S32 LLInventoryItem::packBinaryBucket(U8* bin_bucket, LLPermissions* perm_override) const
{
// Figure out which permissions to use.
LLPermissions perm;
if (perm_override)
{
// Use the permissions override.
perm = *perm_override;
}
else
{
// Use the current permissions.
perm = getPermissions();
}
// describe the inventory item
char* buffer = (char*) bin_bucket;
std::string creator_id_str;
perm.getCreator().toString(creator_id_str);
std::string owner_id_str;
perm.getOwner().toString(owner_id_str);
std::string last_owner_id_str;
perm.getLastOwner().toString(last_owner_id_str);
std::string group_id_str;
perm.getGroup().toString(group_id_str);
std::string asset_id_str;
getAssetUUID().toString(asset_id_str);
S32 size = sprintf(buffer, /* Flawfinder: ignore */
"%d|%d|%s|%s|%s|%s|%s|%x|%x|%x|%x|%x|%s|%s|%d|%d|%x",
getType(),
getInventoryType(),
getName().c_str(),
creator_id_str.c_str(),
owner_id_str.c_str(),
last_owner_id_str.c_str(),
group_id_str.c_str(),
perm.getMaskBase(),
perm.getMaskOwner(),
perm.getMaskGroup(),
perm.getMaskEveryone(),
perm.getMaskNextOwner(),
asset_id_str.c_str(),
getDescription().c_str(),
getSaleInfo().getSaleType(),
getSaleInfo().getSalePrice(),
getFlags()) + 1;
return size;
}
int WsUser::writeFile(const std::string path, const std::string& text){
int ret = getPermissions(path);
if(ret == ErrorCode::NotFound)
return ret;
if(ret != GlobalConfig::ReadWrite)
return ErrorCode::NoAccess;
ofstream myfile;
std::string p = getRootPath() + "/"+path;
myfile.open (p.c_str());
if(myfile.is_open()){
myfile << text;
myfile.close();
return ErrorCode::Success;
}
return ErrorCode::Failure;
}
void getInfo()
{
struct passwd *pw;
struct group *gr;
struct stat st;
struct hostent *ht;
struct utsname un;
char *user;
char permissions[9];
char hostname[1024];
user = getenv("USER");
char lastChar = user[strlen(user) - 1];
pw = getpwnam(user);
gr = getgrgid(pw->pw_gid);
uname(&un);
stat(pw->pw_dir, &st);
gethostname(hostname, 1024);
getPermissions(permissions, st.st_mode);
printf("\nAbout Me\n");
printf("========\n\n");
printf("Unix User : %s (%d)\n", pw->pw_name, pw->pw_uid);
printf("Name : %s\n", pw->pw_gecos);
printf("Unix Group : %s (%d)\n", gr->gr_name, gr->gr_gid);
printf("Unix Home : %s\n", pw->pw_dir);
printf("Home Permission : %s\n", permissions);
printf("Login Shell : %s\n", pw->pw_shell);
findAge();
printf("\nOther users that end with '%c':\n ", lastChar);
printOthers(lastChar, gr->gr_mem);
printf("\nAbout My Machine\n");
printf("================\n\n");
printf("host : %s\n", hostname);
printf("System : %s %s\n", un.sysname, un.release);
}
string WebUser::getPermissionsStr() const noexcept {
return Util::toString(",", getPermissions());
}
/**
*
* Make sure that we are allowed to do what we do by checking the permissions and the selective sync list
*
*/
void SyncEngine::checkForPermission()
{
auto selectiveSyncBlackList = _journal->getSelectiveSyncList(SyncJournalDb::SelectiveSyncBlackList);
std::sort(selectiveSyncBlackList.begin(), selectiveSyncBlackList.end());
for (SyncFileItemVector::iterator it = _syncedItems.begin(); it != _syncedItems.end(); ++it) {
if ((*it)->_direction != SyncFileItem::Up) {
// Currently we only check server-side permissions
continue;
}
// Do not propagate anything in the server if it is in the selective sync blacklist
const QString path = (*it)->destination() + QLatin1Char('/');
if (std::binary_search(selectiveSyncBlackList.constBegin(), selectiveSyncBlackList.constEnd(),
path)) {
(*it)->_instruction = CSYNC_INSTRUCTION_IGNORE;
(*it)->_status = SyncFileItem::FileIgnored;
(*it)->_errorString = tr("Ignored because of the \"choose what to sync\" blacklist");
if ((*it)->_isDirectory) {
for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) {
it = it_next;
(*it)->_instruction = CSYNC_INSTRUCTION_IGNORE;
(*it)->_status = SyncFileItem::FileIgnored;
(*it)->_errorString = tr("Ignored because of the \"choose what to sync\" blacklist");
}
}
continue;
}
switch((*it)->_instruction) {
case CSYNC_INSTRUCTION_NEW: {
int slashPos = (*it)->_file.lastIndexOf('/');
QString parentDir = slashPos <= 0 ? "" : (*it)->_file.mid(0, slashPos);
const QByteArray perms = getPermissions(parentDir);
