Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Protected Attributes | Static Protected Attributes | Private Attributes
ArcSec::SimpleListPDP Class Reference

Tests X509 subject against list of subjects in file. More...

#include <SimpleListPDP.h>

Inheritance diagram for ArcSec::SimpleListPDP:
Inheritance graph
Collaboration diagram for ArcSec::SimpleListPDP:
Collaboration graph

List of all members.

Public Member Functions

 SimpleListPDP (Arc::Config *cfg)
virtual ~SimpleListPDP ()
virtual bool isPermitted (Arc::Message *msg) const
void SetId (std::string &id)
std::string GetId ()

Static Public Member Functions

static Arc::Pluginget_simplelist_pdp (Arc::PluginArgument *arg)

Protected Attributes

std::string id_

Static Protected Attributes

static Arc::Logger logger

Private Attributes

std::string location
std::list< std::string > dns

Detailed Description

Tests X509 subject against list of subjects in file.

This class implements PDP interface. It's isPermitted() method compares X590 subject of requestor obtained from TLS layer (TLS:PEERDN) to list of subjects (ne per line) in external file. Locations of file is defined by 'location' attribute of PDP caonfiguration. Returns true if subject is present in list, otherwise false.

Definition at line 17 of file SimpleListPDP.h.

Constructor & Destructor Documentation

Definition at line 27 of file SimpleListPDP.cpp.

  location = (std::string)(cfg->Attribute("location"));
  logger.msg(VERBOSE, "Access list location: %s", location);
  for(XMLNode dn = (*cfg)["DN"];(bool)dn;++dn) {

Here is the call graph for this function:

virtual ArcSec::SimpleListPDP::~SimpleListPDP ( ) [inline, virtual]

Definition at line 21 of file SimpleListPDP.h.


Member Function Documentation

Definition at line 20 of file SimpleListPDP.cpp.

    ArcSec::PDPPluginArgument* pdparg =
    if(!pdparg) return NULL;
    return new SimpleListPDP((Arc::Config*)(*pdparg));
std::string ArcSec::PDP::GetId ( ) [inline, inherited]

Definition at line 88 of file PDP.h.

{ return id_; };
bool SimpleListPDP::isPermitted ( Arc::Message msg) const [virtual]

Implements ArcSec::PDP.

Definition at line 35 of file SimpleListPDP.cpp.

  std::string subject=msg->Attributes()->get("TLS:IDENTITYDN");
  std::string line;
  if(location.empty() && dns.empty()) {
    logger.msg(ERROR, "No policy file or DNs specified for simplelist.pdp, please set location attribute or at least one DN element for simplelist PDP node in configuration.");
    return false; 
  for(std::list<std::string>::const_iterator dn = dns.begin();
                            dn != dns.end();++dn) {
    if((*dn) == subject) {
      logger.msg(VERBOSE, "Authorized from simplelist.pdp");
      return true;
  if(location.empty()) return false;
  std::ifstream fs(location.c_str());
  if( {
    logger.msg(ERROR, "The policy file setup for simplelist.pdp does not exist, please check location attribute for simplelist PDP node in service configuration");
    return false;

  while (!fs.eof()) {
    std::string::size_type p;
    getline (fs, line);
    logger.msg(VERBOSE, "policy line: %s", line);
    logger.msg(VERBOSE, "subject: %s", subject);
    p=line.find_first_not_of(" \t"); line.erase(0,p);
    p=line.find_last_not_of(" \t"); if(p != std::string::npos) line.erase(p+1);
    if(!line.empty()) {
      if(line[0] == '"') {
        std::string::size_type p = line.find('"',1);
        if(p != std::string::npos) line=line.substr(1,p-1);
    if(!line.empty()) {
      if(!( {
         logger.msg(VERBOSE, "Authorized from simplelist.pdp");
         return true;
  logger.msg(ERROR, "Not authorized from simplelist.pdp");
  return false;

Here is the call graph for this function:

void ArcSec::PDP::SetId ( std::string &  id) [inline, inherited]

Definition at line 87 of file PDP.h.

{ id_ = id; };

Member Data Documentation

std::list<std::string> ArcSec::SimpleListPDP::dns [private]

Definition at line 25 of file SimpleListPDP.h.

std::string ArcSec::PDP::id_ [protected, inherited]

Definition at line 88 of file PDP.h.

std::string ArcSec::SimpleListPDP::location [private]

Definition at line 24 of file SimpleListPDP.h.

Reimplemented from ArcSec::PDP.

Definition at line 27 of file SimpleListPDP.h.

The documentation for this class was generated from the following files: