[interchange-cvs] interchange - heins modified 4 files

interchange-core@icdevgroup.org interchange-core@icdevgroup.org
Wed Apr 2 14:09:01 2003


User:      heins
Date:      2003-04-02 19:08:29 GMT
Modified:  lib/Vend Config.pm File.pm Interpolate.pm Order.pm
Log:
* Created $Vend::File::errstr which is set to get the error message,
  otherwise defaults to the standard one.

* Add both global- and catalog-level FileControl directive that allows
  mapping subroutines (or named pre-existing subroutines) to a path.
  Does a depth-first search starting with the file name.

* In either interchange.cfg (takes priority) or catalog.cfg put:

	FileControl include/junk  <<EOR
	sub {
		my ($fn, $write, @caller) = @_;

		## Allow write to files containing "foo"
		if($write) {
			return $fn =~ /foo/;
		}

		## Allow read if file doesn't contain "bar"
		return $fn !~ /bar/;
	}
	EOR

* In either interchange.cfg (takes priority) or catalog.cfg put:

	FileControl  include/junk  some_sub

  This uses either Sub or GlobalSub

* Only in interchange.cfg, you can put a mapped routine name:

	FileControl  include/junk  Vend::SomeModule::file_control

* If no FileControl is not set, the checks are not done for performance
  reasons.

* TODO: Add standard UserDB methods.

Revision  Changes    Path
2.105     +34 -9     interchange/lib/Vend/Config.pm


rev 2.105, prev_rev 2.104
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.104
retrieving revision 2.105
diff -u -r2.104 -r2.105
--- Config.pm	1 Apr 2003 17:34:36 -0000	2.104
+++ Config.pm	2 Apr 2003 19:08:29 -0000	2.105
@@ -1,6 +1,6 @@
 # Vend::Config - Configure Interchange
 #
-# $Id: Config.pm,v 2.104 2003/04/01 17:34:36 mheins Exp $
+# $Id: Config.pm,v 2.105 2003/04/02 19:08:29 mheins Exp $
 #
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 # Copyright (C) 2003 ICDEVGROUP <interchange@icdevgroup.org>
@@ -48,7 +48,7 @@
 use Vend::File;
 use Vend::Data;
 
-$VERSION = substr(q$Revision: 2.104 $, 10);
+$VERSION = substr(q$Revision: 2.105 $, 10);
 
 my %CDname;
 my %CPname;
@@ -176,6 +176,14 @@
 					Variable			1
 				));
 
+my %InitializeEmpty = (qw(
+					FileControl			1
+				));
+
+my %AllowMappedAction = (qw(
+					FileControl			1
+				));
+
 my $StdTags;
 
 use vars qw/ $configfile /;
@@ -302,6 +310,7 @@
 	['TagGroup',		 'tag_group',		 $StdTags],
 	['TagInclude',		 'tag_include',		 'ALL'],
 	['ActionMap',		 'action',			 ''],
+	['FileControl',		 'action',			 ''],
 	['FormAction',		 'action',			 ''],
 	['MaxServers',       'integer',          10],
 	['GlobalSub',		 'subroutine',       ''],
@@ -361,6 +370,7 @@
 
 	['ErrorFile',        undef,              'error.log'],
 	['ActionMap',		 'action',			 ''],
+	['FileControl',		 'action',			 ''],
 	['FormAction',		 'action',			 ''],
 	['ItemAction',		 'action',			 ''],
 	['PageDir',          'relative_dir',     'pages'],
@@ -1618,10 +1628,12 @@
 	return parse_regex($var, $value);
 }
 
-# Set up an ActionMap or FormAction
+# Set up an ActionMap or FormAction or FileAction
 sub parse_action {
 	my ($var, $value, $mapped) = @_;
-	return {} if ! $value;
+	if (! $value) {
+		return $InitializeEmpty{$var} ? '' : {};
+	}
 
 	return if $Vend::ExternalProgram;
 
