From a36a075433165839ec7a02379ad83c03e08498a5 Mon Sep 17 00:00:00 2001 From: Kenneth G Raeburn Date: Tue, 13 Nov 1990 12:02:59 +0000 Subject: C++ conversion and lots of modifications from summer & fall work --- server/access.c | 158 ++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 120 insertions(+), 38 deletions(-) (limited to 'server/access.c') diff --git a/server/access.c b/server/access.c index c877162..dc1afd8 100644 --- a/server/access.c +++ b/server/access.c @@ -13,20 +13,16 @@ #include -#ifndef lint -#ifndef SABER -static char rcsid_access_c[] = "$Header$"; -#endif SABER -#endif lint +#if !defined (lint) && !defined (SABER) +static const char rcsid_access_c[] = + "$Header$"; +#endif /* * * External routines: * - * int access_check(notice, acl, accesstype) - * ZNotice_t *notice; - * ZAcl_t *acl; - * ZAccess_t accesstype; + * ZAcl_t::ok (ZString sender, ZAccess_t accesstype) * * void access_init(); * @@ -40,60 +36,127 @@ static char rcsid_access_c[] = "$Header$"; * routines and the support needed by the Zephyr server. */ -#include "zserver.h" /* includes , - */ #include +#include "zserver.h" + +/* + * Our private types for the acl_types field in the ZAcl_t structure. + * -TYT 8/14/90 + */ +#define ACL_XMT 1 +#define ACL_SUB 2 +#define ACL_IWS 4 +#define ACL_IUI 8 + /* * check access. return 1 if ok, 0 if not ok. */ int -access_check(notice, acl, accesstype) -ZNotice_t *notice; -ZAcl_t *acl; -ZAccess_t accesstype; +ZAcl_t::ok (ZString sender, ZAccess_t accesstype) { char buf[MAXPATHLEN]; /* holds the real acl name */ char *prefix; + int flag; switch (accesstype) { case TRANSMIT: prefix = "xmt"; + flag = ACL_XMT; break; case SUBSCRIBE: prefix = "sub"; + flag = ACL_SUB; break; case INSTWILD: prefix = "iws"; + flag = ACL_IWS; break; case INSTUID: prefix = "iui"; + flag = ACL_IUI; break; default: syslog(LOG_ERR, "unknown access type %d", (int) accesstype); return(0); } + if (!acl_types & flag) /* no acl ==> no restriction + ==> thumbs up */ + return (1); (void) sprintf(buf, "%s%s-%s.acl", ZEPHYR_ACL_DIR, prefix, - acl->acl_filename); - if (access(buf, F_OK)) /* no acl ==> no restriction - ==> thumbs up */ - return(1); - return(acl_check(buf, notice->z_sender)); + acl_filename); + /* + * If we can't load it (because it probably doesn't exist), + * we grant access by default. Dangerous! + */ +#if 0 + zdbug ((LOG_DEBUG, "checking %s for %s", buf, sender.value ())); +#endif + return (acl_load (buf) < 0 + || acl_check(buf, sender.value ())); } -void -access_init() +void ZAcl_t::check_acl_type (ZAccess_t accesstype, int typeflag) +{ + char buf[MAXPATHLEN]; /* holds the real acl name */ + char *prefix; + + switch (accesstype) { + case TRANSMIT: + prefix = "xmt"; + break; + case SUBSCRIBE: + prefix = "sub"; + break; + case INSTWILD: + prefix = "iws"; + break; + case INSTUID: + prefix = "iui"; + break; + default: + syslog(LOG_ERR, "unknown access type %d", (int) accesstype); + return; + } + (void) sprintf(buf, "%s%s-%s.acl", + ZEPHYR_ACL_DIR, + prefix, + acl_filename); + if (!access(buf, F_OK)) + acl_types |= typeflag; +} + +void ZAcl_t::check () { + acl_types = 0; + check_acl_type (TRANSMIT, ACL_XMT); + check_acl_type (SUBSCRIBE, ACL_SUB); + check_acl_type (INSTWILD, ACL_IWS); + check_acl_type (INSTUID, ACL_IUI); +} + +/* + * Re-init code written by TYT, 8/14/90. + * + * General plan of action; we reread the registry list, and add any + * new restricted classes. If any restricted classes disappear (this + * should be rarely) the ZAcl_t structure is not deallocated; rather, + * the acl_types field will be left at zero, since there will be no + * acl files for the (non-)restricted class. + */ + +static void +access_setup (int first) { char buf[MAXPATHLEN]; - char class[512]; /* assume class names <= 511 bytes */ + char class_name[512]; /* assume class names <= 511 bytes */ FILE *registry; ZAcl_t *acl; register int len; register char *colon_idx; - Code_t retval; + Code_t retval = 0; (void) sprintf(buf, "%s%s", ZEPHYR_ACL_DIR, ZEPHYR_CLASS_REGISTRY); @@ -101,25 +164,38 @@ access_init() syslog(LOG_ERR, "no registry available, all classes are free"); return; } - while (fgets(class, 512, registry) != NULL) { - if (colon_idx = index(class, ':')) - *colon_idx = '\0'; - else if (len = strlen(class)) - class[len - 1] = '\0'; - acl = (ZAcl_t *) xmalloc(sizeof(ZAcl_t)); + while (fgets(class_name, 512, registry) != NULL) { + if (colon_idx = index(class_name, ':')) + *colon_idx = '\0'; + else if (len = strlen(class_name)) + class_name[len - 1] = '\0'; + acl = 0; + if (!first) + acl = class_get_acl (ZString (class_name, 1)); if (!acl) { + acl = new ZAcl_t (class_name); + if (!acl) { syslog(LOG_ERR, "no mem acl alloc"); abort(); + } + if (!first) { + /* Try to restrict already existing class */ + retval = class_restrict (class_name, acl); + if (retval == ZSRV_NOCLASS) + retval = class_setup_restricted (class_name, acl); + } + else + retval = class_setup_restricted (class_name, acl); } - acl->acl_filename = strsave(class); - retval = class_setup_restricted(class, acl); if (retval) { syslog(LOG_ERR, "can't restrict %s: %s", - class, error_message(retval)); + class_name, error_message(retval)); continue; - } else if (zdebug) - syslog(LOG_DEBUG, "restricted %s", - class, acl->acl_filename); + } +#if 1 + else if (zdebug) + syslog(LOG_DEBUG, "restricted %s", class_name); +#endif } (void) fclose(registry); @@ -127,8 +203,14 @@ access_init() } void -access_reinit() +access_init (void) { - /* re-initialize the restricted classes */ + access_setup (1); } +void +access_reinit (void) +{ + acl_cache_reset (); + access_setup (0); +} -- cgit v1.2.3