int CLuaACLDefs::aclRemoveRight ( lua_State* luaVM )
{
// Verify the arguents
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING )
{
// Grab the argument strings
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
char* szRight = (char*) lua_tostring ( luaVM, 2 );
// Verify the ACL pointer
if ( pACL )
{
// Grab the type from the name passed
char* szRightAftedDot = szRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( szRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( szRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Try removing the right
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
bool bAccess = pACLRight && pACLRight->GetRightAccess ();
if ( pACL->RemoveRight ( szRightAftedDot, eType ) )
{
CLogger::LogPrintf ( "ACL: %s: Right '%s' %s removed from ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclRemoveRight" );
lua_pushboolean ( luaVM, false );
return 1;
}
void CAccessControlListGroup::WriteToXMLNode ( CXMLNode* pNode )
{
assert ( pNode );
// Create the subnode for this
CXMLNode* pSubNode = pNode->CreateSubNode ( "group" );
assert ( pSubNode );
// Create attribute for the name and set it
CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Create ( "name" );
pAttribute->SetValue ( m_strGroupName );
// Write the ACL's this group use
ACLsList::iterator iterACL = m_ACLs.begin ();
for ( ; iterACL != m_ACLs.end (); iterACL++ )
{
CAccessControlList* pACL = *iterACL;
// Create the subnode for this object and write the name attribute we generated
CXMLNode* pObjectNode = pSubNode->CreateSubNode ( "acl" );
pAttribute = pObjectNode->GetAttributes ().Create ( "name" );
pAttribute->SetValue ( pACL->GetName () );
}
// Write every object
ObjectList::iterator iter = m_Objects.begin ();
for ( ; iter != m_Objects.end (); iter++ )
{
CAccessControlListGroupObject* pObject = *iter;
// Find out the object type string
char szObjectType [255];
switch ( pObject->GetObjectType () )
{
case CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE:
strcpy ( szObjectType, "resource" );
break;
case CAccessControlListGroupObject::OBJECT_TYPE_USER:
strcpy ( szObjectType, "user" );
break;
default:
strcpy ( szObjectType, "error" );
break;
}
// Append a dot append the name of the node
strcat ( szObjectType, "." );
strncat ( szObjectType, pObject->GetObjectName (), NUMELMS( szObjectType ) - 1 );
// Create the subnode for this object and write the name attribute we generated
CXMLNode* pObjectNode = pSubNode->CreateSubNode ( "object" );
pAttribute = pObjectNode->GetAttributes ().Create ( "name" );
pAttribute->SetValue ( szObjectType );
}
}
int CLuaACLDefs::aclGetRight ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING )
{
// Grab the arguments
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
char* szRight = (char*) lua_tostring ( luaVM, 2 );
// Verify the ACL pointer
if ( pACL )
{
// Grab the type from the name passed
char* szRightAftedDot = szRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( szRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( szRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
lua_pushboolean ( luaVM, pACLRight->GetRightAccess () );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclGetRight" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclRemoveRight ( lua_State* luaVM )
{
// bool aclRemoveRight ( acl theAcl, string rightName )
CAccessControlList* pACL; SString strRight;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
argStream.ReadString ( strRight );
if ( !argStream.HasErrors () )
{
// Grab the type from the name passed
const char* szRightAftedDot = strRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( strRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( strRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Try removing the right
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
bool bAccess = pACLRight && pACLRight->GetRightAccess ();
if ( pACL->RemoveRight ( szRightAftedDot, eType ) )
{
