CMS 3D CMS Logo

List of all members | Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends
cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes

struct  Permission
 

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 
 CredentialStore ()
 Standard Constructor. More...
 
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
 
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
 
std::pair< std::string, std::string > getUserCredentials (const std::string &connectionString, const std::string &role)
 
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
 import data More...
 
const std::string & keyPrincipalName ()
 
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
 
bool listPrincipals (std::vector< std::string > &destination)
 
std::string log ()
 
bool removeConnection (const std::string &connectionLabel)
 
bool removePrincipal (const std::string &principal)
 
bool resetAdmin (const std::string &userName, const std::string &password)
 
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
 
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
 
const std::string & serviceName ()
 
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
 
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
 
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters. More...
 
size_t unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
 
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
 
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
 
virtual ~CredentialStore ()
 Standard Destructor. More...
 

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE
 

Private Member Functions

void closeSession (bool commit=true)
 
std::pair< std::string, std::string > openConnection (const std::string &connectionString)
 
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
 
void openSession (bool readOnly=true)
 
void startSession (bool readMode)
 
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
 

Private Attributes

std::string m_authenticatedPrincipal
 
std::shared_ptr< coral::IConnection > m_connection
 
auth::DecodingKey m_key
 
std::stringstream m_log
 
int m_principalId
 
std::string m_principalKey
 
const auth::ServiceCredentialsm_serviceData
 
std::string m_serviceName
 
std::shared_ptr< coral::ISession > m_session
 

Friends

class CSScopedSession
 

Detailed Description

Definition at line 85 of file CredentialStore.h.

Constructor & Destructor Documentation

◆ CredentialStore()

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 746 of file CredentialStore.cc.

747  : m_connection(),
748  m_session(),
750  m_principalId(-1),
751  m_principalKey(""),
752  m_serviceName(""),
753  m_serviceData(nullptr),
754  m_key(),
755  m_log() {}
std::string m_authenticatedPrincipal
std::stringstream m_log
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
const auth::ServiceCredentials * m_serviceData

◆ ~CredentialStore()

cond::CredentialStore::~CredentialStore ( )
virtual

Standard Destructor.

Definition at line 757 of file CredentialStore.cc.

757 {}

Member Function Documentation

◆ closeSession()

void cond::CredentialStore::closeSession ( bool  commit = true)
private

Definition at line 586 of file CredentialStore.cc.

586  {
587  if (m_session.get()) {
588  if (m_session->transaction().isActive()) {
589  if (commit) {
590  m_session->transaction().commit();
591  } else {
592  m_session->transaction().rollback();
593  }
594  }
595  m_session->endUserSession();
596  }
597  m_session.reset();
598  if (m_connection.get()) {
599  m_connection->disconnect();
600  }
601  m_connection.reset();
602  m_log << "Session has been closed." << std::endl;
603 }
std::stringstream m_log
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection

◆ createSchema()

bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 817 of file CredentialStore.cc.

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, gather_cfg::cout, CREDENTIAL_TABLE(), MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE(), SEQUENCE_VALUE_COL(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), tname(), cond::updateConnectionData(), cond::updatePrincipalData(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

