1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
|
/*----- PROTECTED REGION ID(TangoAccessControl.h) ENABLED START -----*/
//=============================================================================
//
// file : TangoAccessControl.h
//
// description : Include for the TangoAccessControl class.
//
// project : Tango Access Control Management.
//
//
// Copyright (C) : 2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014
// European Synchrotron Radiation Facility
// BP 220, Grenoble 38043
// FRANCE
//
// This file is part of Tango.
//
// Tango is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Tango is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Tango. If not, see <http://www.gnu.org/licenses/>.
//
//
// $Author$
//
// $Revision$
// $Date$
//
//=============================================================================
// This file is generated by POGO
// (Program Obviously used to Generate tango Object)
//=============================================================================
#ifndef TANGOACCESSCONTROL_H
#define TANGOACCESSCONTROL_H
#include <tango/tango.h>
#include "AccessControl.h"
#include <mysql.h>
#ifndef LIBMARIADB
#if MYSQL_VERSION_ID >= 80001
typedef bool my_bool;
#endif
#endif
#define CONTROL_SYSTEM "CtrlSystem"
#define SERVICE_PROP_NAME "Services"
#define ServiceName "AccessControl"
#define InatanceName "tango"
#define AC_SQLError "AC_SQLError"
#define AC_IncorrectArguments "AC_IncorrectArguments"
#define AC_AlreadyExists "AC_AlreadyExists"
#define STARTER_DEVNAME_HEADER "tango/admin/"
typedef struct {
std::string user;
std::string device;
std::string address;
std::string rights;
}
AccessStruct;
// Define time measuremnt type (depends on OS)
#ifndef WIN32
# define TimeVal struct timeval
# define GetTime(t) gettimeofday(&t, NULL);
# define Elapsed(before, after) \
1000.0*(after.tv_sec-before.tv_sec) + \
((double)after.tv_usec-before.tv_usec) / 1000
#else
static LARGE_INTEGER cpu_freq;
# define TimeVal LARGE_INTEGER
# define GetTime(t) w_gettimeofday(&t);
# define Elapsed(before, after) \
(cpu_freq.QuadPart==0) ? 0.0 : \
(double) (after.QuadPart - before.QuadPart)/cpu_freq.QuadPart * 1000;
#endif /* WIN32 */
/*----- PROTECTED REGION END -----*/ // TangoAccessControl.h
/**
* TangoAccessControl class description:
* This class is a conceate class inherited from AccessControl abstract class.<Br>
* <Br>
* This class defines how to manage the TANGO access control.<Br>
* It implements commands for tool to defines access for users, devices and IP addresses.<Br>
* It implements also commands used by client API to check access for specified user, device and address.<Br>
* And it implements register and unregister it as TANGO service.
*/
namespace TangoAccessControl_ns
{
/*----- PROTECTED REGION ID(TangoAccessControl::Additional Class Declarations) ENABLED START -----*/
// Additional Class Declarations
class DummyDev: public Tango::Connection
{
public:
DummyDev():Tango::Connection(true) {};
virtual std::string get_corba_name(bool) {std::string str;return str;}
virtual std::string build_corba_name() {std::string str;return str;}
virtual int get_lock_ctr() {return 0;}
virtual void set_lock_ctr(int) {};
virtual std::string dev_name() {std::string str;return str;}
int get_env_var(const char *cc,std::string &str_ref) {return Tango::Connection::get_env_var(cc,str_ref);}
};
/*----- PROTECTED REGION END -----*/ // TangoAccessControl::Additional Class Declarations
class TangoAccessControl : public AccessControl_ns::AccessControl
{
/*----- PROTECTED REGION ID(TangoAccessControl::Data Members) ENABLED START -----*/
// Add your own data members
public:
/*----- PROTECTED REGION END -----*/ // TangoAccessControl::Data Members
// Constructors and destructors
public:
/**
* Constructs a newly device object.
*
* @param cl Class.
