src/server/config/acl.c

changeset 415
d938228c382e
parent 115
51d9a15eac98
child 453
4586d534f9b5
equal deleted inserted replaced
414:99a34860c105 415:d938228c382e
30 #include <stdlib.h> 30 #include <stdlib.h>
31 #include <string.h> 31 #include <string.h>
32 32
33 #include "acl.h" 33 #include "acl.h"
34 34
35 ACLFile* load_acl_file(char *file) { 35 ACLFile* load_acl_file(const char *file) {
36 FILE *in = fopen(file, "r"); 36 FILE *in = fopen(file, "r");
37 if(in == NULL) { 37 if(in == NULL) {
38 return NULL; 38 return NULL;
39 } 39 }
40 40
41 ACLFile *conf = malloc(sizeof(ACLFile)); 41 ACLFile *conf = malloc(sizeof(ACLFile));
42 conf->parser.parse = acl_parse; 42 conf->parser.parse = acl_parse;
43 conf->namedACLs = NULL; 43 conf->namedACLs = cxPointerLinkedListCreate(cxDefaultAllocator, cx_cmp_ptr);
44 conf->uriACLs = NULL; 44 conf->uriACLs = cxPointerLinkedListCreate(cxDefaultAllocator, cx_cmp_ptr);
45 conf->pathACLs = NULL; 45 conf->pathACLs = cxPointerLinkedListCreate(cxDefaultAllocator, cx_cmp_ptr);
46 46
47 int r = cfg_parse_basic_file((ConfigParser*)conf, in); 47 int r = cfg_parse_basic_file((ConfigParser*)conf, in);
48 if(r != 0) { 48 if(r != 0) {
49 free_acl_file(conf); 49 free_acl_file(conf);
50 return NULL; 50 return NULL;
54 54
55 return conf; 55 return conf;
56 } 56 }
57 57
58 void free_acl_file(ACLFile *conf) { 58 void free_acl_file(ACLFile *conf) {
59 ucx_mempool_destroy(conf->parser.mp->pool); 59 //ucx_mempool_destroy(conf->parser.mp->pool);
60 free(conf); 60 free(conf);
61 } 61 }
62 62
63 int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, sstr_t line) { 63 int acl_parse(void *p, ConfigLine *begin, ConfigLine *end, cxmutstr line) {
64 ACLFile *aclf = p; 64 ACLFile *aclf = p;
65 UcxAllocator *mp = aclf->parser.mp; 65 CxAllocator *mp = aclf->parser.mp;
66 66
67 if(sstrprefix(line, sstr("ACL "))) { 67 if(cx_strprefix(cx_strcast(line), cx_str("ACL "))) {
68 sstr_t param = sstrsubs(line, 4); 68 cxmutstr param = cx_strsubs_m(line, 4);
69 UcxList *plist = cfg_param_list(param, mp); 69 ConfigParam *plist = cfg_param_list(param, mp);
70 ACLConfig *acl = OBJ_NEW(mp, ACLConfig); 70 ACLConfig *acl = OBJ_NEW(mp, ACLConfig);
71 acl->type.ptr = NULL; 71 acl->type.ptr = NULL;
72 acl->authparam = NULL; 72 acl->authparam = NULL;
73 acl->entries = NULL; 73 acl->entries = NULL;
74 aclf->cur = acl; 74 aclf->cur = acl;
75 75
76 sstr_t type = cfg_param_get(plist, sstr("type")); 76 cxmutstr type = cfg_param_get(plist, cx_str("type"));
77 sstr_t name = cfg_param_get(plist, sstr("name")); 77 cxmutstr name = cfg_param_get(plist, cx_str("name"));
78 sstr_t path = cfg_param_get(plist, sstr("path")); 78 cxmutstr path = cfg_param_get(plist, cx_str("path"));
79 sstr_t uri = cfg_param_get(plist, sstr("uri")); 79 cxmutstr uri = cfg_param_get(plist, cx_str("uri"));
80 80
81 if(name.ptr) { 81 if(name.ptr) {
82 acl->id = name; 82 acl->id = name;
83 aclf->namedACLs = ucx_list_append_a(mp, aclf->namedACLs, acl); 83 cxListAdd(aclf->namedACLs, acl);
84 } else if(path.ptr) { 84 } else if(path.ptr) {
85 acl->id = path; 85 acl->id = path;
86 aclf->pathACLs = ucx_list_append_a(mp, aclf->pathACLs, acl); 86 cxListAdd(aclf->pathACLs, acl);
87 } else if(uri.ptr) { 87 } else if(uri.ptr) {
88 acl->id = uri; 88 acl->id = uri;
89 aclf->uriACLs = ucx_list_append_a(mp, aclf->uriACLs, acl); 89 cxListAdd(aclf->uriACLs, acl);
