acl.hpp 1.23 KB
Newer Older
Swann Perarnau's avatar
Swann Perarnau committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
#ifndef __ACL_H__
#define __ACL_H__

#include "utils.hpp"
#include "defaults.hpp"
#include <map>

using std::map;

#define INVALID_UID	0xffffffff

#ifndef DEFAULT_ACL_CONTROL
#define DEFAULT_ACL_CONTROL	true;  //for tests
#endif


enum Acl_token
{
	ACL_DUMMY,

	ACL_ENABLE_SYSLOG_DEBUG,
	ACL_DISABLE_SYSLOG_INFO,
	ACL_DISABLE_SYSLOG_WARNING,
	ACL_DISABLE_SYSLOG_ERROR,

	ACL_REMOVE_PROCESS,  //from a container
	ACL_ADD_PROCESS,     //to a container


};

class Acl
{
	private:
		string _config_file;
		uid_t _uid;

		map<Acl_token, bool> _single_value_privileges;


		bool _syslog_enable_debug;
		bool _syslog_disable_info;
		bool _syslog_disable_warning;
		bool _syslog_disable_error;

		//These below are not meant to be used
		Acl(const Acl& orig){}
		Acl& operator = (const Acl& orig){ return *this;} 

		void check_config_file();

	public:

		/*uid=-1 means the real uid of the process will be used*/
		Acl(string config_path=DEFAULT_ACL_CONFIG, uid_t uid=INVALID_UID);
		~Acl();

		inline uid_t get_uid() const {return _uid;}

		bool is_allowed(Acl_token token);

		template <typename T>
		bool is_allowed_on(Acl_token token, T& args);

};


template <typename T>
bool Acl::is_allowed_on(Acl_token token, T& args)
{
	return false;
}


#endif //__ACL_H__