um.c

RTEMS (Real-Time Executive for Multiprocessor Systems) is a free open source real-time operating sys

 *	Only allow valid characters in key field
 */
	if (!umCheckName(group)) {
		return UM_ERR_BAD_NAME;
	}

/*
 *	Add a new row to the table
 */
	if ((row = dbAddRow(didUM, UM_GROUP_TABLENAME)) < 0) {
		return UM_ERR_GENERAL;
	}

/*
 *	Write the key field
 */
	if (dbWriteStr(didUM, UM_GROUP_TABLENAME, UM_NAME, row, group) != 0) {
		return UM_ERR_GENERAL;
	}

/*
 *	Write the remaining fields
 */
	dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_PRIVILEGE, row, priv);
	dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_METHOD, row, (int) am);
	dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_PROT, row, prot);
	dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_DISABLE, row, disabled);

	return 0;
}

/******************************************************************************/
/*
 *	umDeleteGroup() - Delete a user group, if not protected
 */

int	umDeleteGroup(char_t *group)
{
	int row;

	a_assert(group && *group);
	trace(3, T("UM: Deleting Group <%s>\n"), group);

/*
 *	Check to see if the group is in use
 */
	if (umGetGroupInUse(group)) {
		return UM_ERR_IN_USE;
	} 

/*
 *	Check to see if the group is delete-protected
 */
	if (umGetGroupProtected(group)) {
		return UM_ERR_PROTECTED;
	} 

/*
 *	Find the row of the group to delete
 */
	if ((row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0)) < 0) {
		return UM_ERR_NOT_FOUND;
	}

	return dbDeleteRow(didUM, UM_GROUP_TABLENAME, row);
}

/******************************************************************************/
/*
 *	umGroupExists() returns TRUE if group exists, FALSE otherwise
 */

bool_t umGroupExists(char_t *group)
{
	a_assert(group && *group);

	if (dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0) >= 0) {
		return TRUE;
	} else {
		return FALSE;
	}
}


/******************************************************************************/
/*
 *	umGetGroupInUse() returns TRUE if the group is referenced by a user or by
 *  an access limit.
 */

bool_t umGetGroupInUse(char_t *group)
{
	a_assert(group && *group);

/*
 *	First, check the user table
 */
	if (dbSearchStr(didUM, UM_USER_TABLENAME, UM_GROUP, group, 0) >= 0) {
		return TRUE;
	} 

/*
 *	Second, check the access limit table
 */
	if (dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_GROUP, group, 0) >= 0) {
		return TRUE;
	} 

	return FALSE;
}


/******************************************************************************/
/*
 *	umGetFirstGroup() - return a pointer to the first non-blank group name
 */

char_t *umGetFirstGroup()
{
	return umGetFirstRowData(UM_GROUP_TABLENAME, UM_NAME);
}

/******************************************************************************/
/*
 *	umGetNextGroup() -	return a pointer to the first non-blank group name
 *						following the given group name
 */

char_t *umGetNextGroup(char_t *groupLast)
{
	return umGetNextRowData(UM_GROUP_TABLENAME, UM_NAME, groupLast);
}

/******************************************************************************/
/*
 *	Returns the default access method to use for a given group
 */

accessMeth_t umGetGroupAccessMethod(char_t *group)
{
	int am, row;

	a_assert(group && *group);
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);

	if (row >= 0) {
		dbReadInt(didUM, UM_GROUP_TABLENAME, UM_METHOD, row, (int *)&am);
	} else {
		am = AM_INVALID;
	}

	return (accessMeth_t) am;
}

/******************************************************************************/
/*
 *	Set the default access method to use for a given group
 */

int	umSetGroupAccessMethod(char_t *group, accessMeth_t am)
{
	int row;

	a_assert(group && *group);
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);

	if (row >= 0) {
		return dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_METHOD, row, (int) am);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}

/******************************************************************************/
/*
 *	Returns the privilege mask for a given group
 */

short umGetGroupPrivilege(char_t *group)
{
	int privilege, row;

	a_assert(group && *group);
	privilege = -1;
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);

	if (row >= 0) {
		dbReadInt(didUM, UM_GROUP_TABLENAME, UM_PRIVILEGE, row, &privilege);
	}

	return (short) privilege;
}

/******************************************************************************/
/*
 *	Set the privilege mask for a given group
 */

int	umSetGroupPrivilege(char_t *group, short privilege)
{
	int row;

	a_assert(group && *group);
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);

	if (row >= 0) {
		return dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_PRIVILEGE, row, 
			(int)privilege);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}

/******************************************************************************/
/*
 *	Returns the enabled setting for a given group.
 *	Returns FALSE if group is not found.
 */

bool_t umGetGroupEnabled(char_t *group)
{
	int disabled, row;

	a_assert(group && *group);
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);
	disabled = 1;

	if (row >= 0) {
		dbReadInt(didUM, UM_GROUP_TABLENAME, UM_DISABLE, row, &disabled);
	}

	return (bool_t) !disabled;
}

/******************************************************************************/
/*
 *	Sets the enabled setting for a given group.
 */

int umSetGroupEnabled(char_t *group, bool_t enabled)
{
	int row;

	a_assert(group && *group);
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);

	if (row >= 0) {
		return dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_DISABLE, row, 
			(int) !enabled);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}

/******************************************************************************/
/*
 *	Returns the protected setting for a given group
 *  Returns FALSE if user is not found
 */

bool_t umGetGroupProtected(char_t *group)
{
	int protect, row;

	a_assert(group && *group);

	protect = 0;
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);
	if (row >= 0) {
		dbReadInt(didUM, UM_GROUP_TABLENAME, UM_PROT, row, &protect);
	}

	return (bool_t) protect;
}

/******************************************************************************/
/*
 *	Sets the protected setting for a given group
 */

int	umSetGroupProtected(char_t *group, bool_t protect)
{
	int row;

	a_assert(group && *group);
	row = dbSearchStr(didUM, UM_GROUP_TABLENAME, UM_NAME, group, 0);

	if (row >= 0) {
		return dbWriteInt(didUM, UM_GROUP_TABLENAME, UM_PROT, row, 
			(int) protect);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}


/******************************************************************************/
/*
 *	umAddAccessLimit() adds an access limit to the "access" table
 */

int	umAddAccessLimit(char_t *url, accessMeth_t am, short secure, char_t *group)
{
	int row;

	a_assert(url && *url);
	trace(3, T("UM: Adding Access Limit for <%s>\n"), url);

/*
 *	Do not allow duplicates
 */
	if (umAccessLimitExists(url)) {
		return UM_ERR_DUPLICATE;
	}

/*
 *	Add a new row to the table
 */
	if ((row = dbAddRow(didUM, UM_ACCESS_TABLENAME)) < 0) {
		return UM_ERR_GENERAL;
	}

/*
 *	Write the key field
 */
	if(dbWriteStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, row, url) < 0) {
		return UM_ERR_GENERAL;
	}

/*
 *	Write the remaining fields
 */
	dbWriteInt(didUM, UM_ACCESS_TABLENAME, UM_METHOD, row, (int)am);
	dbWriteInt(didUM, UM_ACCESS_TABLENAME, UM_SECURE, row, (int)secure);
	dbWriteStr(didUM, UM_ACCESS_TABLENAME, UM_GROUP, row, group);

	return 0;
}

/******************************************************************************/
/*
 *	umDeleteAccessLimit()
 */

int	umDeleteAccessLimit(char_t *url)
{
	int row;

	a_assert(url && *url);
	trace(3, T("UM: Deleting Access Limit for <%s>\n"), url);
/*
 *	Find the row of the access limit to delete
 */
	if ((row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0)) < 0) {
		return UM_ERR_NOT_FOUND;
	}

	return dbDeleteRow(didUM, UM_ACCESS_TABLENAME, row);
}

/******************************************************************************/
/*
 *	umGetFirstGroup() - return a pointer to the first non-blank access limit
 */

char_t *umGetFirstAccessLimit()
{
	return umGetFirstRowData(UM_ACCESS_TABLENAME, UM_NAME);
}

