summaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2015-01-15 20:14:44 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2015-01-15 20:14:44 +0000
commit87c5b2118efcee65eeda3f743d081ea9c2b866d9 (patch)
tree31ca07d6134adf44bc3d58f4fcf4ea8be9cb7dbb /src/include
parentcd2500fcc704287c4994a3253b593593c867913e (diff)
downloads6-87c5b2118efcee65eeda3f743d081ea9c2b866d9.tar.xz
Move Unix domain utilities and access control utilites,
as well as the accessrules library, from s6-networking to here
Diffstat (limited to 'src/include')
-rw-r--r--src/include/s6/accessrules.h53
-rw-r--r--src/include/s6/s6.h1
2 files changed, 54 insertions, 0 deletions
diff --git a/src/include/s6/accessrules.h b/src/include/s6/accessrules.h
new file mode 100644
index 0000000..3edf8b6
--- /dev/null
+++ b/src/include/s6/accessrules.h
@@ -0,0 +1,53 @@
+/* ISC license. */
+
+#ifndef S6_ACCESSRULES_H
+#define S6_ACCESSRULES_H
+
+#include <skalibs/cdb.h>
+#include <skalibs/stralloc.h>
+#include <skalibs/ip46.h>
+
+typedef struct s6_accessrules_params_s s6_accessrules_params_t, *s6_accessrules_params_t_ref ;
+struct s6_accessrules_params_s
+{
+ stralloc env ;
+ stralloc exec ;
+} ;
+#define S6_ACCESSRULES_PARAMS_ZERO { .env = STRALLOC_ZERO, .exec = STRALLOC_ZERO }
+
+typedef enum s6_accessrules_result_e s6_accessrules_result_t, *s6_accessrules_result_t_ref ;
+enum s6_accessrules_result_e
+{
+ S6_ACCESSRULES_ERROR = -1,
+ S6_ACCESSRULES_DENY = 0,
+ S6_ACCESSRULES_ALLOW = 1,
+ S6_ACCESSRULES_NOTFOUND = 2
+} ;
+
+typedef s6_accessrules_result_t s6_accessrules_backend_func_t (char const *, unsigned int, void *, s6_accessrules_params_t *) ;
+typedef s6_accessrules_backend_func_t *s6_accessrules_backend_func_t_ref ;
+
+extern s6_accessrules_backend_func_t s6_accessrules_backend_fs ;
+extern s6_accessrules_backend_func_t s6_accessrules_backend_cdb ;
+
+typedef s6_accessrules_result_t s6_accessrules_keycheck_func_t (void const *, void *, s6_accessrules_params_t *, s6_accessrules_backend_func_t_ref) ;
+typedef s6_accessrules_keycheck_func_t *s6_accessrules_keycheck_func_t_ref ;
+
+extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_uidgid ;
+extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_ip4 ;
+extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_ip6 ;
+extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_reversedns ;
+#define s6_accessrules_keycheck_ip46(key, data, params, f) (ip46_is6((ip46_t const *)(key)) ? s6_accessrules_keycheck_ip6(((ip46_t const *)(key))->ip, data, params, f) : s6_accessrules_keycheck_ip4(((ip46_t const *)(key))->ip, data, params, f))
+
+extern s6_accessrules_result_t s6_accessrules_uidgid_cdb (unsigned int, unsigned int, struct cdb *, s6_accessrules_params_t *) ;
+extern s6_accessrules_result_t s6_accessrules_uidgid_fs (unsigned int, unsigned int, char const *, s6_accessrules_params_t *) ;
+#define s6_accessrules_ip4_cdb(ip4, c, params) s6_accessrules_keycheck_ip4(ip4, c, (params), &s6_accessrules_backend_cdb)
+#define s6_accessrules_ip4_fs(ip4, rulesdir, params) s6_accessrules_keycheck_ip4(ip4, rulesdir, (params), &s6_accessrules_backend_fs)
+#define s6_accessrules_ip6_cdb(ip6, c, params) s6_accessrules_keycheck_ip6(ip6, c, (params), &s6_accessrules_backend_cdb)
+#define s6_accessrules_ip6_fs(ip6, rulesdir, params) s6_accessrules_keycheck_ip6(ip6, rulesdir, (params), &s6_accessrules_backend_fs)
+#define s6_accessrules_ip46_cdb(ip, c, params) s6_accessrules_keycheck_ip46(ip, c, (params), &s6_accessrules_backend_cdb)
+#define s6_accessrules_ip46_fs(ip, rulesdir, params) s6_accessrules_keycheck_ip46(ip, rulesdir, (params), &s6_accessrules_backend_fs)
+#define s6_accessrules_reversedns_cdb(name, c, params) s6_accessrules_keycheck_reversedns(name, c, (params), &s6_accessrules_backend_cdb)
+#define s6_accessrules_reversedns_fs(name, c, params) s6_accessrules_keycheck_reversedns(name, c, (params), &s6_accessrules_backend_fs)
+
+#endif
diff --git a/src/include/s6/s6.h b/src/include/s6/s6.h
index 84c552d..98e23e1 100644
--- a/src/include/s6/s6.h
+++ b/src/include/s6/s6.h
@@ -6,6 +6,7 @@
#include <s6/s6-supervise.h>
#include <s6/ftrigr.h>
#include <s6/ftrigw.h>
+#include <s6/accessrules.h>
#include <s6/s6lock.h>
#endif