Implement user privileges

* src/pies.h (component): New members: list_acl and
adm_acl.
(control): Removed id_acl.
New members: adm_acl and usr_acl.
* src/pies.c (component_keywords): New keywords list-acl and
admin-acl. Removed identity-acl.
* ident/ident.c (pies_identity_user_name): New function.
* ident/identity.h (pies_identity_user_name): New proto.
* src/ctl.c (CTL_USER_STATE,CTL_ADMIN_STATE): New states.
(cmdtab): Mark administrative commands as valid in CTL_ADMIN_STATE
(ctlio_create): Assume CTL_ADMIN_STATE in the absense of identity
providers.
(auth_data): New struct.
(cmd_auth): Select appropriate state depending on the user permissions.
(list_matches): New function.
(eval_env): Keep the list of selected progs.
(count_prog): Removed.
(selector): New function.
(cmd_list): Rewrite to take into account access rights.
(cmd_start,cmd_stop)
(cmd_restart): Only allowed for users with administrative
privileges.

5 files changed, 244 insertions, 109 deletions

diff --git a/ident/ident.c b/ident/ident.c
index 38ae1a8..dbf3f9b 100644
--- a/ident/ident.c
+++ b/ident/ident.c
@@ -41,6 +41,14 @@ pies_authenticate (pies_identity_provider_t pr, pies_identity_t id,
   return 1;
 }
 
+char const *
+pies_identity_user_name (pies_identity_t id)
+{
+  if (!id)
+    return NULL;
+  return id->username;
+}
+
 int
 pies_identity_is_user (pies_identity_t id, char * const * users)
 {
diff --git a/ident/identity.h b/ident/identity.h
index 0ee129d..8a9e2ab 100644
--- a/ident/identity.h
+++ b/ident/identity.h
@@ -20,12 +20,12 @@ typedef struct pies_identity_mechanism *pies_identity_mechanism_t;
 
 pies_identity_t pies_identity_create (char const *user);
 void pies_identity_destroy (pies_identity_t id);
-
-int pies_authenticate (pies_identity_provider_t pr, pies_identity_t id,
-                       char const *passwd);
 int pies_identity_is_user (pies_identity_t id, char * const * users);
 int pies_identity_is_group_member (pies_identity_t id, char * const * groups);
+char const *pies_identity_user_name (pies_identity_t p);
 
+int pies_authenticate (pies_identity_provider_t pr, pies_identity_t id,
+                       char const *passwd);
 char const *pies_identity_provider_name (pies_identity_provider_t p);
 
 int pies_identity_mechanism_register (pies_identity_mechanism_t mech);
diff --git a/src/ctl.c b/src/ctl.c
index 20c16e1..f422e4b 100644
--- a/src/ctl.c
+++ b/src/ctl.c
@@ -104,8 +104,11 @@ ctlbuf_chomp (struct ctlbuf *buf)
 
 #define CTL_END_STATE           0
 #define CTL_INITIAL_STATE       0x01
-#define CTL_AUTHENTICATED_STATE 0x02
-#define CTL_ACTION_STATE        0x04
+#define CTL_USER_STATE          0x02
+#define CTL_ADMIN_STATE         0x04
+#define CTL_ACTION_STATE        0x08
+
+#define CTL_AUTHENTICATED_STATE (CTL_USER_STATE|CTL_ADMIN_STATE)
 #define CTL_ALL_STATES (CTL_INITIAL_STATE|CTL_AUTHENTICATED_STATE)
 
 struct ctlio;
@@ -152,9 +155,9 @@ static struct ctlio_command cmdtab[] = {
   { "restart", "restart component",
     CTL_AUTHENTICATED_STATE, 2, 2, cmd_restart },
   { "reboot", "restart pies",
-    CTL_AUTHENTICATED_STATE, 1, 1, cmd_reboot },
+    CTL_ADMIN_STATE, 1, 1, cmd_reboot },
   { "shutdown", "stop pies",
-    CTL_AUTHENTICATED_STATE, 1, 1, cmd_shutdown },
+    CTL_ADMIN_STATE, 1, 1, cmd_shutdown },
   { NULL }
 };
 
@@ -190,7 +193,7 @@ ctlio_create (void)
 
   io = xmalloc (sizeof (*io));
   io->state = identity_provider_list
-                ? CTL_INITIAL_STATE : CTL_AUTHENTICATED_STATE;
+                ? CTL_INITIAL_STATE : CTL_ADMIN_STATE;
   io->action = ACTION_CONT;
   ctlbuf_init (&io->ibuf);
   ctlbuf_init (&io->obuf);
@@ -321,12 +324,42 @@ ctlio_initial_reply (struct ctlio *io)
   ctlio_eol (io);
 }
 
