int CLuaACLDefs::aclGroupAddACL ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA && lua_type ( luaVM, 2 ) == LUA_TLIGHTUSERDATA ) { // Grab the arguments CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); CAccessControlList* pACL = lua_toacl ( luaVM, 2 ); // Verify the group and ACL if ( pGroup && pACL ) { // Add the ACL to the group pGroup->AddACL ( pACL ); CLogger::LogPrintf ( "ACL: %s: ACL '%s' added to group '%s'\n", GetResourceName ( luaVM ), pACL->GetName (), pGroup->GetGroupName () ); // Return success lua_pushboolean ( luaVM, true ); return 1; } } else m_pScriptDebugging->LogBadType ( luaVM, "aclGroupAddACL" ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupAddACL ( lua_State* luaVM ) { // bool aclGroupAddACL ( aclgroup theGroup, acl theACL ) CAccessControlListGroup* pGroup; CAccessControlList* pACL; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); argStream.ReadUserData ( pACL ); if ( !argStream.HasErrors () ) { // Add the ACL to the group pGroup->AddACL ( pACL ); CLogger::LogPrintf ( "ACL: %s: ACL '%s' added to group '%s'\n", GetResourceName ( luaVM ), pACL->GetName (), pGroup->GetGroupName () ); // Return success lua_pushboolean ( luaVM, true ); return 1; } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
bool CAccessControlListManager::Load ( void ) { // Eventually destroy the previously loaded xml if ( m_pXML ) { delete m_pXML; } // Load the XML m_pXML = g_pServerInterface->GetXML ()->CreateXML ( GetFileName ().c_str () ); if ( !m_pXML ) { CLogger::ErrorPrintf ( "Error loading Access Control List file\n" ); return false; } // Parse it if ( !m_pXML->Parse () ) { CLogger::ErrorPrintf ( "Error parsing Access Control List file\n" ); return false; } // Grab the XML root node m_pRootNode = m_pXML->GetRootNode (); if ( !m_pRootNode ) { CLogger::ErrorPrintf ( "Missing root node ('ACL')\n" ); return false; } // Clear previous ACL stuff ClearACLs (); ClearGroups (); // load the acl's CXMLNode* pSubNode = NULL; unsigned int uiSubNodesCount = m_pRootNode->GetSubNodeCount (); for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ ) { pSubNode = m_pRootNode->GetSubNode ( i ); if ( !pSubNode ) continue; if ( pSubNode->GetTagName ().compare ( "acl" ) == 0 ) { CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" ); if ( pAttribute ) { CAccessControlList* pACL = AddACL ( pAttribute->GetValue ().c_str () ); CXMLNode* pSubSubNode = NULL; unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount (); for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ ) { // If this subnode doesn't exist, return to the for loop and continue it pSubSubNode = pSubNode->GetSubNode ( j ); if ( !pSubSubNode ) continue; // Check that this subsub node is named "right" if ( pSubSubNode->GetTagName ().compare ( "right" ) == 0 ) { // Grab the name and the access attributes CXMLAttribute* pNameAttribute = pSubSubNode->GetAttributes ().Find ( "name" ); CXMLAttribute* pAccessAttribute = pSubSubNode->GetAttributes ().Find ( "access" ); if ( pNameAttribute && pAccessAttribute ) { // See if the access attribute is true or false bool bAccess = false; std::string strAccess = pAccessAttribute->GetValue (); if ( stricmp ( strAccess.c_str (), "true" ) == 0 || stricmp ( strAccess.c_str (), "yes" ) == 0 || strcmp ( strAccess.c_str (), "1" ) == 0 ) { bAccess = true; } // Grab the name of the 'right' name const char *szRightName = pNameAttribute->GetValue ().c_str (); // Create the rights control list CAccessControlListRight* pRight = NULL; if ( StringBeginsWith ( szRightName, "command." ) ) { pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_COMMAND, bAccess ); } else if ( StringBeginsWith ( szRightName, "function." ) ) { pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_FUNCTION, bAccess ); } else if ( StringBeginsWith ( szRightName, "resource." ) ) { pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_RESOURCE, bAccess ); } else if ( StringBeginsWith ( szRightName, "general." ) ) { pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_GENERAL, bAccess ); } else continue; // Set all the extra attributes for ( uint i = 0 ; i < pSubSubNode->GetAttributes ().Count () ; i++ ) { CXMLAttribute* pAttribute = pSubSubNode->GetAttributes ().Get ( i ); pRight->SetAttributeValue ( pAttribute->GetName (), pAttribute->GetValue () ); } } } } } } } // Load the groups pSubNode = NULL; uiSubNodesCount = m_pRootNode->GetSubNodeCount (); for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ ) { pSubNode = m_pRootNode->GetSubNode ( i ); if ( !pSubNode ) continue; if ( pSubNode->GetTagName ().compare ( "group" ) == 0 ) { CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" ); if ( pAttribute ) { CAccessControlListGroup* pGroup = AddGroup ( pAttribute->GetValue ().c_str () ); CXMLNode* pSubSubNode = NULL; unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount (); for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ ) { pSubSubNode = pSubNode->GetSubNode ( j ); if ( !pSubSubNode ) continue; if ( pSubSubNode->GetTagName ().compare ( "object" ) == 0 ) { CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" ); if ( pSubAttribute ) { const char *szAccountName = pSubAttribute->GetValue ().c_str (); if ( StringBeginsWith ( szAccountName, "user." ) ) { pGroup->AddObject ( &szAccountName[5], CAccessControlListGroupObject::OBJECT_TYPE_USER ); } else if ( StringBeginsWith ( szAccountName, "resource." ) ) { pGroup->AddObject ( &szAccountName[9], CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE ); } } } else if ( pSubSubNode->GetTagName ().compare ( "acl" ) == 0 ) { CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" ); if ( pSubAttribute ) { CAccessControlList* pACL = GetACL ( pSubAttribute->GetValue ().c_str () ); if ( pACL ) { pGroup->AddACL ( pACL ); } } } } } } } m_bNeedsSave = false; return true; }
/////////////////////////////////////////////////////////////// // // CResource::RefreshAutoPermissions // // Update group and acl used aclrequest items // /////////////////////////////////////////////////////////////// bool CResource::RefreshAutoPermissions ( CXMLNode* pNodeAclRequest ) { // Ensure group and acl exist CAccessControlListGroup* pAutoGroup = g_pGame->GetACLManager()->AddGroup ( GetAutoGroupName () ); pAutoGroup->AddACL ( GetAutoAcl () ); pAutoGroup->AddObject ( GetName ().c_str (), CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE ); // Track unused right names std::vector < CAclRightName > unusedRightNameMap; std::vector < SAclRequest > unusedRequestList; GetAclRequests ( unusedRequestList ); for ( uint i = 0 ; i < unusedRequestList.size () ; i++ ) unusedRightNameMap.push_back ( unusedRequestList[i].rightName ); // Track any pending requests bool bHasPending = false; for ( uint uiIndex = 0 ; true ; uiIndex++ ) { CXMLNode* pNodeRight = pNodeAclRequest->FindSubNode ( "right", uiIndex ); if ( !pNodeRight ) break; // Find existing SAclRequest request ( CAclRightName ( pNodeRight->GetAttributeValue ( "name" ) ) ); if ( !FindAclRequest ( request ) ) { // Add new request request.bAccess = false; request.bPending = true; request.strWho = ""; request.strDate = ""; // Validate request if ( !request.rightName.IsValid () || !StringToBool ( pNodeRight->GetAttributeValue ( "access" ) ) ) { CLogger::ErrorPrintf ( "Invalid aclrequest line in %s (%s)\n", GetName ().c_str (), *request.rightName.GetFullName () ); return false; } CommitAclRequest ( request ); } // This right is used ListRemove ( unusedRightNameMap, request.rightName ); // Update flag bHasPending |= request.bPending; } // Remove rights not requested for ( std::vector < CAclRightName >::iterator iter = unusedRightNameMap.begin () ; iter != unusedRightNameMap.end () ; ++iter ) GetAutoAcl ()->RemoveRight ( iter->GetName (), iter->GetType () ); // If any rights are pending, print message if ( bHasPending ) { CLogger::LogPrintf ( "Resource '%s' requests some acl rights. Use the command 'aclrequest list %s'\n", GetName ().c_str (), GetName ().c_str () ); } return bHasPending; }