• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

src/server/config/acl.c@ad44e72fbf50 (annotated)

src/server/config/acl.c

Wed, 05 Jun 2024 19:50:44 +0200

author

Olaf Wintermann <olaf.wintermann@gmail.com>

date

Wed, 05 Jun 2024 19:50:44 +0200

changeset 537

ad44e72fbf50

parent 490

d218607f5a7e

permissions

-rw-r--r--

add extra nullptr check in the event loop to handle the case when the finish ptr is set to NULL after it was already scheduled

51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	1	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	2	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	3	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	4	* Copyright 2013 Olaf Wintermann. All rights reserved.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	5	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	6	* Redistribution and use in source and binary forms, with or without
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	7	* modification, are permitted provided that the following conditions are met:
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	8	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	9	* 1. Redistributions of source code must retain the above copyright
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	10	* notice, this list of conditions and the following disclaimer.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	11	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	12	* 2. Redistributions in binary form must reproduce the above copyright
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	13	* notice, this list of conditions and the following disclaimer in the
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	14	* documentation and/or other materials provided with the distribution.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	15	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	16	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	17	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	18	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	19	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	20	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	21	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	22	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	23	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	24	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	25	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	26	* POSSIBILITY OF SUCH DAMAGE.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	27	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	28
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	29	#include <stdio.h>
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	30	#include <stdlib.h>
91 fac51f87def0 ucx update Olaf Wintermann <olaf.wintermann@gmail.com> parents: 88 diff changeset	31	#include <string.h>
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	32
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	33	#include "acl.h"
453 4586d534f9b5 fix build on macos Olaf Wintermann <olaf.wintermann@gmail.com> parents: 415 diff changeset	34	#include "logging.h"
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	35
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	36	ACLFile* load_acl_file(const char *file) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	37	FILE *in = fopen(file, "r");
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	38	if(in == NULL) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	39	return NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	40	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	41
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	42	ACLFile *conf = malloc(sizeof(ACLFile));
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	43	conf->parser.parse = acl_parse;
490 d218607f5a7e update ucx Olaf Wintermann <olaf.wintermann@gmail.com> parents: 453 diff changeset	44	conf->namedACLs = cxLinkedListCreate(cxDefaultAllocator, NULL, CX_STORE_POINTERS);
d218607f5a7e update ucx Olaf Wintermann <olaf.wintermann@gmail.com> parents: 453 diff changeset	45	conf->uriACLs = cxLinkedListCreate(cxDefaultAllocator, NULL, CX_STORE_POINTERS);
d218607f5a7e update ucx Olaf Wintermann <olaf.wintermann@gmail.com> parents: 453 diff changeset	46	conf->pathACLs = cxLinkedListCreate(cxDefaultAllocator, NULL, CX_STORE_POINTERS);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	47
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	48	int r = cfg_parse_basic_file((ConfigParser*)conf, in);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	49	if(r != 0) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	50	free_acl_file(conf);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	51	return NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	52	}
79 f48cea237ec3 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 62 diff changeset	53
62 c47e081b6c0f added keyfile based authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: 56 diff changeset	54	fclose(in);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	55
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	56	return conf;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	57	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	58
79 f48cea237ec3 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 62 diff changeset	59	void free_acl_file(ACLFile *conf) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	60	//ucx_mempool_destroy(conf->parser.mp->pool);
79 f48cea237ec3 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 62 diff changeset	61	free(conf);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	62	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	63
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	64	int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, cxmutstr line) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	65	ACLFile *aclf = p;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	66	CxAllocator *mp = aclf->parser.mp;
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	67
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	68	if(cx_strprefix(cx_strcast(line), cx_str("ACL "))) {
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	69	cxmutstr param = cx_strsubs_m(line, 4);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	70	ConfigParam *plist = cfg_param_list(param, mp);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	71	ACLConfig *acl = OBJ_NEW(mp, ACLConfig);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	72	acl->type.ptr = NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	73	acl->authparam = NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	74	acl->entries = NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	75	aclf->cur = acl;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	76
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	77	cxmutstr type = cfg_param_get(plist, cx_str("type"));
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	78	cxmutstr name = cfg_param_get(plist, cx_str("name"));
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	79	cxmutstr path = cfg_param_get(plist, cx_str("path"));
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	80	cxmutstr uri = cfg_param_get(plist, cx_str("uri"));
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	81