+struct auth_data
+{
+  union pies_sockaddr_storage addr;
+  socklen_t addrlen;
+  pies_identity_t id;
+  struct component const *comp;
+};
+  
+static int
+try_auth (struct prog *prog, void *data)
+{
+  struct auth_data *auth = data;
+  if (IS_COMPONENT (prog))
+    {
+      if ((prog->v.p.comp->adm_acl
+           && check_acl (prog->v.p.comp->adm_acl,
+                         (struct sockaddr *)&auth->addr, auth->addrlen,
+                         auth->id) == 0)
+          || (prog->v.p.comp->list_acl
+              && check_acl (prog->v.p.comp->list_acl,
+                            (struct sockaddr *)&auth->addr, auth->addrlen,
+                            auth->id) == 0))
+        {
+          auth->comp = prog->v.p.comp;
+          return 1;
+        }
+    }
+  return 0;
+}
+
 static void
 cmd_auth (struct ctlio *io, size_t argc, char **argv)
 {
   struct grecs_list_entry *ep;
   pies_identity_t id = pies_identity_create (argv[1]);
-  int auth = 0;
+  int new_state = CTL_INITIAL_STATE;
   
   for (ep = identity_provider_list->head; ep; ep = ep->next)
     {
@@ -336,33 +369,54 @@ cmd_auth (struct ctlio *io, size_t argc, char **argv)
       debug(1, ("trying %s...", pname));
       if (pies_authenticate (provider, id, argv[2]) == 0)
         {
-          if (check_acl (control.id_acl,
-                         (struct sockaddr *)&io->addr, io->addrlen, id))
+          if (control.adm_acl
+              && check_acl (control.adm_acl,
+                            (struct sockaddr *)&io->addr, io->addrlen,
+                            id) == 0)
             {
-              logmsg (LOG_AUTH, "%s authenticated via %s, but failed ACL check",
+              new_state = CTL_ADMIN_STATE;
+              logmsg (LOG_AUTH, "%s granted admin access via %s",
                       argv[1], pname);
-              auth = 0;
             }
-          else
+          else if (control.usr_acl
+                   && check_acl (control.usr_acl,
+                                 (struct sockaddr *)&io->addr, io->addrlen,
+                                 id) == 0)
             {
+              new_state = CTL_USER_STATE;
               logmsg (LOG_AUTH, "%s authenticated via %s",
                       argv[1], pname);
-              auth = 1;
+            }
+          else
+            {
+              struct auth_data ad = { io->addr, io->addrlen, id, NULL };
+              progman_foreach (try_auth, &ad);
+              if (ad.comp)
+                {
+                  new_state = CTL_USER_STATE;
+                  logmsg (LOG_AUTH, "%s authenticated via %s, component %s",
+                          argv[1], pname, ad.comp->tag);
+                }
+              else
+                {
+                  logmsg (LOG_AUTH, "%s authenticated via %s, but failed ACL check",
+                          argv[1], pname);
+                }
             }
           break;
         }
     }
 
-  if (auth)
+  if (new_state == CTL_INITIAL_STATE)
     {
-      ctlio_reply (io, "230", "authentication successful");
-      identity = id;
-      io->state = CTL_AUTHENTICATED_STATE;
+      pies_identity_destroy (id);
+      ctlio_reply (io, "531", "access denied");
     }
   else
     {
-      pies_identity_destroy (id);
-      ctlio_reply (io, "531", "access denied");
+      ctlio_reply (io, "230", "authentication successful");
+      identity = id;
+      io->state = new_state;
     }
 }
 
@@ -801,67 +855,100 @@ pcond_parse (struct ctlio *io, size_t argc, char **argv,
   return 0;
 }  
 
+static int
+list_matches (struct ctlio *io, struct grecs_list *matches)
+{
+  struct grecs_list_entry *ep;
+  size_t i;
+
+  for (ep = matches->head; ep; ep = ep->next)
+    {
+      struct prog *prog = ep->data;
+      
+      ctlio_reply (io, "151", "%s", prog->tag);
+      FORMAT_IDX (io, "Type", pies_type_str, prog->type);
+      switch (prog->type)
+        {
+        case TYPE_COMPONENT:
+          FORMAT_IDX (io, "Mode", pies_comp_mode_str, prog->v.p.comp->mode);
+          FORMAT_IDX (io, "Status", status_str, prog->v.p.status);
+      
+          if (prog->pid)
+            ctlio_printf (io, "PID: %lu%s", (unsigned long) prog->pid, CRLF);
+          else if (prog->v.p.status == status_listener
+                   && prog->v.p.comp->socket_url)
+            ctlio_printf (io, "URL: %10s%s",
+                          prog->v.p.comp->socket_url->string,
+                          CRLF);
+
+          if (prog->v.p.status == statu