1 files changed, 225 insertions, 0 deletions

diff --git a/ACE/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h b/ACE/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h
new file mode 100644
index 00000000000..df372e5a2a6
--- /dev/null
+++ b/ACE/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h
@@ -0,0 +1,225 @@
+// -*- C++ -*-
+
+//=============================================================================
+/**
+ * @file SL2_SecurityManager.h
+ *
+ * $Id$
+ *
+ * @author Chris Cleeland <cleeland@ociweb.com>
+ */
+//=============================================================================
+
+
+#ifndef TAO_SL2_SECURITY_MANAGER_H
+#define TAO_SL2_SECURITY_MANAGER_H
+
+#include /**/ "ace/pre.h"
+#include "orbsvcs/Security/security_export.h"
+
+#if !defined (ACE_LACKS_PRAGMA_ONCE)
+# pragma once
+#endif /* ACE_LACKS_PRAGMA_ONCE */
+
+#include "orbsvcs/SecurityC.h"
+#include "orbsvcs/SecurityLevel2C.h"
+
+#include "tao/LocalObject.h"
+#include "tao/PortableServer/PS_ForwardC.h"
+
+#include "ace/Hash_Map_Manager_T.h"
+#include "ace/Null_Mutex.h"
+
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable:4250)
+#endif /* _MSC_VER */
+
+
+TAO_BEGIN_VERSIONED_NAMESPACE_DECL
+
+namespace TAO
+{
+  // would prefer SL2, but all the other SL2 stuff is in the Security namespace
+  namespace Security
+  {
+    // This should move out of here probably, but it's easier to stick it
+    // here for the moment...(CJC)
+    /**
+     * @class AccessDecision
+     *
+     * @brief
+     */
+    class AccessDecision
+      : public virtual TAO::SL2::AccessDecision,
+  public virtual ::CORBA::LocalObject
+    {
+    public:
+      /*! Constructor */
+      AccessDecision (/* not yet known */);
+      ~AccessDecision (void);
+
+      virtual ::CORBA::Boolean access_allowed (
+        const ::SecurityLevel2::CredentialsList & cred_list,
+        ::CORBA::Object_ptr target,
+        const char * operation_name,
+        const char * target_interface_name);
+
+      virtual ::CORBA::Boolean access_allowed_ex (
+          const char * orb_id,
+          const ::CORBA::OctetSeq & adapter_id,
+          const ::CORBA::OctetSeq & object_id,
+          const ::SecurityLevel2::CredentialsList & cred_list,
+          const char * operation_name);
+
+      virtual ::CORBA::Boolean default_decision (void);
+      virtual void default_decision (::CORBA::Boolean d);
+
+      virtual void add_object (const char * orbid,
+                               const ::CORBA::OctetSeq & adapter_id,
+                               const ::CORBA::OctetSeq & object_id,
+                               ::CORBA::Boolean allow_insecure_access);
+
+      virtual void remove_object (const char * orbid,
+                                  const ::CORBA::OctetSeq & adapter_id,
+                                  const ::CORBA::OctetSeq & object_id);
+
+    private:
+      /*!
+       * This is the default value that's returned from access_allowed()
+       * when the access table doesn't contain an entry for the reference.
+       */
+      ::CORBA::Boolean default_allowance_decision_;
+
+      /*!
+       * Map containing references and their designated insecure access.
+       */
+      // What sorts of maps are available in ACE?  We'll be mapping
+      // an object reference to a boolean, basically.  Looks like for
+      // now we'll map a stringified IOR to the boolean, and provide some
+      // (for now) simple keys and functions for comparing them.
+      //
+      // Locking on this needs to be exclusive to add_object,
+      // remove_object, and access_allowed.  I think that the lock on the
+      // map itself will be sufficient, but we'll model this after the
+      // Active Object map in the POA...so whatever way that goes, so, too,
+      // will this.
