Add opstaff_check()

Add a function to check whether a sender is on the opstaff ACL, which lives
in $sysconfdir/zephyr/acl/opstaff.acl.  This is in preparation for a number
of features which grant additional access to people on that ACL.

2 files changed, 26 insertions, 2 deletions

diff --git a/server/access.c b/server/access.c
index 918d6e2..0f38be5 100644
--- a/server/access.c
+++ b/server/access.c
@@ -22,12 +22,15 @@ static const char rcsid_access_c[] =
  *
  * External routines:
  *
- * int access_check(notice, who, acl, accesstype)
- *    ZNotice_t *notice;
+ * int access_check(sender, who, acl, accesstype)
+ *    char *sender;
  *    struct sockaddr_in *who;
  *    Acl *acl;
  *    Access accesstype;
  *
+ * int opstaff_check(sender)
+ *    char *sender;
+ *
  * void access_init();
  *
  * void access_reinit();
@@ -105,6 +108,26 @@ access_check(char *sender,
     return acl_check(buf, sender, who);
 }
 
+int
+opstaff_check(char *sender)
+{
+    char buf[1024];	/* holds the real acl name */
+    int retval;
+
+    snprintf(buf, sizeof buf, "%s/opstaff.acl", acl_dir);
+    /*
+     * If we can't load it (because it probably doesn't exist),
+     * we deny access.
+     */
+    retval = acl_load(buf);
+    if (retval < 0) {
+	syslog(LOG_DEBUG, "Error in acl_load of %s for %s",
+		buf, sender ? sender : "unauth client");
+	return 0;
+    }
+    return acl_check(buf, sender, NULL);
+}
+
 static void
 check_acl(Acl *acl)
 {
diff --git a/server/zserver.h b/server/zserver.h
index 5249f86..28b8fdb 100644
--- a/server/zserver.h
+++ b/server/zserver.h
@@ -391,6 +391,7 @@ char *get_version(void);
 
 /* found in access.c */
 int access_check(char *, struct sockaddr_in *, Acl *, Access);
+int opstaff_check(char *);
 
 /* global identifiers */