summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp114
-rw-r--r--TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp94
-rw-r--r--TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h7
-rw-r--r--TAO/orbsvcs/orbsvcs/SecurityLevel2.idl12
4 files changed, 79 insertions, 148 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp
index 1b8e35a91bb..a7293f1b11b 100644
--- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp
@@ -57,11 +57,16 @@ TAO::SSLIOP::Server_Invocation_Interceptor::Server_Invocation_Interceptor
if (! CORBA::is_nil (this->sec2manager_.in ()))
{
- // set the slot id?
+ // set the slot id? things seem to work without doing this
}
+#if 0
+ // Don't need this now that we're not using access_allowed(), but
+ // I'm leaving the code here just in case it would become convenient
+ // for some other use.
obj = info->resolve_initial_references ("POACurrent");
this->poa_current_ = PortableServer::Current::_narrow (obj.in ());
+#endif
}
TAO::SSLIOP::Server_Invocation_Interceptor::~Server_Invocation_Interceptor (
@@ -84,87 +89,6 @@ void
TAO::SSLIOP::Server_Invocation_Interceptor::receive_request_service_contexts (
PortableInterceptor::ServerRequestInfo_ptr /*ri*/)
{
- // The current upcall is not being performed through an SSL
- // connection. If server is configured to disallow insecure
- // invocations then throw a CORBA::NO_PERMISSION exception.
- // @@ TODO: Once the SecurityManager is implemented, query it
- // for the current object's
- // SecureInvocationPolicy of type
- // SecTargetSecureInvocationPolicy so that we can
- // accept or reject requests on a per-object basis
- // instead on a per-endpoint basis.
-#if 0
- CORBA::Boolean const no_ssl = this->ssliop_current_->no_context ();
-
- if (TAO_debug_level >= 3)
- ACE_DEBUG ((LM_DEBUG, "SSLIOP (%P|%t) Interceptor (context), ssl=%d\n", !(no_ssl)));
-
- if (no_ssl && this->qop_ != ::Security::SecQOPNoProtection)
- throw CORBA::NO_PERMISSION ();
-#endif
-#if defined(SSLIOP_DEBUG_PEER_CERTIFICATE)
- try
- {
- // If the request was not made through an SSL connection, then
- // this method will throw the SSLIOP::Current::NoContext
- // exception. Otherwise, it will return a DER encoded X509
- // certificate.
- ::SSLIOP::ASN_1_Cert_var cert =
- this->ssliop_current_->get_peer_certificate ();
-
- // @@ The following debugging code works but I don't think that
- // we should include it since it dumps alot of information,
- // i.e. prints two lines of information per request.
- if (TAO_debug_level > 1)
- {
- const CORBA::Octet *der_cert = cert->get_buffer ();
-
- ::X509 *peer = ::d2i_X509 (0, &der_cert, cert->length ());
- if (peer != 0)
- {
- char buf[BUFSIZ] = { 0 };
-
- ::X509_NAME_oneline (::X509_get_subject_name (peer),
- buf,
- BUFSIZ);
-
- ACE_DEBUG ((LM_DEBUG,
- "(%P|%t) Certificate subject: %s\n",
- buf));
-
- ::X509_NAME_oneline (::X509_get_issuer_name (peer),
- buf,
- BUFSIZ);
-
- ACE_DEBUG ((LM_DEBUG,
- "(%P|%t) Certificate issuer: %s\n",
- buf));
-
-
- ::X509_free (peer);
- }
- else
- {
- ACE_DEBUG ((LM_DEBUG,
- "(%P|%t) No certificate info\n"));
- }
- }
- }
- catch (const ::SSLIOP::Current::NoContext& )
- {
- // The current upcall is not being performed through an SSL
- // connection. If server is configured to disallow insecure
- // invocations then throw a CORBA::NO_PERMISSION exception.
- // @@ TODO: Once the SecurityManager is implemented, query it
- // for the current object's
- // SecureInvocationPolicy of type
- // SecTargetSecureInvocationPolicy so that we can
- // accept or reject requests on a per-object basis
- // instead on a per-endpoint basis.
