1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
|
//File: SecurityLevel2.idl
//Part of the Security Service
#ifndef _SECURITY_LEVEL_2_IDL
#define _SECURITY_LEVEL_2_IDL
// omniORB specific pragmas to insert extra includes into the stub header.
#pragma hh #include "COS_sysdep.h"
#include <SecurityLevel1.idl>
#pragma prefix "omg.org"
module SecurityLevel2 {
// Forward declaration of interfaces
interface PrincipalAuthenticator;
interface Credentials;
interface Current;
// Interface PrincipalAuthenticator
interface PrincipalAuthenticator { // Locality Constrained
Security::AuthenticationStatus authenticate (
in Security::AuthenticationMethod method,
in Security::SecurityName security_name,
in Security::Opaque auth_data,
in Security::AttributeList privileges,
out Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
Security::AuthenticationStatus continue_authentication (
in Security::Opaque response_data,
in Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
};
// Interface Credentials
interface Credentials { // Locality Constrained
Credentials copy ();
void destroy();
void set_security_features (
in Security::CommunicationDirection direction,
in Security::SecurityFeatureValueList security_features
);
Security::SecurityFeatureValueList get_security_features (
in Security::CommunicationDirection direction
);
boolean set_privileges (
in boolean force_commit,
in Security::AttributeList requested_privileges,
out Security::AttributeList actual_privileges
);
Security::AttributeList get_attributes (
in Security::AttributeTypeList attributes
);
boolean is_valid (
out Security::UtcT expiry_time
);
boolean refresh();
};
typedef sequence <Credentials> CredentialsList;
// RequiredRights Interface
interface RequiredRights{
void get_required_rights(
in Object obj,
in CORBA::Identifier operation_name,
in CORBA::RepositoryId interface_name,
out Security::RightsList rights,
out Security::RightsCombinator rights_combinator
);
void set_required_rights(
in string operation_name,
in CORBA::RepositoryId interface_name,
in Security::RightsList rights,
in Security::RightsCombinator rights_combinator
);
};
// interface audit channel
interface AuditChannel { // Locality Constrained
void audit_write (
in Security::AuditEventType event_type,
in CredentialsList creds,
in Security::UtcT time,
in Security::SelectorValueList descriptors,
in Security::Opaque event_specific_data
);
readonly attribute Security::AuditChannelId audit_channel_id;
};
// interface for Audit Decision
interface AuditDecision { // Locality Constrained
boolean audit_needed (
in Security::AuditEventType event_type,
in Security::SelectorValueList value_list
);
readonly attribute AuditChannel audit_channel;
};
interface AccessDecision { // Locality Constrained
boolean access_allowed (
in SecurityLevel2::CredentialsList cred_list,
in Object target,
in CORBA::Identifier operation_name,
in CORBA::Identifier target_interface_name
);
};
// Policy interfaces to control bindings
interface QOPPolicy : CORBA::Policy { // Locality Constrained
readonly attribute Security::QOP qop;
};
interface MechanismPolicy : CORBA::Policy { // Locality Constrained
readonly attribute Security::MechanismTypeList mechanisms;
};
interface SecurityFeaturesPolicy : CORBA::Policy {// Locality Constrained
readonly attribute Security::SecurityFeatureValueList features;
};
interface InvocationCredentialsPolicy : CORBA::Policy {
// Locality Constrained
readonly attribute CredentialsList creds;
};
enum DelegationMode {Delegate, NoDelegate};
// Interface Current derived from SecurityLevel1::Current
// providing additional operations on Current at this
// security level. This is implemented by the ORB
interface Current : SecurityLevel1::Current { // Locality Constrained
// Thread specific operations
readonly attribute CredentialsList received_credentials;
readonly attribute CredentialsList own_credentials;
readonly attribute Security::SecurityFeatureValueList
received_security_features;
void set_credentials (
in Security::CredentialType cred_type,
in CredentialsList creds,
in DelegationMode del
);
CredentialsList get_credentials (
in Security::CredentialType cred_type
);
CORBA::Policy get_policy (
in CORBA::PolicyType policy_type
);
// Process/Capsule/ORB Instance specific operations
readonly attribute RequiredRights required_rights_object;
readonly attribute PrincipalAuthenticator principal_authenticator;
readonly attribute AccessDecision access_decision;
readonly attribute AuditDecision audit_decision;
// security names for given target
Security::SecurityMechandNameList get_security_names (
in Object obj_ref
);
// Factory operations for local policies controlling bindings
QOPPolicy create_qop_policy(
in Security::QOP qop
);
MechanismPolicy create_mechanism_policy(
in Security::MechanismTypeList mechanisms
);
InvocationCredentialsPolicy create_invoc_creds_policy(
in CredentialsList creds
);
};
};
#endif /* _SECURITY_LEVEL_2_IDL */
|
