[gomd-devel] <DAEMON>: W.I.P: ACL-support status.

gomd-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gomd-devel] <DAEMON>: W.I.P: ACL-support status.

From:	Gian Paolo Ghilardi
Subject:	[gomd-devel] <DAEMON>: W.I.P: ACL-support status.
Date:	Sat, 5 Jul 2003 02:56:50 +0200

Hi all.
As written above, I'm workin on ACL stuff.

Thesere are CVS notes abot this new feature.


CVS NOTES:

(N) added a new class: aclCheck.h/aclCheck.cpp => its purpose is provide a
simple ACL support.
(N) added a simple ACL config file: etc/acl.conf
(N) all functions returning an info-value now are classified as std (no
special permissions required) or special  (special permissions required).

IN aclCheck.h/aclCheck.cpp
(N) this class creates an ACL map from a config file (default is
"etc/acl.conf") and checks permissions.
(+) added aclCheck(), aclCheck() #2, fillAclMap(),
getAssociatedSecurityLevel(), convertMacros(), validatePermissions()
function.

Some notes about how this class works:
1)CREATING THE OBJECT
- the constructor gets local ip and the file with the acl configuration.
Then calls fillAclMap() function.
- fillAclMap() function opens acl config file, parse it and stores a map
with pairs <IP:SECURITY_LEVEL> (check etc/acl.conf for more infos)
2)USING THE OBJECT
- validatePermissions() is called the it calls getAssociatedSecurityLevel()
function
- getAssociatedSecurityLevel() function searches the ACL map for the
security level associated to the provided ip.
- now validatePermissions()
  * returns false
    => the ip is not allowed at all
    => if the function to call requires special permissions and the IP has
not a such kind of authorization
  * returns true
    => if the IP is allowed and requires a std function (no special
permission required to run it)
    => if the function to call requires special permissions and the IP has a
such kind of authorization

The idea is activate this security stuff while processiing a client's
command, before calling a specific function by its ID (integer).

IN gomd.cpp
(+) added a simple ACL test.
     As in acl.conf local node has full permissions, if you test locally
gomd via telnet,
     program will print "0" value on the shell (==ACL_FULL_CONTROL).
     Please notice this value is related to local node (even if conn is from
a remote node).

IN etc/acl.conf
(+) added ACL_FULL_CONTROL for local node



As usual I'd like to see comments... ;)

CU.

<rejected>

[Prev in Thread]

Current Thread

[Next in Thread]

[gomd-devel] <DAEMON>: W.I.P: ACL-support status., Gian Paolo Ghilardi <=
- Re: [gomd-devel] <DAEMON>: W.I.P: ACL-support status., Matthias Rechenburg, 2003/07/05
  - Re: [gomd-devel] <DAEMON>: W.I.P: ACL-support status., Gian Paolo Ghilardi, 2003/07/05

Prev by Date: Re: [gomd-devel] <DAEMON> .plan
Next by Date: [gomd-devel] <SCRIPTS> Cosmetics
Previous by thread: [gomd-devel] <DAEMON> .plan
Next by thread: Re: [gomd-devel] <DAEMON>: W.I.P: ACL-support status.
Index(es):
- Date
- Thread