Macros | |
| #define | ACCESS_RIGHT(c) ( 1 << (c - 'A') ) |
| Map an uppercase letter to an Access Right. More... | |
| #define | ACCESS_ADMIN ACCESS_RIGHT('A') |
| #define | ACCESS_SERVICE ACCESS_RIGHT('S') |
| #define | ACCESS_CONFIG ACCESS_RIGHT('F') |
| #define | ACCESS_OPERATE ACCESS_RIGHT('T') |
| #define | ACCESS_DELETE ACCESS_RIGHT('D') |
| #define | ACCESS_CREATE ACCESS_RIGHT('C') |
| #define | ACCESS_EXECUTE ACCESS_RIGHT('X') |
| #define | ACCESS_WRITE ACCESS_RIGHT('W') |
| #define | ACCESS_READ ACCESS_RIGHT('R') |
| #define | ACCESS_PROVE ACCESS_RIGHT('P') |
| #define | ACCESS_KNOW ACCESS_RIGHT('K') |
| #define | ACCESS_OWNER ACCESS_RIGHT('O') |
| #define | ACCESS_VISITOR ACCESS_RIGHT('V') |
| #define | ACCESS_FORBIDDEN 0 |
| #define | ACCESS_ADMIN_UP ( ACCESS_ADMIN | 0 ) |
| #define | ACCESS_SERVICE_UP ( ACCESS_SERVICE | ACCESS_ADMIN_UP ) |
| #define | ACCESS_CONFIG_UP ( ACCESS_CONFIG | ACCESS_SERVICE_UP ) |
| #define | ACCESS_OPERATE_UP ( ACCESS_OPERATE | ACCESS_CONFIG_UP ) |
| #define | ACCESS_DELETE_UP ( ACCESS_DELETE | ACCESS_OPERATE_UP ) |
| #define | ACCESS_CREATE_UP ( ACCESS_CREATE | ACCESS_DELETE_UP ) |
| #define | ACCESS_EXECUTE_UP ( ACCESS_EXECUTE | ACCESS_CREATE_UP ) |
| #define | ACCESS_WRITE_UP ( ACCESS_WRITE | ACCESS_EXECUTE_UP ) |
| #define | ACCESS_READ_UP ( ACCESS_READ | ACCESS_WRITE_UP ) |
| #define | ACCESS_PROVE_UP ( ACCESS_PROVE | ACCESS_READ_UP ) |
| #define | ACCESS_KNOW_UP ( ACCESS_KNOW | ACCESS_PROVE_UP ) |
| #define | ACCESS_OWNER_UP ( ACCESS_OWNER | ACCESS_KNOW_UP ) |
| #define | ACCESS_VISITOR_UP ( ACCESS_VISITOR | ACCESS_OWNER_UP ) |
| #define | ACCESS_ADMIN_DOWN ( ACCESS_ADMIN | ACCESS_SERVICE_DOWN ) |
| #define | ACCESS_SERVICE_DOWN ( ACCESS_SERVICE | ACCESS_CONFIG_DOWN ) |
| #define | ACCESS_CONFIG_DOWN ( ACCESS_CONFIG | ACCESS_OPERATE_DOWN ) |
| #define | ACCESS_OPERATE_DOWN ( ACCESS_OPERATE | ACCESS_DELETE_DOWN ) |
| #define | ACCESS_DELETE_DOWN ( ACCESS_DELETE | ACCESS_CREATE_DOWN ) |
| #define | ACCESS_CREATE_DOWN ( ACCESS_CREATE | ACCESS_EXECUTE_DOWN ) |
| #define | ACCESS_EXECUTE_DOWN ( ACCESS_EXECUTE | ACCESS_WRITE_DOWN ) |
| #define | ACCESS_WRITE_DOWN ( ACCESS_WRITE | ACCESS_READ_DOWN ) |
| #define | ACCESS_READ_DOWN ( ACCESS_READ | ACCESS_PROVE_DOWN ) |
| #define | ACCESS_PROVE_DOWN ( ACCESS_PROVE | ACCESS_KNOW_DOWN ) |
| #define | ACCESS_KNOW_DOWN ( ACCESS_KNOW | ACCESS_OWNER_DOWN ) |
| #define | ACCESS_OWNER_DOWN ( ACCESS_OWNER | ACCESS_VISITOR_DOWN ) |
| #define | ACCESS_VISITOR_DOWN ( ACCESS_VISITOR | 0 ) |
Typedefs | |
| typedef rules_domain | access_domain |
| Access Domains are UTF-8 representations of a Fully Qualified Domain Name. More... | |
| typedef rules_type | access_type |
| Access Types are 128-bit "well-known service
identities". More... | |
| typedef rules_name | access_name |
| Access Names represent instances of an Access Type. More... | |
| typedef rules_flags | access_rights |
| Access Rights in a bit mask. More... | |
Detailed Description
Access defines a number of types. Several of them are taken from a lower layer, namely the Rules. This lower layer is more abstract and we redefine or wrap several of these lower types to form higher-level concepts.
