« back to all changes in this revision
Viewing changes to uploaderslist.c
- browse files at revision 1766
- compare with another revision
- download diff
- download tarball
- view history from revision 1766
- Committer: Mahyuddin Susanto
- Date: 2010-12-01 21:08:07 UTC
- Revision ID: udienz@gmail.com-20101201210807-b9bgweyvsis408u2
- Remove all file/directory exept debian/
+ Adding get-orig-source at debian/rules
+ Adding get-orig-source at debian/rules
- files removed:
- AUTHORS
- docs
- docs/di.example
- tests
- files modified:
- debian/rules
added
removed
uploaderslist.c
1
/* This file is part of "reprepro"
2
* Copyright (C) 2005,2006,2007,2009 Bernhard R. Link
3
* This program is free software; you can redistribute it and/or modify
4
* it under the terms of the GNU General Public License version 2 as
5
* published by the Free Software Foundation.
6
*
7
* This program is distributed in the hope that it will be useful,
8
* but WITHOUT ANY WARRANTY; without even the implied warranty of
9
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
* GNU General Public License for more details.
11
*
12
* You should have received a copy of the GNU General Public License
13
* along with this program; if not, write to the Free Software
14
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301 USA
15
*/
16
#include <config.h>
17
18
#include <errno.h>
19
#include <assert.h>
20
#include <unistd.h>
21
#include <stdlib.h>
22
#include <alloca.h>
23
#include <stdio.h>
24
#include <ctype.h>
25
#include <string.h>
26
#include <malloc.h>
27
#include "error.h"
28
#include "mprintf.h"
29
#include "strlist.h"
30
#include "names.h"
31
#include "atoms.h"
32
#include "signature.h"
33
#include "globmatch.h"
34
#include "uploaderslist.h"
35
36
struct upload_condition {
37
/* linked list of all sub-nodes */
38
/*@null@*/struct upload_condition *next;
39
40
enum upload_condition_type type;
41
const struct upload_condition *next_if_true, *next_if_false;
42
bool accept_if_true, accept_if_false;
43
enum {
44
/* none matching means false, at least one being from
45
* the set means true */
46
needs_any = 0,
47
/* one not matching means false, otherwise true */
48
needs_all,
49
/* one not matching means false,
50
* otherwise true iff there is at least one */
51
needs_existsall,
52
/* having a candidate means true, otherwise false */
53
needs_anycandidate
54
} needs;
55
union {
56
/* uc_SECTIONS, uc_BINARIES, uc_SOURCENAME, uc_BYHAND */
57
struct strlist strings;
58
/* uc_COMPONENTS, uc_ARCHITECTURES */
59
struct atomlist atoms;
60
};
61
};
62
struct upload_conditions {
63
/* condition currently tested */
64
const struct upload_condition *current;
65
/* current state of top most condition */
66
bool matching;
67
/* top most condition will not be true unless cleared*/
68
bool needscandidate;
69
/* always use last next, then decrement */
70
int count;
71
const struct upload_condition *conditions[];
72
};
73
74
static retvalue upload_conditions_add(struct upload_conditions **c_p, const struct upload_condition *a) {
75
int newcount;
76
struct upload_conditions *n;
77
78
if( *c_p == NULL )
79
newcount = 1;
80
else
81
newcount = (*c_p)->count + 1;
82
n = realloc(*c_p, sizeof(struct upload_conditions)
83
+ newcount * sizeof(const struct upload_condition*));
84
if( n == NULL )
85
return RET_ERROR_OOM;
86
n->current = NULL;
87
n->count = newcount;
88
n->conditions[newcount - 1] = a;
89
*c_p = n;
90
return RET_OK;
91
}
92
93
struct uploader {
94
struct uploader *next;
95
size_t len;
96
char *reversed_fingerprint;
97
struct upload_condition permissions;
98
bool allow_subkeys;
99
};
100
101
struct uploaders {
102
struct uploaders *next;
103
size_t reference_count;
104
char *filename;
105
size_t filename_len;
106
107
struct uploader *by_fingerprint;
108
struct upload_condition anyvalidkeypermissions;
