diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-10-14 00:39:19 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-10-14 00:39:19 +0300 |
commit | a37103f89c20e6b30d1f739233be006dcff340ee (patch) | |
tree | 6753527bfd7eba895eab8fa1811a706a9ffd482f /src/acl.c | |
parent | c60e857d7f35128b077eac4a30a5900925bb38e8 (diff) | |
download | pies-a37103f89c20e6b30d1f739233be006dcff340ee.tar.gz pies-a37103f89c20e6b30d1f739233be006dcff340ee.tar.bz2 |
Fix ACL code.
* src/acl.c (pies_acl_create): Accept NULL name.
(_parse_sockaddr): Fix calculation of netmask.
(_acl_common_section_parser): New function.
(acl_section_parser): Rewrite using _acl_common_section_parser.
(defacl_section_parser): New function.
(_check_sockaddr): Bugfix.
(_acl_check): Break the loop when _check_sockaddr
returns 1.
(pies_acl_check): Break the loop when _acl_check_cb
returns 1.
* src/acl.h (defacl_section_parser): New prototype.
* src/pies.c (component_keywords): New keyword
defacl.
Diffstat (limited to 'src/acl.c')
-rw-r--r-- | src/acl.c | 88 |
1 files changed, 59 insertions, 29 deletions
@@ -59,7 +59,7 @@ pies_acl_t pies_acl_create (const char *name, grecs_locus_t *locus) { pies_acl_t acl = xmalloc (sizeof (acl[0])); - acl->name = xstrdup (name); + acl->name = name ? xstrdup (name) : NULL; acl->locus = *locus; acl->list = gl_list_create_empty(&gl_linked_list_implementation, NULL, @@ -166,7 +166,6 @@ _parse_sockaddr (struct acl_entry *entry, const grecs_value_t *value) { sptr->netmask = 0xfffffffful >> (32 - netlen); sptr->netmask <<= (32 - netlen); - sptr->netmask = htonl (sptr->netmask); } } else if (*q == '.') @@ -362,37 +361,44 @@ parse_acl_line (grecs_locus_t *locus, int allow, pies_acl_t acl, } int -acl_section_parser (enum grecs_callback_command cmd, - grecs_locus_t *locus, - void *varptr, - grecs_value_t *value, - void *cb_data) +_acl_common_section_parser (enum grecs_callback_command cmd, + grecs_locus_t *locus, + grecs_value_t *value, + pies_acl_t *pacl, + int need_tag) { - void **pdata = cb_data; pies_acl_t acl; - + grecs_locus_t defn_loc; + const char *tag = NULL; + switch (cmd) { case grecs_callback_section_begin: - if (value->type != GRECS_TYPE_STRING) - grecs_error (locus, 0, _("ACL name must be a string")); - else if (!value->v.string) - grecs_error (locus, 0, _("missing ACL name")); - else + if (value) { - grecs_locus_t defn_loc; - acl = pies_acl_create (value->v.string, locus); - if (pies_acl_install (acl, &defn_loc)) + if (value->type != GRECS_TYPE_STRING) { - grecs_error (locus, 0, - _("redefinition of ACL %s"), - value->v.string); - grecs_error (&defn_loc, 0, - _("location of the previous definition")); + grecs_error (locus, 0, _("ACL name must be a string")); return 1; } - *pdata = acl; + tag = value->v.string; } + else if (need_tag) + { + grecs_error (locus, 0, _("missing ACL name")); + return 1; + } + acl = pies_acl_create (tag, locus); + if (tag && pies_acl_install (acl, &defn_loc)) + { + grecs_error (locus, 0, + _("redefinition of ACL %s"), + value->v.string); + grecs_error (&defn_loc, 0, + _("location of the previous definition")); + return 1; + } + *pacl = acl; break; case grecs_callback_section_end: @@ -402,6 +408,29 @@ acl_section_parser (enum grecs_callback_command cmd, return 0; } +int +acl_section_parser (enum grecs_callback_command cmd, + grecs_locus_t *locus, + void *varptr, + grecs_value_t *value, + void *cb_data) +{ + if (_acl_common_section_parser (cmd, locus, value, varptr, 1) == 0) + *(void**)cb_data = *(pies_acl_t*)varptr; + return 0; +} + +int +defacl_section_parser (enum grecs_callback_command cmd, + grecs_locus_t *locus, + void *varptr, + grecs_value_t *value, + void *cb_data) +{ + _acl_common_section_parser (cmd, locus, value, cb_data, 0); + return 0; +} + static int allow_cb (enum grecs_callback_command cmd, grecs_locus_t *locus, @@ -470,8 +499,8 @@ _check_sockaddr (struct pies_sockaddr *sptr, struct acl_input *input) struct sockaddr_in *sin_clt = (struct sockaddr_in *) input->addr; struct sockaddr_in *sin_item = (struct sockaddr_in *) &sptr->sa; - if (ntohl (sin_clt->sin_addr.s_addr) == - (sin_item->sin_addr.s_addr & sptr->netmask)) + if (sin_item->sin_addr.s_addr == + (ntohl (sin_clt->sin_addr.s_addr) & sptr->netmask)) return 1; break; } @@ -503,7 +532,7 @@ static int _acl_check (struct acl_entry *ent, struct acl_input *input) { int result = 1; - + if (ent->authenticated) { result = input->user != NULL; @@ -533,7 +562,8 @@ _acl_check (struct acl_entry *ent, struct acl_input *input) result = 0; while (gl_list_iterator_next (&itr, &p, NULL)) { - if (_check_sockaddr ((struct pies_sockaddr *)p, input)) + result = _check_sockaddr ((struct pies_sockaddr *)p, input); + if (result) break; } gl_list_iterator_free (&itr); @@ -546,7 +576,7 @@ static int _acl_check_cb (struct acl_entry *ent, struct acl_input *input, int *pres) { int result = _acl_check (ent, input); - debug (10, ("%s:%d: %s", ent->locus.file, ent->locus.line, + debug (1, ("%s:%d: %s", ent->locus.file, ent->locus.line, /* TRANSLATIONS: `MATCHES' is the verb `match' in 2nd person. E.g., in French: CONCORD AVEC */ result ? _("MATCHES") : _("does not match"))); @@ -567,7 +597,7 @@ pies_acl_check (pies_acl_t acl, struct acl_input *input, int result) const void *p; gl_list_iterator_t itr = gl_list_iterator (acl->list); while (gl_list_iterator_next (&itr, &p, NULL) - && _acl_check_cb ((struct acl_entry *)p, input, &result)) + && !_acl_check_cb ((struct acl_entry *)p, input, &result)) ; gl_list_iterator_free (&itr); } |