comparison: src/server/safs/pathcheck.c
src/server/safs/pathcheck.c
- changeset 143
- 6bf5d2f37425
- parent 142
- 55298bc9ed28
- child 145
- 1c93281ca4bf
equal
deleted
inserted
replaced
| 142:55298bc9ed28 | 143:6bf5d2f37425 |
|---|---|
| 63 log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter"); | 63 log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter"); |
| 64 protocol_status(sn, rq, 500, NULL); | 64 protocol_status(sn, rq, 500, NULL); |
| 65 return REQ_ABORTED; | 65 return REQ_ABORTED; |
| 66 } | 66 } |
| 67 | 67 |
| 68 char *method = pblock_findval("method", pb); | |
| 69 if(method) { | |
| 70 char *m = pblock_findkeyval(pb_key_method, rq->reqpb); | |
| 71 if(strcmp(method, m)) { | |
| 72 return REQ_NOACTION; | |
| 73 } | |
| 74 } | |
| 75 | |
| 68 uint32_t access_mask = 0; | 76 uint32_t access_mask = 0; |
| 69 ssize_t n = 0; | 77 ssize_t n = 0; |
| 70 sstr_t *rights = sstrsplit(sstr(mask_str), sstrn(",", 1), &n); | 78 sstr_t *rights = sstrsplit(sstr(mask_str), sstrn(",", 1), &n); |
| 71 for(int i=0;i<n;i++) { | 79 for(int i=0;i<n;i++) { |
| 72 sstr_t right = rights[i]; | 80 sstr_t right = rights[i]; |
| 73 access_mask = access_mask | accstr2int(right); | 81 access_mask = access_mask | accstr2int(right); |
| 74 } | 82 } |
| 83 | |
| 84 rq->aclreqaccess = access_mask; | |
| 75 | 85 |
| 76 return REQ_PROCEED; | 86 return REQ_PROCEED; |
| 77 } | 87 } |
| 78 | 88 |
| 79 int append_acl(pblock *pb, Session *sn, Request *rq) { | 89 int append_acl(pblock *pb, Session *sn, Request *rq) { |
| 98 return REQ_PROCEED; | 108 return REQ_PROCEED; |
| 99 } | 109 } |
| 100 | 110 |
| 101 | 111 |
| 102 int check_acl(pblock *pb, Session *sn, Request *rq) { | 112 int check_acl(pblock *pb, Session *sn, Request *rq) { |
| 103 int access_mask = ACL_READ_DATA; // TODO: check method and path | 113 int access_mask = ACL_READ_DATA | rq->aclreqaccess; // TODO: check method and path |
| 104 | 114 |
| 105 int ret = acl_evaluate(sn, rq, access_mask); | 115 int ret = acl_evaluate(sn, rq, access_mask); |
| 106 if(ret == REQ_ABORTED) { | 116 if(ret == REQ_ABORTED) { |
| 107 // TODO: status, error, ... | 117 // TODO: status, error, ... |
| 108 return REQ_ABORTED; | 118 return REQ_ABORTED; |