90 } 90 }
91 91
92 if(type.ptr) { 92 if(type.ptr) {
93 acl->type = type; 93 acl->type = type;
94 } 94 }
95 } else if(sstrprefix(line, sstr("Authenticate "))) { 95 } else if(cx_strprefix(cx_strcast(line), cx_str("Authenticate "))) {
96 sstr_t param = sstrsubs(line, 13); 96 cxmutstr param = cx_strsubs_m(line, 13);
97 UcxList *plist = cfg_param_list(param, mp); 97 ConfigParam *plist = cfg_param_list(param, mp);
98 aclf->cur->authparam = plist; 98 aclf->cur->authparam = plist;
99 } else { 99 } else {
100 if(parse_ace(aclf, line)) { 100 if(parse_ace(aclf, line)) {
101 // TODO: error 101 // TODO: error
102 return 1; 102 return 1;
104 } 104 }
105 105
106 return 0; 106 return 0;
107 } 107 }
108 108
109 int parse_ace(ACLFile *f, sstr_t line) { 109 #define ACE_MAX_TOKENS 2048
110
111 int parse_ace(ACLFile *f, cxmutstr line) {
110 ACLConfig *cur = f->cur; 112 ACLConfig *cur = f->cur;
111 UcxAllocator *mp = f->parser.mp; 113 CxAllocator *mp = f->parser.mp;
112 114
113 ssize_t tkn = 0; 115 cxstring *tk = NULL;
114 sstr_t *tk = sstrsplit(line, sstr(":"), &tkn); 116 ssize_t tkn = cx_strsplit_a(mp, cx_strcast(line), cx_str(":"), ACE_MAX_TOKENS, &tk);
115 if(!tk || tkn < 3) { 117 if(!tk || tkn < 3) {
116 log_ereport(LOG_FAILURE, "parse_ace: to few tokens"); 118 log_ereport(LOG_FAILURE, "parse_ace: to few tokens: %.*s", (int)line.length, line.ptr);
117 return 1; 119 return 1;
118 } 120 }
119 121
120 ACEConfig *ace = OBJ_NEW(mp, ACEConfig); 122 ACEConfig *ace = OBJ_NEW(mp, ACEConfig);
121 memset(ace, 0, sizeof(ACEConfig)); 123 memset(ace, 0, sizeof(ACEConfig));
122 124
123 /* 125 /*
124 * first step: determine who is affected by this ace 126 * first step: determine who is affected by this ace
125 */ 127 */
126 int n = 0; 128 int n = 0;
127 sstr_t s = tk[0]; 129 cxstring s = tk[0];
128 130
129 if(!sstrcmp(s, sstr("user"))) { 131 if(!cx_strcmp(s, cx_str("user"))) {
130 // next token is the user name 132 // next token is the user name
131 s = tk[1]; 133 s = tk[1];
132 n++; 134 n++;
133 ace->who = sstrdup_a(mp, s); 135 ace->who = cx_strdup_a(mp, s);
134 } else if(!sstrcmp(s, sstr("group"))) { 136 } else if(!cx_strcmp(s, cx_str("group"))) {
135 // next token is the group name 137 // next token is the group name
136 s = tk[1]; 138 s = tk[1];
137 n++; 139 n++;
138 ace->who = sstrdup_a(mp, s); 140 ace->who = cx_strdup_a(mp, s);
139 ace->flags = ACLCFG_IDENTIFIER_GROUP; 141 ace->flags = ACLCFG_IDENTIFIER_GROUP;
140 } else if(!sstrcmp(s, sstr("owner@"))) { 142 } else if(!cx_strcmp(s, cx_str("owner@"))) {
141 ace->flags = ACLCFG_OWNER; 143 ace->flags = ACLCFG_OWNER;
142 } else if(!sstrcmp(s, sstr("group@"))) { 144 } else if(!cx_strcmp(s, cx_str("group@"))) {
143 ace->flags = ACLCFG_GROUP; 145 ace->flags = ACLCFG_GROUP;
144 } else if(!sstrcmp(s, sstr("everyone@"))) { 146 } else if(!cx_strcmp(s, cx_str("everyone@"))) {
145 ace->flags = ACLCFG_EVERYONE; 147 ace->flags = ACLCFG_EVERYONE;
146 } else { 148 } else {
147 // you can specify only the user name in the ace 149 // you can specify only the user name in the ace
148 ace->who = sstrdup_a(mp, s); 150 ace->who = cx_strdup_a(mp, s);
149 } 151 }
150 152
151 n++; //next token 153 n++; //next token
152 154
153 /* 155 /*
159 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete"); 161 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete");
