[interchange-cvs] interchange - heins modified lib/Vend/File.pm

interchange-core@icdevgroup.org interchange-core@icdevgroup.org
Fri Apr 4 21:03:00 2003


User:      heins
Date:      2003-04-05 01:58:02 GMT
Modified:  lib/Vend File.pm
Log:
* Change calling target for subroutines to:

	$status = $sub->($actual_file, $FileControlPath, $write, @caller);

  This allows acl routines to check both the actual file being requested
  and the path being checked.

  So the original example is now:

	FileControl include/junk  <<EOR
	sub {
		my ($fn, $checkpath, $write, @caller) = @_;
		$fn =~ /foo/;
	}
	EOR

* Change these:

	>   # Check for $Scratch->{dealer} NOT set
	>   FileControl foo/bar ic_scratch_deny:dealer
	>
    >   # Check for $Session->{secure} NOT set
    >   FileControl foo/bar ic_session_deny:secure
    >

  To:

      # Check for $Scratch->{dealer} NOT set
      FileControl foo/bar ic_scratch:!dealer

      # Check for $Session->{secure} NOT set
      FileControl foo/bar ic_session:!secure

  Add:

      # Check for $Scratch->{dealer} eq "foo"
      FileControl foo/bar ic_scratch:dealer:foo

      # Check for $Scratch->{dealer} ne "foo"
      FileControl foo/bar ic_scratch:!dealer:foo

      # Check for $Session->{secure} eq "foo"
      FileControl foo/bar ic_session:secure:foo

      # Check for $Session->{secure} ne "foo"
      FileControl foo/bar ic_session:!secure:foo

* Add ability to pass permission for a directory from userdb.

    FileControl foo/bar/path ic_userdb

  Permission for either "foo/bar/path" or "foo/bar/path/filename" will
  allow access. If "foo/bar/path/filename" is set but not "r", then it will
  be denied even if "foo/bar/path" is allowed. In other words, a depth-first
  search is done both on the individual atom and the file itself.

  BUG:

      {
        'foo/bar/deep'              => 'rw',
        'foo/bar/deep/deeper'       => 'n',
        }

   will allow access to foo/bar/deep/deeper/somefile with

    FileControl  foo/bar/deep  ic_userdb

   In other words, all entries matching the parent path are
   not searched in the target ACL.

Revision  Changes    Path
2.5       +16 -18    interchange/lib/Vend/File.pm


rev 2.5, prev_rev 2.4
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.4
retrieving revision 2.5
diff -u -r2.4 -r2.5
--- File.pm	4 Apr 2003 04:51:06 -0000	2.4
+++ File.pm	5 Apr 2003 01:58:02 -0000	2.5
@@ -1,6 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.4 2003/04/04 04:51:06 mheins Exp $
+# $Id: File.pm,v 2.5 2003/04/05 01:58:02 mheins Exp $
 # 
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -52,7 +52,7 @@
 use Vend::Util;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.4 $, 10);
+$VERSION = substr(q$Revision: 2.5 $, 10);
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -533,24 +533,22 @@
 					return 1;
 					},
 	ic_session => sub {
-					my ($fn, $write, $sub) = @_;
-					return 1 if $Vend::Session->{$sub};
-					return 0;
-					},
-	ic_session_deny => sub {
-					my ($fn, $write, $sub) = @_;
-					return 0 if $Vend::Session->{$sub};
-					return 1;
+					my ($fn, $write, $sub, $compare) = @_;
+					my $false = $sub =~ s/^!\s*//;
+					my $status	= length($compare)
+								? ($Vend::Session->{$sub} eq $compare)
+								: ($Vend::Session->{$sub});
+					return ! $false if $status;
+					return $false;
 					},
 	ic_scratch => sub {
-					my ($fn, $write, $sub) = @_;
-					return 1 if $::Scratch->{$sub};
-					return 0;
-					},
-	ic_scratch_deny => sub {
-					my ($fn, $write, $sub) = @_;
-					return 0 if $::Scratch->{$sub};
-					return 1;
+					my ($fn, $write, $sub, $compare) = @_;
+					my $false = $sub =~ s/^!\s*//;
+					my $status	= length($compare)
+								? ($::Scratch->{$sub} eq $compare)
+								: ($::Scratch->{$sub});
+					return ! $false if $status;
+					return $false;
 					},
 	ic_userdb => sub {
 		my ($fn, $write, $profile, $sub, $mode) = @_;