[PolyORB-users] Re: [PolyORB-devel] ANNONCE: new edition of CSIv2
implementation
Vadim Godunko
vgodunko at rostov.technoserv.ru
Mon Oct 16 08:41:44 CEST 2006
Jérôme Hugues wrote:
>
> some names in the patch could be changed to clarify the intent of each
> function, such as the "Is_Selected". I'm not sure what you mean. Is it
> Is_Security_Selected/Configured ?
>
Yes, I rename it, and attach new version of patch. Can you please review
it one more time?
What do you think about integration of this patch into PolyORB?
-------------- next part --------------
Index: src/giop/polyorb-protocols-giop-giop_1_2.adb
===================================================================
--- src/giop/polyorb-protocols-giop-giop_1_2.adb (revision 1)
+++ src/giop/polyorb-protocols-giop-giop_1_2.adb (working copy)
@@ -585,6 +585,16 @@
QoS_Parameter_Access (Service_Contexts));
Rebuild_Request_QoS_Parameters (Req);
+ if Fetch_Secure_Transport_QoS /= null then
+ Add_Request_QoS
+ (Req,
+ Transport_Security,
+ Fetch_Secure_Transport_QoS
+ (PolyORB.Transport.Transport_Endpoint_Access
+ (Lower (Filter_Access (Lower (S))))));
+ -- XXX Should be reimplemented!
+ end if;
+
if not SCtx.CSN_Complete then
CSP :=
QoS_GIOP_Code_Sets_Parameter_Access
Index: src/giop/polyorb-binding_data-giop.adb
===================================================================
--- src/giop/polyorb-binding_data-giop.adb (revision 1)
+++ src/giop/polyorb-binding_data-giop.adb (working copy)
@@ -69,12 +69,20 @@
-- XXX This is a temporary implementation. It is not conformant
-- with PortableInterceptors and RebindPolicy specifications.
+ Throw (Error, No_Resources_E,
+ System_Exception_Members'
+ (Minor => 0, Completed => Completed_Maybe));
+
while not Last (Iter) loop
- Catch (Error);
- Bind_Mechanism
- (Value (Iter).all.all, Profile, The_ORB, QoS, BO_Ref, Error);
+ if Is_Security_Selected = null
+ or else Is_Security_Selected (QoS, Value (Iter).all)
+ then
+ Catch (Error);
+ Bind_Mechanism
+ (Value (Iter).all.all, Profile, The_ORB, QoS, BO_Ref, Error);
- exit when not Found (Error);
+ exit when not Found (Error);
+ end if;
Next (Iter);
end loop;
Index: src/giop/polyorb-binding_data-giop.ads
===================================================================
--- src/giop/polyorb-binding_data-giop.ads (revision 1)
+++ src/giop/polyorb-binding_data-giop.ads (working copy)
@@ -73,6 +73,19 @@
PolyORB.GIOP_P.Transport_Mechanisms.Transport_Mechanism_Factory_Access;
-- Return primary transport mechanism factory for profile factory.
+ type Is_Security_Selected_Hook is
+ access function
+ (QoS : PolyORB.QoS.QoS_Parameters;
+ Mechanism :
+ PolyORB.GIOP_P.Transport_Mechanisms.Transport_Mechanism_Access)
+ return Boolean;
+
+ Is_Security_Selected : Is_Security_Selected_Hook := null;
+ -- This hook is used in profile binding procedure for avoid binding
+ -- transport mechanism others than selected by security service.
+ -- Binding of such mechanism may have unexpected behavior because some
+ -- security related information (credentials, for example) not available.
