📄 security.c
字号:
if ( anchor->dirsize == max_elements )
{
max_elements = max_elements * 2;
anchor->dirlist = realloc( anchor->dirlist,
sizeof anchor->dirlist[0] * max_elements );
checkref( anchor->dirlist );
}
/*--------------------------------------------------------------------*/
/* Normalize directory name */
/*--------------------------------------------------------------------*/
strcpy( path, token);
if (isalpha(path[0]) && (path[1] != ':') && (strlen(path) == 2))
; /* Yup, do nothing for root drive names */
else if ( expand_path( path, NULL, E_pubdir , NULL) == NULL )
{
printmsg(0, "Unable to expand path \"%s\"",path );
return 0;
} /* else */
printmsg(5,"InitDir: Normalizing path %s", path );
field = newstr( normalize( path ));
/*--------------------------------------------------------------------*/
/* Verify it really is a valid directory */
/*--------------------------------------------------------------------*/
if ( strlen( field ) > 2 ) /* More than just drive/colon? (x:) */
{ /* Yes --> Go check disk for path */
if (stat(field , &statbuf) != 0)
{
printmsg(0,"Warning ... invalid PERMISSIONS file entry %s:",
token );
printerr(field);
}
else if ((statbuf.st_mode & S_IFDIR) == 0)
printmsg(0,"InitDir: \"%s\" is a file, not a directory",
field);
} /* if ( strlen( field ) > 2 ) */
strlwr( field); // Lower case for compares
/*--------------------------------------------------------------------*/
/* Verify this directory not already in the list */
/*--------------------------------------------------------------------*/
for (subscript = 0; subscript < anchor->dirsize ; subscript++)
{
if ( (access == anchor->dirlist[subscript].priv) &&
equal( field, anchor->dirlist[subscript].path))
{
printmsg(0,"InitDir: Duplicate directory %s/", field);
return 0;
} /* if */
} /* for */
/*--------------------------------------------------------------------*/
/* No conflict, add this directory to the list */
/*--------------------------------------------------------------------*/
printmsg(10,"InitDir: Adding \"%s\" as \"%s\"", token , field);
anchor->dirlist[subscript].path = field;
anchor->dirlist[subscript].priv = access;
anchor->dirlist[subscript].grant = grant;
anchor->dirsize++;
field = NULL; /* Look at next field next pass */
} /* while ( (field = NextField( field )) != NULL) */
/*--------------------------------------------------------------------*/
/* Return to caller */
/*--------------------------------------------------------------------*/
return max_elements;
} /* InitDir */
/*--------------------------------------------------------------------*/
/* d i r c m p */
/* */
/* */
/* Compares two directory structures for sorting */
/*--------------------------------------------------------------------*/
int dircmp( const void *a , const void *b )
{
struct DIRLIST *x = (struct DIRLIST*) a;
struct DIRLIST *y = (struct DIRLIST*) b;
int result = strcmp(x->path, y->path);
if (result == 0 && (x->priv != y->priv))
result = ( x->priv < y->priv ) ? -1 : 1;
return result;
} /*dircmp*/
/*--------------------------------------------------------------------*/
/* V a l i d a t e H o s t */
/* */
/* Determine that a host is allowed for a specific login */
/*--------------------------------------------------------------------*/
boolean ValidateHost( const char *host )
{
char **target;
/*--------------------------------------------------------------------*/
/* If this host has no security profile, reject the access */
/*--------------------------------------------------------------------*/
if ( securep == NULL )
return FALSE;
/*--------------------------------------------------------------------*/
/* If we allow any host on this user id, use it if the calling */
/* host is not supported any other profile */
/*--------------------------------------------------------------------*/
target = securep->validate;
if ( target == NULL ) /* No validate list for this user? */
{ /* Correct --> Use if none for host */
struct HostTable *hostp = checkreal( host );
if ( hostp == BADHOST ) /* Host exist? */
panic(); /* No --> Internal error, abort */
return hostp->anylogin; /* Allow action if generic access
allowed for host */
} /* if ( target == NULL ) */
/*--------------------------------------------------------------------*/
/* Determine if this host is allowed for this login */
/*--------------------------------------------------------------------*/
while (*target != NULL)
{
if ( equal(*target++, host ))
return TRUE;
} /* (*target != NULL) */
