1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
// -*- IDL -*-
//
// $Id$
#ifndef _SECURITY_LEVEL_2_IDL_
#define _SECURITY_LEVEL_2_IDL_
#include <SecurityLevel1.idl>
#pragma prefix "omg.org"
module SecurityLevel2 {
# pragma version SecurityLevel2 1.8
// Forward declaration of interfaces
local interface PrincipalAuthenticator;
local interface Credentials;
local interface Current;
// Interface PrincipalAuthenticator
local interface PrincipalAuthenticator {
# pragma version PrincipalAuthenticator 1.8
Security::AuthenticationMethodList
get_supported_authen_methods(
in Security::MechanismType mechanism
);
Security::AuthenticationStatus authenticate (
in Security::AuthenticationMethod method,
in Security::MechanismType mechanism,
in Security::SecurityName security_name,
in any auth_data,
in Security::AttributeList privileges,
out Credentials creds,
out any continuation_data,
out any auth_specific_data
);
Security::AuthenticationStatus continue_authentication (
in any response_data,
in Credentials creds,
out any continuation_data,
out any auth_specific_data
);
};
// Interface Credentials
local interface Credentials {
# pragma version Credentials 1.8
Credentials copy ();
void destroy();
readonly attribute Security::InvocationCredentialsType
credentials_type;
readonly attribute Security::AuthenticationStatus
authentication_state;
readonly attribute Security::MechanismType mechanism;
attribute Security::AssociationOptions
accepting_options_supported;
attribute Security::AssociationOptions
accepting_options_required;
attribute Security::AssociationOptions
invocation_options_supported;
attribute Security::AssociationOptions
invocation_options_required;
boolean get_security_feature (
in Security::CommunicationDirection direction,
in Security::SecurityFeature feature
);
boolean set_attributes (
in Security::AttributeList requested_attributes,
out Security::AttributeList actual_attributes
);
Security::AttributeList get_attributes (
in Security::AttributeTypeList attributes
);
boolean is_valid (out Security::UtcT expiry_time);
boolean refresh (in any refresh_data);
};
typedef sequence <Credentials> CredentialsList;
local interface ReceivedCredentials : Credentials {
# pragma version ReceivedCredentials 1.8
readonly attribute Credentials accepting_credentials;
readonly attribute Security::AssociationOptions
association_options_used;
readonly attribute Security::DelegationState delegation_state;
readonly attribute Security::DelegationMode delegation_mode;
};
local interface TargetCredentials : Credentials {
# pragma version TargetCredentials 1.8
readonly attribute Credentials initiating_credentials;
readonly attribute Security::AssociationOptions
association_options_used;
};
// RequiredRights Interface
interface RequiredRights {
void get_required_rights(
in Object obj,
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
out Security::RightsList rights,
out Security::RightsCombinator rights_combinator
);
void set_required_rights(
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
in Security::RightsList rights,
in Security::RightsCombinator rights_combinator
);
};
// interface audit channel
local interface AuditChannel {
# pragma version AuditChannel 1.8
void audit_write (
in Security::AuditEventType event_type,
in CredentialsList creds,
in Security::UtcT time,
in Security::SelectorValueList descriptors,
in any event_specific_data
);
readonly attribute Security::AuditChannelId audit_channel_id;
};
// interface for Audit Decision
local interface AuditDecision {
# pragma version AuditDecision 1.8
boolean audit_needed (
in Security::AuditEventType event_type,
in Security::SelectorValueList value_list
);
readonly attribute AuditChannel audit_channel;
};
local interface AccessDecision {
# pragma version AccessDecision 1.8
boolean access_allowed (
in SecurityLevel2::CredentialsList cred_list,
in Object target,
in CORBA::Identifier operation_name,
in CORBA::Identifier target_interface_name
);
};
// Policy interfaces to control bindings
local interface QOPPolicy : CORBA::Policy {
# pragma version QOPPolicy 1.8
readonly attribute Security::QOP qop;
};
local interface MechanismPolicy : CORBA::Policy {
# pragma version MechanismPolicy 1.8
readonly attribute Security::MechanismTypeList mechanisms;
};
local interface InvocationCredentialsPolicy : CORBA::Policy {
# pragma version InvocationCredentialsPolicy 1.8
readonly attribute CredentialsList creds;
};
local interface EstablishTrustPolicy : CORBA::Policy {
# pragma version EstablishTrustPolicy 1.8
readonly attribute Security::EstablishTrust trust;
};
local interface DelegationDirectivePolicy : CORBA::Policy {
# pragma version DelegationDirectivePolicy 1.8
readonly attribute Security::DelegationDirective delegation_directive;
};
local interface SecurityManager {
# pragma version SecurityManager 1.8
// Process/Capsule/ORB Instance specific operations
readonly attribute Security::MechandOptionsList
supported_mechanisms;
readonly attribute CredentialsList own_credentials;
readonly attribute RequiredRights
required_rights_object;
readonly attribute PrincipalAuthenticator
principal_authenticator;
readonly attribute AccessDecision
access_decision;
readonly attribute AuditDecision
audit_decision;
TargetCredentials get_target_credentials (
in Object obj_ref
);
void remove_own_credentials(
in Credentials creds
);
CORBA::Policy get_security_policy (
in CORBA::PolicyType policy_type
);
};
// Interface Current derived from SecurityLevel1::Current providing
// additional operations on Current at this security level.
// This is implemented by the ORB
local interface Current : SecurityLevel1::Current {
# pragma version Current 1.8
// Thread specific
readonly attribute ReceivedCredentials received_credentials;
};
};
#pragma prefix ""
#endif /* _SECURITY_LEVEL_2_IDL_ */
|