[interchange-cvs] interchange - heins modified 2 files

interchange-core@icdevgroup.org interchange-core@icdevgroup.org
Thu Apr 3 23:52:00 2003


User:      heins
Date:      2003-04-04 04:51:06 GMT
Modified:  lib/Vend Config.pm File.pm
Log:
* Add some intrinsic FileControl checks.

	# Is a catalog superuser
    FileControl foo/bar ic_super

	# Is a catalog admin
	FileControl foo/bar ic_admin

	# Is logged in at all
	FileControl foo/bar ic_logged

	# Is logged in at userdb table of "userdb"
	FileControl foo/bar ic_logged:userdb

	# Is logged in at userdb table of "affiliate"
	FileControl foo/bar ic_logged:affiliate

	# Run check on userdb file_acl
	FileControl foo/bar ic_userdb

	# Run check on userdb file_acl
	FileControl foo/bar ic_userdb:file_acl

	# Run check on userdb db_acl
	FileControl foo/bar ic_userdb:db_acl

	# Check for $Scratch->{dealer} set
    FileControl foo/bar ic_scratch:dealer

	# Check for $Scratch->{dealer} NOT set
    FileControl foo/bar ic_scratch_deny:dealer

	# Check for $Session->{secure} set
    FileControl foo/bar ic_session:secure

	# Check for $Session->{secure} NOT set
    FileControl foo/bar ic_session_deny:secure

  These don't override the NoAbsolute checks.

Revision  Changes    Path
2.107     +14 -6     interchange/lib/Vend/Config.pm


rev 2.107, prev_rev 2.106
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.106
retrieving revision 2.107
diff -u -r2.106 -r2.107
--- Config.pm	3 Apr 2003 21:30:22 -0000	2.106
+++ Config.pm	4 Apr 2003 04:51:06 -0000	2.107
@@ -1,6 +1,6 @@
 # Vend::Config - Configure Interchange
 #
-# $Id: Config.pm,v 2.106 2003/04/03 21:30:22 racke Exp $
+# $Id: Config.pm,v 2.107 2003/04/04 04:51:06 mheins Exp $
 #
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 # Copyright (C) 2003 ICDEVGROUP <interchange@icdevgroup.org>
@@ -48,7 +48,7 @@
 use Vend::File;
 use Vend::Data;
 
-$VERSION = substr(q$Revision: 2.106 $, 10);
+$VERSION = substr(q$Revision: 2.107 $, 10);
 
 my %CDname;
 my %CPname;
@@ -180,7 +180,7 @@
 					FileControl			1
 				));
 
-my %AllowMappedAction = (qw(
+my %AllowScalarAction = (qw(
 					FileControl			1
 				));
 
@@ -1673,19 +1673,27 @@
 				$c->{$name} = $Global::GlobalSub->{$sub};
 			}
 		}
-		if(! $c->{$name}) {
+		if(! $c->{$name} and $AllowScalarAction{$var}) {
+			$c->{$name} = $sub;
+		}
+		elsif(! $c->{$name}) {
 			$@ = errmsg("Mapped %s action routine '%s' is non-existant.", $var, $sub);
 		}
 	}
 	elsif ( ! $mapped and $sub !~ /^sub\b/) {
-		my $code = <<EOF;
+		if($AllowScalarAction{$var}) {
+			$c->{$name} = $sub;
+		}
+		else {
+			my $code = <<EOF;
 sub {
 				return Vend::Interpolate::interpolate_html(<<EndOfThisHaiRYTHING);
 $sub
 EndOfThisHaiRYTHING
 }
 EOF
-		$c->{$name} = eval $code;
+			$c->{$name} = eval $code;
+		}
 	}
 	elsif (! $C or $Global::AllowGlobal->{$C->{CatalogName}}) {
 		package Vend::Interpolate;