- if (this->qop_ != ::Security::SecQOPNoProtection)
- throw CORBA::NO_PERMISSION ();
- }
-#endif /* SSLIOP_DEBUG_PEER_CERTIFICATE */
}
@@ -172,9 +96,10 @@ void
TAO::SSLIOP::Server_Invocation_Interceptor::receive_request (
PortableInterceptor::ServerRequestInfo_ptr ri )
{
- SecurityLevel2::AccessDecision_var ad =
+ SecurityLevel2::AccessDecision_var ad_tmp =
this->sec2manager_->access_decision ();
-
+ TAO::SL2::AccessDecision_var ad =
+ TAO::SL2::AccessDecision::_narrow (ad_tmp.in ());
CORBA::Boolean const no_ssl =
this->ssliop_current_->no_context ();
@@ -221,21 +146,22 @@ TAO::SSLIOP::Server_Invocation_Interceptor::receive_request (
}
#endif
- /* Get the target object */
- CORBA::Object_var target = CORBA::Object::_nil ();
-
- target = this->poa_current_->get_reference ();
+ /* Gather the elements that uniquely identify the target object */
+ CORBA::ORBid_var orb_id = ri->orbid ();
+ CORBA::OctetSeq_var adapter_id = ri->adapter_id ();
+ CORBA::OctetSeq_var object_id = ri->object_id ();
CORBA::String_var operation_name = ri->operation ();
- CORBA::String_var target_interface_name = ri->target_most_derived_interface(); // is this the repository ID?
CORBA::Boolean it_should_happen = false;
- it_should_happen = ad->access_allowed (cred_list,
- target.in(),
- operation_name.in(),
- target_interface_name.in());
+ it_should_happen = ad->access_allowed_ex (orb_id.in (),
+ adapter_id.in (),
+ object_id.in (),
+ cred_list.in (),
+ operation_name.in());
if (TAO_debug_level >= 3)
- ACE_DEBUG ((LM_DEBUG, "TAO (%P|%t) SL2::access_allowed returned %s\n",
+ ACE_DEBUG ((LM_DEBUG,
+ "TAO (%P|%t) SL2::access_allowed_ex returned %s\n",
it_should_happen ? "true" : "false"));
if (! it_should_happen)
diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp
index b33ebbf1491..6b0b4bfb15c 100644
--- a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp
+++ b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp
@@ -11,19 +11,6 @@ ACE_RCSID (Security,
TAO_BEGIN_VERSIONED_NAMESPACE_DECL
-unsigned long
-ACE_Hash<CORBA::Object_var>::operator() (const CORBA::Object_var& o) const
-{
- return o->_hash ((CORBA::ULong)-1);
-}
-
-int
-ACE_Equal_To<CORBA::Object_var>::operator () (const CORBA::Object_var& lhs,
- const CORBA::Object_var& rhs) const
-{
- return lhs->_is_equivalent (rhs.in ());
-}
-
TAO::Security::SecurityManager::SecurityManager (/* unknown */)
: principal_authenticator_ (SecurityLevel2::PrincipalAuthenticator::_nil ())
{
@@ -46,28 +33,24 @@ TAO::Security::SecurityManager::~SecurityManager (void)
Security::MechandOptionsList*
TAO::Security::SecurityManager::supported_mechanisms ()
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
SecurityLevel2::CredentialsList*
TAO::Security::SecurityManager::own_credentials ()
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
SecurityLevel2::RequiredRights_ptr
TAO::Security::SecurityManager::required_rights_object ()
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
SecurityLevel2::PrincipalAuthenticator_ptr
TAO::Security::SecurityManager::principal_authenticator ()
- ACE_THROW_SPEC ((CORBA::SystemException))
{
return SecurityLevel2::PrincipalAuthenticator::_duplicate
(this->principal_authenticator_.in () );
@@ -75,21 +58,18 @@ TAO::Security::SecurityManager::principal_authenticator ()
SecurityLevel2::AccessDecision_ptr
TAO::Security::SecurityManager::access_decision ()
- ACE_THROW_SPEC ((CORBA::SystemException))
{
return SecurityLevel2::AccessDecision::_duplicate (this->access_decision_.in () );
}
SecurityLevel2::AuditDecision_ptr
