Esempio n. 1
0
int CLuaACLDefs::aclRemoveRight ( lua_State* luaVM )
{
    // Verify the arguents
    if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
         lua_type ( luaVM, 2 ) == LUA_TSTRING )
    {
        // Grab the argument strings
        CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
        char* szRight = (char*) lua_tostring ( luaVM, 2 );

        // Verify the ACL pointer
        if ( pACL )
        {
            // Grab the type from the name passed
            char* szRightAftedDot = szRight;
            CAccessControlListRight::ERightType eType;
            if ( StringBeginsWith ( szRight, "command." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
                szRightAftedDot += 8;
            }
            else if ( StringBeginsWith ( szRight, "function." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
                szRightAftedDot += 9;
            }
            else if ( StringBeginsWith ( szRight, "resource." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
                szRightAftedDot += 9;
            }
            else if ( StringBeginsWith ( szRight, "general." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
                szRightAftedDot += 8;
            }
            else
            {
                lua_pushboolean ( luaVM, false );
                return 1;
            }

            // Try removing the right
            CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
            bool bAccess = pACLRight && pACLRight->GetRightAccess ();
            if ( pACL->RemoveRight ( szRightAftedDot, eType ) )
            {
                CLogger::LogPrintf ( "ACL: %s: Right '%s' %s removed from ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
                // Return success
                lua_pushboolean ( luaVM, true );
                return 1;
            }
        }
    }
    else
        m_pScriptDebugging->LogBadType ( luaVM, "aclRemoveRight" );

    lua_pushboolean ( luaVM, false );
    return 1;
}
Esempio n. 2
0
int CLuaACLDefs::aclGetRight ( lua_State* luaVM )
{
    // Verify the argument types
    if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
         lua_type ( luaVM, 2 ) == LUA_TSTRING )
    {
        // Grab the arguments
        CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
        char* szRight = (char*) lua_tostring ( luaVM, 2 );

        // Verify the ACL pointer
        if ( pACL )
        {
            // Grab the type from the name passed
            char* szRightAftedDot = szRight;
            CAccessControlListRight::ERightType eType;
            if ( StringBeginsWith ( szRight, "command." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
                szRightAftedDot += 8;
            }
            else if ( StringBeginsWith ( szRight, "function." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
                szRightAftedDot += 9;
            }
            else if ( StringBeginsWith ( szRight, "resource." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
                szRightAftedDot += 9;
            }
            else if ( StringBeginsWith ( szRight, "general." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
                szRightAftedDot += 8;
            }
            else
            {
                lua_pushboolean ( luaVM, false );
                return 1;
            }

            // Grab the right from the name and type
            CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
            if ( pACLRight )
            {
                lua_pushboolean ( luaVM, pACLRight->GetRightAccess () );
                return 1;
            }
        }
    }
    else
        m_pScriptDebugging->LogBadType ( luaVM, "aclGetRight" );

    lua_pushboolean ( luaVM, false );
    return 1;
}
Esempio n. 3
0
int CLuaACLDefs::aclRemoveRight ( lua_State* luaVM )
{
//  bool aclRemoveRight ( acl theAcl, string rightName )
    CAccessControlList* pACL; SString strRight;
    
    CScriptArgReader argStream ( luaVM );
    argStream.ReadUserData ( pACL );
    argStream.ReadString ( strRight );
    
    if ( !argStream.HasErrors () )
    {
        // Grab the type from the name passed
        const char* szRightAftedDot = strRight;
        CAccessControlListRight::ERightType eType;
        if ( StringBeginsWith ( strRight, "command." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
            szRightAftedDot += 8;
        }
        else if ( StringBeginsWith ( strRight, "function." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
            szRightAftedDot += 9;
        }
        else if ( StringBeginsWith ( strRight, "resource." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
            szRightAftedDot += 9;
        }
        else if ( StringBeginsWith ( strRight, "general." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
            szRightAftedDot += 8;
        }
        else
        {
            lua_pushboolean ( luaVM, false );
            return 1;
        }
        // Try removing the right
        CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
        bool bAccess = pACLRight && pACLRight->GetRightAccess ();
        if ( pACL->RemoveRight ( szRightAftedDot, eType ) )
        {
            CLogger::LogPrintf ( "ACL: %s: Right '%s' %s removed from ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
            // Return success
            lua_pushboolean ( luaVM, true );
            return 1;
        }
    }
    else
        m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );

    lua_pushboolean ( luaVM, false );
    return 1;
}
Esempio n. 4
0
int CLuaACLDefs::aclGetRight ( lua_State* luaVM )
{
//  bool aclGetRight ( acl theAcl, string rightName )
    CAccessControlList* pACL; SString strRight;
    
    CScriptArgReader argStream ( luaVM );
    argStream.ReadUserData ( pACL );
    argStream.ReadString ( strRight );
    
    if ( !argStream.HasErrors () )
    {
        // Grab the type from the name passed
        const char* szRightAftedDot = strRight;
        CAccessControlListRight::ERightType eType;
        if ( StringBeginsWith ( strRight, "command." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
            szRightAftedDot += 8;
        }
        else if ( StringBeginsWith ( strRight, "function." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
            szRightAftedDot += 9;
        }
        else if ( StringBeginsWith ( strRight, "resource." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
            szRightAftedDot += 9;
        }
        else if ( StringBeginsWith ( strRight, "general." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
            szRightAftedDot += 8;
        }
        else
        {
            lua_pushboolean ( luaVM, false );
            return 1;
        }
        // Grab the right from the name and type
        CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
        if ( pACLRight )
        {
            lua_pushboolean ( luaVM, pACLRight->GetRightAccess () );
            return 1;
        }
    }
    else
        m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );

    lua_pushboolean ( luaVM, false );
    return 1;
}
bool CAccessControlListManager::InternalCanObjectUseRight ( const char* szObjectName,
                                                    CAccessControlListGroupObject::EObjectType eObjectType,
                                                    const char* szRightName,
                                                    CAccessControlListRight::ERightType eRightType,
                                                    bool bDefaultAccessRight )
{
    // This is set to true if we were explicitly denied access by an ACL
    bool bDenied = false;

