path: root/include/libaccess/aclstruct.h

/** BEGIN COPYRIGHT BLOCK
 * This Program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; version 2 of the License.
 * 
 * This Program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place, Suite 330, Boston, MA 02111-1307 USA.
 * 
 * In addition, as a special exception, Red Hat, Inc. gives You the additional
 * right to link the code of this Program with code not covered under the GNU
 * General Public License ("Non-GPL Code") and to distribute linked combinations
 * including the two, subject to the limitations in this paragraph. Non-GPL Code
 * permitted under this exception must only link to the code of this Program
 * through those well defined interfaces identified in the file named EXCEPTION
 * found in the source code files (the "Approved Interfaces"). The files of
 * Non-GPL Code may instantiate templates or use macros or inline functions from
 * the Approved Interfaces without causing the resulting work to be covered by
 * the GNU General Public License. Only Red Hat, Inc. may make changes or
 * additions to the list of Approved Interfaces. You must obey the GNU General
 * Public License in all respects for all of the Program code and other code used
 * in conjunction with the Program except the Non-GPL Code covered by this
 * exception. If you modify this file, you may extend this exception to your
 * version of the file, but you are not obligated to do so. If you do not wish to
 * provide this exception without modification, you must delete this exception
 * statement from your version and license this file solely under the GPL without
 * exception. 
 * 
 * 
 * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
 * Copyright (C) 2005 Red Hat, Inc.
 * All rights reserved.
 * END COPYRIGHT BLOCK **/

#ifdef HAVE_CONFIG_H
#  include <config.h>
#endif

#ifndef __aclstruct_h
#define __aclstruct_h

/*
 * Description (aclstruct.h)
 *
 *	This file defines types and data structures used to construct
 *	representations of Access Control Lists (ACLs) in memory.
 */

#include "base/systems.h"
#include "base/file.h"
#include "base/lexer.h"
#include "nsauth.h"		/* authentication types */
#include "symbols.h"		/* typed symbol support */
#include "ipfstruct.h"		/* IP address filter structures */
#include "dnfstruct.h"		/* DNS name filter structures */


NSPR_BEGIN_EXTERN_C

/* Forward type definitions */
typedef struct ACL_s ACL_t;

/*
 * Description (InetHost_t)
 *
 *	This type defines a structure which represents a list of Internet
 *	hosts by IP address and netmask, or by fully or partially
 *	qualified DNS name.
 */

typedef struct InetHost_s InetHost_t;
struct InetHost_s {
    IPFilter_t inh_ipf;			/* reference to IP filter */
    DNSFilter_t inh_dnf;		/* reference to DNS filter */
};

/*
 * Description (HostSpec_t)
 *
 *	This type describes a named list of hosts.
 */

typedef struct HostSpec_s HostSpec_t;
struct HostSpec_s {
    Symbol_t hs_sym;			/* symbol name, type ACLSYMHOST */
    InetHost_t hs_host;			/* host information */
};

/*
 * Description (UidUser_t)
 *
 *	This type represents a list of users and groups using unique
 *	integer identifiers.
 */

typedef struct UidUser_s UidUser_t;
struct UidUser_s {
    USIList_t uu_user;			/* list of user ids */
    USIList_t uu_group;			/* list of group ids */
};

/*
 * Description (UserSpec_t)
 *
 *	This type describes a named list of users and groups.
 */

typedef struct UserSpec_s UserSpec_t;
struct UserSpec_s {
    Symbol_t us_sym;			/* list name, type ACLSYMUSER */
    int us_flags;			/* bit flags */
#define ACL_USALL	0x1		/* any authenticated user */

    UidUser_t us_user;			/* user list structure */
};

/*
 * Description (ACClients_t)
 *
 *	This type defines the structure of action-specific information
 *	for access control directives with action codes ACD_ALLOW and
 *	ACD_DENY.  These directives specify access control constraints
 *	on users/groups and hosts.
 */

typedef struct ACClients_s ACClients_t;
struct ACClients_s {
    ACClients_t * cl_next;		/* list link */
    HostSpec_t * cl_host;		/* host specification pointer */
    UserSpec_t * cl_user;		/* user list pointer */
};

/*
 * Description (RealmSpec_t)
 *
 *	This type describes a named realm.
 */

typedef struct RealmSpec_s RealmSpec_t;
struct RealmSpec_s {
    Symbol_t rs_sym;			/* realm name, type ACLSYMREALM */
    Realm_t rs_realm;			/* realm information */
};

/*
 * Description (ACAuth_t)
 *
 *	This type defines the structure of action-specific information
 *	for an access control directive with action code ACD_AUTH,
 *	which specifies information about authentication requirements.
 */

typedef struct ACAuth_s ACAuth_t;
struct ACAuth_s {
    RealmSpec_t * au_realm;		/* pointer to realm information */
};

