const char *
crm_acl_get_set_user(xmlNode * request, const char *field, const char *peer_user)
{
/* field is only checked for backwards compatibility */
static const char *effective_user = NULL;
const char *requested_user = NULL;
const char *user = NULL;
if(effective_user == NULL) {
effective_user = uid2username(geteuid());
}
requested_user = crm_element_value(request, XML_ACL_TAG_USER);
if(requested_user == NULL) {
requested_user = crm_element_value(request, field);
}
if (is_privileged(effective_user) == FALSE) {
/* We're not running as a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */
user = effective_user;
} else if(peer_user == NULL && requested_user == NULL) {
/* No user known or requested, use 'effective_user' and make sure one is set for the request */
user = effective_user;
} else if(peer_user == NULL) {
/* No user known, trusting 'requested_user' */
user = requested_user;
} else if (is_privileged(peer_user) == FALSE) {
/* The peer is not a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */
user = peer_user;
} else if (requested_user == NULL) {
/* Even if we're privileged, make sure there is always a value set */
user = peer_user;
} else {
/* Legal delegation to 'requested_user' */
user = requested_user;
}
// This requires pointer comparison, not string comparison
if(user != crm_element_value(request, XML_ACL_TAG_USER)) {
crm_xml_add(request, XML_ACL_TAG_USER, user);
}
if(field != NULL && user != crm_element_value(request, field)) {
crm_xml_add(request, field, user);
}
return requested_user;
}
/**
* Execute a tokenized command and display its output.
*
* @param conn The connection to lldpd.
* @param fmt Output format.
* @param argc Number of arguments.
* @param argv Array of arguments.
* @return 0 if an error occurred, 1 otherwise
*/
static int
cmd_exec(lldpctl_conn_t *conn, const char *fmt, int argc, const char **argv)
{
/* Init output formatter */
struct writer *w;
if (strcmp(fmt, "plain") == 0) w = txt_init(stdout);
else if (strcmp(fmt, "keyvalue") == 0) w = kv_init(stdout);
#ifdef USE_XML
else if (strcmp(fmt, "xml") == 0) w = xml_init(stdout);
#endif
#ifdef USE_JANSSON
else if (strcmp(fmt, "json") == 0) w = jansson_init(stdout);
#endif
#ifdef USE_JSONC
else if (strcmp(fmt, "json") == 0) w = jsonc_init(stdout);
#endif
else w = txt_init(stdout);
/* Execute command */
int rc = commands_execute(conn, w,
root, argc, argv, is_privileged());
if (rc != 0) {
log_info("lldpctl", "an error occurred while executing last command");
w->finish(w);
return 0;
}
w->finish(w);
return 1;
}
static struct cmd_node*
register_commands()
{
root = commands_root();
register_commands_show(root);
register_commands_watch(root);
if (is_privileged()) {
commands_new(
commands_new(root, "update", "Update information and send LLDPU on all ports",
NULL, NULL, NULL),
NEWLINE, "Update information and send LLDPU on all ports",
NULL, cmd_update, NULL);
register_commands_configure(root);
}
commands_new(root, "help", "Get help on a possible command",
NULL, cmd_store_env_and_pop, "help");
commands_new(
commands_new(root, "pause", "Pause lldpd operations", NULL, NULL, NULL),
NEWLINE, "Pause lldpd operations", NULL, cmd_pause, NULL);
commands_new(
commands_new(root, "resume", "Resume lldpd operations", NULL, NULL, NULL),
NEWLINE, "Resume lldpd operations", NULL, cmd_resume, NULL);
commands_new(
commands_new(root, "exit", "Exit interpreter", NULL, NULL, NULL),
NEWLINE, "Exit interpreter", NULL, cmd_exit, NULL);
return root;
}
static char*
prompt()
{
#define CESC "\033"
int privileged = is_privileged();
if (isatty(STDIN_FILENO)) {
if (privileged)
return "[lldpcli] # ";
return "[lldpcli] $ ";
}
return "";
}
static int
_cmd_complete(int all)
{
char **argv = NULL;
int argc = 0;
int rc = 1;
size_t len = strlen(rl_line_buffer);
char *line = malloc(len + 2);
if (!line) return -1;
strlcpy(line, rl_line_buffer, len + 2);
