#ifndef __ACC_ACCESS__
#define __ACC_ACCESS__
/******************************************************************************/
/* */
/* X r d A c c A c c e s s . h h */
/* */
/* (c) 2003 by the Board of Trustees of the Leland Stanford, Jr., University */
/* All Rights Reserved */
/* Produced by Andrew Hanushevsky for Stanford University under contract */
/* DE-AC02-76-SFO0515 with the Department of Energy */
/* */
/* This file is part of the XRootD software suite. */
/* */
/* XRootD is free software: you can redistribute it and/or modify it under */
/* the terms of the GNU Lesser General Public License as published by the */
/* Free Software Foundation, either version 3 of the License, or (at your */
/* option) any later version. */
/* */
/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
/* License for more details. */
/* */
/* You should have received a copy of the GNU Lesser General Public License */
/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
/* COPYING (GPL license). If not, see . */
/* */
/* The copyright holder's institutional names and contributor's names may not */
/* be used to endorse or promote products derived from this software without */
/* specific prior written permission of the institution or contributor. */
/******************************************************************************/
#include "XrdAcc/XrdAccAudit.hh"
#include "XrdAcc/XrdAccAuthorize.hh"
#include "XrdAcc/XrdAccCapability.hh"
#include "XrdSec/XrdSecEntity.hh"
#include "XrdOuc/XrdOucHash.hh"
#include "XrdSys/XrdSysXSLock.hh"
#include "XrdSys/XrdSysPlatform.hh"
/******************************************************************************/
/* S e t T a b s P a r a m e t e r */
/******************************************************************************/
struct XrdAccAccess_ID
{char *name;
char *grp;
char *host;
char *org;
char *role;
char *user;
XrdAccCapability *caps;
XrdAccAccess_ID *next;
int rule;
short hlen;
short glen;
bool Applies(const XrdSecEntity *Entity);
XrdAccAccess_ID *Export()
{XrdAccAccess_ID *xID;
xID = new XrdAccAccess_ID;
*xID = *this;
name = grp = host = org = role = user = 0;
caps = 0;
return xID;
}
XrdAccAccess_ID(const char *Name=0)
: name(Name ? strdup(Name) : 0),
grp(0), host(0), org(0), role(0), user(0),
caps(0), next(0), rule(0), hlen(0), glen(0) {}
~XrdAccAccess_ID() {if (name) free(name);
if (grp) free(grp);
if (host) free(host);
if (org) free(org);
if (role) free(role);
if (user) free(user);
if (caps) delete caps;
}
};
struct XrdAccAccess_Tables
{XrdOucHash *G_Hash; // Groups
XrdOucHash *H_Hash; // Hosts
XrdOucHash *N_Hash; // Netgroups
XrdOucHash *O_Hash; // Organizations
XrdOucHash *R_Hash; // Roles
XrdOucHash *S_Hash; // Sets
XrdOucHash *T_Hash; // Templates
XrdOucHash *U_Hash; // Users
XrdAccCapName *D_List; // Domains
XrdAccCapName *E_List; // Domains (end of list)
XrdAccCapability *X_List; // Fungable capbailities
XrdAccCapability *Z_List; // Default capbailities
XrdAccAccess_ID *SXList; // 's' exclusive list
XrdAccAccess_ID *SYList; // 's' inclusive list
XrdAccAccess_Tables() {G_Hash = 0; H_Hash = 0; N_Hash = 0;
O_Hash = 0; R_Hash = 0;
S_Hash = 0; T_Hash = 0; U_Hash = 0;
D_List = 0; E_List = 0;
X_List = 0; Z_List = 0;
SXList = 0; SYList = 0;
}
~XrdAccAccess_Tables() {if (G_Hash) delete G_Hash;
if (H_Hash) delete H_Hash;
if (N_Hash) delete N_Hash;
if (O_Hash) delete O_Hash;
if (R_Hash) delete R_Hash;
if (S_Hash) delete S_Hash; //Deletes SX & SYList
if (T_Hash) delete T_Hash;
if (U_Hash) delete U_Hash;
if (X_List) delete X_List;
if (Z_List) delete Z_List;
}
};
/******************************************************************************/
/* X r d A c c A c c e s s */
/******************************************************************************/
class xrdOucError;
class XrdAccAccess : public XrdAccAuthorize
{
public:
friend class XrdAccConfig;
XrdAccPrivs Access(const XrdSecEntity *Entity,
const char *path,
const Access_Operation oper,
XrdOucEnv *Env=0);
int Audit(const int accok,
const XrdSecEntity *Entity,
const char *path,
const Access_Operation oper,
XrdOucEnv *Env=0);
static
const char *Resolve(const XrdSecEntity *Entity);
// SwapTabs() is used by the configuration object to establish new access
// control tables. It may be called whenever the tables change.
//
void SwapTabs(struct XrdAccAccess_Tables &newtab);
int Test(const XrdAccPrivs priv, const Access_Operation oper);
XrdAccAccess(XrdSysError *erp);
~XrdAccAccess() {} // The access object is never deleted
private:
XrdAccPrivs Access( XrdAccPrivCaps &caps,
const XrdSecEntity *Entity,
const char *path,
const Access_Operation oper);
struct XrdAccAccess_Tables Atab;
XrdSysXSLock Access_Context;
XrdAccAudit *Auditor;
};
#endif