TAO::Security::SecurityManager::audit_decision ()
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
SecurityLevel2::TargetCredentials_ptr
TAO::Security::SecurityManager::get_target_credentials (CORBA::Object_ptr /*o*/)
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
@@ -97,14 +77,12 @@ TAO::Security::SecurityManager::get_target_credentials (CORBA::Object_ptr /*o*/)
void
TAO::Security::SecurityManager::remove_own_credentials (
SecurityLevel2::Credentials_ptr creds)
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
CORBA::Policy_ptr
TAO::Security::SecurityManager::get_security_policy (CORBA::PolicyType policy_type)
- ACE_THROW_SPEC ((CORBA::SystemException))
{
throw CORBA::NO_IMPLEMENT ();
}
@@ -113,6 +91,29 @@ TAO::Security::SecurityManager::get_security_policy (CORBA::PolicyType policy_ty
* AccessDecision stuff below here
*/
+bool
+TAO::Security::AccessDecision::ReferenceKeyType::operator== (const ReferenceKeyType& other) const
+{
+ if (this->oid_ == other.oid_
+ && this->adapter_id_ == other.adapter_id_
+ && (ACE_OS_String::strcmp (this->orbid_.in(), other.orbid_.in()) == 0) )
+ return true;
+ else
+ return false;
+}
+
+CORBA::ULong
+TAO::Security::AccessDecision::ReferenceKeyType::hash () const
+{
+ return 0;
+}
+
+const char*
+TAO::Security::AccessDecision::ReferenceKeyType::operator const char* () const
+{
+ return "<hardcoded refkey>";
+}
+
TAO::Security::AccessDecision::AccessDecision ()
: default_allowance_decision_ (false)
{
@@ -125,30 +126,21 @@ TAO::Security::AccessDecision::~AccessDecision ()
TAO::Security::AccessDecision::OBJECT_KEY
TAO::Security::AccessDecision::map_key_from_objref (CORBA::Object_ptr obj)
{
-#if 0
- // Originally this lived in access_allowed, but it was needed
- // in add_object and remove_object, too, so it's been factored out.
- //
- // We need an ORB reference here. Where do we get it?
- //
- // The primary place we need this facility is in access_allowed.
- // Unfortunately, the interface for access_allowed is cast in
- // dormant OMG spec stone, so that can't change. We could pass in a
- // reference as an argument to the constructor and store it, but
- // what do we do, then, if the same interceptor is registered with
- // multiple ORBs (is that possible?!?!)? Then we could end up using
- // a different ORB to stringify, which could end up giving us a
- // different string, which means they won't compare propertly.
- //
- // As a hack, we could realize that TAO's CORBA::Object implementation
- // has a reference to its associated ORB, and just dip in there
- // to get access to it. Ugly, but at least it should probably work.
- CORBA::ORB_var orb = obj->_get_orb ();
- CORBA::String_var ior = orb->object_to_string (obj);
- return ior;
-#else
- return CORBA::Object::_duplicate(obj);
-#endif
+ OBJECT_KEY key;
+
+ return key;
+}
+
+CORBA::Boolean
+TAO::Security::AccessDecision::access_allowed_ex (
+ const char * orb_id,
+ const ::CORBA::OctetSeq & adapter_id,
+ const ::CORBA::OctetSeq & object_id,
+ const ::SecurityLevel2::CredentialsList & cred_list,
+ const char * operation_name)
+{
+ // Obviously this is an incorrect trivial implementation ;)
+ return true;
}
CORBA::Boolean
@@ -169,7 +161,7 @@ TAO::Security::AccessDecision::access_allowed (
ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, guard, this->map_lock_,
this->default_allowance_decision_);
- ACE_Hash<CORBA::Object_var> hash;
+ ACE_Hash<OBJECT_KEY> hash;
// Look up the target in access_map_; if there, return the value,
// otherwise return the default value.
