[interchange-cvs] interchange - heins modified 4 files
interchange-core@icdevgroup.org
interchange-core@icdevgroup.org
Wed Apr 2 14:09:01 2003
User: heins
Date: 2003-04-02 19:08:29 GMT
Modified: lib/Vend Config.pm File.pm Interpolate.pm Order.pm
Log:
* Created $Vend::File::errstr which is set to get the error message,
otherwise defaults to the standard one.
* Add both global- and catalog-level FileControl directive that allows
mapping subroutines (or named pre-existing subroutines) to a path.
Does a depth-first search starting with the file name.
* In either interchange.cfg (takes priority) or catalog.cfg put:
FileControl include/junk <<EOR
sub {
my ($fn, $write, @caller) = @_;
## Allow write to files containing "foo"
if($write) {
return $fn =~ /foo/;
}
## Allow read if file doesn't contain "bar"
return $fn !~ /bar/;
}
EOR
* In either interchange.cfg (takes priority) or catalog.cfg put:
FileControl include/junk some_sub
This uses either Sub or GlobalSub
* Only in interchange.cfg, you can put a mapped routine name:
FileControl include/junk Vend::SomeModule::file_control
* If no FileControl is not set, the checks are not done for performance
reasons.
* TODO: Add standard UserDB methods.
Revision Changes Path
2.105 +34 -9 interchange/lib/Vend/Config.pm
rev 2.105, prev_rev 2.104
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.104
retrieving revision 2.105
diff -u -r2.104 -r2.105
--- Config.pm 1 Apr 2003 17:34:36 -0000 2.104
+++ Config.pm 2 Apr 2003 19:08:29 -0000 2.105
@@ -1,6 +1,6 @@
# Vend::Config - Configure Interchange
#
-# $Id: Config.pm,v 2.104 2003/04/01 17:34:36 mheins Exp $
+# $Id: Config.pm,v 2.105 2003/04/02 19:08:29 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
# Copyright (C) 2003 ICDEVGROUP <interchange@icdevgroup.org>
@@ -48,7 +48,7 @@
use Vend::File;
use Vend::Data;
-$VERSION = substr(q$Revision: 2.104 $, 10);
+$VERSION = substr(q$Revision: 2.105 $, 10);
my %CDname;
my %CPname;
@@ -176,6 +176,14 @@
Variable 1
));
+my %InitializeEmpty = (qw(
+ FileControl 1
+ ));
+
+my %AllowMappedAction = (qw(
+ FileControl 1
+ ));
+
my $StdTags;
use vars qw/ $configfile /;
@@ -302,6 +310,7 @@
['TagGroup', 'tag_group', $StdTags],
['TagInclude', 'tag_include', 'ALL'],
['ActionMap', 'action', ''],
+ ['FileControl', 'action', ''],
['FormAction', 'action', ''],
['MaxServers', 'integer', 10],
['GlobalSub', 'subroutine', ''],
@@ -361,6 +370,7 @@
['ErrorFile', undef, 'error.log'],
['ActionMap', 'action', ''],
+ ['FileControl', 'action', ''],
['FormAction', 'action', ''],
['ItemAction', 'action', ''],
['PageDir', 'relative_dir', 'pages'],
@@ -1618,10 +1628,12 @@
return parse_regex($var, $value);
}
-# Set up an ActionMap or FormAction
+# Set up an ActionMap or FormAction or FileAction
sub parse_action {
my ($var, $value, $mapped) = @_;
- return {} if ! $value;
+ if (! $value) {
+ return $InitializeEmpty{$var} ? '' : {};
+ }
return if $Vend::ExternalProgram;
@@ -1630,11 +1642,11 @@
$c = $mapped;
}
elsif(defined $C) {
- $c = $C->{$var};
+ $c = $C->{$var} ||= {};
}
else {
no strict 'refs';
- $c = ${"Global::$var"};
+ $c = ${"Global::$var"} ||= {};
}
if (defined $C and ! $c->{_mvsafe}) {
@@ -1648,9 +1660,22 @@
$sub = $1;
if($sub !~ /\s/) {
- $c->{$name} = $Global::GlobalSub->{$_}
- if defined $Global::GlobalSub->{$_};
- return $c;
+ no strict 'refs';
+ if($sub =~ /::/ and ! $C) {
+ $c->{$name} = \&{"$sub"};
+ }
+ else {
+ if($C and $C->{Sub}) {
+ $c->{$name} = $C->{Sub}{$sub};
+ }
+
+ if(! $c->{name} and $Global::GlobalSub) {
+ $c->{$name} = $Global::GlobalSub->{$sub};
+ }
+ }
+ if(! $c->{$name}) {
+ $@ = errmsg("Mapped %s action routine '%s' is non-existant.", $var, $sub);
+ }
}
elsif ( ! $mapped and $sub !~ /^sub\b/) {
my $code = <<EOF;
2.3 +41 -4 interchange/lib/Vend/File.pm
rev 2.3, prev_rev 2.2
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.2
retrieving revision 2.3
diff -u -r2.2 -r2.3
--- File.pm 2 Apr 2003 03:06:18 -0000 2.2
+++ File.pm 2 Apr 2003 19:08:29 -0000 2.3
@@ -1,6 +1,6 @@
# Vend::File - Interchange file functions
#
-# $Id: File.pm,v 2.2 2003/04/02 03:06:18 ramoore Exp $
+# $Id: File.pm,v 2.3 2003/04/02 19:08:29 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -52,7 +52,7 @@
