Mercurial > hg > webserver / file revision

src/server/daemon/acl.h@b28cf69f42e8

src/server/daemon/acl.h

Thu, 28 Feb 2013 20:00:05 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Thu, 28 Feb 2013 20:00:05 +0100
changeset 51
b28cf69f42e8
child 52
aced2245fb1c
permissions
-rw-r--r--

added acls

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef ACL_H
#define	ACL_H

#include "../public/nsapi.h"
#include "authdb.h"

#ifdef	__cplusplus
extern "C" {
#endif

typedef struct ACLList  ACLList;
typedef struct ACLEntry ACLEntry;
// ACLListHandle typedef in nsapi.h

typedef struct ACLListElm ACLListElm;

/*
 * a wrapper struct for acls
 * 
 * TODO: store more than one acl
 */
struct ACLListHandle {
    AuthDB     *defaultauthdb;
    ACLListElm *listhead;
    ACLListElm *listtail;
};

struct ACLListElm {
    ACLList    *acl;
    ACLListElm *next;
};

/*
 * a access control list
 * 
 * Access control is determined by the ace field. The ece field is a separat
 * list for audit and alarm entries.
 */
struct ACLList {
    AuthDB *authdb;
    char   *authprompt;
    ACLEntry **ace; // access control entries
    ACLEntry **ece; // event control entries (audit/alarm entries)
    int acenum; // number of aces
    int ecenum; // number of eces
};


struct ACLEntry {
    char     *who; // user or group name
    uint32_t access_mask;
    uint16_t flags;
    uint16_t type;
};


/*
 * access permissions
 */
#define ACL_READ_DATA               0x0001
#define ACL_WRITE_DATA              0x0002
#define ACL_APPEND                  0x0002
#define ACL_ADD_FILE                0x0004
#define ACL_ADD_SUBDIRECTORY        0x0004
#define ACL_READ_XATTR              0x0008
#define ACL_WRITE_XATTR             0x0010
#define ACL_EXECUTE                 0x0020
#define ACL_DELETE_CHILD            0x0040
#define ACL_DELETE                  0x0040
#define ACL_READ_ATTRIBUTES         0x0080
#define ACL_WRITE_ATTRIBUTES        0x0100
#define ACL_LIST                    0x0200
#define ACL_READ_ACL                0x0400
#define ACL_WRITE_ACL               0x0800
#define ACL_WRITE_OWNER             0x1000
#define ACL_SYNCHRONIZE             0x2000
#define ACL_READ \
        (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES)
#define ACL_WRITE \
        (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES)

/*
 * ace flags
 */
#define ACL_FILE_INHERIT            0x0001
#define ACL_DIR_INHERIT             0x0002
#define ACL_NO_PROPAGATE            0x0004
#define ACL_INHERIT_ONLY            0x0008
#define ACL_SUCCESSFUL_ACCESS_FLAG  0x0010
#define ACL_FAILED_ACCESS_ACE_FLAG  0x0020
#define ACL_IDENTIFIER_GROUP        0x0040
#define ACL_OWNER                   0x1000
#define ACL_GROUP                   0x2000
#define ACL_EVERYONE                0x4000

/*
 * ace type
 */
#define ACL_TYPE_ALLOWED 0x01
#define ACL_TYPE_DENIED  0x02
#define ACL_TYPE_AUDIT   0x03
#define ACL_TYPE_ALARM   0x04


/*
 * public API
 */

// list
void acllist_append(Session *sn, Request *rq, ACLList *acl);
void acllist_prepend(Session *sn, Request *rq, ACLList *acl);

// eval
int acl_evaluate(Session *sn, Request *rq, int access_mask);


// private
int wsacl_check(ACLList *acl, User *user, int access_mask);


#ifdef	__cplusplus
}
#endif

#endif	/* ACL_H */

Mercurial Repository: webserver

mercurial