Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
ArcSec::GACLEvaluator Class Reference

#include <GACLEvaluator.h>

Inheritance diagram for ArcSec::GACLEvaluator:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::GACLEvaluator:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 GACLEvaluator (Arc::XMLNode *cfg)
 GACLEvaluator (const char *cfgfile)
virtual ~GACLEvaluator ()
virtual Responseevaluate (Request *request)
 Evaluate the request based on the policy information inside PolicyStore.
virtual Responseevaluate (const Source &request)
 Evaluates the request by using a specified source.
virtual Responseevaluate (Request *request, const Source &policy)
 Evaluate the specified request against the policy from specified source.
virtual Responseevaluate (const Source &request, const Source &policy)
 Evaluate the request from specified source against the policy from specified source.
virtual Responseevaluate (Request *request, Policy *policyobj)
 Evaluate the specified request against the specified policy.
virtual Responseevaluate (const Source &request, Policy *policyobj)
 Evaluate the request from specified source against the specified policy.
virtual AttributeFactorygetAttrFactory ()
 Get the AttributeFactory object.
virtual FnFactorygetFnFactory ()
 Get the FnFactory object.
virtual AlgFactorygetAlgFactory ()
 Get the AlgFactory object.
virtual void addPolicy (const Source &policy, const std::string &id="")
 Add policy from specified source to the evaluator.
virtual void addPolicy (Policy *policy, const std::string &id="")
 Add policy to the evaluator.
virtual void removePolicies (void)
virtual void setCombiningAlg (EvaluatorCombiningAlg alg)
 Specifies one of simple combining algorithms.
virtual void setCombiningAlg (CombiningAlg *alg)
 Specifies loadable combining algorithms.
virtual const char * getName () const
 Get the name of this evaluator.

Static Public Member Functions

static Arc::Pluginget_evaluator (Arc::PluginArgument *arg)

Protected Member Functions

virtual Responseevaluate (EvaluationCtx *ctx)
 Evaluate the request by using the EvaluationCtx object (which includes the information about request).

Private Member Functions

virtual void parsecfg (Arc::XMLNode &cfg)
 Parse the configuration, and dynamically create PolicyStore, AttributeFactory, FnFactory and AlgFactoryy.

Private Attributes

PolicyStoreplstore
EvaluatorCombiningAlg combining_alg

Static Private Attributes

static Arc::Logger logger

Detailed Description

Definition at line 21 of file GACLEvaluator.h.


Constructor & Destructor Documentation

Definition at line 29 of file GACLEvaluator.cpp.

                                            : Evaluator(cfg), plstore(NULL)  {
  plstore = new PolicyStore("", "gacl.policy", NULL);
  if(!plstore) logger.msg(ERROR, "Can not create PolicyStore object");
  combining_alg = EvaluatorFailsOnDeny;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GACLEvaluator::GACLEvaluator ( const char *  cfgfile)

Definition at line 35 of file GACLEvaluator.cpp.

                                                 : Evaluator(cfgfile){
  plstore = new PolicyStore("", "gacl.policy", NULL);
  if(!plstore) logger.msg(ERROR, "Can not create PolicyStore object");
  combining_alg = EvaluatorFailsOnDeny;
}

Here is the call graph for this function:

Definition at line 127 of file GACLEvaluator.cpp.

                             {
  if(plstore) delete plstore;
}

Member Function Documentation

virtual void ArcSec::GACLEvaluator::addPolicy ( const Source policy,
const std::string &  id = "" 
) [inline, virtual]

Add policy from specified source to the evaluator.

Policy will be marked with id.

Implements ArcSec::Evaluator.

Definition at line 44 of file GACLEvaluator.h.

                                                                        {
    plstore->addPolicy(policy, NULL /* context */, id);
  };

Here is the call graph for this function:

virtual void ArcSec::GACLEvaluator::addPolicy ( Policy policy,
const std::string &  id = "" 
) [inline, virtual]

Add policy to the evaluator.

Policy will be marked with id. The policy object is taken over by this instance and will be destroyed in destructor.

Implements ArcSec::Evaluator.

Definition at line 48 of file GACLEvaluator.h.

