⟦d76229feb⟧

TextFile

with Action;
with Simple_Status;
with Bounded_String;
with Directory;

with Machine;

package Access_List_Tools is

    subtype Name is String;  -- an object name

    subtype Access_Class is String;  -- of only the following characters:
    Read   : constant Character := 'R';  -- objects and worlds
    Write  : constant Character := 'W';  -- objects only
    Delete : constant Character := 'D';  -- worlds only; same bit as W
    Create : constant Character := 'C';  -- worlds only
    Owner  : constant Character := 'O';  -- worlds only


    -- An object string name is as defined by the directory
    -- package.  No wilcards are accepted;  each operation in this
    -- package operates on one object.

    subtype Acl is String;
    Max_Acl_Length : constant := 512;  -- max length for access list string
    -- The max size will not be exceeded when an Acl is returned.



    -- String representations of access lists have the following syntax:
    --  Acl       ::= Acl_Entry [',' Acl_Entry]*
    --  Acl_Entry ::= Group '=>' Access
    --  Group     ::= Identifier
    --  Access    ::= Acc_Type+
    --  Acc_Type  ::= 'R' | 'W' | 'D' | 'C' | 'O' |
    --                'r' | 'w' | 'd' | 'c' | 'o'
    --  Examples:  "Phil => R , TRW => rw",  "Public=>RCOD"

    Access_Tools_Error : exception;  -- Raised by functions

    function  Get (For_Object : Name)              return Acl;
    function  Get (For_Object : Directory.Version) return Acl;
    procedure Get (For_Object :        Name;
                   List       : out    Bounded_String.Variable_String;
                   Status     : in out Simple_Status.Condition);
    procedure Get (For_Object :        Directory.Version;
                   List       : out    Bounded_String.Variable_String;
                   Status     : in out Simple_Status.Condition);

    procedure Set (For_Object :        Name;
                   To_List    :        Acl;
                   Status     : in out Simple_Status.Condition);
    procedure Set (For_Object :        Directory.Version;
                   To_List    :        Acl;
                   Status     : in out Simple_Status.Condition);


    -- Get or Set the access list for the specified object.
    -- Setting the access list requires "Owner" access.
    -- function Get raises Access_Tools_Error if an error occurs.
    -- The procedure version should be called in that case to get the
    -- actual error information.
    -- ACL for world must be contain only R, C, O, or D access.  Others
    -- must be only R or W access.

    function Check (User_Name : String := "";
                    Object_Id : Directory.Version;
                    Desired   : Access_Class)   return Boolean;
    function Check (User_Name   : String := "";
                    Object_Name : String;
                    Desired     : Access_Class) return Boolean;
    function Check (User_Id   : Directory.Version;
                    Object_Id : Directory.Version;
                    Desired   : Access_Class)   return Boolean;
    function Check (Job       : Machine.Job_Id;
                    Object_Id : Directory.Version;
                    Desired   : Access_Class)   return Boolean;

    -- Check if the specified user has the indicated access to the
    -- specified object.  Only meaningful for Ada objects, Files, and Worlds.
    -- The null string for the User_Name parameter means the identity of
    -- the calling job.  If a user name is specified, the access control
    -- identity of that user (its member groups) is used for the test.
    -- If an error is detected during the test, the value false is returned.
    -- The most common errors are illegal values for Desired and references
    -- to objects that do not exist.  If an object that does not have an
    -- access list is referenced, the value true is returned.

    function  Get_Default (For_World : Name) return Acl;
    procedure Get_Default (For_World :        Name;
                           List      : out    Bounded_String.Variable_String;
                           Status    : in out Simple_Status.Condition);
    procedure Set_Default (For_World :        Name;
                           To_List   :        Acl;
                           Status    : in out Simple_Status.Condition);
    -- Get or set the default ACL for new objects created in the specified
    -- world.  The function raises the exception Access_Tools_Error if
    -- an error is detected.  The procedure version returns a status
    -- that indicates the cause of the error.


    procedure Check_Validity (For_List :        Acl;
                              Status   : in out Simple_Status.Condition);
    -- Check the validity of the specified access list.  Return status
    -- indicating that it is okay, or the error, if any.

    function Has_Operator_Capability return Boolean;
    -- Return true if the calling job has operator capability.  This is
    -- true if the job has an identity that includes the group
    -- "operator", is on the access list for "!machine.operator_capability",
    -- or is priviledged.

    function Normalize (Initial_Acl : Acl) return Acl;
    -- Scan the acl and eliminate any entries for groups that do
    -- not currently exist.  Return the revised acl.  If the
    -- acl is otherwise illegal, raise Access_Tools_Error.

    function Amend (Initial_Acl : Acl; New_Group : Name; Desired : Access_Class)
                   return Acl;
    -- Amend Initial_Acl so that New_Group is granted Desired access.  If
    -- necessary, the right-most acl entry is removed to do this.
    -- Raise Access_Tools_Error if any parameter is illegal.


    function Grants (For_List  : Acl;
                     Desired   : Access_Class;
                     User_Name : String := "") return Boolean;

    -- Raise Access_Tools_Error if For_List, Desired, or User_Name are
    -- illegal. Return true or false depending on whether For_List grants
    -- User_Name Desired access.  User_Name ="" (the default) performs the
    -- check for the identity of the calling job.


    procedure Set (For_Object :        Directory.Version;
                   To_List    :        Acl;
                   Status     : in out Simple_Status.Condition;
                   Action_Id  :        Action.Id);

    procedure Set_Default (For_World :        Name;
                           To_List   :        Acl;
                           Status    : in out Simple_Status.Condition;
                           Action_Id :        Action.Id);
    -- same as above with an action_id parameter.

    procedure Remove (Group       :     String;
                      Initial_Acl :     Bounded_String.Variable_String;
                      New_Acl     : out Bounded_String.Variable_String;
                      Group_Found : out Boolean);

    --
    -- Removes the groups's entry from the specified access list

    function Is_Valid_Group (Name : String) return Boolean;

    function Is_In_Group (User_Name  : String;  
                          Group_Name : String) return Boolean;
    -- Return true if the User_Name is a member of Group_Name


    pragma Subsystem (Os_Commands);
    pragma Module_Name (4, 3508);

end Access_List_Tools;
DataMuseum.dk

Rational R1000/400 Tapes

⟦d76229feb⟧ TextFile

Derivation

TextFile
