54 |
54 |
55 return conf; |
55 return conf; |
56 } |
56 } |
57 |
57 |
58 void free_acl_file(ACLFile *conf) { |
58 void free_acl_file(ACLFile *conf) { |
59 ucx_mempool_destroy(conf->parser.mp->pool); |
59 //ucx_mempool_destroy(conf->parser.mp->pool); |
60 free(conf); |
60 free(conf); |
61 } |
61 } |
62 |
62 |
63 int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, sstr_t line) { |
63 int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, cxmutstr line) { |
64 ACLFile *aclf = p; |
64 ACLFile *aclf = p; |
65 UcxAllocator *mp = aclf->parser.mp; |
65 CxAllocator *mp = aclf->parser.mp; |
66 |
66 |
67 if(sstrprefix(line, sstr("ACL "))) { |
67 if(cx_strprefix(cx_strcast(line), cx_str("ACL "))) { |
68 sstr_t param = sstrsubs(line, 4); |
68 cxmutstr param = cx_strsubs_m(line, 4); |
69 UcxList *plist = cfg_param_list(param, mp); |
69 ConfigParam *plist = cfg_param_list(param, mp); |
70 ACLConfig *acl = OBJ_NEW(mp, ACLConfig); |
70 ACLConfig *acl = OBJ_NEW(mp, ACLConfig); |
71 acl->type.ptr = NULL; |
71 acl->type.ptr = NULL; |
72 acl->authparam = NULL; |
72 acl->authparam = NULL; |
73 acl->entries = NULL; |
73 acl->entries = NULL; |
74 aclf->cur = acl; |
74 aclf->cur = acl; |
75 |
75 |
76 sstr_t type = cfg_param_get(plist, sstr("type")); |
76 cxmutstr type = cfg_param_get(plist, cx_str("type")); |
77 sstr_t name = cfg_param_get(plist, sstr("name")); |
77 cxmutstr name = cfg_param_get(plist, cx_str("name")); |
78 sstr_t path = cfg_param_get(plist, sstr("path")); |
78 cxmutstr path = cfg_param_get(plist, cx_str("path")); |
79 sstr_t uri = cfg_param_get(plist, sstr("uri")); |
79 cxmutstr uri = cfg_param_get(plist, cx_str("uri")); |
80 |
80 |
81 if(name.ptr) { |
81 if(name.ptr) { |
82 acl->id = name; |
82 acl->id = name; |
83 aclf->namedACLs = ucx_list_append_a(mp, aclf->namedACLs, acl); |
83 cxListAdd(aclf->namedACLs, acl); |
84 } else if(path.ptr) { |
84 } else if(path.ptr) { |
85 acl->id = path; |
85 acl->id = path; |
86 aclf->pathACLs = ucx_list_append_a(mp, aclf->pathACLs, acl); |
86 cxListAdd(aclf->pathACLs, acl); |
87 } else if(uri.ptr) { |
87 } else if(uri.ptr) { |
88 acl->id = uri; |
88 acl->id = uri; |
89 aclf->uriACLs = ucx_list_append_a(mp, aclf->uriACLs, acl); |
89 cxListAdd(aclf->uriACLs, acl); |
90 } |
90 } |
91 |
91 |
92 if(type.ptr) { |
92 if(type.ptr) { |
93 acl->type = type; |
93 acl->type = type; |
94 } |
94 } |
95 } else if(sstrprefix(line, sstr("Authenticate "))) { |
95 } else if(cx_strprefix(cx_strcast(line), cx_str("Authenticate "))) { |
96 sstr_t param = sstrsubs(line, 13); |
96 cxmutstr param = cx_strsubs_m(line, 13); |
97 UcxList *plist = cfg_param_list(param, mp); |
97 ConfigParam *plist = cfg_param_list(param, mp); |
98 aclf->cur->authparam = plist; |
98 aclf->cur->authparam = plist; |
99 } else { |
99 } else { |
100 if(parse_ace(aclf, line)) { |
100 if(parse_ace(aclf, line)) { |
101 // TODO: error |
101 // TODO: error |
102 return 1; |
102 return 1; |
104 } |
104 } |
105 |
105 |
106 return 0; |
106 return 0; |
107 } |
107 } |
108 |
108 |
109 int parse_ace(ACLFile *f, sstr_t line) { |
109 #define ACE_MAX_TOKENS 2048 |
|
110 |
|
111 int parse_ace(ACLFile *f, cxmutstr line) { |
110 ACLConfig *cur = f->cur; |
112 ACLConfig *cur = f->cur; |
