Back to index

nordugrid-arc-nox  1.1.0~rc6
SimpleListPDP.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <fstream>
00006 #include <sys/types.h>
00007 
00008 #include <arc/XMLNode.h>
00009 #include <arc/Thread.h>
00010 #include <arc/ArcConfig.h>
00011 #include <arc/Logger.h>
00012 
00013 #include "SimpleListPDP.h"
00014 
00015 Arc::Logger ArcSec::SimpleListPDP::logger(Arc::Logger::rootLogger, "SimpleListPDP");
00016 
00017 using namespace Arc;
00018 using namespace ArcSec;
00019 
00020 Plugin* SimpleListPDP::get_simplelist_pdp(PluginArgument* arg) {
00021     ArcSec::PDPPluginArgument* pdparg =
00022             arg?dynamic_cast<ArcSec::PDPPluginArgument*>(arg):NULL;
00023     if(!pdparg) return NULL;
00024     return new SimpleListPDP((Arc::Config*)(*pdparg));
00025 }
00026 
00027 SimpleListPDP::SimpleListPDP(Config* cfg):PDP(cfg){
00028   location = (std::string)(cfg->Attribute("location"));
00029   logger.msg(VERBOSE, "Access list location: %s", location);
00030   for(XMLNode dn = (*cfg)["DN"];(bool)dn;++dn) {
00031     dns.push_back((std::string)dn);
00032   }
00033 }
00034 
00035 bool SimpleListPDP::isPermitted(Message *msg) const {
00036   std::string subject=msg->Attributes()->get("TLS:IDENTITYDN");
00037   std::string line;
00038   if(location.empty() && dns.empty()) {
00039     logger.msg(ERROR, "No policy file or DNs specified for simplelist.pdp, please set location attribute or at least one DN element for simplelist PDP node in configuration.");
00040     return false; 
00041   }
00042   for(std::list<std::string>::const_iterator dn = dns.begin();
00043                             dn != dns.end();++dn) {
00044     if((*dn) == subject) {
00045       logger.msg(VERBOSE, "Authorized from simplelist.pdp");
00046       return true;
00047     }
00048   }
00049   if(location.empty()) return false;
00050   std::ifstream fs(location.c_str());
00051   if(fs.fail()) {
00052     logger.msg(ERROR, "The policy file setup for simplelist.pdp does not exist, please check location attribute for simplelist PDP node in service configuration");
00053     return false;
00054   }   
00055 
00056   while (!fs.eof()) {
00057     std::string::size_type p;
00058     getline (fs, line);
00059     logger.msg(VERBOSE, "policy line: %s", line);
00060     logger.msg(VERBOSE, "subject: %s", subject);
00061     p=line.find_first_not_of(" \t"); line.erase(0,p);
00062     p=line.find_last_not_of(" \t"); if(p != std::string::npos) line.erase(p+1);
00063     if(!line.empty()) {
00064       if(line[0] == '"') {
00065         std::string::size_type p = line.find('"',1);
00066         if(p != std::string::npos) line=line.substr(1,p-1);
00067       };
00068     };
00069     if(!line.empty()) {
00070       if(!(line.compare(subject))) {
00071          fs.close();
00072          logger.msg(VERBOSE, "Authorized from simplelist.pdp");
00073          return true;
00074       }
00075     }
00076   }
00077   fs.close();
00078   logger.msg(ERROR, "Not authorized from simplelist.pdp");
00079   return false;
00080 }