819  {
820  CSScopedSession session(*this);
821  session.startSuper(connectionString, userName, password);
822 
823  coral::ISchema& schema = m_session->nominalSchema();
824  std::string authentication_table_name = tname(AUTHENTICATION_TABLE, m_key.version());
825  if (schema.existsTable(authentication_table_name)) {
826  throwException("Credential database, already exists.", "CredentialStore::create");
827  }
828 
829  m_log << "Creating sequence table." << std::endl;
830  std::string sequence_table_name = tname(SEQUENCE_TABLE, m_key.version());
831  coral::TableDescription dseq;
832  dseq.setName(sequence_table_name);
833  dseq.insertColumn(SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>());
834  dseq.setNotNullConstraint(SEQUENCE_NAME_COL);
835  dseq.insertColumn(SEQUENCE_VALUE_COL, coral::AttributeSpecification::typeNameForType<int>());
836  dseq.setNotNullConstraint(SEQUENCE_VALUE_COL);
837  dseq.setPrimaryKey(std::vector<std::string>(1, SEQUENCE_NAME_COL));
838  schema.createTable(dseq);
839 
840  int columnSize = 2000;
841 
842  m_log << "Creating authentication table." << std::endl;
843  // authentication table
844  addSequence(m_key.version(), schema, authentication_table_name);
845  coral::TableDescription descr0;
846  descr0.setName(authentication_table_name);
847  descr0.insertColumn(PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
848  descr0.insertColumn(
849  PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
850  descr0.insertColumn(
851  VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
852  descr0.insertColumn(
853  PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
854  descr0.insertColumn(ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
855  descr0.setNotNullConstraint(PRINCIPAL_ID_COL);
856  descr0.setNotNullConstraint(PRINCIPAL_NAME_COL);
857  descr0.setNotNullConstraint(VERIFICATION_COL);
858  descr0.setNotNullConstraint(PRINCIPAL_KEY_COL);
859  descr0.setNotNullConstraint(ADMIN_KEY_COL);
860  std::vector<std::string> columnsUnique;
861  columnsUnique.push_back(PRINCIPAL_NAME_COL);
862  descr0.setUniqueConstraint(columnsUnique);
863  std::vector<std::string> columnsForIndex;
864  columnsForIndex.push_back(PRINCIPAL_ID_COL);
865  descr0.setPrimaryKey(columnsForIndex);
866  schema.createTable(descr0);
867 
868  m_log << "Creating authorization table." << std::endl;
869  std::string authorization_table_name = tname(AUTHORIZATION_TABLE, m_key.version());
870  // authorization table
871  addSequence(m_key.version(), schema, authorization_table_name);
872  coral::TableDescription descr1;
873  descr1.setName(authorization_table_name);
874  descr1.insertColumn(AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
875  descr1.insertColumn(P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
876  descr1.insertColumn(ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
877  descr1.insertColumn(SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
878  descr1.insertColumn(AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
879  descr1.insertColumn(C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
880  descr1.setNotNullConstraint(AUTH_ID_COL);
881  descr1.setNotNullConstraint(P_ID_COL);
882  descr1.setNotNullConstraint(ROLE_COL);
883  descr1.setNotNullConstraint(SCHEMA_COL);
884  descr1.setNotNullConstraint(AUTH_KEY_COL);
885  descr1.setNotNullConstraint(C_ID_COL);
886  columnsUnique.clear();
887  columnsUnique.push_back(P_ID_COL);
888  columnsUnique.push_back(ROLE_COL);
889  columnsUnique.push_back(SCHEMA_COL);
890  descr1.setUniqueConstraint(columnsUnique);
891  columnsForIndex.clear();
892  columnsForIndex.push_back(AUTH_ID_COL);
893  descr1.setPrimaryKey(columnsForIndex);
894  schema.createTable(descr1);
895 
896  m_log << "Creating credential table." << std::endl;
897  std::string credential_table_name = tname(CREDENTIAL_TABLE, m_key.version());
898  // credential table
899  addSequence(m_key.version(), schema, credential_table_name);
900  coral::TableDescription descr2;
901  descr2.setName(credential_table_name);
902  descr2.insertColumn(CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
903  descr2.insertColumn(
904  CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
905  descr2.insertColumn(USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
906  descr2.insertColumn(PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
907  descr2.insertColumn(
908  VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
909  descr2.insertColumn(
910  CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
911  descr2.setNotNullConstraint(CONNECTION_ID_COL);
912  descr2.setNotNullConstraint(CONNECTION_LABEL_COL);
913  descr2.setNotNullConstraint(USERNAME_COL);
914  descr2.setNotNullConstraint(PASSWORD_COL);
915  descr2.setNotNullConstraint(VERIFICATION_KEY_COL);
916  descr2.setNotNullConstraint(CONNECTION_KEY_COL);
917  columnsUnique.clear();
918  columnsUnique.push_back(CONNECTION_LABEL_COL);
919  descr2.setUniqueConstraint(columnsUnique);
920  columnsForIndex.clear();
921  columnsForIndex.push_back(CONNECTION_ID_COL);
922  descr2.setPrimaryKey(columnsForIndex);
923  schema.createTable(descr2);
924 
925  try {
926  schema.tableHandle(authentication_table_name)
927  .privilegeManager()
928  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
929  schema.tableHandle(authorization_table_name)
930  .privilegeManager()
931  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
932  schema.tableHandle(credential_table_name)
933  .privilegeManager()
934  .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
935  } catch (const coral::Exception& e) {
936  std::cout << "WARNING: Could not grant select access to user " << m_serviceData->userName << ": [" << e.what()
937  << "]" << std::endl;
938  }
939  m_log << "Granting ADMIN access permission." << std::endl;
940  auth::KeyGenerator gen;
942  auto princData = updatePrincipalData(
944  std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
945  auto connParams = updateConnectionData(
946  m_key.version(), schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
948  schema,
949  princData.first,
953  connParams.first,
954  connParams.second,
955  m_log);
956  session.close();
957  return ret;
958 }
static const std::string SEQUENCE_VALUE_COL("VALUE")
std::pair< int, std::string > updateConnectionData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate, std::stringstream &log)
static const std::string ROLE_COL("C_ROLE")
ret
prodAgent to be discontinued
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
void addSequence(const std::string &schemaVersion, coral::ISchema &schema, const std::string &name)
std::pair< int, std::string > updatePrincipalData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init, std::stringstream &log)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
static const std::string PASSWORD_COL("CRED5")
bool setPermissionData(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string SEQUENCE_TABLE("CREDENTIAL_SEQUENCE")
std::stringstream m_log
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:19
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:38
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
static const std::string SEQUENCE_NAME_COL("NAME")
static const std::string USERNAME_COL("CRED4")
def gen(fragment, howMuch)
Production test section ####.
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
static const std::string PRINCIPAL_ID_COL("P_ID")
const std::string & principalName() const
Definition: DecodingKey.h:108
std::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
static const std::string PRINCIPAL_KEY_COL("CRED1")
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string P_ID_COL("P_ID")
const auth::ServiceCredentials * m_serviceData
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
const std::string & principalKey() const
Definition: DecodingKey.h:110
static const std::string AUTH_KEY_COL("CRED3")
static const std::string PRINCIPAL_NAME_COL("P_NAME")

◆ drop()

bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 960 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), EcalCondDBWriter_cfi::password, SEQUENCE_TABLE(), cond::CSScopedSession::startSuper(), tname(), and EcalCondDBWriter_cfi::userName.

962  {
963  CSScopedSession session(*this);
964  session.startSuper(connectionString, userName, password);
965 
966  m_log << "Dropping AUTHORIZATION, CREDENTIAL, AUTHENTICATION and SEQUENCE tables." << std::endl;
967  coral::ISchema& schema = m_session->nominalSchema();
968  schema.dropIfExistsTable(tname(AUTHORIZATION_TABLE, m_key.version()));
969  schema.dropIfExistsTable(tname(CREDENTIAL_TABLE, m_key.version()));
970  schema.dropIfExistsTable(tname(AUTHENTICATION_TABLE, m_key.version()));
971  schema.dropIfExistsTable(tname(SEQUENCE_TABLE, m_key.version()));
972  session.close();
973  return true;
974 }
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
static const std::string SEQUENCE_TABLE("CREDENTIAL_SEQUENCE")
std::stringstream m_log
friend class CSScopedSession
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")

◆ exportAll()

bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1525 of file CredentialStore.cc.

References AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), data, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), to_lower(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

1525  {
1526  CSScopedSession session(*this);
1527  session.start(true);
1528  coral::ISchema& schema = m_session->nominalSchema();
1529  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1530  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1531  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1532  coral::AttributeList readBuff;
1533  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1534  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1535  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1536  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1537  readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
1538  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1539  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1540  coral::AttributeList whereData;
1541  std::stringstream whereClause;
1542  whereClause << "AUTHO." << C_ID_COL << "="
1543  << "CREDS." << CONNECTION_ID_COL;
1544 
1545  query->defineOutput(readBuff);
1546  query->addToOutputList("AUTHO." + ROLE_COL);
1547  query->addToOutputList("AUTHO." + SCHEMA_COL);
1548  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1549  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1550  query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
1551  query->addToOutputList("CREDS." + USERNAME_COL);
1552  query->addToOutputList("CREDS." + PASSWORD_COL);
1553  query->setCondition(whereClause.str(), whereData);
1554  coral::ICursor& cursor = query->execute();
1555  bool found = false;
1556  auth::Cipher cipher0(m_principalKey);
1557  while (cursor.next()) {
1558  const coral::AttributeList& row = cursor.currentRow();
1559  const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
1560  const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1561  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1562  const std::string& encryptedVerifKey = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
1563  const std::string& encryptedConnection = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
1564  std::string userName("");
1565  std::string password("");
1566  std::string connectionKey = cipher0.b64decrypt(encryptedConnection);
1567  auth::Cipher cipher1(connectionKey);
1568  std::string verifKey = cipher1.b64decrypt(encryptedVerifKey);
1569  if (verifKey == connectionLabel) {
1570  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1571  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1572  userName = cipher1.b64decrypt(encryptedUserName);
1573  password = cipher1.b64decrypt(encryptedPassword);
1574  }
1575  data.registerCredentials(to_lower(connectionString), role, userName, password);
1576  found = true;
1577  }
1578  session.close();
1579  return found;
1580 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
std::string to_lower(const std::string &s)
static const std::string PASSWORD_COL("CRED5")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
char data[epos_bytes_allocation]
Definition: EPOS_Wrapper.h:79
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")

◆ getUserCredentials()

std::pair< std::string, std::string > cond::CredentialStore::getUserCredentials ( const std::string &  connectionString,
const std::string &  role 
)

Definition at line 1288 of file CredentialStore.cc.