line[rl_point] = 2; /* empty character, will force a word */
line[rl_point+1] = 0;
if (tokenize_line(line, &argc, &argv) != 0)
goto end;
char *compl = commands_complete(root, argc, (const char **)argv, all, is_privileged());
if (compl && strlen(argv[argc-1]) < strlen(compl)) {
if (rl_insert_text(compl + strlen(argv[argc-1])) < 0) {
free(compl);
goto end;
}
free(compl);
rc = 0;
goto end;
}
/* No completion or several completion available. */
free(compl);
fprintf(stderr, "\n");
rl_forced_update_display();
rc = 0;
end:
free(line);
tokenize_free(argc, argv);
return rc;
}
void test_action::test_cf_action() {
eosio::action act = eosio::get_action( 0, 0 );
cf_action cfa = act.data_as<cf_action>();
if ( cfa.payload == 100 ) {
// verify read of get_context_free_data, also verifies system api access
int size = get_context_free_data( cfa.cfd_idx, nullptr, 0 );
eosio_assert( size > 0, "size determination failed" );
eosio::bytes cfd( static_cast<size_t>(size) );
size = get_context_free_data( cfa.cfd_idx, &cfd[0], static_cast<size_t>(size) );
eosio_assert(static_cast<size_t>(size) == cfd.size(), "get_context_free_data failed" );
uint32_t v = eosio::unpack<uint32_t>( &cfd[0], cfd.size() );
eosio_assert( v == cfa.payload, "invalid value" );
// verify crypto api access
checksum256 hash;
char test[] = "test";
sha256( test, sizeof(test), &hash );
assert_sha256( test, sizeof(test), &hash );
// verify action api access
action_data_size();
// verify console api access
eosio::print("test\n");
// verify memory api access
uint32_t i = 42;
memccpy(&v, &i, sizeof(i), sizeof(i));
// verify transaction api access
eosio_assert(transaction_size() > 0, "transaction_size failed");
// verify softfloat api access
float f1 = 1.0f, f2 = 2.0f;
float f3 = f1 + f2;
eosio_assert( f3 > 2.0f, "Unable to add float.");
// verify compiler builtin api access
__int128 ret;
__divti3(ret, 2, 2, 2, 2);
// verify context_free_system_api
eosio_assert( true, "verify eosio_assert can be called" );
} else if ( cfa.payload == 200 ) {
// attempt to access non context free api, privileged_api
is_privileged(act.name);
eosio_assert( false, "privileged_api should not be allowed" );
} else if ( cfa.payload == 201 ) {
// attempt to access non context free api, producer_api
get_active_producers( nullptr, 0 );
eosio_assert( false, "producer_api should not be allowed" );
} else if ( cfa.payload == 202 ) {
// attempt to access non context free api, db_api
db_store_i64( N(testapi), N(testapi), N(testapi), 0, "test", 4 );
eosio_assert( false, "db_api should not be allowed" );
} else if ( cfa.payload == 203 ) {
// attempt to access non context free api, db_api
uint64_t i = 0;
db_idx64_store( N(testapi), N(testapi), N(testapi), 0, &i );
eosio_assert( false, "db_api should not be allowed" );
} else if ( cfa.payload == 204 ) {
db_find_i64( N(testapi), N(testapi), N(testapi), 1);
eosio_assert( false, "db_api should not be allowed" );
} else if ( cfa.payload == 205 ) {
// attempt to access non context free api, send action
eosio::action dum_act;
dum_act.send();
eosio_assert( false, "action send should not be allowed" );
} else if ( cfa.payload == 206 ) {
eosio::require_auth(N(test));
eosio_assert( false, "authorization_api should not be allowed" );
} else if ( cfa.payload == 207 ) {
now();
eosio_assert( false, "system_api should not be allowed" );
} else if ( cfa.payload == 208 ) {
current_time();
eosio_assert( false, "system_api should not be allowed" );
} else if ( cfa.payload == 209 ) {
publication_time();
eosio_assert( false, "system_api should not be allowed" );
} else if ( cfa.payload == 210 ) {
send_inline( "hello", 6 );
eosio_assert( false, "transaction_api should not be allowed" );
} else if ( cfa.payload == 211 ) {
send_deferred( N(testapi), N(testapi), "hello", 6 );
eosio_assert( false, "transaction_api should not be allowed" );
}
}