+
private
type GIOP_Profile_Type is abstract new Profile_Type with record
Index: src/giop/iiop/polyorb-binding_data-giop-iiop.ads
===================================================================
--- src/giop/iiop/polyorb-binding_data-giop-iiop.ads (revision 1)
+++ src/giop/iiop/polyorb-binding_data-giop-iiop.ads (working copy)
@@ -88,6 +88,18 @@
(PF : in out IIOP_Profile_Factory);
-- Disable unprotected invocations
+ type Fetch_QoS_Callback is
+ access procedure (P : access IIOP_Profile_Type);
+
+ Security_Fetch_QoS : Fetch_QoS_Callback := null;
+
+ type Fetch_Tagged_Component_Callback is
+ access function
+ (OA : PolyORB.Objects.Object_Id)
+ return PolyORB.GIOP_P.Tagged_Components.Tagged_Component_Access;
+
+ Security_Fetch_Tagged_Component : Fetch_Tagged_Component_Callback := null;
+
private
IIOP_Version_Major : constant Types.Octet := 1;
Index: src/giop/iiop/polyorb-binding_data-giop-iiop.adb
===================================================================
--- src/giop/iiop/polyorb-binding_data-giop-iiop.adb (revision 1)
+++ src/giop/iiop/polyorb-binding_data-giop-iiop.adb (working copy)
@@ -135,6 +135,10 @@
new QoS_GIOP_Tagged_Components_Parameter'
(GIOP_Tagged_Components,
Create_QoS_GIOP_Tagged_Components_List (P.Components)));
+
+ if Security_Fetch_QoS /= null then
+ Security_Fetch_QoS (P);
+ end if;
end Add_Profile_QoS;
---------------------
@@ -276,6 +280,18 @@
end loop;
end;
end if;
+
+ if Security_Fetch_Tagged_Component /= null then
+ declare
+ Aux : constant Tagged_Component_Access
+ := Security_Fetch_Tagged_Component (Oid);
+
+ begin
+ if Aux /= null then
+ Add (TResult.Components, Aux);
+ end if;
+ end;
+ end if;
end;
Add_Additional_Transport_Mechanisms (TResult'Access);
Index: src/giop/polyorb-protocols-giop.ads
===================================================================
--- src/giop/polyorb-protocols-giop.ads (revision 1)
+++ src/giop/polyorb-protocols-giop.ads (working copy)
@@ -38,8 +38,10 @@
with PolyORB.Buffers;
with PolyORB.Errors;
with PolyORB.ORB;
+with PolyORB.QoS;
with PolyORB.Representations.CDR;
with PolyORB.Tasking.Mutexes;
+with PolyORB.Transport;
with PolyORB.Types;
with PolyORB.Utils.Dynamic_Tables;
with PolyORB.Utils.Simple_Flags;
@@ -158,6 +160,14 @@
Location_Forward_Perm,
Needs_Addressing_Mode); -- 1.2 specific, but not implemented
+ -- Security Service Hooks
+
+ type Fetch_Secure_Transport_QoS_Hook is
+ access function (End_Point : PolyORB.Transport.Transport_Endpoint_Access)
+ return PolyORB.QoS.QoS_Parameter_Access;
+
+ Fetch_Secure_Transport_QoS : Fetch_Secure_Transport_QoS_Hook := null;
+
private
type GIOP_Protocol is abstract new Protocol with null record;
Index: src/polyorb-qos.ads
===================================================================
--- src/polyorb-qos.ads (revision 1)
+++ src/polyorb-qos.ads (working copy)
@@ -45,7 +45,9 @@
GIOP_Addressing_Mode,
GIOP_Service_Contexts,
GIOP_Tagged_Components,
- DSA_TM_Info);
+ DSA_TM_Info,
+ Compound_Security,
+ Transport_Security);
-- Definition of QoS parameters
Index: src/polyorb.conf
===================================================================
--- src/polyorb.conf (revision 1)
+++ src/polyorb.conf (working copy)
@@ -179,7 +179,14 @@
#polyorb.tasking.profiles.ravenscar.index_manager=debug
#polyorb.tasking.profiles.ravenscar.mutexes=debug
#polyorb.tasking.profiles.ravenscar.threads=debug
+#
+# Security Service
+#
+#polyorb.security.authentication_mechanisms=debug
+#polyorb.security.credentials=debug
+#polyorb.security.exported_names=debug
+
###############################################################################
# CORBA parameters
#
@@ -492,3 +499,31 @@
[proxies]
#enable_proxies=false
+
+###############################################################################
+# Security Service configuration
+[security_manager]
+#own_credentials=my_gssup_credentials
+#require_integrity=true
+#require_confidentiality=true
+#require_detect_replay=true
+#require_detect_misordering=true
+#require_establish_trust_in_target=true
+#require_establish_trust_in_client=true
+#require_identity_assertion=true
+#require_delegation_by_client=true
+
+#[my_gssup_credentials]
+#credentials_type=gssup
+#gssup.username=username at domain
+#gssup.password=password
+#gssup.target_name=@domain
+
+#[my_gssup_authentication]
+#mechanism=gssup
+#gssup.target_name=@domain
+#gssup.passwd_file=passwd.pwd
+
+#[My_Secure_POA]
+#authentication=my_gssup_authentication
+#authentication_required=true
More information about the PolyORB-users
mailing list