src/server/config/acl.h

Mon, 16 Jan 2017 14:41:20 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Mon, 16 Jan 2017 14:41:20 +0100
changeset 149
aa016efb9ad7
parent 79
f48cea237ec3
child 394
4d2a1df73e18
permissions
-rw-r--r--

fixes cgi cleanup

51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #ifndef _CONFIG_ACL_H
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #define _CONFIG_ACL_H
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32 #include "conf.h"
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include <inttypes.h>
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #ifdef __cplusplus
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
36 extern "C" {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37 #endif
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
38
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39 typedef struct _acl_conf ACLConfig;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 typedef struct _acl_file {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42 ConfigParser parser;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 UcxList *namedACLs; // ACLConfig list
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 UcxList *uriACLs; // ACLConfig list
61
c858850f3d3a improved configuration reloading
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 52
diff changeset
45 UcxList *pathACLs; // ACLConfig list
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 // temp data
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47 ACLConfig *cur;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
48 } ACLFile;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
49
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
50 struct _acl_conf {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
51 sstr_t id; // name, uri or path
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
52 sstr_t type; // webserver ACL or file system ACL
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
53 UcxList *authparam; // authentication parameters
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 UcxList *entries; // ACEConfig list
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 };
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 typedef struct _ace_conf {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58 sstr_t who;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 uint32_t access_mask;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 uint16_t flags;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 uint16_t type;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 } ACEConfig;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 * the flags are a duplicate of the webserver's acl flags
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 * access permissions
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72 #define ACLCFG_READ_DATA 0x0001
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 #define ACLCFG_WRITE_DATA 0x0002
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74 #define ACLCFG_APPEND 0x0002
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
75 #define ACLCFG_ADD_FILE 0x0004
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
76 #define ACLCFG_ADD_SUBDIRECTORY 0x0004
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 #define ACLCFG_READ_XATTR 0x0008
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 #define ACLCFG_WRITE_XATTR 0x0010
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 #define ACLCFG_EXECUTE 0x0020
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80 #define ACLCFG_DELETE_CHILD 0x0040
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 #define ACLCFG_DELETE 0x0040
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
82 #define ACLCFG_READ_ATTRIBUTES 0x0080
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
83 #define ACLCFG_WRITE_ATTRIBUTES 0x0100
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
84 #define ACLCFG_LIST 0x0200
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
85 #define ACLCFG_READ_ACL 0x0400
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
86 #define ACLCFG_WRITE_ACL 0x0800
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
87 #define ACLCFG_WRITE_OWNER 0x1000
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
88 #define ACLCFG_SYNCHRONIZE 0x2000
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 #define ACLCFG_READ \
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
91 (ACLCFG_READ_DATA|ACLCFG_READ_XATTR|ACLCFG_READ_ATTRIBUTES)
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
92 #define ACLCFG_WRITE \
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
93 (ACLCFG_WRITE_DATA|ACLCFG_WRITE_XATTR|ACLCFG_WRITE_ATTRIBUTES)
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
94
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
95 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
96 * ace flags
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
97 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
98 #define ACLCFG_FILE_INHERIT 0x0001
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
99 #define ACLCFG_DIR_INHERIT 0x0002
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
100 #define ACLCFG_NO_PROPAGATE 0x0004
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101 #define ACLCFG_INHERIT_ONLY 0x0008
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
102 #define ACLCFG_SUCCESSFUL_ACCESS_FLAG 0x0010
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 #define ACLCFG_FAILED_ACCESS_ACE_FLAG 0x0020
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
104 #define ACLCFG_IDENTIFIER_GROUP 0x0040
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 #define ACLCFG_OWNER 0x1000
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106 #define ACLCFG_GROUP 0x2000
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 #define ACLCFG_EVERYONE 0x4000
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 * ace type
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 #define ACLCFG_TYPE_ALLOWED 0x01
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113 #define ACLCFG_TYPE_DENIED 0x02
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 #define ACLCFG_TYPE_AUDIT 0x03
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115 #define ACLCFG_TYPE_ALARM 0x04
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
116
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
118 ACLFile* load_acl_file(char *file);
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 void free_acl_file(ACLFile *aclfile);
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
121
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
123 int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, sstr_t line);
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 int parse_ace(ACLFile *f, sstr_t line);
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
125
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
126 /*
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
127 * converts a access right string to an integer value
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
128 */
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
129 uint32_t accstr2int(sstr_t access);
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
130
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 #ifdef __cplusplus
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133 #endif
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135 #endif /* _CONFIG_ACL_H */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136

mercurial