class AkentiEngine : public LogInterface

Class that provides the methods to check a user's access to resource

Inheritance:


Public Methods

AkentiEngine ()
Constructor
~AkentiEngine ()
Destructor
void setDesiredActions (const set& desiredActions)
Called prior to a call to checkAccess to specify what actions are to be checked for
void setRestrictedAttributes (const multimap& restrictedAttributes)
Called prior to a call to checkAccess to specify what attributes and values are to be assumed for the user
void setExternalEvaluator (const ExternalEvaluator& externalEvaluator)
Sets an externalEvaluator that will be called by the authorization module to evaluate any contraints of type SYSTEM or EXT_AUTH during subsequent calls to checkAccess
bool checkAccess (const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an authenticated principal name which consists of an x509 distinguished name for a user, and the x509 distinguished name of the Certificate Authority which issued the user's x509 cert, and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource
bool checkAccess (const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an X509 certificate chain for a user and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource
bool checkAccess (const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg)
bool checkAccess (const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg)
static void loadResourceMap (const string& fileName)
Loads a mapfile that maps user friendly names of resources to the pathnames where the policy files for the resource are stored
bool checkPolicy (const string& resource, PolicyContext& context, AkentiMessage& mesg)
Experimental: Collects and verifies policies and ucs
bool checkIssuer (const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg)
Experimental: Is this ap an issuer for resource resource

Inherited from LogInterface:

Public Methods

void iLog(int level, const string& key, const string& mesg = "") const
void bLog(int level, const string& key, const string& mesg = "") const
void sLog(int level, const string& key, const string& mesg = "") const
void fLog(int level, const string& key, const string& mesg = "") const

Documentation

Class that provides the methods to check a user's access to resource.
AkentiEngine()
Constructor

~AkentiEngine()
Destructor

void setDesiredActions(const set& desiredActions)
Called prior to a call to checkAccess to specify what actions are to be checked for.
Parameters:
desiredActions - list of string actions that match some of the actions granted by the UseConditons for the resource
See Also:
checkAccess

void setRestrictedAttributes(const multimap& restrictedAttributes)
Called prior to a call to checkAccess to specify what attributes and values are to be assumed for the user
Parameters:
restrictedAttributes - list of string attribute/value pairs that that will be assumed for the user on subsequent calls to checkAccess
See Also:
checkAccess

void setExternalEvaluator(const ExternalEvaluator& externalEvaluator)
Sets an externalEvaluator that will be called by the authorization module to evaluate any contraints of type SYSTEM or EXT_AUTH during subsequent calls to checkAccess
Parameters:
externalEvaluator - a function that can be called to evaluate UseConditions.
See Also:
AttributeInfo
ExternalEvaluator for an example of how to use an ExternalEvaluator

bool checkAccess(const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an authenticated principal name which consists of an x509 distinguished name for a user, and the x509 distinguished name of the Certificate Authority which issued the user's x509 cert, and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource.

If required actions have been set by a previous call to setDesiredActions, only those actions will be checked for. If a restricted set of attribute/value pairs have been set by a previous call to setDesiredAttributes, only those attributes will be checked and only the actions granted by those attributes will be returned.

Returns:
true if the user is not denied access.
Parameters:
resource - name of the resource for which access is to be checked
principal - user's DN, and DN of the CA that issued the user's cert
cert - capability certificate if user is not denied access
mesg - will have a response code and a description
See Also:
setDesiredActions
setDesiredAttributes
AkentiMessage

bool checkAccess(const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an X509 certificate chain for a user and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource.

If required actions have been set by a previous call to setDesiredActions, only those actions will be checked for. If a restricted set of attribute/value pairs have been set by a previous call to setDesiredAttributes, only those attributes will be checked and only the actions granted by those attributes will be returned.

Returns:
true if the user is not denied access.
Parameters:
resource - name of the resource for which access is to be checked
principal - user's DN, and DN of the CA that issued the user's cert
cert - capability certificate if user is not denied access
mesg - will have a response code and a description
See Also:
setDesiredActions
setDesiredAttributes
AkentiMessage

bool checkAccess(const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg)

bool checkAccess(const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg)

static void loadResourceMap(const string& fileName)
Loads a mapfile that maps user friendly names of resources to the pathnames where the policy files for the resource are stored. This method should be called once at startup.

The filename of the resource map is given by the optional directive ResourceMap in the Akenti Config file.

bool checkPolicy(const string& resource, PolicyContext& context, AkentiMessage& mesg)
Experimental: Collects and verifies policies and ucs

bool checkIssuer(const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg)
Experimental: Is this ap an issuer for resource resource


This class has no child classes.
Author:
Srilekha Mudumbai Abdelilah Essiari
Version:
1.1 00/05/01

alphabetic index hierarchy of classes


this page has been generated automatically by doc++

(c)opyright by Malte Zöckler, Roland Wunderling
contact: doc++@zib.de