/usr/include/wvstreams/unisecuregen.h is in libwvstreams-dev 4.6.1-11.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | /* -*- Mode: C++ -*-
* Worldvisions Weaver Software:
* Copyright (C) 1997-2002 Net Integration Technologies, Inc.
*
*/
#ifndef __UNISECUREGEN_H
#define __UNISECUREGEN_H
#include "unifiltergen.h"
#include "unipermgen.h"
#include "wvstring.h"
#include "wvstringlist.h"
/**
* UniSecureGen wraps a given generator and checks permissions (using a
* Unix-style scheme) before responding to requests. The permissions for
* generator gen are stored in a parallel tree, perms.
*
* It is up to the caller to ensure that the UniPermGen is itself secure.
* (The easiest way is probably to back it with an ini file in a secure
* directory.) Note that there is a race condition here: there is no locking
* to be sure that the UniPermGen is not altered while a key is being looked
* up. This could come into play, for instance, if the exec permission is
* removed from a subtree while the UniSecureGen is in the middle of
* drilldown().
*
* UniSecureGen can be created with a moniker, but only if the particular
* implementation of file permissions you want is UniPermGen. Otherwise,
* create a different kind of UniPermGen yourself, pass it to the
* constructor of this class, and mount it in your UniConf by hand.
*/
class UniSecureGen : public UniFilterGen
{
UniPermGen *perms;
UniPermGen::Credentials cred;
public:
UniSecureGen(IUniConfGen *_gen, UniPermGen *_perms);
UniSecureGen(WvStringParm moniker, UniPermGen *_perms = NULL);
void setcredentials(const UniPermGen::Credentials &_cred);
void setcredentials(WvStringParm user, const WvStringList &groups);
/** Overridden methods */
virtual void flush_buffers() { }
virtual WvString get(const UniConfKey &key);
virtual bool exists(const UniConfKey &key);
virtual void set(const UniConfKey &key, WvStringParm value);
virtual bool haschildren(const UniConfKey &key);
virtual Iter *iterator(const UniConfKey &key);
virtual Iter *recursiveiterator(const UniConfKey &key);
virtual bool refresh();
virtual void commit();
private:
/** Check the perms tree for the given permission */
bool findperm(const UniConfKey &key, UniPermGen::Type type);
/**
* Search the fullpath of key to be sure we are able to view each
* element. If we ever find a missing exec permission, return false
* immediately.
*/
bool drilldown(const UniConfKey &key);
/** Override gencallback to check for permissions before sending a delta */
virtual void gencallback(const UniConfKey &key, WvStringParm value);
};
#endif // __UNISECUREGEN_H
|