comparison: src/server/daemon/acl.h
src/server/daemon/acl.h
- changeset 51
- b28cf69f42e8
- child 52
- aced2245fb1c
equal
deleted
inserted
replaced
| 50:4d39adda7a38 | 51:b28cf69f42e8 |
|---|---|
| 1 /* | |
| 2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | |
| 3 * | |
| 4 * Copyright 2013 Olaf Wintermann. All rights reserved. | |
| 5 * | |
| 6 * Redistribution and use in source and binary forms, with or without | |
| 7 * modification, are permitted provided that the following conditions are met: | |
| 8 * | |
| 9 * 1. Redistributions of source code must retain the above copyright | |
| 10 * notice, this list of conditions and the following disclaimer. | |
| 11 * | |
| 12 * 2. Redistributions in binary form must reproduce the above copyright | |
| 13 * notice, this list of conditions and the following disclaimer in the | |
| 14 * documentation and/or other materials provided with the distribution. | |
| 15 * | |
| 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE | |
| 20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| 26 * POSSIBILITY OF SUCH DAMAGE. | |
| 27 */ | |
| 28 | |
| 29 #ifndef ACL_H | |
| 30 #define ACL_H | |
| 31 | |
| 32 #include "../public/nsapi.h" | |
| 33 #include "authdb.h" | |
| 34 | |
| 35 #ifdef __cplusplus | |
| 36 extern "C" { | |
| 37 #endif | |
| 38 | |
| 39 typedef struct ACLList ACLList; | |
| 40 typedef struct ACLEntry ACLEntry; | |
| 41 // ACLListHandle typedef in nsapi.h | |
| 42 | |
| 43 typedef struct ACLListElm ACLListElm; | |
| 44 | |
| 45 /* | |
| 46 * a wrapper struct for acls | |
| 47 * | |
| 48 * TODO: store more than one acl | |
| 49 */ | |
| 50 struct ACLListHandle { | |
| 51 AuthDB *defaultauthdb; | |
| 52 ACLListElm *listhead; | |
| 53 ACLListElm *listtail; | |
| 54 }; | |
| 55 | |
| 56 struct ACLListElm { | |
| 57 ACLList *acl; | |
| 58 ACLListElm *next; | |
| 59 }; | |
| 60 | |
| 61 /* | |
| 62 * a access control list | |
| 63 * | |
| 64 * Access control is determined by the ace field. The ece field is a separat | |
| 65 * list for audit and alarm entries. | |
| 66 */ | |
| 67 struct ACLList { | |
| 68 AuthDB *authdb; | |
| 69 char *authprompt; | |
| 70 ACLEntry **ace; // access control entries | |
| 71 ACLEntry **ece; // event control entries (audit/alarm entries) | |
| 72 int acenum; // number of aces | |
| 73 int ecenum; // number of eces | |
| 74 }; | |
| 75 | |
| 76 | |
| 77 struct ACLEntry { | |
| 78 char *who; // user or group name | |
| 79 uint32_t access_mask; | |
| 80 uint16_t flags; | |
| 81 uint16_t type; | |
| 82 }; | |
| 83 | |
| 84 | |
| 85 /* | |
| 86 * access permissions | |
| 87 */ | |
| 88 #define ACL_READ_DATA 0x0001 | |
| 89 #define ACL_WRITE_DATA 0x0002 | |
| 90 #define ACL_APPEND 0x0002 | |
| 91 #define ACL_ADD_FILE 0x0004 | |
| 92 #define ACL_ADD_SUBDIRECTORY 0x0004 | |
| 93 #define ACL_READ_XATTR 0x0008 | |
| 94 #define ACL_WRITE_XATTR 0x0010 | |
| 95 #define ACL_EXECUTE 0x0020 | |
| 96 #define ACL_DELETE_CHILD 0x0040 | |
| 97 #define ACL_DELETE 0x0040 | |
| 98 #define ACL_READ_ATTRIBUTES 0x0080 | |
| 99 #define ACL_WRITE_ATTRIBUTES 0x0100 | |
| 100 #define ACL_LIST 0x0200 | |
| 101 #define ACL_READ_ACL 0x0400 | |
| 102 #define ACL_WRITE_ACL 0x0800 | |
| 103 #define ACL_WRITE_OWNER 0x1000 | |
| 104 #define ACL_SYNCHRONIZE 0x2000 | |
| 105 #define ACL_READ \ | |
| 106 (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES) | |
| 107 #define ACL_WRITE \ | |
| 108 (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES) | |
| 109 | |
| 110 /* | |
| 111 * ace flags | |
| 112 */ | |
| 113 #define ACL_FILE_INHERIT 0x0001 | |
| 114 #define ACL_DIR_INHERIT 0x0002 | |
| 115 #define ACL_NO_PROPAGATE 0x0004 | |
| 116 #define ACL_INHERIT_ONLY 0x0008 | |
| 117 #define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010 | |
| 118 #define ACL_FAILED_ACCESS_ACE_FLAG 0x0020 | |
| 119 #define ACL_IDENTIFIER_GROUP 0x0040 | |
| 120 #define ACL_OWNER 0x1000 | |
| 121 #define ACL_GROUP 0x2000 | |
| 122 #define ACL_EVERYONE 0x4000 | |
| 123 | |
| 124 /* | |
| 125 * ace type | |
| 126 */ | |
| 127 #define ACL_TYPE_ALLOWED 0x01 | |
| 128 #define ACL_TYPE_DENIED 0x02 | |
| 129 #define ACL_TYPE_AUDIT 0x03 | |
| 130 #define ACL_TYPE_ALARM 0x04 | |
| 131 | |
| 132 | |
| 133 /* | |
| 134 * public API | |
| 135 */ | |
| 136 | |
| 137 // list | |
| 138 void acllist_append(Session *sn, Request *rq, ACLList *acl); | |
| 139 void acllist_prepend(Session *sn, Request *rq, ACLList *acl); | |
| 140 | |
| 141 // eval | |
| 142 int acl_evaluate(Session *sn, Request *rq, int access_mask); | |
| 143 | |
| 144 | |
| 145 // private | |
| 146 int wsacl_check(ACLList *acl, User *user, int access_mask); | |
| 147 | |
| 148 | |
| 149 #ifdef __cplusplus | |
| 150 } | |
| 151 #endif | |
| 152 | |
| 153 #endif /* ACL_H */ | |
| 154 |