@@ -1630,11 +1642,11 @@
 		$c = $mapped;
 	}
 	elsif(defined $C) {
-		$c = $C->{$var};
+		$c = $C->{$var} ||= {};
 	}
 	else {
 		no strict 'refs';
-		$c = ${"Global::$var"};
+		$c = ${"Global::$var"} ||= {};
 	}
 
 	if (defined $C and ! $c->{_mvsafe}) {
@@ -1648,9 +1660,22 @@
 	$sub = $1;
 
 	if($sub !~ /\s/) {
-		$c->{$name} = $Global::GlobalSub->{$_}
-			if defined $Global::GlobalSub->{$_};
-		return $c;
+		no strict 'refs';
+		if($sub =~ /::/ and ! $C) {
+			$c->{$name} = \&{"$sub"};
+		}
+		else {
+			if($C and $C->{Sub}) {
+				$c->{$name} = $C->{Sub}{$sub};
+			}
+
+			if(! $c->{name} and $Global::GlobalSub) {
+				$c->{$name} = $Global::GlobalSub->{$sub};
+			}
+		}
+		if(! $c->{$name}) {
+			$@ = errmsg("Mapped %s action routine '%s' is non-existant.", $var, $sub);
+		}
 	}
 	elsif ( ! $mapped and $sub !~ /^sub\b/) {
 		my $code = <<EOF;



2.3       +41 -4     interchange/lib/Vend/File.pm


rev 2.3, prev_rev 2.2
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.2
retrieving revision 2.3
diff -u -r2.2 -r2.3
--- File.pm	2 Apr 2003 03:06:18 -0000	2.2
+++ File.pm	2 Apr 2003 19:08:29 -0000	2.3
@@ -1,6 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.2 2003/04/02 03:06:18 ramoore Exp $
+# $Id: File.pm,v 2.3 2003/04/02 19:08:29 mheins Exp $
 # 
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -52,7 +52,7 @@
 use Vend::Util;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.2 $, 10);
+$VERSION = substr(q$Revision: 2.3 $, 10);
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -172,8 +172,10 @@
     local($/);
 
 	unless(allowed_file($ifile)) {
-		::logError("Can't read file '%s' with NoAbsolute set" , $ifile);
-		::logGlobal({ level => 'auth'}, "Can't read file '%s' with NoAbsolute set" , $ifile );
+		my $msg = $Vend::File::errstr
+				|| ::errmsg("Can't read file '%s' with NoAbsolute set" , $ifile);
+		::logError($msg);
+		::logGlobal({ level => 'auth'}, $msg);
 		return undef;
 	}
 
@@ -552,10 +554,26 @@
 	return 0;
 }
 
+sub file_control {
+	my ($fn, $write, $global, @caller) = @_;
+	return 1 if $Vend::superuser and ! $global;
+	my $subref = $global ? $Global::FileControl : $Vend::Cfg->{FileControl};
+	my $f = $fn;
+	CHECKPATH: {
+		do {
+			if($subref->{$f}) {
+				return $subref->{$f}->($fn, $write, @caller);
+			}
+		} while $f =~ s{/[^/]*$}{};
+	}
+	return 1;
+}
+
 sub allowed_file {
 	my $fn = shift;
 	my $write = shift;
 	my $status = 1;
+	$Vend::File::errstr = '';
 	if(	$Global::NoAbsolute
 			and
 		$fn !~ $Vend::Cfg->{AllowedFileRegex}
@@ -565,6 +583,25 @@
 	{
 		$status = $write ? check_user_write($fn) : check_user_read($fn);
 	}
+	if($status and $Global::FileControl) {
+		$status &= file_control($fn, $write, 1, caller(0))
+			or $Vend::File::errstr ||=
+							::errmsg(
+								 "Denied %s access to %s by global FileControl.",
+								 $write ? 'write' : 'read',
+								 $fn,
+							 );
+	}
+	if($status and $Vend::Cfg->{FileControl}) {
+		$status &= file_control($fn, $write, 0, caller(0))
+		  or $Vend::File::errstr ||=
+		  					::errmsg(
+								 "Denied %s access to %s by catalog FileControl.",
+								 $write ? 'write' : 'read',
+								 $fn,
+							 );
+	}
+	
 #::logDebug("allowed_file check for $fn: $status");
 	return $status;
 }



