const char * crm_acl_get_set_user(xmlNode * request, const char *field, const char *peer_user) { /* field is only checked for backwards compatibility */ static const char *effective_user = NULL; const char *requested_user = NULL; const char *user = NULL; if(effective_user == NULL) { effective_user = uid2username(geteuid()); } requested_user = crm_element_value(request, XML_ACL_TAG_USER); if(requested_user == NULL) { requested_user = crm_element_value(request, field); } if (is_privileged(effective_user) == FALSE) { /* We're not running as a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */ user = effective_user; } else if(peer_user == NULL && requested_user == NULL) { /* No user known or requested, use 'effective_user' and make sure one is set for the request */ user = effective_user; } else if(peer_user == NULL) { /* No user known, trusting 'requested_user' */ user = requested_user; } else if (is_privileged(peer_user) == FALSE) { /* The peer is not a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */ user = peer_user; } else if (requested_user == NULL) { /* Even if we're privileged, make sure there is always a value set */ user = peer_user; } else { /* Legal delegation to 'requested_user' */ user = requested_user; } // This requires pointer comparison, not string comparison if(user != crm_element_value(request, XML_ACL_TAG_USER)) { crm_xml_add(request, XML_ACL_TAG_USER, user); } if(field != NULL && user != crm_element_value(request, field)) { crm_xml_add(request, field, user); } return requested_user; }
/** * Execute a tokenized command and display its output. * * @param conn The connection to lldpd. * @param fmt Output format. * @param argc Number of arguments. * @param argv Array of arguments. * @return 0 if an error occurred, 1 otherwise */ static int cmd_exec(lldpctl_conn_t *conn, const char *fmt, int argc, const char **argv) { /* Init output formatter */ struct writer *w; if (strcmp(fmt, "plain") == 0) w = txt_init(stdout); else if (strcmp(fmt, "keyvalue") == 0) w = kv_init(stdout); #ifdef USE_XML else if (strcmp(fmt, "xml") == 0) w = xml_init(stdout); #endif #ifdef USE_JANSSON else if (strcmp(fmt, "json") == 0) w = jansson_init(stdout); #endif #ifdef USE_JSONC else if (strcmp(fmt, "json") == 0) w = jsonc_init(stdout); #endif else w = txt_init(stdout); /* Execute command */ int rc = commands_execute(conn, w, root, argc, argv, is_privileged()); if (rc != 0) { log_info("lldpctl", "an error occurred while executing last command"); w->finish(w); return 0; } w->finish(w); return 1; }
static struct cmd_node* register_commands() { root = commands_root(); register_commands_show(root); register_commands_watch(root); if (is_privileged()) { commands_new( commands_new(root, "update", "Update information and send LLDPU on all ports", NULL, NULL, NULL), NEWLINE, "Update information and send LLDPU on all ports", NULL, cmd_update, NULL); register_commands_configure(root); } commands_new(root, "help", "Get help on a possible command", NULL, cmd_store_env_and_pop, "help"); commands_new( commands_new(root, "pause", "Pause lldpd operations", NULL, NULL, NULL), NEWLINE, "Pause lldpd operations", NULL, cmd_pause, NULL); commands_new( commands_new(root, "resume", "Resume lldpd operations", NULL, NULL, NULL), NEWLINE, "Resume lldpd operations", NULL, cmd_resume, NULL); commands_new( commands_new(root, "exit", "Exit interpreter", NULL, NULL, NULL), NEWLINE, "Exit interpreter", NULL, cmd_exit, NULL); return root; }
static char* prompt() { #define CESC "\033" int privileged = is_privileged(); if (isatty(STDIN_FILENO)) { if (privileged) return "[lldpcli] # "; return "[lldpcli] $ "; } return ""; }