* @param s Device Name
*/
TangoAccessControl(Tango::DeviceClass *cl,std::string &s);
/**
* Constructs a newly device object.
*
* @param cl Class.
* @param s Device Name
*/
TangoAccessControl(Tango::DeviceClass *cl,const char *s);
/**
* Constructs a newly device object.
*
* @param cl Class.
* @param s Device name
* @param d Device description.
*/
TangoAccessControl(Tango::DeviceClass *cl,const char *s,const char *d);
/**
* The device object destructor.
*/
~TangoAccessControl() {delete_device();};
// Miscellaneous methods
public:
/*
* will be called at device destruction or at init command.
*/
void delete_device();
/*
* Initialize the device
*/
virtual void init_device();
/*
* Always executed method before execution command method.
*/
virtual void always_executed_hook();
// Attribute methods
public:
//--------------------------------------------------------
/*
* Method : TangoAccessControl::read_attr_hardware()
* Description : Hardware acquisition for attributes.
*/
//--------------------------------------------------------
virtual void read_attr_hardware(std::vector<long> &attr_list);
//--------------------------------------------------------
/**
* Method : TangoAccessControl::add_dynamic_attributes()
* Description : Add dynamic attributes if any.
*/
//--------------------------------------------------------
void add_dynamic_attributes();
// Command related methods
public:
/**
* Command AddAddressForUser related method
* Description: Add an address for the specified user..
*
* @param argin user name, address
*/
virtual void add_address_for_user(const Tango::DevVarStringArray *argin);
virtual bool is_AddAddressForUser_allowed(const CORBA::Any &any);
/**
* Command AddDeviceForUser related method
* Description: Add a device and rights for the specified user..
*
* @param argin user name, device adn value
*/
virtual void add_device_for_user(const Tango::DevVarStringArray *argin);
virtual bool is_AddDeviceForUser_allowed(const CORBA::Any &any);
/**
* Command CloneUser related method
* Description: Copy addresses and devices from source user to target user.
*
* @param argin [0] - source user name.\n[1] - target user name.
*/
virtual void clone_user(const Tango::DevVarStringArray *argin);
virtual bool is_CloneUser_allowed(const CORBA::Any &any);
/**
* Command GetAccess related method
* Description: Check access for specified user, device, address
* and returns access (read or write).
*
* @param argin [0] - User name
* [1] - IP Address
* [2] - Device
* @returns access for specified inputs read/write.
*/
virtual Tango::DevString get_access(const Tango::DevVarStringArray *argin);
virtual bool is_GetAccess_allowed(const CORBA::Any &any);
/**
* Command GetAccessForMultiIP related method
* Description: Check access for specified user, device and addresses
* and returns access (read or write).
*
* @param argin [0] - User name
* [1] - Device
* [2] - IP Address #1
* [3] - IP Address #2
* [4] - IP Address #3
* [5] - IP Address #4
* ......
* @returns access for specified inputs read/write.
*/
virtual Tango::DevString get_access_for_multi_ip(const Tango::DevVarStringArray *argin);
virtual bool is_GetAccessForMultiIP_allowed(const CORBA::Any &any);
/**
* Command GetAddressByUser related method
* Description: Returns address list found for the specified user.
*
* @param argin user name.
* @returns Addresses found for the specified user.
*/
virtual Tango::DevVarStringArray *get_address_by_user(Tango::DevString argin);
virtual bool is_GetAddressByUser_allowed(const CORBA::Any &any);
/**
* Command GetAllowedCommandClassList related method
* Description: Returns the class names which have AllowedAccessCmd property defined.
*
* @returns Class names which have AllowedAccessCmd property defined.
