/* | |
* Licensed to the Apache Software Foundation (ASF) under one | |
* or more contributor license agreements. See the NOTICE file | |
* distributed with this work for additional information | |
* regarding copyright ownership. The ASF licenses this file | |
* to you under the Apache License, Version 2.0 (the | |
* "License"); you may not use this file except in compliance | |
* with the License. You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, | |
* software distributed under the License is distributed on an | |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
* KIND, either express or implied. See the License for the | |
* specific language governing permissions and limitations | |
* under the License. | |
*/ | |
//File: SecurityLevel2.idl | |
//Part of the Security Service | |
#ifndef _SECURITY_LEVEL_2_IDL_ | |
#define _SECURITY_LEVEL_2_IDL_ | |
#include <SecurityLevel1.idl> | |
//#pragma prefix "omg.org" | |
module SecurityLevel2 { | |
// Forward declaration of interfaces | |
local interface PrincipalAuthenticator; | |
local interface Credentials; | |
local interface Current; | |
// Interface PrincipalAuthenticator | |
local interface PrincipalAuthenticator { | |
Security::AuthenticationMethodList | |
get_supported_authen_methods( | |
in Security::MechanismType mechanism | |
); | |
Security::AuthenticationStatus authenticate ( | |
in Security::AuthenticationMethod method, | |
in Security::MechanismType mechanism, | |
in Security::SecurityName security_name, | |
in any auth_data, | |
in Security::AttributeList privileges, | |
out Credentials creds, | |
out any continuation_data, | |
out any auth_specific_data | |
); | |
Security::AuthenticationStatus continue_authentication ( | |
in any response_data, | |
in Credentials creds, | |
out any continuation_data, | |
out any auth_specific_data | |
); | |
}; | |
// Interface Credentials | |
local interface Credentials { | |
Credentials copy (); | |
void destroy(); | |
readonly attribute Security::InvocationCredentialsType | |
credentials_type; | |
readonly attribute Security::AuthenticationStatus | |
authentication_state; | |
readonly attribute Security::MechanismType mechanism; | |
attribute Security::AssociationOptions | |
accepting_options_supported; | |
attribute Security::AssociationOptions | |
accepting_options_required; | |
attribute Security::AssociationOptions | |
invocation_options_supported; | |
attribute Security::AssociationOptions | |
invocation_options_required; | |
boolean get_security_feature( | |
in Security::CommunicationDirection direction, | |
in Security::SecurityFeature feature | |
); | |
boolean set_attributes ( | |
in Security::AttributeList requested_attributes, | |
out Security::AttributeList actual_attributes | |
); | |
Security::AttributeList get_attributes ( | |
in Security::AttributeTypeList attributes | |
); | |
boolean is_valid ( | |
out Security::UtcT expiry_time | |
); | |
boolean refresh( | |
in any refresh_data | |
); | |
}; | |
typedef sequence <Credentials> CredentialsList; | |
local interface ReceivedCredentials : Credentials { | |
readonly attribute Credentials accepting_credentials; | |
readonly attribute Security::AssociationOptions | |
association_options_used; | |
readonly attribute Security::DelegationState | |
delegation_state; | |
readonly attribute Security::DelegationMode | |
delegation_mode; | |
}; | |
local interface TargetCredentials : Credentials { | |
readonly attribute Credentials initiating_credentials; | |
readonly attribute Security::AssociationOptions | |
association_options_used; | |
}; | |
// RequiredRights Interface | |
interface RequiredRights{ | |
void get_required_rights( | |
in Object obj, | |
in CORBA::Identifier operation_name, | |
in CORBA::RepositoryId interface_name, | |
out Security::RightsList rights, | |
out Security::RightsCombinator rights_combinator | |
); | |
void set_required_rights( | |
in CORBA::Identifier operation_name, | |
in CORBA::RepositoryId interface_name, | |
in Security::RightsList rights, | |
in Security::RightsCombinator rights_combinator | |
); | |
}; | |
// interface audit channel | |
local interface AuditChannel { | |
void audit_write ( | |
in Security::AuditEventType event_type, | |
in CredentialsList creds, | |
in Security::UtcT time, | |
in Security::SelectorValueList descriptors, | |
in any event_specific_data | |
); | |
readonly attribute Security::AuditChannelId audit_channel_id; | |
}; | |
// interface for Audit Decision | |
local interface AuditDecision { | |
boolean audit_needed ( | |
in Security:: AuditEventType event_type, | |
in Security::SelectorValueList value_list | |
); | |
readonly attribute AuditChannel audit_channel; | |
}; | |
local interface AccessDecision { | |
boolean access_allowed ( | |
in SecurityLevel2::CredentialsList cred_list, | |
in Object target, | |
in CORBA::Identifier operation_name, | |
in CORBA::Identifier target_interface_name | |
); | |
}; | |
// Policy interfaces to control bindings | |
local interface QOPPolicy : CORBA::Policy { | |
readonly attribute Security::QOP qop; | |
}; | |
local interface MechanismPolicy : CORBA::Policy { | |
readonly attribute Security::MechanismTypeList mechanisms; | |
}; | |
local interface InvocationCredentialsPolicy : CORBA::Policy { | |
readonly attribute CredentialsList creds; | |
}; | |
local interface EstablishTrustPolicy : CORBA::Policy { | |
readonly attribute Security::EstablishTrust trust; | |
}; | |
local interface DelegationDirectivePolicy : CORBA::Policy { | |
readonly attribute Security::DelegationDirective | |
delegation_directive; | |
}; | |
local interface SecurityManager { | |
// Process/Capsule/ORB Instance specific operations | |
readonly attribute Security::MechandOptionsList | |
supported_mechanisms; | |
readonly attribute CredentialsList own_credentials; | |
readonly attribute RequiredRights required_rights_object; | |
readonly attribute PrincipalAuthenticator | |
principal_authenticator; | |
readonly attribute AccessDecision access_decision; | |
readonly attribute AuditDecision audit_decision; | |
TargetCredentials get_target_credentials ( | |
in Object obj_ref | |
); | |
void remove_own_credentials( | |
in Credentials creds | |
); | |
CORBA::Policy get_security_policy ( | |
in CORBA::PolicyType policy_type | |
); | |
}; | |
// Interface Current derived from SecurityLevel1::Current providing | |
// additional operations on Current at this security level. | |
// This is implemented by the ORB | |
local interface Current : SecurityLevel1::Current { | |
// Thread specific | |
readonly attribute ReceivedCredentials received_credentials; | |
}; | |
}; | |
#endif /* _SECURITY_LEVEL_2_IDL_ */ |