
1092  editor.deleteRows(whereClause.str(), deleteData);
1093  session.close();
1094  return true;
1095 }

References AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), l1RCTOmdsFedVectorProducer_cfi::connectionString, mps_fire::end, spr::find(), newFWLiteAna::found, cond::PrincipalData::id, mps_check::msg, P_ID_COL(), ROLE_COL(), cond::auth::ROLES, SCHEMA_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

◆ updateConnection()

bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1097 of file CredentialStore.cc.

1099  {
1100  CSScopedSession session(*this);
1101  session.start(false);
1102 
1103  m_session->transaction().start();
1104  coral::ISchema& schema = m_session->nominalSchema();
1105  std::string connLabel = to_lower(connectionLabel);
1106  updateConnectionData(m_key.version(), schema, m_principalKey, connLabel, userName, password, true, m_log);
1107 
1108  session.close();
1109  return true;
1110 }

References cond::CSScopedSession::close(), EcalCondDBWriter_cfi::password, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, to_lower(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

◆ updatePrincipal()

bool cond::CredentialStore::updatePrincipal ( const std::string &  principal,
const std::string &  principalKey,
bool  setAdmin = false 
)

Definition at line 983 of file CredentialStore.cc.

985  {
986  CSScopedSession session(*this);
987  session.start(false);
988  coral::ISchema& schema = m_session->nominalSchema();
989  auto princData =
990  updatePrincipalData(m_key.version(), schema, authenticationKey, principalName, m_principalKey, false, m_log);
991  bool ret = false;
992  if (setAdmin) {
993  int princId = princData.first;
994  std::string princKey = m_principalKey;
996  std::vector<Permission> permissions;
998  throwException("The current operating user is not admin user on the underlying Credential Store.",
999  "CredentialStore::updatePrincipal");
1000  }
1001  std::string connLabel = permissions.front().connectionLabel;
1002  CredentialData credsData;
1003  if (!selectConnection(m_key.version(), schema, connLabel, credsData)) {
1004  throwException("Credential Store connection has not been defined.", "CredentialStore::updatePrincipal");
1005  }
1006  auth::Cipher adminCipher(m_principalKey);
1008  schema,
1009  princId,
1010  princKey,
1012  connString,
1013  credsData.id,
1014  adminCipher.b64decrypt(credsData.connectionKey),
1015  m_log);
1016  }
1017  session.close();
1018  return ret;
1019 }

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::CredentialData::id, cmsHarvester::permissions, runTheMatrix::ret, cond::selectConnection(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().

Friends And Related Function Documentation

◆ CSScopedSession

friend class CSScopedSession
friend

Definition at line 151 of file CredentialStore.h.

Member Data Documentation

◆ DEFAULT_DATA_SOURCE

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE
static

Definition at line 81 of file CredentialStore.h.

◆ m_connection

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection
private

Definition at line 168 of file CredentialStore.h.

◆ m_key

auth::DecodingKey cond::CredentialStore::m_key
private

Definition at line 178 of file CredentialStore.h.

◆ m_log

std::stringstream cond::CredentialStore::m_log
private

Definition at line 180 of file CredentialStore.h.

◆ m_principalId

int cond::CredentialStore::m_principalId
private

Definition at line 171 of file CredentialStore.h.

◆ m_principalKey

std::string cond::CredentialStore::m_principalKey
private

Definition at line 173 of file CredentialStore.h.

◆ m_serviceData

const auth::ServiceCredentials* cond::CredentialStore::m_serviceData
private

Definition at line 176 of file CredentialStore.h.

◆ m_serviceName

std::string cond::CredentialStore::m_serviceName
private

Definition at line 175 of file CredentialStore.h.

