2019-10-03 04:50:55 +03:00
|
|
|
/*
|
|
|
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
|
|
|
*
|
|
|
|
* This software may be used and distributed according to the terms of the
|
|
|
|
* GNU General Public License version 2.
|
|
|
|
*/
|
2019-10-11 15:26:59 +03:00
|
|
|
|
2019-10-03 04:50:55 +03:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <thrift/lib/cpp/TProcessorEventHandler.h>
|
|
|
|
#include <stdexcept>
|
|
|
|
|
|
|
|
namespace facebook {
|
|
|
|
namespace eden {
|
|
|
|
|
2019-10-11 08:42:32 +03:00
|
|
|
class ServerState;
|
2019-10-03 04:50:55 +03:00
|
|
|
|
|
|
|
class NotAuthorized : public std::runtime_error {
|
|
|
|
public:
|
|
|
|
using std::runtime_error::runtime_error;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Throws NotAuthorized in preRead if process connected to Eden's unix domain
|
|
|
|
* socket has an effective uid not allowed to access a given Thrift method.
|
|
|
|
*/
|
|
|
|
class ThriftPermissionChecker : public apache::thrift::TProcessorEventHandler {
|
|
|
|
public:
|
2019-10-11 08:42:32 +03:00
|
|
|
explicit ThriftPermissionChecker(std::shared_ptr<ServerState> serverState);
|
2019-10-03 04:50:55 +03:00
|
|
|
|
|
|
|
void* getContext(
|
|
|
|
const char* fn_name,
|
|
|
|
apache::thrift::TConnectionContext* connectionContext) override;
|
|
|
|
void freeContext(void* ctx, const char* fn_name) override;
|
|
|
|
|
|
|
|
void preRead(void* ctx, const char* fn_name) override;
|
|
|
|
|
|
|
|
private:
|
2019-10-11 08:42:32 +03:00
|
|
|
std::shared_ptr<ServerState> serverState_;
|
2019-10-03 04:50:55 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace eden
|
|
|
|
} // namespace facebook
|