if (perms.isNull()) {
// No permissions set
break;
} else if ((*it)->_isDirectory && !perms.contains("K")) {
qDebug() << "checkForPermission: ERROR" << (*it)->_file;
(*it)->_instruction = CSYNC_INSTRUCTION_ERROR;
(*it)->_status = SyncFileItem::NormalError;
(*it)->_errorString = tr("Not allowed because you don't have permission to add subfolders to that folder");
for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) {
it = it_next;
(*it)->_instruction = CSYNC_INSTRUCTION_ERROR;
(*it)->_status = SyncFileItem::NormalError;
(*it)->_errorString = tr("Not allowed because you don't have permission to add parent folder");
}
} else if (!(*it)->_isDirectory && !perms.contains("C")) {
qDebug() << "checkForPermission: ERROR" << (*it)->_file;
(*it)->_instruction = CSYNC_INSTRUCTION_ERROR;
(*it)->_status = SyncFileItem::NormalError;
(*it)->_errorString = tr("Not allowed because you don't have permission to add files in that folder");
}
break;
}
case CSYNC_INSTRUCTION_SYNC: {
const QByteArray perms = getPermissions((*it)->_file);
if (perms.isNull()) {
// No permissions set
break;
} if (!(*it)->_isDirectory && !perms.contains("W")) {
qDebug() << "checkForPermission: RESTORING" << (*it)->_file;
(*it)->_should_update_metadata = true;
(*it)->_instruction = CSYNC_INSTRUCTION_CONFLICT;
(*it)->_direction = SyncFileItem::Down;
(*it)->_isRestoration = true;
// take the things to write to the db from the "other" node (i.e: info from server)
(*it)->_modtime = (*it)->log._other_modtime;
(*it)->_size = (*it)->log._other_size;
(*it)->_fileId = (*it)->log._other_fileId;
(*it)->_etag = (*it)->log._other_etag;
(*it)->_errorString = tr("Not allowed to upload this file because it is read-only on the server, restoring");
continue;
}
break;
}
case CSYNC_INSTRUCTION_REMOVE: {
const QByteArray perms = getPermissions((*it)->_file);
if (perms.isNull()) {
// No permissions set
break;
}
if (!perms.contains("D")) {
qDebug() << "checkForPermission: RESTORING" << (*it)->_file;
(*it)->_should_update_metadata = true;
(*it)->_instruction = CSYNC_INSTRUCTION_NEW;
(*it)->_direction = SyncFileItem::Down;
(*it)->_isRestoration = true;
(*it)->_errorString = tr("Not allowed to remove, restoring");
if ((*it)->_isDirectory) {
// restore all sub items
for (SyncFileItemVector::iterator it_next = it + 1;
it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) {
it = it_next;
if ((*it)->_instruction != CSYNC_INSTRUCTION_REMOVE) {
qWarning() << "non-removed job within a removed folder"
<< (*it)->_file << (*it)->_instruction;
continue;
}
qDebug() << "checkForPermission: RESTORING" << (*it)->_file;
(*it)->_should_update_metadata = true;
(*it)->_instruction = CSYNC_INSTRUCTION_NEW;
(*it)->_direction = SyncFileItem::Down;
(*it)->_isRestoration = true;
(*it)->_errorString = tr("Not allowed to remove, restoring");
}
}
} else if(perms.contains("S") && perms.contains("D")) {
// this is a top level shared dir which can be removed to unshare it,
// regardless if it is a read only share or not.
// To avoid that we try to restore files underneath this dir which have
// not delete permission we fast forward the iterator and leave the
// delete jobs intact. It is not physically tried to remove this files
// underneath, propagator sees that.
if( (*it)->_isDirectory ) {
// put a more descriptive message if a top level share dir really is removed.
if( it == _syncedItems.begin() || !(path.startsWith((*(it-1))->_file)) ) {
(*it)->_errorString = tr("Local files and share folder removed.");
}
for (SyncFileItemVector::iterator it_next = it + 1;
it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) {
it = it_next;
}
}
}
break;
}
case CSYNC_INSTRUCTION_RENAME: {
int slashPos = (*it)->_renameTarget.lastIndexOf('/');
const QString parentDir = slashPos <= 0 ? "" : (*it)->_renameTarget.mid(0, slashPos);
const QByteArray destPerms = getPermissions(parentDir);
const QByteArray filePerms = getPermissions((*it)->_file);
//true when it is just a rename in the same directory. (not a move)
bool isRename = (*it)->_file.startsWith(parentDir) && (*it)->_file.lastIndexOf('/') == slashPos;
// Check if we are allowed to move to the destination.