/*
 * Description (ACDirective_t)
 *
 *	This type defines a structure which represents an access control
 *	directive.  Each directive specifies an access control action
 *	to be taken during ACL evaluation.  The ACDirective_t structure
 *	begins an action-specific structure which contains the
 *	parameters for an action.
 */

typedef struct ACDirective_s ACDirective_t;
struct ACDirective_s {
    ACDirective_t * acd_next;		/* next directive in ACL */
    short acd_action;			/* directive action code */
    short acd_flags;			/* action modifier flags */

    /* Begin action-specific information */
    union {
	ACClients_t * acu_cl;		/* ACD_ALLOW, ACD_DENY */
	ACAuth_t acu_auth;		/* ACD_AUTH */
    } acd_u;
};

#define acd_cl		acd_u.acu_cl
#define acd_auth	acd_u.acu_auth

/* Define acd_action codes */
#define ACD_ALLOW	1		/* allow access */
#define ACD_DENY	2		/* deny access */
#define ACD_AUTH	3		/* specify authentication realm */
#define ACD_EXEC	4		/* execute (conditionally) */

/* Define acd_flags values */
#define ACD_ACTION	0xf		/* bits reserved for acd_action */
#define ACD_FORCE	0x10		/* force of action */
#define ACD_DEFAULT	0		/* default action */
#define ACD_ALWAYS	ACD_FORCE	/* immediate action */
#define ACD_EXALLOW	0x20		/* execute if allow */
#define ACD_EXDENY	0x40		/* execute if deny */
#define ACD_EXAUTH	0x80		/* execute if authenticate */

/*
 * Description (RightDef_t)
 *
 *	This type describes a named access right.  Each access right has
 *	an associated unique integer id.  A list of all access rights
 *	known in an ACL context is maintained, with its head in the
 *	ACContext_t structure.
 */

typedef struct RightDef_s RightDef_t;
struct RightDef_s {
    Symbol_t rd_sym;			/* right name, type ACLSYMRIGHT */
    RightDef_t * rd_next;		/* next on ACContext_t list */
    USI_t rd_id;			/* unique id */
};

/*
 * Description (RightSpec_t)
 *
 *	This type describes a named list of access rights.
 */

typedef struct RightSpec_s RightSpec_t;
struct RightSpec_s {
    Symbol_t rs_sym;			/* list name, type ACLSYMRDEF */
    USIList_t rs_list;			/* list of right ids */
};

/*
 * Description (ACContext_t)
 *
 *	This type defines a structure that defines a context for a set
 *	of Access Control Lists.  This includes references to an
 *	authentication database, if any, and a symbol table containing
 *	access right definitions.  It also serves as a list head for the
 *	ACLs which are defined in the specified context.
 */

typedef struct ACContext_s ACContext_t;
struct ACContext_s {
    void * acc_stp;			/* symbol table handle */
    ACL_t * acc_acls;			/* list of ACLs */
    RightDef_t * acc_rights;		/* list of access right definitions */
    int acc_refcnt;			/* reference count */
};

/*
 * Description (ACL_t)
 *
 *	This type defines the structure that represents an Access Control
 *	List (ACL).  An ACL has a user-assigned name and an internally
 *	assigned identifier (which is an index in an object directory).
 *	It references a list of access rights which are to be allowed or
 *	denied, according to the ACL specifications.  It references an
 *	ordered list of ACL directives, which specify who has and who does
 *	not have the associated access rights.
 */

struct ACL_s {
    Symbol_t acl_sym;			/* ACL name, type ACLSYMACL */
    ACL_t * acl_next;			/* next ACL on a list */
    ACContext_t * acl_acc;		/* context for this ACL */
    USI_t acl_id;			/* id of this ACL */
    int acl_refcnt;			/* reference count */
    RightSpec_t * acl_rights;		/* access rights list */
    ACDirective_t * acl_dirf;		/* first directive pointer */
    ACDirective_t * acl_dirl;		/* last directive pointer */
};

/* Define symbol type codes */
#define ACLSYMACL	0		/* ACL */
#define ACLSYMRIGHT	1		/* access right */
#define ACLSYMRDEF	2		/* access rights list */
#define ACLSYMREALM	3		/* realm name */
#define ACLSYMHOST	4		/* host specifications */
#define ACLSYMUSER	5		/* user/group list */

/*
 * Description (ACLFile_t)
 *
 *	This type describes a structure containing information about
 *	an open ACL description file.
 */

typedef struct ACLFile_s ACLFile_t;
struct ACLFile_s {
    ACLFile_t * acf_next;		/* list link */
    char * acf_filename;		/* pointer to filename string */
    LEXStream_t * acf_lst;		/* LEX stream handle */
    SYS_FILE acf_fd;			/* file descriptor */
    int acf_flags;			/* bit flags (unused) */
    int acf_lineno;			/* current line number */
    void * acf_token;			/* LEX token handle */
    int acf_ttype;			/* current token type */
};

NSPR_END_EXTERN_C

#endif /* __aclstruct_h */