1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
// $Id$
#include "SLevel1_Test_i.h"
#if !defined(__ACE_INLINE__)
#include "test_i.i"
#endif /* __ACE_INLINE__ */
ACE_RCSID (SecurityLevel1,
SLevel1_Test_i,
"$Id$")
static int authorize_1 = 1;
static int authorize_2 = 1;
CORBA::Boolean
SLevel1_Server_i::authorize_level1 (TAO_ENV_SINGLE_ARG_DECL)
ACE_THROW_SPEC ((CORBA::SystemException))
{
/// Get a reference to the SecurityCurrent object.
CORBA::Object_var obj =
orb->resolve_initial_references ("SecurityCurrent" TAO_ENV_ARG_PARAMETER);
ACE_CHECK_RETURN (0);
/// Narrow it down correctly.
SecurityLevel1::Current_var current =
SecurityLevel1::Current::_narrow (obj.in ());
/// Check for nil reference.
if (CORBA::is_nil (current.in ()))
ACE_ERROR_RETURN ((LM_ERROR,
" (%P|%t) Unable to initialize the SecurityCurrent object\n"),
1);
Security::AttributeType desired_attribute_1;
/// @@ Need to check more abt this variable
desired_attribute.attribute_family.family_definer = 0;
/// Implies Privilege Attributes
desired_attribute.attribute_family.family = 1;
/// AccessId: the identity of the principal used for access
/// control
desired_attribute.attibute_type = 2;
// Second desired attribute
Security::AttributeType desired_attribute_2;
/// @@ Need to check more abt this variable
desired_attribute.attribute_family.family_definer = 0;
/// Implies Privilege Attributes.
desired_attribute.attribute_family.family = 1;
/// Primary Group ID.
/// @@ I am not sure if Ossama will have all these attribute types
/// If it is not the same, one might have to change the comments
/// to show the attribute_type that is checked and change the
/// number accordingly.
desired_attribute.attibute_type = 3;
/// Define the AttributeTypeList
Security::AttributeTypeList attribute_type_list;
attribute_type_list.length (2);
attribute_type_list[0] = &desired_attribute_1;
attribute_type_list[1] = &desired_attribute_2;
/// Get the desired security attributes
Security::AttributeList_var attribute_list =
current->get_attributes (attribute_type_list);
/* @@ What did we do till now ??
* We set attribute_type_list so that we get the values of
* the variables we are interested in. Depending on how Ossama
* implements, the valid values of family_definer, family and the
* attribute type and its values all change .. but the process is
* similar.
* The type which is returned from the get_attribute method is a
* sequence of the AttributeList struct. This struct has three
* members: the attribute type, the defining_authority and the
* value of the attribute type.
*
* @@ What should we do now ??
* Compare the returned values with the values we, as in the
* server, decided and check if they are the same.
* Once we retrieve this sequence, we can invoke a method which
* has a generic list of attribute_types and corresponding values
* which are valid to authorize access to the requested
* invocation. Or complete this stuff with a single if condition
* make things easier.
*
*/
if ((attribute_type == 1) && (attribute_value == 10))
{
// Lets say, this is the valid case.
authorize_1 = 0;
}
/// If the owner of this invocation is authorized to invoke this
/// method, return 0 else return 1.
if (authorize_1 == 0)
return 0;
else
return 1;
}
CORBA::Boolean
SLevel1_Server_i::authorize_level2 (TAO_ENV_SINGLE_ARG_DECL_NOT_USED)
ACE_THROW_SPEC ((CORBA::SystemException))
{
/// If the owner of this invocation is authorized to invoke this
/// method, return 0 else return 1.
if (authorize_2 == 0)
return 0;
else
return 1;
}
|