◆ m_session

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session
private

Definition at line 169 of file CredentialStore.h.

runTheMatrix.ret
ret
prodAgent to be discontinued
Definition: runTheMatrix.py:542
lumi_dqm_sourceclient-live_cfg.authPath
authPath
Definition: lumi_dqm_sourceclient-live_cfg.py:33
ROLE_COL
static const std::string ROLE_COL("C_ROLE")
cond::CredentialStore::m_session
std::shared_ptr< coral::ISession > m_session
Definition: CredentialStore.h:169
SCHEMA_COL
static const std::string SCHEMA_COL("C_SCHEMA")
AUTHORIZATION_TABLE
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
cond::auth::COND_ADMIN_ROLE
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:19
AUTHENTICATION_TABLE
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
cond::CredentialStore::m_serviceData
const auth::ServiceCredentials * m_serviceData
Definition: CredentialStore.h:176
cond::auth::DecodingKey::principalName
const std::string & principalName() const
Definition: DecodingKey.h:108
C_ID_COL
static const std::string C_ID_COL("C_ID")
cond::CredentialStore::m_serviceName
std::string m_serviceName
Definition: CredentialStore.h:175
contentValuesFiles.fullPath
fullPath
Definition: contentValuesFiles.py:64
cond::updatePrincipalData
std::pair< int, std::string > updatePrincipalData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init, std::stringstream &log)
Definition: CredentialStore.cc:365
AlCaHLTBitMon_ParallelJobs.p
p
Definition: AlCaHLTBitMon_ParallelJobs.py:153
AUTH_KEY_COL
static const std::string AUTH_KEY_COL("CRED3")
PRINCIPAL_NAME_COL
static const std::string PRINCIPAL_NAME_COL("P_NAME")
cond::auth::ServiceCredentials::connectionString
std::string connectionString
Definition: DecodingKey.h:15
gather_cfg.cout
cout
Definition: gather_cfg.py:144
CONNECTION_LABEL_COL
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
SiStripCommissioningClient_cfg.conn
conn
Definition: SiStripCommissioningClient_cfg.py:5
VERIFICATION_KEY_COL
static const std::string VERIFICATION_KEY_COL("CRED6")
writedatasetfile.parser
parser
Definition: writedatasetfile.py:7
cond::CredentialStore::m_key
auth::DecodingKey m_key
Definition: CredentialStore.h:178
cond::CredentialStore::openConnection
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
Definition: CredentialStore.cc:576
mps_check.msg
tuple msg
Definition: mps_check.py:285
SEQUENCE_TABLE
static const std::string SEQUENCE_TABLE("CREDENTIAL_SEQUENCE")
cond::auth::DecodingKey::init
size_t init(const std::string &keyFileName, const std::string &password, bool readMode=true)
Definition: DecodingKey.cc:113
spr::find
void find(edm::Handle< EcalRecHitCollection > &hits, DetId thisDet, std::vector< EcalRecHitCollection::const_iterator > &hit, bool debug=false)
Definition: FindCaloHit.cc:19
newFWLiteAna.found
found
Definition: newFWLiteAna.py:118
ADMIN_KEY_COL
static const std::string ADMIN_KEY_COL("CRED2")
to_lower
std::string to_lower(const std::string &s)
Definition: CredentialStore.cc:157
EcalCondDBWriter_cfi.userName
userName
Definition: EcalCondDBWriter_cfi.py:61
CONNECTION_KEY_COL
static const std::string CONNECTION_KEY_COL("CRED7")
EcalCondDBWriter_cfi.password
password
Definition: EcalCondDBWriter_cfi.py:62
addSequence
void addSequence(const std::string &schemaVersion, coral::ISchema &schema, const std::string &name)
Definition: CredentialStore.cc:774
query
Definition: query.py:1
cmsHarvester.permissions
permissions
Definition: cmsHarvester.py:1650
cond::CredentialStore::setUpForService
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
Definition: CredentialStore.cc:728
SEQUENCE_NAME_COL
static const std::string SEQUENCE_NAME_COL("NAME")
mps_fire.end
end
Definition: mps_fire.py:242
USERNAME_COL
static const std::string USERNAME_COL("CRED4")
cond::auth::DecodingKey::FILE_PATH
static constexpr const char *const FILE_PATH
Definition: DecodingKey.h:35
cond::selectPrincipal
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
Definition: CredentialStore.cc:205
gen
Definition: PythiaDecays.h:13
PASSWORD_COL
static const std::string PASSWORD_COL("CRED5")
CONNECTION_ID_COL
static const std::string CONNECTION_ID_COL("CONN_ID")
