• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

src/server/config/acl.c@ef3c8a0e1fee (annotated)

src/server/config/acl.c

Sun, 27 Nov 2022 13:33:30 +0100

author

Olaf Wintermann <olaf.wintermann@gmail.com>

date

Sun, 27 Nov 2022 13:33:30 +0100

changeset 443

ef3c8a0e1fee

parent 415

d938228c382e

child 453

4586d534f9b5

permissions

-rw-r--r--

improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent

51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	1	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	2	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	3	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	4	* Copyright 2013 Olaf Wintermann. All rights reserved.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	5	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	6	* Redistribution and use in source and binary forms, with or without
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	7	* modification, are permitted provided that the following conditions are met:
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	8	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	9	* 1. Redistributions of source code must retain the above copyright
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	10	* notice, this list of conditions and the following disclaimer.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	11	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	12	* 2. Redistributions in binary form must reproduce the above copyright
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	13	* notice, this list of conditions and the following disclaimer in the
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	14	* documentation and/or other materials provided with the distribution.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	15	*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	16	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	17	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	18	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	19	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	20	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	21	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	22	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	23	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	24	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	25	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	26	* POSSIBILITY OF SUCH DAMAGE.
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	27	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	28
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	29	#include <stdio.h>
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	30	#include <stdlib.h>
91 fac51f87def0 ucx update Olaf Wintermann <olaf.wintermann@gmail.com> parents: 88 diff changeset	31	#include <string.h>
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	32
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	33	#include "acl.h"
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	34
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	35	ACLFile* load_acl_file(const char *file) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	36	FILE *in = fopen(file, "r");
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	37	if(in == NULL) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	38	return NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	39	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	40
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	41	ACLFile *conf = malloc(sizeof(ACLFile));
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	42	conf->parser.parse = acl_parse;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	43	conf->namedACLs = cxPointerLinkedListCreate(cxDefaultAllocator, cx_cmp_ptr);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	44	conf->uriACLs = cxPointerLinkedListCreate(cxDefaultAllocator, cx_cmp_ptr);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	45	conf->pathACLs = cxPointerLinkedListCreate(cxDefaultAllocator, cx_cmp_ptr);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	46
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	47	int r = cfg_parse_basic_file((ConfigParser*)conf, in);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	48	if(r != 0) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	49	free_acl_file(conf);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	50	return NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	51	}
79 f48cea237ec3 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 62 diff changeset	52
62 c47e081b6c0f added keyfile based authentication Olaf Wintermann <olaf.wintermann@gmail.com> parents: 56 diff changeset	53	fclose(in);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	54
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	55	return conf;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	56	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	57
79 f48cea237ec3 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 62 diff changeset	58	void free_acl_file(ACLFile *conf) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	59	//ucx_mempool_destroy(conf->parser.mp->pool);
79 f48cea237ec3 fixed some memory leaks Olaf Wintermann <olaf.wintermann@gmail.com> parents: 62 diff changeset	60	free(conf);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	61	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	62
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	63	int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, cxmutstr line) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	64	ACLFile *aclf = p;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	65	CxAllocator *mp = aclf->parser.mp;
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	66
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	67	if(cx_strprefix(cx_strcast(line), cx_str("ACL "))) {
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	68	cxmutstr param = cx_strsubs_m(line, 4);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	69	ConfigParam *plist = cfg_param_list(param, mp);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	70	ACLConfig *acl = OBJ_NEW(mp, ACLConfig);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	71	acl->type.ptr = NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	72	acl->authparam = NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	73	acl->entries = NULL;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	74	aclf->cur = acl;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	75
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	76	cxmutstr type = cfg_param_get(plist, cx_str("type"));
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	77	cxmutstr name = cfg_param_get(plist, cx_str("name"));
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	78	cxmutstr path = cfg_param_get(plist, cx_str("path"));
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	79	cxmutstr uri = cfg_param_get(plist, cx_str("uri"));
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	80
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	81	if(name.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	82	acl->id = name;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	83	cxListAdd(aclf->namedACLs, acl);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	84	} else if(path.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	85	acl->id = path;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	86	cxListAdd(aclf->pathACLs, acl);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	87	} else if(uri.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	88	acl->id = uri;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	89	cxListAdd(aclf->uriACLs, acl);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	90	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	91
