1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/*
* The Spread Toolkit.
*
* The contents of this file are subject to the Spread Open-Source
* License, Version 1.0 (the ``License''); you may not use
* this file except in compliance with the License. You may obtain a
* copy of the License at:
*
* http://www.spread.org/license/
*
* or in the file ``license.txt'' found in this distribution.
*
* Software distributed under the License is distributed on an AS IS basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Creators of Spread are:
* Yair Amir, Michal Miskin-Amir, Jonathan Stanton.
*
* Copyright (C) 1993-2004 Spread Concepts LLC <spread@spreadconcepts.com>
*
* All Rights Reserved.
*
* Major Contributor(s):
* ---------------
* Cristina Nita-Rotaru crisn@cs.purdue.edu - group communication security.
* Theo Schlossnagle jesus@omniti.com - Perl, skiplists, autoconf.
* Dan Schoenblum dansch@cnds.jhu.edu - Java interface.
* John Schultz jschultz@cnds.jhu.edu - contribution to process group membership.
*
*/
#ifndef ACM_H
#define ACM_H
#include "arch.h"
#include "spread_params.h" /* For MAX_GROUP_NAME */
#define MAX_AUTH_METHODS 3
#define MAX_AUTH_NAME 30
#define MAX_AUTH_LIST_LEN (MAX_AUTH_METHODS * MAX_AUTH_NAME)
/* NOTE: (MAX_AUTH_NAME * MAX_AUTH_METHODS) must be < 255
* This is because we send the length of the auth methods list as a unsigned char
* If we want to increase the number of methods we will have to switch to sending a
* short int. This requires a change in the client-server protocol.
*/
typedef enum ACM_ReturnVal {
ACM_ACCESS_DENIED,
ACM_ACCESS_ALLOWED,
} ACM_ReturnVal;
struct session_auth_info {
mailbox mbox;
void *module_data;
int num_required_auths;
int completed_required_auths;
int required_auth_methods[MAX_AUTH_METHODS];
int required_auth_results[MAX_AUTH_METHODS];
};
struct auth_ops {
void (*auth_client_connection) (struct session_auth_info *sess_auth_p);
/* not currently used -- placeholder for future stuff */
void (*auth_monitor_connection) (mailbox mbox, int32 ip_addr);
void (*deliver_authinfo) (int info_len, void *authinfo);
};
struct acp_ops {
ACM_ReturnVal (*open_connection) (char *user);
ACM_ReturnVal (*open_monitor) (char *user); /* not user currently */
ACM_ReturnVal (*join_group) (char *user, char *group, void *acm_token);
ACM_ReturnVal (*leave_group) (char *user, char *group, void *acm_token);
ACM_ReturnVal (*p2p_send) (char *user, int num_dests, char dests[][MAX_GROUP_NAME], int service_type, int16 mess_type);
ACM_ReturnVal (*mcast_send) (char *user, int num_groups, char groups[][MAX_GROUP_NAME], int service_type, int16 mess_type);
};
/* Function declarations */
void Acm_init(void);
/* Auth Functions */
bool Acm_auth_query_allowed(char *auth_name);
char *Acm_auth_get_allowed_list(void);
bool Acm_auth_add_method(char *name, struct auth_ops *ops);
bool Acm_auth_set_enabled(char *auth_name);
bool Acm_auth_set_disabled(char *auth_name);
bool Acm_auth_set_required(char *auth_name);
void * Acm_auth_get_auth_client_connection(int authid);
void * Acm_auth_get_auth_client_connection_byname(char *auth_name);
struct session_auth_info *Acm_auth_create_sess_info_forIP(mailbox mbox);
struct session_auth_info *Acm_auth_create_sess_info(mailbox mbox, char *auth_name);
/* Access Control Policy Functions */
void Acm_acp_fill_ops(struct acp_ops *acp_ops_h);
bool Acm_acp_set_policy(char *policy_name);
bool Acm_acp_query_allowed(char *acp_name);
bool Acm_acp_add_method(char *name, struct acp_ops *ops);
#endif /* ACM_H */
|
