aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/acl.c88
-rw-r--r--src/acl.h5
-rw-r--r--src/pies.c11
3 files changed, 72 insertions, 32 deletions
diff --git a/src/acl.c b/src/acl.c
index 8561967..ad3ea1d 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -59,7 +59,7 @@ pies_acl_t
pies_acl_create (const char *name, grecs_locus_t *locus)
{
pies_acl_t acl = xmalloc (sizeof (acl[0]));
- acl->name = xstrdup (name);
+ acl->name = name ? xstrdup (name) : NULL;
acl->locus = *locus;
acl->list = gl_list_create_empty(&gl_linked_list_implementation,
NULL,
@@ -166,7 +166,6 @@ _parse_sockaddr (struct acl_entry *entry, const grecs_value_t *value)
{
sptr->netmask = 0xfffffffful >> (32 - netlen);
sptr->netmask <<= (32 - netlen);
- sptr->netmask = htonl (sptr->netmask);
}
}
else if (*q == '.')
@@ -362,37 +361,44 @@ parse_acl_line (grecs_locus_t *locus, int allow, pies_acl_t acl,
}
int
-acl_section_parser (enum grecs_callback_command cmd,
- grecs_locus_t *locus,
- void *varptr,
- grecs_value_t *value,
- void *cb_data)
+_acl_common_section_parser (enum grecs_callback_command cmd,
+ grecs_locus_t *locus,
+ grecs_value_t *value,
+ pies_acl_t *pacl,
+ int need_tag)
{
- void **pdata = cb_data;
pies_acl_t acl;
-
+ grecs_locus_t defn_loc;
+ const char *tag = NULL;
+
switch (cmd)
{
case grecs_callback_section_begin:
- if (value->type != GRECS_TYPE_STRING)
- grecs_error (locus, 0, _("ACL name must be a string"));
- else if (!value->v.string)
- grecs_error (locus, 0, _("missing ACL name"));
- else
+ if (value)
{
- grecs_locus_t defn_loc;
- acl = pies_acl_create (value->v.string, locus);
- if (pies_acl_install (acl, &defn_loc))
+ if (value->type != GRECS_TYPE_STRING)
{
- grecs_error (locus, 0,
- _("redefinition of ACL %s"),
- value->v.string);
- grecs_error (&defn_loc, 0,
- _("location of the previous definition"));
+ grecs_error (locus, 0, _("ACL name must be a string"));
return 1;
}
- *pdata = acl;
+ tag = value->v.string;
}
+ else if (need_tag)
+ {
+ grecs_error (locus, 0, _("missing ACL name"));
+ return 1;
+ }
+ acl = pies_acl_create (tag, locus);
+ if (tag && pies_acl_install (acl, &defn_loc))
+ {
+ grecs_error (locus, 0,
+ _("redefinition of ACL %s"),
+ value->v.string);
+ grecs_error (&defn_loc, 0,
+ _("location of the previous definition"));
+ return 1;
+ }
+ *pacl = acl;
break;
case grecs_callback_section_end:
@@ -402,6 +408,29 @@ acl_section_parser (enum grecs_callback_command cmd,
return 0;
}
+int
+acl_section_parser (enum grecs_callback_command cmd,
+ grecs_locus_t *locus,
+ void *varptr,
+ grecs_value_t *value,
+ void *cb_data)
+{
+ if (_acl_common_section_parser (cmd, locus, value, varptr, 1) == 0)
+ *(void**)cb_data = *(pies_acl_t*)varptr;
+ return 0;
+}
+
+int
+defacl_section_parser (enum grecs_callback_command cmd,
+ grecs_locus_t *locus,
+ void *varptr,
+ grecs_value_t *value,
+ void *cb_data)
+{
+ _acl_common_section_parser (cmd, locus, value, cb_data, 0);
+ return 0;
+}
+
static int
allow_cb (enum grecs_callback_command cmd,
grecs_locus_t *locus,
