[interchange-cvs] interchange - heins modified lib/Vend/File.pm
interchange-core@icdevgroup.org
interchange-core@icdevgroup.org
Fri Apr 4 21:03:00 2003
User: heins
Date: 2003-04-05 01:58:02 GMT
Modified: lib/Vend File.pm
Log:
* Change calling target for subroutines to:
$status = $sub->($actual_file, $FileControlPath, $write, @caller);
This allows acl routines to check both the actual file being requested
and the path being checked.
So the original example is now:
FileControl include/junk <<EOR
sub {
my ($fn, $checkpath, $write, @caller) = @_;
$fn =~ /foo/;
}
EOR
* Change these:
> # Check for $Scratch->{dealer} NOT set
> FileControl foo/bar ic_scratch_deny:dealer
>
> # Check for $Session->{secure} NOT set
> FileControl foo/bar ic_session_deny:secure
>
To:
# Check for $Scratch->{dealer} NOT set
FileControl foo/bar ic_scratch:!dealer
# Check for $Session->{secure} NOT set
FileControl foo/bar ic_session:!secure
Add:
# Check for $Scratch->{dealer} eq "foo"
FileControl foo/bar ic_scratch:dealer:foo
# Check for $Scratch->{dealer} ne "foo"
FileControl foo/bar ic_scratch:!dealer:foo
# Check for $Session->{secure} eq "foo"
FileControl foo/bar ic_session:secure:foo
# Check for $Session->{secure} ne "foo"
FileControl foo/bar ic_session:!secure:foo
* Add ability to pass permission for a directory from userdb.
FileControl foo/bar/path ic_userdb
Permission for either "foo/bar/path" or "foo/bar/path/filename" will
allow access. If "foo/bar/path/filename" is set but not "r", then it will
be denied even if "foo/bar/path" is allowed. In other words, a depth-first
search is done both on the individual atom and the file itself.
BUG:
{
'foo/bar/deep' => 'rw',
'foo/bar/deep/deeper' => 'n',
}
will allow access to foo/bar/deep/deeper/somefile with
FileControl foo/bar/deep ic_userdb
In other words, all entries matching the parent path are
not searched in the target ACL.
Revision Changes Path
2.5 +16 -18 interchange/lib/Vend/File.pm
rev 2.5, prev_rev 2.4
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.4
retrieving revision 2.5
diff -u -r2.4 -r2.5
--- File.pm 4 Apr 2003 04:51:06 -0000 2.4
+++ File.pm 5 Apr 2003 01:58:02 -0000 2.5
@@ -1,6 +1,6 @@
# Vend::File - Interchange file functions
#
-# $Id: File.pm,v 2.4 2003/04/04 04:51:06 mheins Exp $
+# $Id: File.pm,v 2.5 2003/04/05 01:58:02 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -52,7 +52,7 @@
use Vend::Util;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.4 $, 10);
+$VERSION = substr(q$Revision: 2.5 $, 10);
sub writefile {
my($file, $data, $opt) = @_;
@@ -533,24 +533,22 @@
return 1;
},
ic_session => sub {
- my ($fn, $write, $sub) = @_;
- return 1 if $Vend::Session->{$sub};
- return 0;
- },
- ic_session_deny => sub {
- my ($fn, $write, $sub) = @_;
- return 0 if $Vend::Session->{$sub};
- return 1;
+ my ($fn, $write, $sub, $compare) = @_;
+ my $false = $sub =~ s/^!\s*//;
+ my $status = length($compare)
+ ? ($Vend::Session->{$sub} eq $compare)
+ : ($Vend::Session->{$sub});
+ return ! $false if $status;
+ return $false;
},
ic_scratch => sub {
- my ($fn, $write, $sub) = @_;
- return 1 if $::Scratch->{$sub};
- return 0;
- },
- ic_scratch_deny => sub {
- my ($fn, $write, $sub) = @_;
- return 0 if $::Scratch->{$sub};
- return 1;
+ my ($fn, $write, $sub, $compare) = @_;
+ my $false = $sub =~ s/^!\s*//;
+ my $status = length($compare)
+ ? ($::Scratch->{$sub} eq $compare)
+ : ($::Scratch->{$sub});
+ return ! $false if $status;
+ return $false;
},
ic_userdb => sub {
my ($fn, $write, $profile, $sub, $mode) = @_;