#include <SL2_SecurityManager.h>
Inheritance diagram for TAO::Security::AccessDecision:
Public Member Functions | |
| AccessDecision () | |
| ~AccessDecision (void) | |
| virtual ::CORBA::Boolean | access_allowed (const ::SecurityLevel2::CredentialsList &cred_list,::CORBA::Object_ptr target, const char *operation_name, const char *target_interface_name) |
| virtual ::CORBA::Boolean | access_allowed_ex (const char *orb_id, const ::CORBA::OctetSeq &adapter_id, const ::CORBA::OctetSeq &object_id, const ::SecurityLevel2::CredentialsList &cred_list, const char *operation_name) |
| virtual ::CORBA::Boolean | default_decision (void) |
| virtual void | default_decision (::CORBA::Boolean d) |
| virtual void | add_object (const char *orbid, const ::CORBA::OctetSeq &adapter_id, const ::CORBA::OctetSeq &object_id,::CORBA::Boolean allow_insecure_access) |
| virtual void | remove_object (const char *orbid, const ::CORBA::OctetSeq &adapter_id, const ::CORBA::OctetSeq &object_id) |
Private Types | |
| typedef ReferenceKeyType | OBJECT_KEY |
| typedef ACE_Hash_Map_Manager_Ex< OBJECT_KEY, CORBA::Boolean, ACE_Hash< OBJECT_KEY >, ACE_Equal_To< OBJECT_KEY >, ACE_Null_Mutex > | ACCESS_MAP_TYPE |
Private Member Functions | |
| OBJECT_KEY | map_key_from_objref (CORBA::Object_ptr obj) |
| Encapsulates a TAO-specific way to do object_to_string() without having an ORB reference handy. | |
| ::CORBA::Boolean | access_allowed_i (OBJECT_KEY &key, const char *operation_name) |
Private Attributes | |
| ::CORBA::Boolean | default_allowance_decision_ |
| ACCESS_MAP_TYPE | access_map_ |
| TAO_SYNCH_MUTEX | map_lock_ |
Classes | |
| struct | ReferenceKeyType |
Definition at line 53 of file SL2_SecurityManager.h.
typedef ACE_Hash_Map_Manager_Ex<OBJECT_KEY, CORBA::Boolean, ACE_Hash<OBJECT_KEY>, ACE_Equal_To<OBJECT_KEY>, ACE_Null_Mutex> TAO::Security::AccessDecision::ACCESS_MAP_TYPE [private] |
Definition at line 135 of file SL2_SecurityManager.h.
typedef ReferenceKeyType TAO::Security::AccessDecision::OBJECT_KEY [private] |
Definition at line 122 of file SL2_SecurityManager.h.
| TAO::Security::AccessDecision::AccessDecision | ( | ) |
Constructor
Definition at line 128 of file SL2_SecurityManager.cpp.
00129 : default_allowance_decision_ (false) 00130 { 00131 }
| TAO::Security::AccessDecision::~AccessDecision | ( | void | ) |
| CORBA::Boolean TAO::Security::AccessDecision::access_allowed | ( | const ::SecurityLevel2::CredentialsList & | cred_list, | |
| ::CORBA::Object_ptr | target, | |||
| const char * | operation_name, | |||
| const char * | target_interface_name | |||
| ) |
Definition at line 203 of file SL2_SecurityManager.cpp.
00207 { 00208 // @@ I still don't know what we do with the cred_list in here... 00209 // Do we inspect it? 00210 00211 // Turn the target into what we'll use as a key into the map. 00212 OBJECT_KEY key = this->map_key_from_objref (target); 00213 return this->access_allowed_i (key, operation_name); 00214 }
| CORBA::Boolean TAO::Security::AccessDecision::access_allowed_ex | ( | const char * | orb_id, | |
| const ::CORBA::OctetSeq & | adapter_id, | |||
| const ::CORBA::OctetSeq & | object_id, | |||
| const ::SecurityLevel2::CredentialsList & | cred_list, | |||
| const char * | operation_name | |||
| ) |
Definition at line 186 of file SL2_SecurityManager.cpp.
References access_allowed_i(), TAO::Security::AccessDecision::ReferenceKeyType::adapter_id_, TAO::Security::AccessDecision::ReferenceKeyType::oid_, and TAO::Security::AccessDecision::ReferenceKeyType::orbid_.
00192 { 00193 OBJECT_KEY key; 00194 key.orbid_ = orb_id; 00195 key.adapter_id_ = adapter_id; 00196 key.oid_ = object_id; 00197 00198 return this->access_allowed_i (key, operation_name); 00199 }
| CORBA::Boolean TAO::Security::AccessDecision::access_allowed_i | ( | OBJECT_KEY & | key, | |
| const char * | operation_name | |||
| ) | [private] |
Definition at line 148 of file SL2_SecurityManager.cpp.
References ACE_DEBUG, ACE_GUARD_RETURN, LM_DEBUG, TAO_debug_level, and TAO_SYNCH_MUTEX.
Referenced by access_allowed_ex().