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	82	if(name.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	83	acl->id = name;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	84	cxListAdd(aclf->namedACLs, acl);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	85	} else if(path.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	86	acl->id = path;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	87	cxListAdd(aclf->pathACLs, acl);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	88	} else if(uri.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	89	acl->id = uri;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	90	cxListAdd(aclf->uriACLs, acl);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	91	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	92
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	93	if(type.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	94	acl->type = type;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	95	}
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	96	} else if(cx_strprefix(cx_strcast(line), cx_str("Authenticate "))) {
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	97	cxmutstr param = cx_strsubs_m(line, 13);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	98	ConfigParam *plist = cfg_param_list(param, mp);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	99	aclf->cur->authparam = plist;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	100	} else {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	101	if(parse_ace(aclf, line)) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	102	// TODO: error
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	103	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	104	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	105	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	106
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	107	return 0;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	108	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	109
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	110	#define ACE_MAX_TOKENS 2048
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	111
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	112	int parse_ace(ACLFile *f, cxmutstr line) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	113	ACLConfig *cur = f->cur;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	114	CxAllocator *mp = f->parser.mp;
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	115
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	116	cxstring *tk = NULL;
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	117	ssize_t tkn = cx_strsplit_a(mp, cx_strcast(line), cx_str(":"), ACE_MAX_TOKENS, &tk);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	118	if(!tk || tkn < 3) {
453 4586d534f9b5 fix build on macos Olaf Wintermann <olaf.wintermann@gmail.com> parents: 415 diff changeset	119	ws_cfg_log(LOG_FAILURE, "parse_ace: to few tokens: %.*s", (int)line.length, line.ptr);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	120	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	121	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	122
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	123	ACEConfig *ace = OBJ_NEW(mp, ACEConfig);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	124	memset(ace, 0, sizeof(ACEConfig));
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	125
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	126	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	127	* first step: determine who is affected by this ace
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	128	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	129	int n = 0;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	130	cxstring s = tk[0];
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	131
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	132	if(!cx_strcmp(s, cx_str("user"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	133	// next token is the user name
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	134	s = tk[1];
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	135	n++;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	136	ace->who = cx_strdup_a(mp, s);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	137	} else if(!cx_strcmp(s, cx_str("group"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	138	// next token is the group name
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	139	s = tk[1];
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	140	n++;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	141	ace->who = cx_strdup_a(mp, s);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	142	ace->flags = ACLCFG_IDENTIFIER_GROUP;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	143	} else if(!cx_strcmp(s, cx_str("owner@"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	144	ace->flags = ACLCFG_OWNER;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	145	} else if(!cx_strcmp(s, cx_str("group@"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	146	ace->flags = ACLCFG_GROUP;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	147	} else if(!cx_strcmp(s, cx_str("everyone@"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	148	ace->flags = ACLCFG_EVERYONE;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	149	} else {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	150	// you can specify only the user name in the ace
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	151	ace->who = cx_strdup_a(mp, s);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	152	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	153
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	154	n++; //next token
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	155
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	156	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	157	* get the access mask
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	158	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	159
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	160	if(n >= tkn) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	161	// to few tokens
453 4586d534f9b5 fix build on macos Olaf Wintermann <olaf.wintermann@gmail.com> parents: 415 diff changeset	162	ws_cfg_log(LOG_FAILURE, "parse_ace: ace incomplete");
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	163	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	164	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	165	s = tk[n];
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	166
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	167	cxstring *accessmask = NULL;
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	168	ssize_t maskn = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &accessmask);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	169	for(int i=0;i<maskn;i++) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	170	cxstring access = accessmask[i];
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	171	ace->access_mask = ace->access_mask | accstr2int(access);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	172	}
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	173	cxFree(mp, accessmask);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	174	n++; // next token
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	175
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	176	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	177	* get flags (optional) and ace type
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	178	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	179
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	180	int complete = 0;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	181	while(n < tkn) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	182	s = tk[n];