@@ -470,8 +499,8 @@ _check_sockaddr (struct pies_sockaddr *sptr, struct acl_input *input)
struct sockaddr_in *sin_clt = (struct sockaddr_in *) input->addr;
struct sockaddr_in *sin_item = (struct sockaddr_in *) &sptr->sa;
- if (ntohl (sin_clt->sin_addr.s_addr) ==
- (sin_item->sin_addr.s_addr & sptr->netmask))
+ if (sin_item->sin_addr.s_addr ==
+ (ntohl (sin_clt->sin_addr.s_addr) & sptr->netmask))
return 1;
break;
}
@@ -503,7 +532,7 @@ static int
_acl_check (struct acl_entry *ent, struct acl_input *input)
{
int result = 1;
-
+
if (ent->authenticated)
{
result = input->user != NULL;
@@ -533,7 +562,8 @@ _acl_check (struct acl_entry *ent, struct acl_input *input)
result = 0;
while (gl_list_iterator_next (&itr, &p, NULL))
{
- if (_check_sockaddr ((struct pies_sockaddr *)p, input))
+ result = _check_sockaddr ((struct pies_sockaddr *)p, input);
+ if (result)
break;
}
gl_list_iterator_free (&itr);
@@ -546,7 +576,7 @@ static int
_acl_check_cb (struct acl_entry *ent, struct acl_input *input, int *pres)
{
int result = _acl_check (ent, input);
- debug (10, ("%s:%d: %s", ent->locus.file, ent->locus.line,
+ debug (1, ("%s:%d: %s", ent->locus.file, ent->locus.line,
/* TRANSLATIONS: `MATCHES' is the verb `match' in 2nd person.
E.g., in French: CONCORD AVEC */
result ? _("MATCHES") : _("does not match")));
@@ -567,7 +597,7 @@ pies_acl_check (pies_acl_t acl, struct acl_input *input, int result)
const void *p;
gl_list_iterator_t itr = gl_list_iterator (acl->list);
while (gl_list_iterator_next (&itr, &p, NULL)
- && _acl_check_cb ((struct acl_entry *)p, input, &result))
+ && !_acl_check_cb ((struct acl_entry *)p, input, &result))
;
gl_list_iterator_free (&itr);
}
diff --git a/src/acl.h b/src/acl.h
index 8d7725e..1bfc46a 100644
--- a/src/acl.h
+++ b/src/acl.h
@@ -41,3 +41,8 @@ extern int acl_section_parser (enum grecs_callback_command cmd,
void *varptr,
grecs_value_t *value,
void *cb_data);
+extern int defacl_section_parser (enum grecs_callback_command cmd,
+ grecs_locus_t *locus,
+ void *varptr,
+ grecs_value_t *value,
+ void *cb_data);
diff --git a/src/pies.c b/src/pies.c
index 3fcc529..d7d4ae1 100644
--- a/src/pies.c
+++ b/src/pies.c
@@ -796,8 +796,8 @@ struct grecs_keyword component_keywords[] = {
},
{"acl",
N_("name: string"),
- N_("Define ACL."),
- grecs_type_section, NULL, 0,
+ N_("Set ACL."),
+ grecs_type_section, NULL, offsetof (struct component, acl),
acl_section_parser, NULL, acl_keywords},
{"remove-file",
N_("file"),
@@ -1154,9 +1154,14 @@ struct grecs_keyword pies_keywords[] = {
return_code_section_parser, NULL, return_code_keywords},
{"acl",
N_("name: string"),
- N_("Define ACL."),
+ N_("Set global ACL."),
grecs_type_section, NULL, 0,
acl_section_parser, NULL, acl_keywords},
+ {"defacl",
+ N_("name: string"),
+ N_("Define an ACL."),
+ grecs_type_section, NULL, 0,
+ defacl_section_parser, NULL, acl_keywords},
{"include-meta1",
N_("file: string"),
N_("Include components from the specified MeTA1 configuration file."),

Return to:

Send suggestions and report system problems to the System administrator.