109
struct upload_condition unsignedpermissions;
110
struct upload_condition anybodypermissions;
111
} *uploaderslists = NULL;
112
113
static void uploadpermission_release(struct upload_condition *p) {
114
struct upload_condition *h, *f = NULL;
115
116
assert( p != NULL );
117
118
do {
119
h = p->next;
120
switch( p->type ) {
121
case uc_BINARIES:
122
case uc_SECTIONS:
123
case uc_SOURCENAME:
124
case uc_BYHAND:
125
strlist_done(&p->strings);
126
break;
127
128
case uc_ARCHITECTURES:
129
atomlist_done(&p->atoms);
130
break;
131
132
case uc_ALWAYS:
133
case uc_REJECTED:
134
break;
135
}
136
free(f);
137
/* next one must be freed: */
138
f = h;
139
/* and processed: */
140
p = h;
141
} while( p != NULL );
142
}
143
144
static void uploader_free(struct uploader *u) {
145
if( u == NULL )
146
return;
147
free(u->reversed_fingerprint);
148
uploadpermission_release(&u->permissions);
149
free(u);
150
}
151
152
static void uploaders_free(struct uploaders *u) {
153
if( u == NULL )
154
return;
155
while( u->by_fingerprint != NULL ) {
156
struct uploader *next = u->by_fingerprint->next;
157
158
uploader_free(u->by_fingerprint);
159
u->by_fingerprint = next;
160
}
161
uploadpermission_release(&u->anyvalidkeypermissions);
162
uploadpermission_release(&u->anybodypermissions);
163
uploadpermission_release(&u->unsignedpermissions);
164
free(u->filename);
165
free(u);
166
}
167
168
void uploaders_unlock(struct uploaders *u) {
169
if( u->reference_count > 1 ) {
170
u->reference_count--;
171
} else {
172
struct uploaders **p = &uploaderslists;
173
174
assert( u->reference_count == 1);
175
/* avoid double free: */
176
if( u->reference_count == 0 )
177
return;
178
179
while( *p != NULL && *p != u )
180
p = &(*p)->next;
181
assert( p != NULL && *p == u );
182
if( *p == u ) {
183
*p = u->next;
184
uploaders_free(u);
185
}
186
}
187
}
188
189
static retvalue find_key_and_add(struct uploaders *u, struct upload_conditions **c_p, const struct signature *s) {
190
size_t len, i, primary_len;
191
char *reversed;
192
const char *fingerprint, *primary_fingerprint;
193
char *reversed_primary_key;
194
const struct uploader *uploader;
195
retvalue r;
196
197
assert( u != NULL );
198
199
fingerprint = s->keyid;
200
assert( fingerprint != NULL );
201
len = strlen(fingerprint);
202
reversed = alloca(len+1);
203
if( reversed == NULL )
204
return RET_ERROR_OOM;
205
for( i = 0 ; i < len ; i++ ) {
206
char c = fingerprint[len-i-1];
207
if( c >= 'a' && c <= 'f' )
208
c -= 'a' - 'A';
209
else if( c == 'x' && len-i-1 == 1 && fingerprint[0] == '0' )
210
break;
211
if( ( c < '0' || c > '9' ) && ( c <'A' && c > 'F') ) {
212
fprintf(stderr,
213
"Strange character '%c'(=%hhu) in fingerprint '%s'.\n"
214
"Search for appropriate rules in the uploaders file might fail.\n",
215
c, c, fingerprint);
216
break;
217
}
218
reversed[i] = c;
219
}
220
len = i;
221
reversed[len] = '\0';
222
223
/* hm, this only sees the key is expired when it is kind of late... */
224
primary_fingerprint = s->primary_keyid;
225
primary_len = strlen(primary_fingerprint);
226
reversed_primary_key = alloca(len+1);
227
if( FAILEDTOALLOC(reversed_primary_key) )
228
return RET_ERROR_OOM;
229
230
for( i = 0 ; i < primary_len ; i++ ) {
231
char c = primary_fingerprint[primary_len-i-1];
232
if( c >= 'a' && c <= 'f' )
233
c -= 'a' - 'A';
234
else if( c == 'x' && primary_len-i-1 == 1 &&
235
primary_fingerprint[0] == '0' )
236
break;
237
if( ( c < '0' || c > '9' ) && ( c <'A' && c > 'F') ) {
238
fprintf(stderr,
239
"Strange character '%c'(=%hhu) in fingerprint/key-id '%s'.\n"
240
"Search for appropriate rules in the uploaders file might fail.\n",
241
c, c, primary_fingerprint);
242
break;
243
}
244
reversed_primary_key[i] = c;
245
}
246
primary_len = i;
247
reversed_primary_key[primary_len] = '\0';
248
249
