1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
|
// -*- IDL -*-
//
// $Id$
#ifndef _SECURITY_IDL_
#define _SECURITY_IDL_
#include <orb.idl>
#include <tao/TimeBase.pidl>
#pragma prefix "omg.org"
module Security {
#pragma version Security 1.8
typedef string SecurityName;
typedef sequence<octet> Opaque;
// Constant declarations for Security Service Options
const CORBA::ServiceOption SecurityLevel1 = 1;
const CORBA::ServiceOption SecurityLevel2 = 2;
const CORBA::ServiceOption NonRepudiation = 3;
const CORBA::ServiceOption SecurityORBServiceReady = 4;
const CORBA::ServiceOption SecurityServiceReady = 5;
const CORBA::ServiceOption ReplaceORBServices = 6;
const CORBA::ServiceOption ReplaceSecurityServices = 7;
const CORBA::ServiceOption StandardSecureInteroperability = 8;
const CORBA::ServiceOption DCESecureInteroperability = 9;
// Service options for Common Secure Interoperability
const CORBA::ServiceOption CommonInteroperabilityLevel0 = 10;
const CORBA::ServiceOption CommonInteroperabilityLevel1 = 11;
const CORBA::ServiceOption CommonInteroperabilityLevel2 = 12;
// Security mech types supported for secure association
const CORBA::ServiceDetailType SecurityMechanismType = 1;
// privilege types supported in standard access policy
const CORBA::ServiceDetailType SecurityAttribute = 2;
// extensible families for standard data types
struct ExtensibleFamily {
unsigned short family_definer;
unsigned short family;
};
typedef sequence<octet> OID;
typedef sequence<OID> OIDList;
// security attributes
typedef unsigned long SecurityAttributeType;
// other attributes; family = 0
const SecurityAttributeType AuditId = 1;
const SecurityAttributeType AccountingId = 2;
const SecurityAttributeType NonRepudiationId = 3;
// privilege attributes; family = 1
const SecurityAttributeType _Public = 1;
const SecurityAttributeType AccessId = 2;
const SecurityAttributeType PrimaryGroupId = 3;
const SecurityAttributeType GroupId = 4;
const SecurityAttributeType Role = 5;
const SecurityAttributeType AttributeSet = 6;
const SecurityAttributeType Clearance = 7;
const SecurityAttributeType Capability = 8;
struct AttributeType {
ExtensibleFamily attribute_family;
SecurityAttributeType attribute_type;
};
typedef sequence<AttributeType> AttributeTypeList;
struct SecAttribute {
AttributeType attribute_type;
OID defining_authority;
Opaque value;
// the value of this attribute can be
// decoded only with knowledge of defining authority
};
typedef sequence <SecAttribute> AttributeList;
// Authentication return status
enum AuthenticationStatus {
SecAuthSuccess,
SecAuthFailure,
SecAuthContinue,
SecAuthExpired
};
// Association return status
enum AssociationStatus {
SecAssocSuccess,
SecAssocFailure,
SecAssocContinue
};
// Authentication method
typedef unsigned long AuthenticationMethod;
typedef sequence<AuthenticationMethod> AuthenticationMethodList;
// Credential types
enum InvocationCredentialsType {
SecOwnCredentials,
SecReceivedCredentials,
SecTargetCredentials
};
// Declarations related to Rights
struct Right {
ExtensibleFamily rights_family;
string the_right;
};
typedef sequence <Right> RightsList;
enum RightsCombinator {
SecAllRights,
SecAnyRight
};
// Delegation related
enum DelegationState {
SecInitiator,
SecDelegate
};
enum DelegationDirective {
Delegate,
NoDelegate
};
// pick up from TimeBase
typedef TimeBase::UtcT UtcT;
typedef TimeBase::IntervalT IntervalT;
typedef TimeBase::TimeT TimeT;
// Security features available on credentials.
