Sat, 14 Jan 2017 11:27:55 +0100
fixes server user init
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2013 Olaf Wintermann. All rights reserved. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #ifndef WS_ACL_H |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | #define WS_ACL_H |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
32 | #include "nsapi.h" |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | #include "auth.h" |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | #ifdef __cplusplus |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
36 | extern "C" { |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | #endif |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
38 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
39 | // ACLListHandle typedef in nsapi.h |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | typedef struct ACLListElm ACLListElm; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | typedef struct ACLList ACLList; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | typedef struct WSAcl WSAcl; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | typedef struct WSAce WSAce; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
45 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
47 | * a wrapper struct for acls |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
48 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
49 | struct ACLListHandle { |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
50 | AuthDB *defaultauthdb; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
51 | ACLListElm *listhead; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
52 | ACLListElm *listtail; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | }; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
54 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
55 | struct ACLListElm { |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | ACLList *acl; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
57 | ACLListElm *next; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
58 | }; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
59 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
61 | * abstract ACL |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
63 | typedef int(*acl_check_f)(ACLList*, User*, int); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
64 | struct ACLList { |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | AuthDB *authdb; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
66 | char *authprompt; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
67 | int isextern; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
68 | /* int check(ACLList *acl, User *user, int access_mask) */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | int(*check)(ACLList *acl, User *user, int access_mask); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
70 | }; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
71 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
72 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | * a webserver access control list |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
74 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
75 | * Access control is determined by the ace field. The ece field is a separat |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
76 | * list for audit and alarm entries. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
77 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
78 | struct WSAcl { |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
79 | ACLList acl; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
80 | WSAce **ace; // access control entries |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
81 | WSAce **ece; // event control entries (audit/alarm entries) |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
82 | int acenum; // number of aces |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
83 | int ecenum; // number of eces |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
84 | }; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
85 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
86 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
87 | struct WSAce { |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
88 | char *who; // user or group name |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
89 | uint32_t access_mask; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
90 | uint16_t flags; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
91 | uint16_t type; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
92 | }; |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
93 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
94 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
95 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
96 | * access permissions |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
97 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
98 | #define ACL_READ_DATA 0x0001 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
99 | #define ACL_WRITE_DATA 0x0002 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
100 | #define ACL_APPEND 0x0002 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
101 | #define ACL_ADD_FILE 0x0004 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
102 | #define ACL_ADD_SUBDIRECTORY 0x0004 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
103 | #define ACL_READ_XATTR 0x0008 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
104 | #define ACL_WRITE_XATTR 0x0010 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
105 | #define ACL_EXECUTE 0x0020 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
106 | #define ACL_DELETE_CHILD 0x0040 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
107 | #define ACL_DELETE 0x0040 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
108 | #define ACL_READ_ATTRIBUTES 0x0080 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
109 | #define ACL_WRITE_ATTRIBUTES 0x0100 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
110 | #define ACL_LIST 0x0200 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
111 | #define ACL_READ_ACL 0x0400 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
112 | #define ACL_WRITE_ACL 0x0800 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
113 | #define ACL_WRITE_OWNER 0x1000 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
114 | #define ACL_SYNCHRONIZE 0x2000 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
115 | #define ACL_READ \ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
116 | (ACL_READ_DATA|ACL_READ_XATTR|ACL_READ_ATTRIBUTES) |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
117 | #define ACL_WRITE \ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
118 | (ACL_WRITE_DATA|ACL_WRITE_XATTR|ACL_WRITE_ATTRIBUTES) |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
119 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
120 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
121 | * ace flags |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
122 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
123 | #define ACL_FILE_INHERIT 0x0001 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
124 | #define ACL_DIR_INHERIT 0x0002 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
125 | #define ACL_NO_PROPAGATE 0x0004 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
126 | #define ACL_INHERIT_ONLY 0x0008 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
127 | #define ACL_SUCCESSFUL_ACCESS_FLAG 0x0010 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
128 | #define ACL_FAILED_ACCESS_ACE_FLAG 0x0020 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
129 | #define ACL_IDENTIFIER_GROUP 0x0040 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
130 | #define ACL_OWNER 0x1000 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
131 | #define ACL_GROUP 0x2000 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
132 | #define ACL_EVERYONE 0x4000 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
133 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
134 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
135 | * ace type |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
136 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
137 | #define ACL_TYPE_ALLOWED 0x01 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
138 | #define ACL_TYPE_DENIED 0x02 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
139 | #define ACL_TYPE_AUDIT 0x03 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
140 | #define ACL_TYPE_ALARM 0x04 |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
141 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
142 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
143 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
144 | * public API |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
145 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
146 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
147 | // list |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
148 | void acllist_append(Session *sn, Request *rq, ACLList *acl); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
149 | void acllist_prepend(Session *sn, Request *rq, ACLList *acl); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
150 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
151 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
152 | * gets a access mask from open flags |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
153 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | uint32_t acl_oflag2mask(int oflags); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
155 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
156 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
157 | * authenticates the user with the user database specified in the acl list |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
158 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
159 | User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
160 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
161 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
162 | * sets the status to 403 or 401 and sets www-authenticate |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
163 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
164 | * use this only if a ACL denies access |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
165 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
166 | void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
167 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
168 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
169 | * acl_evaluate |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
170 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
171 | * Evaluates all ACLs in rq->acllist. It combines rq->aclreqaccess and |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
172 | * access_mask. If access is denied and no user is authenticated it sets the |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
173 | * www-authenticate header and the status to 401 Unauthorized. |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
174 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
175 | * returns REQ_PROCEED if access is allowed or REQ_ABORTED if access is denied |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
176 | */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
177 | int acl_evaluate(Session *sn, Request *rq, int access_mask); |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
178 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
179 | /* |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
180 | * acl_evallist |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
181 | * |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
182 | * evalutes all ACLs in acllist |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
183 | * |
63
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
184 | * externacl is set if an acl is extern, otherwise it is set to NULL |
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
185 | * |
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
186 | * returns NULL if access is allowed or a pointer to the ACLList which |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
187 | * denied access |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
188 | */ |
63
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
189 | ACLList* acl_evallist( |
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
190 | ACLListHandle *acllist, |
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
191 | User *user, |
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
192 | int access_mask, |
66442f81f823
supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
193 | ACLList **externacl); |
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
194 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
195 | #ifdef __cplusplus |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
196 | } |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
197 | #endif |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
198 | |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
199 | #endif /* WS_ACL_H */ |
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
200 |