-- Registration Server - Functions determining permissions of users. -- [Juniper]<Grapevine>MS>Acl.mesa -- Randy Gobbel 19-May-81 13:14:59 -- Andrew Birrell 4-Jan-82 17:01:56 DIRECTORY AclDefs USING[ Permission ], BodyDefs USING[ RName ], ProtocolDefs USING[ RSOperation ], RegServerDefs USING[ IsInList ], String USING[ EquivalentString, EquivalentSubStrings, SubStringDescriptor ]; Acl: PROGRAM IMPORTS RegServerDefs, String EXPORTS AclDefs = BEGIN EndsWith: PROC[s: STRING, b: STRING] RETURNS[ BOOLEAN ] = INLINE BEGIN pattern: String.SubStringDescriptor ← [b, 0, b.length]; target: String.SubStringDescriptor ← [s,s.length-b.length,b.length]; RETURN[ s.length >= b.length AND String.EquivalentSubStrings[@pattern,@target] ] END; CanOperate: PUBLIC PROCEDURE[ op: ProtocolDefs.RSOperation, entry, caller: BodyDefs.RName ] RETURNS[ perm: AclDefs.Permission ] = BEGIN Permission: PROCEDURE[ where: {it, itsRegistry}, who: {owner, friend} ] RETURNS[ perm: AclDefs.Permission] = BEGIN -- [it, friend] and [it,owner] default to [itsRegistry,friend] -- [itsRegistry,friend] defaults to [itsRegistry,owner] IF caller = NIL OR caller.length = 0 THEN RETURN[no]; perm ← SELECT RegServerDefs.IsInList[entry, caller, closure, IF where = it THEN self ELSE registry, IF who = owner THEN owners ELSE friends ].membership FROM yes => yes, badList => yes --it will fail later, with better message--, no => IF where = itsRegistry THEN IF who = owner THEN no ELSE Permission[itsRegistry, owner] ELSE Permission[itsRegistry, friend], ENDCASE => ERROR; END; perm ← SELECT op FROM -- Enquiries -- Expand, ReadMembers, ReadOwners, ReadFriends, ReadEntry, CheckStamp, ReadConnect, ReadRemark, Authenticate, IdentifyCaller, IsMemberDirect, IsOwnerDirect, IsFriendDirect, IsMemberClosure, IsOwnerClosure, IsFriendClosure, IsInList => yes, -- Creation, Mailbox-sites -- CreateIndividual, DeleteIndividual, CreateGroup, DeleteGroup, NewName, AddMailBox, DeleteMailBox => Permission[itsRegistry, owner], -- Ops on Individuals -- ChangePassword, ChangeConnect => IF String.EquivalentString[entry, caller] THEN yes ELSE Permission[itsRegistry, friend], AddForward, DeleteForward => Permission[itsRegistry, friend], -- Ops on Groups -- ChangeRemark, AddMember, DeleteMember, AddListOfMembers => IF EndsWith[entry,".gv"L] THEN -- protect "reg.gv" groups -- Permission[itsRegistry, friend] ELSE Permission[it, owner], AddSelf, DeleteSelf => IF EndsWith[entry,".gv"L] THEN -- protect "reg.gv" groups -- IF caller # NIL AND EndsWith[caller,".gv"L] THEN yes -- caller is R-Server -- ELSE Permission[itsRegistry, friend] ELSE Permission[it, friend], AddOwner, DeleteOwner, AddFriend, DeleteFriend => Permission[it, owner], ENDCASE => no; END; END.