00001 #ifndef __ACC_AUDIT__ 00002 #define __ACC_AUDIT__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d A c c A u d i t . h h */ 00006 /* */ 00007 /* (c) 2003 by the Board of Trustees of the Leland Stanford, Jr., University */ 00008 /* All Rights Reserved */ 00009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 00010 /* DE-AC03-76-SFO0515 with the Department of Energy */ 00011 /******************************************************************************/ 00012 00013 // $Id: XrdAccAudit.hh 22437 2008-03-04 14:35:16Z rdm $ 00014 00015 /******************************************************************************/ 00016 /* A u d i t _ O p t i o n s */ 00017 /******************************************************************************/ 00018 00019 enum XrdAccAudit_Options {audit_none = 0, 00020 audit_deny = 1, 00021 audit_grant = 2, 00022 audit_all = 3 00023 }; 00024 00025 /******************************************************************************/ 00026 /* X r d A c c A u d i t */ 00027 /******************************************************************************/ 00028 00029 // This class is really meant to be replaced by anyone who care about auditing. 00030 // Effective auditing is required to meet DOD class C security requirments. 00031 00032 // This class should be placed in a shared library so that an installation can 00033 // easily replace it and routine auditsdits as needed. We supply a brain-dead 00034 // audit that simply issues a message: 00035 // deny 00036 // yymmdd hh:mm:ss acc_Audit: grant atype id@host opername path 00037 00038 // Enabling/disabling is done via the method setAudit(). 00039 00040 // The external routine XrdAccAuditObject() returns the real audit object 00041 // used by Access(). Developers should derive a class from this class and 00042 // return the object of there choosing up-cast to this object. See the 00043 // routine XrdAccAudit.C for the particulars. 00044 00045 class XrdSysError; 00046 00047 class XrdAccAudit 00048 { 00049 public: 00050 00051 int Auditing(const XrdAccAudit_Options ops=audit_all) 00052 {return auditops & ops;} 00053 00054 virtual void Deny(const char *opname, 00055 const char *tident, 00056 const char *atype, 00057 const char *id, 00058 const char *host, 00059 const char *path); 00060 00061 virtual void Grant(const char *opname, 00062 const char *tident, 00063 const char *atype, 00064 const char *id, 00065 const char *host, 00066 const char *path); 00067 00068 // setAudit() is used to set the auditing options: audit_none turns audit off 00069 // (the default), audit_deny audit access denials, audit_grant audits access 00070 // grants, and audit_all audits both. See XrdAccAudit.h for more information. 00071 // 00072 void setAudit(XrdAccAudit_Options aops) {auditops = aops;} 00073 00074 XrdAccAudit(XrdSysError *erp); 00075 virtual ~XrdAccAudit() {} 00076 00077 private: 00078 00079 XrdAccAudit_Options auditops; 00080 XrdSysError *mDest; 00081 }; 00082 00083 /******************************************************************************/ 00084 /* o o a c c _ A u d i t _ O b j e c t */ 00085 /******************************************************************************/ 00086 00087 extern XrdAccAudit *XrdAccAuditObject(XrdSysError *erp); 00088 00089 #endif
1.5.1