int
acl_allow_command(struct cmd *cmd, struct conf *cfg, struct http_client *client) {
char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD", "SELECT"};
unsigned int i;
int authorized = 1;
struct acl *a;
in_addr_t client_addr;
const char *cmd_name;
size_t cmd_len;
if(cmd->count == 0) {
return 0;
}
cmd_name = cmd->argv[0];
cmd_len = cmd->argv_len[0];
/* some commands are always disabled, regardless of the config file. */
for(i = 0; i < sizeof(always_off) / sizeof(always_off[0]); ++i) {
if(strncasecmp(always_off[i], cmd_name, cmd_len) == 0) {
return 0;
}
}
/* find client's address */
client_addr = ntohl(client->addr);
/* go through permissions */
for(a = cfg->perms; a; a = a->next) {
if(!acl_match_client(a, client, &client_addr)) continue; /* match client */
/* go through authorized commands */
for(i = 0; i < a->enabled.count; ++i) {
if(strncasecmp(a->enabled.commands[i], cmd_name, cmd_len) == 0) {
authorized = 1;
}
if(strncasecmp(a->enabled.commands[i], "*", 1) == 0) {
authorized = 1;
}
}
/* go through unauthorized commands */
for(i = 0; i < a->disabled.count; ++i) {
if(strncasecmp(a->disabled.commands[i], cmd_name, cmd_len) == 0) {
authorized = 0;
}
if(strncasecmp(a->disabled.commands[i], "*", 1) == 0) {
authorized = 0;
}
}
}
return authorized;
}
/**
* Returns:
* -2 if command is not allowed
* -1 if command is allowed, but not defined database ID (will use default id)
* 0 or greater if command is allowed. Return value is database id
*/
int
acl_allow_command(struct cmd *cmd, struct conf *cfg, struct evhttp_request *rq) {
char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD"};
unsigned int i;
int authorized = -1;
struct acl *a;
char *client_ip;
u_short client_port;
in_addr_t client_addr;
const char *cmd_name = cmd->argv[0];
size_t cmd_len = cmd->argv_len[0];
/* some commands are always disabled, regardless of the config file. */
for(i = 0; i < sizeof(always_off) / sizeof(always_off[0]); ++i) {
if(strncasecmp(always_off[i], cmd_name, cmd_len) == 0) {
return -2;
}
}
/* find client's address */
evhttp_connection_get_peer(rq->evcon, &client_ip, &client_port);
client_addr = ntohl(inet_addr(client_ip));
/* go through permissions */
for(a = cfg->perms; a; a = a->next) {
if(!acl_match_client(a, rq, &client_addr)) continue; /* match client */
/* go through authorized commands */
for(i = 0; i < a->enabled.count; ++i) {
if(strncasecmp(a->enabled.commands[i], cmd_name, cmd_len) == 0) {
authorized = 1;
}
if(strncasecmp(a->enabled.commands[i], "*", 1) == 0) {
authorized = 1;
}
}
/* go through unauthorized commands */
for(i = 0; i < a->disabled.count; ++i) {
if(strncasecmp(a->disabled.commands[i], cmd_name, cmd_len) == 0) {
authorized = -2;
}
if(strncasecmp(a->disabled.commands[i], "*", 1) == 0) {
authorized = -2;
}
}
if(authorized != -2 && a->database != -1)
authorized = a->database;
}
return authorized;
}