111 UcxAllocator *mp = f->parser.mp; |
113 CxAllocator *mp = f->parser.mp; |
112 |
114 |
113 ssize_t tkn = 0; |
115 cxstring *tk = NULL; |
114 sstr_t *tk = sstrsplit(line, sstr(":"), &tkn); |
116 ssize_t tkn = cx_strsplit_a(mp, cx_strcast(line), cx_str(":"), ACE_MAX_TOKENS, &tk); |
115 if(!tk || tkn < 3) { |
117 if(!tk || tkn < 3) { |
116 log_ereport(LOG_FAILURE, "parse_ace: to few tokens"); |
118 log_ereport(LOG_FAILURE, "parse_ace: to few tokens: %.*s", (int)line.length, line.ptr); |
117 return 1; |
119 return 1; |
118 } |
120 } |
119 |
121 |
120 ACEConfig *ace = OBJ_NEW(mp, ACEConfig); |
122 ACEConfig *ace = OBJ_NEW(mp, ACEConfig); |
121 memset(ace, 0, sizeof(ACEConfig)); |
123 memset(ace, 0, sizeof(ACEConfig)); |
122 |
124 |
123 /* |
125 /* |
124 * first step: determine who is affected by this ace |
126 * first step: determine who is affected by this ace |
125 */ |
127 */ |
126 int n = 0; |
128 int n = 0; |
127 sstr_t s = tk[0]; |
129 cxstring s = tk[0]; |
128 |
130 |
129 if(!sstrcmp(s, sstr("user"))) { |
131 if(!cx_strcmp(s, cx_str("user"))) { |
130 // next token is the user name |
132 // next token is the user name |
131 s = tk[1]; |
133 s = tk[1]; |
132 n++; |
134 n++; |
133 ace->who = sstrdup_a(mp, s); |
135 ace->who = cx_strdup_a(mp, s); |
134 } else if(!sstrcmp(s, sstr("group"))) { |
136 } else if(!cx_strcmp(s, cx_str("group"))) { |
135 // next token is the group name |
137 // next token is the group name |
136 s = tk[1]; |
138 s = tk[1]; |
137 n++; |
139 n++; |
138 ace->who = sstrdup_a(mp, s); |
140 ace->who = cx_strdup_a(mp, s); |
139 ace->flags = ACLCFG_IDENTIFIER_GROUP; |
141 ace->flags = ACLCFG_IDENTIFIER_GROUP; |
140 } else if(!sstrcmp(s, sstr("owner@"))) { |
142 } else if(!cx_strcmp(s, cx_str("owner@"))) { |
141 ace->flags = ACLCFG_OWNER; |
143 ace->flags = ACLCFG_OWNER; |
142 } else if(!sstrcmp(s, sstr("group@"))) { |
144 } else if(!cx_strcmp(s, cx_str("group@"))) { |
143 ace->flags = ACLCFG_GROUP; |
145 ace->flags = ACLCFG_GROUP; |
144 } else if(!sstrcmp(s, sstr("everyone@"))) { |
146 } else if(!cx_strcmp(s, cx_str("everyone@"))) { |
145 ace->flags = ACLCFG_EVERYONE; |
147 ace->flags = ACLCFG_EVERYONE; |
146 } else { |
148 } else { |
147 // you can specify only the user name in the ace |
149 // you can specify only the user name in the ace |
148 ace->who = sstrdup_a(mp, s); |
150 ace->who = cx_strdup_a(mp, s); |
149 } |
151 } |
150 |
152 |
151 n++; //next token |
153 n++; //next token |
152 |
154 |
153 /* |
155 /* |
159 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete"); |
161 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete"); |
160 return 1; |
162 return 1; |
161 } |
163 } |
162 s = tk[n]; |
164 s = tk[n]; |
163 |
165 |
164 ssize_t maskn = 0; |
166 cxstring *accessmask = NULL; |
165 sstr_t *accessmask = sstrsplit(s, sstr(","), &maskn); |
167 ssize_t maskn = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &accessmask); |
166 for(int i=0;i<maskn;i++) { |
168 for(int i=0;i<maskn;i++) { |
167 sstr_t access = accessmask[i]; |
169 cxstring access = accessmask[i]; |
168 ace->access_mask = ace->access_mask | accstr2int(access); |
170 ace->access_mask = ace->access_mask | accstr2int(access); |
169 } |
