Ejemplo n.º 1
0
const char *
crm_acl_get_set_user(xmlNode * request, const char *field, const char *peer_user)
{
    /* field is only checked for backwards compatibility */
    static const char *effective_user = NULL;
    const char *requested_user = NULL;
    const char *user = NULL;

    if(effective_user == NULL) {
        effective_user = uid2username(geteuid());
    }

    requested_user = crm_element_value(request, XML_ACL_TAG_USER);
    if(requested_user == NULL) {
        requested_user = crm_element_value(request, field);
    }

    if (is_privileged(effective_user) == FALSE) {
        /* We're not running as a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */
        user = effective_user;

    } else if(peer_user == NULL && requested_user == NULL) {
        /* No user known or requested, use 'effective_user' and make sure one is set for the request */
        user = effective_user;

    } else if(peer_user == NULL) {
        /* No user known, trusting 'requested_user' */
        user = requested_user;

    } else if (is_privileged(peer_user) == FALSE) {
        /* The peer is not a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */
        user = peer_user;

    } else if (requested_user == NULL) {
        /* Even if we're privileged, make sure there is always a value set */
        user = peer_user;

    } else {
        /* Legal delegation to 'requested_user' */
        user = requested_user;
    }

    // This requires pointer comparison, not string comparison
    if(user != crm_element_value(request, XML_ACL_TAG_USER)) {
        crm_xml_add(request, XML_ACL_TAG_USER, user);
    }

    if(field != NULL && user != crm_element_value(request, field)) {
        crm_xml_add(request, field, user);
    }

    return requested_user;
}
Ejemplo n.º 2
0
/**
 * Execute a tokenized command and display its output.
 *
 * @param conn The connection to lldpd.
 * @param fmt  Output format.
 * @param argc Number of arguments.
 * @param argv Array of arguments.
 * @return 0 if an error occurred, 1 otherwise
 */
static int
cmd_exec(lldpctl_conn_t *conn, const char *fmt, int argc, const char **argv)
{
	/* Init output formatter */
	struct writer *w;

	if      (strcmp(fmt, "plain")    == 0) w = txt_init(stdout);
	else if (strcmp(fmt, "keyvalue") == 0) w = kv_init(stdout);
#ifdef USE_XML
	else if (strcmp(fmt, "xml")      == 0) w = xml_init(stdout);
#endif
#ifdef USE_JANSSON
	else if (strcmp(fmt, "json")     == 0) w = jansson_init(stdout);
#endif
#ifdef USE_JSONC
	else if (strcmp(fmt, "json")     == 0) w = jsonc_init(stdout);
#endif
	else w = txt_init(stdout);

	/* Execute command */
	int rc = commands_execute(conn, w,
	    root, argc, argv, is_privileged());
	if (rc != 0) {
		log_info("lldpctl", "an error occurred while executing last command");
		w->finish(w);
		return 0;
	}
	w->finish(w);
	return 1;
}
Ejemplo n.º 3
0
static struct cmd_node*
register_commands()
{
	root = commands_root();
	register_commands_show(root);
	register_commands_watch(root);
	if (is_privileged()) {
		commands_new(
			commands_new(root, "update", "Update information and send LLDPU on all ports",
			    NULL, NULL, NULL),
			NEWLINE, "Update information and send LLDPU on all ports",
			NULL, cmd_update, NULL);
		register_commands_configure(root);
	}
	commands_new(root, "help", "Get help on a possible command",
	    NULL, cmd_store_env_and_pop, "help");
	commands_new(
		commands_new(root, "pause", "Pause lldpd operations", NULL, NULL, NULL),
		NEWLINE, "Pause lldpd operations", NULL, cmd_pause, NULL);
	commands_new(
		commands_new(root, "resume", "Resume lldpd operations", NULL, NULL, NULL),
		NEWLINE, "Resume lldpd operations", NULL, cmd_resume, NULL);
	commands_new(
		commands_new(root, "exit", "Exit interpreter", NULL, NULL, NULL),
		NEWLINE, "Exit interpreter", NULL, cmd_exit, NULL);
	return root;
}
Ejemplo n.º 4
0
static char*
prompt()
{
#define CESC "\033"
	int privileged = is_privileged();
	if (isatty(STDIN_FILENO)) {
		if (privileged)
			return "[lldpcli] # ";
		return "[lldpcli] $ ";
	}
	return "";
}
Ejemplo n.º 5
0
static int
_cmd_complete(int all)
{
	char **argv = NULL;
	int argc = 0;
	int rc = 1;
	size_t len = strlen(rl_line_buffer);
	char *line = malloc(len + 2);
	if (!line) return -1;
	strlcpy(line, rl_line_buffer, len + 2);
	line[rl_point]   = 2;	/* empty character, will force a word */
	line[rl_point+1] = 0;