Macro Definition Documentation
◆ ACCESS_RIGHT
| #define ACCESS_RIGHT | ( | c | ) | ( 1 << (c - 'A') ) |
Map an uppercase letter to an Access Right.
Use bit 0 for 'A', bit 1 for 'B' and so on. Only capital letters are mapped, and the caller should be certain not to map anything else to a Rules Flag.
This definition is the same as RULES_FLAG().
Typedef Documentation
◆ access_domain
| typedef rules_domain access_domain |
Access Domains are UTF-8 representations of a Fully Qualified Domain Name.
These names have no initial or trailing dots, they have at least one inner dot and they have been mapped from the DNS wire format Punycode for international names to UTF-8. The wire form was a valid DNS name.
Note the value of this mapping: Code should have only one form to deal with, and Punycode is both specific to one protocol and confusing. It also cannot be processed like any other internationalised code. So we choose an internal form that maps to a standard form.
See A2ID_BUFSIZE for a discussion of the size that a domain in this form can take. This is normally supported as part of the a2id_t and a2sel_t definitions in ARPA2 software.
The NULL value is invalid as an Access Domain. This means that software can use it to indicate absense of a domain in places where it accepts optional parameters.
This definition is the same as for rules_domain. It can be stored in LDAP as an accessDomain attribute.
◆ access_name
| typedef rules_name access_name |
Access Names represent instances of an Access Type.
Where the Access Type is "well-known", it is instantiated by an access_domain and this Access Name. The general Access Name format is a UTF-8 string with a NUL terminator, but its format is defined by the Access Type.
The purpose of the Access Name is to allow generic software to fill it, perhaps with user-supplied templates or regular expressions taking content from an application's context. This allows the generation of an Access Name even in applications that are not aware of the semantics of an Access Type. As an example, a generic web server may take elements from the path and/or query paramters and use those in a string templated that is printed into an environment variable to be supplied to some software for Access Control.
The value NULL is not a proper access_name. Depending on the definition for the given access_type, an empty string may be a valid form. Note that this means that NULL can be used to indicate absense of an Rules Name in places where software can optionally handle Rules Names.
This definition is the same as for rules_name.
◆ access_rights
| typedef rules_flags access_rights |
Access Rights in a bit mask.
Access may set Rights named A through Z in short FLAGS words. Encode A in bit 0 through Z in bit 25 of a 32-bit unsigned integer.
This definition is the same as rules_flags.
◆ access_type
| typedef rules_type access_type |
Access Types are 128-bit "well-known service identities".
We write an Access Type in UUID form, but code that prepares for taking it up use the canonical form of 16 bytes of which the UUID shows the per-byte hex form with a couple of dashes. These 16 bytes are used in message digests.
The Access Type serves as a "well-known identifier" for a class of uses. For instance, we might have one for the idea of "file storage" that could span many application areas but be the same across vendors and protocols and software suites. Or we might have one for "git access", regardless of the method being SSH, HTTPS, local file system or other.
Access Types need further refinment to properly localise them. First of all, the rules_domain has to be distinguished, so policy rights assigned in one domain cannot pass over to another domain. Furthermore, every Access Types defines a UTF-8 string format for an access_name that can distinguish instances within the well-known class below the domain. In the Git example, the Access Name could be a name for a repository.
The all-zero value is not a valid access_type. This means that zeroing an rules_type will not cause presumptious use of a valid access_type.
This definition is the same as for rules_type.