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	92	if(type.ptr) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	93	acl->type = type;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	94	}
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	95	} else if(cx_strprefix(cx_strcast(line), cx_str("Authenticate "))) {
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	96	cxmutstr param = cx_strsubs_m(line, 13);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	97	ConfigParam *plist = cfg_param_list(param, mp);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	98	aclf->cur->authparam = plist;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	99	} else {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	100	if(parse_ace(aclf, line)) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	101	// TODO: error
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	102	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	103	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	104	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	105
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	106	return 0;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	107	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	108
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	109	#define ACE_MAX_TOKENS 2048
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	110
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	111	int parse_ace(ACLFile *f, cxmutstr line) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	112	ACLConfig *cur = f->cur;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	113	CxAllocator *mp = f->parser.mp;
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	114
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	115	cxstring *tk = NULL;
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	116	ssize_t tkn = cx_strsplit_a(mp, cx_strcast(line), cx_str(":"), ACE_MAX_TOKENS, &tk);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	117	if(!tk || tkn < 3) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	118	log_ereport(LOG_FAILURE, "parse_ace: to few tokens: %.*s", (int)line.length, line.ptr);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	119	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	120	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	121
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	122	ACEConfig *ace = OBJ_NEW(mp, ACEConfig);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	123	memset(ace, 0, sizeof(ACEConfig));
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	124
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	125	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	126	* first step: determine who is affected by this ace
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	127	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	128	int n = 0;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	129	cxstring s = tk[0];
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	130
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	131	if(!cx_strcmp(s, cx_str("user"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	132	// next token is the user name
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	133	s = tk[1];
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	134	n++;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	135	ace->who = cx_strdup_a(mp, s);
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	136	} else if(!cx_strcmp(s, cx_str("group"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	137	// next token is the group name
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	138	s = tk[1];
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	139	n++;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	140	ace->who = cx_strdup_a(mp, s);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	141	ace->flags = ACLCFG_IDENTIFIER_GROUP;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	142	} else if(!cx_strcmp(s, cx_str("owner@"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	143	ace->flags = ACLCFG_OWNER;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	144	} else if(!cx_strcmp(s, cx_str("group@"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	145	ace->flags = ACLCFG_GROUP;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	146	} else if(!cx_strcmp(s, cx_str("everyone@"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	147	ace->flags = ACLCFG_EVERYONE;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	148	} else {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	149	// you can specify only the user name in the ace
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	150	ace->who = cx_strdup_a(mp, s);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	151	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	152
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	153	n++; //next token
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	154
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	155	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	156	* get the access mask
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	157	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	158
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	159	if(n >= tkn) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	160	// to few tokens
115 51d9a15eac98 improves logging Olaf Wintermann <olaf.wintermann@gmail.com> parents: 101 diff changeset	161	log_ereport(LOG_FAILURE, "parse_ace: ace incomplete");
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	162	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	163	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	164	s = tk[n];
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	165
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	166	cxstring *accessmask = NULL;
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	167	ssize_t maskn = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &accessmask);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	168	for(int i=0;i<maskn;i++) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	169	cxstring access = accessmask[i];
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	170	ace->access_mask = ace->access_mask | accstr2int(access);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	171	}
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	172	cxFree(mp, accessmask);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	173	n++; // next token
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	174
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	175	/*
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	176	* get flags (optional) and ace type
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	177	*/
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	178
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	179	int complete = 0;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	180	while(n < tkn) {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	181	s = tk[n];
