diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-17 12:50:28 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-17 12:50:28 +0200 |
commit | 8334b598f85317eb4d44000f6ec580c54734b15d (patch) | |
tree | 04dd1b84443287aec625ab019b02fc170ae524a1 /src/pies.h | |
parent | 8426fc4411c9679a10863d7aa3ced077155e0016 (diff) | |
download | pies-8334b598f85317eb4d44000f6ec580c54734b15d.tar.gz pies-8334b598f85317eb4d44000f6ec580c54734b15d.tar.bz2 |
Implement user privileges
* src/pies.h (component): New members: list_acl and
adm_acl.
(control): Removed id_acl.
New members: adm_acl and usr_acl.
* src/pies.c (component_keywords): New keywords list-acl and
admin-acl. Removed identity-acl.
* ident/ident.c (pies_identity_user_name): New function.
* ident/identity.h (pies_identity_user_name): New proto.
* src/ctl.c (CTL_USER_STATE,CTL_ADMIN_STATE): New states.
(cmdtab): Mark administrative commands as valid in CTL_ADMIN_STATE
(ctlio_create): Assume CTL_ADMIN_STATE in the absense of identity
providers.
(auth_data): New struct.
(cmd_auth): Select appropriate state depending on the user permissions.
(list_matches): New function.
(eval_env): Keep the list of selected progs.
(count_prog): Removed.
(selector): New function.
(cmd_list): Rewrite to take into account access rights.
(cmd_start,cmd_stop)
(cmd_restart): Only allowed for users with administrative
privileges.
Diffstat (limited to 'src/pies.h')
-rw-r--r-- | src/pies.h | 14 |
1 files changed, 9 insertions, 5 deletions
@@ -242,7 +242,7 @@ struct component | |||
242 | (if mode == pies_comp_pass_fd) */ | 242 | (if mode == pies_comp_pass_fd) */ |
243 | unsigned pass_fd_timeout; /* Maximum time to wait for pass_fd socket to | 243 | unsigned pass_fd_timeout; /* Maximum time to wait for pass_fd socket to |
244 | become available. */ | 244 | become available. */ |
245 | pies_acl_t acl; | 245 | pies_acl_t acl; /* Connection ACL */ |
246 | char *tcpmux; /* Master service for TCPMUX */ | 246 | char *tcpmux; /* Master service for TCPMUX */ |
247 | 247 | ||
248 | /* Optional error messages to be sent back on the socket: */ | 248 | /* Optional error messages to be sent back on the socket: */ |
@@ -256,6 +256,9 @@ struct component | |||
256 | /* Actions to execute on various exit codes: */ | 256 | /* Actions to execute on various exit codes: */ |
257 | struct action *act_head, *act_tail; | 257 | struct action *act_head, *act_tail; |
258 | struct action act_temp; /* Auxiliary object used during configuration */ | 258 | struct action act_temp; /* Auxiliary object used during configuration */ |
259 | /* ACLs for control interface */ | ||
260 | pies_acl_t list_acl; /* List access control list */ | ||
261 | pies_acl_t adm_acl; /* Administrative ACL (stop, start, etc.) */ | ||
259 | }; | 262 | }; |
260 | 263 | ||
261 | #define is_sysvinit(cp) ((cp)->mode >= pies_mark_sysvinit || (cp)->runlevels) | 264 | #define is_sysvinit(cp) ((cp)->mode >= pies_mark_sysvinit || (cp)->runlevels) |
@@ -562,10 +565,11 @@ void sysvinit_acct (int what, const char *user, const char *id, pid_t pid, | |||
562 | /* ctl.c */ | 565 | /* ctl.c */ |
563 | struct control | 566 | struct control |
564 | { | 567 | { |
565 | struct pies_url *url; | 568 | struct pies_url *url; /* Control socket URL */ |
566 | pies_acl_t conn_acl; | 569 | pies_acl_t conn_acl; /* Connection ACL */ |
567 | pies_acl_t id_acl; | 570 | pies_acl_t adm_acl; /* Administrative ACL */ |
568 | unsigned int idle_timeout; | 571 | pies_acl_t usr_acl; /* User ACL */ |
572 | unsigned int idle_timeout; /* Session idle timeout */ | ||
569 | }; | 573 | }; |
570 | 574 | ||
571 | extern struct control control; | 575 | extern struct control control; |