--- a/src/server/daemon/acl.h Tue Mar 19 17:38:32 2013 +0100
+++ b/src/server/daemon/acl.h Mon May 06 13:44:27 2013 +0200
@@ -29,164 +29,12 @@
#ifndef ACL_H
#define ACL_H
-#include "../public/nsapi.h"
-#include "authdb.h"
+#include "../public/acl.h"
#ifdef __cplusplus
extern "C" {
#endif
-// ACLListHandle typedef in nsapi.h
-typedef struct ACLListElm ACLListElm;
-typedef struct ACLList ACLList;
-
-typedef struct WSAcl WSAcl;
-typedef struct WSAce WSAce;
-
-/*
- * a wrapper struct for acls
- */
-struct ACLListHandle {
- AuthDB *defaultauthdb;
- ACLListElm *listhead;
- ACLListElm *listtail;
-};
-
-struct ACLListElm {
- ACLList *acl;
- ACLListElm *next;
-};
-
-/*
- * abstract ACL
- */
-typedef int(*acl_check_f)(ACLList*, User*, int);
-struct ACLList {
- AuthDB *authdb;
- char *authprompt;
- int isextern;
- /* int check(ACLList *acl, User *user, int access_mask) */
- int(*check)(ACLList *acl, User *user, int access_mask);
-};
-
-/*
- * a webserver access control list
- *
- * Access control is determined by the ace field. The ece field is a separat
- * list for audit and alarm entries.
- */
-struct WSAcl {
- ACLList acl;
- WSAce **ace; // access control entries
- WSAce **ece; // event control entries (audit/alarm entries)
- int acenum; // number of aces
- int ecenum; // number of eces
-};
-
-
-struct WSAce {
- char *who; // user or group name
- uint32_t access_mask;
- uint16_t flags;
- uint16_t type;
-};
-
-
-/*
- * access permissions
- */
-#define ACL_READ_DATA 0x0001
-#define ACL_WRITE_DATA 0x0002
-#define ACL_APPEND 0x0002
-#define ACL_ADD_FILE 0x0004
-#define ACL_ADD_SUBDIRECTORY 0x0004
-#define ACL_READ_XATTR 0x0008
-#define ACL_WRITE_XATTR 0x0010
-#define ACL_EXECUTE 0x0020
-#define ACL_DELETE_CHILD 0x0040
-#define ACL_DELETE 0x0040
-#define ACL_READ_ATTRIBUTES 0x0080
-#define ACL_WRITE_ATTRIBUTES 0x0100
-#define ACL_LIST 0x0200
-#define ACL_READ_ACL 0x0400
-#define ACL_WRITE_ACL 0x0800
-#define ACL_WRITE_OWNER 0x1000
-#define ACL_SYNCHRONIZE 0x2000
-#define ACL_READ \
- (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES)
-#define ACL_WRITE \
- (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES)
-
-/*
- * ace flags
- */
-#define ACL_FILE_INHERIT 0x0001
-#define ACL_DIR_INHERIT 0x0002
-#define ACL_NO_PROPAGATE 0x0004
-#define ACL_INHERIT_ONLY 0x0008
-#define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010
-#define ACL_FAILED_ACCESS_ACE_FLAG 0x0020
-#define ACL_IDENTIFIER_GROUP 0x0040
-#define ACL_OWNER 0x1000
-#define ACL_GROUP 0x2000
-#define ACL_EVERYONE 0x4000
-
-/*
- * ace type
- */
-#define ACL_TYPE_ALLOWED 0x01
-#define ACL_TYPE_DENIED 0x02
-#define ACL_TYPE_AUDIT 0x03
-#define ACL_TYPE_ALARM 0x04
-
-
-/*
- * public API
- */
-
-// list
-void acllist_append(Session *sn, Request *rq, ACLList *acl);
-void acllist_prepend(Session *sn, Request *rq, ACLList *acl);
-
-/*
- * gets a access mask from open flags
- */
-uint32_t acl_oflag2mask(int oflags);
-
-/*
- * authenticates the user with the user database specified in the acl list
- */
-User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list);
-
-/*
- * sets the status to 403 or 401 and sets www-authenticate
- *
- * use this only if a ACL denies access
- */
-void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user);
-
-/*
- * acl_evaluate
- *
- * Evaluates all ACLs in rq->acllist. It combines rq->aclreqaccess and
- * access_mask. If access is denied and no user is authenticated it sets the
- * www-authenticate header and the status to 401 Unauthorized.
- *
- * returns REQ_PROCEED if access is allowed or REQ_ABORTED if access is denied
- */
-int acl_evaluate(Session *sn, Request *rq, int access_mask);
-
-/*
- * acl_evallist
- *
- * evalutes all ACLs in acllist
- *
- * returns NULL if access is allowed or a pointer to the ACLList which
- * denied access
- */
-ACLList* acl_evallist(ACLListHandle *acllist, User *user, int access_mask);
-
-
// private
int wsacl_affects_user(WSAce *ace, User *user);
int wsacl_check(WSAcl *acl, User *user, int access_mask);