src/server/safs/pathcheck.c

Wed, 28 Dec 2016 17:27:14 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Wed, 28 Dec 2016 17:27:14 +0100
changeset 139
29ac9aed4889
parent 131
70010b94bda5
child 141
ff311b63c3af
permissions
-rw-r--r--

fixes some memory errors and startup with broken config

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2013 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <ucx/string.h>

#include "pathcheck.h"

#include "../util/pblock.h"
#include "../daemon/config.h"
#include "../daemon/acl.h"
#include "../daemon/acldata.h"
#include "../daemon/session.h"
#include "../daemon/vserver.h"

#include "../config/acl.h"

int require_auth(pblock *pb, Session *sn, Request *rq) {
    char *user = pblock_findkeyval(pb_key_auth_user, rq->vars);

    if(user == NULL) {
        pblock_nvinsert(
                "www-authenticate",
                "Basic realm=\"Webserver\"",
                rq->srvhdrs);

        protocol_status(sn, rq, PROTOCOL_UNAUTHORIZED, NULL);
        return REQ_ABORTED;
    }

    return REQ_PROCEED;
}

int require_access(pblock *pb, Session *sn, Request *rq) {
    char *mask_str = pblock_findval("mask", rq->vars);
    if(!mask_str) {
        log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter");
        protocol_status(sn, rq, 500, NULL);
        return REQ_ABORTED;
    }
    
    uint32_t access_mask = 0;
    ssize_t n = 0;
    sstr_t *rights = sstrsplit(sstr(mask_str), sstrn(",", 1), &n);
    for(int i=0;i<n;i++) {
        sstr_t right = rights[i];
        access_mask = access_mask | accstr2int(right);
    }
    
    return REQ_PROCEED;
}

int append_acl(pblock *pb, Session *sn, Request *rq) {
    const VirtualServer *vs = request_get_vs(rq);
    
    WS_ASSERT(vs);
    
    char *aclname = pblock_findval("acl", pb);
    if(aclname) {
        ACLList *acl = acl_get(vs->acls, aclname);
        if(!acl) {
            log_ereport(
                    LOG_MISCONFIG,
                    "append-acl: acl %s not found", aclname);
            protocol_status(sn, rq, 500, NULL);
            return REQ_ABORTED;
        }
        
        acllist_append(sn, rq, acl);
    }
    
    return REQ_PROCEED;
}


int check_acl(pblock *pb, Session *sn, Request *rq) {
    int access_mask = ACL_READ_DATA; // TODO: check method and path
    
    int ret = acl_evaluate(sn, rq, access_mask);
    if(ret == REQ_ABORTED) {
        // TODO: status, error, ...
        return REQ_ABORTED;
    }
    
    return REQ_PROCEED;
}

int find_index(pblock *pb, Session *sn, Request *rq) {
    char *inames = pblock_findval("index-names", pb);
    if(!inames) {
        log_ereport(
                LOG_MISCONFIG,
                "find-index: index-names parameter missing");
        return REQ_ABORTED;
    }
    
    ssize_t ni = 0;
    sstr_t *names = sstrsplit(sstr(inames), S(","), &ni);
    if(ni <= 0) {
        log_ereport(
                LOG_MISCONFIG,
                "find-index: no files specified in index-names parameter");
        return REQ_ABORTED;
    }
    
    int ret = REQ_NOACTION;
    
    char *path = pblock_findkeyval(pb_key_path, rq->vars);
    size_t pathlen = strlen(path);
    sstr_t p = sstrn(path, pathlen);
    if(path[pathlen-1] == '/') {
        for(int i=0;i<ni;i++) {
            sstr_t newpath = sstrcat(2, p, sstrtrim(names[i]));
            struct stat s;
            if(!stat(newpath.ptr, &s)) {
                pblock_kvinsert(
                        pb_key_path,
                        newpath.ptr,
                        newpath.length,
                        rq->vars);
                free(newpath.ptr);
                ret = REQ_PROCEED;
            } else {
                free(newpath.ptr);
            }
        }
    }
    
    for(int i=0;i<ni;i++) {
        free(names[i].ptr);
    }
    free(names);
    
    return ret;
}

mercurial