1 | /* |
2 | * PROGRAM: JRD Access Method |
3 | * MODULE: scl.h |
4 | * DESCRIPTION: Security class definitions |
5 | * |
6 | * The contents of this file are subject to the Interbase Public |
7 | * License Version 1.0 (the "License"); you may not use this file |
8 | * except in compliance with the License. You may obtain a copy |
9 | * of the License at http://www.Inprise.com/IPL.html |
10 | * |
11 | * Software distributed under the License is distributed on an |
12 | * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express |
13 | * or implied. See the License for the specific language governing |
14 | * rights and limitations under the License. |
15 | * |
16 | * The Original Code was created by Inprise Corporation |
17 | * and its predecessors. Portions created by Inprise Corporation are |
18 | * Copyright (C) Inprise Corporation. |
19 | * |
20 | * All Rights Reserved. |
21 | * Contributor(s): ______________________________________. |
22 | */ |
23 | |
24 | #ifndef JRD_SCL_H |
25 | #define JRD_SCL_H |
26 | |
27 | #include "../common/classes/MetaName.h" |
28 | #include "../common/classes/tree.h" |
29 | #include "../common/security.h" |
30 | |
31 | namespace Jrd { |
32 | |
33 | const size_t ACL_BLOB_BUFFER_SIZE = MAX_USHORT; // used to read/write acl blob |
34 | |
35 | // Security class definition |
36 | |
37 | class SecurityClass |
38 | { |
39 | public: |
40 | typedef USHORT flags_t; |
41 | |
42 | SecurityClass(Firebird::MemoryPool &pool, const Firebird::MetaName& name) |
43 | : scl_flags(0), scl_name(pool, name) |
44 | {} |
45 | |
46 | flags_t scl_flags; // Access permissions |
47 | const Firebird::MetaName scl_name; |
48 | |
49 | static const Firebird::MetaName& generate(const void*, const SecurityClass* item) |
50 | { |
51 | return item->scl_name; |
52 | } |
53 | }; |
54 | |
55 | typedef Firebird::BePlusTree< |
56 | SecurityClass*, |
57 | Firebird::MetaName, |
58 | Firebird::MemoryPool, |
59 | SecurityClass |
60 | > SecurityClassList; |
61 | |
62 | |
63 | const SecurityClass::flags_t SCL_select = 1; // SELECT access |
64 | const SecurityClass::flags_t SCL_drop = 2; // DROP access |
65 | const SecurityClass::flags_t SCL_control = 4; // Control access |
66 | const SecurityClass::flags_t SCL_exists = 8; // At least ACL exists |
67 | const SecurityClass::flags_t SCL_alter = 16; // ALTER access |
68 | const SecurityClass::flags_t SCL_corrupt = 32; // ACL does look too good |
69 | const SecurityClass::flags_t SCL_insert = 64; // INSERT access |
70 | const SecurityClass::flags_t SCL_delete = 128; // DELETE access |
71 | const SecurityClass::flags_t SCL_update = 256; // UPDATE access |
72 | const SecurityClass::flags_t SCL_references = 512; // REFERENCES access |
73 | const SecurityClass::flags_t SCL_execute = 1024; // EXECUTE access |
74 | const SecurityClass::flags_t SCL_usage = 2048; // USAGE access |
75 | |
76 | |
77 | |
78 | // information about the user |
79 | |
80 | const USHORT USR_locksmith = 1; // User has great karma |
81 | const USHORT USR_dba = 2; // User has DBA privileges |
82 | const USHORT USR_owner = 4; // User owns database |
83 | const USHORT USR_trole = 8; // Role was set by trusted auth |
84 | |
85 | |
86 | class UserId |
87 | { |
88 | public: |
89 | Firebird::string usr_user_name; // User name |
90 | Firebird::string usr_sql_role_name; // Role name |
91 | Firebird::string usr_project_name; // Project name |
92 | Firebird::string usr_org_name; // Organization name |
93 | Firebird::string usr_auth_method; // Authentication method |
94 | Auth::UserData::AuthenticationBlock usr_auth_block; // Authentication block like it was passed to engine |
95 | USHORT usr_user_id; // User id |
96 | USHORT usr_group_id; // Group id |
97 | USHORT usr_flags; // Misc. crud |
98 | |
99 | bool locksmith() const |
100 | { |
101 | return usr_flags & (USR_locksmith | USR_owner | USR_dba); |
102 | } |
103 | |
104 | UserId() |
105 | : usr_user_id(0), usr_group_id(0), usr_flags(0) |
106 | { } |
107 | |
108 | UserId(Firebird::MemoryPool& p, const UserId& ui) |
109 | : usr_user_name(p, ui.usr_user_name), |
110 | usr_sql_role_name(p, ui.usr_sql_role_name), |
111 | usr_project_name(p, ui.usr_project_name), |
112 | usr_org_name(p, ui.usr_org_name), |
113 | usr_auth_method(p, ui.usr_auth_method), |
114 | usr_auth_block(p), |
115 | usr_user_id(ui.usr_user_id), |
116 | usr_group_id(ui.usr_group_id), |
117 | usr_flags(ui.usr_flags) |
118 | { |
119 | usr_auth_block.assign(ui.usr_auth_block); |
120 | } |
121 | |
122 | UserId(const UserId& ui) |
123 | : usr_user_name(ui.usr_user_name), |
124 | usr_sql_role_name(ui.usr_sql_role_name), |
125 | usr_project_name(ui.usr_project_name), |
126 | usr_org_name(ui.usr_org_name), |
127 | usr_auth_method(ui.usr_auth_method), |
128 | usr_user_id(ui.usr_user_id), |
129 | usr_group_id(ui.usr_group_id), |
130 | usr_flags(ui.usr_flags) |
131 | { |
132 | usr_auth_block.assign(ui.usr_auth_block); |
133 | } |
134 | |
135 | UserId& operator=(const UserId& ui) |
136 | { |
137 | usr_user_name = ui.usr_user_name; |
138 | usr_sql_role_name = ui.usr_sql_role_name; |
139 | usr_project_name = ui.usr_project_name; |
140 | usr_org_name = ui.usr_org_name; |
141 | usr_auth_method = ui.usr_auth_method; |
142 | usr_user_id = ui.usr_user_id; |
143 | usr_group_id = ui.usr_group_id; |
144 | usr_flags = ui.usr_flags; |
145 | usr_auth_block.assign(ui.usr_auth_block); |
146 | |
147 | return *this; |
148 | } |
149 | }; |
150 | |
151 | // These numbers are arbitrary and only used at run-time. Can be changed if necessary at any moment. |
152 | // We need to include here the new objects that accept ACLs. |
153 | const SLONG SCL_object_database = 1; |
154 | const SLONG SCL_object_table = 2; |
155 | const SLONG SCL_object_package = 3; |
156 | const SLONG SCL_object_procedure = 4; |
157 | const SLONG SCL_object_function = 5; |
158 | const SLONG SCL_object_column = 6; |
159 | const SLONG SCL_object_collation = 7; |
160 | const SLONG SCL_object_exception = 8; |
161 | const SLONG SCL_object_generator = 9; |
162 | const SLONG SCL_object_charset = 10; |
163 | const SLONG SCL_object_domain = 11; |
164 | |
165 | } //namespace Jrd |
166 | |
167 | #endif // JRD_SCL_H |
168 | |