00001 #ifndef __ACC_ACCESS__
00002 #define __ACC_ACCESS__
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033 #include "XrdAcc/XrdAccAudit.hh"
00034 #include "XrdAcc/XrdAccAuthorize.hh"
00035 #include "XrdAcc/XrdAccCapability.hh"
00036 #include "XrdSec/XrdSecEntity.hh"
00037 #include "XrdOuc/XrdOucHash.hh"
00038 #include "XrdSys/XrdSysXSLock.hh"
00039 #include "XrdSys/XrdSysPlatform.hh"
00040
00041
00042
00043
00044
00045 struct XrdAccEntityInfo;
00046
00047 struct XrdAccAccess_ID
00048 {char *name;
00049 char *grp;
00050 char *host;
00051 char *org;
00052 char *role;
00053 char *user;
00054 XrdAccCapability *caps;
00055 XrdAccAccess_ID *next;
00056 int rule;
00057 short hlen;
00058 short glen;
00059
00060 bool Applies(const XrdAccEntityInfo &Entity);
00061
00062 XrdAccAccess_ID *Export()
00063 {XrdAccAccess_ID *xID;
00064 xID = new XrdAccAccess_ID;
00065 *xID = *this;
00066 name = grp = host = org = role = user = 0;
00067 caps = 0;
00068 return xID;
00069 }
00070
00071 XrdAccAccess_ID(const char *Name=0)
00072 : name(Name ? strdup(Name) : 0),
00073 grp(0), host(0), org(0), role(0), user(0),
00074 caps(0), next(0), rule(0), hlen(0), glen(0) {}
00075 ~XrdAccAccess_ID() {if (name) free(name);
00076 if (grp) free(grp);
00077 if (host) free(host);
00078 if (org) free(org);
00079 if (role) free(role);
00080 if (user) free(user);
00081 if (caps) delete caps;
00082 }
00083 };
00084
00085 struct XrdAccAccess_Tables
00086 {XrdOucHash<XrdAccCapability> *G_Hash;
00087 XrdOucHash<XrdAccCapability> *H_Hash;
00088 XrdOucHash<XrdAccCapability> *N_Hash;
00089 XrdOucHash<XrdAccCapability> *O_Hash;
00090 XrdOucHash<XrdAccCapability> *R_Hash;
00091 XrdOucHash<XrdAccAccess_ID> *S_Hash;
00092 XrdOucHash<XrdAccCapability> *T_Hash;
00093 XrdOucHash<XrdAccCapability> *U_Hash;
00094 XrdAccCapName *D_List;
00095 XrdAccCapName *E_List;
00096 XrdAccCapability *X_List;
00097 XrdAccCapability *Z_List;
00098 XrdAccAccess_ID *SXList;
00099 XrdAccAccess_ID *SYList;
00100
00101 XrdAccAccess_Tables() {G_Hash = 0; H_Hash = 0; N_Hash = 0;
00102 O_Hash = 0; R_Hash = 0;
00103 S_Hash = 0; T_Hash = 0; U_Hash = 0;
00104 D_List = 0; E_List = 0;
00105 X_List = 0; Z_List = 0;
00106 SXList = 0; SYList = 0;
00107 }
00108 ~XrdAccAccess_Tables() {if (G_Hash) delete G_Hash;
00109 if (H_Hash) delete H_Hash;
00110 if (N_Hash) delete N_Hash;
00111 if (O_Hash) delete O_Hash;
00112 if (R_Hash) delete R_Hash;
00113 if (S_Hash) delete S_Hash;
00114 if (T_Hash) delete T_Hash;
00115 if (U_Hash) delete U_Hash;
00116 if (X_List) delete X_List;
00117 if (Z_List) delete Z_List;
00118 }
00119 };
00120
00121
00122
00123
00124
00125 class xrdOucError;
00126
00127 class XrdAccAccess : public XrdAccAuthorize
00128 {
00129 public:
00130
00131 friend class XrdAccConfig;
00132
00133 XrdAccPrivs Access(const XrdSecEntity *Entity,
00134 const char *path,
00135 const Access_Operation oper,
00136 XrdOucEnv *Env=0);
00137
00138 int Audit(const int accok,
00139 const XrdSecEntity *Entity,
00140 const char *path,
00141 const Access_Operation oper,
00142 XrdOucEnv *Env=0);
00143
00144 static
00145 const char *Resolve(const XrdSecEntity *Entity);
00146
00147
00148
00149
00150 void SwapTabs(struct XrdAccAccess_Tables &newtab);
00151
00152 int Test(const XrdAccPrivs priv, const Access_Operation oper);
00153
00154 XrdAccAccess(XrdSysError *erp);
00155
00156 ~XrdAccAccess() {}
00157
00158 private:
00159
00160 XrdAccPrivs Access( XrdAccPrivCaps &caps,
00161 const XrdSecEntity *Entity,
00162 const char *path,
00163 const Access_Operation oper);
00164
00165 struct XrdAccAccess_Tables Atab;
00166 bool hostRefX;
00167 bool hostRefY;
00168
00169 XrdSysXSLock Access_Context;
00170
00171 XrdAccAudit *Auditor;
00172 };
00173 #endif