src/server/config/acl.h

Wed, 27 Nov 2024 23:00:07 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Wed, 27 Nov 2024 23:00:07 +0100
changeset 563
6ca97c99173e
parent 415
d938228c382e
permissions
-rw-r--r--

add TODO to use a future ucx feature

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef _CONFIG_ACL_H
#define	_CONFIG_ACL_H

#include "conf.h"
#include <inttypes.h>

#ifdef	__cplusplus
extern "C" {
#endif

#define CFG_ACE_ADD(list_begin, elm) \
    cx_linked_list_add((void**)list_begin, NULL, -1, offsetof(ACEConfig, next), elm)
    
#define CFG_ACE_LIST_SIZE(list) \
    cx_linked_list_size(list, offsetof(ACEConfig, next))
    
typedef struct _acl_conf ACLConfig;
typedef struct _ace_conf ACEConfig;
    
typedef struct _acl_file {
    ConfigParser parser;
    CxList      *namedACLs; // ACLConfig list
    CxList      *uriACLs;   // ACLConfig list
    CxList      *pathACLs;  // ACLConfig list 
    // temp data
    ACLConfig    *cur;
} ACLFile;

struct _acl_conf {
    cxmutstr    id; // name, uri or path
    cxmutstr    type; // webserver ACL or file system ACL
    ConfigParam *authparam; // authentication parameters
    ACEConfig   *entries; // ACEConfig list
};

struct _ace_conf {
    cxmutstr  who;
    uint32_t  access_mask;
    uint16_t  flags;
    uint16_t  type;
    ACEConfig *next;
};


/*
 * the flags are a duplicate of the webserver's acl flags
 */

/*
 * access permissions
 */
#define ACLCFG_READ_DATA               0x0001
#define ACLCFG_WRITE_DATA              0x0002
#define ACLCFG_APPEND                  0x0002
#define ACLCFG_ADD_FILE                0x0004
#define ACLCFG_ADD_SUBDIRECTORY        0x0004
#define ACLCFG_READ_XATTR              0x0008
#define ACLCFG_WRITE_XATTR             0x0010
#define ACLCFG_EXECUTE                 0x0020
#define ACLCFG_DELETE_CHILD            0x0040
#define ACLCFG_DELETE                  0x0040
#define ACLCFG_READ_ATTRIBUTES         0x0080
#define ACLCFG_WRITE_ATTRIBUTES        0x0100
#define ACLCFG_LIST                    0x0200
#define ACLCFG_READ_ACL                0x0400
#define ACLCFG_WRITE_ACL               0x0800
#define ACLCFG_WRITE_OWNER             0x1000
#define ACLCFG_SYNCHRONIZE             0x2000

#define ACLCFG_READ \
        (ACLCFG_READ_DATA|ACLCFG_READ_XATTR|ACLCFG_READ_ATTRIBUTES)
#define ACLCFG_WRITE \
        (ACLCFG_WRITE_DATA|ACLCFG_ADD_FILE|ACLCFG_WRITE_XATTR|ACLCFG_WRITE_ATTRIBUTES)

/*
 * ace flags
 */
#define ACLCFG_FILE_INHERIT            0x0001
#define ACLCFG_DIR_INHERIT             0x0002
#define ACLCFG_NO_PROPAGATE            0x0004
#define ACLCFG_INHERIT_ONLY            0x0008
#define ACLCFG_SUCCESSFUL_ACCESS_FLAG  0x0010
#define ACLCFG_FAILED_ACCESS_ACE_FLAG  0x0020
#define ACLCFG_IDENTIFIER_GROUP        0x0040
#define ACLCFG_OWNER                   0x1000
#define ACLCFG_GROUP                   0x2000
#define ACLCFG_EVERYONE                0x4000

/*
 * ace type
 */
#define ACLCFG_TYPE_ALLOWED 0x01
#define ACLCFG_TYPE_DENIED  0x02
#define ACLCFG_TYPE_AUDIT   0x03
#define ACLCFG_TYPE_ALARM   0x04


ACLFile* load_acl_file(const char *file);

void free_acl_file(ACLFile *aclfile);


int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, cxmutstr line);
int parse_ace(ACLFile *f, cxmutstr line);

/*
 * converts a access right string to an integer value
 */
uint32_t accstr2int(cxstring access);

#ifdef	__cplusplus
}
#endif

#endif	/* _CONFIG_ACL_H */

mercurial