/* * Set the current user to 'identifier'. */ static struct auth_state *mynewstate(const char *identifier) { struct auth_state *newstate; const char *ident; ident = auth_canonifyid(identifier, 0); if (!ident) return NULL; newstate = (struct auth_state *)xmalloc(sizeof(struct auth_state)); newstate->userid = xstrdup(ident); return newstate; }
/* * Determine if the user is a member of 'identifier' * Returns one of: * 0 User does not match identifier * 1 identifier matches everybody * 2 User is in the group that is identifier * 3 User is identifer */ static int mymemberof(struct auth_state *auth_state, const char *identifier) { const char *ident; int ret=0; if (strcmp(identifier,"anyone") == 0) return 1; if (!auth_state && !strcmp(identifier, "anonymous")) return 3; else if(!auth_state) return 0; if (strcmp(identifier,auth_state->userid) == 0) return 3; if (strcmp(auth_state->userid,"anonymous") == 0) return 0; ident = auth_canonifyid(identifier,0); if (!strcmp(ident, auth_state->userid)) { ret = 3; } return ret; }
/* * Modify the ACL pointed to by 'acl' to make the rights granted to * 'identifier' the set specified in the mask 'access'. The pointer * pointed to by 'acl' must have been obtained from malloc(). */ EXPORTED int cyrus_acl_set(char **acl, const char *identifier, int mode, int access, cyrus_acl_canonproc_t *canonproc, void *canonrock) { const char *canonid; char *newidentifier = 0; char *newacl; char *thisid, *nextid; int oldaccess = 0; char *rights; /* Convert 'identifier' into canonical form */ canonid = auth_canonifyid(*identifier == '-' ? identifier+1 : identifier, 0); if (canonid) { if (*identifier == '-') { newidentifier = xmalloc(strlen(canonid)+2); newidentifier[0] = '-'; strcpy(newidentifier+1, canonid); identifier = newidentifier; } else { identifier = canonid; } } else if (access != 0L) { return -1; } else { /* trying to delete invalid/non-existent identifier */ } /* Find any existing entry for 'identifier' in 'acl' */ for (thisid = nextid = *acl; *thisid; thisid = nextid) { rights = strchr(thisid, '\t'); if (!rights) { /* ACK, nuke trailing garbage */ *thisid = '\0'; nextid = thisid; break; } *rights++ = '\0'; nextid = strchr(rights, '\t'); if (!nextid) { /* ACK, nuke trailing garbage */ *thisid = '\0'; nextid = thisid; break; } *nextid++ = '\0'; if (strcmp(identifier, thisid) == 0) { oldaccess = cyrus_acl_strtomask(rights); break; } rights[-1] = '\t'; nextid[-1] = '\t'; } switch (mode) { case ACL_MODE_SET: break; case ACL_MODE_ADD: access |= oldaccess; break; case ACL_MODE_REMOVE: access = oldaccess & ~access; break; } if (canonproc) { if (*identifier == '-') access = ~(canonproc(canonrock, identifier+1, ~access)); else access = canonproc(canonrock, identifier, access); } if (access == 0L) { /* Remove any existing entry for 'identifier'. Special case: When we try to delete an invalid/non-existent identifier, both 'thisid' and 'nextid' point to the end of *acl. */ newacl = xmalloc(strlen(*acl) + strlen(nextid) - strlen(thisid) + 1); /* Copy existing ACLs without the current identifier. Note: The buffer will not be zero terminated. */ strncpy(newacl, *acl, (thisid - *acl)); /* Append the remaining ACL string. Zero-terminates the string. */ strcpy(newacl + (thisid - *acl), nextid); free(*acl); *acl = newacl; } else { /* Replace any existing entry for 'identifier' */ newacl = xmalloc((thisid - *acl) + strlen(identifier) + 40 + strlen(nextid)); strncpy(newacl, *acl, (thisid - *acl)); strcpy(newacl + (thisid - *acl), identifier); strcat(newacl, "\t"); (void) cyrus_acl_masktostr(access, newacl + strlen(newacl)); strcat(newacl, "\t"); strcat(newacl, nextid); free(*acl); *acl = newacl; } if (newidentifier) free(newidentifier); return 0; }