1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
/** BEGIN COPYRIGHT BLOCK
* Copyright 2001 Sun Microsystems, Inc.
* Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifndef ACL_REGISTER_HEADER
#define ACL_REGISTER_HEADER
#include <prhash.h>
#include <ldap.h>
#include <base/pblock.h>
#include <base/plist.h>
#include <libaccess/nserror.h>
#include <libaccess/acl.h>
typedef void * ACLMethod_t;
#define ACL_METHOD_ANY (ACLMethod_t)-1
#define ACL_METHOD_INVALID (ACLMethod_t)-2
extern ACLMethod_t ACL_METHOD_BASIC;
typedef void * ACLDbType_t;
#define ACL_DBTYPE_ANY (ACLDbType_t)-1
#define ACL_DBTYPE_INVALID (ACLDbType_t)-2
extern ACLDbType_t ACL_ACL_DBTYPE_LDAP;
typedef int (*AttrGetterFn)(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg);
typedef int (*AclModuleInitFunc)(pblock *pb, Session *sn, Request *rq);
typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype,
const char *name, const char *url,
PList_t plist, void **db);
typedef int (*AclCacheFlushFunc_t)(void);
#ifdef __cplusplus
typedef int (*LASEvalFunc_t)(NSErr_t*, char*, CmpOp_t, char*, int*, void**, PList_t, PList_t, PList_t, PList_t);
typedef void (*LASFlushFunc_t)(void **);
#else
typedef int (*LASEvalFunc_t)();
typedef void (*LASFlushFunc_t)();
#endif
/* We need to hide ACLGetter_t */
typedef struct ACLGetter_s {
ACLMethod_t method;
ACLDbType_t db;
AttrGetterFn fn;
void *arg;
} ACLGetter_t;
typedef ACLGetter_t *ACLGetter_p;
/*
* Command values for the "position" argument to ACL_RegisterGetter
* Any positive >0 value is the specific position in the list to insert
* the new function.
*/
#define ACL_AT_FRONT 0
#define ACL_AT_END -1
#define ACL_REPLACE_ALL -2
#define ACL_REPLACE_MATCHING -3
#ifdef ACL_LIB_INTERNAL
#define ACL_MAX_METHOD 32
#define ACL_MAX_DBTYPE 32
#endif
NSPR_BEGIN_EXTERN_C
NSAPI_PUBLIC extern int
ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t
eval_func, LASFlushFunc_t flush_func );
NSAPI_PUBLIC extern int
ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t
*eval_funcp );
NSAPI_PUBLIC extern int
ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t
*flush_funcp );
extern void
ACL_LasHashInit( void );
extern void
ACL_LasHashDestroy( void );
/*
* Revised, normalized method/dbtype registration routines
*/
NSAPI_PUBLIC extern int
ACL_MethodRegister(const char *name, ACLMethod_t *t);
NSAPI_PUBLIC extern int
ACL_MethodIsEqual(const ACLMethod_t t1, const ACLMethod_t t2);
NSAPI_PUBLIC extern int
ACL_MethodNameIsEqual(const ACLMethod_t t, const char *name);
NSAPI_PUBLIC extern int
ACL_MethodFind(const char *name, ACLMethod_t *t);
NSAPI_PUBLIC extern ACLMethod_t
ACL_MethodGetDefault();
NSAPI_PUBLIC extern void
ACL_MethodSetDefault(const ACLMethod_t t);
NSAPI_PUBLIC extern int
ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t);
NSAPI_PUBLIC extern int
ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t);
NSAPI_PUBLIC extern int
ACL_DbTypeIsEqual(const ACLDbType_t t1, const ACLDbType_t t2);
NSAPI_PUBLIC extern int
ACL_DbTypeNameIsEqual(const ACLDbType_t t, const char *name);
NSAPI_PUBLIC extern int
ACL_DbTypeFind(const char *name, ACLDbType_t *t);
NSAPI_PUBLIC extern const ACLDbType_t
ACL_DbTypeGetDefault();
NSAPI_PUBLIC extern void
ACL_DbTypeSetDefault(ACLDbType_t t);
NSAPI_PUBLIC extern int
ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t);
NSAPI_PUBLIC extern int
ACL_DbTypeIsRegistered(const ACLDbType_t dbtype);
NSAPI_PUBLIC extern DbParseFn_t
ACL_DbTypeParseFn(const ACLDbType_t dbtype);
NSAPI_PUBLIC extern int
ACL_AttrGetterRegister(const char *attr, AttrGetterFn fn, ACLMethod_t m,
ACLDbType_t d, int position, void *arg);
typedef ACLGetter_t *AttrGetterList; /* TEMPORARY */
