1 /* acl.h -- definitions for access control lists 2 * 3 * Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. The name "Carnegie Mellon University" must not be used to 18 * endorse or promote products derived from this software without 19 * prior written permission. For permission or any legal 20 * details, please contact 21 * Carnegie Mellon University 22 * Center for Technology Transfer and Enterprise Creation 23 * 4615 Forbes Avenue 24 * Suite 302 25 * Pittsburgh, PA 15213 26 * (412) 268-7393, fax: (412) 268-7395 27 * innovation@andrew.cmu.edu 28 * 29 * 4. Redistributions of any form whatsoever must retain the following 30 * acknowledgment: 31 * "This product includes software developed by Computing Services 32 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 33 * 34 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 35 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 36 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 37 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 38 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 39 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 40 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 41 * 42 * Author: Chris Newman 43 * Start Date: 6/28/93 44 */ 45 46 #ifndef INCLUDED_ACL_H 47 #define INCLUDED_ACL_H 48 49 #include "auth.h" 50 51 /* max length of an acl string */ 52 #define ACL_MAXSTR 32 53 54 /* ACL bits */ 55 #define ACL_LOOKUP 0x000001L 56 #define ACL_READ 0x000002L 57 #define ACL_SETSEEN 0x000004L 58 #define ACL_WRITE 0x000008L 59 #define ACL_INSERT 0x000010L 60 #define ACL_POST 0x000020L 61 #define ACL_CREATE 0x000040L 62 #define ACL_DELETEMBOX 0x000080L 63 #define ACL_DELETEMSG 0x000100L 64 #define ACL_EXPUNGE 0x000200L 65 #define ACL_ADMIN 0x000400L 66 #define ACL_ANNOTATEMSG 0x000800L 67 #define ACL_USER1 0x001000L 68 #define ACL_USER2 0x002000L 69 #define ACL_USER3 0x004000L 70 #define ACL_USER4 0x008000L 71 #define ACL_USER5 0x010000L 72 #define ACL_USER6 0x020000L 73 #define ACL_USER7 0x040000L 74 #define ACL_USER8 0x080000L 75 #define ACL_USER9 0x100000L 76 #define ACL_USER0 0x200000L 77 78 /* ALL: all non-user ACLs */ 79 #define ACL_ALL (ACL_LOOKUP|ACL_READ|ACL_SETSEEN|ACL_WRITE\ 80 |ACL_INSERT|ACL_POST|ACL_CREATE|ACL_DELETEMBOX\ 81 |ACL_DELETEMSG|ACL_EXPUNGE|ACL_ADMIN\ 82 |ACL_ANNOTATEMSG) 83 /* FULL: ALL ACLs including user ACLs */ 84 #define ACL_FULL (ACL_USER1|ACL_USER2|ACL_USER3|ACL_USER4|ACL_USER5\ 85 |ACL_USER6|ACL_USER7|ACL_USER8|ACL_USER9|ACL_USER0\ 86 |ACL_ALL) 87 88 /* READ-WRITE: removed from regular ACL if you EXAMINE a mailbox, 89 so that nothing accidentally tries to write */ 90 #define ACL_READ_WRITE (ACL_SETSEEN|ACL_WRITE|ACL_INSERT\ 91 |ACL_DELETEMSG|ACL_EXPUNGE|ACL_ANNOTATEMSG) 92 93 #define ACL_MODE_SET 0 94 #define ACL_MODE_ADD 1 95 #define ACL_MODE_REMOVE 2 96 97 typedef int cyrus_acl_canonproc_t(void *rock, const char *identifier, int rights); 98 99 /* check a string, with meaningful description of error */ 100 extern int cyrus_acl_checkstr(const char *str, char **errstr); 101 102 /* convert a string to an acl bit vector */ 103 extern int cyrus_acl_strtomask(const char *str, int *mask); 104 105 /* cyrus_acl_masktostr(acl, dst) 106 * convert an acl bit vector to a string 107 * dst must have room for 32 characters (only 20 used currently) 108 * returns dst 109 */ 110 extern char *cyrus_acl_masktostr(int acl, char *str); 111 112 /* cyrus_acl_myrights(acl) 113 * Calculate the set of rights the user in 'auth_state' has in the ACL 'acl'. 114 * 'acl' must be writable, but is restored to its original condition. 115 */ 116 extern int cyrus_acl_myrights(const struct auth_state *auth_state, const char *acl); 117 118 /* cyrus_acl_set(acl, identifier, mode, access, canonproc, canonrock) Modify the 119 * ACL pointed to by 'acl' to modify the rights granted to 120 * 'identifier' as specified by 'mode' and the set specified in the 121 * mask 'access'. 'mode' is one of ACL_MODE_SET, ACL_MODE_ADD, or 122 * ACL_MODE_REMOVE. The pointer pointed to by 'acl' must have been 123 * obtained from malloc(). returns -1 on error, 0 on success */ 124 125 extern int cyrus_acl_set(char **acl, const char *identifier, 126 int mode, int access, 127 cyrus_acl_canonproc_t *canonproc, void *canonrock); 128 129 /* cyrus_acl_remove(acl, identifier, canonproc, canonrock) 130 * Remove any entry for 'identifier' in the ACL pointed to by 'acl'. 131 * The pointer pointed to by 'acl' must have been obtained from malloc(). 132 * returns -1 on error, 0 on success 133 */ 134 extern int cyrus_acl_remove(char **acl, const char *identifier, 135 cyrus_acl_canonproc_t *canonproc, void *canonrock); 136 137 /* look up a user to see if they are a system user */ 138 extern int is_system_user(const char *userid); 139 140 #endif /* INCLUDED_ACL_H */ 141