diff options
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp')
-rw-r--r-- | TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp | 259 |
1 files changed, 259 insertions, 0 deletions
diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp new file mode 100644 index 00000000000..bdef351d9cd --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp @@ -0,0 +1,259 @@ +// $Id$ + +#include "orbsvcs/Security/SL2_SecurityManager.h" + +#include "tao/ORB_Constants.h" + +ACE_RCSID (Security, + SL2_SecurityManager, + "$Id$") + + +TAO_BEGIN_VERSIONED_NAMESPACE_DECL + +TAO::Security::SecurityManager::SecurityManager (/* unknown */) + : principal_authenticator_ (SecurityLevel2::PrincipalAuthenticator::_nil ()) +{ + // this needs to change to access decision + SecurityLevel2::AccessDecision_ptr ad; + ACE_NEW_THROW_EX (ad, + TAO::Security::AccessDecision, + CORBA::NO_MEMORY ( + CORBA::SystemException::_tao_minor_code ( + TAO::VMCID, + ENOMEM), + CORBA::COMPLETED_NO)); + + this->access_decision_ = ad; +} + +TAO::Security::SecurityManager::~SecurityManager (void) +{ +} + +Security::MechandOptionsList* +TAO::Security::SecurityManager::supported_mechanisms () + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +SecurityLevel2::CredentialsList* +TAO::Security::SecurityManager::own_credentials () + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +SecurityLevel2::RequiredRights_ptr +TAO::Security::SecurityManager::required_rights_object () + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +SecurityLevel2::PrincipalAuthenticator_ptr +TAO::Security::SecurityManager::principal_authenticator () + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return SecurityLevel2::PrincipalAuthenticator::_duplicate + (this->principal_authenticator_.in () ); +} + +SecurityLevel2::AccessDecision_ptr +TAO::Security::SecurityManager::access_decision () + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return SecurityLevel2::AccessDecision::_duplicate (this->access_decision_.in () ); +} + +SecurityLevel2::AuditDecision_ptr +TAO::Security::SecurityManager::audit_decision () + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +SecurityLevel2::TargetCredentials_ptr +TAO::Security::SecurityManager::get_target_credentials (CORBA::Object_ptr /*o*/) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +void +TAO::Security::SecurityManager::remove_own_credentials ( + SecurityLevel2::Credentials_ptr creds) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +CORBA::Policy_ptr +TAO::Security::SecurityManager::get_security_policy (CORBA::PolicyType policy_type) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + throw CORBA::NO_IMPLEMENT (); +} + +/* + * AccessDecision stuff below here + */ + +TAO::Security::AccessDecision::AccessDecision () + : default_allowance_decision_ (false) +{ +} + +TAO::Security::AccessDecision::~AccessDecision () +{ +} + +TAO::Security::AccessDecision::OBJECT_KEY +TAO::Security::AccessDecision::map_key_from_objref (CORBA::Object_ptr obj) +{ + // Originally this lived in access_allowed, but it was needed + // in add_object and remove_object, too, so it's been factored out. + // + // We need an ORB reference here. Where do we get it? + // + // The primary place we need this facility is in access_allowed. + // Unfortunately, the interface for access_allowed is cast in + // dormant OMG spec stone, so that can't change. We could pass in a + // reference as an argument to the constructor and store it, but + // what do we do, then, if the same interceptor is registered with + // multiple ORBs (is that possible?!?!)? Then we could end up using + // a different ORB to stringify, which could end up giving us a + // different string, which means they won't compare propertly. + // + // As a hack, we could realize that TAO's CORBA::Object implementation + // has a reference to its associated ORB, and just dip in there + // to get access to it. Ugly, but at least it should probably work. + CORBA::ORB_var orb = obj->_get_orb (); + CORBA::String_var ior = orb->object_to_string (obj); + return ior; +} + +CORBA::Boolean +TAO::Security::AccessDecision::access_allowed ( + const ::SecurityLevel2::CredentialsList & cred_list, + ::CORBA::Object_ptr target, + const char * operation_name, + const char * target_interface_name + ) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // @@ I still don't know what we do with the cred_list in here... + // Do we inspect it? + + // Turn the target into what we'll use as a key into the map. + OBJECT_KEY key = this->map_key_from_objref (target); + + // LOCK THE MAP! + ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, guard, this->map_lock_, + this->default_allowance_decision_); + + // Look up the target in access_map_; if there, return the value, + // otherwise return the default value. + CORBA::Boolean access_decision; + if (this->access_map_.find (key, access_decision) == -1) + { + // Couldn't find the IOR in the map, so we use the default + access_decision = this->default_allowance_decision_; + } + + // For now we just return the default. + return access_decision; +} + +void +TAO::Security::AccessDecision::add_object (CORBA::Object_ptr obj, + CORBA::Boolean allow_insecure_access) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // make a key from 'obj' + OBJECT_KEY key = this->map_key_from_objref (obj); + + // bind it into the access_map_, replacing anything that's there. + // LOCK THE MAP! + ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->map_lock_); + + // Since we want to replace any existing entry in the map, we just + // use rebind. + errno = 0; // Not sure if this gets set if rebind fails...it only + // appears to fail when an allocation thru the allocator's + // malloc() fails. Depending on the malloc() implementation, + // errno could get set OR an exception thrown. + int ret = this->access_map_.rebind (key, allow_insecure_access); + if (ret == -1) + { + // rebind shouldn't fail under normal circumstances + if (TAO_debug_level > 1) + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t): SL2_AccessDecision::add_object(%s,%d) " + "unexpectedly failed (errno=%d)\n", + (const char*)key, + allow_insecure_access, + errno)); + throw + CORBA::NO_MEMORY(CORBA::SystemException::_tao_minor_code (TAO::VMCID, + errno), + CORBA::COMPLETED_NO); + } +} + +void +TAO::Security::AccessDecision::remove_object (CORBA::Object_ptr obj) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // make a key from 'obj' + OBJECT_KEY key = this->map_key_from_objref (obj); + + // unbind it from access_map_, no matter if it's not in there... + // LOCK THE MAP! + ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->map_lock_); + + errno = 0; + int ret = this->access_map_.unbind (key); + if (ret == -1) + { + if (errno == ENOENT) + { + // ignore b/c we don't care...maybe log a debug message for info + if (TAO_debug_level >= 5) + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t): SL2_AccessDecision::remove_object(%s) " + "object not found in access map\n", + (const char*)key)); + } + else + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t): SL2_AccessDecision::remove_object(%s) " + " unexpected error during unbind from map (errno=%d\n)", + (const char*)key, + errno)); + throw + CORBA::UNKNOWN (CORBA::SystemException::_tao_minor_code (TAO::VMCID, + errno), + CORBA::COMPLETED_NO); + } + } +} + +CORBA::Boolean +TAO::Security::AccessDecision::default_decision (void) + ACE_THROW_SPEC ((::CORBA::SystemException)) +{ + return this->default_allowance_decision_; +} + +void +TAO::Security::AccessDecision::default_decision (CORBA::Boolean d) + ACE_THROW_SPEC ((::CORBA::SystemException)) +{ + this->default_allowance_decision_ = d; +} + +TAO_END_VERSIONED_NAMESPACE_DECL |