/** * @file * $Id$ * $Revision$ * $Author$ * $Date$ * * This file is part of The iWear Framework. * * The iWear Framework is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by the * Free Software Foundation as in version 2 of the License. * * The iWear Framework is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * more details. * * You should have received a copy of the GNU General Public License along with * The iWear Framework; if not, write to the Free Software Foundation, Inc., 59 * Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifndef __IWREMOTE_CHAINSECURITPROVIDER_H #define __IWREMOTE_CHAINSECURITPROVIDER_H #include namespace iwear { namespace net { /** * this provides a simple chain mechanism with options. The later directives * override the former, a default policy can be set too. The directives are * allow and deny with the uid( or a group of uids) or ip and optionally the * requirement of ssl like: * * allow from 10.0.0.0/8 * deny from 10.1.0.0/16 * allow from 10.1.4.22 ssl * allow from 10.1.4.23 to 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE ssl * @note allow statements for object uids do *not* override generic connect * statements. * @warning a deny with ssl does allow non-ssl connections from this ! */ class ChainSecurityProvider: public SecurityProvider { private: protected: public: ChainSecurityProvider(); virtual ~ChainSecurityProvider(); virtual bool check_connection( RemoteConnectionPtr rcon ); /** * if this returns true it means that we are ok with this hostid calling us * in general (and with the connection too, like IP etc.) */ virtual bool check_host( RemoteConnectionPtr rcon, const hostid_t& hid ); /** * checks if this connection and hostid is allowed on this object uid */ virtual bool check_object( RemoteConnectionPtr rcon, const hostid_t& hid, const oid_t& oid ); }; } } #endif