1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
//File: Security.idl
//Part of the Security Service
// Note: if your IDL compiler does not yet support the
// CORBA 2.3 Feature "Escaped Identifiers" (which provides
// for the addition of new keywords to IDL, compile this
// module with the preprocessor definition
// "NO_ESCAPED_IDENTIFIERS". With many compilers this
// would be done a qualifier on the command line,
// something like -DNO_ESCAPED_IDENTIFIERS
#ifndef _SECURITY_IDL
#define _SECURITY_IDL
// omniORB specific pragmas to insert extra includes into the stub header.
#pragma hh #include "COS_sysdep.h"
#include <orb.idl>
#include <TimeBase.idl>
#pragma prefix "omg.org"
module Security {
typedef string SecurityName;
typedef sequence <octet> Opaque;
// Constant declarations for Security Service Options
const CORBA::ServiceOption SecurityLevel1 = 1;
const CORBA::ServiceOption SecurityLevel2 = 2;
const CORBA::ServiceOption NonRepudiation = 3;
const CORBA::ServiceOption SecurityORBServiceRaady = 4;
const CORBA::ServiceOption SecurityServiceReady = 5;
const CORBA::ServiceOption ReplaceORBServices = 6;
const CORBA::ServiceOption ReplaceSecurityServices = 7;
const CORBA::ServiceOption StandardSecureInteroperability = 8;
const CORBA::ServiceOption DCESecureInteroperability = 9;
// Service options for Common Secure Interoperability
const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
// Security mech types supported for secure association
const CORBA::ServiceDetailType SecurityMechanismType = 1;
// privilege types supported in standard access policy
const CORBA::ServiceDetailType SecurityAttribute = 2;
// extensible families for standard data types
struct ExtensibleFamily {
unsigned short family_definer;
unsigned short family;
};
// security association mechanism type
typedef string MechanismType;
struct SecurityMechandName {
MechanismType mech_type;
SecurityName security_name;
};
typedef sequence <MechanismType> MechanismTypeList;
typedef sequence <SecurityMechandName> SecurityMechandNameList;
// security attributes
typedef unsigned long SecurityAttributeType;
// other attributes; family = 0
const SecurityAttributeType AuditId = 1;
const SecurityAttributeType AccountingId = 2;
const SecurityAttributeType NonRepudiationId = 3;
// privilege attributes; family = 1
#ifdef NO_ESCAPED_IDENTIFIERS
const SecurityAttributeType Public = 1;
#else
const SecurityAttributeType _Public = 1;
#endif
const SecurityAttributeType AccessId = 2;
const SecurityAttributeType PrimaryGroupId = 3;
const SecurityAttributeType GroupId = 4;
const SecurityAttributeType Role = 5;
const SecurityAttributeType AttributeSet = 6;
const SecurityAttributeType Clearance = 7;
const SecurityAttributeType Capability = 8;
struct AttributeType {
ExtensibleFamily attribute_family;
SecurityAttributeType attribute_type;
};
typedef sequence<AttributeType> AttributeTypeList;
struct SecAttribute {
AttributeType attribute_type;
Opaque defining_authority;
Opaque value;
// the value of this attribute can be
// interpreted only with knowledge of type
};
typedef sequence <SecAttribute> AttributeList;
// Authentication return status
enum AuthenticationStatus {
SecAuthSuccess,
SecAuthFailure,
SecAuthContinue,
SecAuthExpired
};
// Association return status
enum AssociationStatus {
SecAssocSuccess,
SecAssocFailure,
SecAssocContinue
};
// Authentication method
typedef unsigned long AuthenticationMethod;
// Credential types which can be set as Current default
enum CredentialType {
SecInvocationCredentials,
SecNRCredentials
};
// Declarations related to Rights
struct Right {
ExtensibleFamily rights_family;
string right;
};
typedef sequence <Right> RightsList;
enum RightsCombinator {
SecAllRights,
SecAnyRight
};
// Delegation related
enum DelegationState {
SecInitiator,
SecDelegate
};
// pick up from TimeBase
typedef TimeBase::UtcT UtcT;
typedef TimeBase::IntervalT IntervalT;
typedef TimeBase::TimeT TimeT;
// Security features available on credentials.
