[svn-commits] eliel: branch eliel/cli-permissions r151897 - /team/eliel/cli-permissions/main/

Fri Oct 24 23:37:59 CDT 2008

Author: eliel
Date: Fri Oct 24 23:37:58 2008
New Revision: 151897

URL: http://svn.digium.com/view/asterisk?view=rev&rev=151897
Log:
- Simplify the parsing of permissions.conf (to avoid additional indents).
- Fix some coding guidelines.
- Use a RWLIST instead of a LIST.

Modified:
    team/eliel/cli-permissions/main/cli.c

Modified: team/eliel/cli-permissions/main/cli.c
URL: http://svn.digium.com/view/asterisk/team/eliel/cli-permissions/main/cli.c?view=diff&rev=151897&r1=151896&r2=151897
==============================================================================

--- team/eliel/cli-permissions/main/cli.c (original)
+++ team/eliel/cli-permissions/main/cli.c Fri Oct 24 23:37:58 2008
@@ -76,7 +76,7 @@
  * it is already running. */
 AST_MUTEX_DEFINE_STATIC(permsconfiglock);
 /* List of users and permissions. */
-AST_LIST_HEAD_STATIC(cli_perms, usergroup_cli_perm);
+AST_RWLIST_HEAD_STATIC(cli_perms, usergroup_cli_perm);
 
 /*!
  * \brief map a debug or verbose value to a filename
@@ -150,15 +150,20 @@
 	return res;
 }
 
-/*! \brief Check if the user with 'uid' and 'gid' is allow to execute 'command',
- *         if command starts with '_' then not check permissions, just permit
- *         to run the 'command'.
+/*! \internal
+ *  \brief Check if the user with 'uid' and 'gid' is allow to execute 'command',
+ *	   if command starts with '_' then not check permissions, just permit
+ *	   to run the 'command'.
+ *	   if uid == -1 or gid == -1 do not check permissions.
+ *	   if uid == -2 and gid == -2 is because rasterisk client didn't send
+ *	   the credentials, so the default_perm will be applied.
  *  \param uid User ID.
  *  \param gid Group ID.
  *  \param command Command name to check permissions.
- *  \return 1 if has permission, 0 if it is not allowed.
+ *  \retval 1 if has permission
+ *  \retval 0 if it is not allowed.
  */
-static int cli_has_permissions(const int uid, const int gid, char *command)
+static int cli_has_permissions(const int uid, const int gid, const char *command)
 {
 	struct usergroup_cli_perm *user_perm;
 	struct cli_perm *perm;
@@ -175,33 +180,35 @@
 
 	if (gid >= 0) {
 		/* First check group permissions */
-		AST_LIST_LOCK(&cli_perms);
+		AST_RWLIST_RDLOCK(&cli_perms);
 		AST_LIST_TRAVERSE(&cli_perms, user_perm, list) {
-			if (user_perm->gid == gid) {
-				AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
-					if (!strcasecmp(perm->command, "all") || !strncasecmp(perm->command, command, strlen(perm->command))) {
-						isallow = perm->permit;
-					}
+			if (user_perm->gid != gid) {
+				continue;
+			}
+			AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
+				if (!strcasecmp(perm->command, "all") || !strncasecmp(perm->command, command, strlen(perm->command))) {
+					isallow = perm->permit;
 				}
-				break;
-			}
-		}
-		AST_LIST_UNLOCK(&cli_perms);
+			}
+			break;
+		}
+		AST_RWLIST_UNLOCK(&cli_perms);
 	}
 	if (uid >= 0) {
 		/* Overwrite gid permissions if user permissions are configured. */
-		AST_LIST_LOCK(&cli_perms);
+		AST_RWLIST_RDLOCK(&cli_perms);
 		AST_LIST_TRAVERSE(&cli_perms, user_perm, list) {
-			if (user_perm->uid == uid) {
-				AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
-					if (!strcasecmp(perm->command, "all") || !strncasecmp(perm->command, command, strlen(perm->command))) {
-						isallow = perm->permit;
-					}
+			if (user_perm->uid != uid) {
+				continue;
+			}
+			AST_LIST_TRAVERSE(user_perm->perms, perm, list) {
+				if (!strcasecmp(perm->command, "all") || !strncasecmp(perm->command, command, strlen(perm->command))) {
+					isallow = perm->permit;
 				}
-				break;
-			}
-		}
-		AST_LIST_UNLOCK(&cli_perms);
+			}
+			break;
+		}
+		AST_RWLIST_UNLOCK(&cli_perms);
 	}
 
