summaryrefslogtreecommitdiffabout
path: root/src/pies.h
authorSergey Poznyakoff <gray@gnu.org.ua>2015-12-17 10:50:28 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2015-12-17 10:50:28 (GMT)
commit8334b598f85317eb4d44000f6ec580c54734b15d (patch) (side-by-side diff)
tree04dd1b84443287aec625ab019b02fc170ae524a1 /src/pies.h
parent8426fc4411c9679a10863d7aa3ced077155e0016 (diff)
downloadpies-8334b598f85317eb4d44000f6ec580c54734b15d.tar.gz
pies-8334b598f85317eb4d44000f6ec580c54734b15d.tar.bz2
Implement user privileges
* src/pies.h (component): New members: list_acl and adm_acl. (control): Removed id_acl. New members: adm_acl and usr_acl. * src/pies.c (component_keywords): New keywords list-acl and admin-acl. Removed identity-acl. * ident/ident.c (pies_identity_user_name): New function. * ident/identity.h (pies_identity_user_name): New proto. * src/ctl.c (CTL_USER_STATE,CTL_ADMIN_STATE): New states. (cmdtab): Mark administrative commands as valid in CTL_ADMIN_STATE (ctlio_create): Assume CTL_ADMIN_STATE in the absense of identity providers. (auth_data): New struct. (cmd_auth): Select appropriate state depending on the user permissions. (list_matches): New function. (eval_env): Keep the list of selected progs. (count_prog): Removed. (selector): New function. (cmd_list): Rewrite to take into account access rights. (cmd_start,cmd_stop) (cmd_restart): Only allowed for users with administrative privileges.
Diffstat (limited to 'src/pies.h') (more/less context) (ignore whitespace changes)
-rw-r--r--src/pies.h14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/pies.h b/src/pies.h
index 69d324d..cc28c69 100644
--- a/src/pies.h
+++ b/src/pies.h
@@ -242,7 +242,7 @@ struct component
(if mode == pies_comp_pass_fd) */
unsigned pass_fd_timeout; /* Maximum time to wait for pass_fd socket to
become available. */
- pies_acl_t acl;
+ pies_acl_t acl; /* Connection ACL */
char *tcpmux; /* Master service for TCPMUX */
/* Optional error messages to be sent back on the socket: */
@@ -256,6 +256,9 @@ struct component
/* Actions to execute on various exit codes: */
struct action *act_head, *act_tail;
struct action act_temp; /* Auxiliary object used during configuration */
+ /* ACLs for control interface */
+ pies_acl_t list_acl; /* List access control list */
+ pies_acl_t adm_acl; /* Administrative ACL (stop, start, etc.) */
};
#define is_sysvinit(cp) ((cp)->mode >= pies_mark_sysvinit || (cp)->runlevels)
@@ -562,10 +565,11 @@ void sysvinit_acct (int what, const char *user, const char *id, pid_t pid,
/* ctl.c */
struct control
{
- struct pies_url *url;
- pies_acl_t conn_acl;
- pies_acl_t id_acl;
- unsigned int idle_timeout;
+ struct pies_url *url; /* Control socket URL */
+ pies_acl_t conn_acl; /* Connection ACL */
+ pies_acl_t adm_acl; /* Administrative ACL */
+ pies_acl_t usr_acl; /* User ACL */
+ unsigned int idle_timeout; /* Session idle timeout */
};
extern struct control control;

Return to:

Send suggestions and report system problems to the System administrator.