use Vend::Util;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.2 $, 10);
+$VERSION = substr(q$Revision: 2.3 $, 10);
sub writefile {
my($file, $data, $opt) = @_;
@@ -172,8 +172,10 @@
local($/);
unless(allowed_file($ifile)) {
- ::logError("Can't read file '%s' with NoAbsolute set" , $ifile);
- ::logGlobal({ level => 'auth'}, "Can't read file '%s' with NoAbsolute set" , $ifile );
+ my $msg = $Vend::File::errstr
+ || ::errmsg("Can't read file '%s' with NoAbsolute set" , $ifile);
+ ::logError($msg);
+ ::logGlobal({ level => 'auth'}, $msg);
return undef;
}
@@ -552,10 +554,26 @@
return 0;
}
+sub file_control {
+ my ($fn, $write, $global, @caller) = @_;
+ return 1 if $Vend::superuser and ! $global;
+ my $subref = $global ? $Global::FileControl : $Vend::Cfg->{FileControl};
+ my $f = $fn;
+ CHECKPATH: {
+ do {
+ if($subref->{$f}) {
+ return $subref->{$f}->($fn, $write, @caller);
+ }
+ } while $f =~ s{/[^/]*$}{};
+ }
+ return 1;
+}
+
sub allowed_file {
my $fn = shift;
my $write = shift;
my $status = 1;
+ $Vend::File::errstr = '';
if( $Global::NoAbsolute
and
$fn !~ $Vend::Cfg->{AllowedFileRegex}
@@ -565,6 +583,25 @@
{
$status = $write ? check_user_write($fn) : check_user_read($fn);
}
+ if($status and $Global::FileControl) {
+ $status &= file_control($fn, $write, 1, caller(0))
+ or $Vend::File::errstr ||=
+ ::errmsg(
+ "Denied %s access to %s by global FileControl.",
+ $write ? 'write' : 'read',
+ $fn,
+ );
+ }
+ if($status and $Vend::Cfg->{FileControl}) {
+ $status &= file_control($fn, $write, 0, caller(0))
+ or $Vend::File::errstr ||=
+ ::errmsg(
+ "Denied %s access to %s by catalog FileControl.",
+ $write ? 'write' : 'read',
+ $fn,
+ );
+ }
+
#::logDebug("allowed_file check for $fn: $status");
return $status;
}
2.155 +14 -12 interchange/lib/Vend/Interpolate.pm
rev 2.155, prev_rev 2.154
Index: Interpolate.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Interpolate.pm,v
retrieving revision 2.154
retrieving revision 2.155
diff -u -r2.154 -r2.155
--- Interpolate.pm 1 Apr 2003 04:12:32 -0000 2.154
+++ Interpolate.pm 2 Apr 2003 19:08:29 -0000 2.155
@@ -1,6 +1,6 @@
# Vend::Interpolate - Interpret Interchange tags
#
-# $Id: Interpolate.pm,v 2.154 2003/04/01 04:12:32 mheins Exp $
+# $Id: Interpolate.pm,v 2.155 2003/04/02 19:08:29 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -27,7 +27,7 @@
require Exporter;
@ISA = qw(Exporter);
-$VERSION = substr(q$Revision: 2.154 $, 10);
+$VERSION = substr(q$Revision: 2.155 $, 10);
@EXPORT = qw (
@@ -2191,11 +2191,12 @@
$file = Vend::Util::escape_chars($file);
unless(Vend::File::allowed_file($file)) {
- my $msg = errmsg(
- "%s: Can't use file '%s' with NoAbsolute set",
- 'log',
- $file,
- );
+ my $msg = $Vend::File::errstr
+ || errmsg(
+ "%s: Can't use file '%s' with NoAbsolute set",
+ 'log',
+ $file,
+ );
::logError($msg);
::logGlobal({ level => 'auth'}, $msg);
return undef;
@@ -2424,11 +2425,12 @@
}
unless (allowed_file($file)) {
- my $msg = errmsg(
- "%s: Can't use file '%s' with NoAbsolute set",
- 'counter',
- $file,
- );
+ my $msg = $Vend::File::errstr
+ || errmsg(
+ "%s: Can't use file '%s' with NoAbsolute set",
+ 'counter',
+ $file,
+ );
::logError($msg);
::logGlobal({ level => 'auth'}, $msg);
return undef;
2.49 +4 -3 interchange/lib/Vend/Order.pm
rev 2.49, prev_rev 2.48
Index: Order.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Order.pm,v
retrieving revision 2.48
retrieving revision 2.49
diff -u -r2.48 -r2.49
--- Order.pm 1 Apr 2003 04:12:32 -0000 2.48
+++ Order.pm 2 Apr 2003 19:08:29 -0000 2.49
@@ -1,6 +1,6 @@
# Vend::Order - Interchange order routing routines
#
-# $Id: Order.pm,v 2.48 2003/04/01 04:12:32 mheins Exp $
+# $Id: Order.pm,v 2.49 2003/04/02 19:08:29 mheins Exp $
#
# Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
#
@@ -28,7 +28,7 @@
package Vend::Order;
require Exporter;
-$VERSION = substr(q$Revision: 2.48 $, 10);
+$VERSION = substr(q$Revision: 2.49 $, 10);
@ISA = qw(Exporter);
@@ -798,7 +798,8 @@
# LEGACY
if ($::Values->{mv_order_report}) {
unless( allowed_file($::Values->{mv_order_report}) ) {
- my $msg = errmsg(
+ my $msg = $Vend::File::errstr
+ || errmsg(
"%s: Can't use file '%s' with NoAbsolute set",
'mail_order',
$::Values->{mv_order_report},