static dav_error *check_copy(request_rec *r, const dav_resource *resource, davacl_dir_cfg *conf, const dav_hooks_repository *repos) { if (r->main == NULL) { /* source */ const dav_prop_name privs[] = { { NS_DAV, "read" } }; return acl_check_req(r, r->filename, resource, conf, ARRAY(privs), 0); } else { /* destination */ const dav_prop_name privs[] = { { NS_DAV, "write-content" }, /* 0 */ { NS_DAV, "write-properties" }, /* 1 */ { NS_DAV, "write" }, /* 2 */ { NS_DAV, "bind" } }; /* 3 */ if (resource->exists) { dav_error *err = acl_check_req(r, r->filename, resource, conf, privs + 2, 1, 0); if (err == NULL) return NULL; else if (acl_check_req(r, r->filename, resource, conf, privs, 1, 0) == NULL && acl_check_req(r, r->filename, resource, conf, privs + 1, 1, 0) == NULL) return NULL; return err; } else { return parent_check(r, resource, conf, repos, privs + 2, 2); } } }
static dav_error *check_mkcol(request_rec *r, const dav_resource *resource, davacl_dir_cfg *conf, const dav_hooks_repository *repos) { const dav_prop_name privs[] = { { NS_DAV, "write" }, { NS_DAV, "bind" } }; return parent_check(r, resource, conf, repos, ARRAY(privs)); }
static dav_error *check_delete(request_rec *r, const dav_resource *resource, davacl_dir_cfg *conf, const dav_hooks_repository *repos) { const dav_prop_name privs[] = { { NS_DAV, "write" }, { NS_DAV, "unbind" } }; /* this is more liberal than rfc3744, i.e. the write privilege on a * resource will allow delete to happen */ if (acl_check_req(r, r->filename, resource, conf, privs, 1, 0) == NULL) return NULL; return parent_check(r, resource, conf, repos, privs + 1, 1); }
int parent_f(int argc, char **argv) { int c; int listpath_flag = 0; int check_flag = 0; fs_path_t *fs; static int tab_init; if (!tab_init) { tab_init = 1; fs_table_initialise(0, NULL, 0, NULL); } fs = fs_table_lookup(file->name, FS_MOUNT_POINT); if (!fs) { fprintf(stderr, _("file argument, \"%s\", is not in a mounted XFS filesystem\n"), file->name); return 1; } mntpt = fs->fs_dir; verbose_flag = 0; while ((c = getopt(argc, argv, "cpv")) != EOF) { switch (c) { case 'c': check_flag = 1; break; case 'p': listpath_flag = 1; break; case 'v': verbose_flag++; break; default: return command_usage(&parent_cmd); } } if (!check_flag && !listpath_flag) /* default case */ exitcode = parent_list(listpath_flag); else { if (listpath_flag) exitcode = parent_list(listpath_flag); if (check_flag) exitcode = parent_check(); } return 0; }
static dav_error *check_lock(request_rec *r, const dav_resource *resource, davacl_dir_cfg *conf, const dav_hooks_repository *repos) { if (resource->exists) { const dav_prop_name privs[] = { { NS_DAV, "write" }, { NS_DAV, "write-content" } }; return acl_check_req(r, r->filename, resource, conf, ARRAY(privs), 0); } else { const dav_prop_name privs[] = { { NS_DAV, "write" }, { NS_DAV, "bind" } }; return parent_check(r, resource, conf, repos, ARRAY(privs)); } }
END_TEST START_TEST(test_parent_check) { struct parent_req mreq = {}; mark_point(); mreq.op = PARENT_OPEN; fail_unless(parent_check(&mreq) == EXIT_SUCCESS, "PARENT_OPEN check failed"); mark_point(); mreq.op = PARENT_CLOSE; fail_unless(parent_check(&mreq) == EXIT_SUCCESS, "PARENT_CLOSE check failed"); #ifdef HAVE_LINUX_ETHTOOL_H mark_point(); mreq.op = PARENT_ETHTOOL_GSET; mreq.index = ifindex; mreq.len = sizeof(struct ethtool_cmd); fail_unless(parent_check(&mreq) == EXIT_SUCCESS, "PARENT_ETHTOOL_GSET check failed"); mark_point(); mreq.op = PARENT_ETHTOOL_GDRV; mreq.index = ifindex; mreq.len = sizeof(struct ethtool_drvinfo); fail_unless(parent_check(&mreq) == EXIT_SUCCESS, "PARENT_ETHTOOL_GDRV check failed"); #endif #ifdef SIOCSIFDESCR mark_point(); mreq.op = PARENT_DESCR; mreq.index = ifindex; mreq.len = 0; fail_unless(parent_check(&mreq) == EXIT_SUCCESS, "PARENT_DESCR check failed"); #endif #ifndef HAVE_LINUX_ETHTOOL_H mark_point(); mreq.op = PARENT_ETHTOOL_GSET; fail_unless(parent_check(&mreq) == EXIT_FAILURE, "parent_check should fail"); #endif }