for( uploader = u->by_fingerprint ; uploader != NULL ; uploader = uploader->next ) {
250
/* TODO: allow ignoring */
251
if( s->state != sist_valid )
252
continue;
253
if( uploader->allow_subkeys ) {
254
if( uploader->len > primary_len )
255
continue;
256
if( memcmp(uploader->reversed_fingerprint,
257
reversed_primary_key,
258
uploader->len) != 0 )
259
continue;
260
} else {
261
if( uploader->len > len )
262
continue;
263
if( memcmp(uploader->reversed_fingerprint,
264
reversed, uploader->len) != 0 )
265
continue;
266
}
267
r = upload_conditions_add(c_p, &uploader->permissions);
268
if( RET_WAS_ERROR(r) )
269
return r;
270
/* no break here, as a key might match
271
* multiple specifications of different length */
272
}
273
return RET_OK;
274
}
275
276
retvalue uploaders_permissions(struct uploaders *u, const struct signatures *signatures, struct upload_conditions **c_p) {
277
struct upload_conditions *conditions = NULL;
278
retvalue r;
279
int j;
280
281
r = upload_conditions_add(&conditions,
282
&u->anybodypermissions);
283
if( RET_WAS_ERROR(r) )
284
return r;
285
if( signatures == NULL ) {
286
/* signatures.count might be 0 meaning there is
287
* something lile a gpg header but we could not get
288
* keys, because of a gpg error or because of being
289
* compiling without libgpgme */
290
r = upload_conditions_add(&conditions,
291
&u->unsignedpermissions);
292
if( RET_WAS_ERROR(r) ) {
293
free(conditions);
294
return r;
295
}
296
}
297
if( signatures != NULL && signatures->validcount > 0 ) {
298
r = upload_conditions_add(&conditions,
299
&u->anyvalidkeypermissions);
300
if( RET_WAS_ERROR(r) ) {
301
free(conditions);
302
return r;
303
}
304
}
305
if( signatures != NULL ) {
306
for( j = 0 ; j < signatures->count ; j++ ) {
307
r = find_key_and_add(u, &conditions,
308
&signatures->signatures[j]);
309
if( RET_WAS_ERROR(r) ) {
310
free(conditions);
311
return r;
312
}
313
}
314
}
315
*c_p = conditions;
316
return RET_OK;
317
}
318
319
/* uc_FAILED means rejected, uc_ACCEPTED means can go in */
320
enum upload_condition_type uploaders_nextcondition(struct upload_conditions *c) {
321
322
if( c->current != NULL ) {
323
if( c->matching && !c->needscandidate ) {
324
if( c->current->accept_if_true )
325
return uc_ACCEPTED;
326
c->current = c->current->next_if_true;
327
} else {
328
if( c->current->accept_if_false )
329
return uc_ACCEPTED;
330
c->current = c->current->next_if_false;
331
}
332
}
333
334
/* return the first non-trivial one left: */
335
while( true ) {
336
while( c->current != NULL ) {
337
assert( c->current->type > uc_REJECTED );
338
if( c->current->type == uc_ALWAYS ) {
339
if( c->current->accept_if_true )
340
return uc_ACCEPTED;
341
c->current = c->current->next_if_true;
342
} else {
343
/* empty set fullfills all conditions,
344
but not an exists condition */
345
switch( c->current->needs ) {
346
case needs_any:
347
c->matching = false;
348
c->needscandidate = false;
349
break;
350
case needs_all:
351
c->matching = true;
352
c->needscandidate = false;
353
break;
354
case needs_existsall:
355
case needs_anycandidate:
356
c->matching = true;
357
c->needscandidate = true;
358
break;
359
}
360
return c->current->type;
361
}
362
}
363
if( c->count == 0 )
364
return uc_REJECTED;
365
c->count--;
366
c->current = c->conditions[c->count];
367
}
368
/* not reached */
369
}
370
371
static bool match_namecheck(const struct strlist *strings, const char *name) {
372
int i;
373
374
for( i = 0 ; i < strings->count ; i++ ) {
375
if( globmatch(name, strings->values[i]) )
376
return true;
377
}
378
return false;
379
}
380
381
bool uploaders_verifystring(struct upload_conditions *conditions, const char *name) {
382
const struct upload_condition *c = conditions->current;
383
384
assert( c != NULL );
385
assert( c->type == uc_BINARIES || c->type == uc_SECTIONS ||
386
