int CLuaACLDefs::aclGroupListACL ( lua_State* luaVM ) { // table aclGroupListACL ( aclgroup theGroup ) CAccessControlListGroup* pGroup; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); if ( !argStream.HasErrors () ) { // Create a table to return into lua_newtable ( luaVM ); // Loop through ACL stuff unsigned int uiIndex = 0; list <CAccessControlList* > ::const_iterator iter = pGroup->IterBeginACL (); for ( ; iter != pGroup->IterEndACL (); ++iter ) { // Push onto the table lua_pushnumber ( luaVM, ++uiIndex ); lua_pushacl ( luaVM, *iter ); lua_settable ( luaVM, -3 ); } // Return the table return 1; } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); // Return true lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::isObjectInACLGroup ( lua_State* luaVM ) { if ( lua_type ( luaVM, 1 ) == LUA_TSTRING && lua_type ( luaVM, 2 ) == LUA_TLIGHTUSERDATA ) { const char* szObject = lua_tostring ( luaVM, 1 ); CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 2 ); CAccessControlListGroupObject::EObjectType GroupObjectType; if ( pGroup && m_pACLManager->VerifyGroup ( pGroup ) ) { if ( StringBeginsWith ( szObject, "resource." ) ) { szObject += 9; GroupObjectType = CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE; } else if ( StringBeginsWith ( szObject, "user." ) ) { szObject += 5; GroupObjectType = CAccessControlListGroupObject::OBJECT_TYPE_USER; } else { // Invalid group type lua_pushboolean ( luaVM, false ); return 1; } if ( pGroup->FindObjectMatch ( szObject, GroupObjectType ) ) { lua_pushboolean ( luaVM, true ); return 1; } } } lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupRemoveACL ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA && lua_type ( luaVM, 2 ) == LUA_TLIGHTUSERDATA ) { // Grab the arguments CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); CAccessControlList* pACL = lua_toacl ( luaVM, 2 ); // Verify the group and ACL if ( pGroup && pACL ) { // Add the ACL to the group pGroup->RemoveACL ( pACL ); CLogger::LogPrintf ( "ACL: %s: ACL '%s' removed from group '%s'\n", GetResourceName ( luaVM ), pACL->GetName (), pGroup->GetGroupName () ); // Return success lua_pushboolean ( luaVM, true ); return 1; } } else m_pScriptDebugging->LogBadType ( luaVM, "aclGroupRemoveACL" ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupListACL ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA ) { // Grab and verify the group CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); if ( pGroup ) { // Create a table to return into lua_newtable ( luaVM ); // Loop through ACL stuff unsigned int uiIndex = 0; list <CAccessControlList* > ::const_iterator iter = pGroup->IterBeginACL (); for ( ; iter != pGroup->IterEndACL (); iter++ ) { // Push onto the table lua_pushnumber ( luaVM, ++uiIndex ); lua_pushacl ( luaVM, *iter ); lua_settable ( luaVM, -3 ); } // Return the table return 1; } } // Return true lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupAddObject ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA && lua_type ( luaVM, 2 ) == LUA_TSTRING ) { // Grab the arguments CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); const char* szObject = lua_tostring ( luaVM, 2 ); // Verify the group and ACL if ( pGroup ) { // Figure out what type of object this is const char* szObjectAfterDot = szObject; CAccessControlListGroupObject::EObjectType eType; if ( StringBeginsWith ( szObject, "resource." ) ) { eType = CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE; szObjectAfterDot += 9; } else if ( StringBeginsWith ( szObject, "user." ) ) { eType = CAccessControlListGroupObject::OBJECT_TYPE_USER; szObjectAfterDot += 5; } else { lua_pushboolean ( luaVM, false ); return 1; } // Make sure it doesn't already exist if ( !pGroup->FindObjectMatch ( szObjectAfterDot, eType ) ) { // Set it pGroup->AddObject ( szObjectAfterDot, eType ); CLogger::LogPrintf ( "ACL: %s: Object '%s' added to group '%s'\n", GetResourceName ( luaVM ), szObject, pGroup->GetGroupName () ); // Return success lua_pushboolean ( luaVM, true ); return 1; } } } else m_pScriptDebugging->LogBadType ( luaVM, "aclGroupAddObject" ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupListObjects ( lua_State* luaVM ) { // table aclGroupListObjects ( aclgroup theGroup ) CAccessControlListGroup* pGroup; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); if ( !argStream.HasErrors () ) { // Create a table to return into lua_newtable ( luaVM ); // Loop through ACL stuff char szBuffer [255]; unsigned int uiIndex = 0; list <CAccessControlListGroupObject* > ::const_iterator iter = pGroup->IterBeginObjects (); for ( ; iter != pGroup->IterEndObjects (); ++iter ) { // Put the base type depending on the type switch ( (*iter)->GetObjectType () ) { case CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE: strcpy ( szBuffer, "resource." ); break; case CAccessControlListGroupObject::OBJECT_TYPE_USER: strcpy ( szBuffer, "user." ); break; }; // Append the object name strncat ( szBuffer, (*iter)->GetObjectName (), 254 ); // Push its name onto the table lua_pushnumber ( luaVM, ++uiIndex ); lua_pushstring ( luaVM, szBuffer ); lua_settable ( luaVM, -3 ); } // Return the table return 1; } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupListObjects ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA ) { // Grab and verify the group CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); if ( pGroup ) { // Create a table to return into lua_newtable ( luaVM ); // Loop through ACL stuff char szBuffer [255]; unsigned int uiIndex = 0; list <CAccessControlListGroupObject* > ::const_iterator iter = pGroup->IterBeginObjects (); for ( ; iter != pGroup->IterEndObjects (); iter++ ) { // Put the base type depending on the type switch ( (*iter)->GetObjectType () ) { case CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE: strcpy ( szBuffer, "resource." ); break; case CAccessControlListGroupObject::OBJECT_TYPE_USER: strcpy ( szBuffer, "user." ); break; }; // Append the object name strncat ( szBuffer, (*iter)->GetObjectName (), 254 ); // Push its name onto the table lua_pushnumber ( luaVM, ++uiIndex ); lua_pushstring ( luaVM, szBuffer ); lua_settable ( luaVM, -3 ); } // Return the table return 1; } } // Return true lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclDestroyGroup ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA ) { // Grab the arguments CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); // Verify the group if ( pGroup ) { // Delete it CLogger::LogPrintf ( "ACL: %s: Group '%s' deleted\n", GetResourceName ( luaVM ), pGroup->GetGroupName () ); m_pACLManager->DeleteGroup ( pGroup ); // Return success lua_pushboolean ( luaVM, true ); return 1; } } else m_pScriptDebugging->LogBadType ( luaVM, "aclDestroyGroup" ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclCreateGroup ( lua_State* luaVM ) { // aclgroup aclCreateGroup ( string groupName ) SString strGroup; CScriptArgReader argStream ( luaVM ); argStream.ReadString ( strGroup ); if ( !argStream.HasErrors () ) { // Find the ACL specified CAccessControlListGroup* pGroup = m_pACLManager->GetGroup ( strGroup ); if ( !pGroup ) { // Create the group pGroup = m_pACLManager->AddGroup ( strGroup ); CLogger::LogPrintf ( "ACL: %s: Group '%s' created\n", GetResourceName ( luaVM ), pGroup->GetGroupName () ); // And return it lua_pushaclgroup ( luaVM, pGroup ); return 1; } } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclCreateGroup ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TSTRING ) { // Grab the argument