From 0440a770baceea2dbdb7f4f423bf03db9270a220 Mon Sep 17 00:00:00 2001 From: Phil Mesnier Date: Tue, 19 Jun 2007 15:45:51 +0000 Subject: * orbsvcs/Naming_Service/NT_Naming_Server.cpp: Emacs compatibility fix. * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp: Clean up compilation errors from earlier commit. * orbsvcs/orbsvcs/Security/SL2_SecurityManager.h: * orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp: * orbsvcs/orbsvcs/SecurityLevel2.idl: Extended the add_object and remove_object parameter list to be consistent with the access_allowed_ex. This avoids having to do more invasive changes to existing TAO core libraries in order to map object references in a way that they can be reliably compared to target references. * orbsvcs/tests/Security/mixed_security_test/server.cpp: Modify use of add_object to be consistent with interface changes. --- TAO/orbsvcs/Naming_Service/NT_Naming_Server.cpp | 2 +- .../SSLIOP/SSLIOP_Invocation_Interceptor.cpp | 10 +- .../orbsvcs/Security/SL2_SecurityManager.cpp | 122 +++++++++++++-------- TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h | 26 +++-- TAO/orbsvcs/orbsvcs/SecurityLevel2.idl | 10 +- .../tests/Security/mixed_security_test/server.cpp | 12 +- 6 files changed, 118 insertions(+), 64 deletions(-) diff --git a/TAO/orbsvcs/Naming_Service/NT_Naming_Server.cpp b/TAO/orbsvcs/Naming_Service/NT_Naming_Server.cpp index d510360f1a2..f8533a74e85 100644 --- a/TAO/orbsvcs/Naming_Service/NT_Naming_Server.cpp +++ b/TAO/orbsvcs/Naming_Service/NT_Naming_Server.cpp @@ -1,4 +1,4 @@ -// *- C++ -*- +// -*- C++ -*- // $Id$ // ============================================================================ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp index a7293f1b11b..ddcf5182e5e 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp @@ -100,7 +100,7 @@ TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( this->sec2manager_->access_decision (); TAO::SL2::AccessDecision_var ad = TAO::SL2::AccessDecision::_narrow (ad_tmp.in ()); - + CORBA::Boolean const no_ssl = this->ssliop_current_->no_context (); @@ -119,7 +119,7 @@ TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( * Set up all the arguments needed by the call * to AccessDecision::access_allowed() */ - + /* Get the credentials from SSLIOP */ SecurityLevel2::CredentialsList cred_list; // initial empty? #if 0 @@ -134,7 +134,7 @@ TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( // the conversion at this level? I probably ought to do it as // a real sec2_current with the conversion from sec3->sec2 // happening at a lower level. - + cred_list.length(1); cred_list[0] = rcvd_creds.in (); /* @@ -147,7 +147,7 @@ TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( #endif /* Gather the elements that uniquely identify the target object */ - CORBA::ORBid_var orb_id = ri->orbid (); + CORBA::ORBid_var orb_id = ri->orb_id (); CORBA::OctetSeq_var adapter_id = ri->adapter_id (); CORBA::OctetSeq_var object_id = ri->object_id (); @@ -157,7 +157,7 @@ TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( it_should_happen = ad->access_allowed_ex (orb_id.in (), adapter_id.in (), object_id.in (), - cred_list.in (), + cred_list, operation_name.in()); if (TAO_debug_level >= 3) ACE_DEBUG ((LM_DEBUG, diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp index 6b0b4bfb15c..8e7b22c66d1 100644 --- a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.cpp @@ -3,6 +3,11 @@ #include "orbsvcs/Security/SL2_SecurityManager.h" #include "tao/ORB_Constants.h" +#include "ace/Functor.h" +#include "tao/Object_KeyC.h" +#include "tao/PortableServer/Root_POA.h" +#include "tao/PortableServer/Object_Adapter.h" +#include "tao/PortableServer/Creation_Time.h" ACE_RCSID (Security, SL2_SecurityManager, @@ -75,14 +80,15 @@ TAO::Security::SecurityManager::get_target_credentials (CORBA::Object_ptr /*o*/) } void -TAO::Security::SecurityManager::remove_own_credentials ( - SecurityLevel2::Credentials_ptr creds) +TAO::Security::SecurityManager::remove_own_credentials + (SecurityLevel2::Credentials_ptr /*creds*/) { throw CORBA::NO_IMPLEMENT (); } - + CORBA::Policy_ptr -TAO::Security::SecurityManager::get_security_policy (CORBA::PolicyType policy_type) +TAO::Security::SecurityManager::get_security_policy +(CORBA::PolicyType /*policy_type */) { throw CORBA::NO_IMPLEMENT (); } @@ -92,14 +98,20 @@ TAO::Security::SecurityManager::get_security_policy (CORBA::PolicyType policy_ty */ bool -TAO::Security::AccessDecision::ReferenceKeyType::operator== (const