Mon, 26 Dec 2016 16:46:55 +0100
adds support for ssl cert chain files and improves ssl error handling
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2013 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef _CONFIG_ACL_H #define _CONFIG_ACL_H #include "conf.h" #include <inttypes.h> #ifdef __cplusplus extern "C" { #endif typedef struct _acl_conf ACLConfig; typedef struct _acl_file { ConfigParser parser; UcxList *namedACLs; // ACLConfig list UcxList *uriACLs; // ACLConfig list UcxList *pathACLs; // ACLConfig list // temp data ACLConfig *cur; } ACLFile; struct _acl_conf { sstr_t id; // name, uri or path sstr_t type; // webserver ACL or file system ACL UcxList *authparam; // authentication parameters UcxList *entries; // ACEConfig list }; typedef struct _ace_conf { sstr_t who; uint32_t access_mask; uint16_t flags; uint16_t type; } ACEConfig; /* * the flags are a duplicate of the webserver's acl flags */ /* * access permissions */ #define ACLCFG_READ_DATA 0x0001 #define ACLCFG_WRITE_DATA 0x0002 #define ACLCFG_APPEND 0x0002 #define ACLCFG_ADD_FILE 0x0004 #define ACLCFG_ADD_SUBDIRECTORY 0x0004 #define ACLCFG_READ_XATTR 0x0008 #define ACLCFG_WRITE_XATTR 0x0010 #define ACLCFG_EXECUTE 0x0020 #define ACLCFG_DELETE_CHILD 0x0040 #define ACLCFG_DELETE 0x0040 #define ACLCFG_READ_ATTRIBUTES 0x0080 #define ACLCFG_WRITE_ATTRIBUTES 0x0100 #define ACLCFG_LIST 0x0200 #define ACLCFG_READ_ACL 0x0400 #define ACLCFG_WRITE_ACL 0x0800 #define ACLCFG_WRITE_OWNER 0x1000 #define ACLCFG_SYNCHRONIZE 0x2000 #define ACLCFG_READ \ (ACLCFG_READ_DATA|ACLCFG_READ_XATTR|ACLCFG_READ_ATTRIBUTES) #define ACLCFG_WRITE \ (ACLCFG_WRITE_DATA|ACLCFG_WRITE_XATTR|ACLCFG_WRITE_ATTRIBUTES) /* * ace flags */ #define ACLCFG_FILE_INHERIT 0x0001 #define ACLCFG_DIR_INHERIT 0x0002 #define ACLCFG_NO_PROPAGATE 0x0004 #define ACLCFG_INHERIT_ONLY 0x0008 #define ACLCFG_SUCCESSFUL_ACCESS_FLAG 0x0010 #define ACLCFG_FAILED_ACCESS_ACE_FLAG 0x0020 #define ACLCFG_IDENTIFIER_GROUP 0x0040 #define ACLCFG_OWNER 0x1000 #define ACLCFG_GROUP 0x2000 #define ACLCFG_EVERYONE 0x4000 /* * ace type */ #define ACLCFG_TYPE_ALLOWED 0x01 #define ACLCFG_TYPE_DENIED 0x02 #define ACLCFG_TYPE_AUDIT 0x03 #define ACLCFG_TYPE_ALARM 0x04 ACLFile* load_acl_file(char *file); void free_acl_file(ACLFile *aclfile); int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, sstr_t line); int parse_ace(ACLFile *f, sstr_t line); /* * converts a access right string to an integer value */ uint32_t accstr2int(sstr_t access); #ifdef __cplusplus } #endif #endif /* _CONFIG_ACL_H */