From 594d84a9c3061c781c8245bb1af6fb24314c0902 Mon Sep 17 00:00:00 2001 From: Ossama Othman Date: Sun, 18 Mar 2001 09:57:44 +0000 Subject: ChangeLogTag:Sun Mar 18 01:53:42 2001 Ossama Othman --- TAO/ChangeLogs/ChangeLog-02a | 24 ++++ TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp | 92 +++++++++++++ TAO/orbsvcs/orbsvcs/Security/Security_Current.h | 147 +++++++++++++++++++++ TAO/orbsvcs/orbsvcs/Security/Security_Current.inl | 22 +++ .../orbsvcs/Security/Security_Current_Impl.cpp | 12 ++ .../orbsvcs/Security/Security_Current_Impl.h | 81 ++++++++++++ .../orbsvcs/Security/Security_ORBInitializer.cpp | 134 +++++++++++++++++++ .../orbsvcs/Security/Security_ORBInitializer.h | 71 ++++++++++ 8 files changed, 583 insertions(+) create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_Current.h create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_Current.inl create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp create mode 100644 TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h diff --git a/TAO/ChangeLogs/ChangeLog-02a b/TAO/ChangeLogs/ChangeLog-02a index 5ac414c1dde..655182b8af1 100644 --- a/TAO/ChangeLogs/ChangeLog-02a +++ b/TAO/ChangeLogs/ChangeLog-02a @@ -1,3 +1,27 @@ +Sun Mar 18 01:53:42 2001 Ossama Othman + + * Makefile.SSLIOP: + * Makefile.Security: + M SSLIOP/SSLIOP_Connection_Handler.cpp + M SSLIOP/SSLIOP_Connector.cpp + M SSLIOP/SSLIOP_Current.cpp + M SSLIOP/SSLIOP_Current.inl + M SSLIOP/SSLIOP_Current_Impl.cpp + M SSLIOP/SSLIOP_Current_Impl.h + M SSLIOP/SSLIOP_Factory.cpp + M SSLIOP/SSLIOP_Factory.h + M SSLIOP/SSLIOP_ORBInitializer.cpp + M SSLIOP/SSLIOP_ORBInitializer.h + M SSLIOP/SSLIOP_Profile.cpp + M SSLIOP/SSLIOP_Profile.h + A Security/Security_Current.cpp + A Security/Security_Current.h + A Security/Security_Current.inl + A Security/Security_Current_Impl.cpp + A Security/Security_Current_Impl.h + A Security/Security_ORBInitializer.cpp + A Security/Security_ORBInitializer.h + Sat Mar 17 14:33:23 2001 Carlos O'Ryan * orbsvcs/examples/CosEC/Simple/Makefile: diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp new file mode 100644 index 00000000000..9becba79e1c --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp @@ -0,0 +1,92 @@ +// -*- C++ -*- + +#include "Security_Current.h" + +ACE_RCSID (TAO_Security, + Security_Current, + "$Id$") + +#if !defined (__ACE_INLINE__) +# include "Security_Current.inl" +#endif /* __ACE_INLINE__ */ + +TAO_Security_Current::TAO_Security_Current (size_t tss_slot, + const char *orb_id) + : tss_slot_ (tss_slot), + orb_id_ (orb_id), + orb_core_ (0) +{ +} + +TAO_Security_Current::~TAO_Security_Current (void) +{ +} + +Security::AttributeList * +TAO_Security_Current::get_attributes ( + const Security::AttributeTypeList &attributes, + CORBA::Environment &ACE_TRY_ENV) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO_Security_Current_Impl *impl = this->implementation (); + + // If the implementation pointer returned from TSS is zero, then + // we're not in the middle of a request/upcall. Throw an exception + // to indicate that. + if (impl == 0) + ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), 0); + + return impl->get_attributes (attributes, ACE_TRY_ENV); +} + +SecurityLevel2::ReceivedCredentials_ptr +TAO_Security_Current::received_credentials ( + CORBA::Environment &ACE_TRY_ENV) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO_Security_Current_Impl *impl = this->implementation (); + + // If the implementation pointer returned from TSS is zero, then + // we're not in the middle of a request/upcall. Throw an exception + // to indicate that. + if (impl == 0) + ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), 0); + + return impl->received_credentials (ACE_TRY_ENV); +} + +int +TAO_Security_Current::init (void) +{ + int result = 0; + + ACE_DECLARE_NEW_CORBA_ENV; + ACE_TRY + { + int argc = 0; + char **argv = 0; + CORBA::ORB_var orb = CORBA::ORB_init (argc, + argv, + this->orb_id_.in (), + ACE_TRY_ENV); + ACE_TRY_CHECK; + + this->orb_core_ = orb.in ()->orb_core (); + + // No longer need the ORBid, so reclaim the memory it was + // occupying. + (void) this->orb_id_.out (); + } + ACE_CATCHANY + { + if (TAO_debug_level >= 1) + ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, + "Could not