@@ -201,7 +193,6 @@ TAO::Security::AccessDecision::access_allowed (
void
TAO::Security::AccessDecision::add_object (CORBA::Object_ptr obj,
CORBA::Boolean allow_insecure_access)
- ACE_THROW_SPEC ((CORBA::SystemException))
{
// make a key from 'obj'
OBJECT_KEY key = this->map_key_from_objref (obj);
@@ -210,7 +201,7 @@ TAO::Security::AccessDecision::add_object (CORBA::Object_ptr obj,
// LOCK THE MAP!
ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->map_lock_);
- ACE_Hash<CORBA::Object_var> hash;
+ ACE_Hash<OBJECT_KEY> hash;
// Since we want to replace any existing entry in the map, we just
// use rebind.
@@ -246,12 +237,11 @@ TAO::Security::AccessDecision::add_object (CORBA::Object_ptr obj,
void
TAO::Security::AccessDecision::remove_object (CORBA::Object_ptr obj)
- ACE_THROW_SPEC ((CORBA::SystemException))
{
// make a key from 'obj'
OBJECT_KEY key = this->map_key_from_objref (obj);
- ACE_Hash<CORBA::Object_var> hash;
+ ACE_Hash<OBJECT_KEY> hash;
// unbind it from access_map_, no matter if it's not in there...
// LOCK THE MAP!
@@ -288,14 +278,12 @@ TAO::Security::AccessDecision::remove_object (CORBA::Object_ptr obj)
CORBA::Boolean
TAO::Security::AccessDecision::default_decision (void)
- ACE_THROW_SPEC ((::CORBA::SystemException))
{
return this->default_allowance_decision_;
}
void
TAO::Security::AccessDecision::default_decision (CORBA::Boolean d)
- ACE_THROW_SPEC ((::CORBA::SystemException))
{
this->default_allowance_decision_ = d;
}
diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h
index 00a5343ddcd..5646410dac0 100644
--- a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h
+++ b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h
@@ -66,6 +66,13 @@ namespace TAO
const char * target_interface_name
);
+ virtual ::CORBA::Boolean access_allowed_ex (
+ const char * orb_id,
+ const ::CORBA::OctetSeq & adapter_id,
+ const ::CORBA::OctetSeq & object_id,
+ const ::SecurityLevel2::CredentialsList & cred_list,
+ const char * operation_name);
+
virtual ::CORBA::Boolean default_decision (void);
virtual void default_decision (::CORBA::Boolean d);
diff --git a/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl b/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl
index 6a13faa6877..4aad2543911 100644
--- a/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl
+++ b/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl
@@ -189,7 +189,6 @@ module SecurityLevel2 {
);
};
-
// Policy interfaces to control bindings
local interface QOPPolicy : CORBA::Policy {
@@ -275,6 +274,17 @@ module TAO {
module SL2 {
local interface AccessDecision : SecurityLevel2::AccessDecision
{
+ /* TAO-specific access_allowed that works around deficiencies in
+ the SecurityLevel2::AccessDecision::access_allowed() operation. */
+ // Parameter object_id should be PortableInterceptor::ObjectId, but
+ // using that type would require including the PI_Forward.pidl file.
+ // By using the real type, we can avoid that dependency.
+ boolean access_allowed_ex (in ::CORBA::ORBid orb_id,
+ in ::CORBA::OctetSeq adapter_id,
+ in ::CORBA::OctetSeq object_id,
+ in ::SecurityLevel2::CredentialsList cred_list,
+ in ::CORBA::Identifier operation_name);
+
/*! Default value returned when a reference is not in the list. */
// Can't come up with a good name for this.
attribute boolean default_decision;