/* PRIVATE part_match() ** MATCH ONE PART OF INET ADDRESS AGAIST ** A PART OF MASK (inet address has 4 parts) ** ON ENTRY: ** tcur pointer to the beginning of template part. ** icur pointer to the beginning of actual inet ** number part. ** ** ON EXIT: ** returns YES, if match. */ PRIVATE BOOL part_match ARGS2(CONST char *, tcur, CONST char *, icur) { char required[4]; char actual[4]; CONST char *cur; int cnt; BOOL status; if (!tcur || !icur) return NO; cur=tcur; cnt=0; while (cnt < 3 && *cur && *cur != '.') required[cnt++] = *(cur++); required[cnt] = (char)0; cur=icur; cnt=0; while (cnt < 3 && *cur && *cur != '.') actual[cnt++] = *(cur++); actual[cnt] = (char)0; status = HTAA_templateMatch(required, actual); CTRACE(tfp, "part_match: req: '%s' act: '%s' match: %s\n", required, actual, (status ? "yes" : "no")); return status; }
/* * Returns a description string (that must not be HT_FREEd!) * for a file with name name in directory dirname. * Description file contents is in descriptions list. */ PUBLIC char * HTGetDescription (HTList * descriptions, char * dirname, char * filename, HTFormat format) { HTList * cur = descriptions; char * t; if (!dirname || !filename) return NULL; /* * descriptions may well be NULL in which case we may still * want to peek the titles. */ while ((t = (char*)HTList_nextObject(cur))) { char * d = strchr(t,' '); if (!d) continue; *d = 0; #if 0 if (HTAA_templateMatch(t,filename)) { #else if (HTStrMatch(t, filename)) { #endif *d = ' '; return d+1; } *d = ' '; } if (HTPeekTitles && format == WWW_HTML) return HTPeekTitle(dirname, filename); else return NULL; }
/* HTGetIcon() ** returns the icon corresponding to content_type or content_encoding. */ PUBLIC HTIconNode * HTGetIcon ARGS3(mode_t, mode, HTFormat, content_type, HTFormat, content_encoding) { if (!icon_unknown) icon_unknown = icon_blank; if ((mode & S_IFMT) == S_IFREG) { char * ct = content_type ? HTAtom_name(content_type) : NULL; char * ce = content_encoding ? HTAtom_name(content_encoding) : NULL; HTList * cur = icons; HTIconNode * node; while ((node = (HTIconNode*)HTList_nextObject(cur))) { char * slash = strchr(node->type_templ,'/'); if ((ct && slash && match(node->type_templ,ct)) || (ce && !slash && HTAA_templateMatch(node->type_templ,ce))) { return node; } } } else if ((mode & S_IFMT) == S_IFDIR) { return icon_dir ? icon_dir : icon_unknown; } else if ((mode & S_IFMT) == S_IFLNK) { return icon_dir ? icon_dir : icon_unknown; /* @@ */ } return icon_unknown; }
PRIVATE BOOL match ARGS2(char *, templ, char *, actual) { static char * c1 = NULL; static char * c2 = NULL; char * slash1; char * slash2; StrAllocCopy(c1,templ); StrAllocCopy(c2,actual); slash1 = strchr(c1,'/'); slash2 = strchr(c2,'/'); if (slash1 && slash2) { *slash1++ = 0; *slash2++ = 0; return HTAA_templateMatch(c1,c2) && HTAA_templateMatch(slash1,slash2); } else if (!slash1 && !slash2) return HTAA_templateMatch(c1,c2); else return NO; }
/* PUBLIC HTAA_getAclEntry() ** CONSULT THE ACCESS CONTROL LIST AND ** GIVE A LIST OF GROUPS (AND USERS) ** AUTHORIZED TO ACCESS A GIVEN FILE ** ON ENTRY: ** acl_file is an open ACL file. ** pathname is the absolute pathname of ** the file to be accessed. ** method is the method for which access is wanted. ** ** ALC FILE FORMAT: ** ** template : method, method, ... : group@addr, user, group, ... ** ** The last item is in fact in exactly the same format as ** group definition in group file, i.e. everything that ** follows the 'groupname:' part, ** e.g. ** user, group, user@address, group@address, ** (user,group,...)@(address, address, ...) ** ** ON EXIT: ** returns NULL, if there is no entry for the file in the ACL, ** or ACL doesn't exist. ** If there is, a GroupDef object containing the ** group and user names allowed to access the file ** is returned (this is automatically freed ** next time this function is called). ** IMPORTANT: ** Returns the first entry with matching template and ** method. This function should be called multiple times ** to process all the valid entries (until it returns NULL). ** This is because there can be multiple entries like: ** ** *.html : get,put : ari,timbl,robert ** *.html : get : jim,james,jonathan,jojo ** ** NOTE: ** The returned group definition may well contain references ** to groups defined in group file. Therefore these references ** must be resolved according to that rule file by function ** HTAA_resolveGroupReferences() (group file is read in by ** HTAA_readGroupFile()) and after that access authorization ** can be checked with function HTAA_userAndInetGroup(). */ PUBLIC GroupDef *HTAA_getAclEntry ARGS3(FILE *, acl_file, WWW_CONST char *, pathname, HTAAMethod, method) { static GroupDef * group_def = NULL; WWW_CONST char * filename; int len; char *buf; if (!acl_file) return NULL; /* ACL doesn't exist */ if (group_def) { GroupDef_delete(group_def); /* From previous call */ group_def = NULL; } if (!(filename = strrchr(pathname, '/'))) filename = pathname; else filename++; /* Skip slash */ len = strlen(filename); if (!(buf = (char*)malloc((strlen(filename)+2)*sizeof(char)))) outofmem(__FILE__, "HTAA_getAuthorizedGroups"); while (EOF != HTAAFile_readField(acl_file, buf, len+1)) { if (HTAA_templateMatch(buf, filename)) { HTList *methods = HTList_new(); HTAAFile_readList(acl_file, methods, MAX_METHODNAME_LEN); #ifndef DISABLE_TRACE if (www2Trace) { fprintf(stderr, "Filename '%s' matched template '%s', allowed methods:", filename, buf); } #endif if (HTAAMethod_inList(method, methods)) { /* right method? */ #ifndef DISABLE_TRACE if (www2Trace) fprintf(stderr, " METHOD OK\n"); #endif HTList_delete(methods); free(buf); group_def = HTAA_parseGroupDef(acl_file); return group_def; } #ifndef DISABLE_TRACE else if (www2Trace) fprintf(stderr, " METHOD NOT FOUND\n"); #endif HTList_delete(methods); } /* if template match */ else { HTAAFile_nextRec(acl_file); #ifndef DISABLE_TRACE if (www2Trace) { fprintf(stderr, "Filename '%s' didn't match template '%s'\n", filename, buf); } #endif } HTAAFile_nextRec(acl_file); } /* while not eof */ free(buf); return NULL; /* No entry for requested file */ /* (or an empty entry). */ }