1 /* Copyright (c) 1993-2002
2 * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
3 * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
4 * Copyright (c) 1987 Oliver Laumann
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3, or (at your option)
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program (see the file COPYING); if not, see
18 * http://www.gnu.org/licenses/, or contact Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
21 ****************************************************************
24 #include <sys/types.h>
29 /* XXX: WHY IS THIS HERE?? :XXX */
33 # include <stdio.h> /* needed by <pwd.h> */
34 # endif /* _SEQUENT_ */
38 # endif /* SHADOWPW */
39 #endif /* CHECKLOGIN */
45 #include "screen.h" /* includes acls.h */
49 /************************************************************************
50 * user managing code, this does not really belong into the acl stuff *
51 ************************************************************************/
53 extern struct comm comms
[];
54 extern struct win
*windows
, *wtab
[];
55 extern char NullStr
[];
56 extern char SockPath
[];
57 extern struct display
*display
, *displays
;
58 struct acluser
*users
;
61 int maxusercount
= 0; /* used in process.c: RC_MONITOR, RC_SILENCE */
63 /* record given user ids here */
64 static AclBits userbits
;
67 * rights a new unknown user will have on windows and cmds.
68 * These are changed by a "umask ?-..." command:
70 static char default_w_bit
[ACL_BITS_PER_WIN
] =
77 static char default_c_bit
[ACL_BITS_PER_CMD
] =
82 /* rights of all users per newly created window */
84 * are now stored per user (umask)
85 * static AclBits default_w_userbits[ACL_BITS_PER_WIN];
86 * static AclBits default_c_userbits[ACL_BITS_PER_CMD];
89 static int GrowBitfield
__P((AclBits
*, int, int, int));
90 static struct aclusergroup
**FindGroupPtr
__P((struct aclusergroup
**, struct acluser
*, int));
91 static int AclSetPermCmd
__P((struct acluser
*, char *, struct comm
*));
92 static int AclSetPermWin
__P((struct acluser
*, struct acluser
*, char *, struct win
*));
93 static int UserAcl
__P((struct acluser
*, struct acluser
**, int, char **));
94 static int UserAclCopy
__P((struct acluser
**, struct acluser
**));
98 GrowBitfield(bfp
, len
, delta
, defaultbit
)
100 int len
, delta
, defaultbit
;
105 if (!(n
= (AclBits
)calloc(1, (unsigned long)(&ACLBYTE((char *)0, len
+ delta
+ 1)))))
107 for (i
= 0; i
< (len
+ delta
); i
++)
109 if (((i
< len
) && (ACLBIT(i
) & ACLBYTE(o
, i
))) ||
110 ((i
>= len
) && (defaultbit
)))
111 ACLBYTE(n
, i
) |= ACLBIT(i
);
119 #endif /* MULTIUSER */
122 * Returns an nonzero Address. Its contents is either a User-ptr,
123 * or NULL which may be replaced by a User-ptr to create the entry.
131 for (u
= &users
; *u
; u
= &(*u
)->u_next
)
132 if (!strcmp((*u
)->u_name
, name
))
135 debug3("FindUserPtr %s %sfound, id %d\n", name
, (*u
)?"":"not ",
137 #else /* MULTIUSER */
138 debug2("FindUserPtr %s %sfound\n", name
, (*u
)?"":"not ");
139 #endif /* MULTIUSER */
143 int DefaultEsc
= -1; /* initialised by screen.c:main() */
144 int DefaultMetaEsc
= -1;
147 * Add a new user. His password may be NULL or "" if none. His name must not
148 * be "none", as this represents the NULL-pointer when dealing with groups.
149 * He has default rights, determined by umask.