References AUTH_KEY_COL(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), to_lower(), USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::getDbCredentials().

1289  {
1290  CSScopedSession session(*this);
1291  session.start(true);
1292  coral::ISchema& schema = m_session->nominalSchema();
1293 
1294  auth::Cipher cipher(m_principalKey);
1295 
1296  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1297  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1298  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1299  coral::AttributeList readBuff;
1300  readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
1301  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1302  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1303  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1304  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1305  coral::AttributeList whereData;
1306  whereData.extend<int>(P_ID_COL);
1307  whereData.extend<std::string>(SCHEMA_COL);
1308  whereData.extend<std::string>(ROLE_COL);
1309  whereData[P_ID_COL].data<int>() = m_principalId;
1310  whereData[SCHEMA_COL].data<std::string>() = to_lower(connectionString);
1311  whereData[ROLE_COL].data<std::string>() = role;
1312  std::stringstream whereClause;
1313  whereClause << "AUTHO." << C_ID_COL << "="
1314  << "CREDS." << CONNECTION_ID_COL;
1315  whereClause << " AND "
1316  << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
1317  whereClause << " AND "
1318  << "AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
1319  whereClause << " AND "
1320  << "AUTHO." << ROLE_COL << " = :" << ROLE_COL;
1321  query->defineOutput(readBuff);
1322  query->addToOutputList("AUTHO." + AUTH_KEY_COL);
1323  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1324  query->addToOutputList("CREDS." + USERNAME_COL);
1325  query->addToOutputList("CREDS." + PASSWORD_COL);
1326  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1327  query->setCondition(whereClause.str(), whereData);
1328  coral::ICursor& cursor = query->execute();
1329  auto ret = std::make_pair(std::string(""), std::string(""));
1330  if (cursor.next()) {
1331  const coral::AttributeList& row = cursor.currentRow();
1332  const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
1333  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1334  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1335  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1336  std::string authKey = cipher.b64decrypt(encryptedAuthKey);
1337  auth::Cipher connCipher(authKey);
1338  std::string verificationString = connCipher.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
1339  if (verificationString == connectionLabel) {
1340  ret.first = connCipher.b64decrypt(encryptedUserName);
1341  ret.second = connCipher.b64decrypt(encryptedPassword);
1342  }
1343  }
1344  session.close();
1345  return ret;
1346 }
static const std::string ROLE_COL("C_ROLE")
ret
prodAgent to be discontinued
static const std::string SCHEMA_COL("C_SCHEMA")
std::string to_lower(const std::string &s)
static const std::string PASSWORD_COL("CRED5")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")

◆ importForPrincipal()

bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data,
bool  forceUpdateConnection = false 
)

import data

Definition at line 1348 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), getInfo::conn, l1RCTOmdsFedVectorProducer_cfi::connectionString, L1TdeStage2CaloLayer1_cfi::dataSource, newFWLiteAna::found, cond::PrincipalData::id, genParticles_cff::map, mps_check::msg, writedatasetfile::parser, EcalCondDBWriter_cfi::password, cond::schemaLabel(), cond::selectPrincipal(), serviceName, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

1350  {
1351  CSScopedSession session(*this);
1352  session.start(false);
1353  coral::ISchema& schema = m_session->nominalSchema();
1354 
1355  PrincipalData princData;
1356  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1357 
1358  if (!found) {
1359  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1360  throwException(msg, "CredentialStore::importForPrincipal");
1361  }
1362 
1363  bool imported = false;
1364  auth::Cipher cipher(m_principalKey);
1365  std::string princKey = cipher.b64decrypt(princData.adminKey);
1366 
1367  const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& creds = dataSource.data();
1368  for (std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>::const_iterator iConn =
1369  creds.begin();
1370  iConn != creds.end();
1371  ++iConn) {
1372  const std::string& connectionString = iConn->first.first;
1373  coral::URIParser parser;
1374  parser.setURI(connectionString);
1375  std::string serviceName = parser.hostName();
1376  const std::string& role = iConn->first.second;
1377  std::string userName = iConn->second->valueForItem(coral::IAuthenticationCredentials::userItem());
1378  std::string password = iConn->second->valueForItem(coral::IAuthenticationCredentials::passwordItem());
1379  // first import the connections
1380  std::pair<int, std::string> conn = updateConnectionData(m_key.version(),
1381  schema,
1384  userName,
1385  password,
1386  forceUpdateConnection,
1387  m_log);
1388  auth::Cipher cipher(m_principalKey);
1389  // than set the permission for the specific role
1391  m_key.version(), schema, princData.id, princKey, role, connectionString, conn.first, conn.second, m_log);
1392  imported = true;
1393  }
1394  session.close();
1395  return imported;
1396 }
std::pair< int, std::string > updateConnectionData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate, std::stringstream &log)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
bool setPermissionData(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
std::stringstream m_log
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
friend class CSScopedSession
const std::string & serviceName()
auth::DecodingKey m_key
tuple msg
Definition: mps_check.py:286
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106
conn
Definition: getInfo.py:9
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)

◆ keyPrincipalName()

const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1584 of file CredentialStore.cc.

Referenced by cond::getDbCredentials().

