summaryrefslogtreecommitdiff
path: root/check/parse.c
blob: 33d1aa5c2925a907cf0287995eaa492021157ed5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#define _POSIX_C_SOURCE 200809L
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "check.h"

static enum permission eval(const char *keyword, const char *principal, const char *cmd, const char *user, const char *group, const char *command)
{
	int pmatch = 0;
	if (!strcmp(user, principal)) {
		pmatch = 1;
	}
	if (principal[0] == ':' && !strcmp(group, principal + 1)) {
		pmatch = 1;
	}

	int cmatch = 0;
	if (cmd == NULL || !strcmp(cmd, command)) {
		cmatch = 1;
	}

	if (!strcmp(keyword, "authorize")) {
		if (cmatch && pmatch) {
			return AUTHORIZED;
		}
	} else if (!strcmp(keyword, "authenticate")) {
		if (cmatch && pmatch) {
			return AUTHENTICATE;
		}
	} else if (!strcmp(keyword, "deny")) {
		if (cmatch && pmatch) {
			return DENIED;
		}
	} else {
		fatal(0, "invalid keyword: %s", keyword);
	}

	return UNKNOWN;
}

enum permission get_permission(const char *user, const char *group, const char *command)
{
	enum permission perm = UNKNOWN;
	FILE *f = fopen(CONFIG_PATH, "r");
	if (f == NULL) {
		fatal(1, CONFIG_PATH);
	}

	ssize_t s = 0;
	char *buf = NULL;
	size_t len = 0;
	while ((s = getline(&buf, &len, f)) > 0) {
		if (*buf == '#') {
			continue;
		}
		if (*buf == '\n') {
			continue;
		}
		buf[s-1] = '\0';

		char *space = strchr(buf, ' ');
		if (!space) {
			fatal(0, "invalid line in config: %s", buf);
		}	

		char *keyword = buf;
		*space = '\0';

		char *principal = space + 1;
		char *cmd = NULL;
		space = strchr(principal, ' ');
		if (space) {
			*space = '\0';
			cmd = space + 1;
		}

		enum permission tmp = eval(keyword, principal, cmd, user, group, command);
		/* only increase, so deny trumps authenticate, which trumps authorize */
		if (tmp > perm) {
			perm = tmp;
		}
	}
	if (s == -1 && ferror(f)) {
		fatal(1, "reading configuration");
	}

	if (buf) {
		free(buf);
	}
	if (f) {
		fclose(f);
	}
	return perm;
}