From: Steinar H. Gunderson Date: Tue, 14 May 2013 00:22:33 +0000 (+0200) Subject: Initial checkin. X-Git-Url: https://git.sesse.net/?p=itkacl;a=commitdiff_plain;h=1636d5d75678e5ad271deb715ba5460337e5fc7f Initial checkin. --- 1636d5d75678e5ad271deb715ba5460337e5fc7f diff --git a/itkacl-2.0/Makefile b/itkacl-2.0/Makefile new file mode 100644 index 0000000..f7ccafd --- /dev/null +++ b/itkacl-2.0/Makefile @@ -0,0 +1,39 @@ +CC=gcc +CFLAGS=-O2 -Wall +CPPFLAGS= +RANLIB=ranlib +PREFIX=/usr/local + +SONAME=libitkacl.so.2 +LIBNAME=libitkacl.so.2.0.0 + +all: libitkacl.a $(LIBNAME) itkacl-test +clean: + $(RM) itkacl.o itkacl.PIC.o itkacl-test.o itkacl-test libitkacl.a libitkacl.so.2.0.0 + +itkacl-test: itkacl.o itkacl-test.o + $(CC) -o itkacl-test itkacl.o itkacl-test.o + +itkacl.o: itkacl.c + $(CC) $(CPPFLAGS) $(CFLAGS) -c itkacl.c -o itkacl.o +itkacl.PIC.o: itkacl.c + $(CC) $(CPPFLAGS) $(CFLAGS) -fPIC -c itkacl.c -o itkacl.PIC.o +itkacl-test.o: itkacl-test.c + $(CC) $(CPPFLAGS) $(CFLAGS) -c itkacl-test.c -o itkacl-test.o + +libitkacl.a: itkacl.o + $(AR) rc $@ $< + $(RANLIB) $@ +$(LIBNAME): itkacl.PIC.o + $(CC) -shared -Wl,-soname,$(SONAME) -o $@ $< + +install: + cp libitkacl.a $(DESTDIR)$(PREFIX)/lib/ + cp $(LIBNAME) $(DESTDIR)$(PREFIX)/lib/ + ln -s $(LIBNAME) $(DESTDIR)$(PREFIX)/lib/libitkacl.so.2 + ln -s $(LIBNAME) $(DESTDIR)$(PREFIX)/lib/libitkacl.so + cp itkacl.h $(DESTDIR)$(PREFIX)/include/ + mkdir -p $(DESTDIR)$(PREFIX)/share/itkacl/ + cp itkacl.sql $(DESTDIR)$(PREFIX)/share/itkacl/ + +.PHONY: clean install diff --git a/itkacl-2.0/debian/changelog b/itkacl-2.0/debian/changelog new file mode 100644 index 0000000..c66e4bf --- /dev/null +++ b/itkacl-2.0/debian/changelog @@ -0,0 +1,5 @@ +itkacl (2.0) unstable; urgency=low + + * Initial release. + + -- Steinar H. Gunderson Tue, 14 May 2013 00:57:31 +0200 diff --git a/itkacl-2.0/debian/compat b/itkacl-2.0/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/itkacl-2.0/debian/compat @@ -0,0 +1 @@ +7 diff --git a/itkacl-2.0/debian/control b/itkacl-2.0/debian/control new file mode 100644 index 0000000..7e6e45b --- /dev/null +++ b/itkacl-2.0/debian/control @@ -0,0 +1,20 @@ +Source: itkacl +Priority: extra +Maintainer: Steinar H. Gunderson +Build-Depends: debhelper (>= 7.0.50~) +Standards-Version: 3.9.1 +Section: libs + +Package: libitkacl-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: ITKACL library, development files + ITKACL core library; files needed to compile software against the library. + +Package: libitkacl2 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: ITKACL library + ITKACL core library. diff --git a/itkacl-2.0/debian/copyright b/itkacl-2.0/debian/copyright new file mode 100644 index 0000000..e8290d1 --- /dev/null +++ b/itkacl-2.0/debian/copyright @@ -0,0 +1,37 @@ +This work was packaged for Debian by: + + Steinar H. Gunderson on Tue, 14 May 2013 00:57:31 +0200 + +It was downloaded from: + + + +Upstream Author(s): + + + + +Copyright: + + + + +License: + + + +The Debian packaging is: + + Copyright (C) 2013 Steinar H. Gunderson + +# Please chose a license for your packaging work. If the program you package +# uses