webserver: comparison src/server/config/acl.c

-:4d39adda7a38
+:b28cf69f42e8
+/*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+*
+* Copyright 2013 Olaf Wintermann. All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions are met:
+*
+*   1. Redistributions of source code must retain the above copyright
+*      notice, this list of conditions and the following disclaimer.
+*
+*   2. Redistributions in binary form must reproduce the above copyright
+*      notice, this list of conditions and the following disclaimer in the
+*      documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+* POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <stdio.h>
+#include <stdlib.h>
+#include "acl.h"
+ACLFile* load_acl_file(char *file) {
+FILE *in = fopen(file, "r");
+if(in == NULL) {
+return NULL;
+}
+ACLFile *conf = malloc(sizeof(ACLFile));
+conf->parser.parse = acl_parse;
+conf->file = file;
+conf->namedACLs = NULL;
+conf->uriACLs = NULL;
+conf->pathACLs = NULL;
+int r = cfg_parse_basic_file((ConfigParser*)conf, in);
+if(r != 0) {
+free_acl_file(conf);
+return NULL;
+}
+return conf;
+}
+void free_acl_file(ACLFile *aclfile) {
+}
+int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, sstr_t line) {
+ACLFile *aclf = p;
+UcxMempool *mp = aclf->parser.mp;
+if(sstr_startswith(line, sstr("ACL "))) {
+sstr_t param = sstrsubs(line, 4);
+UcxList *plist = cfg_param_list(param, mp);
+ACLConfig *acl = OBJ_NEW(mp, ACLConfig);
+acl->type.ptr = NULL;
+acl->authparam = NULL;
+acl->entries = NULL;
+aclf->cur = acl;
+sstr_t type = cfg_param_get(plist, sstr("type"));
+sstr_t name = cfg_param_get(plist, sstr("name"));
+sstr_t path = cfg_param_get(plist, sstr("path"));
+sstr_t uri  = cfg_param_get(plist, sstr("uri"));
+if(name.ptr) {
+acl->id = name;
+aclf->namedACLs = ucx_list_append(aclf->namedACLs, acl);
+} else if(path.ptr) {
+acl->id = path;
+aclf->pathACLs = ucx_list_append(aclf->pathACLs, acl);
+} else if(uri.ptr) {
+acl->id = uri;
+aclf->uriACLs = ucx_list_append(aclf->uriACLs, acl);
+}
+if(type.ptr) {
+acl->type = type;
+}
+} else if(sstr_startswith(line, sstr("Authenticate "))) {
+sstr_t param = sstrsubs(line, 13);
+UcxList *plist = cfg_param_list(param, mp);
+aclf->cur->authparam = plist;
+} else {
+if(parse_ace(aclf, line)) {
+// TODO: error
+return 1;
+}
+}
+return 0;
+}
+int parse_ace(ACLFile *f, sstr_t line) {
+ACLConfig *cur = f->cur;
+UcxMempool *mp = f->parser.mp;
+size_t tkn = 0;
+sstr_t *tk = sstrsplit(line, sstr(":"), &tkn);
+if(!tk || tkn < 3) {
+fprintf(stderr, "parse_ace: to few tokens\n");
+return 1;
+}
+ACEConfig *ace = OBJ_NEW(mp, ACEConfig);
+memset(ace, 0, sizeof(ACEConfig));
+/*
+* first step: determine who is affected by this ace
+*/
+int n = 0;
+sstr_t s = tk[0];
+if(!sstrcmp(s, sstr("user"))) {
+// next token is the user name
+s = tk[1];
+n++;
+ace->who = sstrdup_mp(mp, s);
+} else if(!sstrcmp(s, sstr("group"))) {
+// next token is the group name
+s = tk[1];
+n++;
+ace->who = sstrdup_mp(mp, s);
+ace->flags = ACLCFG_IDENTIFIER_GROUP;
+} else if(!sstrcmp(s, sstr("owner@"))) {
+ace->flags = ACLCFG_OWNER;
+} else if(!sstrcmp(s, sstr("group@"))) {
+ace->flags = ACLCFG_GROUP;
+} else if(!sstrcmp(s, sstr("everyone@"))) {
+ace->flags = ACLCFG_EVERYONE;
+} else {
+// you can specify only the user name in the ace
+ace->who = sstrdup_mp(mp, s);
+}
+n++; //next token
+/*
+* get the access mask
+*/
+if(n >= tkn) {
+// to few tokens