c->type == uc_SOURCENAME || c->type == uc_BYHAND );
387
388
conditions->needscandidate = false;
389
switch( conditions->current->needs ) {
390
case needs_all:
391
case needs_existsall:
392
/* once one condition is false, the case is settled */
393
394
if( conditions->matching &&
395
!match_namecheck(&c->strings, name) )
396
conditions->matching = false;
397
/* but while it is true, more info is needed */
398
return conditions->matching;
399
case needs_any:
400
/* once one condition is true, the case is settled */
401
if( !conditions->matching &&
402
match_namecheck(&c->strings, name) )
403
conditions->matching = true;
404
conditions->needscandidate = false;
405
/* but while it is false, more info is needed */
406
return !conditions->matching;
407
case needs_anycandidate:
408
/* we are settled, no more information needed */
409
return false;
410
}
411
/* NOT REACHED */
412
assert( conditions->current->needs != conditions->current->needs );
413
}
414
415
bool uploaders_verifyatom(struct upload_conditions *conditions, atom_t atom) {
416
const struct upload_condition *c = conditions->current;
417
418
assert( c != NULL );
419
assert( c->type == uc_ARCHITECTURES );
420
421
conditions->needscandidate = false;
422
switch( conditions->current->needs ) {
423
case needs_all:
424
case needs_existsall:
425
/* once one condition is false, the case is settled */
426
427
if( conditions->matching &&
428
!atomlist_in(&c->atoms, atom) )
429
conditions->matching = false;
430
/* but while it is true, more info is needed */
431
return conditions->matching;
432
case needs_any:
433
/* once one condition is true, the case is settled */
434
if( !conditions->matching &&
435
atomlist_in(&c->atoms, atom) )
436
conditions->matching = true;
437
/* but while it is false, more info is needed */
438
return !conditions->matching;
439
case needs_anycandidate:
440
/* we are settled, no more information needed */
441
return false;
442
}
443
/* NOT REACHED */
444
assert( conditions->current->needs != conditions->current->needs );
445
}
446
447
static struct upload_condition *addfingerprint(struct uploaders *u, const char *fingerprint, size_t len, bool allow_subkeys) {
448
size_t i;
449
char *reversed = malloc(len+1);
450
struct uploader *uploader, **last;
451
452
if( reversed == NULL )
453
return NULL;
454
for( i = 0 ; i < len ; i++ ) {
455
char c = fingerprint[len-i-1];
456
if( c >= 'a' && c <= 'f' )
457
c -= 'a' - 'A';
458
assert( ( c >= '0' && c <= '9' ) || ( c >= 'A' || c <= 'F') );
459
reversed[i] = c;
460
}
461
reversed[len] = '\0';
462
last = &u->by_fingerprint;
463
for( uploader = u->by_fingerprint ; uploader != NULL ; uploader = *(last = &uploader->next) ) {
464
if( uploader->len != len )
465
continue;
466
if( memcmp(uploader->reversed_fingerprint, reversed, len) != 0 )
467
continue;
468
if( uploader->allow_subkeys != allow_subkeys )
469
continue;
470
free(reversed);
471
return &uploader->permissions;
472
}
473
assert( *last == NULL );
474
uploader = calloc(1,sizeof(struct uploader));
475
if( uploader == NULL )
476
return NULL;
477
*last = uploader;
478
uploader->reversed_fingerprint = reversed;
479
uploader->len = len;
480
uploader->allow_subkeys = allow_subkeys;
481
return &uploader->permissions;
482
}
483
484
static inline const char *overkey(const char *p) {
485
while( (*p >= '0' && *p <= '9') || (*p >= 'a' && *p <= 'f')
486
|| (*p >= 'A' && *p <= 'F') ) {
487
p++;
488
}
489
return p;
490
}
491
492
static retvalue parse_stringpart(/*@out@*/struct strlist *strings, const char **pp, const char *filename, long lineno, int column) {
493
const char *p = *pp;
494
retvalue r;
495
496
strlist_init(strings);
497
do {
498
const char *startp, *endp;
499
char *n;
500
501
while( *p != '\0' && xisspace(*p) )
502
p++;
503
if( *p != '\'' ) {
504
fprintf(stderr,
505
"%s:%lu:%u: starting \"'\" expected!\n",
