1/*
2 * PROGRAM: JRD Access Method
3 * MODULE: scl.h
4 * DESCRIPTION: Security class definitions
5 *
6 * The contents of this file are subject to the Interbase Public
7 * License Version 1.0 (the "License"); you may not use this file
8 * except in compliance with the License. You may obtain a copy
9 * of the License at http://www.Inprise.com/IPL.html
10 *
11 * Software distributed under the License is distributed on an
12 * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
13 * or implied. See the License for the specific language governing
14 * rights and limitations under the License.
15 *
16 * The Original Code was created by Inprise Corporation
17 * and its predecessors. Portions created by Inprise Corporation are
18 * Copyright (C) Inprise Corporation.
19 *
20 * All Rights Reserved.
21 * Contributor(s): ______________________________________.
22 */
23
24#ifndef JRD_SCL_H
25#define JRD_SCL_H
26
27#include "../common/classes/MetaName.h"
28#include "../common/classes/tree.h"
29#include "../common/security.h"
30
31namespace Jrd {
32
33const size_t ACL_BLOB_BUFFER_SIZE = MAX_USHORT; // used to read/write acl blob
34
35// Security class definition
36
37class SecurityClass
38{
39public:
40 typedef USHORT flags_t;
41
42 SecurityClass(Firebird::MemoryPool &pool, const Firebird::MetaName& name)
43 : scl_flags(0), scl_name(pool, name)
44 {}
45
46 flags_t scl_flags; // Access permissions
47 const Firebird::MetaName scl_name;
48
49 static const Firebird::MetaName& generate(const void*, const SecurityClass* item)
50 {
51 return item->scl_name;
52 }
53};
54
55typedef Firebird::BePlusTree<
56 SecurityClass*,
57 Firebird::MetaName,
58 Firebird::MemoryPool,
59 SecurityClass
60> SecurityClassList;
61
62
63const SecurityClass::flags_t SCL_select = 1; // SELECT access
64const SecurityClass::flags_t SCL_drop = 2; // DROP access
65const SecurityClass::flags_t SCL_control = 4; // Control access
66const SecurityClass::flags_t SCL_exists = 8; // At least ACL exists
67const SecurityClass::flags_t SCL_alter = 16; // ALTER access
68const SecurityClass::flags_t SCL_corrupt = 32; // ACL does look too good
69const SecurityClass::flags_t SCL_insert = 64; // INSERT access
70const SecurityClass::flags_t SCL_delete = 128; // DELETE access
71const SecurityClass::flags_t SCL_update = 256; // UPDATE access
72const SecurityClass::flags_t SCL_references = 512; // REFERENCES access
73const SecurityClass::flags_t SCL_execute = 1024; // EXECUTE access
74const SecurityClass::flags_t SCL_usage = 2048; // USAGE access
75
76
77
78// information about the user
79
80const USHORT USR_locksmith = 1; // User has great karma
81const USHORT USR_dba = 2; // User has DBA privileges
82const USHORT USR_owner = 4; // User owns database
83const USHORT USR_trole = 8; // Role was set by trusted auth
84
85
86class UserId
87{
88public:
89 Firebird::string usr_user_name; // User name
90 Firebird::string usr_sql_role_name; // Role name
91 Firebird::string usr_project_name; // Project name
92 Firebird::string usr_org_name; // Organization name
93 Firebird::string usr_auth_method; // Authentication method
94 Auth::UserData::AuthenticationBlock usr_auth_block; // Authentication block like it was passed to engine
95 USHORT usr_user_id; // User id
96 USHORT usr_group_id; // Group id
97 USHORT usr_flags; // Misc. crud
98
99 bool locksmith() const
100 {
101 return usr_flags & (USR_locksmith | USR_owner | USR_dba);
102 }
103
104 UserId()
105 : usr_user_id(0), usr_group_id(0), usr_flags(0)
106 { }
107
108 UserId(Firebird::MemoryPool& p, const UserId& ui)
109 : usr_user_name(p, ui.usr_user_name),
110 usr_sql_role_name(p, ui.usr_sql_role_name),
111 usr_project_name(p, ui.usr_project_name),
112 usr_org_name(p, ui.usr_org_name),
113 usr_auth_method(p, ui.usr_auth_method),
114 usr_auth_block(p),
115 usr_user_id(ui.usr_user_id),
116 usr_group_id(ui.usr_group_id),
117 usr_flags(ui.usr_flags)
118 {
119 usr_auth_block.assign(ui.usr_auth_block);
120 }
121
122 UserId(const UserId& ui)
123 : usr_user_name(ui.usr_user_name),
124 usr_sql_role_name(ui.usr_sql_role_name),
125 usr_project_name(ui.usr_project_name),
126 usr_org_name(ui.usr_org_name),
127 usr_auth_method(ui.usr_auth_method),
128 usr_user_id(ui.usr_user_id),
129 usr_group_id(ui.usr_group_id),
130 usr_flags(ui.usr_flags)
131 {
132 usr_auth_block.assign(ui.usr_auth_block);
133 }
134
135 UserId& operator=(const UserId& ui)
136 {
137 usr_user_name = ui.usr_user_name;
138 usr_sql_role_name = ui.usr_sql_role_name;
139 usr_project_name = ui.usr_project_name;
140 usr_org_name = ui.usr_org_name;
141 usr_auth_method = ui.usr_auth_method;
142 usr_user_id = ui.usr_user_id;
143 usr_group_id = ui.usr_group_id;
144 usr_flags = ui.usr_flags;
145 usr_auth_block.assign(ui.usr_auth_block);
146
147 return *this;
148 }
149};
150
151// These numbers are arbitrary and only used at run-time. Can be changed if necessary at any moment.
152// We need to include here the new objects that accept ACLs.
153const SLONG SCL_object_database = 1;
154const SLONG SCL_object_table = 2;
155const SLONG SCL_object_package = 3;
156const SLONG SCL_object_procedure = 4;
157const SLONG SCL_object_function = 5;
158const SLONG SCL_object_column = 6;
159const SLONG SCL_object_collation = 7;
160const SLONG SCL_object_exception = 8;
161const SLONG SCL_object_generator = 9;
162const SLONG SCL_object_charset = 10;
163const SLONG SCL_object_domain = 11;
164
165} //namespace Jrd
166
167#endif // JRD_SCL_H
168