initialize SecurityCurrent:"); + + result = -1; + } + ACE_ENDTRY; + ACE_CHECK_RETURN (-1); + + return result; +} diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current.h b/TAO/orbsvcs/orbsvcs/Security/Security_Current.h new file mode 100644 index 00000000000..b0b0087fb9c --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current.h @@ -0,0 +1,147 @@ +// -*- C++ -*- + +// =================================================================== +/** + * @file Security_Current.h + * + * $Id$ + * + * @author Ossama Othman + */ +// =================================================================== + +#ifndef TAO_SECURITY_CURRENT_H +#define TAO_SECURITY_CURRENT_H + +#include "ace/pre.h" + +#include "security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/SecurityLevel2C.h" +#include "tao/ORB_Core.h" + +#include "Security_Current_Impl.h" + +// This is to remove "inherits via dominance" warnings from MSVC. +// MSVC is being a little too paranoid. +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + +/** + * @class TAO_Security_Current + * + * @brief Implementation of the SecurityLevel2::Current interface. + * + * This object can be used to obtain session related security + * information about the current execution context. + */ +class TAO_Security_Export TAO_Security_Current + : public SecurityLevel2::Current, + public TAO_Local_RefCounted_Object +{ +public: + + /// Constructor. + TAO_Security_Current (size_t tss_slot, const char *orb_id); + + /** + * @name SecurityLevel1::Current Methods + * + * These methods are founds in the SecurityLevel1::Current + * interface. + */ + //@{ + /// Return the security attributes corresponding to the types in the + /// given attribute type list associated with the current request. + virtual Security::AttributeList * get_attributes ( + const Security::AttributeTypeList & attributes, + CORBA::Environment &ACE_TRY_ENV = TAO_default_environment ()) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /** + * @name SecurityLevel2::Current Methods + * + * These methods are founds in the SecurityLevel2::Current + * interface. + */ + //@{ + /// Return the Credentials received from the client associate with + /// the current request. + virtual SecurityLevel2::ReceivedCredentials_ptr received_credentials ( + CORBA::Environment &ACE_TRY_ENV = TAO_default_environment ()) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /// Return the TSS slot ID assigned to the "SecurityCurrent" object. + /** + * The concrete TSS SecurityCurrent implementations will each use + * this slot ID. + */ + size_t tss_slot (void) const; + +protected: + + /// Destructor + /// Protected to force allocation on the heap. + ~TAO_Security_Current (void); + + /// Fully initialize this object. This method is used predominantly + /// to set the ORB core pointer. + int init (void); + + /// Set the TSS Security::Current implementation. + /** + * The pointer is actually one to a concrete implementation provided + * by the underlying security mechanism. For example, SSLIOP + * implements the SecurityLevel2::Current interface. Similarly, + * SECIOP would do the same. + * + * There is no function that places the implementation pointer in + * TSS. The underlying security mechanism does that. + */ + TAO_Security_Current_Impl *implementation (void); + +private: + + /// Prevent copying through the copy constructor and the assignment + /// operator. + //@{ + ACE_UNIMPLEMENTED_FUNC ( + TAO_Security_Current (const TAO_Security_Current &)) + ACE_UNIMPLEMENTED_FUNC (void operator= (const TAO_Security_Current &)) + //@} + +private: + + /// TSS slot assigned to this object. + size_t tss_slot_; + + /// The ORBid of the ORB with which this object is registered. + CORBA::String_var orb_id_; + + /// Pointer to the ORB Core corresponding to the ORB with which this + /// object is registered. + TAO_ORB_Core *orb_core_; + +}; + +#if defined (__ACE_INLINE__) +# include "Security_Current.inl" +#endif /* __ACE_INLINE__ */ + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SECURITY_CURRENT_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl b/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl new file mode 100644 index 00000000000..67dca1a858c --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl @@ -0,0 +1,22 @@ +// -*- C++ -*- +// +// $Id$ + +ACE_INLINE size_t +TAO_Security_Current::tss_slot (void) const +{ + return this->tss_slot_; +} + +ACE_INLINE TAO_Security_Current_Impl * +TAO_Security_Current::implementation (void) +{ + if (this->orb_core_ == 0 && this->init () != 0) + return 0; + + TAO_Security_Current_Impl *impl = + ACE_static_cast (TAO_Security_Current_Impl *, + this->orb_core_->get_tss_resource (this->tss_slot_)); + + return impl; +} diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp new file mode 100644 index 00000000000..a5635bb4954 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp @@ -0,0 +1,12 @@ +// -*- C++ -*- + +#include "Security_Current_Impl.h" + +ACE_RCSID (TAO_Security, + Security_Current_Impl, + "$Id$") + + +TAO_Security_Current_Impl::~TAO_Security_Current_Impl (void) +{ +} diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h new file mode 100644 index 00000000000..ad0f8d40a2f --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h @@ -0,0 +1,81 @@ +// -*- C++ -*- + +// =================================================================== +/** + * @file Security_Current_Impl.h + * + * $Id$ + * + * @author Ossama Othman + */ +// =================================================================== + +#ifndef TAO_SECURITY_CURRENT_IMPL_H +#define TAO_SECURITY_CURRENT_IMPL_H + +#include "ace/pre.h" + +#include "ace/config-all.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/SecurityLevel2C.h" + +/** + * @class TAO_Security_Current_Impl + * + * @brief Base class for the TSS portion of any underlying security + * mechanism. + * + * This class provides the same interface as the + * SecurityLevel2::Current object. However, it is not derived from + * that interface since we need to explicitly avoid virtual + * inheritance so that it is safe to store subclasses in a "void *" + * and later cast that pointer back to the subclass pointer type. + */ +class TAO_Security_Current_Impl +{ +public: + + /// Destructor. + virtual ~TAO_Security_Current_Impl (void); + + /** + * @name SecurityLevel1::Current Methods + * + * These methods are founds in the SecurityLevel1::Current + * interface. + */ + //@{ + /// Return the security attributes corresponding to the types in the + /// given attribute type list associated with the current request. + virtual Security::AttributeList * get_attributes ( + const Security::AttributeTypeList & attributes, + CORBA::Environment &ACE_TRY_ENV) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; + //@} + + /** + * @name SecurityLevel2::Current Methods + * + * These methods are founds in the SecurityLevel2::Current + * interface. + */ + //@{ + /// Return the Credentials received from the client associate with + /// the current request. + virtual SecurityLevel2::ReceivedCredentials_ptr received_credentials ( + CORBA::Environment &ACE_TRY_ENV) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; + //@} + + /// Return the unique tag that identifies the concrete subclass. + virtual CORBA::ULong tag (void) const = 0; + +}; + +#include "ace/post.h" + +#endif /* TAO_SECURITY_CURRENT_IMPL_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp new file mode 100644 index 00000000000..3c56268e921 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp @@ -0,0 +1,134 @@ +// -*- C++ -*- + +#include "Security_ORBInitializer.h" + +ACE_RCSID (TAO_Security, + Security_ORBInitializer, + "$Id$") + +#include "tao/ORBInitInfo.h" + +//#include "Security_PolicyFactory.h" +#include "Security_Current.h" + + +void +TAO_Security_ORBInitializer::pre_init ( + PortableInterceptor::ORBInitInfo_ptr info + TAO_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO_ENV_ARG_DEFN; + + // @@ This is busted. TAO_ORBInitInfo should do proper reference + // counting. + // Narrow to a TAO_ORBInitInfo object to get access to the + // allocate_tss_slot_id() TAO extension. + TAO_ORBInitInfo *tao_info = TAO_ORBInitInfo::_narrow (info, + ACE_TRY_ENV); + ACE_CHECK; + + if (tao_info == 0) + { + if (TAO_debug_level > 0) + ACE_ERROR ((LM_ERROR, + "(%P|%t) Security_ORBInitializer::post_init:\n" + "(%P|%t) Unable to narrow " + "\"PortableInterceptor::ORBInitInfo_ptr\" to\n" + "(%P|%t) \"TAO_ORBInitInfo *.