506
filename, lineno, column + (int)(p-*pp));
507
return RET_ERROR;
508
}
509
p++;
510
startp = p;
511
while( *p != '\0' && *p != '\'' )
512
p++;
513
if( *p == '\0' ) {
514
fprintf(stderr,
515
"%s:%lu:%u: closing \"'\" expected!\n",
516
filename, lineno, column + (int)(p-*pp));
517
return RET_ERROR;
518
}
519
assert( *p == '\'' );
520
endp = p;
521
p++;
522
n = strndup(startp, endp - startp);
523
if( FAILEDTOALLOC(n) )
524
return RET_ERROR_OOM;
525
r = strlist_adduniq(strings, n);
526
if( RET_WAS_ERROR(r) )
527
return r;
528
while( *p != '\0' && xisspace(*p) )
529
p++;
530
column += (p - *pp);
531
*pp = p;
532
if( **pp == '|' ) {
533
p++;
534
}
535
} while ( **pp == '|' );
536
*pp = p;
537
return RET_OK;
538
}
539
540
static retvalue parse_architectures(/*@out@*/struct atomlist *atoms, const char **pp, const char *filename, long lineno, int column) {
541
const char *p = *pp;
542
retvalue r;
543
544
atomlist_init(atoms);
545
do {
546
const char *startp, *endp;
547
atom_t atom;
548
549
while( *p != '\0' && xisspace(*p) )
550
p++;
551
if( *p != '\'' ) {
552
fprintf(stderr,
553
"%s:%lu:%u: starting \"'\" expected!\n",
554
filename, lineno, column + (int)(p-*pp));
555
return RET_ERROR;
556
}
557
p++;
558
startp = p;
559
while( *p != '\0' && *p != '\'' && *p != '*' && *p != '?' )
560
p++;
561
if( *p == '*' || *p == '?' ) {
562
fprintf(stderr,
563
"%s:%lu:%u: Wildcards are not allowed in architectures!\n",
564
filename, lineno, column + (int)(p-*pp));
565
return RET_ERROR;
566
}
567
if( *p == '\0' ) {
568
fprintf(stderr,
569
"%s:%lu:%u: closing \"'\" expected!\n",
570
filename, lineno, column + (int)(p-*pp));
571
return RET_ERROR;
572
}
573
assert( *p == '\'' );
574
endp = p;
575
p++;
576
atom = architecture_find_l(startp, endp - startp);
577
if( !atom_defined(atom) ) {
578
fprintf(stderr,
579
"%s:%lu:%u: Unknown architecture '%.*s'! (Did you mistype?)\n",
580
filename, lineno,
581
column + (int)(startp-*pp),
582
(int)(endp-startp), startp);
583
return RET_ERROR;
584
}
585
r = atomlist_add_uniq(atoms, atom);
586
if( RET_WAS_ERROR(r) )
587
return r;
588
while( *p != '\0' && xisspace(*p) )
589
p++;
590
column += (p - *pp);
591
*pp = p;
592
if( **pp == '|' ) {
593
p++;
594
}
595
} while ( **pp == '|' );
596
*pp = p;
597
return RET_OK;
598
}
599
600
static retvalue parse_condition(const char *filename, long lineno, int column, const char **pp, /*@out@*/struct upload_condition *condition) {
601
const char *p = *pp;
602
struct upload_condition *fallback, *last, *or_scope;
603
604
memset( condition, 0, sizeof(struct upload_condition));
605
606
/* allocate a new fallback-node:
607
* (this one is used to make it easier to concatenate those decision
608
* trees, especially it keeps open the possibility to have deny
609
* decisions) */
610
fallback = calloc(1, sizeof(struct upload_condition));
611
if( FAILEDTOALLOC(fallback) )
612
return RET_ERROR_OOM;
613
fallback->type = uc_ALWAYS;
614
assert(!fallback->accept_if_true);
615
616
/* the queue with next has all nodes, so they can be freed
617
* (or otherwise modified) */
618
condition->next = fallback;
619
620
621
last = condition;
622
or_scope = condition;
623
624
while( true ) {
625
if( strncmp(p, "not", 3) == 0 &&
626
xisspace(p[3]) ) {
627
p += 3;
628
while( *p != '\0' && xisspace(*p) )
629
p++;
630
/* negate means false is good and true
631
* is bad: */
632
last->accept_if_false = true;
633
last->accept_if_true = false;
634
last->next_if_false = NULL;
635
last->next_if_true = fallback;
636
} else {
637
last->accept_if_false = false;
638
last->accept_if_true = true;
639
last->next_if_false = fallback;
640
last->next_if_true = NULL;
641
}
642
if( p[0] == '*' && xisspace(p[1]) ) {
643
last->type = uc_ALWAYS;
644
p++;
645
} else if( strncmp(p, "architectures", 13) == 0 &&
646
