/** BEGIN COPYRIGHT BLOCK * This Program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; version 2 of the License. * * This Program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along with * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple * Place, Suite 330, Boston, MA 02111-1307 USA. * * In addition, as a special exception, Red Hat, Inc. gives You the additional * right to link the code of this Program with code not covered under the GNU * General Public License ("Non-GPL Code") and to distribute linked combinations * including the two, subject to the limitations in this paragraph. Non-GPL Code * permitted under this exception must only link to the code of this Program * through those well defined interfaces identified in the file named EXCEPTION * found in the source code files (the "Approved Interfaces"). The files of * Non-GPL Code may instantiate templates or use macros or inline functions from * the Approved Interfaces without causing the resulting work to be covered by * the GNU General Public License. Only Red Hat, Inc. may make changes or * additions to the list of Approved Interfaces. You must obey the GNU General * Public License in all respects for all of the Program code and other code used * in conjunction with the Program except the Non-GPL Code covered by this * exception. If you modify this file, you may extend this exception to your * version of the file, but you are not obligated to do so. If you do not wish to * provide this exception without modification, you must delete this exception * statement from your version and license this file solely under the GPL without * exception. * * * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. * Copyright (C) 2005 Red Hat, Inc. * All rights reserved. * END COPYRIGHT BLOCK **/ #ifdef HAVE_CONFIG_H # include #endif /* * ACL private data structure definitions */ #ifndef ACL_PARSER_HEADER #define ACL_PARSER_HEADER #include #include #include #include #include #define ACL_TERM_BSIZE 4 #define ACL_FALSE_IDX -2 #define ACL_TRUE_IDX -1 #define ACL_MIN_IDX 0 #define ACL_EXPR_STACK 1024 #define ACL_TABLE_THRESHOLD 10 #define ACL_NO_UNPUT 1 /* unput is not used and causes compiler warnings */ typedef enum { ACL_EXPR_OP_AND, ACL_EXPR_OP_OR, ACL_EXPR_OP_NOT } ACLExprOp_t; typedef struct ACLExprEntry { char *attr_name; /* LAS name input */ CmpOp_t comparator; /* LAS comparator input */ char *attr_pattern; /* LAS attribute input */ int false_idx; /* index, -1 true, -2 false */ int true_idx; /* index, -1 true, -2 false */ int start_flag; /* marks start of an expr */ void *las_cookie; /* private data store for LAS */ LASEvalFunc_t las_eval_func; /* LAS function */ } ACLExprEntry_t; typedef struct ACLExprRaw { char *attr_name; /* expr lval */ CmpOp_t comparator; /* comparator */ char *attr_pattern; /* expr rval */ ACLExprOp_t logical; /* logical operator */ } ACLExprRaw_t; typedef struct ACLExprStack { char *expr_text[ACL_EXPR_STACK]; ACLExprRaw_t *expr[ACL_EXPR_STACK]; int stack_index; int found_subexpression; int last_subexpression; } ACLExprStack_t; typedef struct ACLExprHandle { char *expr_tag; char *acl_tag; int expr_number; ACLExprType_t expr_type; int expr_flags; int expr_argc; char **expr_argv; PList_t expr_auth; ACLExprEntry_t *expr_arry; int expr_arry_size; int expr_term_index; ACLExprRaw_t *expr_raw; int expr_raw_index; int expr_raw_size; struct ACLExprHandle *expr_next; /* Null-terminated */ } ACLExprHandle_t; typedef struct ACLHandle { int ref_count; char *tag; PFlags_t flags; char *las_name; pblock *pb; char **attr_name; int expr_count; ACLExprHandle_t *expr_list_head; /* Null-terminated */ ACLExprHandle_t *expr_list_tail; } ACLHandle_t; typedef struct ACLWrapper { ACLHandle_t *acl; struct ACLWrapper *wrap_next; } ACLWrapper_t; #define ACL_LIST_STALE 0x1 #define ACL_LIST_IS_STALE(x) ((x)->flags & ACL_LIST_STALE) typedef struct ACLListHandle { ACLWrapper_t *acl_list_head; /* Null-terminated */ ACLWrapper_t *acl_list_tail; /* Null-terminated */ int acl_count; void *acl_sym_table; void *cache; uint32 flags; int ref_count; } ACLListHandle_t; typedef struct ACLAceNumEntry { int acenum; struct ACLAceNumEntry *next; struct ACLAceNumEntry *chain; /* only used for freeing memory */ } ACLAceNumEntry_t; typedef struct ACLAceEntry { ACLExprHandle_t *acep; /* Array of auth block ptrs for all the expr clauses in this ACE */ PList_t *autharray; /* PList with auth blocks for ALL attributes */ PList_t global_auth; struct ACLAceEntry *next; /* Null-terminated list */ } ACLAceEntry_t; typedef struct PropList PropList_t; typedef struct ACLEvalHandle { pool_handle_t *pool; ACLListHandle_t *acllist; PList_t subject; PList_t resource; int default_result; } ACLEvalHandle_t; typedef struct ACLListCache { /* Hash table for all access rights used in all acls in this list. Each * hash entry has a list of ACE numbers that relate to this referenced * access right. */ PLHashTable *Table; char *deny_response; char *deny_type; ACLAceEntry_t *acelist; /* Evaluation order * list of all ACEs */ ACLAceNumEntry_t *chain_head; /* Chain of all Ace num * entries for this * ACL list so we can free them */ ACLAceNumEntry_t *chain_tail; } ACLListCache_t; /* this is to speed up acl_to_str_append */ typedef struct acl_string_s { char * str; long str_size; long str_len; } acl_string_t; NSPR_BEGIN_EXTERN_C extern int ACL_ExprDisplay( ACLExprHandle_t *acl_expr ); extern int ACL_AssertAcl( ACLHandle_t *acl ); extern int ACL_EvalDestroyContext ( ACLListCache_t *cache ); extern time_t *acl_get_req_time(PList_t resource); NSPR_END_EXTERN_C #endif