    // Look through the groups
    list < CAccessControlListGroup* > ::iterator group = m_Groups.begin ();
    for ( ; group != m_Groups.end (); group++ )
    {
        // Look for a group that has our user/resource in it
        if ( (*group)->FindObjectMatch ( szObjectName, eObjectType ) )
        {
            // Look through its access lists for our 'right' name
            list < CAccessControlList* > ::iterator acl = (*group)->IterBeginACL ();
            for ( ; acl != (*group)->IterEndACL (); acl++ )
            {
                // Grab the right with this name
                CAccessControlListRight* pRight = (*acl)->GetRight ( szRightName, eRightType );
                if ( pRight )
                {
                    // If he has access, return that he can use this object. Otherwize keep looking
                    // for an ACL that gives him permission to do so.
                    if ( pRight->GetRightAccess () )
                    {
                        return true;
                    }
                    else
                    {
                        bDenied = true;
                    }
                }
            }
        }
    }

    // An ACL denied us access and no ACL gave us access. No access given.
    if ( bDenied )
        return false;

    // Otherwize if nothing specified, return the default right
    return bDefaultAccessRight;
}
Esempio n. 6
0
int CLuaACLDefs::aclSetRight ( lua_State* luaVM )
{
//  bool aclSetRight ( acl theAcl, string rightName, bool hasAccess )
    CAccessControlList* pACL; SString strRight; bool bAccess;
    
    CScriptArgReader argStream ( luaVM );
    argStream.ReadUserData ( pACL );
    argStream.ReadString ( strRight );
    argStream.ReadBool ( bAccess );
    
    if ( !argStream.HasErrors () )
    {
        // Grab the type from the name passed
        const char* szRightAftedDot = strRight;
        CAccessControlListRight::ERightType eType;
        if ( StringBeginsWith ( strRight, "command." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
            szRightAftedDot += 8;
        }
        else if ( StringBeginsWith ( strRight, "function." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
            szRightAftedDot += 9;
        }
        else if ( StringBeginsWith ( strRight, "resource." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
            szRightAftedDot += 9;
        }
        else if ( StringBeginsWith ( strRight, "general." ) )
        {
            eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
            szRightAftedDot += 8;
        }
        else
        {
            lua_pushboolean ( luaVM, false );
            return 1;
        }
        // Grab the right from the name and type
        CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
        if ( pACLRight )
        {
            // Set the new access right
            if ( pACLRight->GetRightAccess () != bAccess )
                CLogger::LogPrintf ( "ACL: %s: Right '%s' changed to %s in ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
            pACLRight->SetRightAccess ( bAccess );
            lua_pushboolean ( luaVM, true );
            return 1;
        }
        // Try to add it
        pACLRight = pACL->AddRight ( szRightAftedDot, eType, bAccess );
        if ( pACLRight )
        {
            // LOGLEVEL_LOW to stop spam from admin resource at new server startup
            CLogger::LogPrintf ( LOGLEVEL_LOW, "ACL: %s: Right '%s' %s added in ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
            lua_pushboolean ( luaVM, true );
            return 1;
        }
    }
    else
        m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );

    lua_pushboolean ( luaVM, false );
    return 1;
}
Esempio n. 7
0
int CLuaACLDefs::aclSetRight ( lua_State* luaVM )
{
    // Verify the argument types
    if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
         lua_type ( luaVM, 2 ) == LUA_TSTRING &&
         lua_type ( luaVM, 3 ) == LUA_TBOOLEAN )
    {
        // Grab the arguments
        CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
        char* szRight = (char*) lua_tostring ( luaVM, 2 );
        bool bAccess = lua_toboolean ( luaVM, 3 ) ?true:false;

        // Verify the ACL pointer
        if ( pACL )
        {
            // Grab the type from the name passed
            char* szRightAftedDot = szRight;
            CAccessControlListRight::ERightType eType;
            if ( StringBeginsWith ( szRight, "command." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
                szRightAftedDot += 8;
            }
            else if ( StringBeginsWith ( szRight, "function." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
                szRightAftedDot += 9;
            }
            else if ( StringBeginsWith ( szRight, "resource." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
                szRightAftedDot += 9;
            }
            else if ( StringBeginsWith ( szRight, "general." ) )
            {
                eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
                szRightAftedDot += 8;
            }
            else
            {
                lua_pushboolean ( luaVM, false );
                return 1;
            }

            // Grab the right from the name and type
            CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
            if ( pACLRight )
            {
                // Set the new access right
                if ( pACLRight->GetRightAccess () != bAccess )
                    CLogger::LogPrintf ( "ACL: %s: Right '%s' changed to %s in ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
                pACLRight->SetRightAccess ( bAccess );
                lua_pushboolean ( luaVM, true );
                return 1;
            }

            // Try to add it
            pACLRight = pACL->AddRight ( szRightAftedDot, eType, bAccess );
            if ( pACLRight )
            {
                // Return success
                CLogger::LogPrintf ( "ACL: %s: Right '%s' %s added in ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
                lua_pushboolean ( luaVM, true );
                return 1;
            }
        }
    }
    else
        m_pScriptDebugging->LogBadType ( luaVM, "aclSetRight" );

    lua_pushboolean ( luaVM, false );
    return 1;
}