bool destinationOK = true;
if (isRename || destPerms.isNull()) {
// no need to check for the destination dir permission
destinationOK = true;
} else if ((*it)->_isDirectory && !destPerms.contains("K")) {
destinationOK = false;
} else if (!(*it)->_isDirectory && !destPerms.contains("C")) {
destinationOK = false;
}
// check if we are allowed to move from the source
bool sourceOK = true;
if (!filePerms.isNull()
&& ((isRename && !filePerms.contains("N"))
|| (!isRename && !filePerms.contains("V")))) {
// We are not allowed to move or rename this file
sourceOK = false;
if (filePerms.contains("D") && destinationOK) {
// but we are allowed to delete it
// TODO! simulate delete & upload
}
}
#if 0 /* We don't like the idea of renaming behind user's back, as the user may be working with the files */
if (!sourceOK && !destinationOK) {
// Both the source and the destination won't allow move. Move back to the original
std::swap((*it)->_file, (*it)->_renameTarget);
(*it)->_direction = SyncFileItem::Down;
(*it)->_errorString = tr("Move not allowed, item restored");
(*it)->_isRestoration = true;
qDebug() << "checkForPermission: MOVING BACK" << (*it)->_file;
} else
#endif
if (!sourceOK || !destinationOK) {
// One of them is not possible, just throw an error
(*it)->_instruction = CSYNC_INSTRUCTION_ERROR;
(*it)->_status = SyncFileItem::NormalError;
const QString errorString = tr("Move not allowed because %1 is read-only").arg(
sourceOK ? tr("the destination") : tr("the source"));
(*it)->_errorString = errorString;
qDebug() << "checkForPermission: ERROR MOVING" << (*it)->_file << errorString;
// Avoid a rename on next sync:
// TODO: do the resolution now already so we don't need two sync
// At this point we would need to go back to the propagate phase on both remote to take
// the decision.
_journal->avoidRenamesOnNextSync((*it)->_file);
_anotherSyncNeeded = true;
if ((*it)->_isDirectory) {
for (SyncFileItemVector::iterator it_next = it + 1;
it_next != _syncedItems.end() && (*it_next)->destination().startsWith(path); ++it_next) {
it = it_next;
(*it)->_instruction = CSYNC_INSTRUCTION_ERROR;
(*it)->_status = SyncFileItem::NormalError;
(*it)->_errorString = errorString;
qDebug() << "checkForPermission: ERROR MOVING" << (*it)->_file;
}
}
}
break;
}
default:
break;
}
}
}
void SyncEngine::checkForPermission()
{
for (SyncFileItemVector::iterator it = _syncedItems.begin(); it != _syncedItems.end(); ++it) {
if (it->_direction != SyncFileItem::Up) {
// Currently we only check server-side permissions
continue;
}
switch(it->_instruction) {
case CSYNC_INSTRUCTION_NEW: {
int slashPos = it->_file.lastIndexOf('/');
QString parentDir = slashPos <= 0 ? "" : it->_file.mid(0, slashPos);
const QByteArray perms = getPermissions(parentDir);
if (perms.isNull()) {
// No permissions set
break;
} else if (it->_isDirectory && !perms.contains("K")) {
qDebug() << "checkForPermission: ERROR" << it->_file;
it->_instruction = CSYNC_INSTRUCTION_ERROR;
it->_status = SyncFileItem::NormalError;
it->_errorString = tr("Not allowed because you don't have permission to add sub-directories in that directory");
const QString path = it->_file + QLatin1Char('/');
for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && it_next->_file.startsWith(path); ++it_next) {
it = it_next;
it->_instruction = CSYNC_INSTRUCTION_ERROR;
it->_status = SyncFileItem::NormalError;
it->_errorString = tr("Not allowed because you don't have permission to add parent directory");
}
} else if (!it->_isDirectory && !perms.contains("C")) {
qDebug() << "checkForPermission: ERROR" << it->_file;
it->_instruction = CSYNC_INSTRUCTION_ERROR;
it->_status = SyncFileItem::NormalError;
it->_errorString = tr("Not allowed because you don't have permission to add files in that directory");
}
break;
}
case CSYNC_INSTRUCTION_SYNC: {
const QByteArray perms = getPermissions(it->_file);
if (perms.isNull()) {
// No permissions set
break;
} if (!it->_isDirectory && !perms.contains("W")) {