strchr(" \t'", p[13]) != NULL ) {
647
retvalue r;
648
649
last->type = uc_ARCHITECTURES;
650
last->needs = needs_all;
651
p += 13;
652
while( *p != '\0' && xisspace(*p) )
653
p++;
654
if( strncmp(p, "contain", 7) == 0 &&
655
strchr(" \t'", p[7]) != NULL ) {
656
last->needs = needs_any;
657
p += 7;
658
}
659
660
r = parse_architectures(&last->atoms, &p,
661
filename, lineno,
662
column + (p-*pp));
663
if( RET_WAS_ERROR(r) ) {
664
uploadpermission_release(condition);
665
return r;
666
}
667
} else if( strncmp(p, "binaries", 8) == 0 &&
668
strchr(" \t'", p[8]) != NULL ) {
669
retvalue r;
670
671
last->type = uc_BINARIES;
672
last->needs = needs_all;
673
p += 8;
674
while( *p != '\0' && xisspace(*p) )
675
p++;
676
if( strncmp(p, "contain", 7) == 0 &&
677
strchr(" \t'", p[7]) != NULL ) {
678
last->needs = needs_any;
679
p += 7;
680
}
681
682
r = parse_stringpart(&last->strings, &p,
683
filename, lineno,
684
column + (p-*pp));
685
if( RET_WAS_ERROR(r) ) {
686
uploadpermission_release(condition);
687
return r;
688
}
689
} else if( strncmp(p, "byhand", 6) == 0 &&
690
strchr(" \t'", p[6]) != NULL ) {
691
retvalue r;
692
693
last->type = uc_BYHAND;
694
last->needs = needs_existsall;
695
p += 8;
696
while( *p != '\0' && xisspace(*p) )
697
p++;
698
if( *p != '\'' ) {
699
strlist_init(&last->strings);
700
r = RET_OK;
701
} else
702
r = parse_stringpart(&last->strings, &p,
703
filename, lineno,
704
column + (p-*pp));
705
if( RET_WAS_ERROR(r) ) {
706
uploadpermission_release(condition);
707
return r;
708
}
709
} else if( strncmp(p, "sections", 8) == 0 &&
710
strchr(" \t'", p[8]) != NULL ) {
711
retvalue r;
712
713
last->type = uc_SECTIONS;
714
last->needs = needs_all;
715
p += 8;
716
while( *p != '\0' && xisspace(*p) )
717
p++;
718
if( strncmp(p, "contain", 7) == 0 &&
719
strchr(" \t'", p[7]) != NULL ) {
720
last->needs = needs_any;
721
p += 7;
722
}
723
724
r = parse_stringpart(&last->strings, &p,
725
filename, lineno,
726
column + (p-*pp));
727
if( RET_WAS_ERROR(r) ) {
728
uploadpermission_release(condition);
729
return r;
730
}
731
} else if( strncmp(p, "source", 6) == 0 &&
732
strchr(" \t'", p[6]) != NULL ) {
733
retvalue r;
734
735
last->type = uc_SOURCENAME;
736
p += 6;
737
738
r = parse_stringpart(&last->strings, &p,
739
filename, lineno,
740
column + (p-*pp));
741
if( RET_WAS_ERROR(r) ) {
742
uploadpermission_release(condition);
743
return r;
744
}
745
746
} else {
747
fprintf(stderr, "%s:%lu:%u: condition expected after 'allow' keyword!\n", filename, lineno, column + (int)(p-*pp));
748
uploadpermission_release(condition);
749
return RET_ERROR;
750
}
751
while( *p != '\0' && xisspace(*p) )
752
p++;
753
if( strncmp(p, "and", 3) == 0 && xisspace(p[3]) ) {
754
struct upload_condition *n, *c;
755
756
p += 3;
757
758
n = calloc(1, sizeof(struct upload_condition));
759
if( FAILEDTOALLOC(n) ) {
760
uploadpermission_release(condition);
761
return RET_ERROR_OOM;
762
}
763
/* everything that yet made it succeed makes it need
764
* to check this condition: */
765
for( c = condition ; c != NULL ; c = c->next ) {
766
if( c->accept_if_true ) {
767
c->next_if_true = n;
768
c->accept_if_true = false;
769
}
770
if( c->accept_if_false ) {
771
c->next_if_false = n;
772
c->accept_if_false = false;
773
}
774
}
775
/* or will only bind to this one */
776
or_scope = n;
777
778
/* add it to queue: */
779
assert( last->next == fallback );
780
n->next = fallback;
781
last->next = n;
782
last = n;
783
} else if( strncmp(p, "or", 2) == 0 && xisspace(p[2]) ) {
784
struct upload_condition *n, *c;
785
786
p += 2;
787
788
n = calloc(1, sizeof(struct upload_condition));
789
if( FAILEDTOALLOC(n) ) {
790
uploadpermission_release(condition);
791
return RET_ERROR_OOM;
792
}
793
/* everything in current scope that made it fail
794
* now makes it check this: (currently that will
795
