S32 LLInventoryItem::packBinaryBucket(U8* bin_bucket, LLPermissions* perm_override) const { // Figure out which permissions to use. LLPermissions perm; if (perm_override) { // Use the permissions override. perm = *perm_override; } else { // Use the current permissions. perm = getPermissions(); } // describe the inventory item char* buffer = (char*) bin_bucket; std::string creator_id_str; perm.getCreator().toString(creator_id_str); std::string owner_id_str; perm.getOwner().toString(owner_id_str); std::string last_owner_id_str; perm.getLastOwner().toString(last_owner_id_str); std::string group_id_str; perm.getGroup().toString(group_id_str); std::string asset_id_str; getAssetUUID().toString(asset_id_str); S32 size = sprintf(buffer, /* Flawfinder: ignore */ "%d|%d|%s|%s|%s|%s|%s|%x|%x|%x|%x|%x|%s|%s|%d|%d|%x", getType(), getInventoryType(), getName().c_str(), creator_id_str.c_str(), owner_id_str.c_str(), last_owner_id_str.c_str(), group_id_str.c_str(), perm.getMaskBase(), perm.getMaskOwner(), perm.getMaskGroup(), perm.getMaskEveryone(), perm.getMaskNextOwner(), asset_id_str.c_str(), getDescription().c_str(), getSaleInfo().getSaleType(), getSaleInfo().getSalePrice(), getFlags()) + 1; return size; }
int WsUser::writeFile(const std::string path, const std::string& text){ int ret = getPermissions(path); if(ret == ErrorCode::NotFound) return ret; if(ret != GlobalConfig::ReadWrite) return ErrorCode::NoAccess; ofstream myfile; std::string p = getRootPath() + "/"+path; myfile.open (p.c_str()); if(myfile.is_open()){ myfile << text; myfile.close(); return ErrorCode::Success; } return ErrorCode::Failure; }
void getInfo() { struct passwd *pw; struct group *gr; struct stat st; struct hostent *ht; struct utsname un; char *user; char permissions[9]; char hostname[1024]; user = getenv("USER"); char lastChar = user[strlen(user) - 1]; pw = getpwnam(user); gr = getgrgid(pw->pw_gid); uname(&un); stat(pw->pw_dir, &st); gethostname(hostname, 1024); getPermissions(permissions, st.st_mode); printf("\nAbout Me\n"); printf("========\n\n"); printf("Unix User : %s (%d)\n", pw->pw_name, pw->pw_uid); printf("Name : %s\n", pw->pw_gecos); printf("Unix Group : %s (%d)\n", gr->gr_name, gr->gr_gid); printf("Unix Home : %s\n", pw->pw_dir); printf("Home Permission : %s\n", permissions); printf("Login Shell : %s\n", pw->pw_shell); findAge(); printf("\nOther users that end with '%c':\n ", lastChar); printOthers(lastChar, gr->gr_mem); printf("\nAbout My Machine\n"); printf("================\n\n"); printf("host : %s\n", hostname); printf("System : %s %s\n", un.sysname, un.release); }
string WebUser::getPermissionsStr() const noexcept { return Util::toString(",", getPermissions()); }
/** * * Make sure that we are allowed to do what we do by checking the permissions and the selective sync list * */ void SyncEngine::checkForPermission() { auto selectiveSyncBlackList = _journal->getSelectiveSyncList(SyncJournalDb::SelectiveSyncBlackList); std::sort(selectiveSyncBlackList.begin(), selectiveSyncBlackList.end()); for (SyncFileItemVector::iterator it = _syncedItems.begin(); it != _syncedItems.end(); ++it) { if ((*it)->_direction != SyncFileItem::Up) { // Currently we only check server-side permissions continue; } // Do not propagate anything in the server if it is in the selective sync blacklist const QString path = (*it)->destination() + QLatin1Char('/'); if (std::binary_search(selectiveSyncBlackList.constBegin(), selectiveSyncBlackList.constEnd(), path)) { (*it)->_instruction = CSYNC_INSTRUCTION_IGNORE; (*it)->_status = SyncFileItem::FileIgnored; (*it)->_errorString = tr("Ignored because of the \"choose what to sync\" blacklist"); if ((*it)->_isDirectory) { for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) { it = it_next; (*it)->_instruction = CSYNC_INSTRUCTION_IGNORE; (*it)->_status = SyncFileItem::FileIgnored; (*it)->_errorString = tr("Ignored because of the \"choose what to sync\" blacklist"); } } continue; } switch((*it)->_instruction) { case CSYNC_INSTRUCTION_NEW: { int slashPos = (*it)->_file.lastIndexOf('/'); QString parentDir = slashPos <= 0 ? "" : (*it)->_file.mid(0, slashPos); const QByteArray perms = getPermissions(parentDir); if (perms.isNull()) { // No permissions set break; } else if ((*it)->_isDirectory && !perms.contains("K")) { qDebug() << "checkForPermission: ERROR" << (*it)->_file; (*it)->_instruction = CSYNC_INSTRUCTION_ERROR; (*it)->_status = SyncFileItem::NormalError; (*it)->_errorString = tr("Not allowed because you don't have permission to add subfolders to that folder"); for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) { it = it_next; (*it)->_instruction = CSYNC_INSTRUCTION_ERROR; (*it)->_status = SyncFileItem::NormalError; (*it)->_errorString = tr("Not allowed because you don't have permission to add parent folder"); } } else if (!(*it)->_isDirectory && !perms.contains("C")) { qDebug() << "checkForPermission: ERROR" << (*it)->_file; (*it)->_instruction = CSYNC_INSTRUCTION_ERROR; (*it)->_status = SyncFileItem::NormalError; (*it)->_errorString = tr("Not allowed because you don't have permission to add files in that folder"); } break; } case CSYNC_INSTRUCTION_SYNC: { const QByteArray perms = getPermissions((*it)->_file); if (perms.isNull()) { // No permissions set break; } if (!(*it)->_isDirectory && !perms.contains("W")) { qDebug() << "checkForPermission: RESTORING" << (*it)->_file; (*it)->_should_update_metadata = true; (*it)->_instruction = CSYNC_INSTRUCTION_CONFLICT; (*it)->_direction = SyncFileItem::Down; (*it)->_isRestoration = true; // take the things to write to the db from the "other" node (i.e: info from server) (*it)->_modtime = (*it)->log._other_modtime; (*it)->_size = (*it)->log._other_size; (*it)->_fileId = (*it)->log._other_fileId; (*it)->_etag = (*it)->log._other_etag; (*it)->_errorString = tr("Not allowed to upload this file because it is read-only on the server, restoring"); continue; } break; } case CSYNC_INSTRUCTION_REMOVE: { const QByteArray perms = getPermissions((*it)->_file); if (perms.isNull()) { // No permissions set break; } if (!perms.contains("D")) { qDebug() << "checkForPermission: RESTORING" << (*it)->_file; (*it)->_should_update_metadata = true; (*it)->_instruction = CSYNC_INSTRUCTION_NEW; (*it)->_direction = SyncFileItem::Down; (*it)->_isRestoration = true; (*it)->_errorString = tr("Not allowed to remove, restoring"); if ((*it)->_isDirectory) { // restore all sub items for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) { it = it_next; if ((*it)->_instruction != CSYNC_INSTRUCTION_REMOVE) { qWarning() << "non-removed job within a removed folder" << (*it)->_file << (*it)->_instruction; continue; } qDebug() << "checkForPermission: RESTORING" << (*it)->_file; (*it)->_should_update_metadata = true; (*it)->_instruction = CSYNC_INSTRUCTION_NEW; (*it)->_direction = SyncFileItem::Down; (*it)->_isRestoration = true; (*it)->_errorString = tr("Not allowed to remove, restoring"); } } } else if(perms.contains("S") && perms.contains("D")) { // this is a top level shared dir which can be removed to unshare it, // regardless if it is a read only share or not. // To avoid that we try to restore files underneath this dir which have // not delete permission we fast forward the iterator and leave the // delete jobs intact. It is not physically tried to remove this files // underneath, propagator sees that. if( (*it)->_isDirectory ) { // put a more descriptive message if a top level share dir really is removed. if( it == _syncedItems.begin() || !(path.startsWith((*(it-1))->_file)) ) { (*it)->_errorString = tr("Local files and share folder removed."); } for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->_file.startsWith(path); ++it_next) { it = it_next; } } } break; } case CSYNC_INSTRUCTION_RENAME: { int slashPos = (*it)->_renameTarget.lastIndexOf('/'); const QString parentDir = slashPos <= 0 ? "" : (*it)->_renameTarget.mid(0, slashPos); const QByteArray destPerms = getPermissions(parentDir); const QByteArray filePerms = getPermissions((*it)->_file); //true when it is just a rename in the same directory. (not a move) bool isRename = (*it)->_file.startsWith(parentDir) && (*it)->_file.lastIndexOf('/') == slashPos; // Check if we are allowed to move to the destination. bool destinationOK = true; if (isRename || destPerms.isNull()) { // no need to check for the destination dir permission destinationOK = true; } else if ((*it)->_isDirectory && !destPerms.contains("K")) { destinationOK = false; } else if (!(*it)->_isDirectory && !destPerms.contains("C")) { destinationOK = false; } // check if we are allowed to move from the source bool sourceOK = true; if (!filePerms.isNull() && ((isRename && !filePerms.contains("N")) || (!isRename && !filePerms.contains("V")))) { // We are not allowed to move or rename this file sourceOK = false; if (filePerms.contains("D") && destinationOK) { // but we are allowed to delete it // TODO! simulate delete & upload } } #if 0 /* We don't like the idea of renaming behind user's back, as the user may be working with the files */ if (!sourceOK && !destinationOK) { // Both the source and the destination won't allow move. Move back to the original std::swap((*it)->_file, (*it)->_renameTarget); (*it)->_direction = SyncFileItem::Down; (*it)->_errorString = tr("Move not allowed, item restored"); (*it)->_isRestoration = true; qDebug() << "checkForPermission: MOVING BACK" << (*it)->_file; } else #endif if (!sourceOK || !destinationOK) { // One of them is not possible, just throw an error (*it)->_instruction = CSYNC_INSTRUCTION_ERROR; (*it)->_status = SyncFileItem::NormalError; const QString errorString = tr("Move not allowed because %1 is read-only").arg( sourceOK ? tr("the destination") : tr("the source")); (*it)->_errorString = errorString; qDebug() << "checkForPermission: ERROR MOVING" << (*it)->_file << errorString; // Avoid a rename on next sync: // TODO: do the resolution now already so we don't need two sync // At this point we would need to go back to the propagate phase on both remote to take // the decision. _journal->avoidRenamesOnNextSync((*it)->_file); _anotherSyncNeeded = true; if ((*it)->_isDirectory) { for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && (*it_next)->destination().startsWith(path); ++it_next) { it = it_next; (*it)->_instruction = CSYNC_INSTRUCTION_ERROR; (*it)->_status = SyncFileItem::NormalError; (*it)->_errorString = errorString; qDebug() << "checkForPermission: ERROR MOVING" << (*it)->_file; } } } break; } default: break; } } }
void SyncEngine::checkForPermission() { for (SyncFileItemVector::iterator it = _syncedItems.begin(); it != _syncedItems.end(); ++it) { if (it->_direction != SyncFileItem::Up) { // Currently we only check server-side permissions continue; } switch(it->_instruction) { case CSYNC_INSTRUCTION_NEW: { int slashPos = it->_file.lastIndexOf('/'); QString parentDir = slashPos <= 0 ? "" : it->_file.mid(0, slashPos); const QByteArray perms = getPermissions(parentDir); if (perms.isNull()) { // No permissions set break; } else if (it->_isDirectory && !perms.contains("K")) { qDebug() << "checkForPermission: ERROR" << it->_file; it->_instruction = CSYNC_INSTRUCTION_ERROR; it->_status = SyncFileItem::NormalError; it->_errorString = tr("Not allowed because you don't have permission to add sub-directories in that directory"); const QString path = it->_file + QLatin1Char('/'); for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && it_next->_file.startsWith(path); ++it_next) { it = it_next; it->_instruction = CSYNC_INSTRUCTION_ERROR; it->_status = SyncFileItem::NormalError; it->_errorString = tr("Not allowed because you don't have permission to add parent directory"); } } else if (!it->_isDirectory && !perms.contains("C")) { qDebug() << "checkForPermission: ERROR" << it->_file; it->_instruction = CSYNC_INSTRUCTION_ERROR; it->_status = SyncFileItem::NormalError; it->_errorString = tr("Not allowed because you don't have permission to add files in that directory"); } break; } case CSYNC_INSTRUCTION_SYNC: { const QByteArray perms = getPermissions(it->_file); if (perms.isNull()) { // No permissions set