xrootd
|
00001 #ifndef __ACC_ACCESS__ 00002 #define __ACC_ACCESS__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d A c c A c c e s s . h h */ 00006 /* */ 00007 /* (c) 2003 by the Board of Trustees of the Leland Stanford, Jr., University */ 00008 /* All Rights Reserved */ 00009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 00010 /* DE-AC03-76-SFO0515 with the Department of Energy */ 00011 /******************************************************************************/ 00012 00013 // $Id$ 00014 00015 #include "XrdAcc/XrdAccAudit.hh" 00016 #include "XrdAcc/XrdAccAuthorize.hh" 00017 #include "XrdAcc/XrdAccCapability.hh" 00018 #include "XrdSec/XrdSecEntity.hh" 00019 #include "XrdOuc/XrdOucHash.hh" 00020 #include "XrdSys/XrdSysXSLock.hh" 00021 #include "XrdSys/XrdSysPlatform.hh" 00022 00023 /******************************************************************************/ 00024 /* A c c e s s _ I D _ T y p e */ 00025 /******************************************************************************/ 00026 00027 // The following are supported id types for access() checking 00028 // 00029 enum Access_ID_Type {AID_Group, 00030 AID_Host, 00031 AID_Netgroup, 00032 AID_Set, 00033 AID_Template, 00034 AID_User 00035 }; 00036 00037 /******************************************************************************/ 00038 /* S e t T a b s P a r a m e t e r */ 00039 /******************************************************************************/ 00040 00041 struct XrdAccAccess_Tables 00042 {XrdOucHash<XrdAccCapability> *G_Hash; // Groups 00043 XrdOucHash<XrdAccCapability> *H_Hash; // Hosts 00044 XrdOucHash<XrdAccCapability> *N_Hash; // Netgroups 00045 XrdOucHash<XrdAccCapability> *S_Hash; // Sets 00046 XrdOucHash<XrdAccCapability> *T_Hash; // Templates 00047 XrdOucHash<XrdAccCapability> *U_Hash; // Users 00048 XrdAccCapName *D_List; // Domains 00049 XrdAccCapName *E_List; // Domains (end of list) 00050 XrdAccCapability *X_List; // Fungable capbailities 00051 XrdAccCapability *Z_List; // Default capbailities 00052 00053 XrdAccAccess_Tables() {G_Hash = 0; H_Hash = 0; N_Hash = 0; 00054 S_Hash = 0; T_Hash = 0; U_Hash = 0; 00055 D_List = 0; E_List = 0; 00056 X_List = 0; Z_List = 0; 00057 } 00058 ~XrdAccAccess_Tables() {if (G_Hash) delete G_Hash; 00059 if (H_Hash) delete H_Hash; 00060 if (N_Hash) delete N_Hash; 00061 if (S_Hash) delete S_Hash; 00062 if (T_Hash) delete T_Hash; 00063 if (U_Hash) delete U_Hash; 00064 if (X_List) delete X_List; 00065 if (Z_List) delete Z_List; 00066 } 00067 }; 00068 00069 /******************************************************************************/ 00070 /* X r d A c c A c c e s s */ 00071 /******************************************************************************/ 00072 00073 class xrdOucError; 00074 00075 class XrdAccAccess : public XrdAccAuthorize 00076 { 00077 public: 00078 00079 friend class XrdAccConfig; 00080 00081 XrdAccPrivs Access(const XrdSecEntity *Entity, 00082 const char *path, 00083 const Access_Operation oper, 00084 XrdOucEnv *Env=0); 00085 00086 int Audit(const int accok, 00087 const XrdSecEntity *Entity, 00088 const char *path, 00089 const Access_Operation oper, 00090 XrdOucEnv *Env=0); 00091 00092 // SwapTabs() is used by the configuration object to establish new access 00093 // control tables. It may be called whenever the tables change. 00094 // 00095 void SwapTabs(struct XrdAccAccess_Tables &newtab); 00096 00097 int Test(const XrdAccPrivs priv, const Access_Operation oper); 00098 00099 XrdAccAccess(XrdSysError *erp); 00100 00101 ~XrdAccAccess() {} // The access object is never deleted 00102 00103 private: 00104 00105 XrdAccPrivs Access(const char *id, const Access_ID_Type idtype, 00106 const char *path, const Access_Operation oper); 00107 00108 struct XrdAccAccess_Tables Atab; 00109 00110 XrdSysXSLock Access_Context; 00111 00112 XrdAccAudit *Auditor; 00113 }; 00114 #endif