/usr/include/arc/security/ArcPDP/Evaluator.h is in nordugrid-arc-dev 4.0.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | #ifndef __ARC_SEC_EVALUATOR_H__
#define __ARC_SEC_EVALUATOR_H__
#include <list>
#include <fstream>
#include <arc/XMLNode.h>
#include <arc/Logger.h>
#include <arc/security/ClassLoader.h>
#include <arc/security/ArcPDP/Source.h>
#include "fn/FnFactory.h"
#include "attr/AttributeFactory.h"
#include "alg/AlgFactory.h"
#include "Request.h"
#include "Response.h"
namespace ArcSec {
typedef enum {
/** Evaluation is carried out till any non-matching policy found
and all matching policies are discarded from reported list.
This is a default behavior. */
EvaluatorFailsOnDeny,
/** Evaluation is carried out till any non-matching policy found */
EvaluatorStopsOnDeny,
/** Evaluation is carried out till any matching policy found */
EvaluatorStopsOnPermit,
/** Evaluation is done till all policies are checked. */
EvaluatorStopsNever
} EvaluatorCombiningAlg;
///Interface for policy evaluation. Execute the policy evaluation, based on the request and policy
class Evaluator : public Arc::LoadableClass {
protected:
static Arc::Logger logger;
public:
Evaluator (Arc::XMLNode*, Arc::PluginArgument* parg): Arc::LoadableClass(parg) {};
Evaluator (const char *, Arc::PluginArgument* parg): Arc::LoadableClass(parg) {};
virtual ~Evaluator() {};
/**Evaluates the request by using a Request object.
Evaluation is done till at least one of policies is satisfied. */
virtual Response* evaluate(Request* request) = 0;
/**Evaluates the request by using a specified source */
virtual Response* evaluate(const Source& request) = 0;
/**Evaluate the specified request against the policy from specified source.
In some implementations all of the existing policies inside the evaluator
may be destroyed by this method. */
virtual Response* evaluate(Request* request, const Source& policy) = 0;
/**Evaluate the request from specified source against the policy from specified source.
In some implementations all of the existing policie inside the evaluator
may be destroyed by this method. */
virtual Response* evaluate(const Source& request, const Source& policy) = 0;
/**Evaluate the specified request against the specified policy.
In some implementations all of the existing policy inside the evaluator
may be destroyed by this method. */
virtual Response* evaluate(Request* request, Policy* policyobj) = 0;
/**Evaluate the request from specified source against the specified policy.
In some implementations all of the existing policie inside the evaluator
may be destroyed by this method. */
virtual Response* evaluate(const Source& request, Policy* policyobj) = 0;
/**Get the AttributeFactory object*/
virtual AttributeFactory* getAttrFactory () = 0;
/**Get the FnFactory object*/
virtual FnFactory* getFnFactory () = 0;
/**Get the AlgFactory object*/
virtual AlgFactory* getAlgFactory () = 0;
/**Add policy from specified source to the evaluator. Policy will be marked with id. */
virtual void addPolicy(const Source& policy,const std::string& id = "") = 0;
/**Add policy to the evaluator. Policy will be marked with id.
The policy object is taken over by this instance and will be
destroyed in destructor. */
virtual void addPolicy(Policy* policy,const std::string& id = "") = 0;
/**Specifies one of simple combining algorithms. In case of multiple policies their results will be combined using this algorithm. */
virtual void setCombiningAlg(EvaluatorCombiningAlg alg) = 0;
/**Specifies loadable combining algorithms. In case of multiple policies their results will be combined using this algorithm. To switch to simple algorithm specify NULL argument. */
virtual void setCombiningAlg(CombiningAlg* alg = NULL) = 0;
/**Get the name of this evaluator*/
virtual const char* getName(void) const = 0;
protected:
/**Evaluate the request by using the EvaluationCtx object
(which includes the information about request). The ctx is destroyed
inside this method (why?!?!?). */
virtual Response* evaluate(EvaluationCtx* ctx) = 0;
private:
/**Parse the configuration, and dynamically create PolicyStore, AttributeFactory, FnFactory and AlgFactoryy*/
virtual void parsecfg(Arc::XMLNode& cfg) = 0;
};
///Context for evaluator. It includes the factories which will be used to create related objects
class EvaluatorContext {
private:
Evaluator* evaluator;
public:
EvaluatorContext(Evaluator* evaluator) : evaluator(evaluator) {};
~EvaluatorContext() {};
public:
/** Returns associated AttributeFactory object */
operator AttributeFactory*() { return evaluator->getAttrFactory(); };
/** Returns associated FnFactory object */
operator FnFactory*() { return evaluator->getFnFactory(); };
/** Returns associated AlgFactory object */
operator AlgFactory*() { return evaluator->getAlgFactory(); };
};
} // namespace ArcSec
#endif /* __ARC_SEC_EVALUATOR_H__ */
|