diff options
Diffstat (limited to 'check/parse.c')
-rw-r--r-- | check/parse.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/check/parse.c b/check/parse.c index 33d1aa5..81ec345 100644 --- a/check/parse.c +++ b/check/parse.c @@ -7,36 +7,36 @@ static enum permission eval(const char *keyword, const char *principal, const char *cmd, const char *user, const char *group, const char *command) { - int pmatch = 0; + enum permission_principal pp = 0; if (!strcmp(user, principal)) { - pmatch = 1; - } - if (principal[0] == ':' && !strcmp(group, principal + 1)) { - pmatch = 1; + pp = PERM_USER; + } else if (principal[0] == ':' && !strcmp(group, principal + 1)) { + pp = PERM_GROUP; } - int cmatch = 0; - if (cmd == NULL || !strcmp(cmd, command)) { - cmatch = 1; + enum permission_command pc = 0; + if (cmd == NULL) { + pc = PERM_ALL; + } else if (!strcmp(cmd, command)) { + pc = PERM_CMD; } + enum permission_keyword pk = 0; if (!strcmp(keyword, "authorize")) { - if (cmatch && pmatch) { - return AUTHORIZED; - } + pk = PERM_PASS; } else if (!strcmp(keyword, "authenticate")) { - if (cmatch && pmatch) { - return AUTHENTICATE; - } + pk = PERM_AUTH; } else if (!strcmp(keyword, "deny")) { - if (cmatch && pmatch) { - return DENIED; - } + pk = PERM_DENY; } else { fatal(0, "invalid keyword: %s", keyword); } - return UNKNOWN; + if (pp == 0 || pc == 0) { + return UNKNOWN; + } + + return pp | pc | pk; } enum permission get_permission(const char *user, const char *group, const char *command) @@ -76,7 +76,7 @@ enum permission get_permission(const char *user, const char *group, const char * } enum permission tmp = eval(keyword, principal, cmd, user, group, command); - /* only increase, so deny trumps authenticate, which trumps authorize */ + /* only change if a higher precedence is found */ if (tmp > perm) { perm = tmp; } |