152 UserAdd(name
, pass
, up
)
161 up
= FindUserPtr(name
);
165 (*up
)->u_password
= SaveStr(pass
);
166 return 1; /* he is already there */
168 if (strcmp("none", name
)) /* "none" is a reserved word */
169 *up
= (struct acluser
*)calloc(1, sizeof(struct acluser
));
171 return -1; /* he still does not exist */
173 (*up
)->u_plop
.buf
= NULL
;
174 (*up
)->u_plop
.len
= 0;
176 (*up
)->u_plop
.enc
= 0;
179 (*up
)->u_Esc
= DefaultEsc
;
180 (*up
)->u_MetaEsc
= DefaultMetaEsc
;
181 strncpy((*up
)->u_name
, name
, 20);
182 (*up
)->u_password
= NULL
;
184 (*up
)->u_password
= SaveStr(pass
);
185 if (!(*up
)->u_password
)
186 (*up
)->u_password
= NullStr
;
187 (*up
)->u_detachwin
= -1;
188 (*up
)->u_detachotherwin
= -1;
191 (*up
)->u_group
= NULL
;
192 /* now find an unused index */
193 for ((*up
)->u_id
= 0; (*up
)->u_id
< maxusercount
; (*up
)->u_id
++)
194 if (!(ACLBIT((*up
)->u_id
) & ACLBYTE(userbits
, (*up
)->u_id
)))
196 debug2("UserAdd %s id %d\n", name
, (*up
)->u_id
);
197 if ((*up
)->u_id
== maxusercount
)
203 debug2("growing all bitfields %d += %d\n", maxusercount
, USER_CHUNK
);
204 /* the bitfields are full, grow a chunk */
205 /* first, the used_uid_indicator: */
206 if (GrowBitfield(&userbits
, maxusercount
, USER_CHUNK
, 0))
208 free((char *)*up
); *up
= NULL
; return -1;
210 /* second, default command bits */
211 /* (only if we generate commands dynamically) */
213 for (j = 0; j < ACL_BITS_PER_CMD; j++)
214 if (GrowBitfield(&default_c_userbits[j], maxusercount, USER_CHUNK,
217 free((char *)*up); *up = NULL; return -1;
220 /* third, the bits for each commands */
221 for (j
= 0; j
<= RC_LAST
; j
++)
225 for (i
= 0; i
< ACL_BITS_PER_CMD
; i
++)
226 if (GrowBitfield(&comms
[j
].userbits
[i
], maxusercount
, USER_CHUNK
,
229 free((char *)*up
); *up
= NULL
; return -1;
232 /* fourth, default window creation bits per user */
233 for (u
= users
; u
!= *up
; u
= u
->u_next
)
235 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
237 if (GrowBitfield(&u
->u_umask_w_bits
[j
], maxusercount
, USER_CHUNK
,
240 free((char *)*up
); *up
= NULL
; return -1;
245 /* fifth, the bits for each window */
246 /* keep these in sync with NewWindowAcl() */
247 for (w
= windows
; w
; w
= w
->w_next
)
249 /* five a: the access control list */
250 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
251 if (GrowBitfield(&w
->w_userbits
[j
], maxusercount
, USER_CHUNK
,
254 free((char *)*up
); *up
= NULL
; return -1;
256 /* five b: the activity notify list */
257 /* five c: the silence notify list */
258 if (GrowBitfield(&w
->w_mon_notify
, maxusercount
, USER_CHUNK
, 0) ||
259 GrowBitfield(&w
->w_lio_notify
, maxusercount
, USER_CHUNK
, 0))
261 free((char *)*up
); *up
= NULL
; return -1;
264 maxusercount
+= USER_CHUNK
;
267 /* mark the user-entry as "in-use" */
268 ACLBYTE(userbits
, (*up
)->u_id
) |= ACLBIT((*up
)->u_id
);
270 /* user id 0 is the session creator, he has all rights */
271 if ((*up
)->u_id
== 0)
272 AclSetPerm(NULL
, *up
, "+a", "#?");
274 /* user nobody has a fixed set of rights: */
275 if (!strcmp((*up
)->u_name
, "nobody"))
277 AclSetPerm(NULL
, *up
, "-rwx", "#?");
278 AclSetPerm(NULL
, *up
, "+x", "su");
279 AclSetPerm(NULL
, *up
, "+x", "detach");
280 AclSetPerm(NULL
, *up
, "+x", "displays");
281 AclSetPerm(NULL
, *up
, "+x", "version");
286 * Give default_w_bit's for all users,
287 * but allow himself everything on "his" windows.
289 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
291 if (GrowBitfield(&(*up
)->u_umask_w_bits
[j
], 0, maxusercount
,
294 free((char *)*up
); *up
= NULL
; return -1;
296 ACLBYTE((*up
)->u_umask_w_bits
[j
], (*up
)->u_id
) |= ACLBIT((*up
)->u_id
);
298 #else /* MULTIUSER */
299 debug1("UserAdd %s\n", name
);
300 #endif /* MULTIUSER */
305 /* change user's password */
307 UserSetPass(name
, pass
, up
)
312 up
= FindUserPtr(name
);
314 return UserAdd(name
, pass
, up
);
315 if (!strcmp(name
, "nobody")) /* he remains without password */
317 strncpy((*up
)->u_password
, pass
? pass
: "", 20);
318 (*up
)->u_password
[20] = '\0';
324 * Remove a user from the list.
325 * Destroy all his permissions and completely detach him from the session.