ReferenceKeyType& other) const +TAO::Security::AccessDecision::ReferenceKeyType::operator== + (const ReferenceKeyType& other) const { - if (this->oid_ == other.oid_ - && this->adapter_id_ == other.adapter_id_ - && (ACE_OS_String::strcmp (this->orbid_.in(), other.orbid_.in()) == 0) ) - return true; - else - return false; + ::CORBA::ULong olen = this->oid_->length(); + ::CORBA::ULong alen = this->adapter_id_->length(); + + if (olen == other.oid_->length() && + alen == other.adapter_id_->length()) + return (ACE_OS::memcmp (this->oid_->get_buffer(), + other.oid_->get_buffer(),olen) == 0 && + ACE_OS::memcmp (this->adapter_id_->get_buffer(), + other.adapter_id_->get_buffer(),alen) == 0 && + ACE_OS_String::strcmp (this->orbid_.in(), other.orbid_.in()) == 0); + return false; } CORBA::ULong @@ -108,7 +120,6 @@ TAO::Security::AccessDecision::ReferenceKeyType::hash () const return 0; } -const char* TAO::Security::AccessDecision::ReferenceKeyType::operator const char* () const { return ""; @@ -124,39 +135,19 @@ TAO::Security::AccessDecision::~AccessDecision () } TAO::Security::AccessDecision::OBJECT_KEY -TAO::Security::AccessDecision::map_key_from_objref (CORBA::Object_ptr obj) +TAO::Security::AccessDecision::map_key_from_objref (CORBA::Object_ptr /*obj */) { - OBJECT_KEY key; + ACE_ERROR ((LM_ERROR,"map_key_from_objref is currently not implemented\n")); + throw CORBA::NO_IMPLEMENT(); + OBJECT_KEY key; return key; } CORBA::Boolean -TAO::Security::AccessDecision::access_allowed_ex ( - const char * orb_id, - const ::CORBA::OctetSeq & adapter_id, - const ::CORBA::OctetSeq & object_id, - const ::SecurityLevel2::CredentialsList & cred_list, - const char * operation_name) -{ - // Obviously this is an incorrect trivial implementation ;) - return true; -} - -CORBA::Boolean -TAO::Security::AccessDecision::access_allowed ( - const ::SecurityLevel2::CredentialsList & cred_list, - ::CORBA::Object_ptr target, - const char * operation_name, - const char * target_interface_name - ) +TAO::Security::AccessDecision::access_allowed_i (OBJECT_KEY &key, + const char *operation_name) { - // @@ I still don't know what we do with the cred_list in here... - // Do we inspect it? - - // Turn the target into what we'll use as a key into the map. - OBJECT_KEY key = this->map_key_from_objref (target); - // LOCK THE MAP! ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, guard, this->map_lock_, this->default_allowance_decision_); @@ -188,14 +179,52 @@ TAO::Security::AccessDecision::access_allowed ( // For now we just return the default. return access_decision; + +} + +CORBA::Boolean +TAO::Security::AccessDecision::access_allowed_ex ( + const char * orb_id, + const ::CORBA::OctetSeq & adapter_id, + const ::CORBA::OctetSeq & object_id, + const ::SecurityLevel2::CredentialsList & /*cred_list */, + const char * operation_name) +{ + OBJECT_KEY key; + key.orbid_ = orb_id; + key.adapter_id_ = adapter_id; + key.oid_ = object_id; + + return this->access_allowed_i (key, operation_name); +} + +CORBA::Boolean +TAO::Security::AccessDecision::access_allowed + (const ::SecurityLevel2::CredentialsList & /*cred_list */, + ::CORBA::Object_ptr target, + const char * operation_name, + const char * /*target_interface_name */) +{ + // @@ I still don't know what we do with the cred_list in here... + // Do we inspect it? + + // Turn the target into what we'll use as a key into the map. + OBJECT_KEY key = this->map_key_from_objref (target); + return this->access_allowed_i (key, operation_name); } void -TAO::Security::AccessDecision::add_object (CORBA::Object_ptr obj, - CORBA::Boolean allow_insecure_access) +TAO::Security::AccessDecision::add_object + (const char * orb_id, + const ::CORBA::OctetSeq & adapter_id, + const ::CORBA::OctetSeq & object_id, + CORBA::Boolean allow_insecure_access) { // make a key from 'obj' - OBJECT_KEY key = this->map_key_from_objref (obj); + OBJECT_KEY key; + key.orbid_ = orb_id; + key.adapter_id_ = adapter_id; + key.oid_ = object_id; // bind it into the access_map_, replacing anything that's there. // LOCK THE MAP! @@ -236,10 +265,15 @@ TAO::Security::AccessDecision::add_object (CORBA::Object_ptr obj, } void -TAO::Security::AccessDecision::remove_object (CORBA::Object_ptr obj) +TAO::Security::AccessDecision::remove_object + (const char * orb_id, + const ::CORBA::OctetSeq & adapter_id, + const ::CORBA::OctetSeq & object_id) { - // make a key from 'obj' - OBJECT_KEY key = this->map_key_from_objref (obj); + OBJECT_KEY