[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gomd-devel] <DAEMON>: W.I.P: ACL-support status.
From: |
Gian Paolo Ghilardi |
Subject: |
[gomd-devel] <DAEMON>: W.I.P: ACL-support status. |
Date: |
Sat, 5 Jul 2003 02:56:50 +0200 |
Hi all.
As written above, I'm workin on ACL stuff.
Thesere are CVS notes abot this new feature.
CVS NOTES:
(N) added a new class: aclCheck.h/aclCheck.cpp => its purpose is provide a
simple ACL support.
(N) added a simple ACL config file: etc/acl.conf
(N) all functions returning an info-value now are classified as std (no
special permissions required) or special (special permissions required).
IN aclCheck.h/aclCheck.cpp
(N) this class creates an ACL map from a config file (default is
"etc/acl.conf") and checks permissions.
(+) added aclCheck(), aclCheck() #2, fillAclMap(),
getAssociatedSecurityLevel(), convertMacros(), validatePermissions()
function.
Some notes about how this class works:
1)CREATING THE OBJECT
- the constructor gets local ip and the file with the acl configuration.
Then calls fillAclMap() function.
- fillAclMap() function opens acl config file, parse it and stores a map
with pairs <IP:SECURITY_LEVEL> (check etc/acl.conf for more infos)
2)USING THE OBJECT
- validatePermissions() is called the it calls getAssociatedSecurityLevel()
function
- getAssociatedSecurityLevel() function searches the ACL map for the
security level associated to the provided ip.
- now validatePermissions()
* returns false
=> the ip is not allowed at all
=> if the function to call requires special permissions and the IP has
not a such kind of authorization
* returns true
=> if the IP is allowed and requires a std function (no special
permission required to run it)
=> if the function to call requires special permissions and the IP has a
such kind of authorization
The idea is activate this security stuff while processiing a client's
command, before calling a specific function by its ID (integer).
IN gomd.cpp
(+) added a simple ACL test.
As in acl.conf local node has full permissions, if you test locally
gomd via telnet,
program will print "0" value on the shell (==ACL_FULL_CONTROL).
Please notice this value is related to local node (even if conn is from
a remote node).
IN etc/acl.conf
(+) added ACL_FULL_CONTROL for local node
As usual I'd like to see comments... ;)
CU.
<rejected>
- [gomd-devel] <DAEMON>: W.I.P: ACL-support status.,
Gian Paolo Ghilardi <=