// // Test for etherealize/incarnate // #include "hello.h" #ifdef HAVE_ANSI_CPLUSPLUS_HEADERS #include #else // HAVE_ANSI_CPLUSPLUS_HEADERS #include #endif // HAVE_ANSI_CPLUSPLUS_HEADERS #include #include using namespace SL3PM; using namespace SL3CM; using namespace SecurityLevel3; using namespace std; CORBA::ORB_ptr orb = CORBA::ORB::_nil(); SecurityManager_var secman = SecurityManager::_nil(); SecurityLevel3::CredentialsCurator_var curator = SecurityLevel3::CredentialsCurator::_nil(); class PasswordProcessor_impl : virtual public UserPassword::PasswordProcessor, virtual public CORBA::LocalObject { public: virtual CORBA::Boolean client_authen_required(); virtual SL3PM::PrincipalName* password_target(); virtual UserPassword::ErrorCode verify_password (const CORBA::WChar* username, const CORBA::WChar* password, SL3PM::PrincipalName_out principal); }; CORBA::Boolean PasswordProcessor_impl::client_authen_required() { return TRUE; } SL3PM::PrincipalName* PasswordProcessor_impl::password_target() { SL3PM::PrincipalName* result = new SL3PM::PrincipalName; result->the_type = (const char*)SL3PM::NT_StringName; result->the_name.length(1); result->the_name[0] = L"@objectsecurity.com"; return result; } UserPassword::ErrorCode PasswordProcessor_impl::verify_password (const CORBA::WChar* username, const CORBA::WChar* password, SL3PM::PrincipalName_out principal) { //cerr << "relay: PasswordProcessor_impl::verify_password" << endl; wstring name = username; wstring pw = password; //cerr << "name: " << wstr2str(name) << endl; principal = new SL3PM::PrincipalName; principal->the_type = (const char*)SL3PM::NT_StringName; principal->the_name.length(1); principal->the_name[0] = CORBA::wstring_dup(name.c_str()); return UserPassword::EC_Success; } class PasswordGenerator_impl : virtual public UserPassword::PasswordGenerator, virtual public CORBA::LocalObject { public: PasswordGenerator_impl (const char* user, const char* passwd, const char* realm); virtual SL3PM::PrincipalName* client_authentication_principal(); virtual UserPassword::ErrorCode generate_password (const SL3PM::PrincipalName& target, CORBA::WString_out username, CORBA::WString_out password); private: wstring user_; wstring passwd_; wstring realm_; }; PasswordGenerator_impl::PasswordGenerator_impl (const char* user, const char* passwd, const char* realm) // user_(user), passwd_(passwd), realm_(realm) { string u = user; string p = passwd; string r = realm; user_ = str2wstr(u); passwd_ = str2wstr(p); realm_ = str2wstr(r); } SL3PM::PrincipalName* PasswordGenerator_impl::client_authentication_principal() { //cerr << "PasswordGenerator_impl::client_authentication_principal(): " << wstr2str(user_) << endl; SL3PM::PrincipalName* result = new SL3PM::PrincipalName; result->the_type = (const char*)SL3PM::NT_StringName; result->the_name.length(1); result->the_name[0] = CORBA::wstring_dup(user_.c_str()); return result; } UserPassword::ErrorCode PasswordGenerator_impl::generate_password (const SL3PM::PrincipalName& target, CORBA::WString_out username, CORBA::WString_out password) { //cerr << "PasswordGenerator_impl::generate_password" << endl; if (strcmp(SL3PM::NT_StringName, target.the_type) == 0) { if (realm_ == target.the_name[0].in()) { username = CORBA::wstring_dup(user_.c_str()); password = CORBA::wstring_dup(passwd_.c_str()); //cerr << wstr2str(user_) << ":" << wstr2str(passwd_) << endl; return UserPassword::EC_Success; } } return UserPassword::EC_BadTarget; } class Relay_impl : virtual public POA_HelloWorld { public: Relay_impl(HelloWorld_ptr hello); void hello(); private: HelloWorld_var hello_; }; Relay_impl::Relay_impl(HelloWorld_ptr hello) : hello_(HelloWorld::_duplicate(hello)) { } void Relay_impl::hello() { CORBA::Object_var obj = orb->resolve_initial_references ("SecurityLevel3::SecurityCurrent"); SecurityLevel3::SecurityCurrent_var current = SecurityLevel3::SecurityCurrent::_narrow(obj); assert(!CORBA::is_nil(current)); SecurityLevel3::ClientCredentials_ptr creds = current->client_credentials(); // cerr << "creds: " << creds << endl; // wcout << "server: ClientCredentials:" << endl; // MICOSL3Utils::PP::print_client_credentials(&wcout, creds); // wcout << endl; Principal_var princ = creds->client_principal(); PrincipalName name = princ->the_name(); if (princ->the_type() == PT_Proxy) { wcout << "relay: operation executed by: ``" << name.the_name[0].in() << "''" << endl; } // transport creds obj = orb->resolve_initial_references("SL3TCPIP::ArgBuilderFactory"); SL3AQArgs::ArgBuilderFactory_var ts_fact = SL3AQArgs::ArgBuilderFactory::_narrow(obj); assert(!CORBA::is_nil(ts_fact)); SL3TCPIP::TCPIPArgBuilder_var ts_builder = SL3TCPIP::TCPIPArgBuilder::_narrow (ts_fact->create_arg_builder(SL3CM::CU_InitiateOnly)); assert(!CORBA::is_nil(ts_builder)); SL3AQArgs::Argument_var ts_args = ts_builder->reap_args(); obj = orb->resolve_initial_references ("TransportSecurity::SecurityManager"); TransportSecurity::SecurityManager_var ts_secman = TransportSecurity::SecurityManager::_narrow(obj); assert(!CORBA::is_nil(ts_secman)); TransportSecurity::CredentialsCurator_var ts_curator = ts_secman->credentials_curator(); TransportSecurity::CredentialsAcquirer_ptr ts_acquirer = ts_curator->acquire_credentials(ts_args); TransportSecurity::OwnCredentials_var ts_creds = ts_acquirer->get_credentials(FALSE); //cerr << "ts_creds: " << ts_creds->creds_id() << endl; // csi creds obj = orb->resolve_initial_references("SL3CSI::ArgBuilderFactory"); SL3AQArgs::ArgBuilderFactory_var csi_fact = SL3AQArgs::ArgBuilderFactory::_narrow(obj); assert(!CORBA::is_nil(csi_fact)); SL3CSI::CSIArgBuilder_var csi_builder = SL3CSI::CSIArgBuilder::_narrow (csi_fact->create_arg_builder(SL3CM::CU_InitiateOnly)); assert(!CORBA::is_nil(csi_builder)); // transport creds csi_builder->add_transport_credentials(ts_creds); // passwd generator UserPassword::PasswordGenerator_var generator = new PasswordGenerator_impl ("relay", "relay_pw", "@objectsecurity.com"); csi_builder->add_password_generator(generator); // quoted principal csi_builder->add_named_quoted_principal(name); SL3AQArgs::Argument_var args = csi_builder->reap_args(); SecurityLevel3::CredentialsAcquirer_var acquirer = curator->acquire_credentials(args); SecurityLevel3::OwnCredentials_var own_creds = acquirer->get_credentials(FALSE); // policy SecurityLevel3::OwnCredentialsList creds_list; creds_list.length(1); creds_list[0] = own_creds; SecurityLevel3::ContextEstablishmentPolicy_ptr cep = secman->create_context_estab_policy (CD_Default, creds_list, FD_UseDefault, FD_UseDefault, FD_UseDefault, FD_UseDefault); CORBA::PolicyList policies; policies.length(1); policies[0] = cep; HelloWorld_var hello2 = HelloWorld::_narrow (hello_->_set_policy_overrides(policies, CORBA::ADD_OVERRIDE)); wcout << "relay: server->hello()" << endl; hello2->hello(); // cleanup credentials } int main (int argc, char *argv[]) { //wcout << "wcout init" << endl; try { orb = CORBA::ORB_init(argc, argv); CORBA::Object_var obj = orb->resolve_initial_references ("SecurityLevel3::SecurityManager"); secman = SecurityLevel3::SecurityManager::_narrow(obj); assert(!CORBA::is_nil(secman)); curator = secman->credentials_curator(); assert(!CORBA::is_nil(curator)); // first we need to obtain transport credentials obj = orb->resolve_initial_references("SL3TCPIP::ArgBuilderFactory"); SL3AQArgs::ArgBuilderFactory_var ts_fact = SL3AQArgs::ArgBuilderFactory::_narrow(obj); assert(!CORBA::is_nil(ts_fact)); SL3TCPIP::TCPIPArgBuilder_var ts_builder = SL3TCPIP::TCPIPArgBuilder::_narrow (ts_fact->create_arg_builder(SL3CM::CU_AcceptOnly)); assert(!CORBA::is_nil(ts_builder)); SL3AQArgs::Argument_var ts_args = ts_builder->reap_args(); obj = orb->resolve_initial_references ("TransportSecurity::SecurityManager"); TransportSecurity::SecurityManager_var ts_secman = TransportSecurity::SecurityManager::_narrow(obj); assert(!CORBA::is_nil(ts_secman)); TransportSecurity::CredentialsCurator_var ts_curator = ts_secman->credentials_curator(); TransportSecurity::CredentialsAcquirer_ptr ts_acquirer = ts_curator->acquire_credentials(ts_args); TransportSecurity::OwnCredentials_var ts_creds = ts_acquirer->get_credentials(TRUE); //MICOSL3Utils::PP::print_own_credentials(&wcout, ts_creds); obj = orb->resolve_initial_references("SL3CSI::ArgBuilderFactory"); SL3AQArgs::ArgBuilderFactory_var csi_fact = SL3AQArgs::ArgBuilderFactory::_narrow(obj); assert(!CORBA::is_nil(csi_fact)); SL3CSI::CSIArgBuilder_var csi_builder = SL3CSI::CSIArgBuilder::_narrow (csi_fact->create_arg_builder(SL3CM::CU_AcceptOnly)); assert(!CORBA::is_nil(csi_builder)); csi_builder->add_transport_credentials(ts_creds); UserPassword::PasswordProcessor_var processor = new PasswordProcessor_impl; csi_builder->add_password_processor(processor); SL3AQArgs::Argument_var args = csi_builder->reap_args(); SecurityLevel3::CredentialsAcquirer_var acquirer = curator->acquire_credentials(args); SecurityLevel3::OwnCredentials_var creds = acquirer->get_credentials(TRUE); //wcout << "server: OwnCredentials:" << endl; //MICOSL3Utils::PP::print_own_credentials(&wcout, creds); CORBA::Object_var poaobj = orb->resolve_initial_references("RootPOA"); PortableServer::POA_var poa = PortableServer::POA::_narrow(poaobj); PortableServer::POAManager_var mgr = poa->the_POAManager(); char pwd[256], uri[300]; sprintf (uri, "file://%s/hello.ref", getcwd(pwd, 256)); obj = orb->string_to_object (uri); HelloWorld_var hello = HelloWorld::_narrow (obj); Relay_impl* servant = new Relay_impl(hello); PortableServer::ObjectId_var oid = poa->activate_object(servant); CORBA::Object_var ref = poa->id_to_reference(oid.in()); ofstream of ("relay.ref"); CORBA::String_var str = orb->object_to_string(ref); of << str.in() << endl; of.close(); wcout << "relay: Running." << endl; mgr->activate(); orb->run(); } catch (CORBA::UserException& ex) { wcout << "UserException caught: " << ex._repoid() << endl; } catch (CORBA::SystemException_catch& ex) { wcout << "SystemException caught: " << ex._repoid() << endl; } catch (...) { wcout << "... caught!" << endl; } return 0; }