+fprintf(stderr, "parse_ace: ace incomplete\n");
+return 1;
+}
+s = tk[n];
+size_t maskn = 0;
+sstr_t *accessmask = sstrsplit(s, sstr(","), &maskn);
+for(int i=0;i<maskn;i++) {
+sstr_t access = accessmask[i];
+if(!sstrcmp(access, sstr("read"))) {
+ace->access_mask = ace->access_mask | ACLCFG_READ;
+} else if(!sstrcmp(access, sstr("write"))) {
+ace->access_mask = ace->access_mask | ACLCFG_WRITE;
+} else if(!sstrcmp(access, sstr("read_data"))) {
+ace->access_mask = ace->access_mask | ACLCFG_READ_DATA;
+} else if(!sstrcmp(access, sstr("write_data"))) {
+ace->access_mask = ace->access_mask | ACLCFG_WRITE_DATA;
+} else if(!sstrcmp(access, sstr("append"))) {
+ace->access_mask = ace->access_mask | ACLCFG_APPEND;
+} else if(!sstrcmp(access, sstr("add_file"))) {
+ace->access_mask = ace->access_mask | ACLCFG_ADD_FILE;
+} else if(!sstrcmp(access, sstr("add_subdirectory"))) {
+ace->access_mask = ace->access_mask | ACLCFG_ADD_SUBDIRECTORY;
+} else if(!sstrcmp(access, sstr("read_xattr"))) {
+ace->access_mask = ace->access_mask | ACLCFG_READ_XATTR;
+} else if(!sstrcmp(access, sstr("write_xattr"))) {
+ace->access_mask = ace->access_mask | ACLCFG_WRITE_XATTR;
+} else if(!sstrcmp(access, sstr("execute"))) {
+ace->access_mask = ace->access_mask | ACLCFG_EXECUTE;
+} else if(!sstrcmp(access, sstr("delete_child"))) {
+ace->access_mask = ace->access_mask | ACLCFG_DELETE_CHILD;
+} else if(!sstrcmp(access, sstr("delete"))) {
+ace->access_mask = ace->access_mask | ACLCFG_DELETE;
+} else if(!sstrcmp(access, sstr("read_attributes"))) {
+ace->access_mask = ace->access_mask | ACLCFG_READ_ATTRIBUTES;
+} else if(!sstrcmp(access, sstr("write_attributes"))) {
+ace->access_mask = ace->access_mask | ACLCFG_WRITE_ATTRIBUTES;
+} else if(!sstrcmp(access, sstr("list"))) {
+ace->access_mask = ace->access_mask | ACLCFG_LIST;
+} else if(!sstrcmp(access, sstr("read_acl"))) {
+ace->access_mask = ace->access_mask | ACLCFG_READ_ACL;
+} else if(!sstrcmp(access, sstr("write_acl"))) {
+ace->access_mask = ace->access_mask | ACLCFG_WRITE_ACL;
+} else if(!sstrcmp(access, sstr("write_owner"))) {
+ace->access_mask = ace->access_mask | ACLCFG_WRITE_OWNER;
+} else if(!sstrcmp(access, sstr("synchronize"))) {
+ace->access_mask = ace->access_mask | ACLCFG_SYNCHRONIZE;
+}
+}
+free(accessmask);
+n++; // next token
+/*
+* get flags (optional) and ace type
+*/
+int complete = 0;
+while(n < tkn) {
+s = tk[n];
+if(!sstrcmp(s, sstr("allow"))) {
+ace->type = ACLCFG_TYPE_ALLOWED;
+complete = 1;
+break;
+} else if(!sstrcmp(s, sstr("deny"))) {
+ace->type = ACLCFG_TYPE_DENIED;
+complete = 1;
+break;
+} else if(!sstrcmp(s, sstr("audit"))) {
+ace->type = ACLCFG_TYPE_AUDIT;
+complete = 1;
+break;
+} else if(!sstrcmp(s, sstr("alarm"))) {
+ace->type = ACLCFG_TYPE_ALARM;
+complete = 1;
+break;
+} else {
+// set flags
+size_t fln = 0;
+sstr_t *flags = sstrsplit(s, sstr(","), &fln);
+for(int i=0;i<fln;i++) {
+sstr_t flag = flags[i];
+if(!sstrcmp(flag, sstr("successful_access_flag"))) {
+ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG;
+} else if(!sstrcmp(flag, sstr("failed_access_flag"))) {
+ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG;
+}
+// TODO: other flags
+}
+free(flags);
+}
+n++;
+}
+if(!complete) {
+fprintf(stderr, "parse_ace: ace incomplete\n");
+return 1;
+}
+cur->entries = ucx_list_append(cur->entries, ace);
+return 0;
+}

Mercurial > hg > webserver / file comparison

comparison: src/server/config/acl.c

src/server/config/acl.c