# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1513417070 -3600
# Node ID b6ff6be7aa9186aa55ba21946f432be0dfbe7e97
# Parent  3e20fd78e555376eb26c1f986be96db0d5a7b7ad
adds config option to disable certain commands for specific syncdirs and fixes authmethod config parser

diff -r 3e20fd78e555 -r b6ff6be7aa91 dav/config.c
--- a/dav/config.c	Thu Dec 14 13:35:03 2017 +0100
+++ b/dav/config.c	Sat Dec 16 10:37:50 2017 +0100
@@ -272,25 +272,25 @@
         }
     } else if(xstreq(key, "authmethods")) {
         repo->authmethods = CURLAUTH_NONE;
-        const char *delims = " \r\n";
+        const char *delims = " \t\r\n";
         char *meths = strdup(value);
         char *meth = strtok(meths, delims);
         while (meth) {
-            if(xstrEQ(value, "basic")) {
+            if(xstrEQ(meth, "basic")) {
                 repo->authmethods |= CURLAUTH_BASIC;
-            } else if(xstrEQ(value, "digest")) {
+            } else if(xstrEQ(meth, "digest")) {
                 repo->authmethods |= CURLAUTH_DIGEST;
-            } else if(xstrEQ(value, "negotiate")) {
+            } else if(xstrEQ(meth, "negotiate")) {
                 repo->authmethods |= CURLAUTH_GSSNEGOTIATE;
-            } else if(xstrEQ(value, "ntlm")) {
+            } else if(xstrEQ(meth, "ntlm")) {
                 repo->authmethods |= CURLAUTH_NTLM;
-            } else if(xstrEQ(value, "any")) {
+            } else if(xstrEQ(meth, "any")) {
                 repo->authmethods = CURLAUTH_ANY;
-            } else if(xstrEQ(value, "none")) {
+            } else if(xstrEQ(meth, "none")) {
                 /* skip */
             } else {
                 print_warning(lineno,
-                        "unknown authentication method: %s\n", value);
+                        "unknown authentication method: %s\n", meth);
             }
             meth = strtok(NULL, delims);
         }
diff -r 3e20fd78e555 -r b6ff6be7aa91 dav/scfg.c
--- a/dav/scfg.c	Thu Dec 14 13:35:03 2017 +0100
+++ b/dav/scfg.c	Sat Dec 16 10:37:50 2017 +0100
@@ -135,6 +135,7 @@
     UcxList *include = NULL;
     UcxList *exclude = NULL;
     int max_retry = 0;
+    int allow_cmd = SYNC_CMD_PULL | SYNC_CMD_PUSH | SYNC_CMD_ARCHIVE;
     bool backuppull = false;
     bool lockpull = false;
     bool lockpush = false;
@@ -179,6 +180,24 @@
                     print_warning(node->line, "unsigned integer value "
                             "expected in <max-retry> element\n");
                 }
+            } else if(xstreq(node->name, "allow-cmd")) {
+                int cmds = 0;
+                const char *delims = " ,\r\n";
+                char *cmdstr = strdup(value);
+                char *cmd = strtok(cmdstr, delims);
+                while(cmd) {
+                    if(!strcmp(cmd, "pull")) {
+                        cmds |= SYNC_CMD_PULL;
+                    } else if(!strcmp(cmd, "push")) {
+                        cmds |= SYNC_CMD_PUSH;
+                    } else if(!strcmp(cmd, "archive")) {
+                        cmds |= SYNC_CMD_ARCHIVE;
+                    }
+                    cmd = strtok(NULL, delims);
+                }
+                free(cmdstr);
+                allow_cmd = cmds;
+                
             } else if(xstreq(node->name, "backup-on-pull")) {
                 backuppull = util_getboolean(value);
             } else if(xstreq(node->name, "lock-pull")) {
@@ -229,6 +248,7 @@
     dir->repository = strdup(repository);
     dir->database = strdup(database);
     dir->max_retry = max_retry;
+    dir->allow_cmd = allow_cmd;
     dir->backuppull = backuppull;
     dir->lockpull = lockpull;
     dir->lockpush = lockpush;
diff -r 3e20fd78e555 -r b6ff6be7aa91 dav/scfg.h
--- a/dav/scfg.h	Thu Dec 14 13:35:03 2017 +0100
+++ b/dav/scfg.h	Sat Dec 16 10:37:50 2017 +0100
@@ -38,6 +38,9 @@
 extern "C" {
 #endif
 
+#define SYNC_CMD_PULL    1
+#define SYNC_CMD_PUSH    2
+#define SYNC_CMD_ARCHIVE 4
     
 typedef struct SyncDirectory {
     char *name;
@@ -49,6 +52,7 @@
     UcxList *include;
     UcxList *exclude;
     int max_retry;
+    int allow_cmd;
     time_t lock_timeout;
     bool backuppull;
     bool lockpull;
diff -r 3e20fd78e555 -r b6ff6be7aa91 dav/sync.c
--- a/dav/sync.c	Thu Dec 14 13:35:03 2017 +0100
+++ b/dav/sync.c	Sat Dec 16 10:37:50 2017 +0100
@@ -258,6 +258,23 @@
     return sn;
 }
 
+static void print_allowed_cmds(SyncDirectory *dir) {
+    fprintf(stderr, "Allowed commands: ");
+    char *sep = "";
+    if((dir->allow_cmd & SYNC_CMD_PULL) == SYNC_CMD_PULL) {
+        fprintf(stderr, "pull");
+        sep = ", ";
+    }
+    if((dir->allow_cmd & SYNC_CMD_PUSH) == SYNC_CMD_PUSH) {
+        fprintf(stderr, "%spush", sep);
+        sep = ", ";
+    }
+    if((dir->allow_cmd & SYNC_CMD_ARCHIVE) == SYNC_CMD_ARCHIVE) {
+        fprintf(stderr, "%sarchive", sep);
+    }
+    fprintf(stderr, "\n");
+}
+
 int cmd_pull(CmdArgs *a) {
     if(a->argc != 1) {
         fprintf(stderr, "Too %s arguments\n", a->argc < 1 ? "few" : "many");
@@ -273,6 +290,12 @@
         return -1;
     }
     
+    if((dir->allow_cmd & SYNC_CMD_PULL) != SYNC_CMD_PULL) {
+        fprintf(stderr, "Command 'pull' is not allowed for this sync dir\n");
+        print_allowed_cmds(dir);
+        return -1;
+    }
+    
     Repository *repo = get_repository(sstr(dir->repository));
     if(!repo) {
         fprintf(stderr, "Unkown repository %s\n", dir->name);
@@ -806,6 +829,13 @@
         return -1;
     }
     
+    int cmd = archive ? SYNC_CMD_ARCHIVE : SYNC_CMD_PUSH;
+    if((dir->allow_cmd & cmd) != cmd) {
+        fprintf(stderr, "Command '%s' is not allowed for this sync dir\n", archive ? "archive" : "push");
+        print_allowed_cmds(dir);
+        return -1;
+    }
+    
     Repository *repo = get_repository(sstr(dir->repository));
     if(!repo) {
         fprintf(stderr, "Unkown repository %s\n", dir->name);