#include <SL2_SecurityManager.h>
Inheritance diagram for TAO::Security::AccessDecision:
Public Member Functions | |
| AccessDecision () | |
| ~AccessDecision (void) | |
| virtual::CORBA::Boolean | access_allowed (const::SecurityLevel2::CredentialsList &cred_list,::CORBA::Object_ptr target, const char *operation_name, const char *target_interface_name) |
| virtual::CORBA::Boolean | access_allowed_ex (const char *orb_id, const::CORBA::OctetSeq &adapter_id, const::CORBA::OctetSeq &object_id, const::SecurityLevel2::CredentialsList &cred_list, const char *operation_name) |
| virtual::CORBA::Boolean | default_decision (void) |
| virtual void | default_decision (::CORBA::Boolean d) |
| virtual void | add_object (const char *orbid, const::CORBA::OctetSeq &adapter_id, const::CORBA::OctetSeq &object_id,::CORBA::Boolean allow_insecure_access) |
| virtual void | remove_object (const char *orbid, const::CORBA::OctetSeq &adapter_id, const::CORBA::OctetSeq &object_id) |
Private Types | |
| typedef ReferenceKeyType | OBJECT_KEY |
| typedef ACE_Hash_Map_Manager_Ex< OBJECT_KEY, CORBA::Boolean, ACE_Hash< OBJECT_KEY >, ACE_Equal_To< OBJECT_KEY >, ACE_Null_Mutex > | ACCESS_MAP_TYPE |
Private Member Functions | |
| OBJECT_KEY | map_key_from_objref (CORBA::Object_ptr obj) |
| Encapsulates a TAO-specific way to do object_to_string() without having an ORB reference handy. | |
| ::CORBA::Boolean | access_allowed_i (OBJECT_KEY &key, const char *operation_name) |
Private Attributes | |
| ::CORBA::Boolean | default_allowance_decision_ |
| ACCESS_MAP_TYPE | access_map_ |
| TAO_SYNCH_MUTEX | map_lock_ |
|
|
Definition at line 135 of file SL2_SecurityManager.h. |
|
|
Definition at line 122 of file SL2_SecurityManager.h. Referenced by access_allowed(), access_allowed_ex(), access_allowed_i(), add_object(), and remove_object(). |
|
|
Constructor Definition at line 128 of file SL2_SecurityManager.cpp. References default_allowance_decision_.
00129 : default_allowance_decision_ (false) 00130 { 00131 } |
|
|
Definition at line 133 of file SL2_SecurityManager.cpp.
00134 {
00135 }
|
|
||||||||||||||||||||
|
Definition at line 203 of file SL2_SecurityManager.cpp. References OBJECT_KEY.
00207 {
00208 // @@ I still don't know what we do with the cred_list in here...
00209 // Do we inspect it?
00210
00211 // Turn the target into what we'll use as a key into the map.
00212 OBJECT_KEY key = this->map_key_from_objref (target);
00213 return this->access_allowed_i (key, operation_name);
00214 }
|
|
||||||||||||||||||||||||
|
Definition at line 186 of file SL2_SecurityManager.cpp. References access_allowed_i(), TAO::Security::AccessDecision::ReferenceKeyType::adapter_id_, SecurityLevel2::CredentialsList, OBJECT_KEY, TAO::Security::AccessDecision::ReferenceKeyType::oid_, and TAO::Security::AccessDecision::ReferenceKeyType::orbid_.
00192 {
00193 OBJECT_KEY key;
00194 key.orbid_ = orb_id;
00195 key.adapter_id_ = adapter_id;
00196 key.oid_ = object_id;
00197
00198 return this->access_allowed_i (key, operation_name);
00199 }
|
|
||||||||||||
|
Definition at line 148 of file SL2_SecurityManager.cpp. References access_map_, ACE_DEBUG, ACE_GUARD_RETURN, default_allowance_decision_, ACE_Hash_Map_Manager_Ex< EXT_ID, INT_ID, HASH_KEY, COMPARE_KEYS, ACE_LOCK >::find(), LM_DEBUG, OBJECT_KEY, TAO_debug_level, and TAO_SYNCH_MUTEX. Referenced by access_allowed_ex().
00150 {
00151 // LOCK THE MAP!
00152 ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, guard, this->map_lock_,
00153 this->default_allowance_decision_);
00154
00155 ACE_Hash<OBJECT_KEY> hash;
00156
00157 // Look up the target in access_map_; if there, return the value,
00158 // otherwise return the default value.
00159 CORBA::Boolean access_decision;
00160 if (this->access_map_.find (key, access_decision) == -1)
00161 {
00162 // Couldn't find the IOR in the map, so we use the default
00163 access_decision = this->default_allowance_decision_;
00164 if (TAO_debug_level >= 3)
00165 ACE_DEBUG ((LM_DEBUG,
00166 "TAO (%P|%t) SL2_AccessDecision::access_decision(%x,%s)"
00167 " NOT FOUND using default %d\n",
00168 hash.operator()(key),
00169 operation_name, access_decision));
00170 }
00171 else if (TAO_debug_level >= 3)
00172 {
00173 ACE_DEBUG ((LM_DEBUG,
00174 "TAO (%P|%t) SL2_AccessDecision::access_decision(%x,%s)"
00175 " found with decision %d\n",
00176 hash.operator()(key),
00177 operation_name, access_decision));
00178 }
00179
00180 // For now we just return the default.