+      struct ReferenceKeyType
+      {
+        PortableServer::ObjectId_var oid_;
+        CORBA::OctetSeq_var adapter_id_;
+        CORBA::String_var orbid_;
+
+        // operations/methods necessary for functors in HashMap; might
+        // need to add operator< if we decide to use an RB_Tree
+        bool operator== (const ReferenceKeyType& other) const;
+        CORBA::ULong hash() const;
+
+        // operator kind of like a "toString()" for debug statements
+        operator const char * () const;
+      };
+      typedef ReferenceKeyType OBJECT_KEY;
+      // This is typedef'd because we might try to do something fancier
+      // where, rather than having just a string as the key, we have a
+      // structure and the structure precomputes some of the information
+      // for the actual key.  Thus, we could then customize the hash and
+      // comparison functors so that they use the precomputed information
+      // rather than computing it each time.  For now, though, I want to
+      // make this easy to get things working.
+      typedef ACE_Hash_Map_Manager_Ex<OBJECT_KEY,
+                                      CORBA::Boolean, // access_allowed?
+                                      ACE_Hash<OBJECT_KEY>,
+                                      ACE_Equal_To<OBJECT_KEY>,
+                                      ACE_Null_Mutex> // not sure this is right
+      ACCESS_MAP_TYPE;
+
+      ACCESS_MAP_TYPE access_map_;
+
+      // Lock for accessing the map.  It may be possible to get away with
+      // just using a lock directly in the map, but I'm not sure, so I'll err
+      // conservatively.
+      TAO_SYNCH_MUTEX map_lock_;
+
+    private:
+      /*!
+       * @brief Encapsulates a TAO-specific way to do object_to_string() without having an ORB reference handy.
+       *
+       * @note If OBJECT_KEY changes as described above, this should change
+       * so that it generates an OBJECT_KEY.
+       */
+      OBJECT_KEY map_key_from_objref (CORBA::Object_ptr obj);
+
+      //
+      // This is the private implementation that is common to both
+      // access_allowed and access_allowed_ex.
+      ::CORBA::Boolean access_allowed_i (OBJECT_KEY& key,
+                                         const char *operation_name);
+
+    };
+
+    /**
+     * @class SecurityManager
+     *
+     * @brief
+     *
+     */
+    class SecurityManager
+      : public virtual SecurityLevel2::SecurityManager,
+        public virtual ::CORBA::LocalObject
+    {
+    public:
+
+      /// Constructor
+      SecurityManager (/* not sure what's needed yet */);
+
+      /**
+       * @name SecurityLevel2::SecurityManager Methods
+       *
+       * Methods required by the SecurityLevel2::SecurityManager
+       * interface.
+       */
+      //@{
+      virtual ::Security::MechandOptionsList* supported_mechanisms ();
+      virtual SecurityLevel2::CredentialsList* own_credentials ();
+      virtual SecurityLevel2::RequiredRights_ptr required_rights_object ();
+      virtual SecurityLevel2::PrincipalAuthenticator_ptr principal_authenticator ();
+      virtual SecurityLevel2::AccessDecision_ptr access_decision ();
+      virtual SecurityLevel2::AuditDecision_ptr audit_decision ();
+      virtual SecurityLevel2::TargetCredentials_ptr get_target_credentials (CORBA::Object_ptr o);
+      virtual void remove_own_credentials (SecurityLevel2::Credentials_ptr creds);
+      virtual CORBA::Policy_ptr get_security_policy (CORBA::PolicyType policy_type);
+      //@}
+
+    protected:
+
+      /// Destructor
+      /**
+       * Protected destructor to enforce proper memory management
+       * through the reference counting mechanism.
+       */
+      virtual ~SecurityManager (void);
+
+    private:
+
+      /// The ORB-specific SecurityLevel2::PrincipalAuthenticator
+      /// reference.
+      // Except we're not going to have one of these right now
+      SecurityLevel2::PrincipalAuthenticator_var principal_authenticator_;
+
+      // AccessDecision instance
+      SecurityLevel2::AccessDecision_var access_decision_;
+    };
+
+  } // End SL3 namespace
+}  // End TAO namespace
+
+TAO_END_VERSIONED_NAMESPACE_DECL
+
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif /* _MSC_VER */
+
+#include /**/ "ace/post.h"
+
+#endif  /* TAO_SL2_SECURITY_MANAGER_H */