static int _cmd_complete(int all) { char **argv = NULL; int argc = 0; int rc = 1; size_t len = strlen(rl_line_buffer); char *line = malloc(len + 2); if (!line) return -1; strlcpy(line, rl_line_buffer, len + 2); line[rl_point] = 2; /* empty character, will force a word */ line[rl_point+1] = 0; if (tokenize_line(line, &argc, &argv) != 0) goto end; char *compl = commands_complete(root, argc, (const char **)argv, all, is_privileged()); if (compl && strlen(argv[argc-1]) < strlen(compl)) { if (rl_insert_text(compl + strlen(argv[argc-1])) < 0) { free(compl); goto end; } free(compl); rc = 0; goto end; } /* No completion or several completion available. */ free(compl); fprintf(stderr, "\n"); rl_forced_update_display(); rc = 0; end: free(line); tokenize_free(argc, argv); return rc; }
void test_action::test_cf_action() { eosio::action act = eosio::get_action( 0, 0 ); cf_action cfa = act.data_as<cf_action>(); if ( cfa.payload == 100 ) { // verify read of get_context_free_data, also verifies system api access int size = get_context_free_data( cfa.cfd_idx, nullptr, 0 ); eosio_assert( size > 0, "size determination failed" ); eosio::bytes cfd( static_cast<size_t>(size) ); size = get_context_free_data( cfa.cfd_idx, &cfd[0], static_cast<size_t>(size) ); eosio_assert(static_cast<size_t>(size) == cfd.size(), "get_context_free_data failed" ); uint32_t v = eosio::unpack<uint32_t>( &cfd[0], cfd.size() ); eosio_assert( v == cfa.payload, "invalid value" ); // verify crypto api access checksum256 hash; char test[] = "test"; sha256( test, sizeof(test), &hash ); assert_sha256( test, sizeof(test), &hash ); // verify action api access action_data_size(); // verify console api access eosio::print("test\n"); // verify memory api access uint32_t i = 42; memccpy(&v, &i, sizeof(i), sizeof(i)); // verify transaction api access eosio_assert(transaction_size() > 0, "transaction_size failed"); // verify softfloat api access float f1 = 1.0f, f2 = 2.0f; float f3 = f1 + f2; eosio_assert( f3 > 2.0f, "Unable to add float."); // verify compiler builtin api access __int128 ret; __divti3(ret, 2, 2, 2, 2); // verify context_free_system_api eosio_assert( true, "verify eosio_assert can be called" ); } else if ( cfa.payload == 200 ) { // attempt to access non context free api, privileged_api is_privileged(act.name); eosio_assert( false, "privileged_api should not be allowed" ); } else if ( cfa.payload == 201 ) { // attempt to access non context free api, producer_api get_active_producers( nullptr, 0 ); eosio_assert( false, "producer_api should not be allowed" ); } else if ( cfa.payload == 202 ) { // attempt to access non context free api, db_api db_store_i64( N(testapi), N(testapi), N(testapi), 0, "test", 4 ); eosio_assert( false, "db_api should not be allowed" ); } else if ( cfa.payload == 203 ) { // attempt to access non context free api, db_api uint64_t i = 0; db_idx64_store( N(testapi), N(testapi), N(testapi), 0, &i ); eosio_assert( false, "db_api should not be allowed" ); } else if ( cfa.payload == 204 ) { db_find_i64( N(testapi), N(testapi), N(testapi), 1); eosio_assert( false, "db_api should not be allowed" ); } else if ( cfa.payload == 205 ) { // attempt to access non context free api, send action eosio::action dum_act; dum_act.send(); eosio_assert( false, "action send should not be allowed" ); } else if ( cfa.payload == 206 ) { eosio::require_auth(N(test)); eosio_assert( false, "authorization_api should not be allowed" ); } else if ( cfa.payload == 207 ) { now(); eosio_assert( false, "system_api should not be allowed" ); } else if ( cfa.payload == 208 ) { current_time(); eosio_assert( false, "system_api should not be allowed" ); } else if ( cfa.payload == 209 ) { publication_time(); eosio_assert( false, "system_api should not be allowed" ); } else if ( cfa.payload == 210 ) { send_inline( "hello", 6 ); eosio_assert( false, "transaction_api should not be allowed" ); } else if ( cfa.payload == 211 ) { send_deferred( N(testapi), N(testapi), "hello", 6 ); eosio_assert( false, "transaction_api should not be allowed" ); } }