[asterisk-commits] eliel: branch eliel/cli-permissions r153335 - /team/eliel/cli-permissions/main/

Sat Nov 1 09:49:12 CDT 2008

Author: eliel
Date: Sat Nov  1 09:49:09 2008
New Revision: 153335

URL: http://svn.digium.com/view/asterisk?view=rev&rev=153335
Log:
- Simplify the cli_has_permissions function.
- Add autocomplete for command 'cli check permissions'

Modified:
    team/eliel/cli-permissions/main/cli.c

Modified: team/eliel/cli-permissions/main/cli.c
URL: http://svn.digium.com/view/asterisk/team/eliel/cli-permissions/main/cli.c?view=diff&rev=153335&r1=153334&r2=153335
==============================================================================

--- team/eliel/cli-permissions/main/cli.c (original)
+++ team/eliel/cli-permissions/main/cli.c Sat Nov  1 09:49:09 2008
@@ -52,7 +52,7 @@
  * \brief List of restrictions per user.
  */
 struct cli_perm {
-	int permit:1;				/*!< 1=Permit 0=Deny */
+	unsigned int permit:1;				/*!< 1=Permit 0=Deny */
 	char *command;				/*!< Command name (to apply restrictions) */
 	AST_LIST_ENTRY(cli_perm) list;
 };
@@ -69,7 +69,7 @@
 /*! \brief CLI permissions config file. */
 static const char perms_config[] = "cli_permissions.conf";
 /*! \brief Default permissions value 1=Permit 0=Deny */
-static int default_perm = 1;
+static int cli_default_perm = 1;
 
 /*! \brief mutex used to prevent a user from running the 'cli reload permissions' command while
  * it is already running. */
@@ -155,7 +155,7 @@
  *	   to run the 'command'.
  *	   if uid == -1 or gid == -1 do not check permissions.
  *	   if uid == -2 and gid == -2 is because rasterisk client didn't send
- *	   the credentials, so the default_perm will be applied.
+ *	   the credentials, so the cli_default_perm will be applied.
  *  \param uid User ID.
  *  \param gid Group ID.
  *  \param command Command name to check permissions.
@@ -166,51 +166,45 @@
 {
 	struct usergroup_cli_perm *user_perm;
 	struct cli_perm *perm;
-
 	/* set to the default permissions general option. */
-	int isallow = default_perm;
+	int isallowg = cli_default_perm, isallowu = -1;
 
 	/* if uid == -1 or gid == -1 do not check permissions.
 	   if uid == -2 and gid == -2 is because rasterisk client didn't send
-	   the credentials, so the default_perm will be applied. */
+	   the credentials, so the cli_default_perm will be applied. */
 	if ((uid == CLI_NO_PERMS && gid == CLI_NO_PERMS) || command[0] == '_') {
 		return 1;
 	}
 
-	if (gid >= 0) {
-		/* First check group permissions */
-		AST_RWLIST_RDLOCK(&cli_perms);
-		AST_LIST_TRAVERSE(&cli_perms, user_perm, list) {
-			if (user_perm->gid != gid) {
+	if (gid < 0 && uid < 0) {
+		return cli_default_perm;
+	}
+
+	AST_RWLIST_RDLOCK(&cli_perms);
+	AST_LIST_TRAVERSE(&cli_perms, user_perm, list) {
+		if (user_perm->gid != gid && user_perm->uid != uid) {
+			continue;
+		}
+		AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
+			if (strcasecmp(perm->command, "all") && strncasecmp(perm->command, command, strlen(perm->command))) {
 				continue;
 			}
-			AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
-				if (!strcasecmp(perm->command, "all") || !strncasecmp(perm->command, command, strlen(perm->command))) {
-					isallow = perm->permit;
-				}
-			}
-			break;
-		}
-		AST_RWLIST_UNLOCK(&cli_perms);
-	}
-	if (uid >= 0) {
-		/* Overwrite gid permissions if user permissions are configured. */
-		AST_RWLIST_RDLOCK(&cli_perms);
-		AST_LIST_TRAVERSE(&cli_perms, user_perm, list) {
-			if (user_perm->uid != uid) {
-				continue;
-			}
-			AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
-				if (!strcasecmp(perm->command, "all") || !strncasecmp(perm->command, command, strlen(perm->command))) {
-					isallow = perm->permit;
-				}
-			}
-			break;
-		}
-		AST_RWLIST_UNLOCK(&cli_perms);
-	}
-
-	return isallow;
+			if (user_perm->uid == uid) {
+				/* this is a user definition. */
+				isallowu = perm->permit;
+			} else {
+				/* otherwise is a group definition. */
+				isallowg = perm->permit;
+			}
+		}
+	}
+	AST_RWLIST_UNLOCK(&cli_perms);
+	if (isallowu > -1) {
+		/* user definition override group definition. */
+		isallowg = isallowu;
+	}
+
+	return isallowg;
 }
 
 static AST_RWLIST_HEAD_STATIC(helpers, ast_cli_entry);
@@ -966,6 +960,9 @@
 			"       The username or the groupname may be omitted.\n"; 
 		return NULL;
 	case CLI_GENERATE:
+		if (a->pos >= 4) {
+			return ast_cli_generator(a->line + strlen("cli check permissions") + strlen(a->argv[3]) + 1, a->word, a->n);
+		}
 		return NULL;
 	}
 
@@ -1549,7 +1546,7 @@
 			/* General options */
 			for (v = ast_variable_browse(cfg, cat); v; v = v->next) {
 				if (!strcasecmp(v->name, "default_perm")) {
-					default_perm = (!strcasecmp(v->value, "permit")) ? 1: 0;
+					cli_default_perm = (!strcasecmp(v->value, "permit")) ? 1: 0;
 				}
 			}
 			continue;