160 return 1; 162 return 1;
161 } 163 }
162 s = tk[n]; 164 s = tk[n];
163 165
164 ssize_t maskn = 0; 166 cxstring *accessmask = NULL;
165 sstr_t *accessmask = sstrsplit(s, sstr(","), &maskn); 167 ssize_t maskn = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &accessmask);
166 for(int i=0;i<maskn;i++) { 168 for(int i=0;i<maskn;i++) {
167 sstr_t access = accessmask[i]; 169 cxstring access = accessmask[i];
168 ace->access_mask = ace->access_mask | accstr2int(access); 170 ace->access_mask = ace->access_mask | accstr2int(access);
169 } 171 }
170 free(accessmask); 172 cxFree(mp, accessmask);
171 n++; // next token 173 n++; // next token
172 174
173 /* 175 /*
174 * get flags (optional) and ace type 176 * get flags (optional) and ace type
175 */ 177 */
176 178
177 int complete = 0; 179 int complete = 0;
178 while(n < tkn) { 180 while(n < tkn) {
179 s = tk[n]; 181 s = tk[n];
180 if(!sstrcmp(s, sstr("allow"))) { 182 if(!cx_strcmp(s, cx_str("allow"))) {
181 ace->type = ACLCFG_TYPE_ALLOWED; 183 ace->type = ACLCFG_TYPE_ALLOWED;
182 complete = 1; 184 complete = 1;
183 break; 185 break;
184 } else if(!sstrcmp(s, sstr("deny"))) { 186 } else if(!cx_strcmp(s, cx_str("deny"))) {
185 ace->type = ACLCFG_TYPE_DENIED; 187 ace->type = ACLCFG_TYPE_DENIED;
186 complete = 1; 188 complete = 1;
187 break; 189 break;
188 } else if(!sstrcmp(s, sstr("audit"))) { 190 } else if(!cx_strcmp(s, cx_str("audit"))) {
189 ace->type = ACLCFG_TYPE_AUDIT; 191 ace->type = ACLCFG_TYPE_AUDIT;
190 complete = 1; 192 complete = 1;
191 break; 193 break;
192 } else if(!sstrcmp(s, sstr("alarm"))) { 194 } else if(!cx_strcmp(s, cx_str("alarm"))) {
193 ace->type = ACLCFG_TYPE_ALARM; 195 ace->type = ACLCFG_TYPE_ALARM;
194 complete = 1; 196 complete = 1;
195 break; 197 break;
196 } else { 198 } else {
197 // set flags 199 // set flags
198 ssize_t fln = 0; 200 cxstring *flags = NULL;
199 sstr_t *flags = sstrsplit(s, sstr(","), &fln); 201 ssize_t fln = cx_strsplit_a(mp, s, cx_str(","), ACE_MAX_TOKENS, &flags);
200 for(int i=0;i<fln;i++) { 202 for(int i=0;i<fln;i++) {
201 sstr_t flag = flags[i]; 203 cxstring flag = flags[i];
202 if(!sstrcmp(flag, sstr("successful_access_flag"))) { 204 if(!cx_strcmp(flag, cx_str("successful_access_flag"))) {
203 ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG; 205 ace->flags = ace->flags | ACLCFG_SUCCESSFUL_ACCESS_FLAG;
204 } else if(!sstrcmp(flag, sstr("failed_access_flag"))) { 206 } else if(!cx_strcmp(flag, cx_str("failed_access_flag"))) {
205 ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG; 207 ace->flags = ace->flags | ACLCFG_FAILED_ACCESS_ACE_FLAG;
206 } 208 }
207 // TODO: other flags 209 // TODO: other flags
208 } 210 }
209 free(flags); 211 free(flags);
214 if(!complete) { 216 if(!complete) {
215 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete"); 217 log_ereport(LOG_FAILURE, "parse_ace: ace incomplete");
216 return 1; 218 return 1;
217 } 219 }
218 220
219 cur->entries = ucx_list_append_a(mp, cur->entries, ace); 221 CFG_ACE_ADD(&cur->entries, ace);
220 222
221 return 0; 223 return 0;
222 } 224 }
223 225
224 uint32_t accstr2int(sstr_t access) { 226 uint32_t accstr2int(cxstring access) {
225 uint32_t val = 0; 227 uint32_t val = 0;
226 if(!sstrcmp(access, sstr("read"))) { 228 if(!cx_strcmp(access, cx_str("read"))) {
