acl.cpp 1.15 KB
Newer Older
Swann Perarnau's avatar
Swann Perarnau committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include "acl.hpp"
#include "utils.hpp"
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <cstdlib>


Acl::Acl(string config_file, uid_t uid):
	_config_file(config_file)
{
	if(uid == INVALID_UID)
		_uid = ruid;
	else 
		_uid = uid;

	check_config_file();

	_syslog_disable_info = DEFAULT_ACL_CONTROL;
	_syslog_disable_warning = DEFAULT_ACL_CONTROL;
	_syslog_disable_warning = DEFAULT_ACL_CONTROL;
	_syslog_enable_debug = DEFAULT_ACL_CONTROL;
}

Acl::~Acl()
{
}


void Acl::check_config_file()
{
	struct stat stat_buf;
	if(stat(_config_file.c_str(), &stat_buf) == -1)
		return;

	if(stat_buf.st_uid != 0)
		argo_exit(EXIT_FAILURE, "The ACL config file must be owned by root");

	if((stat_buf.st_mode&S_IWGRP || stat_buf.st_mode& S_IWOTH))
		argo_exit(EXIT_FAILURE, 
				"The ACL config file must be writable only for root. " +
				string(APP_NAME) + " cannot use it! ");
}

bool Acl::is_allowed(Acl_token token)
{
	if(_uid == 0)
		return true; //always allowed for root
	map<Acl_token, bool>::const_iterator it = 
		_single_value_privileges.find(token);
	if(it == _single_value_privileges.end())
		return DEFAULT_ACL_CONTROL;
	return it->second;
}