a mainstream license, using the same license is the safest choice. +# Please avoid to pick license terms that are more restrictive than the +# packaged work, as it may make Debian's contributions unacceptable upstream. +# If you just want it to be GPL version 3, leave the following lines in. + +and is licensed under the GPL version 3, +see "/usr/share/common-licenses/GPL-3". + +# Please also look if there are files or directories which have a +# different copyright/license attached and list them here. diff --git a/itkacl-2.0/debian/libitkacl-dev.install b/itkacl-2.0/debian/libitkacl-dev.install new file mode 100644 index 0000000..59c9183 --- /dev/null +++ b/itkacl-2.0/debian/libitkacl-dev.install @@ -0,0 +1,4 @@ +usr/include/* +usr/lib/libitkacl.so +usr/lib/libitkacl.a +usr/share/itkacl/* diff --git a/itkacl-2.0/debian/libitkacl2.install b/itkacl-2.0/debian/libitkacl2.install new file mode 100644 index 0000000..d561644 --- /dev/null +++ b/itkacl-2.0/debian/libitkacl2.install @@ -0,0 +1 @@ +usr/lib/libitkacl.so.* diff --git a/itkacl-2.0/debian/rules b/itkacl-2.0/debian/rules new file mode 100755 index 0000000..b1d86eb --- /dev/null +++ b/itkacl-2.0/debian/rules @@ -0,0 +1,35 @@ +#! /usr/bin/make -f +# -*- makefile -*- + +clean: + dh_testdir + dh_clean + $(MAKE) clean + +build: + $(MAKE) + +binary-indep: + +binary-arch: + dh_testroot + dh_prep + mkdir debian/tmp + mkdir -p debian/tmp/usr/lib + mkdir -p debian/tmp/usr/include + mkdir -p debian/tmp/usr/share + dh_installdirs + $(MAKE) install DESTDIR=debian/tmp PREFIX=/usr + dh_install + dh_installchangelogs + dh_compress + dh_fixperms + dh_strip + dh_makeshlibs + dh_shlibdeps + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-arch diff --git a/itkacl-2.0/itkacl-test.c b/itkacl-2.0/itkacl-test.c new file mode 100644 index 0000000..8ebdb95 --- /dev/null +++ b/itkacl-2.0/itkacl-test.c @@ -0,0 +1,14 @@ +#include + +int itkacl_check(const char * const realm, const char * const user, + char *errmsg, size_t errmsg_size); + +int main() +{ + if (itkacl_check("/login/unix-servers/cirkus", "sesse", NULL, 0) == 0) { + printf("OK\n"); + } else { + printf("Not OK\n"); + } + return 0; +} diff --git a/itkacl-2.0/itkacl.c b/itkacl-2.0/itkacl.c new file mode 100644 index 0000000..e373eb3 --- /dev/null +++ b/itkacl-2.0/itkacl.c @@ -0,0 +1,123 @@ +/* + * itkacl control library, version 0.1 + * + * (C) 2004-2009 Steinar H. Gunderson + * GPL, v2. + */ +#include +#include +#include +#include +#include +#include + +#define BASE_ZONE "itkacl.samfundet.no" + +int itkacl_check(const char * const realm, const char * const user, + char *errmsg, size_t errmsg_size) +{ + struct hostent he, *he_ptr; + int ret, host_errno; + const char *ptr; + char nszone[256] = BASE_ZONE; + char temp[256], ns_temp[1024]; + + if (realm[0] != '/') { + if (errmsg) + snprintf(errmsg, errmsg_size, "Invalid realm '%s' (missing leading /)", + realm); + return -1; + } + if (strlen(user) > 64) { + if (errmsg) + snprintf(errmsg, errmsg_size, "Invalid user '%s' (above 64 characters)", + user); + return -1; + } + if (strlen(realm) > 64) { + if (errmsg) + snprintf(errmsg, errmsg_size, "Invalid realm '%s' (above 64 characters)", + realm); + return -1; + } + + /* check that the user name is valid */ + ptr = user; + while (*ptr) { + /* only allow [a-z0-9-] */ + if (!