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	183	if(!cx_strcmp(s, cx_str("allow"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	184	ace->type = ACLCFG_TYPE_ALLOWED;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	185	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	186	break;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	187	} else if(!cx_strcmp(s, cx_str("deny"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	188	ace->type = ACLCFG_TYPE_DENIED;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	189	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	190	break;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	191	} else if(!cx_strcmp(s, cx_str("audit"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	192	ace->type = ACLCFG_TYPE_AUDIT;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	193	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	194	break;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	195	} else if(!cx_strcmp(s, cx_str("alarm"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	196	ace->type = ACLCFG_TYPE_ALARM;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	197	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	198	break;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	199	} else {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	200	// set flags
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	201	cxstring *flags = NULL;
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	202	ssize_t fln = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &flags);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	203	for(int i=0;i<fln;i++) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	204	cxstring flag = flags[i];
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	205	if(!cx_strcmp(flag, cx_str("successful_access_flag"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	206	ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	207	} else if(!cx_strcmp(flag, cx_str("failed_access_flag"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	208	ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	209	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	210	// TODO: other flags
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	211	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	212	free(flags);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	213	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	214	n++;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	215	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	216
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	217	if(!complete) {
453 4586d534f9b5 fix build on macos Olaf Wintermann <olaf.wintermann@gmail.com> parents: 415 diff changeset	218	ws_cfg_log(LOG_FAILURE, "parse_ace: ace incomplete");
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	219	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	220	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	221
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	222	CFG_ACE_ADD(&cur->entries, ace);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	223
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	224	return 0;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	225	}
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	226
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	227	uint32_t accstr2int(cxstring access) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	228	uint32_t val = 0;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	229	if(!cx_strcmp(access, cx_str("read"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	230	val = ACLCFG_READ;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	231	} else if(!cx_strcmp(access, cx_str("write"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	232	val = ACLCFG_WRITE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	233	} else if(!cx_strcmp(access, cx_str("read_data"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	234	val = ACLCFG_READ_DATA;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	235	} else if(!cx_strcmp(access, cx_str("write_data"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	236	val = ACLCFG_WRITE_DATA;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	237	} else if(!cx_strcmp(access, cx_str("append"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	238	val = ACLCFG_APPEND;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	239	} else if(!cx_strcmp(access, cx_str("add"))) {
56 c6cf20b09043 added vfs_mkdir and vfs_unlink Olaf Wintermann <olaf.wintermann@gmail.com> parents: 52 diff changeset	240	val = ACLCFG_ADD_FILE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	241	} else if(!cx_strcmp(access, cx_str("add_file"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	242	val = ACLCFG_ADD_FILE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	243	} else if(!cx_strcmp(access, cx_str("add_subdirectory"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	244	val = ACLCFG_ADD_SUBDIRECTORY;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	245	} else if(!cx_strcmp(access, cx_str("read_xattr"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	246	val = ACLCFG_READ_XATTR;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	247	} else if(!cx_strcmp(access, cx_str("write_xattr"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	248	val = ACLCFG_WRITE_XATTR;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	249	} else if(!cx_strcmp(access, cx_str("execute"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	250	val = ACLCFG_EXECUTE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	251	} else if(!cx_strcmp(access, cx_str("delete_child"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	252	val = ACLCFG_DELETE_CHILD;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	253	} else if(!cx_strcmp(access, cx_str("delete"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	254	val = ACLCFG_DELETE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	255	} else if(!cx_strcmp(access, cx_str("read_attributes"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	256	val = ACLCFG_READ_ATTRIBUTES;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	257	} else if(!cx_strcmp(access, cx_str("write_attributes"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	258	val = ACLCFG_WRITE_ATTRIBUTES;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	259	} else if(!cx_strcmp(access, cx_str("list"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	260	val = ACLCFG_LIST;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	261	} else if(!cx_strcmp(access, cx_str("read_acl"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	262	val = ACLCFG_READ_ACL;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	263	} else if(!cx_strcmp(access, cx_str("write_acl"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	264	val = ACLCFG_WRITE_ACL;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	265	} else if(!cx_strcmp(access, cx_str("write_owner"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	266	val = ACLCFG_WRITE_OWNER;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	267	} else if(!cx_strcmp(access, cx_str("synchronize"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	268	val = ACLCFG_SYNCHRONIZE;
aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	269	}
aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	270	return val;
aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	271	}