NSAPI_PUBLIC extern int
ACL_AttrGetterFind(PList_t auth_info, const char *attr,
AttrGetterList *getters);
NSPR_END_EXTERN_C
/* LAS return codes - Must all be negative numbers */
#define LAS_EVAL_TRUE -1
#define LAS_EVAL_FALSE -2
#define LAS_EVAL_DECLINE -3
#define LAS_EVAL_FAIL -4
#define LAS_EVAL_INVALID -5
#define LAS_EVAL_NEED_MORE_INFO -6
#define ACL_ATTR_GROUP "group"
#define ACL_ATTR_RAW_USER_LOGIN "user-login"
#define ACL_ATTR_AUTH_USER "auth-user"
#define ACL_ATTR_AUTH_TYPE "auth-type"
#define ACL_ATTR_AUTH_DB "auth-db"
#define ACL_ATTR_AUTH_PASSWORD "auth-password"
#define ACL_ATTR_USER "user"
#define ACL_ATTR_PASSWORD "pw"
#define ACL_ATTR_USERDN "userdn"
#define ACL_ATTR_RAW_USER "raw-user"
#define ACL_ATTR_RAW_PASSWORD "raw-pw"
#define ACL_ATTR_USER_ISMEMBER "user-ismember"
#define ACL_ATTR_DATABASE "database"
#define ACL_ATTR_DBTYPE "dbtype"
#define ACL_ATTR_DBNAME "dbname"
#define ACL_ATTR_DATABASE_URL "url"
#define ACL_ATTR_METHOD "method"
#define ACL_ATTR_AUTHTYPE "authtype"
#define ACL_ATTR_AUTHORIZATION "authorization"
#define ACL_ATTR_PARSEFN "parsefn"
#define ACL_ATTR_ATTRIBUTE "attr"
#define ACL_ATTR_GETTERFN "getterfunc"
#define ACL_ATTR_IP "ip"
#define ACL_ATTR_DNS "dns"
#define ACL_ATTR_MODULE "module"
#define ACL_ATTR_MODULEFUNC "func"
#define ACL_ATTR_GROUPS "groups"
#define ACL_ATTR_IS_VALID_PASSWORD "isvalid-password"
#define ACL_ATTR_CERT2USER "cert2user"
#define ACL_ATTR_USER_CERT "cert"
#define ACL_ATTR_PROMPT "prompt"
#define ACL_ATTR_TIME "time"
#define ACL_ATTR_USERS_GROUP "users-group"
#define ACL_DBTYPE_LDAP "ldap"
#define METHOD_DEFAULT "default"
typedef PRHashTable AttrGetterTable_t;
typedef struct {
char *method;
char *authtype;
char *dbtype;
AttrGetterTable_t *attrGetters;
} MethodInfo_t;
NSPR_BEGIN_EXTERN_C
NSAPI_PUBLIC int ACL_FindMethod (NSErr_t *errp, const char *method, MethodInfo_t **method_info_handle);
NSAPI_PUBLIC int ACL_RegisterModule (NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
NSAPI_PUBLIC int ACL_RegisterMethod (NSErr_t *errp, const char *method, const char *authtype, const char *dbtype, MethodInfo_t **method_info_handle);
NSAPI_PUBLIC int ACL_RegisterAttrGetter (NSErr_t *errp, MethodInfo_t *method_info_handle, const char *attr, AttrGetterFn func);
NSAPI_PUBLIC int ACL_UseAttrGettersFromMethod (NSErr_t *errp, const char *method, const char *usefrom);
NSAPI_PUBLIC int ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
NSAPI_PUBLIC int ACL_FindAttrGetter (NSErr_t *errp, const char *method, const char *attr, AttrGetterFn *func);
NSAPI_PUBLIC int ACL_CallAttrGetter (NSErr_t *errp, const char *method, const char *attr, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
NSAPI_PUBLIC int ACL_RegisterDbType(NSErr_t *errp, const char *dbtype, DbParseFn_t func);
NSAPI_PUBLIC int ACL_RegisterDbName(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist);
NSAPI_PUBLIC int ACL_RegisterDbFromACL(NSErr_t *errp, const char *url, ACLDbType_t *dbtype);
NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname,
ACLDbType_t *dbtype, void **db);
NSAPI_PUBLIC int ACL_SetDefaultDatabase (NSErr_t *errp, const char *dbname);
NSAPI_PUBLIC int ACL_SetDefaultMethod (NSErr_t *errp, const char *method);
NSAPI_PUBLIC const char *ACL_DbnameGetDefault (NSErr_t *errp);
NSAPI_PUBLIC int ACL_LDAPDatabaseHandle (NSErr_t *errp, const char *dbname, LDAP **ld);
NSAPI_PUBLIC int ACL_AuthInfoGetDbname (NSErr_t *errp, PList_t auth_info, char **dbname);
NSAPI_PUBLIC int ACL_CacheFlushRegister(AclCacheFlushFunc_t func);
NSPR_END_EXTERN_C
struct program_groups {
char **groups;
char **programs;
};
#endif
|
