Initial checkin.
authorSteinar H. Gunderson <sesse@samfundet.no>
Tue, 14 May 2013 00:22:33 +0000 (02:22 +0200)
committerSteinar H. Gunderson <sesse@samfundet.no>
Tue, 14 May 2013 00:22:33 +0000 (02:22 +0200)
12 files changed:
itkacl-2.0/Makefile [new file with mode: 0644]
itkacl-2.0/debian/changelog [new file with mode: 0644]
itkacl-2.0/debian/compat [new file with mode: 0644]
itkacl-2.0/debian/control [new file with mode: 0644]
itkacl-2.0/debian/copyright [new file with mode: 0644]
itkacl-2.0/debian/libitkacl-dev.install [new file with mode: 0644]
itkacl-2.0/debian/libitkacl2.install [new file with mode: 0644]
itkacl-2.0/debian/rules [new file with mode: 0755]
itkacl-2.0/itkacl-test.c [new file with mode: 0644]
itkacl-2.0/itkacl.c [new file with mode: 0644]
itkacl-2.0/itkacl.h [new file with mode: 0644]
itkacl-2.0/itkacl.sql [new file with mode: 0644]

diff --git a/itkacl-2.0/Makefile b/itkacl-2.0/Makefile
new file mode 100644 (file)
index 0000000..f7ccafd
--- /dev/null
@@ -0,0 +1,39 @@
+CC=gcc
+CFLAGS=-O2 -Wall
+CPPFLAGS=
+RANLIB=ranlib
+PREFIX=/usr/local
+
+SONAME=libitkacl.so.2
+LIBNAME=libitkacl.so.2.0.0
+
+all: libitkacl.a $(LIBNAME) itkacl-test
+clean:
+       $(RM) itkacl.o itkacl.PIC.o itkacl-test.o itkacl-test libitkacl.a libitkacl.so.2.0.0
+
+itkacl-test: itkacl.o itkacl-test.o
+       $(CC) -o itkacl-test itkacl.o itkacl-test.o
+
+itkacl.o: itkacl.c
+       $(CC) $(CPPFLAGS) $(CFLAGS) -c itkacl.c -o itkacl.o
+itkacl.PIC.o: itkacl.c
+       $(CC) $(CPPFLAGS) $(CFLAGS) -fPIC -c itkacl.c -o itkacl.PIC.o
+itkacl-test.o: itkacl-test.c
+       $(CC) $(CPPFLAGS) $(CFLAGS) -c itkacl-test.c -o itkacl-test.o
+
+libitkacl.a: itkacl.o
+       $(AR) rc $@ $<
+       $(RANLIB) $@
+$(LIBNAME): itkacl.PIC.o
+       $(CC) -shared -Wl,-soname,$(SONAME) -o $@ $<
+
+install:
+       cp libitkacl.a $(DESTDIR)$(PREFIX)/lib/
+       cp $(LIBNAME) $(DESTDIR)$(PREFIX)/lib/
+       ln -s $(LIBNAME) $(DESTDIR)$(PREFIX)/lib/libitkacl.so.2
+       ln -s $(LIBNAME) $(DESTDIR)$(PREFIX)/lib/libitkacl.so
+       cp itkacl.h $(DESTDIR)$(PREFIX)/include/
+       mkdir -p $(DESTDIR)$(PREFIX)/share/itkacl/
+       cp itkacl.sql $(DESTDIR)$(PREFIX)/share/itkacl/
+       
+.PHONY: clean install
diff --git a/itkacl-2.0/debian/changelog b/itkacl-2.0/debian/changelog
new file mode 100644 (file)
index 0000000..c66e4bf
--- /dev/null
@@ -0,0 +1,5 @@
+itkacl (2.0) unstable; urgency=low
+
+  * Initial release.
+
+ -- Steinar H. Gunderson <sesse@samfundet.no>  Tue, 14 May 2013 00:57:31 +0200
diff --git a/itkacl-2.0/debian/compat b/itkacl-2.0/debian/compat
new file mode 100644 (file)
index 0000000..7f8f011
--- /dev/null
@@ -0,0 +1 @@
+7
diff --git a/itkacl-2.0/debian/control b/itkacl-2.0/debian/control
new file mode 100644 (file)
index 0000000..7e6e45b
--- /dev/null
@@ -0,0 +1,20 @@
+Source: itkacl
+Priority: extra
+Maintainer: Steinar H. Gunderson <sesse@samfundet.no>
+Build-Depends: debhelper (>= 7.0.50~)
+Standards-Version: 3.9.1
+Section: libs
+
+Package: libitkacl-dev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: ITKACL library, development files
+ ITKACL core library; files needed to compile software against the library.
+
+Package: libitkacl2
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: ITKACL library
+ ITKACL core library.
diff --git a/itkacl-2.0/debian/copyright b/itkacl-2.0/debian/copyright
new file mode 100644 (file)
index 0000000..e8290d1
--- /dev/null
@@ -0,0 +1,37 @@
+This work was packaged for Debian by:
+
+    Steinar H. Gunderson <sesse@samfundet.no> on Tue, 14 May 2013 00:57:31 +0200
+
+It was downloaded from:
+
+    <url://example.com>
+
+Upstream Author(s):
+
+    <put author's name and email here>
+    <likewise for another author>
+
+Copyright:
+
+    <Copyright (C) YYYY Firstname Lastname>
+    <likewise for another author>
+
+License:
+
+    <Put the license of the package here indented by 4 spaces>
+
+The Debian packaging is:
+
+    Copyright (C) 2013 Steinar H. Gunderson <sesse@samfundet.no>
+
+# Please chose a license for your packaging work. If the program you package
+# uses a mainstream license, using the same license is the safest choice.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.
+# If you just want it to be GPL version 3, leave the following lines in.
+
+and is licensed under the GPL version 3,
+see "/usr/share/common-licenses/GPL-3".
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
diff --git a/itkacl-2.0/debian/libitkacl-dev.install b/itkacl-2.0/debian/libitkacl-dev.install
new file mode 100644 (file)
index 0000000..59c9183
--- /dev/null
@@ -0,0 +1,4 @@
+usr/include/*
+usr/lib/libitkacl.so
+usr/lib/libitkacl.a
+usr/share/itkacl/*
diff --git a/itkacl-2.0/debian/libitkacl2.install b/itkacl-2.0/debian/libitkacl2.install
new file mode 100644 (file)
index 0000000..d561644
--- /dev/null
@@ -0,0 +1 @@
+usr/lib/libitkacl.so.*
diff --git a/itkacl-2.0/debian/rules b/itkacl-2.0/debian/rules
new file mode 100755 (executable)
index 0000000..b1d86eb
--- /dev/null
@@ -0,0 +1,35 @@
+#! /usr/bin/make -f
+# -*- makefile -*-
+
+clean:
+       dh_testdir
+       dh_clean
+       $(MAKE) clean
+
+build:
+       $(MAKE)
+
+binary-indep:
+
+binary-arch:
+       dh_testroot
+       dh_prep
+       mkdir debian/tmp
+       mkdir -p debian/tmp/usr/lib
+       mkdir -p debian/tmp/usr/include
+       mkdir -p debian/tmp/usr/share
+       dh_installdirs
+       $(MAKE) install DESTDIR=debian/tmp PREFIX=/usr
+       dh_install
+       dh_installchangelogs
+       dh_compress
+       dh_fixperms
+       dh_strip
+       dh_makeshlibs
+       dh_shlibdeps
+       dh_installdeb
+       dh_gencontrol
+       dh_md5sums
+       dh_builddeb
+
+binary: binary-arch
diff --git a/itkacl-2.0/itkacl-test.c b/itkacl-2.0/itkacl-test.c
new file mode 100644 (file)
index 0000000..8ebdb95
--- /dev/null
@@ -0,0 +1,14 @@
+#include <stdio.h>
+
+int itkacl_check(const char * const realm, const char * const user,
+               char *errmsg, size_t errmsg_size);
+       
+int main()
+{
+       if (itkacl_check("/login/unix-servers/cirkus", "sesse", NULL, 0) == 0) {
+               printf("OK\n");
+       } else {
+               printf("Not OK\n");
+       }
+       return 0;
+}
diff --git a/itkacl-2.0/itkacl.c b/itkacl-2.0/itkacl.c
new file mode 100644 (file)
index 0000000..e373eb3
--- /dev/null
@@ -0,0 +1,123 @@
+/*
+ * itkacl control library, version 0.1
+ *
+ * (C) 2004-2009 Steinar H. Gunderson
+ * GPL, v2.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <netdb.h>
+
+#define BASE_ZONE "itkacl.samfundet.no"
+
+int itkacl_check(const char * const realm, const char * const user,
+                char *errmsg, size_t errmsg_size)
+{
+       struct hostent he, *he_ptr;
+       int ret, host_errno;
+       const char *ptr;
+       char nszone[256] = BASE_ZONE;
+       char temp[256], ns_temp[1024];
+
+       if (realm[0] != '/') {
+               if (errmsg)
+                       snprintf(errmsg, errmsg_size, "Invalid realm '%s' (missing leading /)",
+                               realm);
+               return -1;
+       }
+       if (strlen(user) > 64) {
+               if (errmsg)
+                       snprintf(errmsg, errmsg_size, "Invalid user '%s' (above 64 characters)",
+                               user);
+               return -1;
+       }
+       if (strlen(realm) > 64) {
+               if (errmsg)
+                       snprintf(errmsg, errmsg_size, "Invalid realm '%s' (above 64 characters)",
