-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathauditing-fig6.conf
69 lines (67 loc) · 1.57 KB
/
auditing-fig6.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
roles {
role user
comment "Regular user.";
role admin
comment "Super-user.";
};
struct user {
comment "A regular user.";
field hash password limit gt 0
comment
"Password hash.
This is passed to inserts and updates as a password,
then hashed within the implementation and extracted
(in listings and searches) as the hash value.";
field email email unique
comment "Unique e-mail address.";
field name text
comment "User's full name.";
field uid int rowid;
search email,hash: name creds
comment
"Search for a unique user with their e-mail and
password.
This is a quick way to verify that a user has entered
the correct password for logging in.";
search uid: name uid
comment "Lookup by unique identifier.";
update hash: uid: name hash
comment "User updating their password.";
update email: uid: name email
comment "User updating unique e-mail.";
insert;
roles user {
search uid;
update hash;
update email;
noexport uid;
};
roles admin {
insert;
};
roles default {
search creds;
};
};
struct session {
comment "Authenticated session.";
field user struct userid;
field userid:user.uid int
comment "Associated user.";
field token int
comment "Random cookie.";
field mtime epoch;
field id int rowid;
search id, token: name creds
comment "Search for logged-in users.";
insert;
delete id: name id
comment "Delete by identifier.";
roles user {
insert;
delete id;
};
roles default {
search creds;
};
};