enum SecurityFeature {
SecNoDelegation,
SecSimpleDelegation,
SecCompositeDelegation,
SecNoProtection,
SecIntegrity,
SecConfidentiality,
SecIntegrityAndConfidentiality,
SecDetectReplay,
SecDetectMisordering,
SecEstablishTrustInTarget
};
// Security feature-value
struct SecurityFeatureValue {
SecurityFeature feature;
boolean value;
};
typedef sequence <SecurityFeatureValue> SecurityFeatureValueList;
// Quality of protection which can be specified
// for an object reference and used to protect messages
enum QOP {
SecQOPNoProtection,
SecQOPIntegrity,
SecQOPConfidentiality,
SecQOPIntegrityAndConfidentiality
};
// Association options which can be administered
// on secure invocation policy and used to
// initialize security context
typedef unsigned short AssociationOptions;
const AssociationOptions NoProtection = 1;
const AssociationOptions Integrity = 2;
const AssociationOptions Confidentiality = 4;
const AssociationOptions DetectReplay = 8;
const AssociationOptions DetectMisordering = 16;
const AssociationOptions EstablishTrustInTarget = 32;
const AssociationOptions EstablishTrustInClient = 64;
// Flag to indicate whether association options being
// administered are the "required" or "supported" set
enum RequiresSupports {
SecRequires,
SecSupports
};
// Direction of communication for which
// secure invocation policy applies
enum CommunicationDirection {
SecDirectionBoth,
SecDirectionRequest,
SecDirectionReply
};
// AssociationOptions-Direction pair
struct OptionsDirectionPair {
AssociationOptions options;
CommunicationDirection direction;
};
typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
// Delegation mode which can be administered
enum DelegationMode {
SecDelModeNoDelegation, // i.e. use own credentials
SecDelModeSimpleDelegation, // delegate received credentials
SecDelModeCompositeDelegation // delegate both;
};
// Association options supported by a given mech type
struct MechandOptions {
MechanismType mechanism_type;
AssociationOptions options_supported;
};
typedef sequence <MechandOptions> MechandOptionsList;
// Audit
typedef unsigned long AuditChannelId;
typedef unsigned short EventType;
const EventType AuditAll = 0;
const EventType AuditPrincipalAuth = 1;
const EventType AuditSessionAuth = 2;
const EventType AuditAuthorization = 3;
const EventType AuditInvocation = 4;
const EventType AuditSecEnvChange = 5;
const EventType AuditPolicyChange = 6;
const EventType AuditObjectCreation = 7;
const EventType AuditObjectDestruction = 8;
const EventType AuditNonRepudiation = 9;
struct AuditEventType {
ExtensibleFamily event_family;
EventType event_type;
};
typedef sequence <AuditEventType> AuditEventTypeList;
typedef unsigned long SelectorType;
const SelectorType InterfaceRef = 1;
const SelectorType ObjectRef = 2;
const SelectorType Operation = 3;
const SelectorType Initiator = 4;
const SelectorType SuccessFailure = 5;
const SelectorType Time = 6;
// values defined for audit_needed and audit_write are:
// InterfaceRef: object reference
// ObjectRef: object reference
// Operation: op_name
// Initiator: Credentials
// SuccessFailure: boolean
// Time: utc time on audit_write; time picked up from
// environment in audit_needed if required
struct SelectorValue {
SelectorType selector;
any value;
};
typedef sequence <SelectorValue> SelectorValueList;
// Constant declaration for valid Security Policy Types
// General administrative policies
const CORBA::PolicyType SecClientInvocationAccess = 1;
const CORBA::PolicyType SecTargetInvocationAccess = 2;
const CORBA::PolicyType SecApplicationAccess = 3;
const CORBA::PolicyType SecClientInvocationAudit = 4;
const CORBA::PolicyType SecTargetInvocationAudit = 5;
const CORBA::PolicyType SecApplicationAudit = 6;
const CORBA::PolicyType SecDelegation = 7;
const CORBA::PolicyType SecClientSecureInvocation = 8;
const CORBA::PolicyType SecTargetSecureInvocation = 9;
const CORBA::PolicyType SecNonRepudiation = 10;
// Policies used to control attributes of a binding to a target
const CORBA::PolicyType SecMechanismsPolicy = 12;
const CORBA::PolicyType SecCredentialsPolicy = 13;
const CORBA::PolicyType SecFeaturesPolicy = 14;
const CORBA::PolicyType SecQOPPolicy = 15;
};
#endif /* _SECURITY_IDL */
|
