aboutsummaryrefslogtreecommitdiff
path: root/src/pies.h
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2015-12-17 12:50:28 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2015-12-17 12:50:28 +0200
commit8334b598f85317eb4d44000f6ec580c54734b15d (patch)
tree04dd1b84443287aec625ab019b02fc170ae524a1 /src/pies.h
parent8426fc4411c9679a10863d7aa3ced077155e0016 (diff)
downloadpies-8334b598f85317eb4d44000f6ec580c54734b15d.tar.gz
pies-8334b598f85317eb4d44000f6ec580c54734b15d.tar.bz2
Implement user privileges
* src/pies.h (component): New members: list_acl and adm_acl. (control): Removed id_acl. New members: adm_acl and usr_acl. * src/pies.c (component_keywords): New keywords list-acl and admin-acl. Removed identity-acl. * ident/ident.c (pies_identity_user_name): New function. * ident/identity.h (pies_identity_user_name): New proto. * src/ctl.c (CTL_USER_STATE,CTL_ADMIN_STATE): New states. (cmdtab): Mark administrative commands as valid in CTL_ADMIN_STATE (ctlio_create): Assume CTL_ADMIN_STATE in the absense of identity providers. (auth_data): New struct. (cmd_auth): Select appropriate state depending on the user permissions. (list_matches): New function. (eval_env): Keep the list of selected progs. (count_prog): Removed. (selector): New function. (cmd_list): Rewrite to take into account access rights. (cmd_start,cmd_stop) (cmd_restart): Only allowed for users with administrative privileges.
Diffstat (limited to 'src/pies.h')
-rw-r--r--src/pies.h14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/pies.h b/src/pies.h
index 69d324d..cc28c69 100644
--- a/src/pies.h
+++ b/src/pies.h
@@ -242,7 +242,7 @@ struct component
242 (if mode == pies_comp_pass_fd) */ 242 (if mode == pies_comp_pass_fd) */
243 unsigned pass_fd_timeout; /* Maximum time to wait for pass_fd socket to 243 unsigned pass_fd_timeout; /* Maximum time to wait for pass_fd socket to
244 become available. */ 244 become available. */
245 pies_acl_t acl; 245 pies_acl_t acl; /* Connection ACL */
246 char *tcpmux; /* Master service for TCPMUX */ 246 char *tcpmux; /* Master service for TCPMUX */
247 247
248 /* Optional error messages to be sent back on the socket: */ 248 /* Optional error messages to be sent back on the socket: */
@@ -256,6 +256,9 @@ struct component
256 /* Actions to execute on various exit codes: */ 256 /* Actions to execute on various exit codes: */
257 struct action *act_head, *act_tail; 257 struct action *act_head, *act_tail;
258 struct action act_temp; /* Auxiliary object used during configuration */ 258 struct action act_temp; /* Auxiliary object used during configuration */
259 /* ACLs for control interface */
260 pies_acl_t list_acl; /* List access control list */
261 pies_acl_t adm_acl; /* Administrative ACL (stop, start, etc.) */
259}; 262};
260 263
261#define is_sysvinit(cp) ((cp)->mode >= pies_mark_sysvinit || (cp)->runlevels) 264#define is_sysvinit(cp) ((cp)->mode >= pies_mark_sysvinit || (cp)->runlevels)
@@ -562,10 +565,11 @@ void sysvinit_acct (int what, const char *user, const char *id, pid_t pid,
562/* ctl.c */ 565/* ctl.c */
563struct control 566struct control
564{ 567{
565 struct pies_url *url; 568 struct pies_url *url; /* Control socket URL */
566 pies_acl_t conn_acl; 569 pies_acl_t conn_acl; /* Connection ACL */
567 pies_acl_t id_acl; 570 pies_acl_t adm_acl; /* Administrative ACL */
568 unsigned int idle_timeout; 571 pies_acl_t usr_acl; /* User ACL */
572 unsigned int idle_timeout; /* Session idle timeout */
569}; 573};
570 574
571extern struct control control; 575extern struct control control;

Return to:

Send suggestions and report system problems to the System administrator.