34 |
34 |
35 #ifdef __cplusplus |
35 #ifdef __cplusplus |
36 extern "C" { |
36 extern "C" { |
37 #endif |
37 #endif |
38 |
38 |
39 typedef struct ACLList ACLList; |
|
40 typedef struct ACLEntry ACLEntry; |
|
41 // ACLListHandle typedef in nsapi.h |
39 // ACLListHandle typedef in nsapi.h |
42 |
|
43 typedef struct ACLListElm ACLListElm; |
40 typedef struct ACLListElm ACLListElm; |
|
41 typedef struct ACLList ACLList; |
|
42 |
|
43 typedef struct WSAcl WSAcl; |
|
44 typedef struct WSAce WSAce; |
44 |
45 |
45 /* |
46 /* |
46 * a wrapper struct for acls |
47 * a wrapper struct for acls |
47 * |
|
48 * TODO: store more than one acl |
|
49 */ |
48 */ |
50 struct ACLListHandle { |
49 struct ACLListHandle { |
51 AuthDB *defaultauthdb; |
50 AuthDB *defaultauthdb; |
52 ACLListElm *listhead; |
51 ACLListElm *listhead; |
53 ACLListElm *listtail; |
52 ACLListElm *listtail; |
57 ACLList *acl; |
56 ACLList *acl; |
58 ACLListElm *next; |
57 ACLListElm *next; |
59 }; |
58 }; |
60 |
59 |
61 /* |
60 /* |
62 * a access control list |
61 * abstract ACL |
63 * |
62 */ |
64 * Access control is determined by the ace field. The ece field is a separat |
63 typedef int(*acl_check_f)(ACLList*, User*, int); |
65 * list for audit and alarm entries. |
|
66 */ |
|
67 struct ACLList { |
64 struct ACLList { |
68 AuthDB *authdb; |
65 AuthDB *authdb; |
69 char *authprompt; |
66 char *authprompt; |
70 ACLEntry **ace; // access control entries |
67 int isextern; |
71 ACLEntry **ece; // event control entries (audit/alarm entries) |
68 /* int check(ACLList *acl, User *user, int access_mask) */ |
|
69 int(*check)(ACLList *acl, User *user, int access_mask); |
|
70 }; |
|
71 |
|
72 /* |
|
73 * a webserver access control list |
|
74 * |
|
75 * Access control is determined by the ace field. The ece field is a separat |
|
76 * list for audit and alarm entries. |
|
77 */ |
|
78 struct WSAcl { |
|
79 ACLList acl; |
|
80 WSAce **ace; // access control entries |
|
81 WSAce **ece; // event control entries (audit/alarm entries) |
72 int acenum; // number of aces |
82 int acenum; // number of aces |
73 int ecenum; // number of eces |
83 int ecenum; // number of eces |
74 }; |
84 }; |
75 |
85 |
76 |
86 |
77 struct ACLEntry { |
87 struct WSAce { |
78 char *who; // user or group name |
88 char *who; // user or group name |
79 uint32_t access_mask; |
89 uint32_t access_mask; |
80 uint16_t flags; |
90 uint16_t flags; |
81 uint16_t type; |
91 uint16_t type; |
82 }; |
92 }; |
136 |
146 |
137 // list |
147 // list |
138 void acllist_append(Session *sn, Request *rq, ACLList *acl); |
148 void acllist_append(Session *sn, Request *rq, ACLList *acl); |
139 void acllist_prepend(Session *sn, Request *rq, ACLList *acl); |
149 void acllist_prepend(Session *sn, Request *rq, ACLList *acl); |
140 |
150 |
141 // eval |
151 /* |
|
152 * gets a access mask from open flags |
|
153 */ |
|
154 uint32_t acl_oflag2mask(int oflags); |
|
155 |
|
156 /* |
|
157 * authenticates the user with the user database specified in the acl list |
|
158 */ |
|
159 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list); |
|
160 |
|
161 /* |
|
162 * sets the status to 403 or 401 and sets www-authenticate |
|
163 * |
|
164 * use this only if a ACL denies access |
|
165 */ |
|
166 void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user); |
|
167 |
|
168 /* |
|
169 * acl_evaluate |
|
170 * |
|
171 * Evaluates all ACLs in rq->acllist. It combines rq->aclreqaccess and |
|
172 * access_mask. If access is denied and no user is authenticated it sets the |
|
173 * www-authenticate header and the status to 401 Unauthorized. |
|
174 * |
|
175 * returns REQ_PROCEED if access is allowed or REQ_ABORTED if access is denied |
|
176 */ |
142 int acl_evaluate(Session *sn, Request *rq, int access_mask); |
177 int acl_evaluate(Session *sn, Request *rq, int access_mask); |
143 |
178 |
|
179 /* |
|
180 * acl_evallist |
|
181 * |
|
182 * evalutes all ACLs in acllist |
|
183 * |
|
184 * returns NULL if access is allowed or a pointer to the ACLList which |
|
185 * denied access |
|
186 */ |
|
187 ACLList* acl_evallist(ACLListHandle *acllist, User *user, int access_mask); |
|
188 |
144 |
189 |
145 // private |
190 // private |
146 int wsacl_affects_user(ACLEntry *ace, User *user); |
191 int wsacl_affects_user(WSAce *ace, User *user); |
147 int wsacl_check(ACLList *acl, User *user, int access_mask); |
192 int wsacl_check(WSAcl *acl, User *user, int access_mask); |
148 |
193 |
149 |
194 |
150 #ifdef __cplusplus |
195 #ifdef __cplusplus |
151 } |
196 } |
152 #endif |
197 #endif |