CLogger::LogPrintf ( "ACL: %s: Right '%s' %s removed from ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGetRight ( lua_State* luaVM )
{
// bool aclGetRight ( acl theAcl, string rightName )
CAccessControlList* pACL; SString strRight;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
argStream.ReadString ( strRight );
if ( !argStream.HasErrors () )
{
// Grab the type from the name passed
const char* szRightAftedDot = strRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( strRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( strRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
lua_pushboolean ( luaVM, pACLRight->GetRightAccess () );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclCreate ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TSTRING )
{
// Grab the arguments
const char* szACLName = lua_tostring ( luaVM, 1 );
// See that the name doesn't exist already
CAccessControlList* pACL = m_pACLManager->GetACL ( szACLName );
if ( !pACL )
{
// Create a new ACL with that name
pACL = m_pACLManager->AddACL ( szACLName );
CLogger::LogPrintf ( "ACL: %s: ACL '%s' created\n", GetResourceName ( luaVM ), pACL->GetName () );
// Return the created ACL
lua_pushacl ( luaVM, pACL );
return 1;
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclCreate" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGroupRemoveACL ( lua_State* luaVM )
{
// Verify the arguents
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TLIGHTUSERDATA )
{
// Grab the arguments
CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 );
CAccessControlList* pACL = lua_toacl ( luaVM, 2 );
// Verify the group and ACL
if ( pGroup && pACL )
{
// Add the ACL to the group
pGroup->RemoveACL ( pACL );
CLogger::LogPrintf ( "ACL: %s: ACL '%s' removed from group '%s'\n", GetResourceName ( luaVM ), pACL->GetName (), pGroup->GetGroupName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclGroupRemoveACL" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclCreate ( lua_State* luaVM )
{
// acl aclCreate ( string aclName )
SString strACLName;
CScriptArgReader argStream ( luaVM );
argStream.ReadString ( strACLName );
if ( !argStream.HasErrors () )
{
// See that the name doesn't exist already
CAccessControlList* pACL = m_pACLManager->GetACL ( strACLName );
if ( !pACL )
{
// Create a new ACL with that name
pACL = m_pACLManager->AddACL ( strACLName );
CLogger::LogPrintf ( "ACL: %s: ACL '%s' created\n", GetResourceName ( luaVM ), pACL->GetName () );
// Return the created ACL
lua_pushacl ( luaVM, pACL );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGetName ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA )
{
// Grab and verify the ACL pointer
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
if ( pACL )
{
// Return its name
lua_pushstring ( luaVM, pACL->GetName () );
return 1;
}
}
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGetName ( lua_State* luaVM )
{
// string aclGetName ( acl theAcl )
CAccessControlList* pACL;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
if ( !argStream.HasErrors () )
{
// Return its name
lua_pushstring ( luaVM, pACL->GetName () );
return 1;
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
///////////////////////////////////////////////////////////////
//
// CResource::GetAclRequests
//
// Get all acl requests for this resource
//
///////////////////////////////////////////////////////////////
void CResource::GetAclRequests ( std::vector < SAclRequest >& outResultList )
{
outResultList.clear ();
CAccessControlList* pAutoAcl = FindAutoAcl ();
if ( !pAutoAcl )
return;
// Get each right
for ( std::list < CAccessControlListRight* >::const_iterator iter = pAutoAcl->IterBegin () ; iter != pAutoAcl->IterEnd () ; ++iter )
{
CAccessControlListRight* pAclRight = *iter;
// Create SAclRequest from ACL
SAclRequest request ( CAclRightName ( pAclRight->GetRightType (), pAclRight->GetRightName () ) );
request.bAccess = StringToBool ( pAclRight->GetAttributeValue ( "access" ) );