/******************************************************************************/
/*
 *	umGetNextAccessLimit() -	return a pointer to the first non-blank 
 *								access limit following the given one
 */

char_t *umGetNextAccessLimit(char_t *urlLast)
{
	return umGetNextRowData(UM_ACCESS_TABLENAME, UM_NAME, urlLast);
}

/******************************************************************************/
/*
 *	umAccessLimitExists() returns TRUE if this access limit exists
 */

bool_t	umAccessLimitExists(char_t *url)
{
	a_assert(url && *url);

	if (dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0) < 0) {
		return FALSE;
	} else {
		return TRUE;
	}
}

/******************************************************************************/
/*
 *	umGetAccessLimit() returns the Access Method for the URL
 */

accessMeth_t umGetAccessLimitMethod(char_t *url)
{
	int am, row;

	am = (int) AM_INVALID;
	row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0);

	if (row >= 0) {
		dbReadInt(didUM, UM_ACCESS_TABLENAME, UM_METHOD, row, &am);
	} 

	return (accessMeth_t) am;
}

/******************************************************************************/
/*
 *	umSetAccessLimitMethod() - set Access Method for Access Limit
 */

int	umSetAccessLimitMethod(char_t *url, accessMeth_t am)
{
	int row;

	a_assert(url && *url);
	row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0);

	if (row >= 0) {
		return dbWriteInt(didUM, UM_ACCESS_TABLENAME, UM_METHOD, row, (int) am);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}

/******************************************************************************/
/*
 *	umGetAccessLimitSecure() - returns secure switch for access limit
 */

short umGetAccessLimitSecure(char_t *url)
{
	int secure, row;

	a_assert(url && *url);
	secure = -1;
	row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0);

	if (row >= 0) {
		dbReadInt(didUM, UM_ACCESS_TABLENAME, UM_SECURE, row, &secure);
	}

	return (short)secure;
}

/******************************************************************************/
/*
 *	umSetAccessLimitSecure() - sets the secure flag for the URL
 */

int	umSetAccessLimitSecure(char_t *url, short secure)
{
	int row;

	a_assert(url && *url);
	row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0);

	if (row >= 0) {
		return dbWriteInt(didUM, UM_ACCESS_TABLENAME, UM_SECURE, row, 
			(int)secure);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}

/******************************************************************************/
/*
 *	umGetAccessLimitGroup() - returns the user group of the access limit
 */

char_t *umGetAccessLimitGroup(char_t *url)
{
	char_t	*group;
	int		row;

	a_assert(url && *url);
	group = NULL;
	row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0);

	if (row >= 0) {
		dbReadStr(didUM, UM_ACCESS_TABLENAME, UM_GROUP, row, &group);
	}

	return group;
}

/******************************************************************************/
/*
 *	umSetAccessLimitGroup() - sets the user group for the access limit.
 */

int	umSetAccessLimitGroup(char_t *url, char_t *group)
{
	int row;

	a_assert(url && *url);
	row = dbSearchStr(didUM, UM_ACCESS_TABLENAME, UM_NAME, url, 0);

	if (row >= 0) {
		return dbWriteStr(didUM, UM_ACCESS_TABLENAME, UM_GROUP, row, group);
	} else {
		return UM_ERR_NOT_FOUND;
	}
}

