1/*
2 * security.h
3 *
4 * Copyright (C) 2014-2018 Aerospike, Inc.
5 *
6 * Portions may be licensed to Aerospike, Inc. under one or more contributor
7 * license agreements.
8 *
9 * This program is free software: you can redistribute it and/or modify it under
10 * the terms of the GNU Affero General Public License as published by the Free
11 * Software Foundation, either version 3 of the License, or (at your option) any
12 * later version.
13 *
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
17 * details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see http://www.gnu.org/licenses/
21 */
22
23#pragma once
24
25//==========================================================
26// Includes.
27//
28
29#include <stdbool.h>
30#include <stdint.h>
31
32
33//==========================================================
34// Forward declarations.
35//
36
37struct as_file_handle_s;
38struct as_namespace_s;
39struct as_transaction_s;
40
41
42//==========================================================
43// Typedefs & constants.
44//
45
46// Security permissions.
47typedef enum {
48 PERM_NONE = 0,
49
50 // Data transactions.
51 PERM_READ = 0x0001,
52 PERM_SCAN = 0x0002,
53 PERM_QUERY = 0x0004,
54 PERM_WRITE = 0x0008,
55 PERM_DELETE = 0x0010,
56 PERM_UDF_APPLY = 0x0020,
57 PERM_UDF_SCAN = 0x0040,
58 PERM_UDF_QUERY = 0x0080,
59 PERM_OPS_SCAN = 0x0100,
60 PERM_OPS_QUERY = 0x0200,
61 // ... 6 unused bits ...
62
63 // Data transactions' system metadata management.
64 PERM_INDEX_MANAGE = 0x00010000,
65 PERM_UDF_MANAGE = 0x00020000,
66 PERM_SCAN_MANAGE = 0x00040000,
67 PERM_QUERY_MANAGE = 0x00080000,
68 PERM_JOB_MONITOR = 0x00100000,
69 PERM_TRUNCATE = 0x00200000,
70 // ... 2 unused bits ...
71
72 // Deployment operations management.
73 PERM_SET_CONFIG = 0x01000000,
74 PERM_LOGGING_CTRL = 0x02000000,
75 PERM_SERVICE_CTRL = 0x04000000,
76
77 // Database users and roles management.
78 PERM_USER_ADMIN = 0x100000000000
79} as_sec_perm;
80
81// Current security message version.
82#define AS_SEC_MSG_SCHEME 0
83
84// Security protocol message container.
85typedef struct as_sec_msg_s {
86 uint8_t scheme; // security scheme/version
87 uint8_t result; // result code (only for responses, except MORE)
88 uint8_t command; // security command (only for requests)
89 uint8_t n_fields; // number of fields in this message
90
91 uint8_t unused[12]; // reserved bytes round as_sec_msg size to 16 bytes
92
93 uint8_t fields[]; // the fields (name/value pairs)
94} __attribute__ ((__packed__)) as_sec_msg;
95
96
97//==========================================================
98// Public API.
99//
100
101void as_security_init(void);
102uint8_t as_security_check(const struct as_file_handle_s* fd_h, as_sec_perm perm);
103bool as_security_check_data_op(struct as_transaction_s* tr, struct as_namespace_s* ns, as_sec_perm perm);
104void* as_security_filter_create(void);
105void as_security_filter_destroy(void* pv_filter);
106void as_security_log(const struct as_file_handle_s* fd_h, uint8_t result, as_sec_perm perm, const char* action, const char* detail);
107bool as_security_should_refresh(void);
108void as_security_refresh(struct as_file_handle_s* fd_h);
109void as_security_transact(struct as_transaction_s* tr);
110