diff -r 4d39adda7a38 -r b28cf69f42e8 src/server/daemon/acl.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/server/daemon/acl.h	Thu Feb 28 20:00:05 2013 +0100
@@ -0,0 +1,154 @@
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ *
+ * Copyright 2013 Olaf Wintermann. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ACL_H
+#define	ACL_H
+
+#include "../public/nsapi.h"
+#include "authdb.h"
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+typedef struct ACLList  ACLList;
+typedef struct ACLEntry ACLEntry;
+// ACLListHandle typedef in nsapi.h
+
+typedef struct ACLListElm ACLListElm;
+
+/*
+ * a wrapper struct for acls
+ * 
+ * TODO: store more than one acl
+ */
+struct ACLListHandle {
+    AuthDB     *defaultauthdb;
+    ACLListElm *listhead;
+    ACLListElm *listtail;
+};
+
+struct ACLListElm {
+    ACLList    *acl;
+    ACLListElm *next;
+};
+
+/*
+ * a access control list
+ * 
+ * Access control is determined by the ace field. The ece field is a separat
+ * list for audit and alarm entries.
+ */
+struct ACLList {
+    AuthDB *authdb;
+    char   *authprompt;
+    ACLEntry **ace; // access control entries
+    ACLEntry **ece; // event control entries (audit/alarm entries)
+    int acenum; // number of aces
+    int ecenum; // number of eces
+};
+
+
+struct ACLEntry {
+    char     *who; // user or group name
+    uint32_t access_mask;
+    uint16_t flags;
+    uint16_t type;
+};
+
+
+/*
+ * access permissions
+ */
+#define ACL_READ_DATA               0x0001
+#define ACL_WRITE_DATA              0x0002
+#define ACL_APPEND                  0x0002
+#define ACL_ADD_FILE                0x0004
+#define ACL_ADD_SUBDIRECTORY        0x0004
+#define ACL_READ_XATTR              0x0008
+#define ACL_WRITE_XATTR             0x0010
+#define ACL_EXECUTE                 0x0020
+#define ACL_DELETE_CHILD            0x0040
+#define ACL_DELETE                  0x0040
+#define ACL_READ_ATTRIBUTES         0x0080
+#define ACL_WRITE_ATTRIBUTES        0x0100
+#define ACL_LIST                    0x0200
+#define ACL_READ_ACL                0x0400
+#define ACL_WRITE_ACL               0x0800
+#define ACL_WRITE_OWNER             0x1000
+#define ACL_SYNCHRONIZE             0x2000
+#define ACL_READ \
+        (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES)
+#define ACL_WRITE \
+        (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES)
+
+/*
+ * ace flags
+ */
+#define ACL_FILE_INHERIT            0x0001
+#define ACL_DIR_INHERIT             0x0002
+#define ACL_NO_PROPAGATE            0x0004
+#define ACL_INHERIT_ONLY            0x0008
+#define ACL_SUCCESSFUL_ACCESS_FLAG  0x0010
+#define ACL_FAILED_ACCESS_ACE_FLAG  0x0020
+#define ACL_IDENTIFIER_GROUP        0x0040
+#define ACL_OWNER                   0x1000
+#define ACL_GROUP                   0x2000
+#define ACL_EVERYONE                0x4000
+
+/*
+ * ace type
+ */
+#define ACL_TYPE_ALLOWED 0x01
+#define ACL_TYPE_DENIED  0x02
+#define ACL_TYPE_AUDIT   0x03
+#define ACL_TYPE_ALARM   0x04
+
+
+/*
+ * public API
+ */
+
+// list
+void acllist_append(Session *sn, Request *rq, ACLList *acl);
+void acllist_prepend(Session *sn, Request *rq, ACLList *acl);
+
+// eval
+int acl_evaluate(Session *sn, Request *rq, int access_mask);
+
+
+// private
+int wsacl_check(ACLList *acl, User *user, int access_mask);
+
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* ACL_H */
+