EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2026-01-08 10:33:35
0001 #ifndef __ACC_AUTHORIZE__ 0002 #define __ACC_AUTHORIZE__ 0003 /******************************************************************************/ 0004 /* */ 0005 /* X r d A c c A u t h o r i z e . h h */ 0006 /* */ 0007 /* (c) 2000 by the Board of Trustees of the Leland Stanford, Jr., University */ 0008 /* All Rights Reserved */ 0009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 0010 /* DE-AC02-76-SFO0515 with the Department of Energy */ 0011 /* */ 0012 /* This file is part of the XRootD software suite. */ 0013 /* */ 0014 /* XRootD is free software: you can redistribute it and/or modify it under */ 0015 /* the terms of the GNU Lesser General Public License as published by the */ 0016 /* Free Software Foundation, either version 3 of the License, or (at your */ 0017 /* option) any later version. */ 0018 /* */ 0019 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 0020 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 0021 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 0022 /* License for more details. */ 0023 /* */ 0024 /* You should have received a copy of the GNU Lesser General Public License */ 0025 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 0026 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 0027 /* */ 0028 /* The copyright holder's institutional names and contributor's names may not */ 0029 /* be used to endorse or promote products derived from this software without */ 0030 /* specific prior written permission of the institution or contributor. */ 0031 /******************************************************************************/ 0032 0033 #include "XrdAcc/XrdAccPrivs.hh" 0034 0035 /******************************************************************************/ 0036 /* A c c e s s _ O p e r a t i o n */ 0037 /******************************************************************************/ 0038 0039 //! The following are supported operations 0040 0041 enum Access_Operation {AOP_Any = 0, //!< Special for getting privs 0042 AOP_Chmod = 1, //!< chmod() 0043 AOP_Chown = 2, //!< chown() 0044 AOP_Create = 3, //!< open() with create 0045 AOP_Delete = 4, //!< rm() or rmdir() 0046 AOP_Insert = 5, //!< mv() for target 0047 AOP_Lock = 6, //!< n/a 0048 AOP_Mkdir = 7, //!< mkdir() 0049 AOP_Read = 8, //!< open() r/o, prepare() 0050 AOP_Readdir = 9, //!< opendir() 0051 AOP_Rename = 10, //!< mv() for source 0052 AOP_Stat = 11, //!< exists(), stat() 0053 AOP_Update = 12, //!< open() r/w or append 0054 AOP_Excl_Create = 13, //!< open() with O_EXCL|O_CREAT 0055 AOP_Excl_Insert = 14, //!< mv() where destination doesn't exist. 0056 AOP_LastOp = 14 // For limits testing 0057 }; 0058 0059 /******************************************************************************/ 0060 /* X r d A c c A u t h o r i z e */ 0061 /******************************************************************************/ 0062 0063 class XrdOucEnv; 0064 class XrdSecEntity; 0065 class XrdSysLogger; 0066 0067 class XrdAccAuthorize 0068 { 0069 public: 0070 0071 //------------------------------------------------------------------------------ 0072 //! Check whether or not the client is permitted specified access to a path. 0073 //! 0074 //! @param Entity -> Authentication information 0075 //! @param path -> The logical path which is the target of oper 0076 //! @param oper -> The operation being attempted (see the enum above). 0077 //! If the oper is AOP_Any, then the actual privileges 0078 //! are returned and the caller may make subsequent 0079 //! tests using Test(). 0080 //! @param Env -> Environmental information at the time of the 0081 //! operation as supplied by the path CGI string. 0082 //! This is optional and the pointer may be zero. 0083 //! 0084 //! @return Permit: a non-zero value (access is permitted) 0085 //! Deny: zero (access is denied) 0086 //------------------------------------------------------------------------------ 0087 0088 virtual XrdAccPrivs Access(const XrdSecEntity *Entity, 0089 const char *path, 0090 const Access_Operation oper, 0091 XrdOucEnv *Env=0) = 0; 0092 0093 //------------------------------------------------------------------------------ 0094 //! Route an audit message to the appropriate audit exit routine. See 0095 //! XrdAccAudit.h for more information on how the default implementation works. 0096 //! Currently, this method is not called by the ofs but should be used by the 0097 //! implementation to record denials or grants, as warranted. 0098 //! 0099 //! @param accok -> True is access was grated; false otherwise. 0100 //! @param Entity -> Authentication information 0101 //! @param path -> The logical path which is the target of oper 0102 //! @param oper -> The operation being attempted (see above) 0103 //! @param Env -> Environmental information at the time of the 0104 //! operation as supplied by the path CGI string. 0105 //! This is optional and the pointer may be zero. 0106 //! 0107 //! @return Success: !0 information recorded. 0108 //! Failure: 0 information could not be recorded. 0109 //------------------------------------------------------------------------------ 0110 0111 virtual int Audit(const int accok, 0112 const XrdSecEntity *Entity, 0113 const char *path, 0114 const Access_Operation oper, 0115 XrdOucEnv *Env=0) = 0; 0116 0117 //------------------------------------------------------------------------------ 0118 //! Check whether the specified operation is permitted. 