request.bPending = StringToBool ( pAclRight->GetAttributeValue ( "pending" ) );
request.strWho = pAclRight->GetAttributeValue ( "who" );
request.strDate = pAclRight->GetAttributeValue ( "date" );
outResultList.push_back ( request );
}
}
int CLuaACLDefs::aclDestroy ( lua_State* luaVM )
{
// bool aclDestroy ( acl theACL )
CAccessControlList* pACL;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
if ( !argStream.HasErrors () )
{
// Delete it
CLogger::LogPrintf ( "ACL: %s: ACL '%s' deleted\n", GetResourceName ( luaVM ), pACL->GetName () );
m_pACLManager->DeleteACL ( pACL );
// Return true
lua_pushboolean ( luaVM, true );
return 1;
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclDestroy ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA )
{
// Grab the arguments
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
if ( pACL )
{
// Delete it
CLogger::LogPrintf ( "ACL: %s: ACL '%s' deleted\n", GetResourceName ( luaVM ), pACL->GetName () );
m_pACLManager->DeleteACL ( pACL );
// Return true
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclDestroy" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGroupRemoveACL ( lua_State* luaVM )
{
// bool aclGroupRemoveACL ( aclgroup theGroup, acl theACL )
CAccessControlListGroup* pGroup; CAccessControlList* pACL;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pGroup );
argStream.ReadUserData ( pACL );
if ( !argStream.HasErrors () )
{
// Add the ACL to the group
pGroup->RemoveACL ( pACL );
CLogger::LogPrintf ( "ACL: %s: ACL '%s' removed from group '%s'\n", GetResourceName ( luaVM ), pACL->GetName (), pGroup->GetGroupName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
bool CAccessControlListManager::Load ( void )
{
// Eventually destroy the previously loaded xml
if ( m_pXML )
{
delete m_pXML;
}
// Load the XML
m_pXML = g_pServerInterface->GetXML ()->CreateXML ( GetFileName ().c_str () );
if ( !m_pXML )
{
CLogger::ErrorPrintf ( "Error loading Access Control List file\n" );
return false;
}
// Parse it
if ( !m_pXML->Parse () )
{
CLogger::ErrorPrintf ( "Error parsing Access Control List file\n" );
return false;
}
// Grab the XML root node
m_pRootNode = m_pXML->GetRootNode ();
if ( !m_pRootNode )
{
CLogger::ErrorPrintf ( "Missing root node ('ACL')\n" );
return false;
}
// Clear previous ACL stuff
ClearACLs ();
ClearGroups ();
// load the acl's
CXMLNode* pSubNode = NULL;
unsigned int uiSubNodesCount = m_pRootNode->GetSubNodeCount ();
for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ )
{
pSubNode = m_pRootNode->GetSubNode ( i );
if ( !pSubNode ) continue;
if ( pSubNode->GetTagName ().compare ( "acl" ) == 0 )
{
CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" );
if ( pAttribute )
{
CAccessControlList* pACL = AddACL ( pAttribute->GetValue ().c_str () );
CXMLNode* pSubSubNode = NULL;
unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount ();
for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ )
{
// If this subnode doesn't exist, return to the for loop and continue it
pSubSubNode = pSubNode->GetSubNode ( j );
if ( !pSubSubNode ) continue;
// Check that this subsub node is named "right"
if ( pSubSubNode->GetTagName ().compare ( "right" ) == 0 )
{
// Grab the name and the access attributes
CXMLAttribute* pNameAttribute = pSubSubNode->GetAttributes ().Find ( "name" );
CXMLAttribute* pAccessAttribute = pSubSubNode->GetAttributes ().Find ( "access" );
if ( pNameAttribute && pAccessAttribute )
{
// See if the access attribute is true or false
bool bAccess = false;
std::string strAccess = pAccessAttribute->GetValue ();
if ( stricmp ( strAccess.c_str (), "true" ) == 0 ||
stricmp ( strAccess.c_str (), "yes" ) == 0 ||
strcmp ( strAccess.c_str (), "1" ) == 0 )
{
bAccess = true;
}
// Grab the name of the 'right' name
const char *szRightName = pNameAttribute->GetValue ().c_str ();
// Create the rights control list
CAccessControlListRight* pRight = NULL;
if ( StringBeginsWith ( szRightName, "command." ) )