cond::CredentialStore::serviceName
const std::string & serviceName()
Definition: CredentialStore.cc:1533
AlCaHLTBitMon_QueryRunRegistry.string
string
Definition: AlCaHLTBitMon_QueryRunRegistry.py:256
cond::auth::COND_KEY
static constexpr const char *const COND_KEY
Definition: Auth.h:28
L1TdeStage2CaloLayer1_cfi.dataSource
dataSource
Definition: L1TdeStage2CaloLayer1_cfi.py:5
coral_bridge::AuthenticationCredentialSet::registerCredentials
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:63
cond::selectConnection
bool selectConnection(const std::string &schemaVersion, coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
Definition: CredentialStore.cc:247
cond::CredentialStore::CSScopedSession
friend class CSScopedSession
Definition: CredentialStore.h:151
FrontierConditions_GlobalTag_cff.file
file
Definition: FrontierConditions_GlobalTag_cff.py:13
P_ID_COL
static const std::string P_ID_COL("P_ID")
cond::auth::ServiceCredentials::password
std::string password
Definition: DecodingKey.h:17
tname
std::string tname(const std::string &tableName, const std::string &schemaVersion)
Definition: CredentialStore.cc:150
CREDENTIAL_TABLE
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
cond::CredentialStore::m_principalKey
std::string m_principalKey
Definition: CredentialStore.h:173
VERIFICATION_COL
static const std::string VERIFICATION_COL("CRED0")
cond::CredentialStore::m_principalId
int m_principalId
Definition: CredentialStore.h:171
instance
static PFTauRenderPlugin instance
Definition: PFTauRenderPlugin.cc:70
HLTMuonOfflineAnalyzer_cff.destination
destination
Definition: HLTMuonOfflineAnalyzer_cff.py:50
cond::updateConnectionData
std::pair< int, std::string > updateConnectionData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate, std::stringstream &log)
Definition: CredentialStore.cc:484
cond::auth::DecodingKey::services
const std::map< std::string, ServiceCredentials > & services() const
Definition: DecodingKey.h:116
AUTH_ID_COL
static const std::string AUTH_ID_COL("AUTH_ID")
Exception
Definition: hltDiff.cc:245
PRINCIPAL_KEY_COL
static const std::string PRINCIPAL_KEY_COL("CRED1")
cond::auth::DecodingKey::version
const std::string & version() const
Definition: DecodingKey.h:106
PRINCIPAL_ID_COL
static const std::string PRINCIPAL_ID_COL("P_ID")
cond::CredentialStore::m_log
std::stringstream m_log
Definition: CredentialStore.h:180
relval_steps.gen
def gen(fragment, howMuch)
Production test section ####.
Definition: relval_steps.py:504
data
char data[epos_bytes_allocation]
Definition: EPOS_Wrapper.h:79
cond::CredentialStore::selectPermissions
bool selectPermissions(const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
Definition: CredentialStore.cc:1414
cond::schemaLabel
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
Definition: CredentialStore.cc:167
cond::CredentialStore::m_connection
std::shared_ptr< coral::IConnection > m_connection
Definition: CredentialStore.h:168
contentValuesFiles.query
query
Definition: contentValuesFiles.py:38
castor_dqm_sourceclient_file_cfg.path
path
Definition: castor_dqm_sourceclient_file_cfg.py:37
genParticles_cff.map
map
Definition: genParticles_cff.py:11
cond::auth::ROLES
static const std::set< std::string > ROLES
Definition: Auth.h:21
l1RCTOmdsFedVectorProducer_cfi.connectionString
connectionString
Definition: l1RCTOmdsFedVectorProducer_cfi.py:4
cond::setPermissionData
bool setPermissionData(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
Definition: CredentialStore.cc:428
SEQUENCE_VALUE_COL
static const std::string SEQUENCE_VALUE_COL("VALUE")
cond::auth::ServiceCredentials::userName
std::string userName
Definition: DecodingKey.h:16
cond::auth::COND_DB_KEY_SIZE
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:31
cond::CredentialStore::openSession
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
Definition: CredentialStore.cc:590
MillePedeFileConverter_cfg.e
e
Definition: MillePedeFileConverter_cfg.py:37
cond::throwException
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
cond::auth::DecodingKey::principalKey
const std::string & principalKey() const
Definition: DecodingKey.h:110