1 /* acl.h -- definitions for access control lists
2  *
3  * Copyright (c) 1994-2008 Carnegie Mellon University.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. The name "Carnegie Mellon University" must not be used to
18  *    endorse or promote products derived from this software without
19  *    prior written permission. For permission or any legal
20  *    details, please contact
21  *      Carnegie Mellon University
22  *      Center for Technology Transfer and Enterprise Creation
23  *      4615 Forbes Avenue
24  *      Suite 302
25  *      Pittsburgh, PA  15213
26  *      (412) 268-7393, fax: (412) 268-7395
27  *      innovation@andrew.cmu.edu
28  *
29  * 4. Redistributions of any form whatsoever must retain the following
30  *    acknowledgment:
31  *    "This product includes software developed by Computing Services
32  *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
33  *
34  * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
35  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
36  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
37  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
38  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
39  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
40  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
41  *
42  * Author: Chris Newman
43  * Start Date: 6/28/93
44  */
45 
46 #ifndef INCLUDED_ACL_H
47 #define INCLUDED_ACL_H
48 
49 #include "auth.h"
50 
51 /* max length of an acl string */
52 #define ACL_MAXSTR 32
53 
54 /* ACL bits */
55 #define ACL_LOOKUP      0x000001L
56 #define ACL_READ        0x000002L
57 #define ACL_SETSEEN     0x000004L
58 #define ACL_WRITE       0x000008L
59 #define ACL_INSERT      0x000010L
60 #define ACL_POST        0x000020L
61 #define ACL_CREATE      0x000040L
62 #define ACL_DELETEMBOX  0x000080L
63 #define ACL_DELETEMSG   0x000100L
64 #define ACL_EXPUNGE     0x000200L
65 #define ACL_ADMIN       0x000400L
66 #define ACL_ANNOTATEMSG 0x000800L
67 #define ACL_USER1       0x001000L
68 #define ACL_USER2       0x002000L
69 #define ACL_USER3       0x004000L
70 #define ACL_USER4       0x008000L
71 #define ACL_USER5       0x010000L
72 #define ACL_USER6       0x020000L
73 #define ACL_USER7       0x040000L
74 #define ACL_USER8       0x080000L
75 #define ACL_USER9       0x100000L
76 #define ACL_USER0       0x200000L
77 
78 /* ALL: all non-user ACLs */
79 #define ACL_ALL         (ACL_LOOKUP|ACL_READ|ACL_SETSEEN|ACL_WRITE\
80                         |ACL_INSERT|ACL_POST|ACL_CREATE|ACL_DELETEMBOX\
81                         |ACL_DELETEMSG|ACL_EXPUNGE|ACL_ADMIN\
82                         |ACL_ANNOTATEMSG)
83 /* FULL: ALL ACLs including user ACLs */
84 #define ACL_FULL        (ACL_USER1|ACL_USER2|ACL_USER3|ACL_USER4|ACL_USER5\
85                         |ACL_USER6|ACL_USER7|ACL_USER8|ACL_USER9|ACL_USER0\
86                         |ACL_ALL)
87 
88 /* READ-WRITE: removed from regular ACL if you EXAMINE a mailbox,
89    so that nothing accidentally tries to write */
90 #define ACL_READ_WRITE (ACL_SETSEEN|ACL_WRITE|ACL_INSERT\
91                        |ACL_DELETEMSG|ACL_EXPUNGE|ACL_ANNOTATEMSG)
92 
93 #define ACL_MODE_SET 0
94 #define ACL_MODE_ADD 1
95 #define ACL_MODE_REMOVE 2
96 
97 typedef int cyrus_acl_canonproc_t(void *rock, const char *identifier, int rights);
98 
99 /* check a string, with meaningful description of error */
100 extern int cyrus_acl_checkstr(const char *str, char **errstr);
101 
102 /* convert a string to an acl bit vector */
103 extern int cyrus_acl_strtomask(const char *str, int *mask);
104 
105 /*  cyrus_acl_masktostr(acl, dst)
106  * convert an acl bit vector to a string
107  *  dst must have room for 32 characters (only 20 used currently)
108  *  returns dst
109  */
110 extern char *cyrus_acl_masktostr(int acl, char *str);
111 
112 /*  cyrus_acl_myrights(acl)
113  * Calculate the set of rights the user in 'auth_state' has in the ACL 'acl'.
114  * 'acl' must be writable, but is restored to its original condition.
115  */
116 extern int cyrus_acl_myrights(const struct auth_state *auth_state, const char *acl);
117 
118 /*  cyrus_acl_set(acl, identifier, mode, access, canonproc, canonrock) Modify the
119  * ACL pointed to by 'acl' to modify the rights granted to
120  * 'identifier' as specified by 'mode' and the set specified in the
121  * mask 'access'.  'mode' is one of ACL_MODE_SET, ACL_MODE_ADD, or
122  * ACL_MODE_REMOVE.  The pointer pointed to by 'acl' must have been
123  * obtained from malloc().  returns -1 on error, 0 on success */
124 
125 extern int cyrus_acl_set(char **acl, const char *identifier,
126                    int mode, int access,
127                    cyrus_acl_canonproc_t *canonproc, void *canonrock);
128 
129 /*  cyrus_acl_remove(acl, identifier, canonproc, canonrock)
130  * Remove any entry for 'identifier' in the ACL pointed to by 'acl'.
131  * The pointer pointed to by 'acl' must have been obtained from malloc().
132  *  returns -1 on error, 0 on success
133  */
134 extern int cyrus_acl_remove(char **acl, const char *identifier,
135                       cyrus_acl_canonproc_t *canonproc, void *canonrock);
136 
137 /* look up a user to see if they are a system user */
138 extern int is_system_user(const char *userid);
139 
140 #endif /* INCLUDED_ACL_H */
141