/******************************************************************************/
/*
 *	Returns the access limit to use for a given URL, by checking for URLs up
 *	the directory tree.  Creates a new string that must be deleted.
 */

char_t *umGetAccessLimit(char_t *url)
{
	char_t	*urlRet, *urlCheck, *lastChar;
	int		len;
	
	a_assert(url && *url);
	urlRet = NULL;
	urlCheck = bstrdup(B_L, url);
	a_assert(urlCheck);
	len = gstrlen(urlCheck);
/*
 *	Scan back through URL to see if there is a "parent" access limit
 */
	while (len && !urlRet) {
		if (umAccessLimitExists(urlCheck)) {
			urlRet = bstrdup(B_L, urlCheck);
		} else {
/*
 *	Trim the end portion of the URL to the previous directory marker
 */
			lastChar = urlCheck + len;
			lastChar--;

			while ((lastChar >= urlCheck) && ((*lastChar == '/') || 
				(*lastChar == '\\'))) {
				*lastChar = 0;
				lastChar--;
			}

			while ((lastChar >= urlCheck) && (*lastChar != '/') && 
				(*lastChar != '\\')) {
				*lastChar = 0;
				lastChar--;
			}

			len = gstrlen(urlCheck);
		}
	}
	bfree (B_L, urlCheck);

	return urlRet;
}

/******************************************************************************/
/*
 *	Returns the access method to use for a given URL
 */

accessMeth_t umGetAccessMethodForURL(char_t *url)
{
	accessMeth_t	amRet;
	char_t			*urlHavingLimit, *group;
	
	urlHavingLimit = umGetAccessLimit(url);
	if (urlHavingLimit) {
		group = umGetAccessLimitGroup(urlHavingLimit);

		if (group && *group) {
			amRet = umGetGroupAccessMethod(group);
		} else {
			amRet = umGetAccessLimitMethod(urlHavingLimit);
		}

		bfree(B_L, urlHavingLimit);
	} else {
		amRet = AM_FULL;
	}

	return amRet;
}

/******************************************************************************/
/*
 *	Returns TRUE if user can access URL
 */

bool_t umUserCanAccessURL(char_t *user, char_t *url)
{
	accessMeth_t	amURL;
	char_t			*group, *usergroup, *urlHavingLimit;
	short			priv;
	
	a_assert(user && *user);
	a_assert(url && *url);

/*
 *	Make sure user exists
 */
	if (!umUserExists(user)) {
		return FALSE;
	}

/*
 *	Make sure user is enabled
 */
	if (!umGetUserEnabled(user)) {
		return FALSE;
	}

/*
 *	Make sure user has sufficient privileges (any will do)
 */
	usergroup = umGetUserGroup(user);
	priv = umGetGroupPrivilege(usergroup);
	if (priv == 0) {
		return FALSE;
	}

/*
 *	Make sure user's group is enabled
 */
	if (!umGetGroupEnabled(usergroup)) {
		return FALSE;
	}

/*
 *	The access method of the user group must not be AM_NONE
 */
	if (umGetGroupAccessMethod(usergroup) == AM_NONE) {
		return FALSE;
	}

/*
 *	Check to see if there is an Access Limit for this URL
 */
	urlHavingLimit = umGetAccessLimit(url);
	if (urlHavingLimit) {
		amURL = umGetAccessLimitMethod(urlHavingLimit);
		group = umGetAccessLimitGroup(urlHavingLimit);
		bfree(B_L, urlHavingLimit);
	} else {
/*
 *		If there isn't an access limit for the URL, user has full access
 */
		return TRUE;
	}

/*
 *	If the access method for the URL is AM_NONE then 
 *	the file "doesn't exist".
 */
	if (amURL == AM_NONE) {
		return FALSE;
	} 
	
/*
 *	If Access Limit has a group specified, then the user must be a 
 *	member of that group
 */
	if (group && *group) {
		if (usergroup && (gstrcmp(group, usergroup) != 0)) {
			return FALSE;
		}
	} 

/*
 *	Otherwise, user can access the URL 
 */
	return TRUE;
}

/******************************************************************************/
/*
 *	Returns TRUE if given name has only valid chars
 */

static bool_t umCheckName(char_t *name)
{
	a_assert(name && *name);

	if (name && *name) {
		while (*name) {
			if (gisspace(*name)) {
				return FALSE;
			}

			name++;
		}

		return TRUE;
	}

	return FALSE;
}

/******************************************************************************/