1 /* This file is part of the Project Athena Zephyr Notification System.
2 * It contains functions for dealing with acl's.
4 * Created by: John T. Kohl
8 * Copyright (c) 1987 by the Massachusetts Institute of Technology.
9 * For copying and distribution information, see the file
13 #include <zephyr/mit-copyright.h>
17 #if !defined (lint) && !defined (SABER)
18 static const char rcsid_access_c[] =
26 * int access_check(notice, acl, accesstype)
33 * void access_reinit();
37 * Each restricted class has four ACL's associated with it,
38 * governing subscriptions, transmission, and instance restrictions.
39 * This module provides the 'glue' between the standard Athena ACL
40 * routines and the support needed by the Zephyr server.
44 * Our private types for the acl_types field in the Acl structure.
52 static void check_acl __P((Acl *acl));
53 static void check_acl_type __P((Acl *acl, Access accesstype, int typeflag));
54 static void access_setup __P((int first));
57 * check access. return 1 if ok, 0 if not ok.
61 access_check(char *sender,
65 char buf[MAXPATHLEN]; /* holds the real acl name */
88 syslog(LOG_ERR, "unknown access type %d", (int) accesstype);
91 if (!(acl->acl_types & flag)) /* no acl ==> no restriction */
93 sprintf(buf, "%s/%s-%s.acl", acl_dir, prefix, acl->acl_filename);
95 * If we can't load it (because it probably doesn't exist),
99 zdbug ((LOG_DEBUG, "checking %s for %s", buf, sender));
102 retval = acl_load(buf);
104 syslog(LOG_DEBUG, "Error in acl_load of %s for %s", buf, sender);
107 return acl_check(buf, sender);
114 check_acl_type(acl, TRANSMIT, ACL_XMT);
115 check_acl_type(acl, SUBSCRIBE, ACL_SUB);
116 check_acl_type(acl, INSTWILD, ACL_IWS);
117 check_acl_type(acl, INSTUID, ACL_IUI);
121 check_acl_type(Acl *acl,
125 char buf[MAXPATHLEN]; /* holds the real acl name */
128 switch (accesstype) {
142 syslog(LOG_ERR, "unknown access type %d", (int) accesstype);
145 sprintf(buf, "%s/%s-%s.acl", acl_dir, prefix, acl->acl_filename);
146 if (!access(buf, F_OK))
147 acl->acl_types |= typeflag;
152 * Re-init code written by TYT, 8/14/90.
154 * General plan of action; we reread the registry list, and add any
155 * new restricted classes. If any restricted classes disappear (this
156 * should be rarely) the Acl structure is not deallocated; rather,
157 * the acl_types field will be left at zero, since there will be no
158 * acl files for the (non-)restricted class.
161 access_setup(int first)
163 char buf[MAXPATHLEN];
164 char class_name[512]; /* assume class names <= 511 bytes */
171 sprintf(buf, "%s/%s", acl_dir, ZEPHYR_CLASS_REGISTRY);
172 registry = fopen(buf, "r");
174 syslog(LOG_ERR, "no registry available, all classes are free");
177 while (fgets(class_name, 512, registry)) {
178 colon_idx = strchr(class_name, ':');
179 if (colon_idx != NULL)
181 else if ((len = strlen(class_name)) != 0)
182 class_name[len - 1] = '\0';
187 z = make_string(class_name,1);
188 acl = class_get_acl(z);
192 acl = (Acl *) malloc(sizeof(Acl));
194 syslog(LOG_ERR, "no mem acl alloc");
197 acl->acl_filename = strsave(class_name);
201 /* Try to restrict already existing class */
202 retval = class_restrict(class_name, acl);
203 if (retval == ZSRV_NOCLASS)
204 retval = class_setup_restricted(class_name, acl);
206 retval = class_setup_restricted(class_name, acl);
210 syslog(LOG_ERR, "can't restrict %s: %s",
211 class_name, error_message(retval));
214 zdbug((LOG_DEBUG, "restricted %s", class_name));