1 /* authz.h : authz parsing and searching, private to libsvn_repos
3 * ====================================================================
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
20 * ====================================================================
23 #ifndef SVN_REPOS_AUTHZ_H
24 #define SVN_REPOS_AUTHZ_H
27 #include <apr_pools.h>
28 #include <apr_tables.h>
30 #include "svn_config.h"
31 #include "svn_error.h"
33 #include "svn_repos.h"
35 #include "private/svn_string_private.h"
39 #endif /* __cplusplus */
43 * Authz and global group file parsing
46 /* A dictionary of rules that are specific to a particular
47 (user, repository) combination. */
48 typedef struct authz_user_rules_t authz_user_rules_t;
51 /* Access rights in an ACL.
53 * This enum is different from and incompatible with
54 * svn_repos_authz_access_t, because it has different semantics and
55 * encodes rights that are not and should never be exposed in the
58 typedef enum authz_access_t
61 * Individual access flags
64 /* TODO: Future extension for lookup/traverse access.
65 authz_access_lookup_flag = 0x10, */
67 /* Read access allows listing directory entries, reading file
68 contents and reading properties of files and directories. */
69 authz_access_read_flag = 0x20,
71 /* Write access allows adding, removing and renaming directory
72 entries, modifying file contents and adding, removing and
73 modifying properties of files and directories. */
74 authz_access_write_flag = 0x40,
77 * Combined access flags
81 authz_access_none = 0,
84 /* TODO: Lookup access is a synonym for the lookup flag.
85 authz_access_lookup = authz_access_lookup_flag, */
87 /* Read access (TODO: implies lookup access). */
88 authz_access_read = authz_access_read_flag /* TODO: | authz_access_lookup */,
90 /* Write access implies read (TODO: and lookup) access. */
91 authz_access_write = authz_access_write_flag | authz_access_read
95 /* Accumulated rights for (user, repository). */
96 typedef struct authz_rights_t
98 /* The lowest level of access that the user has to every
99 path in the repository. */
100 authz_access_t min_access;
102 /* The highest level of access that the user has to
103 any path in the repository. */
104 authz_access_t max_access;
108 /* Accumulated global rights for a specific user. */
109 typedef struct authz_global_rights_t
114 /* Accumulated rights for this user from rules that are not
115 repository-specific. We use this to avoid a hash lookup for the
116 "any" repository rights. */
117 authz_rights_t any_repos_rights;
119 /* Accumulated rights for this user across all repositories. */
120 authz_rights_t all_repos_rights;
122 /* Accumulated rights for specific repositories.
123 The key is repository name, the value is an authz_rights_t*. */
124 apr_hash_t *per_repos_rights;
125 } authz_global_rights_t;
128 /* Immutable authorization info */
129 typedef struct authz_full_t
131 /* All ACLs from the authz file, in the order of definition. */
132 apr_array_header_t *acls;
134 /* Globally accumulated rights for anonymous access. */
135 svn_boolean_t has_anon_rights;
136 authz_global_rights_t anon_rights;
138 /* Globally accumulated rights for authenticated users. */
139 svn_boolean_t has_authn_rights;
140 authz_global_rights_t authn_rights;
142 /* Globally accumulated rights, for all concrete users mentioned
143 in the authz file. The key is the user name, the value is
144 an authz_global_rights_t*. */
145 apr_hash_t *user_rights;
147 /* The pool from which all the parsed authz data is allocated.
148 This is the RESULT_POOL passed to svn_authz__tng_parse.
150 It's a good idea to dedicate a pool for the authz structure, so
151 that the whole authz representation can be deallocated by
152 destroying the pool. */
157 /* Dynamic authorization info */
160 /* The parsed and pre-processed contents of the authz file. */
163 /* Identifies the authz model content
164 * (a hash value that can be used for e.g. cache lookups). */
165 svn_membuf_t *authz_id;
167 /* Rules filtered for a particular user-repository combination.
169 authz_user_rules_t *filtered;
171 /* The pool from which all the parsed authz data is allocated.
172 This is the RESULT_POOL passed to svn_authz__tng_parse.
174 It's a good idea to dedicate a pool for the authz structure, so
175 that the whole authz representation can be deallocated by
176 destroying the pool. */
181 /* Rule path segment descriptor. */
182 typedef struct authz_rule_segment_t
184 /* The segment type. */
186 /* A literal string match.
187 The path segment must exactly match the pattern.
189 Note: Make sure this is always the first constant in the
190 enumeration, otherwise rules that match the repository
191 root will not sort first in the ACL list and the implicit
192 default no-access ACE will not be applied correctly. */
195 /* A prefix match: a literal string followed by '*'.
196 The path segment must begin with the literal prefix. */
199 /* A suffix match: '*' followed by a literal string.
200 The path segment must end with the literal suffix.
201 The pattern is stored reversed, so that the matching code can
202 perform a prefix match on the reversed path segment. */
206 Matches any single non-empty path segment.
207 The pattern will be an empty string. */
208 authz_rule_any_segment,
211 Matches any sequence of zero or more path segments.
212 The pattern will be an empty string. */
213 authz_rule_any_recursive,
215 /* Any other glob/fnmatch pattern. */
219 /* The pattern for this path segment.
220 Any no-op fnmatch escape sequences (i.e., those that do not
221 escape a wildcard or character class) are stripped from the
224 The pattern string will be interned; therefore, two identical
225 rule patterns will always contain the same pointer value and
226 equality can therefore be tested by comparing the pointer
227 values and segment kinds. */
228 svn_string_t pattern;
229 } authz_rule_segment_t;
231 /* Rule path descriptor. */
232 typedef struct authz_rule_t
234 /* The repository that this rule applies to. This will be the empty
235 string string if a the rule did not name a repository. The
236 repository name is interned. */
239 /* The number of segments in the rule path. */
242 /* The array of path segments for this rule. Will be NULL for the
244 authz_rule_segment_t *path;
248 /* An access control list defined by access rules. */
249 typedef struct authz_acl_t
251 /* The sequence number of the ACL stores the order in which access
252 rules were defined in the authz file. The authz lookup code
253 selects the highest-numbered ACL from amongst a set of equivalent
257 /* The parsed rule. */
260 /* Access rights for anonymous users */
261 svn_boolean_t has_anon_access;
262 authz_access_t anon_access;
264 /* Access rights for authenticated users */
265 svn_boolean_t has_authn_access;
266 authz_access_t authn_access;
268 /* All other user- or group-specific access rights.
269 Aliases are replaced with their definitions, rules for the same
270 user or group are merged. */
271 apr_array_header_t *user_access;
275 /* An access control entry in authz_acl_t::user_access. */
276 typedef struct authz_ace_t
278 /* The name of the alias, user or group that this ACE applies to. */
281 /* The set of group members, when NAME is the name of a group.
282 We store this reference in the ACE to save a hash lookup when
283 resolving access for group ACEs.
287 /* True if this is an inverse-match rule. */
288 svn_boolean_t inverted;
290 /* The access rights defined by this ACE. */
291 authz_access_t access;
295 /* Parse authz definitions from RULES and optional global group
296 * definitions from GROUPS, returning an immutable, in-memory
297 * representation of all the rules, groups and aliases.
299 * **AUTHZ and its contents will be allocated from RESULT_POOL.
300 * The function uses SCRATCH_POOL for temporary allocations.
303 svn_authz__parse(authz_full_t **authz,
305 svn_stream_t *groups,
306 apr_pool_t *result_pool,
307 apr_pool_t *scratch_pool);
310 /* Reverse a STRING of length LEN in place. */
312 svn_authz__reverse_string(char *string, apr_size_t len);
315 /* Compare two rules in lexical order by path only. */
317 svn_authz__compare_paths(const authz_rule_t *a, const authz_rule_t *b);
319 /* Compare two rules in path lexical order, then repository lexical order. */
321 svn_authz__compare_rules(const authz_rule_t *a, const authz_rule_t *b);
325 * Authorization lookup
328 /* The "anonymous" user for authz queries. */
329 #define AUTHZ_ANONYMOUS_USER ((const char*)"")
331 /* Rules with this repository name apply to all repositories. */
332 #define AUTHZ_ANY_REPOSITORY ((const char*)"")
334 /* Check if the ACL applies to the REPOS pair. */
336 svn_authz__acl_applies_to_repo(const authz_acl_t *acl,
339 /* Check if the ACL applies to the (USER, REPOS) pair. If it does,
340 * and ACCESS is not NULL, set *ACCESS to the actual access rights for
341 * the user in this repository.
344 svn_authz__get_acl_access(authz_access_t *access,
345 const authz_acl_t *acl,
346 const char *user, const char *repos);
349 /* Set *RIGHTS to the accumulated global access rights calculated in
350 * AUTHZ for (USER, REPOS).
351 * Return TRUE if the rights are explicit (i.e., an ACL for REPOS
352 * applies to USER, or REPOS is AUTHZ_ANY_REPOSITORY).
355 svn_authz__get_global_rights(authz_rights_t *rights,
356 const authz_full_t *authz,
357 const char *user, const char *repos);
362 #endif /* __cplusplus */
364 #endif /* SVN_REPOS_AUTHZ_H */