\"\n")); + + ACE_THROW (CORBA::INTERNAL ()); + } + + // Reserve a TSS slot in the ORB core internal TSS resources for the + // thread-specific portion of Security::Current. + size_t tss_slot = tao_info->allocate_tss_slot_id (0, + ACE_TRY_ENV); + ACE_CHECK; + + CORBA::String_var orb_id = info->orb_id (ACE_TRY_ENV); + ACE_CHECK; + + // Create the SecurityLevel2::Current object. + SecurityLevel2::Current_ptr current = SecurityLevel2::Current::_nil (); + ACE_NEW_THROW_EX (current, + TAO_Security_Current (tss_slot, orb_id.in ()), + CORBA::NO_MEMORY ( + CORBA_SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + ENOMEM), + CORBA::COMPLETED_NO)); + ACE_CHECK; + + SecurityLevel2::Current_var security_current = current; + + // Register the SecurityLevel2::Current object reference with the + // ORB. + info->register_initial_reference ("SecurityCurrent", + security_current.in (), + ACE_TRY_ENV); + ACE_CHECK; +} + +void +TAO_Security_ORBInitializer::post_init ( + PortableInterceptor::ORBInitInfo_ptr + TAO_ENV_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // @todo: Secure invocation policy support should hopefully be + // ready for TAO 1.2. +#if 0 + this->register_policy_factories (info, + ACE_TRY_ENV); + ACE_CHECK; +#endif /* 0 */ +} + +// @todo: Secure invocation policy support should hopefully be +// ready for TAO 1.2. +#if 0 +void +TAO_Security_ORBInitializer::register_policy_factories ( + PortableInterceptor::ORBInitInfo_ptr info, + CORBA::Environment &ACE_TRY_ENV) +{ + /// Register the Security policy factories. + PortableInterceptor::PolicyFactory_ptr temp_factory = + PortableInterceptor::PolicyFactory::_nil (); + PortableInterceptor::PolicyFactory_var policy_factory; + + // ---------------------------------------------------------------- + // This policy factory is used for all SecureInvocation related + // policies. + ACE_NEW_THROW_EX (temp_factory, + TAO_SecureInvocationPolicyFactory, + CORBA::NO_MEMORY ( + CORBA::SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + ENOMEM), + CORBA::COMPLETED_NO)); + ACE_CHECK; + + policy_factory = temp_factory; + + // Bind the same policy factory to all SecureInvocation related + // policy types since a single policy factory is used to create each + // of the different types of SecureInvocation policies. + + CORBA::PolicyType type; + + type = Security::SecClientSecureInvocation; + info->register_policy_factory (type, + policy_factory.in (), + ACE_TRY_ENV); + ACE_CHECK; + + type = Security::SecTargetSecureInvocation; + info->register_policy_factory (type, + policy_factory.in (), + ACE_TRY_ENV); + ACE_CHECK; + // ---------------------------------------------------------------- +} +#endif /* 0 */ diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h new file mode 100644 index 00000000000..c65abbb24df --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h @@ -0,0 +1,71 @@ +// -*- C++ -*- +// +// $Id$ + +// ============================================================================ +// +// = LIBRARY +// TAO +// +// = FILENAME +// Security_ORBInitializer.h +// +// = AUTHOR +// Ossama Othman +// +// ============================================================================ + +#ifndef TAO_SECURITY_ORB_INITIALIZER_H +#define TAO_SECURITY_ORB_INITIALIZER_H + +#include "ace/pre.h" + +#include "security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "tao/PortableInterceptorC.h" +#include "tao/LocalObject.h" + +// This is to remove "inherits via dominance" warnings from MSVC. +// MSVC is being a little too paranoid. +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + +/// Security ORB initializer. +class TAO_Security_Export TAO_Security_ORBInitializer + : public virtual PortableInterceptor::ORBInitializer, + public virtual TAO_Local_RefCounted_Object +{ +public: + + virtual void pre_init (PortableInterceptor::ORBInitInfo_ptr info + TAO_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void post_init (PortableInterceptor::ORBInitInfo_ptr info + TAO_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + +private: + + /// Register Security policy factories. + void register_policy_factories ( + PortableInterceptor::ORBInitInfo_ptr info, + CORBA::Environment &ACE_TRY_ENV); + +}; + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SECURITY_ORB_INITIALIZER_H */ -- cgit v1.2.1