00001 #ifndef __ACC_ACCESS__
00002 #define __ACC_ACCESS__
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033 #include "XrdAcc/XrdAccAudit.hh"
00034 #include "XrdAcc/XrdAccAuthorize.hh"
00035 #include "XrdAcc/XrdAccCapability.hh"
00036 #include "XrdSec/XrdSecEntity.hh"
00037 #include "XrdOuc/XrdOucHash.hh"
00038 #include "XrdSys/XrdSysXSLock.hh"
00039 #include "XrdSys/XrdSysPlatform.hh"
00040
00041
00042
00043
00044
00045 struct XrdAccAccess_ID
00046 {char *name;
00047 char *grp;
00048 char *host;
00049 char *org;
00050 char *role;
00051 char *user;
00052 XrdAccCapability *caps;
00053 XrdAccAccess_ID *next;
00054 int rule;
00055 short hlen;
00056 short glen;
00057
00058 bool Applies(const XrdSecEntity *Entity);
00059
00060 XrdAccAccess_ID *Export()
00061 {XrdAccAccess_ID *xID;
00062 xID = new XrdAccAccess_ID;
00063 *xID = *this;
00064 name = grp = host = org = role = user = 0;
00065 caps = 0;
00066 return xID;
00067 }
00068
00069 XrdAccAccess_ID(const char *Name=0)
00070 : name(Name ? strdup(Name) : 0),
00071 grp(0), host(0), org(0), role(0), user(0),
00072 caps(0), next(0), rule(0), hlen(0), glen(0) {}
00073 ~XrdAccAccess_ID() {if (name) free(name);
00074 if (grp) free(grp);
00075 if (host) free(host);
00076 if (org) free(org);
00077 if (role) free(role);
00078 if (user) free(user);
00079 if (caps) delete caps;
00080 }
00081 };
00082
00083 struct XrdAccAccess_Tables
00084 {XrdOucHash<XrdAccCapability> *G_Hash;
00085 XrdOucHash<XrdAccCapability> *H_Hash;
00086 XrdOucHash<XrdAccCapability> *N_Hash;
00087 XrdOucHash<XrdAccCapability> *O_Hash;
00088 XrdOucHash<XrdAccCapability> *R_Hash;
00089 XrdOucHash<XrdAccAccess_ID> *S_Hash;
00090 XrdOucHash<XrdAccCapability> *T_Hash;
00091 XrdOucHash<XrdAccCapability> *U_Hash;
00092 XrdAccCapName *D_List;
00093 XrdAccCapName *E_List;
00094 XrdAccCapability *X_List;
00095 XrdAccCapability *Z_List;
00096 XrdAccAccess_ID *SXList;
00097 XrdAccAccess_ID *SYList;
00098
00099 XrdAccAccess_Tables() {G_Hash = 0; H_Hash = 0; N_Hash = 0;
00100 O_Hash = 0; R_Hash = 0;
00101 S_Hash = 0; T_Hash = 0; U_Hash = 0;
00102 D_List = 0; E_List = 0;
00103 X_List = 0; Z_List = 0;
00104 SXList = 0; SYList = 0;
00105 }
00106 ~XrdAccAccess_Tables() {if (G_Hash) delete G_Hash;
00107 if (H_Hash) delete H_Hash;
00108 if (N_Hash) delete N_Hash;
00109 if (O_Hash) delete O_Hash;
00110 if (R_Hash) delete R_Hash;
00111 if (S_Hash) delete S_Hash;
00112 if (T_Hash) delete T_Hash;
00113 if (U_Hash) delete U_Hash;
00114 if (X_List) delete X_List;
00115 if (Z_List) delete Z_List;
00116 }
00117 };
00118
00119
00120
00121
00122
00123 class xrdOucError;
00124
00125 class XrdAccAccess : public XrdAccAuthorize
00126 {
00127 public:
00128
00129 friend class XrdAccConfig;
00130
00131 XrdAccPrivs Access(const XrdSecEntity *Entity,
00132 const char *path,
00133 const Access_Operation oper,
00134 XrdOucEnv *Env=0);
00135
00136 int Audit(const int accok,
00137 const XrdSecEntity *Entity,
00138 const char *path,
00139 const Access_Operation oper,
00140 XrdOucEnv *Env=0);
00141
00142 static
00143 const char *Resolve(const XrdSecEntity *Entity);
00144
00145
00146
00147
00148 void SwapTabs(struct XrdAccAccess_Tables &newtab);
00149
00150 int Test(const XrdAccPrivs priv, const Access_Operation oper);
00151
00152 XrdAccAccess(XrdSysError *erp);
00153
00154 ~XrdAccAccess() {}
00155
00156 private:
00157
00158 XrdAccPrivs Access( XrdAccPrivCaps &caps,
00159 const XrdSecEntity *Entity,
00160 const char *path,
00161 const Access_Operation oper);
00162
00163 struct XrdAccAccess_Tables Atab;
00164
00165 XrdSysXSLock Access_Context;
00166
00167 XrdAccAudit *Auditor;
00168 };
00169 #endif