xrootd
XrdAccAudit.hh
Go to the documentation of this file.
1 #ifndef __ACC_AUDIT__
2 #define __ACC_AUDIT__
3 /******************************************************************************/
4 /* */
5 /* X r d A c c A u d i t . h h */
6 /* */
7 /* (c) 2003 by the Board of Trustees of the Leland Stanford, Jr., University */
8 /* All Rights Reserved */
9 /* Produced by Andrew Hanushevsky for Stanford University under contract */
10 /* DE-AC03-76-SFO0515 with the Department of Energy */
11 /******************************************************************************/
12 
13 // $Id$
14 
15 /******************************************************************************/
16 /* A u d i t _ O p t i o n s */
17 /******************************************************************************/
18 
19 enum XrdAccAudit_Options {audit_none = 0,
20  audit_deny = 1,
21  audit_grant = 2,
22  audit_all = 3
23  };
24 
25 /******************************************************************************/
26 /* X r d A c c A u d i t */
27 /******************************************************************************/
28 
29 // This class is really meant to be replaced by anyone who care about auditing.
30 // Effective auditing is required to meet DOD class C security requirments.
31 
32 // This class should be placed in a shared library so that an installation can
33 // easily replace it and routine auditsdits as needed. We supply a brain-dead
34 // audit that simply issues a message:
35 // deny
36 // yymmdd hh:mm:ss acc_Audit: grant atype id@host opername path
37 
38 // Enabling/disabling is done via the method setAudit().
39 
40 // The external routine XrdAccAuditObject() returns the real audit object
41 // used by Access(). Developers should derive a class from this class and
42 // return the object of there choosing up-cast to this object. See the
43 // routine XrdAccAudit.C for the particulars.
44 
45 class XrdSysError;
46 
47 class XrdAccAudit
48 {
49 public:
50 
51  int Auditing(const XrdAccAudit_Options ops=audit_all)
52  {return auditops & ops;}
53 
54 virtual void Deny(const char *opname,
55  const char *tident,
56  const char *atype,
57  const char *id,
58  const char *host,
59  const char *path);
60 
61 virtual void Grant(const char *opname,
62  const char *tident,
63  const char *atype,
64  const char *id,
65  const char *host,
66  const char *path);
67 
68 // setAudit() is used to set the auditing options: audit_none turns audit off
69 // (the default), audit_deny audit access denials, audit_grant audits access
70 // grants, and audit_all audits both. See XrdAccAudit.h for more information.
71 //
72 void setAudit(XrdAccAudit_Options aops) {auditops = aops;}
73 
74  XrdAccAudit(XrdSysError *erp);
75 virtual ~XrdAccAudit() {}
76 
77 private:
78 
79 XrdAccAudit_Options auditops;
80 XrdSysError *mDest;
81 };
82 
83 /******************************************************************************/
84 /* o o a c c _ A u d i t _ O b j e c t */
85 /******************************************************************************/
86 
87 extern XrdAccAudit *XrdAccAuditObject(XrdSysError *erp);
88 
89 #endif
Generated by   doxygen 1.8.1.2