Back to index

nordugrid-arc-nox  1.1.0~rc6
ArcAuthZ.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 #include <sys/types.h>
00005 
00006 #include <arc/XMLNode.h>
00007 #include <arc/message/MCCLoader.h>
00008 
00009 #include "ArcAuthZ.h"
00010 
00011 Arc::Plugin* ArcSec::ArcAuthZ::get_sechandler(Arc::PluginArgument* arg) {
00012   ArcSec::SecHandlerPluginArgument* shcarg =
00013             arg?dynamic_cast<ArcSec::SecHandlerPluginArgument*>(arg):NULL;
00014   if(!shcarg) return NULL;
00015   return new ArcSec::ArcAuthZ((Arc::Config*)(*shcarg),(Arc::ChainContext*)(*shcarg));
00016 }
00017 
00018 using namespace Arc;
00019 namespace ArcSec {
00020 
00021 ArcAuthZ::PDPDesc::PDPDesc(const std::string& action_,const std::string& id_,PDP* pdp_):pdp(pdp_),action(breakOnDeny),id(id_) {
00022   if(strcasecmp("breakOnAllow",action_.c_str()) == 0) { action=breakOnAllow; }
00023   else if(strcasecmp("breakOnDeny",action_.c_str()) == 0) { action=breakOnDeny; }
00024   else if(strcasecmp("breakAlways",action_.c_str()) == 0) { action=breakAlways; }
00025   else if(strcasecmp("breakNever",action_.c_str()) == 0) { action=breakNever; };
00026 }
00027 
00028 ArcAuthZ::ArcAuthZ(Config *cfg,ChainContext* ctx):SecHandler(cfg){
00029   pdp_factory = (PluginsFactory*)(*ctx);
00030   if(pdp_factory) {
00031     for(int n = 0;;++n) {
00032       XMLNode p = (*cfg)["Plugins"][n];
00033       if(!p) break;
00034       std::string name = (*cfg)["Plugins"][n]["Name"];
00035       if(name.empty()) continue; // Nameless plugin?
00036       pdp_factory->load(name,PDPPluginKind);
00037     };
00038   };
00039   if(!MakePDPs(*cfg)) {
00040     for(pdp_container_t::iterator p = pdps_.begin();p!=pdps_.end();) {
00041       if(p->pdp) delete p->pdp;
00042       p = pdps_.erase(p);
00043     };
00044     logger.msg(ERROR, "ArcAuthZ: failed to initiate all PDPs - this instance will be non-functional"); 
00045   };
00046 }
00047 
00048 ArcAuthZ::~ArcAuthZ() {
00049   for(pdp_container_t::iterator p = pdps_.begin();p!=pdps_.end();) {
00050     if(p->pdp) delete p->pdp;
00051     p = pdps_.erase(p);
00052   };
00053 }
00054 
00056 bool ArcAuthZ::MakePDPs(XMLNode cfg) {
00058   XMLNode cn;
00059   cn=cfg["PDP"]; //need some polishing
00060 
00061   for(;cn;++cn) {
00062     if(!cn) break;
00063     Arc::Config cfg_(cn);
00064     std::string name = cn.Attribute("name");
00065     if(name.empty()) {
00066       logger.msg(ERROR, "PDP: missing name attribute"); 
00067       return false; 
00068     };
00069     std::string id = cn.Attribute("id");
00070     logger.msg(VERBOSE, "PDP: %s (%s)", name, id);
00071     PDP* pdp = NULL;
00072     PDPPluginArgument arg(&cfg_);
00073     pdp = pdp_factory->GetInstance<PDP>(PDPPluginKind,name,&arg);
00074     if(!pdp) { 
00075       logger.msg(ERROR, "PDP: %s (%s) can not be loaded", name, id); 
00076       return false; 
00077     };
00078     pdps_.push_back(PDPDesc(cn.Attribute("action"),id,pdp));
00079   } 
00080   return true;
00081 }
00082 
00083 bool ArcAuthZ::Handle(Arc::Message* msg) const {
00084   pdp_container_t::const_iterator it;
00085   bool r = false;
00086   for(it=pdps_.begin();it!=pdps_.end();it++){
00087     r = it->pdp->isPermitted(msg);
00088     if((r == true) && (it->action == PDPDesc::breakOnAllow)) break;
00089     if((r == false) && (it->action == PDPDesc::breakOnDeny)) break;
00090     if(it->action == PDPDesc::breakAlways) break;
00091   }
00092   return r;
00093 }
00094 
00095 } // namespace ArcSec
00096