enum SecurityFeature {
SecNoDelegation,
SecSimpleDelegation,
SecCompositeDelegation,
SecNoProtection,
SecIntegrity,
SecConfidentiality,
SecIntegrityAndConfidentiality,
SecDetectReplay,
SecDetectMisordering,
SecEstablishTrustInTarget,
SecEstablishTrustInClient
};
// Quality of protection which can be specified
// for an object reference and used to protect messages
enum QOP {
SecQOPNoProtection,
SecQOPIntegrity,
SecQOPConfidentiality,
SecQOPIntegrityAndConfidentiality
};
// Type of SecurityContext
enum SecurityContextType {
SecClientSecurityContext,
SecServerSecurityContext
};
// Operational State of a Security Context
enum SecurityContextState {
SecContextInitialized,
SecContextContinued,
SecContextClientEstablished,
SecContextEstablished,
SecContextEstablishExpired,
SecContextExpired,
SecContextInvalid
};
struct ChannelBindings {
unsigned long initiator_addrtype;
sequence<octet> initiator_address;
unsigned long acceptor_addrtype;
sequence<octet> acceptor_address;
sequence<octet> application_data;
};
// For use with SecurityReplaceable
struct OpaqueBuffer {
Opaque buffer;
unsigned long startpos;
unsigned long endpos;
// startpos <= endpos
// OpaqueBuffer is said to be empty if startpos == endpos
};
// Association options which can be administered
// on secure invocation policy and used to
// initialize security context
typedef unsigned short AssociationOptions;
const AssociationOptions NoProtection = 1;
const AssociationOptions Integrity = 2;
const AssociationOptions Confidentiality = 4;
const AssociationOptions DetectReplay = 8;
const AssociationOptions DetectMisordering = 16;
const AssociationOptions EstablishTrustInTarget = 32;
const AssociationOptions EstablishTrustInClient = 64;
const AssociationOptions NoDelegation = 128;
const AssociationOptions SimpleDelegation = 256;
const AssociationOptions CompositeDelegation = 512;
// Flag to indicate whether association options being
// administered are the "required" or "supported" set
enum RequiresSupports {
SecRequires,
SecSupports
};
// Direction of communication for which
// secure invocation policy applies
enum CommunicationDirection {
SecDirectionBoth,
SecDirectionRequest,
SecDirectionReply
};
// security association mechanism type
typedef string MechanismType;
typedef sequence<MechanismType> MechanismTypeList;
// AssociationOptions-Direction pair
struct OptionsDirectionPair {
AssociationOptions options;
CommunicationDirection direction;
};
typedef sequence <OptionsDirectionPair> OptionsDirectionPairList;
// Delegation mode which can be administered
enum DelegationMode {
SecDelModeNoDelegation, // i.e. use own credentials
SecDelModeSimpleDelegation, // delegate received credentials
SecDelModeCompositeDelegation // delegate both
};
// Association options supported by a given mech type
struct MechandOptions {
MechanismType mechanism_type;
AssociationOptions options_supported;
};
typedef sequence <MechandOptions> MechandOptionsList;
// Attribute of the SecurityLevel2::EstablishTrustPolicy
struct EstablishTrust {
boolean trust_in_client;
boolean trust_in_target;
};
// Audit
typedef unsigned long AuditChannelId;
typedef unsigned short EventType;
const EventType AuditAll = 0;
const EventType AuditPrincipalAuth = 1;
const EventType AuditSessionAuth = 2;
const EventType AuditAuthorization = 3;
const EventType AuditInvocation = 4;
const EventType AuditSecEnvChange = 5;
const EventType AuditPolicyChange = 6;
const EventType AuditObjectCreation = 7;
const EventType AuditObjectDestruction = 8;
const EventType AuditNonRepudiation = 9;
enum DayOfTheWeek {
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
};
enum AuditCombinator {
SecAllSelectors,
SecAnySelector
};
struct AuditEventType {
ExtensibleFamily event_family;
EventType event_type;
};
typedef sequence <AuditEventType> AuditEventTypeList;
typedef unsigned long SelectorType;
const SelectorType InterfaceName = 1;
const SelectorType ObjectRef = 2;
const SelectorType Operation = 3;
const SelectorType Initiator = 4;
const SelectorType SuccessFailure = 5;
const SelectorType Time = 6;
const SelectorType DayOfWeek = 7;
// values defined for audit_needed and audit_write are:
// InterfaceName: CORBA::RepositoryId
// ObjectRef: object reference
// Operation: op_name
// Initiator: Credentials
// SuccessFailure: boolean
// Time: utc time on audit_write; time picked up from
// environment in audit_needed if required
// DayOfWeek: DayOfTheWeek
struct SelectorValue {
SelectorType selector;
any value;
};
typedef sequence <SelectorValue> SelectorValueList;
// Constant declaration for valid Security Policy Types
// General administrative policies
const CORBA::PolicyType SecClientInvocationAccess = 1;
const CORBA::PolicyType SecTargetInvocationAccess = 2;
const CORBA::PolicyType SecApplicationAccess = 3;
const CORBA::PolicyType SecClientInvocationAudit = 4;
const CORBA::PolicyType SecTargetInvocationAudit = 5;
const CORBA::PolicyType SecApplicationAudit = 6;
const CORBA::PolicyType SecDelegation = 7;
const CORBA::PolicyType SecClientSecureInvocation = 8;
const CORBA::PolicyType SecTargetSecureInvocation = 9;
const CORBA::PolicyType SecNonRepudiation = 10;
// Policies used to control attributes of a binding to a target
const CORBA::PolicyType SecMechanismsPolicy = 12;
const CORBA::PolicyType SecInvocationCredentialsPolicy = 13;
const CORBA::PolicyType SecFeaturePolicy = 14; // obsolete
const CORBA::PolicyType SecQOPPolicy = 15;
const CORBA::PolicyType SecDelegationDirectivePolicy = 38;
const CORBA::PolicyType SecEstablishTrustPolicy = 39;
};
#pragma prefix ""
#endif /* _SECURITY_IDL_ */
|