00001 #ifndef __ACC_AUTHORIZE__ 00002 #define __ACC_AUTHORIZE__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d A c c A u t h o r i z e . h h */ 00006 /* */ 00007 /* (c) 2000 by the Board of Trustees of the Leland Stanford, Jr., University */ 00008 /* All Rights Reserved */ 00009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 00010 /* DE-AC03-76-SFO0515 with the Department of Energy */ 00011 /******************************************************************************/ 00012 00013 // $Id: XrdAccAuthorize.hh,v 1.7 2007/07/31 02:24:00 abh Exp $ 00014 00015 #include "XrdAcc/XrdAccPrivs.hh" 00016 00017 /******************************************************************************/ 00018 /* A c c e s s _ O p e r a t i o n */ 00019 /******************************************************************************/ 00020 00021 // The following are supported operations 00022 // 00023 enum Access_Operation {AOP_Any = 0, // Special for getting privs 00024 AOP_Chmod = 1, // chmod() 00025 AOP_Chown = 2, // chown() 00026 AOP_Create = 3, // open() with create 00027 AOP_Delete = 4, // rm() or rmdir() 00028 AOP_Insert = 5, // mv() for target 00029 AOP_Lock = 6, // n/a 00030 AOP_Mkdir = 7, // mkdir() 00031 AOP_Read = 8, // open() r/o, prepare() 00032 AOP_Readdir = 9, // opendir() 00033 AOP_Rename = 10, // mv() for source 00034 AOP_Stat = 11, // exists(), stat() 00035 AOP_Update = 12, // open() r/w or append 00036 AOP_LastOp = 12 // For limits testing 00037 }; 00038 00039 /******************************************************************************/ 00040 /* o o a c c _ A u t h o r i z e C l a s s */ 00041 /******************************************************************************/ 00042 00043 class XrdOucEnv; 00044 class XrdSecEntity; 00045 00046 class XrdAccAuthorize 00047 { 00048 public: 00049 00050 /* Access() indicates whether or not the user/host is permitted access to the 00051 path for the specified operation. The default implementation that is 00052 statically linked determines privileges by combining user, host, user group, 00053 and user/host netgroup privileges. If the operation is AOP_Any, then the 00054 actual privileges are returned and the caller may make subsequent tests using 00055 Test(). Otherwise, a non-zero value is returned if access is permitted or a 00056 zero value is returned is access is to be denied. Other iplementations may 00057 use other decision making schemes but the return values must mean the same. 00058 00059 Parameters: Entity -> Authentication information 00060 path -> The logical path which is the target of oper 00061 oper -> The operation being attempted (see above) 00062 Env -> Environmental information at the time of the 00063 operation as supplied by the path CGI string. 00064 This is optional and the pointer may be zero. 00065 */ 00066 00067 virtual XrdAccPrivs Access(const XrdSecEntity *Entity, 00068 const char *path, 00069 const Access_Operation oper, 00070 XrdOucEnv *Env=0) = 0; 00071 00072 /* Audit() routes an audit message to the appropriate audit exit routine. See 00073 XrdAccAudit.h for more information on how the default implementation works. 00074 Currently, this method is not called by the ofs but should be used by the 00075 implementation to record denials or grants, as warrented. 00076 00077 Parameters: accok -> True is access was grated; false otherwise. 00078 Entity -> Authentication information 00079 path -> The logical path which is the target of oper 00080 oper -> The operation being attempted (see above) 00081 Env -> Environmental information at the time of the 00082 operation as supplied by the path CGI string. 00083 This is optional and the pointer may be zero. 00084 */ 00085 00086 virtual int Audit(const int accok, 00087 const XrdSecEntity *Entity, 00088 const char *path, 00089 const Access_Operation oper, 00090 XrdOucEnv *Env=0) = 0; 00091 00092 // Test() check whether the specified operation is permitted. If permitted it 00093 // returns a non-zero. Otherwise, zero is returned. 00094 // 00095 virtual int Test(const XrdAccPrivs priv, 00096 const Access_Operation oper) = 0; 00097 00098 XrdAccAuthorize() {} 00099 00100 virtual ~XrdAccAuthorize() {} 00101 }; 00102 00103 /******************************************************************************/ 00104 /* o o a c c _ A c c e s s _ O b j e c t */ 00105 /******************************************************************************/ 00106 00107 class XrdSysLogger; 00108 00109 /* XrdAccAuthorizeObject() is called to obtain an instance of the auth object 00110 that will be used for all subsequent authorization decisions. If it returns 00111 a null pointer; initialization fails and the program exits. The args are: 00112 00113 lp -> XrdSysLogger to be tied to an XrdSysError object for messages 00114 cfn -> The name of the configuration file 00115 parm -> Parameters specified on the authlib directive. If none it is zero. 00116 */ 00117 00118 extern "C" XrdAccAuthorize *XrdAccAuthorizeObject(XrdSysLogger *lp, 00119 const char *cfn, 00120 const char *parm); 00121 #endif
1.7.1