                                                                  {
    plstore->addPolicy(policy, NULL /* context */, id);
  };

Here is the call graph for this function:

Response * GACLEvaluator::evaluate ( Request request) [virtual]

Evaluate the request based on the policy information inside PolicyStore.

Implements ArcSec::Evaluator.

Definition at line 77 of file GACLEvaluator.cpp.

                                                  {
  if(!plstore) return NULL;
  GACLRequest* greq = dynamic_cast<GACLRequest*>(request);
  if(!greq) return NULL;
  EvaluationCtx ctx(greq);
  ResponseItem* ritem = new ResponseItem;
  if(!ritem) return NULL;
  Response* resp = new Response();
  if(!resp) { delete ritem; return NULL; };
  Result result = DECISION_DENY;
  std::list<PolicyStore::PolicyElement> policies = plstore->findPolicy(&ctx);
  std::list<PolicyStore::PolicyElement>::iterator policyit;
  bool have_permit = false;
  bool have_deny = false;
  bool have_indeterminate = false;
  bool have_notapplicable = false;
  for(policyit = policies.begin(); policyit != policies.end(); policyit++){
    Result res = ((Policy*)(*policyit))->eval(&ctx);
    if(res == DECISION_PERMIT){
      have_permit=true;
      if(combining_alg == EvaluatorStopsOnPermit) break;
    } else if(res == DECISION_DENY) {
      have_deny=true;
      if(combining_alg == EvaluatorStopsOnDeny) break;
      if(combining_alg == EvaluatorFailsOnDeny) break;
    } else if(res == DECISION_INDETERMINATE) {
      have_indeterminate=true;
    } else if(res == DECISION_NOT_APPLICABLE) {
      have_notapplicable=true;
    };
  };
  if(have_permit) { result = DECISION_PERMIT; }
  else if(have_deny) { result = DECISION_DENY; }
  else if(have_indeterminate) { result = DECISION_INDETERMINATE; }
  else if(have_notapplicable) { result = DECISION_NOT_APPLICABLE; };
  resp->setRequestSize(0);
  ritem->reqtp = NULL;
  ritem->res = result;
  //greq->getXML().New(ritem->reqxml);
  //ritem->plsxml.push_back(gpol->getXML());
  //ritem->pls.push_back(gpol);
  resp->addResponseItem(ritem);
  return resp;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Response * GACLEvaluator::evaluate ( const Source request) [virtual]

Evaluates the request by using a specified source.

Implements ArcSec::Evaluator.

Definition at line 122 of file GACLEvaluator.cpp.

                                                       {
  GACLRequest greq(request);
  return evaluate(&greq);
}

Here is the call graph for this function:

Response * GACLEvaluator::evaluate ( Request request,
const Source policy 
) [virtual]

Evaluate the specified request against the policy from specified source.

In some implementations all of the existing policies inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 67 of file GACLEvaluator.cpp.

                                                                        {
  GACLPolicy* gpol = new GACLPolicy(policy);
  return evaluate(request,gpol);
}

Here is the call graph for this function:

Response * GACLEvaluator::evaluate ( const Source request,
const Source policy 
) [virtual]

Evaluate the request from specified source against the policy from specified source.

In some implementations all of the existing policie inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 61 of file GACLEvaluator.cpp.

                                                                             {
  GACLRequest greq(request);
  GACLPolicy* gpol = new GACLPolicy(policy);
  return evaluate(&greq,gpol);
}

Here is the call graph for this function:

Response * GACLEvaluator::evaluate ( Request request,
Policy policyobj 
) [virtual]

Evaluate the specified request against the specified policy.

In some implementations all of the existing policy inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 41 of file GACLEvaluator.cpp.

