Re: [mico-devel] CSIv2

Sat, 24 Sep 2005 04:51:20 -0700 

On Fri, 23 Sep 2005, Arnold Mingin wrote:



Hello,

I wrote here some time ago about security, didn't know how to do
authorization. After spending some time walking through CSIv2 code I
patched it a little bit so that it could provide functions from within
the application like: knowing current user, adding/removing users and
changing client user. I totally understand that this is not according to
the standard, but I just wanted to ask, will it work at all... Since now
it SEEMS to be working.



I would also recommend you to give OpenPMF a try:
http://www.objectsecurity.com/openpmf/openpmf.html


At least it contains MICO SL3 project which is basically API created for 
CSIv2.



The patch is the following:

csiv2.idl, csiv2_impl.cc, csiv2_impl.h:
Added func. add_server_user to local interface SecurityManager (this
function is already in csiv2_impl.cc, so I just added it to IDL and
"const" to arguments);
Added func. remove_server_user (just like add_server_user);
Added attr. current_user (read only, just returns current_user_ whici is
set in auth_token function, implemented in csiv2_impl.cc);
Added func. client_user (change css_user_ and css_passwd_);

I didn't know nothing about multithreading usage of this class, so I
added MICO::RWLock to all above functions and also in:
CSIv2::SecurityManager_impl::get_gss_init_token (just around the part
where css_*_ is read);
CSIv2::SecurityManager_impl::auth_token (around the for-loop of finding
user);

Could you please tell me, will it work OK, especially current_user?
Usage in the application is through getting initial reference of
CSIv2SecurityManager.
If some could explain me how to use "patch" I can send the code here.



For sending diff, you need to use diff -u command. Anyway, MICO already 
support API for CSIv2 in the form of SL3 project which will be merged in 
shortly after MICO 2.3.12 release. So I'm not going to add yet another 
un-common API if there is no strong demand for it. FYI: SL3 API was 
specified by Adiron:

http://www.adiron.com/products.html

We've just made minor modifications which makes it better IMHO and more 
simple.


Cheers,
Karel
--
Karel Gardas                  [EMAIL PROTECTED]
ObjectSecurity Ltd.           http://www.objectsecurity.com
---
Need experienced, fast, reliable technical MICO support?
    ---> http://www.objectsecurity.com/commsup.html  <---
---
_______________________________________________
Mico-devel mailing list
[email protected]
http://www.mico.org/mailman/listinfo/mico-devel






















					Reply via email to