diff options
Diffstat (limited to '')
-rw-r--r-- | acls.c | 1147 |
1 files changed, 1147 insertions, 0 deletions
@@ -0,0 +1,1147 @@ +/* Copyright (c) 2008, 2009 + * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) + * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de) + * Micah Cowan (micah@cowan.name) + * Sadrul Habib Chowdhury (sadrul@users.sourceforge.net) + * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007 + * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) + * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de) + * Copyright (c) 1987 Oliver Laumann + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING); if not, see + * https://www.gnu.org/licenses/, or contact Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA + * + **************************************************************** + */ + +#include "config.h" + +#include <sys/types.h> + +/* XXX: WHY IS THIS HERE?? :XXX */ + +#ifdef CHECKLOGIN +# ifdef _SEQUENT_ +# include <stdio.h> /* needed by <pwd.h> */ +# endif /* _SEQUENT_ */ +# include <pwd.h> +# ifdef SHADOWPW +# include <shadow.h> +# endif /* SHADOWPW */ +#endif /* CHECKLOGIN */ + +#ifndef NOSYSLOG +# include <syslog.h> +#endif + +#include "screen.h" /* includes acls.h */ +#include "extern.h" + + +/************************************************************************ + * user managing code, this does not really belong into the acl stuff * + ************************************************************************/ + +extern struct comm comms[]; +extern struct win *windows, **wtab; +extern char NullStr[]; +extern char SockPath[]; +extern struct display *display, *displays; +struct acluser *users; + +#ifdef MULTIUSER +int maxusercount = 0; /* used in process.c: RC_MONITOR, RC_SILENCE */ + +/* record given user ids here */ +static AclBits userbits; + +/* + * rights a new unknown user will have on windows and cmds. + * These are changed by a "umask ?-..." command: + */ +static char default_w_bit[ACL_BITS_PER_WIN] = +{ + 1, /* EXEC */ + 1, /* WRITE */ + 1 /* READ */ +}; + +static char default_c_bit[ACL_BITS_PER_CMD] = +{ + 0 /* EXEC */ +}; + +/* rights of all users per newly created window */ +/* + * are now stored per user (umask) + * static AclBits default_w_userbits[ACL_BITS_PER_WIN]; + * static AclBits default_c_userbits[ACL_BITS_PER_CMD]; + */ + +static int GrowBitfield __P((AclBits *, int, int, int)); +static struct aclusergroup **FindGroupPtr __P((struct aclusergroup **, struct acluser *, int)); +static int AclSetPermCmd __P((struct acluser *, char *, struct comm *)); +static int AclSetPermWin __P((struct acluser *, struct acluser *, char *, struct win *)); +static int UserAcl __P((struct acluser *, struct acluser **, int, char **)); +static int UserAclCopy __P((struct acluser **, struct acluser **)); + + +static int +GrowBitfield(bfp, len, delta, defaultbit) +AclBits *bfp; +int len, delta, defaultbit; +{ + AclBits n, o = *bfp; + int i; + + if (!(n = (AclBits)calloc(1, (unsigned long)(&ACLBYTE((char *)0, len + delta + 1))))) + return -1; + for (i = 0; i < (len + delta); i++) + { + if (((i < len) && (ACLBIT(i) & ACLBYTE(o, i))) || + ((i >= len) && (defaultbit))) + ACLBYTE(n, i) |= ACLBIT(i); + } + if (len) + free((char *)o); + *bfp = n; + return 0; +} + +#endif /* MULTIUSER */ + +/* + * Returns an nonzero Address. Its contents is either a User-ptr, + * or NULL which may be replaced by a User-ptr to create the entry. + */ +struct acluser ** +FindUserPtr(name) +char *name; +{ + struct acluser **u; + + for (u = &users; *u; u = &(*u)->u_next) + if (!strcmp((*u)->u_name, name)) + break; +#ifdef MULTIUSER + debug3("FindUserPtr %s %sfound, id %d\n", name, (*u)?"":"not ", + (*u)?(*u)->u_id:-1); +#else /* MULTIUSER */ + debug2("FindUserPtr %s %sfound\n", name, (*u)?"":"not "); +#endif /* MULTIUSER */ + return u; +} + +int DefaultEsc = -1; /* initialised by screen.c:main() */ +int DefaultMetaEsc = -1; + +/* + * Add a new user. His password may be NULL or "" if none. His name must not + * be "none", as this represents the NULL-pointer when dealing with groups. + * He has default rights, determined by umask. + */ +int +UserAdd(name, pass, up) +char *name, *pass; +struct acluser **up; +{ +#ifdef MULTIUSER + int j; +#endif + + if (!up) + up = FindUserPtr(name); + if (*up) + { + if (pass) + (*up)->u_password = SaveStr(pass); + return 1; /* he is already there */ + } + if (strcmp("none", name)) /* "none" is a reserved word */ + *up = (struct acluser *)calloc(1, sizeof(struct acluser)); + if (!*up) + return -1; /* he still does not exist */ +#ifdef COPY_PASTE + (*up)->u_plop.buf = NULL; + (*up)->u_plop.len = 0; +# ifdef ENCODINGS + (*up)->u_plop.enc = 0; +# endif +#endif + (*up)->u_Esc = DefaultEsc; + (*up)->u_MetaEsc = DefaultMetaEsc; + strncpy((*up)->u_name, name, MAXLOGINLEN); + (*up)->u_password = NULL; + if (pass) + (*up)->u_password = SaveStr(pass); + if (!(*up)->u_password) + (*up)->u_password = NullStr; + (*up)->u_detachwin = -1; + (*up)->u_detachotherwin = -1; + +#ifdef MULTIUSER + (*up)->u_group = NULL; + /* now find an unused index */ + for ((*up)->u_id = 0; (*up)->u_id < maxusercount; (*up)->u_id++) + if (!(ACLBIT((*up)->u_id) & ACLBYTE(userbits, (*up)->u_id))) + break; + debug2("UserAdd %s id %d\n", name, (*up)->u_id); + if ((*up)->u_id == maxusercount) + { + int j; + struct win *w; + struct acluser *u; + + debug2("growing all bitfields %d += %d\n", maxusercount, USER_CHUNK); + /* the bitfields are full, grow a chunk */ + /* first, the used_uid_indicator: */ + if (GrowBitfield(&userbits, maxusercount, USER_CHUNK, 0)) + { + free((char *)*up); *up = NULL; return -1; + } + /* second, default command bits */ + /* (only if we generate commands dynamically) */ +/* + for (j = 0; j < ACL_BITS_PER_CMD; j++) + if (GrowBitfield(&default_c_userbits[j], maxusercount, USER_CHUNK, + default_c_bit[j])) + { + free((char *)*up); *up = NULL; return -1; + } +*/ + /* third, the bits for each commands */ + for (j = 0; j <= RC_LAST; j++) + { + int i; + + for (i = 0; i < ACL_BITS_PER_CMD; i++) + if (GrowBitfield(&comms[j].userbits[i], maxusercount, USER_CHUNK, + default_c_bit[i])) + { + free((char *)*up); *up = NULL; return -1; + } + } + /* fourth, default window creation bits per user */ + for (u = users; u != *up; u = u->u_next) + { + for (j = 0; j < ACL_BITS_PER_WIN; j++) + { + if (GrowBitfield(&u->u_umask_w_bits[j], maxusercount, USER_CHUNK, + default_w_bit[j])) + { + free((char *)*up); *up = NULL; return -1; + } + } + } + + /* fifth, the bits for each window */ + /* keep these in sync with NewWindowAcl() */ + for (w = windows; w; w = w->w_next) + { + /* five a: the access control list */ + for (j = 0; j < ACL_BITS_PER_WIN; j++) + if (GrowBitfield(&w->w_userbits[j], maxusercount, USER_CHUNK, + default_w_bit[j])) + { + free((char *)*up); *up = NULL; return -1; + } + /* five b: the activity notify list */ + /* five c: the silence notify list */ + if (GrowBitfield(&w->w_mon_notify, maxusercount, USER_CHUNK, 0) || + GrowBitfield(&w->w_lio_notify, maxusercount, USER_CHUNK, 0)) + { + free((char *)*up); *up = NULL; return -1; + } + } + maxusercount += USER_CHUNK; + } + + /* mark the user-entry as "in-use" */ + ACLBYTE(userbits, (*up)->u_id) |= ACLBIT((*up)->u_id); + + /* user id 0 is the session creator, he has all rights */ + if ((*up)->u_id == 0) + AclSetPerm(NULL, *up, "+a", "#?"); + + /* user nobody has a fixed set of rights: */ + if (!strcmp((*up)->u_name, "nobody")) + { + AclSetPerm(NULL, *up, "-rwx", "#?"); + AclSetPerm(NULL, *up, "+x", "su"); + AclSetPerm(NULL, *up, "+x", "detach"); + AclSetPerm(NULL, *up, "+x", "displays"); + AclSetPerm(NULL, *up, "+x", "version"); + } + + /* + * Create his umask: + * Give default_w_bit's for all users, + * but allow himself everything on "his" windows. + */ + for (j = 0; j < ACL_BITS_PER_WIN; j++) + { + if (GrowBitfield(&(*up)->u_umask_w_bits[j], 0, maxusercount, + default_w_bit[j])) + { + free((char *)*up); *up = NULL; return -1; + } + ACLBYTE((*up)->u_umask_w_bits[j], (*up)->u_id) |= ACLBIT((*up)->u_id); + } +#else /* MULTIUSER */ + debug1("UserAdd %s\n", name); +#endif /* MULTIUSER */ + return 0; +} + +#if 0 +/* change user's password */ +int +UserSetPass(name, pass, up) +char *name, *pass; +struct acluser **up; +{ + if (!up) + up = FindUserPtr(name); + if (!*up) + return UserAdd(name, pass, up); + if (!strcmp(name, "nobody")) /* he remains without password */ + return -1; + strncpy((*up)->u_password, pass ? pass : "", 20); + (*up)->u_password[20] = '\0'; + return 0; +} +#endif + +/* + * Remove a user from the list. + * Destroy all his permissions and completely detach him from the session. + */ +int +UserDel(name, up) +char *name; +struct acluser **up; +{ + struct acluser *u; +#ifdef MULTIUSER + int i; +#endif + struct display *old, *next; + + if (!up) + up = FindUserPtr(name); + if (!(u = *up)) + return -1; /* he who does not exist cannot be removed */ + old = display; + for (display = displays; display; display = next) + { + next = display->d_next; /* read the next ptr now, Detach may zap it. */ + if (D_user != u) + continue; + if (display == old) + old = NULL; + Detach(D_REMOTE); + } + display = old; + *up = u->u_next; + +#ifdef MULTIUSER + for (up = &users; *up; up = &(*up)->u_next) + { + /* unlink all group references to this user */ + struct aclusergroup **g = &(*up)->u_group; + + while (*g) + { + if ((*g)->u == u) + { + struct aclusergroup *next = (*g)->next; + + free((char *)(*g)); + *g = next; + } + else + g = &(*g)->next; + } + } + ACLBYTE(userbits, u->u_id) &= ~ACLBIT(u->u_id); + /* restore the bits in his slot to default: */ + AclSetPerm(NULL, u, default_w_bit[ACL_READ] ? "+r" : "-r", "#"); + AclSetPerm(NULL, u, default_w_bit[ACL_WRITE]? "+w" : "-w", "#"); + AclSetPerm(NULL, u, default_w_bit[ACL_EXEC] ? "+x" : "-x", "#"); + AclSetPerm(NULL, u, default_c_bit[ACL_EXEC] ? "+x" : "-x", "?"); + for (i = 0; i < ACL_BITS_PER_WIN; i++) + free((char *)u->u_umask_w_bits[i]); +#endif /* MULTIUSER */ + debug1("FREEING user structure for %s\n", u->u_name); +#ifdef COPY_PASTE + UserFreeCopyBuffer(u); +#endif + free((char *)u); + if (!users) + { + debug("Last user deleted. Feierabend.\n"); + Finit(0); /* Destroying whole session. Noone could ever attach again. */ + } + return 0; +} + + +#ifdef COPY_PASTE + +/* + * returns 0 if the copy buffer was really deleted. + * Also removes any references into the users copybuffer + */ +int +UserFreeCopyBuffer(u) +struct acluser *u; +{ + struct win *w; + struct paster *pa; + + if (!u->u_plop.buf) + return 1; + for (w = windows; w; w = w->w_next) + { + pa = &w->w_paster; + if (pa->pa_pasteptr >= u->u_plop.buf && + pa->pa_pasteptr - u->u_plop.buf < u->u_plop.len) + FreePaster(pa); + } + free((char *)u->u_plop.buf); + u->u_plop.len = 0; + u->u_plop.buf = 0; + return 0; +} +#endif /* COPY_PASTE */ + +#ifdef MULTIUSER +/* + * Traverses group nodes. It searches for a node that references user u. + * If recursive is true, nodes found in the users are also searched using + * depth first method. If none of the nodes references u, the address of + * the last next pointer is returned. This address will contain NULL. + */ +static struct aclusergroup ** +FindGroupPtr(gp, u, recursive) +struct aclusergroup **gp; +struct acluser *u; +int recursive; +{ + struct aclusergroup **g; + + ASSERT(recursive < 1000); /* Ouch, cycle detection failed */ + while (*gp) + { + if ((*gp)->u == u) + return gp; /* found him here. */ + if (recursive && + *(g = FindGroupPtr(&(*gp)->u->u_group, u, recursive + 1))) + return g; /* found him there. */ + gp = &(*gp)->next; + } + return gp; /* *gp is NULL */ +} + +static int +PasswordMatches(pw, password) +const char *pw, *password; +{ + if (!*password) + return 0; + char *buf = crypt((char *)pw, (char *)password); + return (buf && !strcmp(buf, password)); +} + +/* + * Returns nonzero if failed or already linked. + * Both users are created on demand. + * Cyclic links are prevented. + */ +int +AclLinkUser(from, to) +char *from, *to; +{ + struct acluser **u1, **u2; + struct aclusergroup **g; + + if (!*(u1 = FindUserPtr(from)) && UserAdd(from, NULL, u1)) + return -1; + if (!*(u2 = FindUserPtr(to)) && UserAdd(to, NULL, u2)) + return -1; /* hmm, could not find both users. */ + + if (*FindGroupPtr(&(*u2)->u_group, *u1, 1)) + return 1; /* cyclic link detected! */ + if (*(g = FindGroupPtr(&(*u1)->u_group, *u2, 0))) + return 2; /* aha, we are already linked! */ + + if (!(*g = (struct aclusergroup *)malloc(sizeof(struct aclusergroup)))) + return -1; /* Could not alloc link. Poor screen */ + (*g)->u = (*u2); + (*g)->next = NULL; + return 0; +} + +/* + * The user pointer stored at *up will be substituted by a pointer + * to the named user's structure, if passwords match. + * returns NULL if successfull, an static error string otherwise + */ +char * +DoSu(up, name, pw1, pw2) +struct acluser **up; +char *name, *pw1, *pw2; +{ + struct acluser *u; + int sorry = 0; + + if (!(u = *FindUserPtr(name))) + sorry++; + else + { +#ifdef CHECKLOGIN + struct passwd *pp; +#ifdef SHADOWPW + struct spwd *ss; + int t, c; +#endif + char *pass = ""; + + if (!(pp = getpwnam(name))) + { + debug1("getpwnam(\"%s\") failed\n", name); + if (!(pw1 && *pw1 && *pw1 != '\377')) + { + debug("no unix account, no screen passwd\n"); + sorry++; + } + } + else + pass = pp->pw_passwd; +#ifdef SHADOWPW + for (t = 0; t < 13; t++) + { + c = pass[t]; + if (!(c == '.' || c == '/' || + (c >= '0' && c <= '9') || + (c >= 'a' && c <= 'z') || + (c >= 'A' && c <= 'Z'))) + break; + } + if (t < 13) + { + if (!(ss = getspnam(name))) + { + debug1("getspnam(\"%s\") failed\n", name); + sorry++; + } + else + pass = ss->sp_pwdp; + } +#endif /* SHADOWPW */ + + if (pw2 && *pw2 && *pw2 != '\377') /* provided a system password */ + { + if (!PasswordMatches(pw2, pass)) + { + debug("System password mismatch\n"); + sorry++; + } + } + else /* no pasword provided */ + if (*pass) /* but need one */ + sorry++; +#endif /* CHECKLOGIN */ + if (pw1 && *pw1 && *pw1 != '\377') /* provided a screen password */ + { + if (!PasswordMatches(pw1, u->u_password)) + { + debug("screen password mismatch\n"); + sorry++; + } + } + else /* no pasword provided */ + if (*u->u_password) /* but need one */ + sorry++; + } + + debug2("syslog(LOG_NOTICE, \"screen %s: \"su %s\" ", SockPath, name); + debug2("%s for \"%s\"\n", sorry ? "failed" : "succeeded", (*up)->u_name); +#ifndef NOSYSLOG +# ifdef BSD_42 + openlog("screen", LOG_PID); +# else + openlog("screen", LOG_PID, LOG_AUTH); +# endif /* BSD_42 */ + syslog(LOG_NOTICE, "%s: \"su %s\" %s for \"%s\"", SockPath, name, + sorry ? "failed" : "succeeded", (*up)->u_name); + closelog(); +#else + debug("NOT LOGGED.\n"); +#endif /* NOSYSLOG */ + + if (sorry) + return "Sorry."; + else + *up = u; /* substitute user now */ + return NULL; +} +#endif /* MULTIUSER */ + +/************************************************************************ + * end of user managing code * + ************************************************************************/ + + +#ifdef MULTIUSER + +/* This gives the users default rights to the new window w created by u */ +int +NewWindowAcl(w, u) +struct win *w; +struct acluser *u; +{ + int i, j; + + debug2("NewWindowAcl %s's umask_w_bits for window %d\n", + u ? u->u_name : "everybody", w->w_number); + + /* keep these in sync with UserAdd part five. */ + if (GrowBitfield(&w->w_mon_notify, 0, maxusercount, 0) || + GrowBitfield(&w->w_lio_notify, 0, maxusercount, 0)) + return -1; + for (j = 0; j < ACL_BITS_PER_WIN; j++) + { + /* we start with len 0 for the new bitfield size and add maxusercount */ + if (GrowBitfield(&w->w_userbits[j], 0, maxusercount, 0)) + { + while (--j >= 0) + free((char *)w->w_userbits[j]); + free((char *)w->w_mon_notify); + free((char *)w->w_lio_notify); + return -1; + } + for (i = 0; i < maxusercount; i++) + if (u ? (ACLBIT(i) & ACLBYTE(u->u_umask_w_bits[j], i)) : + default_w_bit[j]) + ACLBYTE(w->w_userbits[j], i) |= ACLBIT(i); + } + return 0; +} + +void +FreeWindowAcl(w) +struct win *w; +{ + int i; + + for (i = 0; i < ACL_BITS_PER_WIN; i++) + free((char *)w->w_userbits[i]); + free((char *)w->w_mon_notify); + free((char *)w->w_lio_notify); +} + + +/* if mode starts with '-' we remove the users exec bit for cmd */ +/* + * NOTE: before you make this function look the same as + * AclSetPermWin, try to merge both functions. + */ +static int +AclSetPermCmd(u, mode, cmd) +struct acluser *u; +char *mode; +struct comm *cmd; +{ + int neg = 0; + char *m = mode; + + while (*m) + { + switch (*m++) + { + case '-': + neg = 1; + continue; + case '+': + neg = 0; + continue; + case 'a': + case 'e': + case 'x': +/* debug3("AclSetPermCmd %s %s %s\n", u->u_name, mode, cmd->name); */ + if (neg) + ACLBYTE(cmd->userbits[ACL_EXEC], u->u_id) &= ~ACLBIT(u->u_id); + else + ACLBYTE(cmd->userbits[ACL_EXEC], u->u_id) |= ACLBIT(u->u_id); + break; + case 'r': + case 'w': + break; + default: + return -1; + } + } + return 0; +} + +/* mode strings of the form +rwx -w+rx r -wx are parsed and evaluated */ +/* + * aclchg nerd -w+w 2 + * releases a writelock on window 2 held by user nerd. + * Letter n allows network access on a window. + * uu should be NULL, except if you want to change his umask. + */ +static int +AclSetPermWin(uu, u, mode, win) +struct acluser *u, *uu; +char *mode; +struct win *win; +{ + int neg = 0; + int bit, bits; + AclBits *bitarray; + char *m = mode; + + if (uu) + { + debug3("AclSetPermWin %s UMASK %s %s\n", uu->u_name, u->u_name, mode); + bitarray = uu->u_umask_w_bits; + } + else + { + ASSERT(win); + bitarray = win->w_userbits; + debug3("AclSetPermWin %s %s %d\n", u->u_name, mode, win->w_number); + } + + while (*m) + { + switch (*m++) + { + case '-': + neg = 1; + continue; + case '+': + neg = 0; + continue; + case 'r': + bits = (1 << ACL_READ); + break; + case 'w': + bits = (1 << ACL_WRITE); + break; + case 'x': + bits = (1 << ACL_EXEC); + break; + case 'a': + bits = (1 << ACL_BITS_PER_WIN) - 1; + break; + default: + return -1; + } + for (bit = 0; bit < ACL_BITS_PER_WIN; bit++) + { + if (!(bits & (1 << bit))) + continue; + if (neg) + ACLBYTE(bitarray[bit], u->u_id) &= ~ACLBIT(u->u_id); + else + ACLBYTE(bitarray[bit], u->u_id) |= ACLBIT(u->u_id); + if (!uu && (win->w_wlockuser == u) && neg && (bit == ACL_WRITE)) + { + debug2("%s lost writelock on win %d\n", u->u_name, win->w_number); + win->w_wlockuser = NULL; + if (win->w_wlock == WLOCK_ON) + win->w_wlock = WLOCK_AUTO; + } + } + } + if (uu && u->u_name[0] == '?' && u->u_name[1] == '\0') + { + /* + * It is Mr. '?', the unknown user. He deserves special treatment as + * he defines the defaults. Sorry, this is global, not per user. + */ + if (win) + { + debug1("AclSetPermWin: default_w_bits '%s'.\n", mode); + for (bit = 0; bit < ACL_BITS_PER_WIN; bit++) + default_w_bit[bit] = + (ACLBYTE(bitarray[bit], u->u_id) & ACLBIT(u->u_id)) ? 1 : 0; + } + else + { + /* + * Hack. I do not want to duplicate all the above code for + * AclSetPermCmd. This asumes that there are not more bits + * per cmd than per win. + */ + debug1("AclSetPermWin: default_c_bits '%s'.\n", mode); + for (bit = 0; bit < ACL_BITS_PER_CMD; bit++) + default_c_bit[bit] = + (ACLBYTE(bitarray[bit], u->u_id) & ACLBIT(u->u_id)) ? 1 : 0; + } + UserDel(u->u_name, NULL); + } + return 0; +} + +/* + * String is broken down into comand and window names, mode applies + * A command name matches first, so do not use these as window names. + * uu should be NULL, except if you want to change his umask. + */ +int +AclSetPerm(uu, u, mode, s) +struct acluser *uu, *u; +char *mode, *s; +{ + struct win *w; + int i; + char *p, ch; + + debug3("AclSetPerm(uu, user '%s', mode '%s', object '%s')\n", + u->u_name, mode, s); + while (*s) + { + switch (*s) + { + case '*': /* all windows and all commands */ + return AclSetPerm(uu, u, mode, "#?"); + case '#': + if (uu) /* window umask or .. */ + AclSetPermWin(uu, u, mode, (struct win *)1); + else /* .. or all windows */ + for (w = windows; w; w = w->w_next) + AclSetPermWin((struct acluser *)0, u, mode, w); + s++; + break; + case '?': + if (uu) /* command umask or .. */ + AclSetPermWin(uu, u, mode, (struct win *)0); + else /* .. or all commands */ + for (i = 0; i <= RC_LAST; i++) + AclSetPermCmd(u, mode, &comms[i]); + s++; + break; + default: + for (p = s; *p && *p != ' ' && *p != '\t' && *p != ','; p++) + ; + if ((ch = *p)) + *p++ = '\0'; + if ((i = FindCommnr(s)) != RC_ILLEGAL) + AclSetPermCmd(u, mode, &comms[i]); + else if (((i = WindowByNoN(s)) >= 0) && wtab[i]) + AclSetPermWin((struct acluser *)0, u, mode, wtab[i]); + else + /* checking group name */ + return -1; + if (ch) + p[-1] = ch; + s = p; + } + } + return 0; +} + +/* + * Generic ACL Manager: + * + * This handles acladd and aclchg identical. + * With 2 or 4 parameters, the second parameter is a password. + * With 3 or 4 parameters the last two parameters specify the permissions + * else user is added with full permissions. + * With 1 parameter the users permissions are copied from user *argv. + * Unlike the other cases, u->u_name should not match *argv here. + * uu should be NULL, except if you want to change his umask. + */ +static int +UserAcl(uu, u, argc, argv) +struct acluser *uu, **u; +int argc; +char **argv; +{ + if ((*u && !strcmp((*u)->u_name, "nobody")) || + (argc > 1 && !strcmp(argv[0], "nobody"))) + return -1; /* do not change nobody! */ + + switch (argc) + { + case 1+1+2: + debug2("UserAcl: user '%s', password '%s':", argv[0], argv[1]); + return (UserAdd(argv[0], argv[1], u) < 0) || + AclSetPerm(uu, *u, argv[2], argv[3]); + case 1+2: + debug1("UserAcl: user '%s', no password:", argv[0]); + return (UserAdd(argv[0], NULL, u) < 0) || + AclSetPerm(uu, *u, argv[1], argv[2]); + case 1+1: + debug2("UserAcl: user '%s', password '%s'\n", argv[0], argv[1]); + return UserAdd(argv[0], argv[1], u) < 0; + case 1: + debug1("UserAcl: user '%s', no password:", argv[0]); + return (UserAdd(argv[0], NULL, u) < 0) || + AclSetPerm(uu, *u, "+a", "#?"); + default: + return -1; + } +} + +static int +UserAclCopy(to_up, from_up) +struct acluser **to_up, **from_up; +{ + struct win *w; + int i, j, to_id, from_id; + + if (!*to_up || !*from_up) + return -1; + debug2("UserAclCopy: from user '%s' to user '%s'\n", + (*from_up)->u_name, (*to_up)->u_name); + if ((to_id = (*to_up)->u_id) == (from_id = (*from_up)->u_id)) + return -1; + for (w = windows; w; w = w->w_next) + { + for (i = 0; i < ACL_BITS_PER_WIN; i++) + { + if (ACLBYTE(w->w_userbits[i], from_id) & ACLBIT(from_id)) + ACLBYTE(w->w_userbits[i], to_id) |= ACLBIT(to_id); + else + { + ACLBYTE(w->w_userbits[i], to_id) &= ~ACLBIT(to_id); + if ((w->w_wlockuser == *to_up) && (i == ACL_WRITE)) + { + debug2("%s lost wlock on win %d\n", + (*to_up)->u_name, w->w_number); + w->w_wlockuser = NULL; + if (w->w_wlock == WLOCK_ON) + w->w_wlock = WLOCK_AUTO; + } + } + } + } + for (j = 0; j <= RC_LAST; j++) + { + for (i = 0; i < ACL_BITS_PER_CMD; i++) + { + if (ACLBYTE(comms[j].userbits[i], from_id) & ACLBIT(from_id)) + ACLBYTE(comms[j].userbits[i], to_id) |= ACLBIT(to_id); + else + ACLBYTE(comms[j].userbits[i], to_id) &= ~ACLBIT(to_id); + } + } + + return 0; +} + +/* + * Syntax: + * user [password] [+rwx #?] + * * [password] [+rwx #?] + * user1,user2,user3 [password] [+rwx #?] + * user1,user2,user3=user + * uu should be NULL, except if you want to change his umask. + */ +int +UsersAcl(uu, argc, argv) +struct acluser *uu; +int argc; +char **argv; +{ + char *s; + int r; + struct acluser **cf_u = NULL; + + if (argc == 1) + { + char *p = NULL; + + s = argv[0]; + while (*s) + if (*s++ == '=') p = s; + if (p) + { + p[-1] = '\0'; + cf_u = FindUserPtr(p); + } + } + + if (argv[0][0] == '*' && argv[0][1] == '\0') + { + struct acluser **u; + + debug("all users acls.