{
pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_COMMAND, bAccess );
}
else if ( StringBeginsWith ( szRightName, "function." ) )
{
pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_FUNCTION, bAccess );
}
else if ( StringBeginsWith ( szRightName, "resource." ) )
{
pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_RESOURCE, bAccess );
}
else if ( StringBeginsWith ( szRightName, "general." ) )
{
pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_GENERAL, bAccess );
}
else continue;
// Set all the extra attributes
for ( uint i = 0 ; i < pSubSubNode->GetAttributes ().Count () ; i++ )
{
CXMLAttribute* pAttribute = pSubSubNode->GetAttributes ().Get ( i );
pRight->SetAttributeValue ( pAttribute->GetName (), pAttribute->GetValue () );
}
}
}
}
}
}
}
// Load the groups
pSubNode = NULL;
uiSubNodesCount = m_pRootNode->GetSubNodeCount ();
for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ )
{
pSubNode = m_pRootNode->GetSubNode ( i );
if ( !pSubNode ) continue;
if ( pSubNode->GetTagName ().compare ( "group" ) == 0 )
{
CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" );
if ( pAttribute )
{
CAccessControlListGroup* pGroup = AddGroup ( pAttribute->GetValue ().c_str () );
CXMLNode* pSubSubNode = NULL;
unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount ();
for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ )
{
pSubSubNode = pSubNode->GetSubNode ( j );
if ( !pSubSubNode ) continue;
if ( pSubSubNode->GetTagName ().compare ( "object" ) == 0 )
{
CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" );
if ( pSubAttribute )
{
const char *szAccountName = pSubAttribute->GetValue ().c_str ();
if ( StringBeginsWith ( szAccountName, "user." ) )
{
pGroup->AddObject ( &szAccountName[5], CAccessControlListGroupObject::OBJECT_TYPE_USER );
}
else if ( StringBeginsWith ( szAccountName, "resource." ) )
{
pGroup->AddObject ( &szAccountName[9], CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE );
}
}
}
else if ( pSubSubNode->GetTagName ().compare ( "acl" ) == 0 )
{
CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" );
if ( pSubAttribute )
{
CAccessControlList* pACL = GetACL ( pSubAttribute->GetValue ().c_str () );
if ( pACL )
{
pGroup->AddACL ( pACL );
}
}
}
}
}
}
}
m_bNeedsSave = false;
return true;
}
int CLuaACLDefs::aclSetRight ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING &&
lua_type ( luaVM, 3 ) == LUA_TBOOLEAN )
{
// Grab the arguments
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
char* szRight = (char*) lua_tostring ( luaVM, 2 );
bool bAccess = lua_toboolean ( luaVM, 3 ) ?true:false;
// Verify the ACL pointer
if ( pACL )
{
// Grab the type from the name passed
char* szRightAftedDot = szRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( szRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( szRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
// Set the new access right
if ( pACLRight->GetRightAccess () != bAccess )
CLogger::LogPrintf ( "ACL: %s: Right '%s' changed to %s in ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
pACLRight->SetRightAccess ( bAccess );
lua_pushboolean ( luaVM, true );
return 1;
}
// Try to add it
pACLRight = pACL->AddRight ( szRightAftedDot, eType, bAccess );
if ( pACLRight )
{
// Return success
CLogger::LogPrintf ( "ACL: %s: Right '%s' %s added in ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
lua_pushboolean ( luaVM, true );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclSetRight" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclListRights ( lua_State* luaVM )
{
// Verify the arguents
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA )
{
// Grab and verify the ACL
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
if ( pACL )
{
// Create a table to return into
lua_newtable ( luaVM );
// Loop through ACL
char szRightName [128];
CAccessControlListRight::ERightType eType;
unsigned int uiIndex = 0;
list <CAccessControlListRight* > ::const_iterator iter = pACL->IterBegin ();