* only be true at most for c == last, but with
796
* parantheses this all will be needed) */
797
for( c = or_scope ; c != NULL ; c = c->next ) {
798
if( c->next_if_true == fallback )
799
c->next_if_true = n;
800
if( c->next_if_false == fallback )
801
c->next_if_false = n;
802
}
803
/* add it to queue: */
804
assert( last->next == fallback );
805
n->next = fallback;
806
last->next = n;
807
last = n;
808
} else if( strncmp(p, "by", 2) == 0 && xisspace(p[2]) ) {
809
p += 2;
810
break;
811
} else {
812
fprintf(stderr, "%s:%lu:%u: 'by','and' or 'or' keyword expected!\n", filename, (long)lineno, column + (int)(p-*pp));
813
uploadpermission_release(condition);
814
memset( condition, 0, sizeof(struct upload_condition));
815
return RET_ERROR;
816
}
817
while( *p != '\0' && xisspace(*p) )
818
p++;
819
}
820
*pp = p;
821
return RET_OK;
822
}
823
824
static void condition_add(struct upload_condition *permissions, struct upload_condition *c) {
825
if( permissions->next == NULL ) {
826
/* first condition, as no fallback yet allocated */
827
*permissions = *c;
828
memset(c, 0, sizeof(struct upload_condition));
829
} else {
830
struct upload_condition *last;
831
832
last = permissions->next;
833
assert( last != NULL );
834
while( last->next != NULL )
835
last = last->next;
836
837
/* the very last is always the fallback-node to which all
838
* other conditions fall back if they have no decision */
839
assert(last->type = uc_ALWAYS);
840
assert(!last->accept_if_true);
841
842
*last = *c;
843
memset(c, 0, sizeof(struct upload_condition));
844
}
845
}
846
847
static inline retvalue parseuploaderline(char *buffer, const char *filename, size_t lineno, struct uploaders *u) {
848
retvalue r;
849
const char *p, *q, *qq;
850
size_t l;
851
struct upload_condition *permissions;
852
struct upload_condition condition;
853
854
l = strlen(buffer);
855
if( l == 0 )
856
return RET_NOTHING;
857
if( buffer[l-1] != '\n' ) {
858
if( l >= 1024 )
859
fprintf(stderr, "%s:%lu:1024: Overlong line!\n", filename, (long)lineno);
860
else
861
fprintf(stderr, "%s:%lu:%lu: Unterminated line!\n", filename, (long)lineno,(long)l);
862
return RET_ERROR;
863
}
864
do {
865
buffer[--l] = '\0';
866
} while( l > 0 && xisspace(buffer[l-1]) );
867
868
p = buffer;
869
while( *p != '\0' && xisspace(*p) )
870
p++;
871
if( *p == '\0' || *p == '#' )
872
return RET_NOTHING;
873
874
if( strncmp(p,"allow",5) != 0 || !xisspace(p[5]) ) {
875
fprintf(stderr, "%s:%lu:%u: 'allow' keyword expected! (no other statement has yet been implemented)\n", filename, (long)lineno, (int)(1+p-buffer));
876
return RET_ERROR;
877
}
878
p+=5;
879
while( *p != '\0' && xisspace(*p) )
880
p++;
881
r = parse_condition(filename, lineno, (1+p-buffer), &p, &condition);
882
if( RET_WAS_ERROR(r) )
883
return r;
884
while( *p != '\0' && xisspace(*p) )
885
p++;
886
if( strncmp(p,"key",3) == 0 && (p[3] == '\0' || xisspace(p[3])) ) {
887
bool allow_subkeys = false;
888
889
p += 3;
890
while( *p != '\0' && xisspace(*p) )
891
p++;
892
if( p[0] == '0' && p[1] == 'x' )
893
p += 2;
894
q = overkey(p);
895
if( *p == '\0' || (*q !='\0' && !xisspace(*q) && *q != '+') || q==p ) {
896
fprintf(stderr, "%s:%lu:%u: key id or fingerprint expected!\n", filename, (long)lineno, (int)(1+q-buffer));
897
return RET_ERROR;
898
}
899
qq = q;
900
while( xisspace(*qq) )
901
qq++;
902
if( *qq == '+' ) {
903
qq++;
904
allow_subkeys = true;
905
}
906
while( xisspace(*qq) )
907
qq++;
908
if( *qq != '\0' ) {
909
fprintf(stderr, "%s:%lu:%u: unexpected data after 'key <fingerprint>' statement!\n\n", filename, (long)lineno, (int)(1+qq-buffer));
910
if( *q == ' ' )
911
fprintf(stderr, " Hint: no spaces allowed in fingerprint specification.\n");
912
return RET_ERROR;
913
}
914
permissions = addfingerprint(u, p, q-p, allow_subkeys);
915
if( permissions == NULL )
916
return RET_ERROR_OOM;
917