+                               realm);
+               return -1;
+       }
+
+       /* check that the user name is valid */
+       ptr = user;
+       while (*ptr) {
+               /* only allow [a-z0-9-] */
+               if (!((*ptr >= 'a' && *ptr <= 'z') ||
+                     (*ptr >= '0' && *ptr <= '9') ||
+                      *ptr == '-')) {
+                       if (errmsg) {
+                               snprintf(errmsg, errmsg_size, "Invalid realm '%s' (illegal characters)",
+                                       realm);
+                       }
+                       return -1;
+               }
+               ++ptr;
+       }
+
+       /* traverse the realm entry by entry from the root,
+        * creating a DNS zone name as we go */
+       ptr = realm;
+       while (*ptr) {
+               /* copy all characters to next / or end of string */
+               char this_part[64];
+               int i = 0;
+               this_part[0] = 0;
+               
+               ++ptr;
+               while (*ptr && *ptr != '/') {
+                       /* only allow [a-z0-9-] */
+                       if (!((*ptr >= 'a' && *ptr <= 'z') ||
+                             (*ptr >= '0' && *ptr <= '9') ||
+                              *ptr == '-')) {
+                               if (errmsg) {
+                                       snprintf(errmsg, errmsg_size, "Invalid realm '%s' (illegal characters)",
+                                               realm);
+                               }
+                               return -1;
+                       }
+                       this_part[i++] = *ptr++;
+               }
+               this_part[i] = 0;
+
+               strcpy(temp, nszone);
+               snprintf(nszone, 256, "%s.%s", this_part, temp);
+       }
+
+       /* finally, prepend the username */
+       strcpy(temp, nszone);
+       sprintf(nszone, "%s.%s", user, temp);
+
+       ret = gethostbyname_r(nszone, &he, ns_temp, 1024, &he_ptr, &host_errno);
+
+       /*
+        * The man page for gethostbyname_r() specifies ret != 0 on failure, but
+        * that seemingly does not include HOST_NOT_FOUND failure.
+        */
+       if (he_ptr == NULL) {
+               // Not found => no access, but no error either.
+               if (host_errno == HOST_NOT_FOUND) {
+                       return 1;
+               }
+
+               switch (host_errno) {
+               case TRY_AGAIN:
+                       snprintf(errmsg, errmsg_size, "Host name lookup failure");
+                       break;
+               case NO_RECOVERY:
+                       snprintf(errmsg, errmsg_size, "Unknown server error");
+                       break;
+               case NO_ADDRESS:
+                       snprintf(errmsg, errmsg_size, "No address associated with name");
+                       break;
+               default:
+                       snprintf(errmsg, errmsg_size, "Unknown DNS error %d", host_errno);
+               }
+               return -1;
+       }
+
+       // The lookup succeeded, so we're good.
+       return 0;
+}
diff --git a/itkacl-2.0/itkacl.h b/itkacl-2.0/itkacl.h
new file mode 100644 (file)
index 0000000..32d94a7
--- /dev/null
@@ -0,0 +1,14 @@
+#ifndef _ITKACL_H
+#define _ITKACL_H
+
+/*
+ * itkacl control library, version 0.1
+ *
+ * (C) 2004-2009 Steinar H. Gunderson
+ * GPL, v2.
+ */
+
+int itkacl_check(const char * const realm, const char * const user,
+                char *errmsg, size_t errmsg_size);
+
+#endif  /* !defined(_ITKACL_H) */
diff --git a/itkacl-2.0/itkacl.sql b/itkacl-2.0/itkacl.sql
new file mode 100644 (file)
index 0000000..eb38f87
--- /dev/null
@@ -0,0 +1,19 @@
+CREATE TABLE objects (
+       id SERIAL NOT NULL PRIMARY KEY,
+       name VARCHAR(64) NOT NULL,
+       description VARCHAR(255) NOT NULL,
+       parent INTEGER REFERENCES objects(id),
+
+       UNIQUE ( name, parent )
+);
+
+CREATE TABLE aclentries (
+       object INTEGER NOT NULL REFERENCES objects(id),
+       entity_type VARCHAR(5) NOT NULL CHECK ( entity_type IN ('group', 'user') ),
+       entity VARCHAR(64) NOT NULL,
+       allow VARCHAR(5) NOT NULL CHECK ( allow IN ('grant', 'deny') ),
+
+       UNIQUE ( object, entity_type, entity )
+);
+CREATE INDEX object_index ON aclentries ( object );
+