227 val = ACLCFG_READ; 229 val = ACLCFG_READ;
228 } else if(!sstrcmp(access, sstr("write"))) { 230 } else if(!cx_strcmp(access, cx_str("write"))) {
229 val = ACLCFG_WRITE; 231 val = ACLCFG_WRITE;
230 } else if(!sstrcmp(access, sstr("read_data"))) { 232 } else if(!cx_strcmp(access, cx_str("read_data"))) {
231 val = ACLCFG_READ_DATA; 233 val = ACLCFG_READ_DATA;
232 } else if(!sstrcmp(access, sstr("write_data"))) { 234 } else if(!cx_strcmp(access, cx_str("write_data"))) {
233 val = ACLCFG_WRITE_DATA; 235 val = ACLCFG_WRITE_DATA;
234 } else if(!sstrcmp(access, sstr("append"))) { 236 } else if(!cx_strcmp(access, cx_str("append"))) {
235 val = ACLCFG_APPEND; 237 val = ACLCFG_APPEND;
236 } else if(!sstrcmp(access, sstr("add"))) { 238 } else if(!cx_strcmp(access, cx_str("add"))) {
237 val = ACLCFG_ADD_FILE; 239 val = ACLCFG_ADD_FILE;
238 } else if(!sstrcmp(access, sstr("add_file"))) { 240 } else if(!cx_strcmp(access, cx_str("add_file"))) {
239 val = ACLCFG_ADD_FILE; 241 val = ACLCFG_ADD_FILE;
240 } else if(!sstrcmp(access, sstr("add_subdirectory"))) { 242 } else if(!cx_strcmp(access, cx_str("add_subdirectory"))) {
241 val = ACLCFG_ADD_SUBDIRECTORY; 243 val = ACLCFG_ADD_SUBDIRECTORY;
242 } else if(!sstrcmp(access, sstr("read_xattr"))) { 244 } else if(!cx_strcmp(access, cx_str("read_xattr"))) {
243 val = ACLCFG_READ_XATTR; 245 val = ACLCFG_READ_XATTR;
244 } else if(!sstrcmp(access, sstr("write_xattr"))) { 246 } else if(!cx_strcmp(access, cx_str("write_xattr"))) {
245 val = ACLCFG_WRITE_XATTR; 247 val = ACLCFG_WRITE_XATTR;
246 } else if(!sstrcmp(access, sstr("execute"))) { 248 } else if(!cx_strcmp(access, cx_str("execute"))) {
247 val = ACLCFG_EXECUTE; 249 val = ACLCFG_EXECUTE;
248 } else if(!sstrcmp(access, sstr("delete_child"))) { 250 } else if(!cx_strcmp(access, cx_str("delete_child"))) {
249 val = ACLCFG_DELETE_CHILD; 251 val = ACLCFG_DELETE_CHILD;
250 } else if(!sstrcmp(access, sstr("delete"))) { 252 } else if(!cx_strcmp(access, cx_str("delete"))) {
251 val = ACLCFG_DELETE; 253 val = ACLCFG_DELETE;
252 } else if(!sstrcmp(access, sstr("read_attributes"))) { 254 } else if(!cx_strcmp(access, cx_str("read_attributes"))) {
253 val = ACLCFG_READ_ATTRIBUTES; 255 val = ACLCFG_READ_ATTRIBUTES;
254 } else if(!sstrcmp(access, sstr("write_attributes"))) { 256 } else if(!cx_strcmp(access, cx_str("write_attributes"))) {
255 val = ACLCFG_WRITE_ATTRIBUTES; 257 val = ACLCFG_WRITE_ATTRIBUTES;
256 } else if(!sstrcmp(access, sstr("list"))) { 258 } else if(!cx_strcmp(access, cx_str("list"))) {
257 val = ACLCFG_LIST; 259 val = ACLCFG_LIST;
258 } else if(!sstrcmp(access, sstr("read_acl"))) { 260 } else if(!cx_strcmp(access, cx_str("read_acl"))) {
259 val = ACLCFG_READ_ACL; 261 val = ACLCFG_READ_ACL;
260 } else if(!sstrcmp(access, sstr("write_acl"))) { 262 } else if(!cx_strcmp(access, cx_str("write_acl"))) {
261 val = ACLCFG_WRITE_ACL; 263 val = ACLCFG_WRITE_ACL;
262 } else if(!sstrcmp(access, sstr("write_owner"))) { 264 } else if(!cx_strcmp(access, cx_str("write_owner"))) {
263 val = ACLCFG_WRITE_OWNER; 265 val = ACLCFG_WRITE_OWNER;
264 } else if(!sstrcmp(access, sstr("synchronize"))) { 266 } else if(!cx_strcmp(access, cx_str("synchronize"))) {
265 val = ACLCFG_SYNCHRONIZE; 267 val = ACLCFG_SYNCHRONIZE;
266 } 268 }
267 return val; 269 return val;
268 } 270 }

mercurial