condition_add(permissions, &condition);
918
} else if( strncmp(p, "unsigned",8) == 0 && (p[8]=='\0' || xisspace(p[8])) ) {
919
p+=8;
920
if( *p != '\0' ) {
921
fprintf(stderr, "%s:%lu:%u: unexpected data after 'unsigned' statement!\n", filename, (long)lineno, (int)(1+p-buffer));
922
return RET_ERROR;
923
}
924
condition_add(&u->unsignedpermissions, &condition);
925
} else if( strncmp(p, "any",3) == 0 && xisspace(p[3]) ) {
926
p+=3;
927
while( *p != '\0' && xisspace(*p) )
928
p++;
929
if( strncmp(p, "key", 3) != 0 || (p[3]!='\0' && !xisspace(p[3])) ) {
930
fprintf(stderr, "%s:%lu:%u: 'key' keyword expected after 'any' keyword!\n", filename, (long)lineno, (int)(1+p-buffer));
931
return RET_ERROR;
932
}
933
p += 3;
934
if( *p != '\0' ) {
935
fprintf(stderr, "%s:%lu:%u: unexpected data after 'any key' statement!\n", filename, (long)lineno, (int)(1+p-buffer));
936
return RET_ERROR;
937
}
938
condition_add(&u->anyvalidkeypermissions, &condition);
939
} else if( strncmp(p, "anybody", 7) == 0 && (p[7] == '\0' || xisspace(p[7])) ) {
940
p+=7;
941
while( *p != '\0' && xisspace(*p) )
942
p++;
943
if( *p != '\0' ) {
944
fprintf(stderr, "%s:%lu:%u: unexpected data after 'anybody' statement!\n", filename, (long)lineno, (int)(1+p-buffer));
945
return RET_ERROR;
946
}
947
condition_add(&u->anybodypermissions, &condition);
948
} else {
949
fprintf(stderr, "%s:%lu:%u: 'key', 'unsigned', 'anybody' or 'any key' expected!\n", filename, (long)lineno, (int)(1+p-buffer));
950
return RET_ERROR;
951
}
952
return RET_OK;
953
}
954
955
static retvalue uploaders_load(/*@out@*/struct uploaders **list, const char *filename) {
956
char *fullfilename = NULL;
957
FILE *f;
958
size_t lineno=0;
959
char buffer[1025];
960
struct uploaders *u;
961
retvalue r;
962
963
if( filename[0] != '/' ) {
964
fullfilename = calc_conffile(filename);
965
if( fullfilename == NULL )
966
return RET_ERROR_OOM;
967
filename = fullfilename;
968
}
969
f = fopen(filename, "r");
970
if( f == NULL ) {
971
int e = errno;
972
fprintf(stderr, "Error opening '%s': %s\n", filename, strerror(e));
973
free(fullfilename);
974
return RET_ERRNO(e);
975
}
976
u = calloc(1,sizeof(struct uploaders));
977
if( FAILEDTOALLOC(u) ) {
978
(void)fclose(f);
979
free(fullfilename);
980
return RET_ERROR_OOM;
981
}
982
/* reject by default */
983
u->unsignedpermissions.type = uc_ALWAYS;
984
u->anyvalidkeypermissions.type = uc_ALWAYS;
985
u->anybodypermissions.type = uc_ALWAYS;
986
987
while( fgets(buffer,1024,f) != NULL ) {
988
lineno++;
989
r = parseuploaderline(buffer,filename,lineno,u);
990
if( RET_WAS_ERROR(r) ) {
991
(void)fclose(f);
992
free(fullfilename);
993
uploaders_free(u);
994
return r;
995
}
996
}
997
if( fclose(f) != 0 ) {
998
int e = errno;
999
fprintf(stderr, "Error reading '%s': %s\n", filename, strerror(e));
1000
free(fullfilename);
1001
uploaders_free(u);
1002
return RET_ERRNO(e);
1003
}
1004
free(fullfilename);
1005
*list = u;
1006
return RET_OK;
1007
}
1008
1009
retvalue uploaders_get(/*@out@*/struct uploaders **list, const char *filename) {
1010
retvalue r;
1011
struct uploaders *u;
1012
size_t len;
1013
1014
assert( filename != NULL );
1015
1016
len = strlen(filename);
1017
u = uploaderslists;
1018
while( u != NULL && ( u->filename_len != len ||
1019
memcmp(u->filename,filename,len) != 0 ) )
1020
u = u->next;
1021
if( u == NULL ) {
1022
r = uploaders_load(&u, filename);
1023
if( !RET_IS_OK(r) )
1024
return r;
1025
assert( u != NULL );
1026
u->filename = strdup(filename);
1027
if( u->filename == NULL ) {
1028
uploaders_free(u);
1029
return RET_ERROR_OOM;
1030
}
1031
u->filename_len = len;
1032
u->next = uploaderslists;
1033
u->reference_count = 1;
1034
uploaderslists = u;
1035
} else
1036
u->reference_count++;
1037
*list = u;
1038
return RET_OK;
1039
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1