strings char* szGroup = (char*) lua_tostring ( luaVM, 1 ); // Find the ACL specified CAccessControlListGroup* pGroup = m_pACLManager->GetGroup ( szGroup ); if ( !pGroup ) { // Create the group pGroup = m_pACLManager->AddGroup ( szGroup ); CLogger::LogPrintf ( "ACL: %s: Group '%s' created\n", GetResourceName ( luaVM ), pGroup->GetGroupName () ); // And return it lua_pushaclgroup ( luaVM, pGroup ); return 1; } } else m_pScriptDebugging->LogBadType ( luaVM, "aclCreateGroup" ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupRemoveObject ( lua_State* luaVM ) { // bool aclGroupRemoveObject ( aclgroup theGroup, string theObjectString ) CAccessControlListGroup* pGroup; SString strObject; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); argStream.ReadString ( strObject ); if ( !argStream.HasErrors () ) { // Figure out what type of object this is const char* szObjectAfterDot = strObject; CAccessControlListGroupObject::EObjectType eType; if ( StringBeginsWith ( strObject, "resource." ) ) { eType = CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE; szObjectAfterDot += 9; } else if ( StringBeginsWith ( strObject, "user." ) ) { eType = CAccessControlListGroupObject::OBJECT_TYPE_USER; szObjectAfterDot += 5; } else { lua_pushboolean ( luaVM, false ); return 1; } // Remove it if ( pGroup->RemoveObject ( szObjectAfterDot, eType ) ) { // Return success CLogger::LogPrintf ( "ACL: %s: Object '%s' removed from group '%s'\n", GetResourceName ( luaVM ), strObject.c_str (), pGroup->GetGroupName () ); lua_pushboolean ( luaVM, true ); return 1; } } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupGetName ( lua_State* luaVM ) { // string aclGroupGetName ( aclGroup ) CAccessControlListGroup* pGroup; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); if ( !argStream.HasErrors () ) { // Return its name lua_pushstring ( luaVM, pGroup->GetGroupName () ); return 1; } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::isObjectInACLGroup ( lua_State* luaVM ) { // bool isObjectInACLGroup ( string theObject, aclgroup theGroup ) SString strObject; CAccessControlListGroup* pGroup; CAccessControlListGroupObject::EObjectType GroupObjectType; CScriptArgReader argStream ( luaVM ); argStream.ReadString ( strObject ); argStream.ReadUserData ( pGroup ); if ( !argStream.HasErrors () ) { // Figure out what type of object this is const char* szObjectAfterDot = strObject; if ( StringBeginsWith ( strObject, "resource." ) ) { szObjectAfterDot += 9; GroupObjectType = CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE; } else if ( StringBeginsWith ( strObject, "user." ) ) { szObjectAfterDot += 5; GroupObjectType = CAccessControlListGroupObject::OBJECT_TYPE_USER; } else { // Invalid group type lua_pushboolean ( luaVM, false ); return 1; } if ( pGroup->FindObjectMatch ( szObjectAfterDot, GroupObjectType ) ) { lua_pushboolean ( luaVM, true ); return 1; } } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupGetName ( lua_State* luaVM ) { // Verify the arguents if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA ) { // Grab the arguments CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 ); // Verify the group if ( pGroup ) { // Return its name lua_pushstring ( luaVM, pGroup->GetGroupName () ); return 1; } } else m_pScriptDebugging->LogBadType ( luaVM, "aclGroupGetName" ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclGroupRemoveACL ( lua_State* luaVM ) { // bool aclGroupRemoveACL ( aclgroup theGroup, acl theACL ) CAccessControlListGroup* pGroup; CAccessControlList* pACL; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); argStream.ReadUserData ( pACL ); if ( !argStream.HasErrors () ) { // Add the ACL to the group pGroup->RemoveACL ( pACL ); CLogger::LogPrintf ( "ACL: %s: ACL '%s' removed from group '%s'\n", GetResourceName ( luaVM ), pACL->GetName (), pGroup->GetGroupName () ); // Return success lua_pushboolean ( luaVM, true ); return 1; } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
