diff options
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl')
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl b/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl new file mode 100644 index 00000000000..c7beeefd060 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SecurityReplaceable.idl @@ -0,0 +1,237 @@ +// -*- IDL -*- +// +// $Id$ + +#ifndef _SECURITY_REPLACEABLE_IDL_ +#define _SECURITY_REPLACEABLE_IDL_ + +#include "orbsvcs/SecurityLevel2.idl" +#include "tao/IOP.pidl" + +#pragma prefix "omg.org" + +module SecurityReplaceable { + +# pragma version SecurityReplaceable 1.8 + + local interface SecurityContext; + local interface ClientSecurityContext; + local interface ServerSecurityContext; + + local interface Vault { + +# pragma version Vault 1.8 + + Security::AuthenticationMethodList + get_supported_authen_methods( + in Security::MechanismType mechanism + ); + + readonly attribute Security::OIDList supported_mech_oids; + + Security::AuthenticationStatus acquire_credentials ( + in Security::AuthenticationMethod method, + in Security::MechanismType mechanism, + in Security::SecurityName security_name, + in any auth_data, + in Security::AttributeList privileges, + out SecurityLevel2::Credentials creds, + out any continuation_data, + out any auth_specific_data + ); + + Security::AuthenticationStatus continue_credentials_acquisition ( + in any response_data, + in SecurityLevel2::Credentials creds, + out any continuation_data, + out any auth_specific_data + ); + + IOP::TaggedComponentList create_ior_components( + in SecurityLevel2::Credentials creds_list + ); + + + Security::AssociationStatus init_security_context ( + in SecurityLevel2::Credentials creds, + in Security::SecurityName target_security_name, + in Object target, + in Security::DelegationMode delegation_mode, + in Security::OptionsDirectionPairList association_options, + in Security::MechanismType mechanism, + in Security::Opaque comp_data, //from IOR + in Security::ChannelBindings chan_binding, + out Security::OpaqueBuffer security_token, + out ClientSecurityContext security_context + ); + + Security::AssociationStatus accept_security_context ( + in SecurityLevel2::CredentialsList creds_list, + in Security::ChannelBindings chan_bindings, + in Security::Opaque in_token, + out Security::Opaque out_token + ); + + Security::MechandOptionsList get_supported_mechs (); + + }; + + + local interface SecurityContext { + +# pragma version SecurityContext 1.8 + + readonly attribute Security::SecurityContextType + context_type; + + readonly attribute Security::SecurityContextState + context_state; + + readonly attribute Security::MechanismType + mechanism; + + readonly attribute Security::ChannelBindings chan_binding; + + readonly attribute SecurityLevel2::ReceivedCredentials + received_credentials; + + Security::AssociationStatus continue_security_context ( + in Security::OpaqueBuffer in_token, + out Security::OpaqueBuffer out_token + ); + + void protect_message ( + in Security::OpaqueBuffer message, + in Security::QOP qop, + out Security::OpaqueBuffer text_buffer, + out Security::OpaqueBuffer token + ); + + boolean reclaim_message ( + in Security::Opaque text_buffer, + in Security::Opaque token, + out Security::QOP qop, + out Security::Opaque message + ); + + boolean is_valid ( + out Security::UtcT expiry_time + ); + + boolean discard_security_context ( + in Security::Opaque discard_data, + out Security::OpaqueBuffer out_token + ); + + boolean process_discard_token ( + in Security::OpaqueBuffer discard_token + ); + + }; + + local interface ClientSecurityContext : SecurityContext { + +# pragma version ClientSecurityContext 1.8 + + readonly attribute Security::AssociationOptions + association_options_used; + + readonly attribute Security::DelegationMode + delegation_mode; + + readonly attribute Security::Opaque comp_data; + + readonly attribute SecurityLevel2::Credentials + client_credentials; + + readonly attribute Security::AssociationOptions + server_options_supported; + + readonly attribute Security::AssociationOptions + server_options_required; + + readonly attribute Security::Opaque server_security_name; + + }; + + local interface ServerSecurityContext : SecurityContext { + +# pragma version ServerSecurityContext 1.8 + + readonly attribute Security::AssociationOptions + association_options_used; + + readonly attribute Security::DelegationMode + delegation_mode; + + readonly attribute SecurityLevel2::Credentials + server_credentials; + + readonly attribute Security::AssociationOptions + server_options_supported; + + readonly attribute Security::AssociationOptions + server_options_required; + + readonly attribute Security::Opaque server_security_name; + + }; + + interface RequiredRights { + + void get_required_rights( + in CORBA::Identifier operation_name, + in CORBA::RepositoryId interface_name, + out Security::RightsList rights, + out Security::RightsCombinator rights_combinator + ); + + void set_required_rights( + in CORBA::Identifier operation_name, + in CORBA::RepositoryId interface_name, + in Security::RightsList rights, + in Security::RightsCombinator rights_combinator + ); + + }; + + local interface AuditChannel { + + void audit_write ( + in Security::AuditEventType event_type, + in SecurityLevel2::CredentialsList creds_list, + in Security::UtcT time, + in Security::SelectorValueList descriptors, + in Security::Opaque event_specific_data + ); + + readonly attribute Security::AuditChannelId audit_channel_id; + + }; + + local interface AuditDecision { + + boolean audit_needed ( + in Security::AuditEventType event_type, + in Security::SelectorValueList value_list + ); + + readonly attribute AuditChannel audit_channel; + + }; + + local interface AccessDecision { + + boolean access_allowed ( + in SecurityLevel2::CredentialsList cred_list, + in CORBA::Identifier operation_name, + in CORBA::Identifier target_interface_name + ); + + }; + +}; + +#pragma prefix "" + +#endif /* _SECURITY_REPLACEABLE_IDL_ */ |