00181 return access_decision;
00182
00183 }
|
|
||||||||||||||||||||
|
Definition at line 218 of file SL2_SecurityManager.cpp. References ACE_DEBUG, ACE_GUARD, TAO::Security::AccessDecision::ReferenceKeyType::adapter_id_, LM_DEBUG, OBJECT_KEY, TAO::Security::AccessDecision::ReferenceKeyType::oid_, TAO::Security::AccessDecision::ReferenceKeyType::orbid_, TAO_debug_level, and TAO_SYNCH_MUTEX.
00222 {
00223 // make a key from 'obj'
00224 OBJECT_KEY key;
00225 key.orbid_ = orb_id;
00226 key.adapter_id_ = adapter_id;
00227 key.oid_ = object_id;
00228
00229 // bind it into the access_map_, replacing anything that's there.
00230 // LOCK THE MAP!
00231 ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->map_lock_);
00232
00233 ACE_Hash<OBJECT_KEY> hash;
00234
00235 // Since we want to replace any existing entry in the map, we just
00236 // use rebind.
00237 errno = 0; // Not sure if this gets set if rebind fails...it only
00238 // appears to fail when an allocation thru the allocator's
00239 // malloc() fails. Depending on the malloc() implementation,
00240 // errno could get set OR an exception thrown.
00241 int ret = this->access_map_.rebind (key, allow_insecure_access);
00242 if (ret == -1)
00243 {
00244 // rebind shouldn't fail under normal circumstances
00245 if (TAO_debug_level > 1)
00246 ACE_DEBUG ((LM_DEBUG,
00247 "TAO (%P|%t): SL2_AccessDecision::add_object(%x,%d) "
00248 "unexpectedly failed (errno=%d)\n",
00249 hash.operator()(key),
00250 allow_insecure_access,
00251 errno));
00252 throw
00253 CORBA::NO_MEMORY(CORBA::SystemException::_tao_minor_code (TAO::VMCID,
00254 errno),
00255 CORBA::COMPLETED_NO);
00256 }
00257 else
00258 {
00259 if (TAO_debug_level >= 3)
00260 ACE_DEBUG ((LM_DEBUG,
00261 "TAO (%P|%t): SL2_AccessDecision::add_object(%x,%d) okay\n",
00262 hash.operator()(key),
00263 allow_insecure_access));
00264 }
00265 }
|
|
|
Definition at line 320 of file SL2_SecurityManager.cpp. References default_allowance_decision_.
00321 {
00322 this->default_allowance_decision_ = d;
00323 }
|
|
|
Definition at line 314 of file SL2_SecurityManager.cpp. References default_allowance_decision_.
00315 {
00316 return this->default_allowance_decision_;
00317 }
|
|
|
Encapsulates a TAO-specific way to do object_to_string() without having an ORB reference handy.
Definition at line 138 of file SL2_SecurityManager.cpp. References ACE_ERROR, and LM_ERROR.
00139 {
00140 ACE_ERROR ((LM_ERROR, "map_key_from_objref is currently not implemented\n"));
00141 throw CORBA::NO_IMPLEMENT();
00142
00143 // OBJECT_KEY key;
00144 // return key;
00145 }
|
|
||||||||||||||||
|
Definition at line 269 of file SL2_SecurityManager.cpp. References ACE_DEBUG, ACE_GUARD, TAO::Security::AccessDecision::ReferenceKeyType::adapter_id_, LM_DEBUG, OBJECT_KEY, TAO::Security::AccessDecision::ReferenceKeyType::oid_, TAO::Security::AccessDecision::ReferenceKeyType::orbid_, TAO_debug_level, and TAO_SYNCH_MUTEX.
00272 {
00273 OBJECT_KEY key;
00274 key.orbid_ = orb_id;
00275 key.adapter_id_ = adapter_id;
00276 key.oid_ = object_id;
00277
00278 ACE_Hash<OBJECT_KEY> hash;
00279
00280 // unbind it from access_map_, no matter if it's not in there...
00281 // LOCK THE MAP!
00282 ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->map_lock_);
00283
00284 errno = 0;
00285 int ret = this->access_map_.unbind (key);
00286 if (ret == -1)
00287 {
00288 if (errno == ENOENT)
00289 {
00290 // ignore b/c we don't care...maybe log a debug message for info
00291 if (TAO_debug_level >= 3)
00292 ACE_DEBUG ((LM_DEBUG,
00293 "TAO (%P|%t): SL2_AccessDecision::remove_object(%x) "
00294 "object not found in access map\n",
00295 hash.operator()(key)));
00296 }
00297 else
00298 {
00299 if (TAO_debug_level > 0)
00300 ACE_DEBUG ((LM_DEBUG,
00301 "TAO (%P|%t): SL2_AccessDecision::remove_object(%x) "
00302 " unexpected error during unbind from map (errno=%d\n)",
00303 hash.operator()(key),
00304 errno));
00305 throw
00306 CORBA::UNKNOWN (CORBA::SystemException::_tao_minor_code (TAO::VMCID,
00307 errno),
00308 CORBA::COMPLETED_NO);
00309 }
00310 }
00311 }
|
|
|
Definition at line 137 of file SL2_SecurityManager.h. Referenced by access_allowed_i(). |
|
|
This is the default value that's returned from access_allowed() when the access table doesn't contain an entry for the reference. Definition at line 93 of file SL2_SecurityManager.h. Referenced by access_allowed_i(), AccessDecision(), and default_decision(). |
|
|
Definition at line 142 of file SL2_SecurityManager.h. |
1.3.6