comparison: src/server/daemon/acl.c
src/server/daemon/acl.c
- changeset 385
- a1f4cb076d2f
- parent 261
- f2c772336ecd
- child 415
- d938228c382e
equal
deleted
inserted
replaced
| 210:21274e5950af | 385:a1f4cb076d2f |
|---|---|
| 98 } | 98 } |
| 99 return access_mask; | 99 return access_mask; |
| 100 } | 100 } |
| 101 | 101 |
| 102 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list) { | 102 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list) { |
| 103 // TODO: cache result #50 | |
| 103 if(!sn || !rq || !list) { | 104 if(!sn || !rq || !list) { |
| 104 return NULL; | 105 return NULL; |
| 105 } | 106 } |
| 106 | 107 |
| 107 // get user | 108 // get user |
| 176 | 177 |
| 177 // evalutate all ACLs | 178 // evalutate all ACLs |
| 178 ACLList *acl = acl_evallist(list, user, access_mask, NULL); | 179 ACLList *acl = acl_evallist(list, user, access_mask, NULL); |
| 179 if(acl) { | 180 if(acl) { |
| 180 acl_set_error_status(sn, rq, acl, user); | 181 acl_set_error_status(sn, rq, acl, user); |
| 181 // TODO: don't free the user here | 182 // TODO: don't free the user here #51 |
| 182 if(user) { | 183 if(user) { |
| 183 user->free(user); | 184 user->free(user); |
| 184 } | 185 } |
| 185 return REQ_ABORTED; | 186 return REQ_ABORTED; |
| 186 } | 187 } |
| 314 uid_t uid, | 315 uid_t uid, |
| 315 gid_t gid, | 316 gid_t gid, |
| 316 uid_t owner, | 317 uid_t owner, |
| 317 gid_t owninggroup); | 318 gid_t owninggroup); |
| 318 | 319 |
| 319 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { | 320 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) { |
| 320 sstr_t p; | 321 sstr_t p; |
| 321 if(path[0] != '/') { | 322 if(path[0] != '/') { |
| 322 size_t n = 128; | 323 size_t n = 128; |
| 323 char *cwd = malloc(n); | 324 char *cwd = malloc(n); |
| 324 while(!getcwd(cwd, n)) { | 325 while(!getcwd(cwd, n)) { |
| 329 free(cwd); | 330 free(cwd); |
| 330 return 0; | 331 return 0; |
| 331 } | 332 } |
| 332 } | 333 } |
| 333 sstr_t wd = sstr(cwd); | 334 sstr_t wd = sstr(cwd); |
| 334 sstr_t pp = sstr(path); | 335 sstr_t pp = sstr((char*)path); |
| 335 | 336 |
| 336 p = sstrcat(3, wd, sstrn("/", 1), pp); | 337 p = sstrcat(3, wd, sstrn("/", 1), pp); |
| 337 } else { | 338 } else { |
| 338 p = sstrdup(sstr(path)); | 339 p = sstrdup(sstr((char*)path)); |
| 339 } | 340 } |
| 340 if(p.ptr[p.length-1] == '/') { | 341 if(p.ptr[p.length-1] == '/') { |
| 341 p.ptr[p.length-1] = 0; | 342 p.ptr[p.length-1] = 0; |
| 342 p.length--; | 343 p.length--; |
| 343 } | 344 } |
| 459 | 460 |
| 460 | 461 |
| 461 return 1; | 462 return 1; |
| 462 } | 463 } |
| 463 | 464 |
| 465 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) { | |
| 466 // TODO: | |
| 467 return 1; | |
| 468 } | |
| 469 | |
| 464 int solaris_acl_check( | 470 int solaris_acl_check( |
| 465 char *path, | 471 char *path, |
| 466 struct stat *s, | 472 struct stat *s, |
| 467 uint32_t mask, | 473 uint32_t mask, |
| 468 uid_t uid, | 474 uid_t uid, |
| 569 | 575 |
| 570 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { | 576 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { |
| 571 return 1; | 577 return 1; |
| 572 } | 578 } |
| 573 | 579 |
| 580 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) { | |
| 581 return 1; | |
| 582 } | |
| 583 | |
| 574 void fs_acl_finish() { | 584 void fs_acl_finish() { |
| 575 | 585 |
| 576 } | 586 } |
| 577 | 587 |
| 578 #endif | 588 #endif |
| 579 | 589 |
| 580 #ifdef BSD | 590 #ifdef BSD |
| 581 | 591 |
| 582 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { | 592 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) { |
| 593 return 1; | |
| 594 } | |
| 595 | |
| 596 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) { | |
| 583 return 1; | 597 return 1; |
| 584 } | 598 } |
| 585 | 599 |
| 586 void fs_acl_finish() { | 600 void fs_acl_finish() { |
| 587 | 601 |
| 592 | 606 |
| 593 #ifdef LINUX | 607 #ifdef LINUX |
| 594 | 608 |
| 595 #include <sys/fsuid.h> | 609 #include <sys/fsuid.h> |
| 596 | 610 |
| 597 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { | 611 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) { |
| 598 struct passwd *ws_pw = conf_getglobals()->Vuserpw; | 612 struct passwd *ws_pw = conf_getglobals()->Vuserpw; |
| 599 if(!ws_pw) { | 613 if(!ws_pw) { |
| 600 log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid"); | 614 log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid"); |
| 601 return 1; | 615 return 1; |
| 602 } | 616 } |
| 633 "Cannot set fsgid to gid: %u", pw.pw_gid); | 647 "Cannot set fsgid to gid: %u", pw.pw_gid); |
| 634 } | 648 } |
| 635 } | 649 } |
| 636 | 650 |
| 637 | 651 |
| 652 return 1; | |
| 653 } | |
| 654 | |
| 655 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) { | |
| 656 // TODO | |
| 638 return 1; | 657 return 1; |
| 639 } | 658 } |
| 640 | 659 |
| 641 void fs_acl_finish() { | 660 void fs_acl_finish() { |
| 642 struct passwd *pw = conf_getglobals()->Vuserpw; | 661 struct passwd *pw = conf_getglobals()->Vuserpw; |
