src/server/public/acl.h

Sun, 26 May 2013 12:12:07 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 26 May 2013 12:12:07 +0200
changeset 66
74babc0082b7
parent 63
66442f81f823
child 211
2160585200ac
permissions
-rw-r--r--

added authentication cache

59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #ifndef WS_ACL_H
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #define WS_ACL_H
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32 #include "nsapi.h"
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 #include "auth.h"
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 #ifdef __cplusplus
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
36 extern "C" {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
37 #endif
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
38
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39 // ACLListHandle typedef in nsapi.h
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40 typedef struct ACLListElm ACLListElm;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 typedef struct ACLList ACLList;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 typedef struct WSAcl WSAcl;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 typedef struct WSAce WSAce;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47 * a wrapper struct for acls
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
48 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
49 struct ACLListHandle {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
50 AuthDB *defaultauthdb;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
51 ACLListElm *listhead;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
52 ACLListElm *listtail;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
53 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 struct ACLListElm {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 ACLList *acl;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 ACLListElm *next;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 * abstract ACL
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 typedef int(*acl_check_f)(ACLList*, User*, int);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 struct ACLList {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 AuthDB *authdb;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 char *authprompt;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 int isextern;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 /* int check(ACLList *acl, User *user, int access_mask) */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 int(*check)(ACLList *acl, User *user, int access_mask);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 * a webserver access control list
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
75 * Access control is determined by the ace field. The ece field is a separat
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
76 * list for audit and alarm entries.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 struct WSAcl {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 ACLList acl;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80 WSAce **ace; // access control entries
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 WSAce **ece; // event control entries (audit/alarm entries)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
82 int acenum; // number of aces
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
83 int ecenum; // number of eces
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
84 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
85
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
86
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
87 struct WSAce {
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
88 char *who; // user or group name
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89 uint32_t access_mask;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 uint16_t flags;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
91 uint16_t type;
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
92 };
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
93
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
94
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
95 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
96 * access permissions
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
97 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
98 #define ACL_READ_DATA 0x0001
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
99 #define ACL_WRITE_DATA 0x0002
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
100 #define ACL_APPEND 0x0002
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101 #define ACL_ADD_FILE 0x0004
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
102 #define ACL_ADD_SUBDIRECTORY 0x0004
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 #define ACL_READ_XATTR 0x0008
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
104 #define ACL_WRITE_XATTR 0x0010
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 #define ACL_EXECUTE 0x0020
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106 #define ACL_DELETE_CHILD 0x0040
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 #define ACL_DELETE 0x0040
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108 #define ACL_READ_ATTRIBUTES 0x0080
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 #define ACL_WRITE_ATTRIBUTES 0x0100
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 #define ACL_LIST 0x0200
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 #define ACL_READ_ACL 0x0400
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 #define ACL_WRITE_ACL 0x0800
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113 #define ACL_WRITE_OWNER 0x1000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 #define ACL_SYNCHRONIZE 0x2000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115 #define ACL_READ \
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
116 (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117 #define ACL_WRITE \
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
118 (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES)
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
121 * ace flags
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
123 #define ACL_FILE_INHERIT 0x0001
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 #define ACL_DIR_INHERIT 0x0002
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
125 #define ACL_NO_PROPAGATE 0x0004
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126 #define ACL_INHERIT_ONLY 0x0008
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 #define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 #define ACL_FAILED_ACCESS_ACE_FLAG 0x0020
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129 #define ACL_IDENTIFIER_GROUP 0x0040
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 #define ACL_OWNER 0x1000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 #define ACL_GROUP 0x2000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 #define ACL_EVERYONE 0x4000
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135 * ace type
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
137 #define ACL_TYPE_ALLOWED 0x01
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
138 #define ACL_TYPE_DENIED 0x02
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
139 #define ACL_TYPE_AUDIT 0x03
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 #define ACL_TYPE_ALARM 0x04
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
143 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
144 * public API
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
145 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
146
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
147 // list
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
148 void acllist_append(Session *sn, Request *rq, ACLList *acl);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
149 void acllist_prepend(Session *sn, Request *rq, ACLList *acl);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
150
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
151 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
152 * gets a access mask from open flags
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
153 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 uint32_t acl_oflag2mask(int oflags);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 * authenticates the user with the user database specified in the acl list
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
158 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
159 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
161 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
162 * sets the status to 403 or 401 and sets www-authenticate
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
163 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
164 * use this only if a ACL denies access
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
165 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
166 void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
167
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
168 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
169 * acl_evaluate
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
170 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
171 * Evaluates all ACLs in rq->acllist. It combines rq->aclreqaccess and
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
172 * access_mask. If access is denied and no user is authenticated it sets the
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
173 * www-authenticate header and the status to 401 Unauthorized.
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
174 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
175 * returns REQ_PROCEED if access is allowed or REQ_ABORTED if access is denied
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177 int acl_evaluate(Session *sn, Request *rq, int access_mask);
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
178
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
179 /*
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
180 * acl_evallist
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
181 *
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 * evalutes all ACLs in acllist
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
183 *
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
184 * externacl is set if an acl is extern, otherwise it is set to NULL
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
185 *
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
186 * returns NULL if access is allowed or a pointer to the ACLList which
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
187 * denied access
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
188 */
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
189 ACLList* acl_evallist(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
190 ACLListHandle *acllist,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
191 User *user,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
192 int access_mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 59
diff changeset
193 ACLList **externacl);
59
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
194
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
195 #ifdef __cplusplus
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
196 }
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
197 #endif
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
198
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
199 #endif /* WS_ACL_H */
ab25c0a231d0 some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
200

mercurial