|
1 /* |
|
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
3 * |
|
4 * Copyright 2013 Olaf Wintermann. All rights reserved. |
|
5 * |
|
6 * Redistribution and use in source and binary forms, with or without |
|
7 * modification, are permitted provided that the following conditions are met: |
|
8 * |
|
9 * 1. Redistributions of source code must retain the above copyright |
|
10 * notice, this list of conditions and the following disclaimer. |
|
11 * |
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
13 * notice, this list of conditions and the following disclaimer in the |
|
14 * documentation and/or other materials provided with the distribution. |
|
15 * |
|
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
26 * POSSIBILITY OF SUCH DAMAGE. |
|
27 */ |
|
28 |
|
29 #ifndef ACL_H |
|
30 #define ACL_H |
|
31 |
|
32 #include "../public/nsapi.h" |
|
33 #include "authdb.h" |
|
34 |
|
35 #ifdef __cplusplus |
|
36 extern "C" { |
|
37 #endif |
|
38 |
|
39 typedef struct ACLList ACLList; |
|
40 typedef struct ACLEntry ACLEntry; |
|
41 // ACLListHandle typedef in nsapi.h |
|
42 |
|
43 typedef struct ACLListElm ACLListElm; |
|
44 |
|
45 /* |
|
46 * a wrapper struct for acls |
|
47 * |
|
48 * TODO: store more than one acl |
|
49 */ |
|
50 struct ACLListHandle { |
|
51 AuthDB *defaultauthdb; |
|
52 ACLListElm *listhead; |
|
53 ACLListElm *listtail; |
|
54 }; |
|
55 |
|
56 struct ACLListElm { |
|
57 ACLList *acl; |
|
58 ACLListElm *next; |
|
59 }; |
|
60 |
|
61 /* |
|
62 * a access control list |
|
63 * |
|
64 * Access control is determined by the ace field. The ece field is a separat |
|
65 * list for audit and alarm entries. |
|
66 */ |
|
67 struct ACLList { |
|
68 AuthDB *authdb; |
|
69 char *authprompt; |
|
70 ACLEntry **ace; // access control entries |
|
71 ACLEntry **ece; // event control entries (audit/alarm entries) |
|
72 int acenum; // number of aces |
|
73 int ecenum; // number of eces |
|
74 }; |
|
75 |
|
76 |
|
77 struct ACLEntry { |
|
78 char *who; // user or group name |
|
79 uint32_t access_mask; |
|
80 uint16_t flags; |
|
81 uint16_t type; |
|
82 }; |
|
83 |
|
84 |
|
85 /* |
|
86 * access permissions |
|
87 */ |
|
88 #define ACL_READ_DATA 0x0001 |
|
89 #define ACL_WRITE_DATA 0x0002 |
|
90 #define ACL_APPEND 0x0002 |
|
91 #define ACL_ADD_FILE 0x0004 |
|
92 #define ACL_ADD_SUBDIRECTORY 0x0004 |
|
93 #define ACL_READ_XATTR 0x0008 |
|
94 #define ACL_WRITE_XATTR 0x0010 |
|
95 #define ACL_EXECUTE 0x0020 |
|
96 #define ACL_DELETE_CHILD 0x0040 |
|
97 #define ACL_DELETE 0x0040 |
|
98 #define ACL_READ_ATTRIBUTES 0x0080 |
|
99 #define ACL_WRITE_ATTRIBUTES 0x0100 |
|
100 #define ACL_LIST 0x0200 |
|
101 #define ACL_READ_ACL 0x0400 |
|
102 #define ACL_WRITE_ACL 0x0800 |
|
103 #define ACL_WRITE_OWNER 0x1000 |
|
104 #define ACL_SYNCHRONIZE 0x2000 |
|
105 #define ACL_READ \ |
|
106 (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES) |
|
107 #define ACL_WRITE \ |
|
108 (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES) |
|
109 |
|
110 /* |
|
111 * ace flags |
|
112 */ |
|
113 #define ACL_FILE_INHERIT 0x0001 |
|
114 #define ACL_DIR_INHERIT 0x0002 |
|
115 #define ACL_NO_PROPAGATE 0x0004 |
|
116 #define ACL_INHERIT_ONLY 0x0008 |
|
117 #define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010 |
|
118 #define ACL_FAILED_ACCESS_ACE_FLAG 0x0020 |
|
119 #define ACL_IDENTIFIER_GROUP 0x0040 |
|
120 #define ACL_OWNER 0x1000 |
|
121 #define ACL_GROUP 0x2000 |
|
122 #define ACL_EVERYONE 0x4000 |
|
123 |
|
124 /* |
|
125 * ace type |
|
126 */ |
|
127 #define ACL_TYPE_ALLOWED 0x01 |
|
128 #define ACL_TYPE_DENIED 0x02 |
|
129 #define ACL_TYPE_AUDIT 0x03 |
|
130 #define ACL_TYPE_ALARM 0x04 |
|
131 |
|
132 |
|
133 /* |
|
134 * public API |
|
135 */ |
|
136 |
|
137 // list |
|
138 void acllist_append(Session *sn, Request *rq, ACLList *acl); |
|
139 void acllist_prepend(Session *sn, Request *rq, ACLList *acl); |
|
140 |
|
141 // eval |
|
142 int acl_evaluate(Session *sn, Request *rq, int access_mask); |
|
143 |
|
144 |
|
145 // private |
|
146 int wsacl_check(ACLList *acl, User *user, int access_mask); |
|
147 |
|
148 |
|
149 #ifdef __cplusplus |
|
150 } |
|
151 #endif |
|
152 |
|
153 #endif /* ACL_H */ |
|
154 |