0119 //! 0120 //! @param priv -> the privileges as returned by Access(). 0121 //! @param oper -> The operation being attempted (see above) 0122 //! 0123 //! @return Permit: a non-zero value (access is permitted) 0124 //! Deny: zero (access is denied) 0125 //------------------------------------------------------------------------------ 0126 0127 virtual int Test(const XrdAccPrivs priv, 0128 const Access_Operation oper) = 0; 0129 0130 //------------------------------------------------------------------------------ 0131 //! Constructor 0132 //------------------------------------------------------------------------------ 0133 0134 XrdAccAuthorize() {} 0135 0136 //------------------------------------------------------------------------------ 0137 //! Destructor 0138 //------------------------------------------------------------------------------ 0139 0140 virtual ~XrdAccAuthorize() {} 0141 }; 0142 0143 /******************************************************************************/ 0144 /* X r d A c c A u t h o r i z e O b j e c t */ 0145 /******************************************************************************/ 0146 0147 //------------------------------------------------------------------------------ 0148 //! Obtain an authorization object. 0149 //! 0150 //! XrdAccAuthorizeObject() is an extern "C" function that is called to obtain 0151 //! an instance of the auth object that will be used for all subsequent 0152 //! authorization decisions. It must be defined in the plug-in shared library. 0153 //! A second version which is used preferentially if it exists should be 0154 //! used if accessto theenvironmental pointer s needed. 0155 //! All the following extern symbols must be defined at file level! 0156 //! 0157 //! @param lp -> XrdSysLogger to be tied to an XrdSysError object for messages 0158 //! @param cfn -> The name of the configuration file 0159 //! @param parm -> Parameters specified on the authlib directive. If none it 0160 //! is zero. 0161 //! @param envP -> Pointer to environment only available for version 2. 0162 //! 0163 //! @return Success: A pointer to the authorization object. 0164 //! Failure: Null pointer which causes initialization to fail. 0165 //------------------------------------------------------------------------------ 0166 0167 typedef XrdAccAuthorize *(*XrdAccAuthorizeObject_t)(XrdSysLogger *lp, 0168 const char *cfn, 0169 const char *parm); 0170 0171 0172 /*! extern "C" XrdAccAuthorize *XrdAccAuthorizeObject(XrdSysLogger *lp, 0173 const char *cfn, 0174 const char *parm) {...} 0175 */ 0176 0177 // Alternatively: 0178 0179 typedef XrdAccAuthorize *(*XrdAccAuthorizeObject2_t)(XrdSysLogger *lp, 0180 const char *cfn, 0181 const char *parm, 0182 XrdOucEnv *envP); 0183 0184 0185 /*! extern "C" XrdAccAuthorize *XrdAccAuthorizeObject2(XrdSysLogger *lp, 0186 const char *cfn, 0187 const char *parm, 0188 XrdOucEnv *envP) {...} 0189 */ 0190 0191 //------------------------------------------------------------------------------ 0192 //! Add an authorization object as a wrapper to the existing object. 0193 //! 0194 //! XrdAccAuthorizeObjAdd() is an extern "C" function that is called to obtain 0195 //! an instance of the auth object that should wrap the existing object. The 0196 //! wrapper becomes the actual authorization object. The wrapper must be 0197 //! in the plug-in shared library, it is passed additional parameters. 0198 //! All the following extern symbols must be defined at file level! 0199 //! 0200 //! @param lp -> XrdSysLogger to be tied to an XrdSysError object for messages 0201 //! @param cfn -> The name of the configuration file 0202 //! @param parm -> Parameters specified on the authlib directive. If none it 0203 //! is zero. 0204 //! @param envP -> Environmental information and may be nil. 0205 //! @param accP -> to the existing authorization object. 0206 //! 0207 //! @return Success: A pointer to the authorization object. 0208 //! Failure: Null pointer which causes initialization to fail. 0209 //------------------------------------------------------------------------------ 0210 0211 typedef XrdAccAuthorize *(*XrdAccAuthorizeObjAdd_t)(XrdSysLogger *lp, 0212 const char *cfn, 0213 const char *parm, 0214 XrdOucEnv *envP, 0215 XrdAccAuthorize *accP); 0216 0217 0218 /*! extern "C" XrdAccAuthorize *XrdAccAuthorizeObjAdd(XrdSysLogger *lp, 0219 const char *cfn, 0220 const char *parm, 0221 XrdOucEnv *envP, 0222 XrdAccAuthorize *accP) {...} 0223 */ 0224 0225 //------------------------------------------------------------------------------ 0226 //! Specify the compilation version. 0227 //! 0228 //! Additionally, you *should* declare the xrootd version you used to compile 0229 //! your plug-in. While not currently required, it is highly recommended to 0230 //! avoid execution issues should the class definition change. Declare it as: 0231 //------------------------------------------------------------------------------ 0232 0233 /*! #include "XrdVersion.hh" 0234 XrdVERSIONINFO(XrdAccAuthorizeObject,<name>); 0235 0236 where <name> is a 1- to 15-character unquoted name identifying your plugin. 0237 0238 For the default statically linked authorization framework, the non-extern C 0239 XrdAccDefaultAuthorizeObject() is called instead so as to not conflict with 0240 that symbol in a shared library plug-in. 0241 */ 0242 #endif
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|