int acl_allow_command(struct cmd *cmd, struct conf *cfg, struct http_client *client) { char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD", "SELECT"}; unsigned int i; int authorized = 1; struct acl *a; in_addr_t client_addr; const char *cmd_name; size_t cmd_len; if(cmd->count == 0) { return 0; } cmd_name = cmd->argv[0]; cmd_len = cmd->argv_len[0]; /* some commands are always disabled, regardless of the config file. */ for(i = 0; i < sizeof(always_off) / sizeof(always_off[0]); ++i) { if(strncasecmp(always_off[i], cmd_name, cmd_len) == 0) { return 0; } } /* find client's address */ client_addr = ntohl(client->addr); /* go through permissions */ for(a = cfg->perms; a; a = a->next) { if(!acl_match_client(a, client, &client_addr)) continue; /* match client */ /* go through authorized commands */ for(i = 0; i < a->enabled.count; ++i) { if(strncasecmp(a->enabled.commands[i], cmd_name, cmd_len) == 0) { authorized = 1; } if(strncasecmp(a->enabled.commands[i], "*", 1) == 0) { authorized = 1; } } /* go through unauthorized commands */ for(i = 0; i < a->disabled.count; ++i) { if(strncasecmp(a->disabled.commands[i], cmd_name, cmd_len) == 0) { authorized = 0; } if(strncasecmp(a->disabled.commands[i], "*", 1) == 0) { authorized = 0; } } } return authorized; }
/** * Returns: * -2 if command is not allowed * -1 if command is allowed, but not defined database ID (will use default id) * 0 or greater if command is allowed. Return value is database id */ int acl_allow_command(struct cmd *cmd, struct conf *cfg, struct evhttp_request *rq) { char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD"}; unsigned int i; int authorized = -1; struct acl *a; char *client_ip; u_short client_port; in_addr_t client_addr; const char *cmd_name = cmd->argv[0]; size_t cmd_len = cmd->argv_len[0]; /* some commands are always disabled, regardless of the config file. */ for(i = 0; i < sizeof(always_off) / sizeof(always_off[0]); ++i) { if(strncasecmp(always_off[i], cmd_name, cmd_len) == 0) { return -2; } } /* find client's address */ evhttp_connection_get_peer(rq->evcon, &client_ip, &client_port); client_addr = ntohl(inet_addr(client_ip)); /* go through permissions */ for(a = cfg->perms; a; a = a->next) { if(!acl_match_client(a, rq, &client_addr)) continue; /* match client */ /* go through authorized commands */ for(i = 0; i < a->enabled.count; ++i) { if(strncasecmp(a->enabled.commands[i], cmd_name, cmd_len) == 0) { authorized = 1; } if(strncasecmp(a->enabled.commands[i], "*", 1) == 0) { authorized = 1; } } /* go through unauthorized commands */ for(i = 0; i < a->disabled.count; ++i) { if(strncasecmp(a->disabled.commands[i], cmd_name, cmd_len) == 0) { authorized = -2; } if(strncasecmp(a->disabled.commands[i], "*", 1) == 0) { authorized = -2; } } if(authorized != -2 && a->database != -1) authorized = a->database; } return authorized; }