1584 { return m_authenticatedPrincipal; }
std::string m_authenticatedPrincipal

◆ listConnections()

bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1419 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), CREDENTIAL_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

1419  {
1420  CSScopedSession session(*this);
1421  session.start(true);
1422  coral::ISchema& schema = m_session->nominalSchema();
1423 
1424  std::unique_ptr<coral::IQuery> query(schema.tableHandle(tname(CREDENTIAL_TABLE, m_key.version())).newQuery());
1425  coral::AttributeList readBuff;
1426  readBuff.extend<std::string>(CONNECTION_LABEL_COL);
1427  readBuff.extend<std::string>(USERNAME_COL);
1428  readBuff.extend<std::string>(PASSWORD_COL);
1429  readBuff.extend<std::string>(VERIFICATION_KEY_COL);
1430  readBuff.extend<std::string>(CONNECTION_KEY_COL);
1431  query->defineOutput(readBuff);
1432  query->addToOutputList(CONNECTION_LABEL_COL);
1433  query->addToOutputList(USERNAME_COL);
1434  query->addToOutputList(PASSWORD_COL);
1435  query->addToOutputList(VERIFICATION_KEY_COL);
1436  query->addToOutputList(CONNECTION_KEY_COL);
1437  coral::ICursor& cursor = query->execute();
1438  bool found = false;
1439  auth::Cipher cipher0(m_principalKey);
1440  while (cursor.next()) {
1441  std::string userName("");
1442  std::string password("");
1443  const coral::AttributeList& row = cursor.currentRow();
1444  const std::string& connLabel = row[CONNECTION_LABEL_COL].data<std::string>();
1445  const std::string& encryptedKey = row[CONNECTION_KEY_COL].data<std::string>();
1446  const std::string& encryptedVerif = row[VERIFICATION_KEY_COL].data<std::string>();
1447  std::string connKey = cipher0.b64decrypt(encryptedKey);
1448  auth::Cipher cipher1(connKey);
1449  std::string verif = cipher1.b64decrypt(encryptedVerif);
1450  if (verif == connLabel) {
1451  const std::string& encryptedUserName = row[USERNAME_COL].data<std::string>();
1452  const std::string& encryptedPassword = row[PASSWORD_COL].data<std::string>();
1453  userName = cipher1.b64decrypt(encryptedUserName);
1454  password = cipher1.b64decrypt(encryptedPassword);
1455  }
1456  destination.insert(std::make_pair(connLabel, std::make_pair(userName, password)));
1457  found = true;
1458  }
1459  session.close();
1460  return found;
1461 }
static const std::string PASSWORD_COL("CRED5")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")

◆ listPrincipals()

bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1398 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), cond::CSScopedSession::close(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, PRINCIPAL_NAME_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and tname().

1398  {
1399  CSScopedSession session(*this);
1400  session.start(true);
1401  coral::ISchema& schema = m_session->nominalSchema();
1402 
1403  std::unique_ptr<coral::IQuery> query(schema.tableHandle(tname(AUTHENTICATION_TABLE, m_key.version())).newQuery());
1404  coral::AttributeList readBuff;
1405  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1406  query->defineOutput(readBuff);
1407  query->addToOutputList(PRINCIPAL_NAME_COL);
1408  coral::ICursor& cursor = query->execute();
1409  bool found = false;
1410  while (cursor.next()) {
1411  found = true;
1412  const coral::AttributeList& row = cursor.currentRow();
1413  destination.push_back(row[PRINCIPAL_NAME_COL].data<std::string>());
1414  }
1415  session.close();
1416  return found;
1417 }
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
Definition: query.py:1
friend class CSScopedSession
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string PRINCIPAL_NAME_COL("P_NAME")

◆ log()

std::string cond::CredentialStore::log ( )

◆ openConnection()

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString)
private

Definition at line 605 of file CredentialStore.cc.

References l1RCTOmdsFedVectorProducer_cfi::connectionString, and instance.

605  {
606  coral::IHandle<coral::IRelationalService> relationalService =
607  coral::Context::instance().query<coral::IRelationalService>();
608  if (!relationalService.isValid()) {
609  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
610  relationalService = coral::Context::instance().query<coral::IRelationalService>();
611  }
612  coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
613  std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
614  m_connection.reset(domain.newConnection(connTokens.first));
615  m_connection->connect();
616  return connTokens;
617 }
static PFTauRenderPlugin instance
std::shared_ptr< coral::IConnection > m_connection

◆ openSession() [1/2]

void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
)
private

Definition at line 619 of file CredentialStore.cc.

References EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

622  {
623  coral::AccessMode accessMode = coral::ReadOnly;
624  if (!readMode)
625  accessMode = coral::Update;
626  m_session.reset(m_connection->newSession(schemaName, accessMode));
627  m_session->startUserSession(userName, password);
628  // open read-only transaction
629  m_session->transaction().start(readMode);
630  m_log << "New session opened." << std::endl;
631 }
std::stringstream m_log
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection

◆ openSession() [2/2]

void cond::CredentialStore::openSession ( bool  readOnly = true)
private

◆ removeConnection()

bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1195 of file CredentialStore.cc.

References AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CREDENTIAL_TABLE(), newFWLiteAna::found, cond::CredentialData::id, mps_check::msg, cond::selectConnection(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

1195  {
1196  CSScopedSession session(*this);
1197  session.start(false);
1198  coral::ISchema& schema = m_session->nominalSchema();
1199 
1200  CredentialData credsData;
1201  bool found = selectConnection(m_key.version(), schema, connectionLabel, credsData);
1202 
1203  if (!found) {
1204  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1205  throwException(msg, "CredentialStore::removeConnection");
1206  }
1207 
1208  m_log << "Removing connection " << connectionLabel << std::endl;
1209  coral::ITableDataEditor& editor0 = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
1210 
1211  coral::AttributeList deleteData0;
1212  deleteData0.extend<int>(C_ID_COL);
1213  deleteData0[C_ID_COL].data<int>() = credsData.id;
1214  std::string whereClause0 = C_ID_COL + " = :" + C_ID_COL;
1215  editor0.deleteRows(whereClause0, deleteData0);
1216 
1217  coral::ITableDataEditor& editor1 = schema.tableHandle(tname(CREDENTIAL_TABLE, m_key.version())).dataEditor();
1218 
1219  coral::AttributeList deleteData1;
1220  deleteData1.extend<int>(CONNECTION_ID_COL);
1221  deleteData1[CONNECTION_ID_COL].data<int>() = credsData.id;
1222  std::string whereClause1 = CONNECTION_ID_COL + " = :" + CONNECTION_ID_COL;
1223  editor1.deleteRows(whereClause1, deleteData1);
1224 
1225  session.close();
1226 
1227  return true;
1228 }
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
std::stringstream m_log
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
bool selectConnection(const std::string &schemaVersion, coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
tuple msg
Definition: mps_check.py:286
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string C_ID_COL("C_ID")

◆ removePrincipal()

bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1159 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), newFWLiteAna::found, cond::PrincipalData::id, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

