[interchange-cvs] interchange - heins modified 2 files
interchange-core@icdevgroup.org
interchange-core@icdevgroup.org
Thu Apr 3 23:52:00 2003
User: heins
Date: 2003-04-04 04:51:06 GMT
Modified: lib/Vend Config.pm File.pm
Log:
* Add some intrinsic FileControl checks.
# Is a catalog superuser
FileControl foo/bar ic_super
# Is a catalog admin
FileControl foo/bar ic_admin
# Is logged in at all
FileControl foo/bar ic_logged
# Is logged in at userdb table of "userdb"
FileControl foo/bar ic_logged:userdb
# Is logged in at userdb table of "affiliate"
FileControl foo/bar ic_logged:affiliate
# Run check on userdb file_acl
FileControl foo/bar ic_userdb
# Run check on userdb file_acl
FileControl foo/bar ic_userdb:file_acl
# Run check on userdb db_acl
FileControl foo/bar ic_userdb:db_acl
# Check for $Scratch->{dealer} set
FileControl foo/bar ic_scratch:dealer
# Check for $Scratch->{dealer} NOT set
FileControl foo/bar ic_scratch_deny:dealer
# Check for $Session->{secure} set
FileControl foo/bar ic_session:secure
# Check for $Session->{secure} NOT set
FileControl foo/bar ic_session_deny:secure
These don't override the NoAbsolute checks.
Revision Changes Path
2.107 +14 -6 interchange/lib/Vend/Config.pm
rev 2.107, prev_rev 2.106
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.106
retrieving revision 2.107
diff -u -r2.106 -r2.107
--- Config.pm 3 Apr 2003 21:30:22 -0000 2.106
+++ Config.pm 4 Apr 2003 04:51:06 -0000 2.107
@@ -1,6 +1,6 @@
# Vend::Config - Configure Interchange
#
-# $Id: Config.pm,v 2.106 2003/04/03 21:30:22 racke Exp $
+# $Id: Config.pm,v 2.107 2003/04/04 04:51:06 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
# Copyright (C) 2003 ICDEVGROUP <interchange@icdevgroup.org>
@@ -48,7 +48,7 @@
use Vend::File;
use Vend::Data;
-$VERSION = substr(q$Revision: 2.106 $, 10);
+$VERSION = substr(q$Revision: 2.107 $, 10);
my %CDname;
my %CPname;
@@ -180,7 +180,7 @@
FileControl 1
));
-my %AllowMappedAction = (qw(
+my %AllowScalarAction = (qw(
FileControl 1
));
@@ -1673,19 +1673,27 @@
$c->{$name} = $Global::GlobalSub->{$sub};
}
}
- if(! $c->{$name}) {
+ if(! $c->{$name} and $AllowScalarAction{$var}) {
+ $c->{$name} = $sub;
+ }
+ elsif(! $c->{$name}) {
$@ = errmsg("Mapped %s action routine '%s' is non-existant.", $var, $sub);
}
}
elsif ( ! $mapped and $sub !~ /^sub\b/) {
- my $code = <<EOF;
+ if($AllowScalarAction{$var}) {
+ $c->{$name} = $sub;
+ }
+ else {
+ my $code = <<EOF;
sub {
return Vend::Interpolate::interpolate_html(<<EndOfThisHaiRYTHING);
$sub
EndOfThisHaiRYTHING
}
EOF
- $c->{$name} = eval $code;
+ $c->{$name} = eval $code;
+ }
}
elsif (! $C or $Global::AllowGlobal->{$C->{CatalogName}}) {
package Vend::Interpolate;
2.4 +85 -3 interchange/lib/Vend/File.pm
rev 2.4, prev_rev 2.3
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.3
retrieving revision 2.4
diff -u -r2.3 -r2.4
--- File.pm 2 Apr 2003 19:08:29 -0000 2.3
+++ File.pm 4 Apr 2003 04:51:06 -0000 2.4
@@ -1,6 +1,6 @@
# Vend::File - Interchange file functions
#
-# $Id: File.pm,v 2.3 2003/04/02 19:08:29 mheins Exp $
+# $Id: File.pm,v 2.4 2003/04/04 04:51:06 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -51,8 +51,8 @@
use Errno;
use Vend::Util;
use subs qw(logError logGlobal);
-use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.3 $, 10);
+use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
+$VERSION = substr(q$Revision: 2.4 $, 10);
sub writefile {
my($file, $data, $opt) = @_;
@@ -522,6 +522,85 @@
return 0;
}
+my %intrinsic = (
+ ic_super => sub { return 1 if $Vend::superuser; },
+ ic_admin => sub { return 1 if $Vend::admin; },
+ ic_logged => sub {
+ my ($fn, $write, $sub) = @_;
+ return 0 unless $Vend::username;
+ return 0 unless $Vend::Session->{logged_in};
+ return 0 if $sub and $Vend::login_table ne $sub;
+ return 1;
+ },
+ ic_session => sub {
+ my ($fn, $write, $sub) = @_;
+ return 1 if $Vend::Session->{$sub};
+ return 0;
+ },
+ ic_session_deny => sub {
+ my ($fn, $write, $sub) = @_;
+ return 0 if $Vend::Session->{$sub};
+ return 1;
+ },
+ ic_scratch => sub {
+ my ($fn, $write, $sub) = @_;
+ return 1 if $::Scratch->{$sub};
+ return 0;
+ },
+ ic_scratch_deny => sub {
+ my ($fn, $write, $sub) = @_;
+ return 0 if $::Scratch->{$sub};
+ return 1;
+ },
+ ic_userdb => sub {
+ my ($fn, $write, $profile, $sub, $mode) = @_;
+ return 0 unless $Vend::username;
+ return 0 unless $Vend::Session->{logged_in};
+ $profile ||= 'default';
+ $sub ||= 'file_acl';
+ my $u = new Vend::UserDB profile => $profile;
+ $mode ||= $write ? 'w' : 'r';
+ my $func = "check_$sub";
+ my %o = (
+ location => $fn,
+ mode => $mode,
+ );
+ return undef unless $u->can($func);
+ my $status = $u->$func( %o );
+ ::logDebug("status=$status back from userdb: " . ::uneval(\%o));
+ return $status;
+ },
+);
+
+sub _intrinsic {
+ my ($thing, $fn, $write) = @_;
+ $thing =~ s/^\s+//;
+ $thing =~ s/\s+$//;
+ my @checks = split /\s*;\s*/, $thing;
+ my $status = 1;
+ for(@checks) {
+ my ($check, @args) = split /:/, $_;
+ my $sub = $intrinsic{$check}
+ or do {
+ ## $errstr is package global
+ $errstr = ::errmsg("Bad intrinsic check '%s', denying.", $_);
+ return undef;
+ };
+ unless( $sub->($fn, $write, @args) ) {
+ ## $errstr is package global
+ $errstr = ::errmsg(
+ "Failed intrinsic check '%s'%s for %s, denying.",
+ $_,
+ $write ? " (write)" : '',
+ $fn,
+ );
+ $status = 0;
+ last;
+ }
+ }
+ return $status;
+}
+
sub check_user_write {
my $fn = shift;
my $un = $Global::CatalogUser->{$Vend::Cat}
@@ -561,8 +640,11 @@
my $f = $fn;
CHECKPATH: {
do {
- if($subref->{$f}) {
+ if(ref($subref->{$f}) eq 'CODE') {
return $subref->{$f}->($fn, $write, @caller);
+ }
+ elsif ($subref->{$f}) {
+ return _intrinsic($subref->{$f}, $fn, $write);
}
} while $f =~ s{/[^/]*$}{};
}