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	182	if(!cx_strcmp(s, cx_str("allow"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	183	ace->type = ACLCFG_TYPE_ALLOWED;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	184	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	185	break;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	186	} else if(!cx_strcmp(s, cx_str("deny"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	187	ace->type = ACLCFG_TYPE_DENIED;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	188	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	189	break;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	190	} else if(!cx_strcmp(s, cx_str("audit"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	191	ace->type = ACLCFG_TYPE_AUDIT;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	192	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	193	break;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	194	} else if(!cx_strcmp(s, cx_str("alarm"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	195	ace->type = ACLCFG_TYPE_ALARM;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	196	complete = 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	197	break;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	198	} else {
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	199	// set flags
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	200	cxstring *flags = NULL;
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	201	ssize_t fln = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &flags);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	202	for(int i=0;i<fln;i++) {
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	203	cxstring flag = flags[i];
d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	204	if(!cx_strcmp(flag, cx_str("successful_access_flag"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	205	ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	206	} else if(!cx_strcmp(flag, cx_str("failed_access_flag"))) {
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	207	ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	208	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	209	// TODO: other flags
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	210	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	211	free(flags);
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	212	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	213	n++;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	214	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	215
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	216	if(!complete) {
115 51d9a15eac98 improves logging Olaf Wintermann <olaf.wintermann@gmail.com> parents: 101 diff changeset	217	log_ereport(LOG_FAILURE, "parse_ace: ace incomplete");
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	218	return 1;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	219	}
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	220
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	221	CFG_ACE_ADD(&cur->entries, ace);
51 b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	222
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	223	return 0;
b28cf69f42e8 added acls Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	224	}
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	225
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	226	uint32_t accstr2int(cxstring access) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	227	uint32_t val = 0;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	228	if(!cx_strcmp(access, cx_str("read"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	229	val = ACLCFG_READ;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	230	} else if(!cx_strcmp(access, cx_str("write"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	231	val = ACLCFG_WRITE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	232	} else if(!cx_strcmp(access, cx_str("read_data"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	233	val = ACLCFG_READ_DATA;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	234	} else if(!cx_strcmp(access, cx_str("write_data"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	235	val = ACLCFG_WRITE_DATA;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	236	} else if(!cx_strcmp(access, cx_str("append"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	237	val = ACLCFG_APPEND;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	238	} else if(!cx_strcmp(access, cx_str("add"))) {
56 c6cf20b09043 added vfs_mkdir and vfs_unlink Olaf Wintermann <olaf.wintermann@gmail.com> parents: 52 diff changeset	239	val = ACLCFG_ADD_FILE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	240	} else if(!cx_strcmp(access, cx_str("add_file"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	241	val = ACLCFG_ADD_FILE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	242	} else if(!cx_strcmp(access, cx_str("add_subdirectory"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	243	val = ACLCFG_ADD_SUBDIRECTORY;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	244	} else if(!cx_strcmp(access, cx_str("read_xattr"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	245	val = ACLCFG_READ_XATTR;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	246	} else if(!cx_strcmp(access, cx_str("write_xattr"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	247	val = ACLCFG_WRITE_XATTR;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	248	} else if(!cx_strcmp(access, cx_str("execute"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	249	val = ACLCFG_EXECUTE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	250	} else if(!cx_strcmp(access, cx_str("delete_child"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	251	val = ACLCFG_DELETE_CHILD;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	252	} else if(!cx_strcmp(access, cx_str("delete"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	253	val = ACLCFG_DELETE;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	254	} else if(!cx_strcmp(access, cx_str("read_attributes"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	255	val = ACLCFG_READ_ATTRIBUTES;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	256	} else if(!cx_strcmp(access, cx_str("write_attributes"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	257	val = ACLCFG_WRITE_ATTRIBUTES;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	258	} else if(!cx_strcmp(access, cx_str("list"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	259	val = ACLCFG_LIST;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	260	} else if(!cx_strcmp(access, cx_str("read_acl"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	261	val = ACLCFG_READ_ACL;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	262	} else if(!cx_strcmp(access, cx_str("write_acl"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	263	val = ACLCFG_WRITE_ACL;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	264	} else if(!cx_strcmp(access, cx_str("write_owner"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	265	val = ACLCFG_WRITE_OWNER;
415 d938228c382e switch from ucx 2 to 3 Olaf Wintermann <olaf.wintermann@gmail.com> parents: 115 diff changeset	266	} else if(!cx_strcmp(access, cx_str("synchronize"))) {
52 aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	267	val = ACLCFG_SYNCHRONIZE;
aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	268	}
aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	269	return val;
aced2245fb1c new pathcheck saf and code cleanup Olaf Wintermann <olaf.wintermann@gmail.com> parents: 51 diff changeset	270	}