Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Public Attributes
Arc::InfoPolicy Class Reference
Collaboration diagram for Arc::InfoPolicy:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 InfoPolicy (void)
 InfoPolicy (XMLNode node)
 ~InfoPolicy (void)
bool Evaluate (MessageAuth &id)

Public Attributes

XMLNode xml
bool done
ArcSec::Result res

Detailed Description

Definition at line 13 of file InfoFilter.cpp.


Constructor & Destructor Documentation

Arc::InfoPolicy::InfoPolicy ( void  ) [inline]

Definition at line 18 of file InfoFilter.cpp.

Definition at line 19 of file InfoFilter.cpp.

:xml(node),done(false),res(ArcSec::DECISION_DENY) { };
Arc::InfoPolicy::~InfoPolicy ( void  ) [inline]

Definition at line 20 of file InfoFilter.cpp.

{ };

Member Function Documentation

Definition at line 25 of file InfoFilter.cpp.

                                         {
  if(done) return true;
  // Parse internal policy
  ArcSec::EvaluatorLoader eloader;
  AutoPointer<ArcSec::Policy> policy(eloader.getPolicy(ArcSec::Source(xml)));
  if(!policy) { // Failed to parse policy
    return false;
  };
  // Find proper evaluator
  AutoPointer<ArcSec::Evaluator> eval(eloader.getEvaluator(policy));
  if(!eval) { // Failed to find proper evaluator
    return false;
  };
  // Generate request from identity of requestor
  std::string policyname = policy->getName();
  if((policyname.length() > 7) &&
     (policyname.substr(policyname.length()-7) == ".policy")) {
    policyname.resize(policyname.length()-7);
  };
  XMLNode req;
  // TODO: do it only once
  if(!id.Export(SecAttrFormat(policyname.c_str()),req)) { // Failed to generate request
    return false;
  };
  // Evaluate internal policy
  AutoPointer<ArcSec::Response> resp(eval->evaluate(ArcSec::Source(req),policy));
  if(!resp) { // Failed to evaluate policy
    return false;
  };
  ArcSec::ResponseList& rlist = resp->getResponseItems();
  // Most probably there will be only one item. So far
  // using hardcoded prorities for response results.
  int res_deny = 0;
  int res_permit = 0;
  int res_notapplicable = 0;
  int res_indeteminate = 0;
  for(int n = 0;n<rlist.size();++n) {
    ArcSec::ResponseItem* ritem = rlist.getItem(n);
    if(ritem) {
      switch(ritem->res) {
        case ArcSec::DECISION_PERMIT: ++res_permit; break;
        case ArcSec::DECISION_DENY: ++res_deny; break;
        case ArcSec::DECISION_INDETERMINATE: ++res_indeteminate; break;
        case ArcSec::DECISION_NOT_APPLICABLE: ++res_notapplicable; break;
        default: ++res_deny; break; // Safe
      };
    };
  };
  // Store evaluation result
  if(res_deny) { res=ArcSec::DECISION_DENY; }
  else if(res_permit) { res=ArcSec::DECISION_PERMIT; }
  else if(res_notapplicable) { res=ArcSec::DECISION_NOT_APPLICABLE; }
  else if(res_indeteminate) { res=ArcSec::DECISION_INDETERMINATE; };
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

Definition at line 16 of file InfoFilter.cpp.

Definition at line 17 of file InfoFilter.cpp.

Definition at line 15 of file InfoFilter.cpp.


The documentation for this class was generated from the following file: