Leosac
0.8.0
Open Source Access Control
|
Provide some kind of security framework to the Remote Control service. More...
#include <RemoteControlSecurity.hpp>
Public Types | |
using | KeyCommandsMap = std::unordered_map< std::string, std::vector< std::string > > |
Map user public key to a set of command. More... | |
Public Member Functions | |
RemoteControlSecurity (const boost::property_tree::ptree &cfg) | |
The config tree is the same tree that the RemoteControl object has. More... | |
bool | allow_request (const std::string &user_pubkey, const std::string &req) |
Private Member Functions | |
void | process_config () |
void | process_security_entry (const boost::property_tree::ptree &) |
Process one <map> entry. More... | |
Private Attributes | |
boost::property_tree::ptree | cfg_ |
std::unordered_map< std::string, bool > | default_permissions_ |
KeyCommandsMap | permissions_ |
bool | unrestricted_ |
If everyone has access to everything. More... | |
Provide some kind of security framework to the Remote Control service.
This allows relatively fine-grained permissions and allows user to chose who has access to the remote control, and how much permission they got.
Remote user are identified using the curve private key they use to connect.
Implementation Notes: We store a map of z85-encoded-pubkey <--> list (command name); The meaning of this map depends on the default permission for user.
If the user is by default granted permission, then the map holds a list command the user isn't allowed to perform. Otherwise, we store a list of allowed command.
Definition at line 48 of file RemoteControlSecurity.hpp.
using Leosac::RemoteControlSecurity::KeyCommandsMap = std::unordered_map<std::string, std::vector<std::string> > |
Map user public key to a set of command.
Definition at line 61 of file RemoteControlSecurity.hpp.
RemoteControlSecurity::RemoteControlSecurity | ( | const boost::property_tree::ptree & | cfg | ) |
The config tree is the same tree that the RemoteControl object has.
Definition at line 26 of file RemoteControlSecurity.cpp.
bool RemoteControlSecurity::allow_request | ( | const std::string & | user_pubkey, |
const std::string & | req | ||
) |
Definition at line 49 of file RemoteControlSecurity.cpp.
|
private |
Definition at line 33 of file RemoteControlSecurity.cpp.
|
private |
Process one <map>
entry.
Definition at line 71 of file RemoteControlSecurity.cpp.
|
private |
Definition at line 71 of file RemoteControlSecurity.hpp.
|
private |
Definition at line 73 of file RemoteControlSecurity.hpp.
|
private |
Definition at line 74 of file RemoteControlSecurity.hpp.
|
private |
If everyone has access to everything.
Definition at line 79 of file RemoteControlSecurity.hpp.