Fri, 01 Mar 2013 21:15:52 +0100
new pathcheck saf and code cleanup
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2013 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ACL_H #define ACL_H #include "../public/nsapi.h" #include "authdb.h" #ifdef __cplusplus extern "C" { #endif typedef struct ACLList ACLList; typedef struct ACLEntry ACLEntry; // ACLListHandle typedef in nsapi.h typedef struct ACLListElm ACLListElm; /* * a wrapper struct for acls * * TODO: store more than one acl */ struct ACLListHandle { AuthDB *defaultauthdb; ACLListElm *listhead; ACLListElm *listtail; }; struct ACLListElm { ACLList *acl; ACLListElm *next; }; /* * a access control list * * Access control is determined by the ace field. The ece field is a separat * list for audit and alarm entries. */ struct ACLList { AuthDB *authdb; char *authprompt; ACLEntry **ace; // access control entries ACLEntry **ece; // event control entries (audit/alarm entries) int acenum; // number of aces int ecenum; // number of eces }; struct ACLEntry { char *who; // user or group name uint32_t access_mask; uint16_t flags; uint16_t type; }; /* * access permissions */ #define ACL_READ_DATA 0x0001 #define ACL_WRITE_DATA 0x0002 #define ACL_APPEND 0x0002 #define ACL_ADD_FILE 0x0004 #define ACL_ADD_SUBDIRECTORY 0x0004 #define ACL_READ_XATTR 0x0008 #define ACL_WRITE_XATTR 0x0010 #define ACL_EXECUTE 0x0020 #define ACL_DELETE_CHILD 0x0040 #define ACL_DELETE 0x0040 #define ACL_READ_ATTRIBUTES 0x0080 #define ACL_WRITE_ATTRIBUTES 0x0100 #define ACL_LIST 0x0200 #define ACL_READ_ACL 0x0400 #define ACL_WRITE_ACL 0x0800 #define ACL_WRITE_OWNER 0x1000 #define ACL_SYNCHRONIZE 0x2000 #define ACL_READ \ (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES) #define ACL_WRITE \ (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES) /* * ace flags */ #define ACL_FILE_INHERIT 0x0001 #define ACL_DIR_INHERIT 0x0002 #define ACL_NO_PROPAGATE 0x0004 #define ACL_INHERIT_ONLY 0x0008 #define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010 #define ACL_FAILED_ACCESS_ACE_FLAG 0x0020 #define ACL_IDENTIFIER_GROUP 0x0040 #define ACL_OWNER 0x1000 #define ACL_GROUP 0x2000 #define ACL_EVERYONE 0x4000 /* * ace type */ #define ACL_TYPE_ALLOWED 0x01 #define ACL_TYPE_DENIED 0x02 #define ACL_TYPE_AUDIT 0x03 #define ACL_TYPE_ALARM 0x04 /* * public API */ // list void acllist_append(Session *sn, Request *rq, ACLList *acl); void acllist_prepend(Session *sn, Request *rq, ACLList *acl); // eval int acl_evaluate(Session *sn, Request *rq, int access_mask); // private int wsacl_affects_user(ACLEntry *ace, User *user); int wsacl_check(ACLList *acl, User *user, int access_mask); #ifdef __cplusplus } #endif #endif /* ACL_H */