00001 #ifndef __ACC_AUDIT__ 00002 #define __ACC_AUDIT__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d A c c A u d i t . h h */ 00006 /* */ 00007 /* (c) 2003 by the Board of Trustees of the Leland Stanford, Jr., University */ 00008 /* All Rights Reserved */ 00009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 00010 /* DE-AC02-76-SFO0515 with the Department of Energy */ 00011 /* */ 00012 /* This file is part of the XRootD software suite. */ 00013 /* */ 00014 /* XRootD is free software: you can redistribute it and/or modify it under */ 00015 /* the terms of the GNU Lesser General Public License as published by the */ 00016 /* Free Software Foundation, either version 3 of the License, or (at your */ 00017 /* option) any later version. */ 00018 /* */ 00019 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 00020 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 00021 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 00022 /* License for more details. */ 00023 /* */ 00024 /* You should have received a copy of the GNU Lesser General Public License */ 00025 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 00026 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 00027 /* */ 00028 /* The copyright holder's institutional names and contributor's names may not */ 00029 /* be used to endorse or promote products derived from this software without */ 00030 /* specific prior written permission of the institution or contributor. */ 00031 /******************************************************************************/ 00032 00033 /******************************************************************************/ 00034 /* A u d i t _ O p t i o n s */ 00035 /******************************************************************************/ 00036 00037 enum XrdAccAudit_Options {audit_none = 0, 00038 audit_deny = 1, 00039 audit_grant = 2, 00040 audit_all = 3 00041 }; 00042 00043 /******************************************************************************/ 00044 /* X r d A c c A u d i t */ 00045 /******************************************************************************/ 00046 00047 // This class is really meant to be replaced by anyone who care about auditing. 00048 // Effective auditing is required to meet DOD class C security requirments. 00049 00050 // This class should be placed in a shared library so that an installation can 00051 // easily replace it and routine auditsdits as needed. We supply a brain-dead 00052 // audit that simply issues a message: 00053 // deny 00054 // yymmdd hh:mm:ss acc_Audit: grant atype id@host opername path 00055 00056 // Enabling/disabling is done via the method setAudit(). 00057 00058 // The external routine XrdAccAuditObject() returns the real audit object 00059 // used by Access(). Developers should derive a class from this class and 00060 // return the object of there choosing up-cast to this object. See the 00061 // routine XrdAccAudit.C for the particulars. 00062 00063 class XrdSysError; 00064 00065 class XrdAccAudit 00066 { 00067 public: 00068 00069 int Auditing(const XrdAccAudit_Options ops=audit_all) 00070 {return auditops & ops;} 00071 00072 virtual void Deny(const char *opname, 00073 const char *tident, 00074 const char *atype, 00075 const char *id, 00076 const char *host, 00077 const char *path); 00078 00079 virtual void Grant(const char *opname, 00080 const char *tident, 00081 const char *atype, 00082 const char *id, 00083 const char *host, 00084 const char *path); 00085 00086 // setAudit() is used to set the auditing options: audit_none turns audit off 00087 // (the default), audit_deny audit access denials, audit_grant audits access 00088 // grants, and audit_all audits both. See XrdAccAudit.h for more information. 00089 // 00090 void setAudit(XrdAccAudit_Options aops) {auditops = aops;} 00091 00092 XrdAccAudit(XrdSysError *erp); 00093 virtual ~XrdAccAudit() {} 00094 00095 private: 00096 00097 XrdAccAudit_Options auditops; 00098 XrdSysError *mDest; 00099 }; 00100 00101 /******************************************************************************/ 00102 /* o o a c c _ A u d i t _ O b j e c t */ 00103 /******************************************************************************/ 00104 00105 extern XrdAccAudit *XrdAccAuditObject(XrdSysError *erp); 00106 00107 #endif