Mercurial > hg > webserver / annotate

src/server/public/acl.h@ef3c8a0e1fee (annotated)

src/server/public/acl.h

Sun, 27 Nov 2022 13:33:30 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 27 Nov 2022 13:33:30 +0100
changeset 443
ef3c8a0e1fee
parent 211
2160585200ac
permissions
-rw-r--r--

improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent

59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
4 * Copyright 2018 Olaf Wintermann. All rights reserved.
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #ifndef WS_ACL_H
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #define WS_ACL_H
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32 #include "nsapi.h"
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include "auth.h"
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #ifdef __cplusplus
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
36 extern "C" {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37 #endif
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
38
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39 // ACLListHandle typedef in nsapi.h
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40 typedef struct ACLListElm ACLListElm;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 typedef struct ACLList ACLList;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 typedef struct WSAcl WSAcl;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 typedef struct WSAce WSAce;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47 * a wrapper struct for acls
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
48 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
49 struct ACLListHandle {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
50 AuthDB *defaultauthdb;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
51 ACLListElm *listhead;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
52 ACLListElm *listtail;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
53 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 struct ACLListElm {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 ACLList *acl;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 ACLListElm *next;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 * abstract ACL
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 typedef int(*acl_check_f)(ACLList*, User*, int);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 struct ACLList {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 AuthDB *authdb;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 char *authprompt;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 int isextern;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 /* int check(ACLList *acl, User *user, int access_mask) */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 int(*check)(ACLList *acl, User *user, int access_mask);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 * a webserver access control list
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
75 * Access control is determined by the ace field. The ece field is a separat
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
76 * list for audit and alarm entries.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 struct WSAcl {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 ACLList acl;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80 WSAce **ace; // access control entries
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 WSAce **ece; // event control entries (audit/alarm entries)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
82 int acenum; // number of aces
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
83 int ecenum; // number of eces
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
84 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
85
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
86
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
87 struct WSAce {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
88 char *who; // user or group name
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89 uint32_t access_mask;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 uint16_t flags;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
91 uint16_t type;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
92 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
93
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
94
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
95 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
96 * access permissions
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
97 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
98 #define ACL_READ_DATA 0x0001
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
99 #define ACL_WRITE_DATA 0x0002
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
100 #define ACL_APPEND 0x0002
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101 #define ACL_ADD_FILE 0x0004
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
102 #define ACL_ADD_SUBDIRECTORY 0x0004
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 #define ACL_READ_XATTR 0x0008
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
104 #define ACL_WRITE_XATTR 0x0010
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 #define ACL_EXECUTE 0x0020
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106 #define ACL_DELETE_CHILD 0x0040
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 #define ACL_DELETE 0x0040
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108 #define ACL_READ_ATTRIBUTES 0x0080
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 #define ACL_WRITE_ATTRIBUTES 0x0100
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 #define ACL_LIST 0x0200
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 #define ACL_READ_ACL 0x0400
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 #define ACL_WRITE_ACL 0x0800
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113 #define ACL_WRITE_OWNER 0x1000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 #define ACL_SYNCHRONIZE 0x2000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115 #define ACL_READ \
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
116 (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117 #define ACL_WRITE \
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
118 (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
121 * ace flags
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
123 #define ACL_FILE_INHERIT 0x0001
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 #define ACL_DIR_INHERIT 0x0002
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
125 #define ACL_NO_PROPAGATE 0x0004
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126 #define ACL_INHERIT_ONLY 0x0008
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 #define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 #define ACL_FAILED_ACCESS_ACE_FLAG 0x0020
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129 #define ACL_IDENTIFIER_GROUP 0x0040
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 #define ACL_OWNER 0x1000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 #define ACL_GROUP 0x2000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 #define ACL_EVERYONE 0x4000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135 * ace type
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
137 #define ACL_TYPE_ALLOWED 0x01
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
138 #define ACL_TYPE_DENIED 0x02
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
139 #define ACL_TYPE_AUDIT 0x03
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 #define ACL_TYPE_ALARM 0x04
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
143 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
144 * public API
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
145 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
146
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
147 // list
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
148 void acllist_append(Session *sn, Request *rq, ACLList *acl);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
149 void acllist_prepend(Session *sn, Request *rq, ACLList *acl);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
150
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
151 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
152 * gets a access mask from open flags
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
153 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 uint32_t acl_oflag2mask(int oflags);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 * authenticates the user with the user database specified in the acl list
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
158 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
159 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
161 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
162 * sets the status to 403 or 401 and sets www-authenticate
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
163 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
164 * use this only if a ACL denies access
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
165 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
166 void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
167
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
168 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
169 * acl_evaluate
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
170 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
171 * Evaluates all ACLs in rq->acllist. It combines rq->aclreqaccess and
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
172 * access_mask. If access is denied and no user is authenticated it sets the
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
173 * www-authenticate header and the status to 401 Unauthorized.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
174 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
175 * returns REQ_PROCEED if access is allowed or REQ_ABORTED if access is denied
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177 int acl_evaluate(Session *sn, Request *rq, int access_mask);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
178
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
179 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
180 * acl_evallist
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
181 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 * evalutes all ACLs in acllist
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
183 *
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
184 * externacl is set if an acl is extern, otherwise it is set to NULL
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
185 *
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
186 * returns NULL if access is allowed or a pointer to the ACLList which
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
187 * denied access
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
188 */
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
189 ACLList* acl_evallist(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
190 ACLListHandle *acllist,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
191 User *user,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
192 int access_mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
193 ACLList **externacl);
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
194
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
195 #ifdef __cplusplus
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
196 }
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
197 #endif
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
198
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
199 #endif /* WS_ACL_H */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
200

Mercurial Repository: webserver

mercurial