171 } |
170 free(accessmask); |
172 cxFree(mp, accessmask); |
171 n++; // next token |
173 n++; // next token |
172 |
174 |
173 /* |
175 /* |
174 * get flags (optional) and ace type |
176 * get flags (optional) and ace type |
175 */ |
177 */ |
176 |
178 |
177 int complete = 0; |
179 int complete = 0; |
178 while(n < tkn) { |
180 while(n < tkn) { |
179 s = tk[n]; |
181 s = tk[n]; |
180 if(!sstrcmp(s, sstr("allow"))) { |
182 if(!cx_strcmp(s, cx_str("allow"))) { |
181 ace->type = ACLCFG_TYPE_ALLOWED; |
183 ace->type = ACLCFG_TYPE_ALLOWED; |
182 complete = 1; |
184 complete = 1; |
183 break; |
185 break; |
184 } else if(!sstrcmp(s, sstr("deny"))) { |
186 } else if(!cx_strcmp(s, cx_str("deny"))) { |
185 ace->type = ACLCFG_TYPE_DENIED; |
187 ace->type = ACLCFG_TYPE_DENIED; |
186 complete = 1; |
188 complete = 1; |
187 break; |
189 break; |
188 } else if(!sstrcmp(s, sstr("audit"))) { |
190 } else if(!cx_strcmp(s, cx_str("audit"))) { |
189 ace->type = ACLCFG_TYPE_AUDIT; |
191 ace->type = ACLCFG_TYPE_AUDIT; |
190 complete = 1; |
192 complete = 1; |
191 break; |
193 break; |
192 } else if(!sstrcmp(s, sstr("alarm"))) { |
194 } else if(!cx_strcmp(s, cx_str("alarm"))) { |
193 ace->type = ACLCFG_TYPE_ALARM; |
195 ace->type = ACLCFG_TYPE_ALARM; |
194 complete = 1; |
196 complete = 1; |
195 break; |
197 break; |
196 } else { |
198 } else { |
197 // set flags |
199 // set flags |
198 ssize_t fln = 0; |
200 cxstring *flags = NULL; |
199 sstr_t *flags = sstrsplit(s, sstr(","), &fln); |
201 ssize_t fln = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &flags); |
200 for(int i=0;i<fln;i++) { |
202 for(int i=0;i<fln;i++) { |
201 sstr_t flag = flags[i]; |
203 cxstring flag = flags[i]; |
202 if(!sstrcmp(flag, sstr("successful_access_flag"))) { |
204 if(!cx_strcmp(flag, cx_str("successful_access_flag"))) { |
203 ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG; |
205 ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG; |
204 } else if(!sstrcmp(flag, sstr("failed_access_flag"))) { |
206 } else if(!cx_strcmp(flag, cx_str("failed_access_flag"))) { |
205 ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG; |
207 ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG; |
206 } |
208 } |
207 // TODO: other flags |
209 // TODO: other flags |
208 } |
210 } |
209 free(flags); |
211 free(flags); |
214 if(!complete) { |
216 if(!complete) { |
215 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete"); |
217 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete"); |
216 return 1; |
218 return 1; |
217 } |
219 } |
218 |
220 |
219 cur->entries = ucx_list_append_a(mp, cur->entries, ace); |
221 CFG_ACE_ADD(&cur->entries, ace); |
220 |
222 |
221 return 0; |
223 return 0; |
222 } |
224 } |
223 |
225 |
224 uint32_t accstr2int(sstr_t access) { |
226 uint32_t accstr2int(cxstring access) { |
225 uint32_t val = 0; |
227 uint32_t val = 0; |
226 if(!sstrcmp(access, sstr("read"))) { |
228 if(!cx_strcmp(access, cx_str("read"))) { |
227 val = ACLCFG_READ; |
229 val = ACLCFG_READ; |
228 } else if(!sstrcmp(access, sstr("write"))) { |
230 } else if(!cx_strcmp(access, cx_str("write"))) { |
229 val = ACLCFG_WRITE; |
231 val = ACLCFG_WRITE; |
230 } else if(!sstrcmp(access, sstr("read_data"))) { |