1159  {
1160  CSScopedSession session(*this);
1161  session.start(false);
1162  coral::ISchema& schema = m_session->nominalSchema();
1163 
1164  PrincipalData princData;
1165  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1166 
1167  if (!found) {
1168  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1169  throwException(msg, "CredentialStore::removePrincipal");
1170  }
1171 
1172  m_log << "Removing principal " << principal << " (id: " << princData.id << ")" << std::endl;
1173 
1174  coral::ITableDataEditor& editor0 = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
1175 
1176  coral::AttributeList deleteData0;
1177  deleteData0.extend<int>(P_ID_COL);
1178  deleteData0[P_ID_COL].data<int>() = princData.id;
1179  std::string whereClause0 = P_ID_COL + " = :" + P_ID_COL;
1180  editor0.deleteRows(whereClause0, deleteData0);
1181 
1182  coral::ITableDataEditor& editor1 = schema.tableHandle(tname(AUTHENTICATION_TABLE, m_key.version())).dataEditor();
1183 
1184  coral::AttributeList deleteData1;
1185  deleteData1.extend<int>(PRINCIPAL_ID_COL);
1186  deleteData1[PRINCIPAL_ID_COL].data<int>() = princData.id;
1187  std::string whereClause1 = PRINCIPAL_ID_COL + " = :" + PRINCIPAL_ID_COL;
1188  editor1.deleteRows(whereClause1, deleteData1);
1189 
1190  session.close();
1191 
1192  return true;
1193 }
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
std::stringstream m_log
friend class CSScopedSession
auth::DecodingKey m_key
static const std::string PRINCIPAL_ID_COL("P_ID")
tuple msg
Definition: mps_check.py:286
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string P_ID_COL("P_ID")
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)

◆ resetAdmin()

bool cond::CredentialStore::resetAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 976 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, l1RCTOmdsFedVectorProducer_cfi::connectionString, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, EcalCondDBWriter_cfi::password, cond::PrincipalData::principalKey, runTheMatrix::ret, cond::schemaLabel(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), cond::updatePrincipalData(), and EcalCondDBWriter_cfi::userName.

976  {
977  if (!m_serviceData) {
978  throwException("The credential store has not been initialized.", "cond::CredentialStore::installAdmin");
979  }
981 
982  CSScopedSession session(*this);
983  session.startSuper(connectionString, userName, password);
984 
985  coral::ISchema& schema = m_session->nominalSchema();
986  const std::string& principalName = m_key.principalName();
987  const std::string& authenticationKey = m_key.principalKey();
988  PrincipalData princData;
989  if (!selectPrincipal(m_key.version(), schema, principalName, princData)) {
990  std::string msg("User \"");
991  msg += principalName + "\" has not been found.";
992  throwException(msg, "CredentialStore::resetAdmin");
993  }
994  auth::Cipher cipher0(authenticationKey);
995  m_principalKey = cipher0.b64decrypt(princData.principalKey);
996 
997  auto p = updatePrincipalData(m_key.version(), schema, authenticationKey, principalName, m_principalKey, false, m_log);
998  std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
999  auto connParams = updateConnectionData(
1000  m_key.version(), schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
1002  schema,
1003  p.first,
1007  connParams.first,
1008  connParams.second,
1009  m_log);
1010  session.close();
1011  return ret;
1012 }
std::pair< int, std::string > updateConnectionData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate, std::stringstream &log)
ret
prodAgent to be discontinued
std::pair< int, std::string > updatePrincipalData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init, std::stringstream &log)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
bool setPermissionData(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
std::stringstream m_log
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:19
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
friend class CSScopedSession
auth::DecodingKey m_key
const std::string & principalName() const
Definition: DecodingKey.h:108
tuple msg
Definition: mps_check.py:286
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106
const auth::ServiceCredentials * m_serviceData
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
const std::string & principalKey() const
Definition: DecodingKey.h:110

◆ selectForUser()

bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1230 of file CredentialStore.cc.

References AUTH_KEY_COL(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), to_lower(), USERNAME_COL(), and VERIFICATION_KEY_COL().

1230  {
1231  CSScopedSession session(*this);
1232  session.start(true);
1233  coral::ISchema& schema = m_session->nominalSchema();
1234 
1235  auth::Cipher cipher(m_principalKey);
1236 
1237  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1238  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1239  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1240  coral::AttributeList readBuff;
1241  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1242  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1243  readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
1244  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1245  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
1246  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
1247  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
1248  coral::AttributeList whereData;
1249  whereData.extend<int>(P_ID_COL);
1250  whereData[P_ID_COL].data<int>() = m_principalId;
1251  std::stringstream whereClause;
1252  whereClause << "AUTHO." << C_ID_COL << "="
1253  << "CREDS." << CONNECTION_ID_COL;
1254  whereClause << " AND "
1255  << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
1256  query->defineOutput(readBuff);
1257  query->addToOutputList("AUTHO." + ROLE_COL);
1258  query->addToOutputList("AUTHO." + SCHEMA_COL);
1259  query->addToOutputList("AUTHO." + AUTH_KEY_COL);
1260  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1261  query->addToOutputList("CREDS." + USERNAME_COL);
1262  query->addToOutputList("CREDS." + PASSWORD_COL);
1263  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
1264  query->setCondition(whereClause.str(), whereData);
1265  coral::ICursor& cursor = query->execute();
1266  while (cursor.next()) {
1267  const coral::AttributeList& row = cursor.currentRow();
1268  const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
1269  const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1270  const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
1271  const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1272  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
1273  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
1274  std::string authKey = cipher.b64decrypt(encryptedAuthKey);
1275  auth::Cipher connCipher(authKey);
1276  std::string verificationString = connCipher.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
1277  if (verificationString == connectionLabel) {
1279  role,
1280  connCipher.b64decrypt(encryptedUserName),
1281  connCipher.b64decrypt(encryptedPassword));
1282  }
1283  }
1284  session.close();
1285  return true;
1286 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
std::string to_lower(const std::string &s)
static const std::string PASSWORD_COL("CRED5")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")

◆ selectPermissions()

bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1463 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, l1RCTOmdsFedVectorProducer_cfi::connectionString, cond::CredentialStore::Permission::connectionString, CREDENTIAL_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, contentValuesFiles::query, cond::CredentialStore::Permission::role, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), and to_lower().