qDebug() << "checkForPermission: RESTORING" << it->_file;
it->_instruction = CSYNC_INSTRUCTION_CONFLICT;
it->_direction = SyncFileItem::Down;
it->_isRestoration = true;
// take the things to write to the db from the "other" node (i.e: info from server)
it->_modtime = it->log._other_modtime;
it->_fileId = it->log._other_fileId;
it->_etag = it->log._other_etag;
it->_errorString = tr("Not allowed to upload this file because it is read-only on the server, restoring");
continue;
}
break;
}
case CSYNC_INSTRUCTION_REMOVE: {
const QByteArray perms = getPermissions(it->_file);
if (perms.isNull()) {
// No permissions set
break;
} if (!perms.contains("D")) {
qDebug() << "checkForPermission: RESTORING" << it->_file;
it->_instruction = CSYNC_INSTRUCTION_NEW;
it->_direction = SyncFileItem::Down;
it->_isRestoration = true;
it->_errorString = tr("Not allowed to remove, restoring");
if (it->_isDirectory) {
// restore all sub items
const QString path = it->_file + QLatin1Char('/');
for (SyncFileItemVector::iterator it_next = it + 1;
it_next != _syncedItems.end() && it_next->_file.startsWith(path); ++it_next) {
it = it_next;
if (it->_instruction != CSYNC_INSTRUCTION_REMOVE) {
qWarning() << "non-removed job within a removed directory"
<< it->_file << it->_instruction;
continue;
}
qDebug() << "checkForPermission: RESTORING" << it->_file;
it->_instruction = CSYNC_INSTRUCTION_NEW;
it->_direction = SyncFileItem::Down;
it->_isRestoration = true;
it->_errorString = tr("Not allowed to remove, restoring");
}
}
}
break;
}
case CSYNC_INSTRUCTION_RENAME: {
int slashPos = it->_renameTarget.lastIndexOf('/');
const QString parentDir = slashPos <= 0 ? "" : it->_renameTarget.mid(0, slashPos-1);
const QByteArray destPerms = getPermissions(parentDir);
const QByteArray filePerms = getPermissions(it->_file);
//true when it is just a rename in the same directory. (not a move)
bool isRename = it->_file.startsWith(parentDir) && it->_file.lastIndexOf('/') == slashPos;
// Check if we are allowed to move to the destination.
bool destinationOK = true;
if (isRename || destPerms.isNull()) {
// no need to check for the destination dir permission
destinationOK = true;
} else if (it->_isDirectory && !destPerms.contains("K")) {
destinationOK = false;
} else if (!it->_isDirectory && !destPerms.contains("C")) {
destinationOK = false;
}
// check if we are allowed to move from the source
bool sourceOK = true;
if (!filePerms.isNull()
&& ((isRename && !filePerms.contains("N"))
|| (!isRename && !filePerms.contains("M")))) {
// We are not allowed to move or rename this file
sourceOK = false;
if (filePerms.contains("D") && destinationOK) {
// but we are allowed to delete it
// TODO! simulate delete & upload
}
}
if (!sourceOK && !destinationOK) {
// Both the source and the destination won't allow move. Move back to the original
std::swap(it->_file, it->_renameTarget);
it->_direction = SyncFileItem::Down;
it->_errorString = tr("Move not allowed, item restored");
it->_isRestoration = true;
qDebug() << "checkForPermission: MOVING BACK" << it->_file;
} else if (!sourceOK || !destinationOK) {
// One of them is not possible, just throw an error
it->_instruction = CSYNC_INSTRUCTION_ERROR;
it->_status = SyncFileItem::NormalError;
const QString errorString = tr("Move not allowed because %1 is read-only").arg(
sourceOK ? tr("the destination") : tr("the source"));
it->_errorString = errorString;
qDebug() << "checkForPermission: ERROR MOVING" << it->_file << errorString;
if (it->_isDirectory) {
const QString path = it->_file + QLatin1Char('/');
for (SyncFileItemVector::iterator it_next = it + 1;
it_next != _syncedItems.end() && it_next->_file.startsWith(path); ++it_next) {
it = it_next;
it->_instruction = CSYNC_INSTRUCTION_ERROR;
it->_status = SyncFileItem::NormalError;
it->_errorString = errorString;
qDebug() << "checkForPermission: ERROR MOVING" << it->_file;
}
}
}
break;
}
default:
break;
}
}
}
bool
AGStreet::allows(const SUMOVehicleClass vclass) const {
return (getPermissions() & vclass) == vclass;
}