for ( ; iter != pACL->IterEnd (); iter++ )
{
// Type
eType = (*iter)->GetRightType ();
switch ( eType )
{
case CAccessControlListRight::RIGHT_TYPE_COMMAND:
strcpy ( szRightName, "command." );
break;
case CAccessControlListRight::RIGHT_TYPE_FUNCTION:
strcpy ( szRightName, "function." );
break;
case CAccessControlListRight::RIGHT_TYPE_RESOURCE:
strcpy ( szRightName, "resource." );
break;
case CAccessControlListRight::RIGHT_TYPE_GENERAL:
strcpy ( szRightName, "general." );
break;
default:
strcpy ( szRightName, "unknown." );
break;
}
// Append right name
strncat ( szRightName, (*iter)->GetRightName (), 128 );
// Push its name onto the table
lua_pushnumber ( luaVM, ++uiIndex );
lua_pushstring ( luaVM, szRightName );
lua_settable ( luaVM, -3 );
}
// Return the table
return 1;
}
}
// Return true
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclListRights ( lua_State* luaVM )
{
// table aclListRights ( acl theACL )
CAccessControlList* pACL; SString strType; bool bAll = true; CAccessControlListRight::ERightType eAllowed = (CAccessControlListRight::ERightType)-1;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
if ( argStream.NextIsString () )
{
argStream.ReadString ( strType );
bAll = false;
if ( strType == "command" )
eAllowed = CAccessControlListRight::RIGHT_TYPE_COMMAND;
else if ( strType == "function" )
eAllowed = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
else if ( strType == "resource" )
eAllowed = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
else if ( strType == "general" )
eAllowed = CAccessControlListRight::RIGHT_TYPE_GENERAL;
else
bAll = true;
}
if ( !argStream.HasErrors () )
{
// Create a table to return into
lua_newtable ( luaVM );
// Loop through ACL
char szRightName [128];
CAccessControlListRight::ERightType eType;
unsigned int uiIndex = 0;
list <CAccessControlListRight* > ::const_iterator iter = pACL->IterBegin ();
for ( ; iter != pACL->IterEnd (); ++iter )
{
// Type
eType = (*iter)->GetRightType ();
if ( !bAll && eType != eAllowed )
continue;
switch ( eType )
{
case CAccessControlListRight::RIGHT_TYPE_COMMAND:
strcpy ( szRightName, "command." );
break;
case CAccessControlListRight::RIGHT_TYPE_FUNCTION:
strcpy ( szRightName, "function." );
break;
case CAccessControlListRight::RIGHT_TYPE_RESOURCE:
strcpy ( szRightName, "resource." );
break;
case CAccessControlListRight::RIGHT_TYPE_GENERAL:
strcpy ( szRightName, "general." );
break;
default:
strcpy ( szRightName, "unknown." );
break;
}
// Append right name
strncat ( szRightName, (*iter)->GetRightName (), NUMELMS( szRightName ) - 1 );
// Push its name onto the table
lua_pushnumber ( luaVM, ++uiIndex );
lua_pushstring ( luaVM, szRightName );
lua_settable ( luaVM, -3 );
}
// Return the table
return 1;
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclSetRight ( lua_State* luaVM )
{
// bool aclSetRight ( acl theAcl, string rightName, bool hasAccess )
CAccessControlList* pACL; SString strRight; bool bAccess;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
argStream.ReadString ( strRight );
argStream.ReadBool ( bAccess );
if ( !argStream.HasErrors () )
{
// Grab the type from the name passed
const char* szRightAftedDot = strRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( strRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( strRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
// Set the new access right
if ( pACLRight->GetRightAccess () != bAccess )
CLogger::LogPrintf ( "ACL: %s: Right '%s' changed to %s in ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
pACLRight->SetRightAccess ( bAccess );
lua_pushboolean ( luaVM, true );
return 1;
}
// Try to add it
pACLRight = pACL->AddRight ( szRightAftedDot, eType, bAccess );
if ( pACLRight )
{
// LOGLEVEL_LOW to stop spam from admin resource at new server startup
CLogger::LogPrintf ( LOGLEVEL_LOW, "ACL: %s: Right '%s' %s added in ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