key; + key.orbid_ = orb_id; + key.adapter_id_ = adapter_id; + key.oid_ = object_id; ACE_Hash hash; diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h index 5646410dac0..32da7a31219 100644 --- a/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_SecurityManager.h @@ -58,7 +58,7 @@ namespace TAO /*! Constructor */ AccessDecision (/* not yet known */); ~AccessDecision (void); - + virtual ::CORBA::Boolean access_allowed ( const ::SecurityLevel2::CredentialsList & cred_list, ::CORBA::Object_ptr target, @@ -76,9 +76,14 @@ namespace TAO virtual ::CORBA::Boolean default_decision (void); virtual void default_decision (::CORBA::Boolean d); - virtual void add_object (::CORBA::Object_ptr obj, - ::CORBA::Boolean allow_insecure_access); - virtual void remove_object (::CORBA::Object_ptr obj); + virtual void add_object (const char * orbid, + const ::CORBA::OctetSeq & adapter_id, + const ::CORBA::OctetSeq & object_id, + ::CORBA::Boolean allow_insecure_access); + + virtual void remove_object (const char * orbid, + const ::CORBA::OctetSeq & adapter_id, + const ::CORBA::OctetSeq & object_id); private: /*! @@ -112,7 +117,7 @@ namespace TAO CORBA::ULong hash() const; // operator kind of like a "toString()" for debug statements - operator const char* () const; + operator const char * () const; }; typedef ReferenceKeyType OBJECT_KEY; // This is typedef'd because we might try to do something fancier @@ -128,7 +133,7 @@ namespace TAO ACE_Equal_To, ACE_Null_Mutex> // not sure this is right ACCESS_MAP_TYPE; - + ACCESS_MAP_TYPE access_map_; // Lock for accessing the map. It may be possible to get away with @@ -139,11 +144,18 @@ namespace TAO private: /*! * @brief Encapsulates a TAO-specific way to do object_to_string() without having an ORB reference handy. - * + * * @note If OBJECT_KEY changes as described above, this should change * so that it generates an OBJECT_KEY. */ OBJECT_KEY map_key_from_objref (CORBA::Object_ptr obj); + + // + // This is the private implementation that is common to both + // access_allowed and access_allowed_ex. + ::CORBA::Boolean access_allowed_i (OBJECT_KEY& key, + const char *operation_name); + }; /** diff --git a/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl b/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl index 4aad2543911..c59afee58bc 100644 --- a/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl +++ b/TAO/orbsvcs/orbsvcs/SecurityLevel2.idl @@ -291,9 +291,13 @@ module TAO { /*! Establish whether a particular object can be accessed via insecure means. */ - void add_object (in Object obj, - in boolean allow_insecure_access); - void remove_object (in Object obj); + void add_object (in ::CORBA::ORBid orb_id, + in ::CORBA::OctetSeq adapter_id, + in ::CORBA::OctetSeq object_id, + in boolean allow_insecure_access); + void remove_object (in ::CORBA::ORBid orb_id, + in ::CORBA::OctetSeq adapter_id, + in ::CORBA::OctetSeq object_id); // Should there be some kind of "find" interface? }; diff --git a/TAO/orbsvcs/tests/Security/mixed_security_test/server.cpp b/TAO/orbsvcs/tests/Security/mixed_security_test/server.cpp index c26bbcff395..b55a5f3a268 100644 --- a/TAO/orbsvcs/tests/Security/mixed_security_test/server.cpp +++ b/TAO/orbsvcs/tests/Security/mixed_security_test/server.cpp @@ -73,7 +73,7 @@ init_and_setup (int& argc, orb = CORBA::ORB_init (argc, argv); rootpoa = rir (orb, "RootPOA"); poamgr = rootpoa->the_POAManager(); - + sl3current = rir(orb, "SecurityLevel3:SecurityCurrent"); @@ -157,12 +157,16 @@ main (int argc, char *argv[]) // 3. Create servant #2 of Foo_i, and its associated Object ACE_NEW_RETURN (server2, Foo_i (orb.in(), sl3current.in()), 1); - Foo::Bar_var server2_obj = server2->_this (); + + Foo::Bar_var server2_obj = server2->_this(); ACE_DEBUG ((LM_DEBUG, "mixed_security/server: " "created servant/object #2\n")); // 4. add servant #2's Object reference to the "permitted" list. - sl2ad->add_object (server2_obj.in(), true); + PortableServer::ObjectId_var oid = rootpoa->servant_to_id (server2); + CORBA::OctetSeq_var poaid = rootpoa->id(); + CORBA::String_var orbid = orb->id(); + sl2ad->add_object (orbid.in(), poaid.in(), oid.in(), true); ACE_DEBUG ((LM_DEBUG, "mixed_security/server: " "added object #2 as a permitted reference for " "non-secure invocations\n")); @@ -177,7 +181,7 @@ main (int argc, char *argv[]) // 6. activate the POA manager poamgr->activate (); - + // 7. run the orb. ACE_DEBUG ((LM_DEBUG, "mixed_security/server: " "running the orb\n")); -- cgit v1.2.1