	if (tokenize_line(line, &argc, &argv) != 0)
		goto end;

	char *compl = commands_complete(root, argc, (const char **)argv, all, is_privileged());
	if (compl && strlen(argv[argc-1]) < strlen(compl)) {
		if (rl_insert_text(compl + strlen(argv[argc-1])) < 0) {
			free(compl);
			goto end;
		}
		free(compl);
		rc = 0;
		goto end;
	}
	/* No completion or several completion available. */
	free(compl);
	fprintf(stderr, "\n");
	rl_forced_update_display();
	rc = 0;
end:
	free(line);
	tokenize_free(argc, argv);
	return rc;
}
Ejemplo n.º 6
0
void test_action::test_cf_action() {

   eosio::action act = eosio::get_action( 0, 0 );
   cf_action cfa = act.data_as<cf_action>();
   if ( cfa.payload == 100 ) {
      // verify read of get_context_free_data, also verifies system api access
      int size = get_context_free_data( cfa.cfd_idx, nullptr, 0 );
      eosio_assert( size > 0, "size determination failed" );
      eosio::bytes cfd( static_cast<size_t>(size) );
      size = get_context_free_data( cfa.cfd_idx, &cfd[0], static_cast<size_t>(size) );
      eosio_assert(static_cast<size_t>(size) == cfd.size(), "get_context_free_data failed" );
      uint32_t v = eosio::unpack<uint32_t>( &cfd[0], cfd.size() );
      eosio_assert( v == cfa.payload, "invalid value" );

      // verify crypto api access
      checksum256 hash;
      char test[] = "test";
      sha256( test, sizeof(test), &hash );
      assert_sha256( test, sizeof(test), &hash );
      // verify action api access
      action_data_size();
      // verify console api access
      eosio::print("test\n");
      // verify memory api access
      uint32_t i = 42;
      memccpy(&v, &i, sizeof(i), sizeof(i));
      // verify transaction api access
      eosio_assert(transaction_size() > 0, "transaction_size failed");
      // verify softfloat api access
      float f1 = 1.0f, f2 = 2.0f;
      float f3 = f1 + f2;
      eosio_assert( f3 >  2.0f, "Unable to add float.");
      // verify compiler builtin api access
      __int128 ret;
      __divti3(ret, 2, 2, 2, 2);
      // verify context_free_system_api
      eosio_assert( true, "verify eosio_assert can be called" );


   } else if ( cfa.payload == 200 ) {
      // attempt to access non context free api, privileged_api
      is_privileged(act.name);
      eosio_assert( false, "privileged_api should not be allowed" );
   } else if ( cfa.payload == 201 ) {
      // attempt to access non context free api, producer_api
      get_active_producers( nullptr, 0 );
      eosio_assert( false, "producer_api should not be allowed" );
   } else if ( cfa.payload == 202 ) {
      // attempt to access non context free api, db_api
      db_store_i64( N(testapi), N(testapi), N(testapi), 0, "test", 4 );
      eosio_assert( false, "db_api should not be allowed" );
   } else if ( cfa.payload == 203 ) {
      // attempt to access non context free api, db_api
      uint64_t i = 0;
      db_idx64_store( N(testapi), N(testapi), N(testapi), 0, &i );
      eosio_assert( false, "db_api should not be allowed" );
   } else if ( cfa.payload == 204 ) {
      db_find_i64( N(testapi), N(testapi), N(testapi), 1);
      eosio_assert( false, "db_api should not be allowed" );
   } else if ( cfa.payload == 205 ) {
      // attempt to access non context free api, send action
      eosio::action dum_act;
      dum_act.send();
      eosio_assert( false, "action send should not be allowed" );
   } else if ( cfa.payload == 206 ) {
      eosio::require_auth(N(test));
      eosio_assert( false, "authorization_api should not be allowed" );
   } else if ( cfa.payload == 207 ) {
      now();
      eosio_assert( false, "system_api should not be allowed" );
   } else if ( cfa.payload == 208 ) {
      current_time();
      eosio_assert( false, "system_api should not be allowed" );
   } else if ( cfa.payload == 209 ) {
      publication_time();
      eosio_assert( false, "system_api should not be allowed" );
   } else if ( cfa.payload == 210 ) {
      send_inline( "hello", 6 );
      eosio_assert( false, "transaction_api should not be allowed" );
   } else if ( cfa.payload == 211 ) {
      send_deferred( N(testapi), N(testapi), "hello", 6 );
      eosio_assert( false, "transaction_api should not be allowed" );
   }

}