2.4       +85 -3     interchange/lib/Vend/File.pm


rev 2.4, prev_rev 2.3
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.3
retrieving revision 2.4
diff -u -r2.3 -r2.4
--- File.pm	2 Apr 2003 19:08:29 -0000	2.3
+++ File.pm	4 Apr 2003 04:51:06 -0000	2.4
@@ -1,6 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.3 2003/04/02 19:08:29 mheins Exp $
+# $Id: File.pm,v 2.4 2003/04/04 04:51:06 mheins Exp $
 # 
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -51,8 +51,8 @@
 use Errno;
 use Vend::Util;
 use subs qw(logError logGlobal);
-use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.3 $, 10);
+use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
+$VERSION = substr(q$Revision: 2.4 $, 10);
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -522,6 +522,85 @@
 	return 0;
 }
 
+my %intrinsic = (
+	ic_super => sub { return 1 if $Vend::superuser; },
+	ic_admin => sub { return 1 if $Vend::admin; },
+	ic_logged => sub {
+					my ($fn, $write, $sub) = @_;
+					return 0 unless $Vend::username;
+					return 0 unless $Vend::Session->{logged_in};
+					return 0 if $sub and $Vend::login_table ne $sub;
+					return 1;
+					},
+	ic_session => sub {
+					my ($fn, $write, $sub) = @_;
+					return 1 if $Vend::Session->{$sub};
+					return 0;
+					},
+	ic_session_deny => sub {
+					my ($fn, $write, $sub) = @_;
+					return 0 if $Vend::Session->{$sub};
+					return 1;
+					},
+	ic_scratch => sub {
+					my ($fn, $write, $sub) = @_;
+					return 1 if $::Scratch->{$sub};
+					return 0;
+					},
+	ic_scratch_deny => sub {
+					my ($fn, $write, $sub) = @_;
+					return 0 if $::Scratch->{$sub};
+					return 1;
+					},
+	ic_userdb => sub {
+		my ($fn, $write, $profile, $sub, $mode) = @_;
+		return 0 unless $Vend::username;
+		return 0 unless $Vend::Session->{logged_in};
+		$profile ||= 'default';
+		$sub     ||= 'file_acl';
+		my $u = new Vend::UserDB profile => $profile;
+		$mode ||= $write ? 'w' : 'r';
+		my $func = "check_$sub";
+		my %o = ( 
+			location => $fn,
+			mode => $mode,
+		);
+		return undef unless $u->can($func);
+		my $status = $u->$func( %o );
+		::logDebug("status=$status back from userdb: " . ::uneval(\%o));
+		return $status;
+	},
+);
+
+sub _intrinsic {
+	my ($thing, $fn, $write) = @_;
+	$thing =~ s/^\s+//;
+	$thing =~ s/\s+$//;
+	my @checks = split /\s*;\s*/, $thing;
+	my $status = 1;
+	for(@checks) {
+		my ($check, @args) = split /:/, $_;
+		my $sub = $intrinsic{$check}
+			or do {
+				## $errstr is package global
+				$errstr = ::errmsg("Bad intrinsic check '%s', denying.", $_);
+				return undef;
+			};
+		unless( $sub->($fn, $write, @args) ) {
+			## $errstr is package global
+			$errstr = ::errmsg(
+						"Failed intrinsic check '%s'%s for %s, denying.",
+						$_,
+						$write ? " (write)" : '',
+						$fn,
+						);
+			$status = 0;
+			last;
+		}
+	}
+	return $status;
+}
+
 sub check_user_write {
 	my $fn = shift;
 	my $un = $Global::CatalogUser->{$Vend::Cat}
@@ -561,8 +640,11 @@
 	my $f = $fn;
 	CHECKPATH: {
 		do {
-			if($subref->{$f}) {
+			if(ref($subref->{$f}) eq 'CODE') {
 				return $subref->{$f}->($fn, $write, @caller);
+			}
+			elsif ($subref->{$f}) {
+				return _intrinsic($subref->{$f}, $fn, $write);
 			}
 		} while $f =~ s{/[^/]*$}{};
 	}