 	return isallow;
@@ -895,7 +902,7 @@
 		return NULL;
 	}
 
-	AST_LIST_LOCK(&cli_perms);
+	AST_RWLIST_RDLOCK(&cli_perms);
 	AST_LIST_TRAVERSE(&cli_perms, cp, list) {
 		if (cp->uid >= 0) {
 			pw = getpwuid(cp->uid);
@@ -916,7 +923,7 @@
 		}
 		ast_cli(a->fd, "\n");
 	}
-	AST_LIST_UNLOCK(&cli_perms);
+	AST_RWLIST_UNLOCK(&cli_perms);
 
 	return CLI_SUCCESS;
 }
@@ -1494,11 +1501,12 @@
 }
 
 /*! \brief cleanup (free) cli_perms linkedlist. */
-static void destroy_user_perms (void) {
+static void destroy_user_perms (void)
+{
 	struct cli_perm *perm;
 	struct usergroup_cli_perm *user_perm;
 
-	AST_LIST_LOCK(&cli_perms);
+	AST_RWLIST_WRLOCK(&cli_perms);
 	while ((user_perm = AST_LIST_REMOVE_HEAD(&cli_perms, list))) {
 		while ((perm = AST_LIST_REMOVE_HEAD(user_perm->perms, list))) {
 			ast_free(perm->command);
@@ -1506,7 +1514,7 @@
 		}
 		ast_free(user_perm);
 	}
-	AST_LIST_UNLOCK(&cli_perms);
+	AST_RWLIST_UNLOCK(&cli_perms);
 }
 