((*ptr >= 'a' && *ptr <= 'z') || + (*ptr >= '0' && *ptr <= '9') || + *ptr == '-')) { + if (errmsg) { + snprintf(errmsg, errmsg_size, "Invalid realm '%s' (illegal characters)", + realm); + } + return -1; + } + ++ptr; + } + + /* traverse the realm entry by entry from the root, + * creating a DNS zone name as we go */ + ptr = realm; + while (*ptr) { + /* copy all characters to next / or end of string */ + char this_part[64]; + int i = 0; + this_part[0] = 0; + + ++ptr; + while (*ptr && *ptr != '/') { + /* only allow [a-z0-9-] */ + if (!((*ptr >= 'a' && *ptr <= 'z') || + (*ptr >= '0' && *ptr <= '9') || + *ptr == '-')) { + if (errmsg) { + snprintf(errmsg, errmsg_size, "Invalid realm '%s' (illegal characters)", + realm); + } + return -1; + } + this_part[i++] = *ptr++; + } + this_part[i] = 0; + + strcpy(temp, nszone); + snprintf(nszone, 256, "%s.%s", this_part, temp); + } + + /* finally, prepend the username */ + strcpy(temp, nszone); + sprintf(nszone, "%s.%s", user, temp); + + ret = gethostbyname_r(nszone, &he, ns_temp, 1024, &he_ptr, &host_errno); + + /* + * The man page for gethostbyname_r() specifies ret != 0 on failure, but + * that seemingly does not include HOST_NOT_FOUND failure. + */ + if (he_ptr == NULL) { + // Not found => no access, but no error either. + if (host_errno == HOST_NOT_FOUND) { + return 1; + } + + switch (host_errno) { + case TRY_AGAIN: + snprintf(errmsg, errmsg_size, "Host name lookup failure"); + break; + case NO_RECOVERY: + snprintf(errmsg, errmsg_size, "Unknown server error"); + break; + case NO_ADDRESS: + snprintf(errmsg, errmsg_size, "No address associated with name"); + break; + default: + snprintf(errmsg, errmsg_size, "Unknown DNS error %d", host_errno); + } + return -1; + } + + // The lookup succeeded, so we're good. + return 0; +} diff --git a/itkacl-2.0/itkacl.h b/itkacl-2.0/itkacl.h new file mode 100644 index 0000000..32d94a7 --- /dev/null +++ b/itkacl-2.0/itkacl.h @@ -0,0 +1,14 @@ +#ifndef _ITKACL_H +#define _ITKACL_H + +/* + * itkacl control library, version 0.1 + * + * (C) 2004-2009 Steinar H. Gunderson + * GPL, v2. + */ + +int itkacl_check(const char * const realm, const char * const user, + char *errmsg, size_t errmsg_size); + +#endif /* !defined(_ITKACL_H) */ diff --git a/itkacl-2.0/itkacl.sql b/itkacl-2.0/itkacl.sql new file mode 100644 index 0000000..eb38f87 --- /dev/null +++ b/itkacl-2.0/itkacl.sql @@ -0,0 +1,19 @@ +CREATE TABLE objects ( + id SERIAL NOT NULL PRIMARY KEY, + name VARCHAR(64) NOT NULL, + description VARCHAR(255) NOT NULL, + parent INTEGER REFERENCES objects(id), + + UNIQUE ( name, parent ) +); + +CREATE TABLE aclentries ( + object INTEGER NOT NULL REFERENCES objects(id), + entity_type VARCHAR(5) NOT NULL CHECK ( entity_type IN ('group', 'user') ), + entity VARCHAR(64) NOT NULL, + allow VARCHAR(5) NOT NULL CHECK ( allow IN ('grant', 'deny') ), + + UNIQUE ( object, entity_type, entity ) +); +CREATE INDEX object_index ON aclentries ( object ); +