232 } else if(!cx_strcmp(access, cx_str("read_data"))) { |
231 val = ACLCFG_READ_DATA; |
233 val = ACLCFG_READ_DATA; |
232 } else if(!sstrcmp(access, sstr("write_data"))) { |
234 } else if(!cx_strcmp(access, cx_str("write_data"))) { |
233 val = ACLCFG_WRITE_DATA; |
235 val = ACLCFG_WRITE_DATA; |
234 } else if(!sstrcmp(access, sstr("append"))) { |
236 } else if(!cx_strcmp(access, cx_str("append"))) { |
235 val = ACLCFG_APPEND; |
237 val = ACLCFG_APPEND; |
236 } else if(!sstrcmp(access, sstr("add"))) { |
238 } else if(!cx_strcmp(access, cx_str("add"))) { |
237 val = ACLCFG_ADD_FILE; |
239 val = ACLCFG_ADD_FILE; |
238 } else if(!sstrcmp(access, sstr("add_file"))) { |
240 } else if(!cx_strcmp(access, cx_str("add_file"))) { |
239 val = ACLCFG_ADD_FILE; |
241 val = ACLCFG_ADD_FILE; |
240 } else if(!sstrcmp(access, sstr("add_subdirectory"))) { |
242 } else if(!cx_strcmp(access, cx_str("add_subdirectory"))) { |
241 val = ACLCFG_ADD_SUBDIRECTORY; |
243 val = ACLCFG_ADD_SUBDIRECTORY; |
242 } else if(!sstrcmp(access, sstr("read_xattr"))) { |
244 } else if(!cx_strcmp(access, cx_str("read_xattr"))) { |
243 val = ACLCFG_READ_XATTR; |
245 val = ACLCFG_READ_XATTR; |
244 } else if(!sstrcmp(access, sstr("write_xattr"))) { |
246 } else if(!cx_strcmp(access, cx_str("write_xattr"))) { |
245 val = ACLCFG_WRITE_XATTR; |
247 val = ACLCFG_WRITE_XATTR; |
246 } else if(!sstrcmp(access, sstr("execute"))) { |
248 } else if(!cx_strcmp(access, cx_str("execute"))) { |
247 val = ACLCFG_EXECUTE; |
249 val = ACLCFG_EXECUTE; |
248 } else if(!sstrcmp(access, sstr("delete_child"))) { |
250 } else if(!cx_strcmp(access, cx_str("delete_child"))) { |
249 val = ACLCFG_DELETE_CHILD; |
251 val = ACLCFG_DELETE_CHILD; |
250 } else if(!sstrcmp(access, sstr("delete"))) { |
252 } else if(!cx_strcmp(access, cx_str("delete"))) { |
251 val = ACLCFG_DELETE; |
253 val = ACLCFG_DELETE; |
252 } else if(!sstrcmp(access, sstr("read_attributes"))) { |
254 } else if(!cx_strcmp(access, cx_str("read_attributes"))) { |
253 val = ACLCFG_READ_ATTRIBUTES; |
255 val = ACLCFG_READ_ATTRIBUTES; |
254 } else if(!sstrcmp(access, sstr("write_attributes"))) { |
256 } else if(!cx_strcmp(access, cx_str("write_attributes"))) { |
255 val = ACLCFG_WRITE_ATTRIBUTES; |
257 val = ACLCFG_WRITE_ATTRIBUTES; |
256 } else if(!sstrcmp(access, sstr("list"))) { |
258 } else if(!cx_strcmp(access, cx_str("list"))) { |
257 val = ACLCFG_LIST; |
259 val = ACLCFG_LIST; |
258 } else if(!sstrcmp(access, sstr("read_acl"))) { |
260 } else if(!cx_strcmp(access, cx_str("read_acl"))) { |
259 val = ACLCFG_READ_ACL; |
261 val = ACLCFG_READ_ACL; |
260 } else if(!sstrcmp(access, sstr("write_acl"))) { |
262 } else if(!cx_strcmp(access, cx_str("write_acl"))) { |
261 val = ACLCFG_WRITE_ACL; |
263 val = ACLCFG_WRITE_ACL; |
262 } else if(!sstrcmp(access, sstr("write_owner"))) { |
264 } else if(!cx_strcmp(access, cx_str("write_owner"))) { |
263 val = ACLCFG_WRITE_OWNER; |
265 val = ACLCFG_WRITE_OWNER; |
264 } else if(!sstrcmp(access, sstr("synchronize"))) { |
266 } else if(!cx_strcmp(access, cx_str("synchronize"))) { |
265 val = ACLCFG_SYNCHRONIZE; |
267 val = ACLCFG_SYNCHRONIZE; |
266 } |
268 } |
267 return val; |
269 return val; |
268 } |
270 } |