From 757c0bd92bd777c47e23281ad814f3e28bde3498 Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Thu, 18 Feb 2021 12:58:54 -0500
Subject: implement full precedence rules

---
 check/check.h | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'check/check.h')

diff --git a/check/check.h b/check/check.h
index ac45578..e37fd1a 100644
--- a/check/check.h
+++ b/check/check.h
@@ -13,7 +13,42 @@
 #define PRIVEXEC_LOG_ID		"privexec"
 #endif
 
-enum permission { UNKNOWN, AUTHORIZED, AUTHENTICATE, DENIED };
+enum permission_keyword {
+	PERM_PASS = 0x1,
+	PERM_AUTH = 0x2,
+	PERM_DENY = 0x3,
+};
+
+enum permission_principal {
+	PERM_GROUP = 0x100,
+	PERM_USER = 0x200,
+};
+
+enum permission_command {
+	PERM_ALL = 0x10,
+	PERM_CMD = 0x20,
+};
+
+enum permission {
+	UNKNOWN,
+
+	PASS_GROUP_ALL = PERM_PASS | PERM_GROUP | PERM_ALL,
+	AUTH_GROUP_ALL = PERM_AUTH | PERM_GROUP | PERM_ALL,
+	DENY_GROUP_ALL = PERM_DENY | PERM_GROUP | PERM_ALL,
+
+	PASS_GROUP_CMD = PERM_PASS | PERM_GROUP | PERM_CMD,
+	AUTH_GROUP_CMD = PERM_AUTH | PERM_GROUP | PERM_CMD,
+	DENY_GROUP_CMD = PERM_DENY | PERM_GROUP | PERM_CMD,
+
+	PASS_USER_ALL = PERM_PASS | PERM_USER | PERM_ALL,
+	AUTH_USER_ALL = PERM_AUTH | PERM_USER | PERM_ALL,
+	DENY_USER_ALL = PERM_DENY | PERM_USER | PERM_ALL,
+
+	PASS_USER_CMD = PERM_PASS | PERM_USER | PERM_CMD,
+	AUTH_USER_CMD = PERM_AUTH | PERM_USER | PERM_CMD,
+	DENY_USER_CMD = PERM_DENY | PERM_USER | PERM_CMD,
+};
+
 
 void fatal(int include_errno, char *fmt, ...);
 enum permission get_permission(const char *user, const char *group, const char *cmd);
-- 
cgit v1.2.1