                                                                     {
  GACLPolicy* gpol = dynamic_cast<GACLPolicy*>(policyobj);
  if(!gpol) return NULL;
  GACLRequest* greq = dynamic_cast<GACLRequest*>(request);
  if(!greq) return NULL;
  EvaluationCtx ctx(greq);
  ResponseItem* ritem = new ResponseItem;
  if(!ritem) return NULL;
  Response* resp = new Response();
  if(!resp) { delete ritem; return NULL; };
  resp->setRequestSize(0);
  ritem->reqtp = NULL;
  ritem->res = gpol->eval(&ctx);
  //greq->getXML().New(ritem->reqxml);
  //ritem->plsxml.push_back(gpol->getXML());
  //ritem->pls.push_back(gpol);
  resp->addResponseItem(ritem);
  return resp;
}

Here is the call graph for this function:

Response * GACLEvaluator::evaluate ( const Source request,
Policy policyobj 
) [virtual]

Evaluate the request from specified source against the specified policy.

In some implementations all of the existing policie inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 72 of file GACLEvaluator.cpp.

                                                                          {
  GACLRequest greq(request);
  return evaluate(&greq,policyobj);
}

Here is the call graph for this function:

virtual Response* ArcSec::GACLEvaluator::evaluate ( EvaluationCtx ctx) [inline, protected, virtual]

Evaluate the request by using the EvaluationCtx object (which includes the information about request).

The ctx is destroyed inside this method (why?!?!?).

Implements ArcSec::Evaluator.

Definition at line 62 of file GACLEvaluator.h.

{ };

Definition at line 12 of file GACLEvaluator.cpp.

                                                                    {
    Arc::ClassLoaderPluginArgument* clarg =
            arg?dynamic_cast<Arc::ClassLoaderPluginArgument*>(arg):NULL;
    if(!clarg) return NULL;
    return new ArcSec::GACLEvaluator((Arc::XMLNode*)(*clarg));
}

Here is the call graph for this function:

virtual AlgFactory* ArcSec::GACLEvaluator::getAlgFactory ( ) [inline, virtual]

Get the AlgFactory object.

Implements ArcSec::Evaluator.

Definition at line 42 of file GACLEvaluator.h.

{ return NULL; /*algfactory;*/ };

Get the AttributeFactory object.

Implements ArcSec::Evaluator.

Definition at line 40 of file GACLEvaluator.h.

{ return NULL; /*attrfactory;*/ };
virtual FnFactory* ArcSec::GACLEvaluator::getFnFactory ( ) [inline, virtual]

Get the FnFactory object.

Implements ArcSec::Evaluator.

Definition at line 41 of file GACLEvaluator.h.

{ return NULL; /*fnfactory;*/ };
virtual const char* ArcSec::GACLEvaluator::getName ( ) const [inline, virtual]

Get the name of this evaluator.

Implements ArcSec::Evaluator.

Definition at line 57 of file GACLEvaluator.h.

{ return "gacl.evaluator"; };
virtual void ArcSec::GACLEvaluator::parsecfg ( Arc::XMLNode cfg) [inline, private, virtual]

Parse the configuration, and dynamically create PolicyStore, AttributeFactory, FnFactory and AlgFactoryy.

Implements ArcSec::Evaluator.

Definition at line 65 of file GACLEvaluator.h.

{ };
virtual void ArcSec::GACLEvaluator::removePolicies ( void  ) [inline, virtual]

Definition at line 52 of file GACLEvaluator.h.

Here is the call graph for this function:

virtual void ArcSec::GACLEvaluator::setCombiningAlg ( EvaluatorCombiningAlg  alg) [inline, virtual]

Specifies one of simple combining algorithms.

In case of multiple policies their results will be combined using this algorithm.

Implements ArcSec::Evaluator.

Definition at line 54 of file GACLEvaluator.h.

{ combining_alg = alg; } ;
virtual void ArcSec::GACLEvaluator::setCombiningAlg ( CombiningAlg alg) [inline, virtual]

Specifies loadable combining algorithms.

In case of multiple policies their results will be combined using this algorithm. To switch to simple algorithm specify NULL argument.

Implements ArcSec::Evaluator.

Definition at line 55 of file GACLEvaluator.h.

{ } ;

Member Data Documentation

Definition at line 65 of file GACLEvaluator.h.

Reimplemented from ArcSec::Evaluator.

Definition at line 23 of file GACLEvaluator.h.

Definition at line 24 of file GACLEvaluator.h.


The documentation for this class was generated from the following files: