diff options
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/CSIv2')
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.cpp | 2 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.h | 2 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.cpp | 173 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.h | 27 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.cpp | 89 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.h | 1 |
6 files changed, 190 insertions, 104 deletions
diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.cpp b/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.cpp index 8e9c5b72870..76ee8892c61 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.cpp +++ b/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.cpp @@ -10,7 +10,7 @@ ACE_RCSID (CSIv2, void -TAO::CSI_Utils:create_sas_service_context ( +TAO::CSI_Utils::create_sas_service_context ( const CSI::SASContextBody & sas_context, IOP::ServiceContext & sc) { diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.h b/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.h index 038e6523979..2f1ec3c1fc6 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.h +++ b/TAO/orbsvcs/orbsvcs/CSIv2/CSI_Utils.h @@ -31,7 +31,7 @@ namespace CSI namespace TAO { - namespace CSI_Util + namespace CSI_Utils { /// Populate given IOP::ServiceContext with given CSI::SASContextBody. void create_sas_service_context (const CSI::SASContextBody & sas_context, diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.cpp b/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.cpp index 7e1706f31d5..9cab862f757 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.cpp @@ -31,19 +31,32 @@ TAO::CSS_RequestInterceptor::send_request ( ACE_THROW_SPEC ((CORBA::SystemException, PortableInterceptor::ForwardRequest)) { + CSI::AuthorizationToken at; - CSI::SASContextBody sas_context; + this->get_authorization_token (at + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + + CSI::IdentityToken it; - const CORBA::Boolean context_created = - this->get_sas_context_body (info, - sas_context - ACE_ENV_ARG_PARAMETER); + this->get_identity_token (it + ACE_ENV_ARG_PARAMETER); ACE_CHECK; + CSI::GSSToken gt; + + this->get_gss_token (gt + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + + CSI::EstablishContext ec; + ec.client_context_id = 0; // Stateless CSS - ec.authorization_token = /* Retrieve from ATLAS */; - ec.identity_token = /* A discriminated union. */; - ec.client_authentication_token = /* */; + ec.authorization_token = at; + ec.identity_token = it; + ec.client_authentication_token = gt; + + CSI::SASContextBody sas_context; sas_context.establish_msg (ec); @@ -52,11 +65,11 @@ TAO::CSS_RequestInterceptor::send_request ( TAO::CSI_Utils::create_sas_service_context (sas_context, sc); - const CORBA::boolean replace = 0; + const CORBA::Boolean replace = 0; - ri->add_request_service_context (service_context, - replace - ACE_ENV_ARG_PARAMETER); + info->add_request_service_context (sc, + replace + ACE_ENV_ARG_PARAMETER); ACE_CHECK; } @@ -77,7 +90,7 @@ TAO::CSS_RequestInterceptor::receive_reply ( CSI::SASContextBody sas_context; // Extract CSI::ContextError structure from CSI::SASContextBody. - const CORBA::Boolean found_context_error = + const bool found_sas_context = this->extract_sas_context (info, sas_context ACE_ENV_ARG_PARAMETER); @@ -92,13 +105,14 @@ TAO::CSS_RequestInterceptor::receive_reply ( switch (msg_type) { case CSI::MTCompleteEstablishContext: // Stateful CSS only. - - const CSI::CompleteEstablishContext & cec = - sas_context.complete_msg (); - - this->complete_context (cec.client_context_id, - cec.context_stateful); - + { + const CSI::CompleteEstablishContext & cec = + sas_context.complete_msg (); + + this->complete_context (cec + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + } break; default: @@ -135,7 +149,7 @@ TAO::CSS_RequestInterceptor::receive_exception ( CSI::SASContextBody sas_context; // Extract CSI::ContextError structure from CSI::SASContextBody. - const CORBA::Boolean found_sas_context = + const bool found_sas_context = this->extract_sas_context (info, sas_context ACE_ENV_ARG_PARAMETER); @@ -150,36 +164,37 @@ TAO::CSS_RequestInterceptor::receive_exception ( switch (msg_type) { case CSI::MTContextError: - - const CSI::ContextError & ce = sas_context.error_msg (); - - if (ce.minor == 1) - { - if (ce.major == 1) // Invalid evidence - { - // Re-collect authentication evidence and try - // again. - } - else if (ce.major == 3) // Conflicting evidence - { - // Stateful CSS only - this->invalidate_context (ce.client_context_id); - - // Done. Allow the exception to propagate to - // the caller. - } - else if (ce.major == 4) // No context - { - // Stateful CSS only - this->invalidate_context (ce.client_context_id); - - // @@ Restart invocation with new context. - } - - // Don't do anything for the "invalid mechanism" - // case (i.e. major == 2). Just allow the exception - // to propagate to the caller. - } + { + const CSI::ContextError & ce = sas_context.error_msg (); + + if (ce.minor_status == 1) + { + if (ce.major_status == 1) // Invalid evidence + { + // Re-collect authentication evidence and try + // again. + } + else if (ce.major_status == 3) // Conflicting evidence + { + // Stateful CSS only + this->invalidate_context (ce); + + // Done. Allow the exception to propagate to + // the caller. + } + else if (ce.major_status == 4) // No context + { + // Stateful CSS only + this->invalidate_context (ce); + + // @@ Restart invocation with new context. + } + + // Don't do anything for the "invalid mechanism" + // case (i.e. major == 2). Just allow the exception + // to propagate to the caller. + } + } break; @@ -203,9 +218,9 @@ TAO::CSS_RequestInterceptor::receive_other ( // No need to anything for the oneway and LOCATION_FORWARD case. } -CORBA::Boolean -TAO::TSS_RequestInterceptor::extract_sas_context ( - PortableInterceptor::ServerRequestInfo_ptr info, +bool +TAO::CSS_RequestInterceptor::extract_sas_context ( + PortableInterceptor::ClientRequestInfo_ptr info, CSI::SASContextBody & sas_context ACE_ENV_ARG_DECL) { @@ -220,12 +235,12 @@ TAO::TSS_RequestInterceptor::extract_sas_context ( ACE_CATCH (CORBA::BAD_PARAM, ex) { if (ex.minor () == (CORBA::OMGVMCID | 26)) - return 0; + return false; else ACE_RE_THROW; } ACE_ENDTRY; - ACE_CHECK_RETURN (0); + ACE_CHECK_RETURN (false); if (sc->context_id != IOP::SecurityAttributeService) { @@ -233,13 +248,53 @@ TAO::TSS_RequestInterceptor::extract_sas_context ( // ServiceContext corresponding to the CSI::SASContextBody. // // @@ Correct exception? - ACE_THROW_RETURN (CORBA::BAD_PARAM (), 0); + ACE_THROW_RETURN (CORBA::BAD_PARAM (), false); } // Extract CSI::SASContextBody from given IOP::ServiceContext. if (!TAO::CSI_Utils::extract_sas_service_context (sc.in (), sas_context)) - ACE_THROW_RETURN (CORBA::MARSHAL (), 0); + ACE_THROW_RETURN (CORBA::MARSHAL (), false); + + return true; // Successfully extracted CSI::SASContextBody. +} + +void +TAO::CSS_RequestInterceptor::get_authorization_token ( + CSI::AuthorizationToken & /* t */ + ACE_ENV_ARG_DECL_NOT_USED) +{ + ACE_ASSERT (0); // Fill in the blanks! +} - return 1; // Successfully extracted CSI::SASContextBody. +void +TAO::CSS_RequestInterceptor::get_identity_token ( + CSI::IdentityToken & /* t */ + ACE_ENV_ARG_DECL_NOT_USED) +{ + ACE_ASSERT (0); // Fill in the blanks! +} + +void +TAO::CSS_RequestInterceptor::get_gss_token ( + CSI::GSSToken & /* t */ + ACE_ENV_ARG_DECL_NOT_USED) +{ + ACE_ASSERT (0); // Fill in the blanks! +} + +void +TAO::CSS_RequestInterceptor::complete_context ( + const CSI::CompleteEstablishContext & /* cec */ + ACE_ENV_ARG_DECL_NOT_USED) +{ + ACE_ASSERT (0); // Fill in the blanks! +} + +void +TAO::CSS_RequestInterceptor::invalidate_context ( + const CSI::ContextError & /* ce */ + ACE_ENV_ARG_DECL_NOT_USED) +{ + ACE_ASSERT (0); // Fill in the blanks! } diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.h b/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.h index 21288770eeb..f0e2ef2ae2e 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.h +++ b/TAO/orbsvcs/orbsvcs/CSIv2/CSS_RequestInterceptor.h @@ -24,6 +24,8 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ +#include "orbsvcs/CSIC.h" + #include "tao/PortableInterceptorC.h" #include "tao/LocalObject.h" @@ -34,7 +36,6 @@ #pragma warning(disable:4250) #endif /* _MSC_VER */ - namespace TAO { /** @@ -52,7 +53,7 @@ namespace TAO public: /// Constructor. - CSS_Requestinterceptor (void); + CSS_RequestInterceptor (void); /** * @name Methods Required by the Client Request Interceptor @@ -95,6 +96,28 @@ namespace TAO PortableInterceptor::ForwardRequest)); //@} + private: + + /// + bool extract_sas_context (PortableInterceptor::ClientRequestInfo_ptr info, + CSI::SASContextBody & sas_context + ACE_ENV_ARG_DECL); + + void get_authorization_token (CSI::AuthorizationToken & t + ACE_ENV_ARG_DECL); + + void get_identity_token (CSI::IdentityToken & t + ACE_ENV_ARG_DECL); + + void get_gss_token (CSI::GSSToken & t + ACE_ENV_ARG_DECL); + + void complete_context (const CSI::CompleteEstablishContext & /* cec */ + ACE_ENV_ARG_DECL); + + void invalidate_context (const CSI::ContextError & /* ce */ + ACE_ENV_ARG_DECL); + }; } // End TAO namespace diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.cpp b/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.cpp index 6379aba12ad..6cd5cbef37c 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.cpp @@ -1,6 +1,8 @@ #include "TSS_RequestInterceptor.h" #include "CSI_Utils.h" +#include "orbsvcs/CSIC.h" + ACE_RCSID (CSIv2, TSS_RequestInterceptor, @@ -30,7 +32,7 @@ TAO::TSS_RequestInterceptor::receive_request_service_contexts ( CSI::SASContextBody sas_context; // Extract CSI::SASContextBody union from IOP::ServiceContext. - const CORBA::Boolean found_sas_context = + const bool found_sas_context = this->extract_sas_context (info, sas_context ACE_ENV_ARG_PARAMETER); @@ -48,30 +50,35 @@ TAO::TSS_RequestInterceptor::receive_request_service_contexts ( switch (msg_type) { case CSI::MTEstablishContext: - CORBA::Boolean stateful; - - if (!this->accept_context (info, - oneway, - sas_context.establish_msg (), - stateful)) - ACE_THROW (CORBA::NO_PERMISSION ()); + { + bool stateful; - // Success! + const CSI::EstablishContext & ec = sas_context.establish_msg (); - // Only add CSI::CompleteEstablishContext to - // ServiceContextList for twoway calls, i.e those that - // expect a response. Don't bother for oneway calls. This - // is merely an optimization. - if (!oneway) - { - this->add_complete_establish_context (info, - ec.client_context_id, - stateful, - final_context_token - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - } + if (!this->accept_context (info, + oneway, + ec, + stateful)) + ACE_THROW (CORBA::NO_PERMISSION ()); + // Success! + + CSI::GSSToken final_context_token; + + // Only add CSI::CompleteEstablishContext to + // ServiceContextList for twoway calls, i.e those that + // expect a response. Don't bother for oneway calls. This + // is merely an optimization. + if (!oneway) + { + this->add_complete_establish_context (info, + ec.client_context_id, + stateful, + final_context_token + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + } + } break; case CSI::MTMessageInContext: @@ -162,23 +169,23 @@ TAO::TSS_RequestInterceptor::send_other ( { } -CORBA::Boolean +bool TAO::TSS_RequestInterceptor::accept_transport_context (void) { /** * @todo Query the transport layer. */ - return 1; // Context accepted. + return true; // Context accepted. } -CORBA::Boolean +bool TAO::TSS_RequestInterceptor::accept_context ( PortableInterceptor::ServerRequestInfo_ptr info, CORBA::Boolean oneway, const CSI::EstablishContext & ec, - CORBA::Boolean & stateful - ACE_ENV_ARG_PARAMETER) + bool & stateful + ACE_ENV_ARG_DECL) { ErrorCode error_code = /**/; @@ -214,7 +221,7 @@ TAO::TSS_RequestInterceptor::accept_context ( else if (error_code == POLICY_CHANGE) { ACE_THROW_RETURN (PortableInterceptor::ForwardRequest (), - 0); + false); } this->add_context_error (ec.client_context_id, @@ -222,18 +229,18 @@ TAO::TSS_RequestInterceptor::accept_context ( minor, error_token ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); + ACE_CHECK_RETURN (false); - return 0; + return false; } if (ec.client_context_id == 0) - stateful = 0; // Do not establish stateful context for clients - // that request a stateless one. + stateful = false; // Do not establish stateful context for clients + // that request a stateless one. else - stateful = 0; // TAO TSS isn't stateful yet. + stateful = false; // TAO TSS isn't stateful yet. - return 1; // Context accepted. + return true; // Context accepted. } void @@ -247,7 +254,7 @@ TAO::TSS_RequestInterceptor::discard_context (CSI::ContextId context_id) { } -CORBA::Boolean +bool TAO::TSS_RequestInterceptor::extract_sas_context ( PortableInterceptor::ServerRequestInfo_ptr info, CSI::SASContextBody & sas_context @@ -264,12 +271,12 @@ TAO::TSS_RequestInterceptor::extract_sas_context ( ACE_CATCH (CORBA::BAD_PARAM, ex) { if (ex.minor () == (CORBA::OMGVMCID | 26)) - return 0; + return false; else ACE_RE_THROW; } ACE_ENDTRY; - ACE_CHECK_RETURN (0); + ACE_CHECK_RETURN (false); if (sc->context_id != IOP::SecurityAttributeService) { @@ -278,15 +285,15 @@ TAO::TSS_RequestInterceptor::extract_sas_context ( // // @@ Correct exception? If so, should ContextError be added to // the exception reply ServiceContextList. - ACE_THROW_RETURN (CORBA::NO_PERMISSION (), 0); + ACE_THROW_RETURN (CORBA::NO_PERMISSION (), false); } // Extract CSI::SASContextBody from given IOP::ServiceContext. if (!TAO::CSI_Utils::extract_sas_service_context (sc.in (), sas_context)) - ACE_THROW_RETURN (CORBA::MARSHAL (), 0); + ACE_THROW_RETURN (CORBA::MARSHAL (), false); - return 1; // Successfully extracted CSI::SASContextBody. + return true; // Successfully extracted CSI::SASContextBody. } void @@ -368,7 +375,7 @@ TAO::TSS_RequestInterceptor::add_sas_context ( // Create IOP::ServiceContext containing CSI::SASContextBody union. IOP::ServiceContext sc; - TAO::CSI_Util::create_sas_service_context (sas, sc); + TAO::CSI_Utils::create_sas_service_context (sas, sc); // Another IOP::SecurityAttributeService ServiceContext should not // exist in the reply's ServiceContextList. diff --git a/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.h b/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.h index 42cb7ea4acb..2ed2e45a39c 100644 --- a/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.h +++ b/TAO/orbsvcs/orbsvcs/CSIv2/TSS_RequestInterceptor.h @@ -23,6 +23,7 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ +#include "tao/PortableInterceptorC.h" #include "tao/LocalObject.h" #if defined(_MSC_VER) |