*/
virtual Tango::DevVarStringArray *get_allowed_command_class_list();
virtual bool is_GetAllowedCommandClassList_allowed(const CORBA::Any &any);
/**
* Command GetAllowedCommands related method
* Description: Returns allowed command list found in database for specified device
* It search the class of the specified device and then uses the class property <b>AllowedAccessCmd</b>
*
* @param argin Device name OR Device Class name
* @returns Allowed commands found in database for specified device
*/
virtual Tango::DevVarStringArray *get_allowed_commands(Tango::DevString argin);
virtual bool is_GetAllowedCommands_allowed(const CORBA::Any &any);
/**
* Command GetDeviceByUser related method
* Description: Returns devices and rights found for the specified user.
*
* @param argin user name.
* @returns devices and rights found for the specified user.
*/
virtual Tango::DevVarStringArray *get_device_by_user(Tango::DevString argin);
virtual bool is_GetDeviceByUser_allowed(const CORBA::Any &any);
/**
* Command GetDeviceClass related method
* Description: Returns class for specified device.
*
* @param argin Device name
* @returns Class found in database for specified device
*/
virtual Tango::DevString get_device_class(Tango::DevString argin);
virtual bool is_GetDeviceClass_allowed(const CORBA::Any &any);
/**
* Command GetUsers related method
* Description: Returns user list found in table access_address.
*
* @returns Users find in table access_address.
*/
virtual Tango::DevVarStringArray *get_users();
virtual bool is_GetUsers_allowed(const CORBA::Any &any);
/**
* Command RegisterService related method
* Description: Register device as a TANGO service.
*
*/
virtual void register_service();
virtual bool is_RegisterService_allowed(const CORBA::Any &any);
/**
* Command RemoveAddressForUser related method
* Description: Remove an address for the specified user..
*
* @param argin user name, address
*/
virtual void remove_address_for_user(const Tango::DevVarStringArray *argin);
virtual bool is_RemoveAddressForUser_allowed(const CORBA::Any &any);
/**
* Command RemoveDeviceForUser related method
* Description: Remove a device and its rights for the specified user..
*
* @param argin user name, device and value
*/
virtual void remove_device_for_user(const Tango::DevVarStringArray *argin);
virtual bool is_RemoveDeviceForUser_allowed(const CORBA::Any &any);
/**
* Command RemoveUser related method
* Description: Remove all records for specified user.
*
* @param argin user name
*/
virtual void remove_user(Tango::DevString argin);
virtual bool is_RemoveUser_allowed(const CORBA::Any &any);
/**
* Command UnregisterService related method
* Description: Unregister device as a TANGO service.
*
*/
virtual void unregister_service();
virtual bool is_UnregisterService_allowed(const CORBA::Any &any);
//--------------------------------------------------------
/**
* Method : TangoAccessControl::add_dynamic_commands()
* Description : Add dynamic commands if any.
*/
//--------------------------------------------------------
void add_dynamic_commands();
/*----- PROTECTED REGION ID(TangoAccessControl::Additional Method prototypes) ENABLED START -----*/
// Additional Method prototypes
protected :
MYSQL mysql;
std::string removeFQDN(std::string s);
void mysql_connection();
void simple_query(std::string sql_query,const char *method);
MYSQL_RES *query(std::string sql_query,const char *method);
std::vector<std::string> get_dev_members(std::string &devname);
std::vector<std::string> get_ip_add_members(std::string &devname);
std::vector<AccessStruct>
get_access_for_user_address(std::string &user, std::string &ip_add);
std::string get_access_for_user_device(std::string &user, std::string &device);
std::string get_rigths(std::vector<AccessStruct> as, std::vector<std::string> members);
bool match(std::string expression, std::string member);
void register_service(std::string servicename, std::string instname, std::string devname);
void unregister_service(std::string servicename, std::string instname, std::string devname);
/*----- PROTECTED REGION END -----*/ // TangoAccessControl::Additional Method prototypes
};
/*----- PROTECTED REGION ID(TangoAccessControl::Additional Classes Definitions) ENABLED START -----*/
// Additional Classes definitions
/*----- PROTECTED REGION END -----*/ // TangoAccessControl::Additional Classes Definitions
} // End of namespace
#endif // TangoAccessControl_H
|