1466  {
1467  CSScopedSession session(*this);
1468  session.start(true);
1469  coral::ISchema& schema = m_session->nominalSchema();
1470  std::unique_ptr<coral::IQuery> query(schema.newQuery());
1471  query->addToTableList(tname(AUTHENTICATION_TABLE, m_key.version()), "AUTHE");
1472  query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
1473  query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
1474  coral::AttributeList readBuff;
1475  readBuff.extend<std::string>("AUTHE." + PRINCIPAL_NAME_COL);
1476  readBuff.extend<std::string>("AUTHO." + ROLE_COL);
1477  readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
1478  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
1479  coral::AttributeList whereData;
1480  std::stringstream whereClause;
1481  whereClause << "AUTHE." << PRINCIPAL_ID_COL << "= AUTHO." << P_ID_COL;
1482  whereClause << " AND AUTHO." << C_ID_COL << "="
1483  << "CREDS." << CONNECTION_ID_COL;
1484  if (!principalName.empty()) {
1485  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1486  whereData[PRINCIPAL_NAME_COL].data<std::string>() = principalName;
1487  whereClause << " AND AUTHE." << PRINCIPAL_NAME_COL << " = :" << PRINCIPAL_NAME_COL;
1488  }
1489  if (!role.empty()) {
1490  whereData.extend<std::string>(ROLE_COL);
1491  whereData[ROLE_COL].data<std::string>() = role;
1492  whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
1493  }
1494  if (!connectionString.empty()) {
1495  whereData.extend<std::string>(SCHEMA_COL);
1496  whereData[SCHEMA_COL].data<std::string>() = to_lower(connectionString);
1497  whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
1498  }
1499 
1500  query->defineOutput(readBuff);
1501  query->addToOutputList("AUTHE." + PRINCIPAL_NAME_COL);
1502  query->addToOutputList("AUTHO." + ROLE_COL);
1503  query->addToOutputList("AUTHO." + SCHEMA_COL);
1504  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
1505  query->setCondition(whereClause.str(), whereData);
1506  query->addToOrderList("AUTHO." + SCHEMA_COL);
1507  query->addToOrderList("AUTHE." + PRINCIPAL_NAME_COL);
1508  query->addToOrderList("AUTHO." + ROLE_COL);
1509  coral::ICursor& cursor = query->execute();
1510  bool found = false;
1511  while (cursor.next()) {
1512  const coral::AttributeList& row = cursor.currentRow();
1513  destination.resize(destination.size() + 1);
1514  Permission& perm = destination.back();
1515  perm.principalName = row["AUTHE." + PRINCIPAL_NAME_COL].data<std::string>();
1516  perm.role = row["AUTHO." + ROLE_COL].data<std::string>();
1517  perm.connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
1518  perm.connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
1519  found = true;
1520  }
1521  session.close();
1522  return found;
1523 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
std::string to_lower(const std::string &s)
Definition: query.py:1
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string PRINCIPAL_NAME_COL("P_NAME")

◆ serviceName()

const std::string & cond::CredentialStore::serviceName ( )

Definition at line 1582 of file CredentialStore.cc.

1582 { return m_serviceName; }

◆ setPermission()

bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 1052 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, l1RCTOmdsFedVectorProducer_cfi::connectionString, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, mps_check::msg, runTheMatrix::ret, cond::selectConnection(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1055  {
1056  CSScopedSession session(*this);
1057  session.start(false);
1058 
1059  coral::ISchema& schema = m_session->nominalSchema();
1060 
1061  PrincipalData princData;
1062  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1063 
1064  if (!found) {
1065  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1066  throwException(msg, "CredentialStore::setPermission");
1067  }
1068 
1069  m_log << "Principal " << principal << " id: " << princData.id << std::endl;
1070  CredentialData credsData;
1071  found = selectConnection(m_key.version(), schema, connectionLabel, credsData);
1072 
1073  if (!found) {
1074  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1075  throwException(msg, "CredentialStore::setPermission");
1076  }
1077 
1078  auth::Cipher cipher(m_principalKey);
1080  schema,
1081  princData.id,
1082  cipher.b64decrypt(princData.adminKey),
1083  role,
1085  credsData.id,
1086  cipher.b64decrypt(credsData.connectionKey),
1087  m_log);
1088  session.close();
1089  return ret;
1090 }
ret
prodAgent to be discontinued
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
bool setPermissionData(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
std::stringstream m_log
friend class CSScopedSession
auth::DecodingKey m_key
bool selectConnection(const std::string &schemaVersion, coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
tuple msg
Definition: mps_check.py:286
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)

◆ setUpForConnectionString()

std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 791 of file CredentialStore.cc.

References lumi_dqm_sourceclient-live_cfg::authPath, l1RCTOmdsFedVectorProducer_cfi::connectionString, instance, serviceName, and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::getDbCredentials().

792  {
793  coral::IHandle<coral::IRelationalService> relationalService =
794  coral::Context::instance().query<coral::IRelationalService>();
795  if (!relationalService.isValid()) {
796  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
797  relationalService = coral::Context::instance().query<coral::IRelationalService>();
798  }
799  coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
800  std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
801  std::string& serviceName = connTokens.first;
803 }
static PFTauRenderPlugin instance
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
const std::string & serviceName()

◆ setUpForService()

std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 759 of file CredentialStore.cc.

References lumi_dqm_sourceclient-live_cfg::authPath, cond::auth::COND_KEY, geometryDiff::file, cond::auth::DecodingKey::FILE_PATH, contentValuesFiles::fullPath, mps_check::msg, castor_dqm_sourceclient_file_cfg::path, serviceName, AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

759  {
760  if (serviceName.empty()) {
761  throwException("Service name has not been provided.", "cond::CredentialStore::setUpConnection");
762  }
763  m_serviceName.clear();
764  m_serviceData = nullptr;
765 
766  if (authPath.empty()) {
767  throwException("The authentication Path has not been provided.", "cond::CredentialStore::setUpForService");
768  }
770  if (!std::filesystem::exists(authPath) || !std::filesystem::is_directory(authPath)) {
771  throwException("Authentication Path is invalid.", "cond::CredentialStore::setUpForService");
772  }
774  fullPath /= file;
775 
776  m_key.init(fullPath.string(), auth::COND_KEY);
777 
778  std::map<std::string, auth::ServiceCredentials>::const_iterator iK = m_key.services().find(serviceName);
779  if (iK == m_key.services().end()) {
780  std::string msg("");
781  msg += "Service \"" + serviceName + "\" can't be open with the current key.";
782  throwException(msg, "cond::CredentialStore::setUpConnection");
783  }
785  m_serviceData = &iK->second;
786  m_log << "Opening Credential Store for service " << m_serviceName << " on " << m_serviceData->connectionString
787  << std::endl;
789 }
size_t init(const std::string &keyFileName, const std::string &password, bool readMode=true)
Definition: DecodingKey.cc:113
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
std::stringstream m_log
const std::string & serviceName()
auth::DecodingKey m_key
tuple msg
Definition: mps_check.py:286
const std::map< std::string, ServiceCredentials > & services() const
Definition: DecodingKey.h:116
static constexpr const char *const FILE_PATH
Definition: DecodingKey.h:35
const auth::ServiceCredentials * m_serviceData
static constexpr const char *const COND_KEY
Definition: Auth.h:35

◆ startSession()

void cond::CredentialStore::startSession ( bool  readMode)
private

Definition at line 641 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), CREDENTIAL_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), cond::PrincipalData::principalKey, contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