\n"); + for (u = &users; *u; u = &(*u)->u_next) + if (strcmp("nobody", (*u)->u_name) && + ((cf_u) ? + ((r = UserAclCopy(u, cf_u)) < 0) : + ((r = UserAcl(uu, u, argc, argv)) < 0))) + return -1; + return 0; + } + + do + { + for (s = argv[0]; *s && *s!=' ' && *s!='\t' && *s!=',' && *s!='='; s++) + ; + *s ? (*s++ = '\0') : (*s = '\0'); + debug2("UsersAcl(uu, \"%s\", argc=%d)\n", argv[0], argc); + if ((cf_u) ? + ((r = UserAclCopy(FindUserPtr(argv[0]), cf_u)) < 0) : + ((r = UserAcl(uu, FindUserPtr(argv[0]), argc, argv)) < 0)) + return -1; + } while (*(argv[0] = s)); + return 0; +} + +/* + * Preprocess argments, so that umask can be set with UsersAcl + * + * all current users umask ±rwxn + * one specific user umask user1±rwxn + * several users umask user1,user2,...±rwxn + * default_w_bits umask ?±rwxn + * default_c_bits umask ??±rwxn + */ +int +AclUmask(u, str, errp) +struct acluser *u; +char *str; +char **errp; +{ + char mode[16]; + char *av[3]; + char *p, c = '\0'; + + /* split str into user and bits section. */ + for (p = str; *p; p++) + if ((c = *p) == '+' || c == '-') + break; + if (!*p) + { + *errp = "Bad argument. Should be ``[user[,user...]{+|-}rwxn''."; + return -1; + } + strncpy(mode, p, 15); + mode[15] = '\0'; + *p = '\0'; + + /* construct argument vector */ + if (!strcmp("??", str)) + { + str++; + av[2] = "?"; + } + else + av[2] = "#"; + av[1] = mode; + av[0] = *str ? str : "*"; + /* call UsersAcl */ + if (UsersAcl(u, 3, av)) + { + *errp = "UsersAcl failed. Hmmm."; + *p = c; + return -1; + } + *p = c; + return 0; +} + +void +AclWinSwap(a, b) +int a, b; +{ + debug2("AclWinSwap(%d, %d) NOP.\n", a, b); +} + +struct acluser *EffectiveAclUser = NULL; /* hook for AT command permission */ + +int +AclCheckPermWin(u, mode, w) +struct acluser *u; +int mode; +struct win *w; +{ + int ok; + + if (mode < 0 || mode >= ACL_BITS_PER_WIN) + return -1; + if (EffectiveAclUser) + { + debug1("AclCheckPermWin: WARNING user %s overridden!\n", u->u_name); + u = EffectiveAclUser; + } + ok = ACLBYTE(w->w_userbits[mode], u->u_id) & ACLBIT(u->u_id); + debug3("AclCheckPermWin(%s, %d, %d) = ", u->u_name, mode, w->w_number); + + if (!ok) + { + struct aclusergroup **g = &u->u_group; + struct acluser *saved_eff = EffectiveAclUser; + + EffectiveAclUser = NULL; + while (*g) + { + if (!AclCheckPermWin((*g)->u, mode, w)) + break; + g = &(*g)->next; + } + EffectiveAclUser = saved_eff; + if (*g) + ok = 1; + } + debug1("%d\n", !ok); + return !ok; +} + +int +AclCheckPermCmd(u, mode, c) +struct acluser *u; +int mode; +struct comm *c; +{ + int ok; + + if (mode < 0 || mode >= ACL_BITS_PER_CMD) + return -1; + if (EffectiveAclUser) + { + debug1("AclCheckPermCmd: WARNING user %s overridden!\n", u->u_name); + u = EffectiveAclUser; + } + ok = ACLBYTE(c->userbits[mode], u->u_id) & ACLBIT(u->u_id); + debug3("AclCheckPermCmd(%s %d %s) = ", u->u_name, mode, c->name); + if (!ok) + { + struct aclusergroup **g = &u->u_group; + struct acluser *saved_eff = EffectiveAclUser; + + EffectiveAclUser = NULL; + while (*g) + { + if (!AclCheckPermCmd((*g)->u, mode, c)) + break; + g = &(*g)->next; + } + EffectiveAclUser = saved_eff; + if (*g) + ok = 1; + } + debug1("%d\n", !ok); + return !ok; +} + +#endif /* MULTIUSER */ |