1
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
4
* Copyright (C) 2010 Monty Taylor <mordred@inaugust.com>
5
* Copyright (C) 2011 Canonical, Ltd.
6
* Author: Clint Byrum <clint.byrum@canonical.com>
8
* Copied from simple_user_policy
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License as published by
12
* the Free Software Foundation; version 2 of the License.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program; if not, write to the Free Software
21
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25
#ifndef PLUGIN_REGEX_POLICY_POLICY_H
26
#define PLUGIN_REGEX_POLICY_POLICY_H
31
#include <boost/regex.hpp>
32
#include <boost/unordered_map.hpp>
33
#include <boost/thread/mutex.hpp>
35
#include <drizzled/configmake.h>
36
#include <drizzled/plugin/authorization.h>
38
namespace fs= boost::filesystem;
40
namespace regex_policy
43
static const fs::path DEFAULT_POLICY_FILE= SYSCONFDIR "/drizzle.policy";
45
static const char *comment_regex = "^[[:space:]]*#.*$";
46
static const char *empty_regex = "^[[:space:]]*$";
47
static const char *table_match_regex = "^([^ ]+) table\\=([^ ]+) (ACCEPT|DENY)$";
48
static const char *process_match_regex = "^([^ ]+) process\\=([^ ]+) (ACCEPT|DENY)$";
49
static const char *schema_match_regex = "^([^ ]+) schema\\=([^ ]+) (ACCEPT|DENY)$";
50
/* These correspond to the parenthesis above and must stay in sync */
51
static const int MATCH_REGEX_USER_POS= 1;
52
static const int MATCH_REGEX_OBJECT_POS= 2;
53
static const int MATCH_REGEX_ACTION_POS= 3;
63
const std::string user;
64
const std::string object;
65
const boost::regex user_re;
66
const boost::regex object_re;
69
PolicyItem(const std::string &u, const std::string &obj, const std::string &act) :
77
action = POLICY_ACCEPT;
79
else if (act == "DENY")
85
throw std::exception();
88
bool userMatches(std::string &str);
89
bool objectMatches(std::string &object_id);
91
const std::string&getUser() const
95
const std::string&getObject() const
99
const char *getAction() const
101
return action == POLICY_ACCEPT ? "ACCEPT" : "DENY";
105
typedef std::list<PolicyItem *> PolicyItemList;
106
typedef boost::unordered_map<std::string, bool> CheckMap;
108
static boost::mutex check_cache_mutex;
115
bool has_cached_result;
117
CheckMap **check_cache;
119
CheckItem(const std::string &u, const std::string &obj, CheckMap **check_cache);
120
bool operator()(PolicyItem *p);
121
bool hasCachedResult() const
123
return has_cached_result;
125
bool getCachedResult() const
127
return cached_result;
129
void setCachedResult(bool result);
132
inline bool PolicyItem::userMatches(std::string &str)
134
return boost::regex_match(str, user_re);
137
inline bool PolicyItem::objectMatches(std::string &object_id)
139
return boost::regex_match(object_id, object_re);
142
inline bool PolicyItem::isRestricted()
144
return action == POLICY_DENY ? true : false;
147
void clearPolicyItemList(PolicyItemList policies);
150
public drizzled::plugin::Authorization
153
Policy(const fs::path &f_path) :
154
drizzled::plugin::Authorization("Regex Policy"), policy_file(f_path), error(),
155
table_check_cache(NULL), schema_check_cache(NULL), process_check_cache(NULL)
158
virtual bool restrictSchema(const drizzled::identifier::User &user_ctx,
159
drizzled::identifier::Schema::const_reference schema);
161
virtual bool restrictProcess(const drizzled::identifier::User &user_ctx,
162
const drizzled::identifier::User &session_ctx);
164
virtual bool restrictTable(drizzled::identifier::User::const_reference user_ctx,
165
drizzled::identifier::Table::const_reference table);
168
std::stringstream &getError() { return error; }
171
bool restrictObject(const drizzled::identifier::User &user_ctx,
172
const std::string &obj, const PolicyItemList &policies,
173
CheckMap **check_cache);
174
fs::path policy_file;
175
std::stringstream error;
176
PolicyItemList table_policies;
177
PolicyItemList schema_policies;
178
PolicyItemList process_policies;
179
CheckMap *table_check_cache;
180
CheckMap *schema_check_cache;
181
CheckMap *process_check_cache;
184
} /* namespace regex_policy */
186
#endif /* PLUGIN_REGEX_POLICY_POLICY_H */