00150 { 00151 // LOCK THE MAP! 00152 ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, guard, this->map_lock_, 00153 this->default_allowance_decision_); 00154 00155 ACE_Hash<OBJECT_KEY> hash; 00156 00157 // Look up the target in access_map_; if there, return the value, 00158 // otherwise return the default value. 00159 CORBA::Boolean access_decision; 00160 if (this->access_map_.find (key, access_decision) == -1) 00161 { 00162 // Couldn't find the IOR in the map, so we use the default 00163 access_decision = this->default_allowance_decision_; 00164 if (TAO_debug_level >= 3) 00165 ACE_DEBUG ((LM_DEBUG, 00166 "TAO (%P|%t) SL2_AccessDecision::access_decision(%x,%s)" 00167 " NOT FOUND using default %d\n", 00168 hash.operator()(key), 00169 operation_name, access_decision)); 00170 } 00171 else if (TAO_debug_level >= 3) 00172 { 00173 ACE_DEBUG ((LM_DEBUG, 00174 "TAO (%P|%t) SL2_AccessDecision::access_decision(%x,%s)" 00175 " found with decision %d\n", 00176 hash.operator()(key), 00177 operation_name, access_decision)); 00178 } 00179 00180 // For now we just return the default. 00181 return access_decision; 00182 00183 }
| virtual void TAO::Security::AccessDecision::add_object | ( | const char * | orbid, | |
| const ::CORBA::OctetSeq & | adapter_id, | |||
| const ::CORBA::OctetSeq & | object_id, | |||
| ::CORBA::Boolean | allow_insecure_access | |||
| ) | [virtual] |
| virtual void TAO::Security::AccessDecision::default_decision | ( | ::CORBA::Boolean | d | ) | [virtual] |
| CORBA::Boolean TAO::Security::AccessDecision::default_decision | ( | void | ) |
Definition at line 314 of file SL2_SecurityManager.cpp.
References default_allowance_decision_.
00315 { 00316 return this->default_allowance_decision_; 00317 }
| TAO::Security::AccessDecision::OBJECT_KEY TAO::Security::AccessDecision::map_key_from_objref | ( | CORBA::Object_ptr | obj | ) | [private] |
Encapsulates a TAO-specific way to do object_to_string() without having an ORB reference handy.
Definition at line 138 of file SL2_SecurityManager.cpp.
References ACE_ERROR, and LM_ERROR.
00139 { 00140 ACE_ERROR ((LM_ERROR, "map_key_from_objref is currently not implemented\n")); 00141 throw CORBA::NO_IMPLEMENT(); 00142 00143 // OBJECT_KEY key; 00144 // return key; 00145 }
| void TAO::Security::AccessDecision::remove_object | ( | const char * | orbid, | |
| const ::CORBA::OctetSeq & | adapter_id, | |||
| const ::CORBA::OctetSeq & | object_id | |||
| ) | [virtual] |
Definition at line 269 of file SL2_SecurityManager.cpp.
References CORBA::SystemException::_tao_minor_code(), ACE_DEBUG, ACE_GUARD, TAO::Security::AccessDecision::ReferenceKeyType::adapter_id_, CORBA::COMPLETED_NO, LM_DEBUG, TAO::Security::AccessDecision::ReferenceKeyType::oid_, TAO::Security::AccessDecision::ReferenceKeyType::orbid_, TAO_debug_level, TAO_SYNCH_MUTEX, and TAO::VMCID.
00272 { 00273 OBJECT_KEY key; 00274 key.orbid_ = orb_id; 00275 key.adapter_id_ = adapter_id; 00276 key.oid_ = object_id; 00277 00278 ACE_Hash<OBJECT_KEY> hash; 00279 00280 // unbind it from access_map_, no matter if it's not in there... 00281 // LOCK THE MAP! 00282 ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->map_lock_); 00283 00284 errno = 0; 00285 int ret = this->access_map_.unbind (key); 00286 if (ret == -1) 00287 { 00288 if (errno == ENOENT) 00289 { 00290 // ignore b/c we don't care...maybe log a debug message for info 00291 if (TAO_debug_level >= 3) 00292 ACE_DEBUG ((LM_DEBUG, 00293 "TAO (%P|%t): SL2_AccessDecision::remove_object(%x) " 00294 "object not found in access map\n", 00295 hash.operator()(key))); 00296 } 00297 else 00298 { 00299 if (TAO_debug_level > 0) 00300 ACE_DEBUG ((LM_DEBUG, 00301 "TAO (%P|%t): SL2_AccessDecision::remove_object(%x) " 00302 " unexpected error during unbind from map (errno=%d\n)", 00303 hash.operator()(key), 00304 errno)); 00305 throw 00306 CORBA::UNKNOWN (CORBA::SystemException::_tao_minor_code (TAO::VMCID, 00307 errno), 00308 CORBA::COMPLETED_NO); 00309 } 00310 } 00311 }
Definition at line 137 of file SL2_SecurityManager.h.
This is the default value that's returned from access_allowed() when the access table doesn't contain an entry for the reference.
Definition at line 93 of file SL2_SecurityManager.h.
Referenced by default_decision().
Definition at line 142 of file SL2_SecurityManager.h.
1.4.7