641  {
642  if (!m_serviceData) {
643  throwException("The credential store has not been initialized.", "cond::CredentialStore::openConnection");
644  }
645  const std::string& storeConnectionString = m_serviceData->connectionString;
646 
647  std::pair<std::string, std::string> connTokens = openConnection(storeConnectionString);
648 
651 
652  openSession(connTokens.second, userName, password, true);
653 
654  coral::ISchema& schema = m_session->nominalSchema();
655  const std::string& schemaVersion = m_key.version();
656  if (!schema.existsTable(tname(AUTHENTICATION_TABLE, schemaVersion)) ||
657  !schema.existsTable(tname(AUTHORIZATION_TABLE, schemaVersion)) ||
658  !schema.existsTable(tname(CREDENTIAL_TABLE, schemaVersion))) {
659  throwException("Credential database does not exists in \"" + storeConnectionString + "\"",
660  "CredentialStore::startSession");
661  }
662 
663  const std::string& principalName = m_key.principalName();
664  // now authenticate...
665  PrincipalData princData;
666  if (!selectPrincipal(schemaVersion, m_session->nominalSchema(), principalName, princData)) {
667  throwException("Invalid credentials provided.(0)", "CredentialStore::startSession");
668  }
669  auth::Cipher cipher0(m_key.principalKey());
670  std::string verifStr = cipher0.b64decrypt(princData.verifKey);
671  if (verifStr != principalName) {
672  throwException("Invalid credentials provided (1)", "CredentialStore::startSession");
673  }
674  // ok, authenticated!
675  m_principalId = princData.id;
676  m_principalKey = cipher0.b64decrypt(princData.principalKey);
678 
679  if (!readMode) {
680  auth::Cipher cipher0(m_principalKey);
681  std::string adminKey = cipher0.b64decrypt(princData.adminKey);
682  if (adminKey != m_principalKey) {
683  // not admin user!
684  throwException("Provided credentials does not allow admin operation.", "CredentialStore::openSession");
685  }
686 
687  // first find the credentials for WRITING in the security tables
688  std::unique_ptr<coral::IQuery> query(schema.newQuery());
689  query->addToTableList(tname(AUTHORIZATION_TABLE, schemaVersion), "AUTHO");
690  query->addToTableList(tname(CREDENTIAL_TABLE, schemaVersion), "CREDS");
691  coral::AttributeList readBuff;
692  readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
693  readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
694  readBuff.extend<std::string>("CREDS." + USERNAME_COL);
695  readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
696  readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
697  coral::AttributeList whereData;
698  whereData.extend<int>(P_ID_COL);
699  whereData.extend<std::string>(ROLE_COL);
700  whereData.extend<std::string>(SCHEMA_COL);
701  whereData[P_ID_COL].data<int>() = m_principalId;
702  whereData[ROLE_COL].data<std::string>() = auth::COND_ADMIN_ROLE;
703  whereData[SCHEMA_COL].data<std::string>() = storeConnectionString;
704  std::stringstream whereClause;
705  whereClause << "AUTHO." << C_ID_COL << " = CREDS." << CONNECTION_ID_COL;
706  whereClause << " AND AUTHO." << P_ID_COL << " = :" << P_ID_COL;
707  whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
708  whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
709  query->defineOutput(readBuff);
710  query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
711  query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
712  query->addToOutputList("CREDS." + USERNAME_COL);
713  query->addToOutputList("CREDS." + PASSWORD_COL);
714  query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
715  query->setCondition(whereClause.str(), whereData);
716  coral::ICursor& cursor = query->execute();
717  bool found = false;
718  std::string writeUserName("");
719  std::string writePassword("");
720  if (cursor.next()) {
721  const coral::AttributeList& row = cursor.currentRow();
722  const std::string& connLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
723  const std::string& encryptedConnectionKey = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
724  std::string connectionKey = cipher0.b64decrypt(encryptedConnectionKey);
725  auth::Cipher cipher1(connectionKey);
726  const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
727  const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
728  std::string verificationKey = cipher1.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
729  if (verificationKey != connLabel) {
730  throwException("Could not decrypt credentials.Provided key is invalid.", "CredentialStore::startSession");
731  }
732  writeUserName = cipher1.b64decrypt(encryptedUserName);
733  writePassword = cipher1.b64decrypt(encryptedPassword);
734  found = true;
735  }
736  if (!found) {
737  throwException("Provided credentials are invalid for write access.", "CredentialStore::openSession");
738  }
739  m_session->transaction().commit();
740  m_session->endUserSession();
741  openSession(connTokens.second, writeUserName, writePassword, false);
742  }
743 }
static const std::string ROLE_COL("C_ROLE")
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
std::string m_authenticatedPrincipal
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string AUTHENTICATION_TABLE("AUTHENTICATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
static const std::string PASSWORD_COL("CRED5")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:19
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
const std::string & principalName() const
Definition: DecodingKey.h:108
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string CREDENTIAL_TABLE("CREDENTIAL")
static const std::string P_ID_COL("P_ID")
const auth::ServiceCredentials * m_serviceData
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
static const std::string C_ID_COL("C_ID")
const std::string & principalKey() const
Definition: DecodingKey.h:110

◆ startSuperSession()

void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)
private

Definition at line 633 of file CredentialStore.cc.

References l1RCTOmdsFedVectorProducer_cfi::connectionString, EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

635  {
636  std::pair<std::string, std::string> connTokens = openConnection(connectionString);
637  openSession(connTokens.second, userName, password, false);
638 }
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
std::pair< std::string, std::string > openConnection(const std::string &connectionString)

◆ unsetPermission()

size_t cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 1092 of file CredentialStore.cc.

References AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), l1RCTOmdsFedVectorProducer_cfi::connectionString, newFWLiteAna::found, cond::getAuthorizationEntries(), cond::PrincipalData::id, mps_check::msg, P_ID_COL(), ROLE_COL(), cond::auth::ROLES, SCHEMA_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

1094  {
1095  if (!role.empty() && cond::auth::ROLES.find(role) == cond::auth::ROLES.end()) {
1096  throwException(std::string("Role ") + role + " does not exists.", "CredentialStore::unsetPermission");
1097  }
1098  CSScopedSession session(*this);
1099  session.start(false);
1100  coral::ISchema& schema = m_session->nominalSchema();
1101 
1102  coral::AttributeList deleteData;
1103  deleteData.extend<std::string>(SCHEMA_COL);
1104  std::stringstream whereClause;
1105  m_log << "Removing permissions to access resource " << connectionString;
1106  if (!role.empty()) {
1107  deleteData.extend<std::string>(ROLE_COL);
1108  m_log << " with role " << role;
1109  }
1110  int princId = -1;
1111  if (!principal.empty()) {
1112  PrincipalData princData;
1113  bool found = selectPrincipal(m_key.version(), schema, principal, princData);
1114 
1115  if (!found) {
1116  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1117  throwException(msg, "CredentialStore::unsetPermission");
1118  }
1119  deleteData.extend<int>(P_ID_COL);
1120  princId = princData.id;
1121  m_log << " by principal " << principal << " (id: " << princData.id << ")";
1122  }
1123 
1124  size_t n_e = getAuthorizationEntries(m_key.version(), schema, princId, role, connectionString);
1125  m_log << ": " << n_e << " authorization entries." << std::endl;
1126  if (n_e) {
1127  deleteData[SCHEMA_COL].data<std::string>() = connectionString;
1128  whereClause << SCHEMA_COL << " = :" << SCHEMA_COL;
1129  if (!role.empty()) {
1130  deleteData[ROLE_COL].data<std::string>() = role;
1131  whereClause << " AND " << ROLE_COL << " = :" << ROLE_COL;
1132  }
1133  if (!principal.empty()) {
1134  deleteData[P_ID_COL].data<int>() = princId;
1135  whereClause << " AND " << P_ID_COL + " = :" + P_ID_COL;
1136  }
1137  coral::ITableDataEditor& editor = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
1138  editor.deleteRows(whereClause.str(), deleteData);
1139  }
1140  session.close();
1141  return n_e;
1142 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
std::stringstream m_log
static const std::set< std::string > ROLES
Definition: Auth.h:21
friend class CSScopedSession
auth::DecodingKey m_key
tuple msg
Definition: mps_check.py:286
std::shared_ptr< coral::ISession > m_session
static const std::string AUTHORIZATION_TABLE("AUTHORIZATION")
const std::string & version() const
Definition: DecodingKey.h:106
std::string tname(const std::string &tableName, const std::string &schemaVersion)
static const std::string P_ID_COL("P_ID")
bool selectPrincipal(const std::string &schemaVersion, coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
size_t getAuthorizationEntries(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &role, const std::string &connectionString)

◆ updateConnection()

bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1144 of file CredentialStore.cc.

References cond::CSScopedSession::close(), EcalCondDBWriter_cfi::password, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, to_lower(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

1146  {
1147  CSScopedSession session(*this);
1148  session.start(false);
1149 
1150  m_session->transaction().start();
1151  coral::ISchema& schema = m_session->nominalSchema();
1152  std::string connLabel = to_lower(connectionLabel);
1153  updateConnectionData(m_key.version(), schema, m_principalKey, connLabel, userName, password, true, m_log);
1154 
1155  session.close();
1156  return true;
1157 }
std::pair< int, std::string > updateConnectionData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &adminKey, const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate, std::stringstream &log)
std::string to_lower(const std::string &s)
std::stringstream m_log
friend class CSScopedSession
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106

◆ updatePrincipal()

bool cond::CredentialStore::updatePrincipal ( const std::string &  principal,
const std::string &  principalKey,
bool  setAdmin = false 
)

Definition at line 1014 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::CredentialData::id, cmsHarvester::permissions, runTheMatrix::ret, cond::selectConnection(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().

1016  {
1017  CSScopedSession session(*this);
1018  session.start(false);
1019  coral::ISchema& schema = m_session->nominalSchema();
1020  auto princData =
1021  updatePrincipalData(m_key.version(), schema, authenticationKey, principalName, m_principalKey, false, m_log);
1022  bool ret = false;
1023  if (setAdmin) {
1024  int princId = princData.first;
1025  std::string princKey = m_principalKey;
1027  std::vector<Permission> permissions;
1029  throwException("The current operating user is not admin user on the underlying Credential Store.",
1030  "CredentialStore::updatePrincipal");
1031  }
1032  std::string connLabel = permissions.front().connectionLabel;
1033  CredentialData credsData;
1034  if (!selectConnection(m_key.version(), schema, connLabel, credsData)) {
1035  throwException("Credential Store connection has not been defined.", "CredentialStore::updatePrincipal");
1036  }
1037  auth::Cipher adminCipher(m_principalKey);
1039  schema,
1040  princId,
1041  princKey,
1043  connString,
1044  credsData.id,
1045  adminCipher.b64decrypt(credsData.connectionKey),
1046  m_log);
1047  }
1048  session.close();
1049  return ret;
1050 }
ret
prodAgent to be discontinued
std::pair< int, std::string > updatePrincipalData(const std::string &schemaVersion, coral::ISchema &schema, const std::string &authenticationKey, const std::string &principalName, const std::string &adminKey, bool init, std::stringstream &log)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:18
bool setPermissionData(const std::string &schemaVersion, coral::ISchema &schema, int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey, std::stringstream &log)
std::stringstream m_log
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:19
friend class CSScopedSession
auth::DecodingKey m_key
bool selectConnection(const std::string &schemaVersion, coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
const std::string & principalName() const
Definition: DecodingKey.h:108
bool selectPermissions(const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
std::shared_ptr< coral::ISession > m_session
const std::string & version() const
Definition: DecodingKey.h:106
const auth::ServiceCredentials * m_serviceData

Friends And Related Function Documentation

◆ CSScopedSession

friend class CSScopedSession
friend

Definition at line 158 of file CredentialStore.h.

Member Data Documentation

◆ DEFAULT_DATA_SOURCE

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE
static

Definition at line 88 of file CredentialStore.h.

◆ m_authenticatedPrincipal

std::string cond::CredentialStore::m_authenticatedPrincipal
private

Definition at line 178 of file CredentialStore.h.

◆ m_connection

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection
private

Definition at line 175 of file CredentialStore.h.

◆ m_key

auth::DecodingKey cond::CredentialStore::m_key
private

Definition at line 186 of file CredentialStore.h.

◆ m_log

std::stringstream cond::CredentialStore::m_log
private

Definition at line 188 of file CredentialStore.h.

◆ m_principalId

int cond::CredentialStore::m_principalId
private

Definition at line 179 of file CredentialStore.h.

◆ m_principalKey

std::string cond::CredentialStore::m_principalKey
private

Definition at line 181 of file CredentialStore.h.

◆ m_serviceData

const auth::ServiceCredentials* cond::CredentialStore::m_serviceData
private

Definition at line 184 of file CredentialStore.h.

◆ m_serviceName

std::string cond::CredentialStore::m_serviceName
private

Definition at line 183 of file CredentialStore.h.

◆ m_session

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session
private

Definition at line 176 of file CredentialStore.h.