break; } if (!it->_isDirectory && !perms.contains("W")) { qDebug() << "checkForPermission: RESTORING" << it->_file; it->_instruction = CSYNC_INSTRUCTION_CONFLICT; it->_direction = SyncFileItem::Down; it->_isRestoration = true; // take the things to write to the db from the "other" node (i.e: info from server) it->_modtime = it->log._other_modtime; it->_fileId = it->log._other_fileId; it->_etag = it->log._other_etag; it->_errorString = tr("Not allowed to upload this file because it is read-only on the server, restoring"); continue; } break; } case CSYNC_INSTRUCTION_REMOVE: { const QByteArray perms = getPermissions(it->_file); if (perms.isNull()) { // No permissions set break; } if (!perms.contains("D")) { qDebug() << "checkForPermission: RESTORING" << it->_file; it->_instruction = CSYNC_INSTRUCTION_NEW; it->_direction = SyncFileItem::Down; it->_isRestoration = true; it->_errorString = tr("Not allowed to remove, restoring"); if (it->_isDirectory) { // restore all sub items const QString path = it->_file + QLatin1Char('/'); for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && it_next->_file.startsWith(path); ++it_next) { it = it_next; if (it->_instruction != CSYNC_INSTRUCTION_REMOVE) { qWarning() << "non-removed job within a removed directory" << it->_file << it->_instruction; continue; } qDebug() << "checkForPermission: RESTORING" << it->_file; it->_instruction = CSYNC_INSTRUCTION_NEW; it->_direction = SyncFileItem::Down; it->_isRestoration = true; it->_errorString = tr("Not allowed to remove, restoring"); } } } break; } case CSYNC_INSTRUCTION_RENAME: { int slashPos = it->_renameTarget.lastIndexOf('/'); const QString parentDir = slashPos <= 0 ? "" : it->_renameTarget.mid(0, slashPos-1); const QByteArray destPerms = getPermissions(parentDir); const QByteArray filePerms = getPermissions(it->_file); //true when it is just a rename in the same directory. (not a move) bool isRename = it->_file.startsWith(parentDir) && it->_file.lastIndexOf('/') == slashPos; // Check if we are allowed to move to the destination. bool destinationOK = true; if (isRename || destPerms.isNull()) { // no need to check for the destination dir permission destinationOK = true; } else if (it->_isDirectory && !destPerms.contains("K")) { destinationOK = false; } else if (!it->_isDirectory && !destPerms.contains("C")) { destinationOK = false; } // check if we are allowed to move from the source bool sourceOK = true; if (!filePerms.isNull() && ((isRename && !filePerms.contains("N")) || (!isRename && !filePerms.contains("M")))) { // We are not allowed to move or rename this file sourceOK = false; if (filePerms.contains("D") && destinationOK) { // but we are allowed to delete it // TODO! simulate delete & upload } } if (!sourceOK && !destinationOK) { // Both the source and the destination won't allow move. Move back to the original std::swap(it->_file, it->_renameTarget); it->_direction = SyncFileItem::Down; it->_errorString = tr("Move not allowed, item restored"); it->_isRestoration = true; qDebug() << "checkForPermission: MOVING BACK" << it->_file; } else if (!sourceOK || !destinationOK) { // One of them is not possible, just throw an error it->_instruction = CSYNC_INSTRUCTION_ERROR; it->_status = SyncFileItem::NormalError; const QString errorString = tr("Move not allowed because %1 is read-only").arg( sourceOK ? tr("the destination") : tr("the source")); it->_errorString = errorString; qDebug() << "checkForPermission: ERROR MOVING" << it->_file << errorString; if (it->_isDirectory) { const QString path = it->_file + QLatin1Char('/'); for (SyncFileItemVector::iterator it_next = it + 1; it_next != _syncedItems.end() && it_next->_file.startsWith(path); ++it_next) { it = it_next; it->_instruction = CSYNC_INSTRUCTION_ERROR; it->_status = SyncFileItem::NormalError; it->_errorString = errorString; qDebug() << "checkForPermission: ERROR MOVING" << it->_file; } } } break; } default: break; } } }
bool AGStreet::allows(const SUMOVehicleClass vclass) const { return (getPermissions() & vclass) == vclass; }