/*--------------------------------------------------------------------*/
/* We didn't find the host; reject it */
/*--------------------------------------------------------------------*/
return FALSE;
} /* ValidateHost */
/*--------------------------------------------------------------------*/
/* V a l i d a t e F i l e */
/* */
/* Allow or reject access to a file by name */
/*--------------------------------------------------------------------*/
boolean ValidateFile( const char *input, /* Full path name */
const REMOTE_ACCESS needed )
{
char path[FILENAME_MAX];
char *column;
/*--------------------------------------------------------------------*/
/* Validate the length of the name */
/*--------------------------------------------------------------------*/
printmsg(5,"ValidateFile: Checking %s access for file \"%s\"",
(needed == ALLOW_WRITE) ? "WRITE" : "READ" , input);
if ( strlen( input ) >= sizeof path) /* Reject all invalid names*/
{
printmsg(0,"ValidateFile: Access rejected, name too long: %s",
input);
return FALSE;
}
/*--------------------------------------------------------------------*/
/* Validate format of name; we don't allow parent directories */
/*--------------------------------------------------------------------*/
if ( strstr( input, "..") ) /* Games with parent dir? */
{
printmsg(0,"ValidateFile: Access rejected, name not normalized: %s",
input);
return FALSE;
}
/*--------------------------------------------------------------------*/
/* Validate the security table is okay */
/*--------------------------------------------------------------------*/
if ( securep == NULL )
panic();
/*--------------------------------------------------------------------*/
/* Handle local system */
/*--------------------------------------------------------------------*/
if ( securep->local ) /* Local system? */
return TRUE; /* Yes --> Bless the request */
/*--------------------------------------------------------------------*/
/* Determine if the user is allowed to request files */
/*--------------------------------------------------------------------*/
if ((needed == ALLOW_READ) && !securep->request)
{
printmsg(0,"ValidateFile: access rejected, "
"REQUEST not enabled in permissions file");
return FALSE;
}
/*--------------------------------------------------------------------*/
/* Copy path name */
/*--------------------------------------------------------------------*/
if ( input[1] == ':' )
strcpy( path, input );
else
strcat( strcpy( path , drive ), input );
strlwr( path );
/*--------------------------------------------------------------------*/
/* Locate the best file match for the path */
/*--------------------------------------------------------------------*/
while( (column = strrchr( path, '/')) != NULL )
{
int lower = 0;
int upper = securep->dirsize - 1;
*column = '\0';
printmsg(10,"ValidateFile: Searching for %s", path);
while( lower <= upper )
{
int midpoint = (lower + upper) / 2;
int hit = strcmp(path, securep->dirlist[midpoint].path);
printmsg(10,"ValidateFile: Comparing %s and %s",
path, securep->dirlist[midpoint].path);
if ( hit == 0 )
hit = (int) needed - (int) securep->dirlist[midpoint].priv;
if (hit > 0)
lower = midpoint + 1;
else if (hit < 0)
upper = midpoint - 1;
else {
printmsg( securep->dirlist[midpoint].grant ? 5 : 0 ,
"ValidateFile: Found path \"%s\", access %s to \"%s\"",
securep->dirlist[midpoint].path,
securep->dirlist[midpoint].grant ?
"granted" : "denied", input);
return securep->dirlist[midpoint].grant;
}
} /* while( lower <= upper ) */
} /* while( (column = strrchr( path, '/')) != NULL ) */
/*--------------------------------------------------------------------*/
/* We didn't find the file; reject all access to it */
/*--------------------------------------------------------------------*/
printmsg(0,"ValidateFile: No access definition found for \
\"%s\", access denied",
input);
return FALSE;
} /* ValidateFile */
/*--------------------------------------------------------------------*/
/* G e t S e c u r i t y */
/* */
/* Return security structure for to use when calling out to */
/* another system */
/*--------------------------------------------------------------------*/
struct HostSecurity *GetSecurity( struct HostTable *hostp)
{
if ((hostp->hsecure == NULL) && (default_security != NULL ))
{
printmsg(2,"GetSecurity: Using security for MACHINE=OTHER for \
system \"%s\"", hostp->hostname );
hostp->hsecure = default_security;
} /* if */
return hostp->hsecure;
} /* GetSecurity */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -