acl.cpp 1.15 KB
Newer Older
Swann Perarnau's avatar
Swann Perarnau committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
#include "acl.hpp"
#include "utils.hpp"
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <cstdlib>


Acl::Acl(string config_file, uid_t uid):
	_config_file(config_file)
{
	if(uid == INVALID_UID)
		_uid = ruid;
	else 
		_uid = uid;

	check_config_file();

	_syslog_disable_info = DEFAULT_ACL_CONTROL;
	_syslog_disable_warning = DEFAULT_ACL_CONTROL;
	_syslog_disable_warning = DEFAULT_ACL_CONTROL;
	_syslog_enable_debug = DEFAULT_ACL_CONTROL;
}

Acl::~Acl()
{
}


void Acl::check_config_file()
{
	struct stat stat_buf;
	if(stat(_config_file.c_str(), &stat_buf) == -1)
		return;

	if(stat_buf.st_uid != 0)
		argo_exit(EXIT_FAILURE, "The ACL config file must be owned by root");

	if((stat_buf.st_mode&S_IWGRP || stat_buf.st_mode& S_IWOTH))
		argo_exit(EXIT_FAILURE, 
				"The ACL config file must be writable only for root. " +
				string(APP_NAME) + " cannot use it! ");
}

bool Acl::is_allowed(Acl_token token)
{
	if(_uid == 0)
		return true; //always allowed for root
	map<Acl_token, bool>::const_iterator it = 
		_single_value_privileges.find(token);
	if(it == _single_value_privileges.end())
		return DEFAULT_ACL_CONTROL;
	return it->second;
}