int CLuaACLDefs::aclDestroyGroup ( lua_State* luaVM ) { // bool aclDestroyGroup ( aclgroup aclGroup ) CAccessControlListGroup* pGroup; CScriptArgReader argStream ( luaVM ); argStream.ReadUserData ( pGroup ); if ( !argStream.HasErrors () ) { // Delete it CLogger::LogPrintf ( "ACL: %s: Group '%s' deleted\n", GetResourceName ( luaVM ), pGroup->GetGroupName () ); m_pACLManager->DeleteGroup ( pGroup ); // Return success lua_pushboolean ( luaVM, true ); return 1; } else m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () ); lua_pushboolean ( luaVM, false ); return 1; }
bool CAccessControlListManager::Load ( void ) { // Eventually destroy the previously loaded xml if ( m_pXML ) { delete m_pXML; } // Load the XML m_pXML = g_pServerInterface->GetXML ()->CreateXML ( GetFileName ().c_str () ); if ( !m_pXML ) { CLogger::ErrorPrintf ( "Error loading Access Control List file\n" ); return false; } // Parse it if ( !m_pXML->Parse () ) { CLogger::ErrorPrintf ( "Error parsing Access Control List file\n" ); return false; } // Grab the XML root node m_pRootNode = m_pXML->GetRootNode (); if ( !m_pRootNode ) { CLogger::ErrorPrintf ( "Missing root node ('ACL')\n" ); return false; } // Clear previous ACL stuff ClearACLs (); ClearGroups (); // load the acl's CXMLNode* pSubNode = NULL; unsigned int uiSubNodesCount = m_pRootNode->GetSubNodeCount (); for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ ) { pSubNode = m_pRootNode->GetSubNode ( i ); if ( !pSubNode ) continue; if ( pSubNode->GetTagName ().compare ( "acl" ) == 0 ) { CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" ); if ( pAttribute ) { CAccessControlList* pACL = AddACL ( pAttribute->GetValue ().c_str () ); CXMLNode* pSubSubNode = NULL; unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount (); for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ ) { // If this subnode doesn't exist, return to the for loop and continue it pSubSubNode = pSubNode->GetSubNode ( j ); if ( !pSubSubNode ) continue; // Check that this subsub node is named "right" if ( pSubSubNode->GetTagName ().compare ( "right" ) == 0 ) { // Grab the name and the access attributes CXMLAttribute* pNameAttribute = pSubSubNode->GetAttributes ().Find ( "name" ); CXMLAttribute* pAccessAttribute = pSubSubNode->GetAttributes ().Find ( "access" ); if ( pNameAttribute && pAccessAttribute ) { // See if the access attribute is true or false bool bAccess = false; std::string strAccess = pAccessAttribute->GetValue (); if ( stricmp ( strAccess.c_str (), "true" ) == 0 || stricmp ( strAccess.c_str (), "yes" ) == 0 || strcmp ( strAccess.c_str (), "1" ) == 0 ) { bAccess = true; } // Grab the name of the 'right' name const char *szRightName = pNameAttribute->GetValue ().c_str (); // Create the rights control list CAccessControlListRight* pRight = NULL; if ( StringBeginsWith ( szRightName, "command." ) ) { pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_COMMAND, bAccess ); } else if ( StringBeginsWith ( szRightName, "function." ) ) { pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_FUNCTION, bAccess ); } else if ( StringBeginsWith ( szRightName, "resource." ) ) { pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_RESOURCE, bAccess ); } else if ( StringBeginsWith ( szRightName, "general." ) ) { pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_GENERAL, bAccess ); } else continue; // Set all the extra attributes for ( uint i = 0 ; i < pSubSubNode->GetAttributes ().Count () ; i++ ) { CXMLAttribute* pAttribute = pSubSubNode->GetAttributes ().Get ( i ); pRight->SetAttributeValue ( pAttribute->GetName (), pAttribute->GetValue () ); } } } } } } } // Load the groups pSubNode = NULL; uiSubNodesCount = m_pRootNode->GetSubNodeCount (); for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ ) { pSubNode = m_pRootNode->GetSubNode ( i ); if ( !pSubNode ) continue; if ( pSubNode->GetTagName ().compare ( "group" ) == 0 ) { CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" ); if ( pAttribute ) { CAccessControlListGroup* pGroup = AddGroup ( pAttribute->GetValue ().c_str () ); CXMLNode* pSubSubNode = NULL; unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount (); for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ ) { pSubSubNode = pSubNode->GetSubNode ( j ); if ( !pSubSubNode ) continue; if ( pSubSubNode->GetTagName ().compare ( "object" ) == 0 ) { CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" ); if ( pSubAttribute ) { const char *szAccountName = pSubAttribute->GetValue ().c_str (); if ( StringBeginsWith ( szAccountName, "user." ) ) { pGroup->AddObject ( &szAccountName[5], CAccessControlListGroupObject::OBJECT_TYPE_USER ); } else if ( StringBeginsWith ( szAccountName, "resource." ) ) { pGroup->AddObject ( &szAccountName[9], CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE ); } } } else if ( pSubSubNode->GetTagName ().compare ( "acl" ) == 0 ) { CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" ); if ( pSubAttribute ) { CAccessControlList* pACL = GetACL ( pSubAttribute->GetValue ().c_str () ); if ( pACL ) { pGroup->AddACL ( pACL ); } } } } } } } m_bNeedsSave = false; return true; }
/////////////////////////////////////////////////////////////// // // CResource::RefreshAutoPermissions // // Update group and acl used aclrequest items // /////////////////////////////////////////////////////////////// bool CResource::RefreshAutoPermissions ( CXMLNode* pNodeAclRequest ) { // Ensure group and acl exist CAccessControlListGroup* pAutoGroup = g_pGame->GetACLManager()->AddGroup ( GetAutoGroupName () ); pAutoGroup->AddACL ( GetAutoAcl () ); pAutoGroup->AddObject ( GetName ().c_str (), CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE ); // Track unused right names std::vector < CAclRightName > unusedRightNameMap; std::vector < SAclRequest > unusedRequestList; GetAclRequests ( unusedRequestList ); for ( uint i = 0 ; i < unusedRequestList.size () ; i++ ) unusedRightNameMap.push_back ( unusedRequestList[i].rightName ); // Track any pending requests bool bHasPending = false; for ( uint uiIndex = 0 ; true ; uiIndex++ ) { CXMLNode* pNodeRight = pNodeAclRequest->FindSubNode ( "right", uiIndex ); if ( !pNodeRight ) break; // Find existing SAclRequest request ( CAclRightName ( pNodeRight->GetAttributeValue ( "name" ) ) ); if ( !FindAclRequest ( request ) ) { // Add new request request.bAccess = false; request.bPending = true; request.strWho = ""; request.strDate = ""; // Validate request if ( !request.rightName.IsValid () || !StringToBool ( pNodeRight->GetAttributeValue ( "access" ) ) ) { CLogger::ErrorPrintf ( "Invalid aclrequest line in %s (%s)\n", GetName ().c_str (), *request.rightName.GetFullName () ); return false; } CommitAclRequest ( request ); } // This right is used ListRemove ( unusedRightNameMap, request.rightName ); // Update flag bHasPending |= request.bPending; } // Remove rights not requested for ( std::vector < CAclRightName >::iterator iter = unusedRightNameMap.begin () ; iter != unusedRightNameMap.end () ; ++iter ) GetAutoAcl ()->RemoveRight ( iter->GetName (), iter->GetType () ); // If any rights are pending, print message if ( bHasPending ) { CLogger::LogPrintf ( "Resource '%s' requests some acl rights. Use the command 'aclrequest list %s'\n", GetName ().c_str (), GetName ().c_str () ); } return bHasPending; }