comparison: src/server/daemon/acl.h
src/server/daemon/acl.h
- changeset 54
- 3a1d5a52adfc
- parent 52
- aced2245fb1c
- child 59
- ab25c0a231d0
equal
deleted
inserted
replaced
| 53:5ec9abba1027 | 54:3a1d5a52adfc |
|---|---|
| 34 | 34 |
| 35 #ifdef __cplusplus | 35 #ifdef __cplusplus |
| 36 extern "C" { | 36 extern "C" { |
| 37 #endif | 37 #endif |
| 38 | 38 |
| 39 typedef struct ACLList ACLList; | |
| 40 typedef struct ACLEntry ACLEntry; | |
| 41 // ACLListHandle typedef in nsapi.h | 39 // ACLListHandle typedef in nsapi.h |
| 42 | |
| 43 typedef struct ACLListElm ACLListElm; | 40 typedef struct ACLListElm ACLListElm; |
| 41 typedef struct ACLList ACLList; | |
| 42 | |
| 43 typedef struct WSAcl WSAcl; | |
| 44 typedef struct WSAce WSAce; | |
| 44 | 45 |
| 45 /* | 46 /* |
| 46 * a wrapper struct for acls | 47 * a wrapper struct for acls |
| 47 * | |
| 48 * TODO: store more than one acl | |
| 49 */ | 48 */ |
| 50 struct ACLListHandle { | 49 struct ACLListHandle { |
| 51 AuthDB *defaultauthdb; | 50 AuthDB *defaultauthdb; |
| 52 ACLListElm *listhead; | 51 ACLListElm *listhead; |
| 53 ACLListElm *listtail; | 52 ACLListElm *listtail; |
| 57 ACLList *acl; | 56 ACLList *acl; |
| 58 ACLListElm *next; | 57 ACLListElm *next; |
| 59 }; | 58 }; |
| 60 | 59 |
| 61 /* | 60 /* |
| 62 * a access control list | 61 * abstract ACL |
| 63 * | 62 */ |
| 64 * Access control is determined by the ace field. The ece field is a separat | 63 typedef int(*acl_check_f)(ACLList*, User*, int); |
| 65 * list for audit and alarm entries. | |
| 66 */ | |
| 67 struct ACLList { | 64 struct ACLList { |
| 68 AuthDB *authdb; | 65 AuthDB *authdb; |
| 69 char *authprompt; | 66 char *authprompt; |
| 70 ACLEntry **ace; // access control entries | 67 int isextern; |
| 71 ACLEntry **ece; // event control entries (audit/alarm entries) | 68 /* int check(ACLList *acl, User *user, int access_mask) */ |
| 69 int(*check)(ACLList *acl, User *user, int access_mask); | |
| 70 }; | |
| 71 | |
| 72 /* | |
| 73 * a webserver access control list | |
| 74 * | |
| 75 * Access control is determined by the ace field. The ece field is a separat | |
| 76 * list for audit and alarm entries. | |
| 77 */ | |
| 78 struct WSAcl { | |
| 79 ACLList acl; | |
| 80 WSAce **ace; // access control entries | |
| 81 WSAce **ece; // event control entries (audit/alarm entries) | |
| 72 int acenum; // number of aces | 82 int acenum; // number of aces |
| 73 int ecenum; // number of eces | 83 int ecenum; // number of eces |
| 74 }; | 84 }; |
| 75 | 85 |
| 76 | 86 |
| 77 struct ACLEntry { | 87 struct WSAce { |
| 78 char *who; // user or group name | 88 char *who; // user or group name |
| 79 uint32_t access_mask; | 89 uint32_t access_mask; |
| 80 uint16_t flags; | 90 uint16_t flags; |
| 81 uint16_t type; | 91 uint16_t type; |
| 82 }; | 92 }; |
| 136 | 146 |
| 137 // list | 147 // list |
| 138 void acllist_append(Session *sn, Request *rq, ACLList *acl); | 148 void acllist_append(Session *sn, Request *rq, ACLList *acl); |
| 139 void acllist_prepend(Session *sn, Request *rq, ACLList *acl); | 149 void acllist_prepend(Session *sn, Request *rq, ACLList *acl); |
| 140 | 150 |
| 141 // eval | 151 /* |
| 152 * gets a access mask from open flags | |
| 153 */ | |
| 154 uint32_t acl_oflag2mask(int oflags); | |
| 155 | |
| 156 /* | |
| 157 * authenticates the user with the user database specified in the acl list | |
| 158 */ | |
| 159 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list); | |
| 160 | |
| 161 /* | |
| 162 * sets the status to 403 or 401 and sets www-authenticate | |
| 163 * | |
| 164 * use this only if a ACL denies access | |
| 165 */ | |
| 166 void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user); | |
| 167 | |
| 168 /* | |
| 169 * acl_evaluate | |
| 170 * | |
| 171 * Evaluates all ACLs in rq->acllist. It combines rq->aclreqaccess and | |
| 172 * access_mask. If access is denied and no user is authenticated it sets the | |
| 173 * www-authenticate header and the status to 401 Unauthorized. | |
| 174 * | |
| 175 * returns REQ_PROCEED if access is allowed or REQ_ABORTED if access is denied | |
| 176 */ | |
| 142 int acl_evaluate(Session *sn, Request *rq, int access_mask); | 177 int acl_evaluate(Session *sn, Request *rq, int access_mask); |
| 143 | 178 |
| 179 /* | |
| 180 * acl_evallist | |
| 181 * | |
| 182 * evalutes all ACLs in acllist | |
| 183 * | |
| 184 * returns NULL if access is allowed or a pointer to the ACLList which | |
| 185 * denied access | |
| 186 */ | |
| 187 ACLList* acl_evallist(ACLListHandle *acllist, User *user, int access_mask); | |
| 188 | |
| 144 | 189 |
| 145 // private | 190 // private |
| 146 int wsacl_affects_user(ACLEntry *ace, User *user); | 191 int wsacl_affects_user(WSAce *ace, User *user); |
| 147 int wsacl_check(ACLList *acl, User *user, int access_mask); | 192 int wsacl_check(WSAcl *acl, User *user, int access_mask); |
| 148 | 193 |
| 149 | 194 |
| 150 #ifdef __cplusplus | 195 #ifdef __cplusplus |
| 151 } | 196 } |
| 152 #endif | 197 #endif |
