/*
* Set the current user to 'identifier'.
*/
static struct auth_state *mynewstate(const char *identifier)
{
struct auth_state *newstate;
const char *ident;
ident = auth_canonifyid(identifier, 0);
if (!ident) return NULL;
newstate = (struct auth_state *)xmalloc(sizeof(struct auth_state));
newstate->userid = xstrdup(ident);
return newstate;
}
/*
* Determine if the user is a member of 'identifier'
* Returns one of:
* 0 User does not match identifier
* 1 identifier matches everybody
* 2 User is in the group that is identifier
* 3 User is identifer
*/
static int mymemberof(struct auth_state *auth_state, const char *identifier)
{
const char *ident;
int ret=0;
if (strcmp(identifier,"anyone") == 0) return 1;
if (!auth_state && !strcmp(identifier, "anonymous")) return 3;
else if(!auth_state) return 0;
if (strcmp(identifier,auth_state->userid) == 0) return 3;
if (strcmp(auth_state->userid,"anonymous") == 0) return 0;
ident = auth_canonifyid(identifier,0);
if (!strcmp(ident, auth_state->userid)) {
ret = 3;
}
return ret;
}
/*
* Modify the ACL pointed to by 'acl' to make the rights granted to
* 'identifier' the set specified in the mask 'access'. The pointer
* pointed to by 'acl' must have been obtained from malloc().
*/
EXPORTED int cyrus_acl_set(char **acl, const char *identifier,
int mode, int access,
cyrus_acl_canonproc_t *canonproc,
void *canonrock)
{
const char *canonid;
char *newidentifier = 0;
char *newacl;
char *thisid, *nextid;
int oldaccess = 0;
char *rights;
/* Convert 'identifier' into canonical form */
canonid = auth_canonifyid(*identifier == '-' ? identifier+1 : identifier, 0);
if (canonid) {
if (*identifier == '-') {
newidentifier = xmalloc(strlen(canonid)+2);
newidentifier[0] = '-';
strcpy(newidentifier+1, canonid);
identifier = newidentifier;
} else {
identifier = canonid;
}
} else if (access != 0L) {
return -1;
} else {
/* trying to delete invalid/non-existent identifier */
}
/* Find any existing entry for 'identifier' in 'acl' */
for (thisid = nextid = *acl; *thisid; thisid = nextid) {
rights = strchr(thisid, '\t');
if (!rights) {
/* ACK, nuke trailing garbage */
*thisid = '\0';
nextid = thisid;
break;
}
*rights++ = '\0';
nextid = strchr(rights, '\t');
if (!nextid) {
/* ACK, nuke trailing garbage */
*thisid = '\0';
nextid = thisid;
break;
}
*nextid++ = '\0';
if (strcmp(identifier, thisid) == 0) {
oldaccess = cyrus_acl_strtomask(rights);
break;
}
rights[-1] = '\t';
nextid[-1] = '\t';
}
switch (mode) {
case ACL_MODE_SET:
break;
case ACL_MODE_ADD:
access |= oldaccess;
break;
case ACL_MODE_REMOVE:
access = oldaccess & ~access;
break;
}
if (canonproc) {
if (*identifier == '-')
access = ~(canonproc(canonrock, identifier+1, ~access));
else
access = canonproc(canonrock, identifier, access);
}
if (access == 0L) {
/* Remove any existing entry for 'identifier'.
Special case: When we try to delete an invalid/non-existent identifier,
both 'thisid' and 'nextid' point to the end of *acl. */
newacl = xmalloc(strlen(*acl) + strlen(nextid) - strlen(thisid) + 1);
/* Copy existing ACLs without the current identifier.
Note: The buffer will not be zero terminated. */
strncpy(newacl, *acl, (thisid - *acl));
/* Append the remaining ACL string. Zero-terminates the string. */
strcpy(newacl + (thisid - *acl), nextid);
free(*acl);
*acl = newacl;
}
else {
/* Replace any existing entry for 'identifier' */
newacl = xmalloc((thisid - *acl) + strlen(identifier) + 40 +
strlen(nextid));
strncpy(newacl, *acl, (thisid - *acl));
strcpy(newacl + (thisid - *acl), identifier);
strcat(newacl, "\t");
(void) cyrus_acl_masktostr(access, newacl + strlen(newacl));
strcat(newacl, "\t");
strcat(newacl, nextid);
free(*acl);
*acl = newacl;
}
if (newidentifier) free(newidentifier);
return 0;
}