 int ast_cli_perms_init(int reload) {
@@ -1545,78 +1553,85 @@
 					default_perm = (!strcasecmp(v->value, "permit")) ? 1: 0;
 				}
 			}
+			continue;
+		}
+		
+		/* users or groups */
+		gr = NULL, pw = NULL;
+		if (cat[0] == '@') {
+			/* This is a group */
+			gr = getgrnam(&cat[1]);
+			if (!gr) {
+				ast_log (LOG_WARNING, "Unknown group '%s'\n", &cat[1]);
+				continue;
+			}
 		} else {
-			gr = NULL, pw = NULL;
-			if (cat[0] == '@') {
-				/* This is a group */
-				gr = getgrnam(&cat[1]);
-				if (!gr)
-					ast_log (LOG_WARNING, "Unknown group '%s'\n", &cat[1]);
+			/* This is a user */
+			pw = getpwnam(cat);
+			if (!pw) {
+				ast_log (LOG_WARNING, "Unknown user '%s'\n", cat);
+				continue;
+			}
+		}
+		user_group = NULL;
+		/* Check for duplicates */
+		AST_RWLIST_WRLOCK(&cli_perms);
+		AST_LIST_TRAVERSE(&cli_perms, cp_entry, list) {
+			if ((pw && cp_entry->uid == pw->pw_uid) || (gr && cp_entry->gid == gr->gr_gid)) {
+				/* if it is duplicated, just added this new settings, to 
+				the current list. */
+				user_group = cp_entry;
+				break;
+			}	
+		}
+		AST_RWLIST_UNLOCK(&cli_perms);
+
+		if (!user_group) {
+			/* alloc space for the new user config. */
+			user_group = ast_calloc(1, sizeof(*user_group));
+			if (!user_group) {
+				continue;
+			}
+			user_group->uid = (pw ? pw->pw_uid : -1);
+			user_group->gid = (gr ? gr->gr_gid : -1);
+			user_group->perms = ast_calloc(1, sizeof(*user_group->perms));
+			if (!user_group->perms) {
+				ast_free(user_group);
+				continue;
+			}
+		}
+		for (v = ast_variable_browse(cfg, cat); v; v = v->next) {
+			if (ast_strlen_zero(v->value)) {
+				/* we need to check this condition cause it could break security. */
+				ast_log(LOG_WARNING, "Empty permit/deny option in user '%s'\n", cat);
+				continue;
+			}
+			if (!strcasecmp(v->name, "permit")) {
+				perm = ast_calloc(1, sizeof(*perm));
+				if (perm) {
+					perm->permit = 1;
+					perm->command = ast_strdup(v->value);
+				}
+			} else if (!strcasecmp(v->name, "deny")) {
+				perm = ast_calloc(1, sizeof(*perm));
+				if (perm) {
+					perm->permit = 0;
+					perm->command = ast_strdup(v->value);
+				}
 			} else {
-				/* This is a user */
-				pw = getpwnam(cat);
-				if (!pw) {
-					ast_log (LOG_WARNING, "Unknown user '%s'\n", cat);
-				}
-			}
-			if (pw || gr) {
-				user_group = NULL;
-				/* Check for duplicates */
-				AST_LIST_LOCK(&cli_perms);
-				AST_LIST_TRAVERSE(&cli_perms, cp_entry, list) {
-					if ((pw && cp_entry->uid == pw->pw_uid) || (gr && cp_entry->gid == gr->gr_gid)) {
-						/* if it is duplicated, just added this new settings, to 
-						the current list. */
-						user_group = cp_entry;
-						break;
-					}	
-				}
-				if (!user_group) {
-					/* alloc space for the new user config. */
-					user_group = ast_calloc(1, sizeof(*user_group));
-					if (user_group) {
-						if (pw) {
-							user_group->uid = pw->pw_uid;
-							user_group->gid = -1;
-						} else {
-							user_group->gid = gr->gr_gid;
-							user_group->uid = -1;
-						}
-						user_group->perms = ast_calloc(1, sizeof(*user_group->perms));
-					}
-					AST_LIST_INSERT_TAIL(&cli_perms, user_group, list);
-				}
-				for (v = ast_variable_browse(cfg, cat); v; v = v->next) {
-					if (ast_strlen_zero(v->value)) {
-						/* we need to check this condition cause it could break security. */
-						ast_log(LOG_WARNING, "Empty permit/deny option in user '%s'\n", cat);
-						continue;
-					}
-					if (!strcasecmp(v->name, "permit")) {
-						perm = ast_calloc(1, sizeof(*perm));
-						if (perm) {
-							perm->permit = 1;
-							perm->command = ast_strdup(v->value);
-						}
-					} else if (!strcasecmp(v->name, "deny")) {
-						perm = ast_calloc(1, sizeof(*perm));
-						if (perm) {
-							perm->permit = 0;
-							perm->command = ast_strdup(v->value);
-						}
-					} else {
-						/* up to now, only 'permit' and 'deny' are possible values. */
-						ast_log(LOG_WARNING, "Unknown '%s' option\n", v->name);
-					}
-					if (perm) {
-						/* Added the permission to the user's list. */
-						AST_LIST_INSERT_TAIL(user_group->perms, perm, list);
-						perm = NULL;
-					}
-				}
-				AST_LIST_UNLOCK(&cli_perms);
-			}	
-		}
+				/* up to now, only 'permit' and 'deny' are possible values. */
+				ast_log(LOG_WARNING, "Unknown '%s' option\n", v->name);
+				continue;
+			}
+			if (perm) {
+				/* Added the permission to the user's list. */
+				AST_LIST_INSERT_TAIL(user_group->perms, perm, list);
+				perm = NULL;
+			}
+		}
+		AST_RWLIST_WRLOCK(&cli_perms);
+		AST_RWLIST_INSERT_TAIL(&cli_perms, user_group, list);
+		AST_RWLIST_UNLOCK(&cli_perms);
 	}
 
 	ast_config_destroy(cfg);