2.155     +14 -12    interchange/lib/Vend/Interpolate.pm


rev 2.155, prev_rev 2.154
Index: Interpolate.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Interpolate.pm,v
retrieving revision 2.154
retrieving revision 2.155
diff -u -r2.154 -r2.155
--- Interpolate.pm	1 Apr 2003 04:12:32 -0000	2.154
+++ Interpolate.pm	2 Apr 2003 19:08:29 -0000	2.155
@@ -1,6 +1,6 @@
 # Vend::Interpolate - Interpret Interchange tags
 # 
-# $Id: Interpolate.pm,v 2.154 2003/04/01 04:12:32 mheins Exp $
+# $Id: Interpolate.pm,v 2.155 2003/04/02 19:08:29 mheins Exp $
 #
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -27,7 +27,7 @@
 require Exporter;
 @ISA = qw(Exporter);
 
-$VERSION = substr(q$Revision: 2.154 $, 10);
+$VERSION = substr(q$Revision: 2.155 $, 10);
 
 @EXPORT = qw (
 
@@ -2191,11 +2191,12 @@
 
 	$file = Vend::Util::escape_chars($file);
 	unless(Vend::File::allowed_file($file)) {
-		my $msg = errmsg(
-						"%s: Can't use file '%s' with NoAbsolute set",
-						'log',
-						$file,
-					);
+		my $msg = $Vend::File::errstr
+				|| errmsg(
+								"%s: Can't use file '%s' with NoAbsolute set",
+								'log',
+								$file,
+							);
 		::logError($msg);
 		::logGlobal({ level => 'auth'}, $msg);
 		return undef;
@@ -2424,11 +2425,12 @@
 	}
 
 	unless (allowed_file($file)) {
-		my $msg = errmsg(
-						"%s: Can't use file '%s' with NoAbsolute set",
-						'counter',
-						$file,
-					);
+		my $msg = $Vend::File::errstr
+				|| errmsg(
+								"%s: Can't use file '%s' with NoAbsolute set",
+								'counter',
+								$file,
+							);
 		::logError($msg);
 		::logGlobal({ level => 'auth'}, $msg);
 		return undef;



2.49      +4 -3      interchange/lib/Vend/Order.pm


rev 2.49, prev_rev 2.48
Index: Order.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Order.pm,v
retrieving revision 2.48
retrieving revision 2.49
diff -u -r2.48 -r2.49
--- Order.pm	1 Apr 2003 04:12:32 -0000	2.48
+++ Order.pm	2 Apr 2003 19:08:29 -0000	2.49
@@ -1,6 +1,6 @@
 # Vend::Order - Interchange order routing routines
 #
-# $Id: Order.pm,v 2.48 2003/04/01 04:12:32 mheins Exp $
+# $Id: Order.pm,v 2.49 2003/04/02 19:08:29 mheins Exp $
 #
 # Copyright (C) 1996-2001 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -28,7 +28,7 @@
 package Vend::Order;
 require Exporter;
 
-$VERSION = substr(q$Revision: 2.48 $, 10);
+$VERSION = substr(q$Revision: 2.49 $, 10);
 
 @ISA = qw(Exporter);
 
@@ -798,7 +798,8 @@
 # LEGACY
 	if ($::Values->{mv_order_report}) {
 		unless( allowed_file($::Values->{mv_order_report}) ) {
-			my $msg = errmsg(
+			my $msg = $Vend::File::errstr
+					|| errmsg(
 							"%s: Can't use file '%s' with NoAbsolute set",
 							'mail_order',
 							 $::Values->{mv_order_report},