336 struct display
*old
, *next
;
339 up
= FindUserPtr(name
);
341 return -1; /* he who does not exist cannot be removed */
343 for (display
= displays
; display
; display
= next
)
345 next
= display
->d_next
; /* read the next ptr now, Detach may zap it. */
356 for (up
= &users
; *up
; up
= &(*up
)->u_next
)
358 /* unlink all group references to this user */
359 struct aclusergroup
**g
= &(*up
)->u_group
;
365 struct aclusergroup
*next
= (*g
)->next
;
374 ACLBYTE(userbits
, u
->u_id
) &= ~ACLBIT(u
->u_id
);
375 /* restore the bits in his slot to default: */
376 AclSetPerm(NULL
, u
, default_w_bit
[ACL_READ
] ? "+r" : "-r", "#");
377 AclSetPerm(NULL
, u
, default_w_bit
[ACL_WRITE
]? "+w" : "-w", "#");
378 AclSetPerm(NULL
, u
, default_w_bit
[ACL_EXEC
] ? "+x" : "-x", "#");
379 AclSetPerm(NULL
, u
, default_c_bit
[ACL_EXEC
] ? "+x" : "-x", "?");
380 for (i
= 0; i
< ACL_BITS_PER_WIN
; i
++)
381 free((char *)u
->u_umask_w_bits
[i
]);
382 #endif /* MULTIUSER */
383 debug1("FREEING user structure for %s\n", u
->u_name
);
385 UserFreeCopyBuffer(u
);
390 debug("Last user deleted. Feierabend.\n");
391 Finit(0); /* Destroying whole session. Noone could ever attach again. */
400 * returns 0 if the copy buffer was really deleted.
401 * Also removes any references into the users copybuffer
404 UserFreeCopyBuffer(u
)
412 for (w
= windows
; w
; w
= w
->w_next
)
415 if (pa
->pa_pasteptr
>= u
->u_plop
.buf
&&
416 pa
->pa_pasteptr
- u
->u_plop
.buf
< u
->u_plop
.len
)
419 free((char *)u
->u_plop
.buf
);
424 #endif /* COPY_PASTE */
428 * Traverses group nodes. It searches for a node that references user u.
429 * If recursive is true, nodes found in the users are also searched using
430 * depth first method. If none of the nodes references u, the address of
431 * the last next pointer is returned. This address will contain NULL.
433 static struct aclusergroup
**
434 FindGroupPtr(gp
, u
, recursive
)
435 struct aclusergroup
**gp
;
439 struct aclusergroup
**g
;
441 ASSERT(recursive
< 1000); /* Ouch, cycle detection failed */
445 return gp
; /* found him here. */
447 *(g
= FindGroupPtr(&(*gp
)->u
->u_group
, u
, recursive
+ 1)))
448 return g
; /* found him there. */
451 return gp
; /* *gp is NULL */
455 * Returns nonzero if failed or already linked.
456 * Both users are created on demand.
457 * Cyclic links are prevented.
460 AclLinkUser(from
, to
)
463 struct acluser
**u1
, **u2
;
464 struct aclusergroup
**g
;
466 if (!*(u1
= FindUserPtr(from
)) && UserAdd(from
, NULL
, u1
))
468 if (!*(u2
= FindUserPtr(to
)) && UserAdd(to
, NULL
, u2
))
469 return -1; /* hmm, could not find both users. */
471 if (*FindGroupPtr(&(*u2
)->u_group
, *u1
, 1))
472 return 1; /* cyclic link detected! */
473 if (*(g
= FindGroupPtr(&(*u1
)->u_group
, *u2
, 0)))
474 return 2; /* aha, we are already linked! */
476 if (!(*g
= (struct aclusergroup
*)malloc(sizeof(struct aclusergroup
))))
477 return -1; /* Could not alloc link. Poor screen */
484 * The user pointer stored at *up will be substituted by a pointer
485 * to the named user's structure, if passwords match.
486 * returns NULL if successfull, an static error string otherwise
489 DoSu(up
, name
, pw1
, pw2
)
491 char *name
, *pw1
, *pw2
;
496 if (!(u
= *FindUserPtr(name
)))
508 if (!(pp
= getpwnam(name
)))
510 debug1("getpwnam(\"%s\") failed\n", name
);
511 if (!(pw1
&& *pw1
&& *pw1
!= '\377'))
513 debug("no unix account, no screen passwd\n");
518 pass
= pp
->pw_passwd
;
520 for (t
= 0; t
< 13; t
++)
523 if (!(c
== '.' || c
== '/' ||
524 (c
>= '0' && c
<= '9') ||
525 (c
>= 'a' && c
<= 'z') ||
526 (c
>= 'A' && c
<= 'Z')))
531 if (!(ss
= getspnam(name
)))
533 debug1("getspnam(\"%s\") failed\n", name
);
539 #endif /* SHADOWPW */
541 if (pw2
&& *pw2
&& *pw2
!= '\377') /* provided a system password */
543 if (!*pass
|| /* but needed none */
544 strcmp(crypt(pw2
, pass
), pass
))
546 debug("System password mismatch\n");
550 else /* no pasword provided */
551 if (*pass
) /* but need one */
554 if (pw1
&& *pw1
&& *pw1
!= '\377') /* provided a screen password */
556 if (!*u
->u_password
|| /* but needed none */
557 strcmp(crypt(pw1
, u
->u_password
), u
->u_password
))
559 debug("screen password mismatch\n");
563 else /* no pasword provided */
564 if (*u
->u_password
) /* but need one */
568 debug2("syslog(LOG_NOTICE, \"screen %s: \"su %s\" ", SockPath
, name
);
569 debug2("%s for \"%s\"\n", sorry
? "failed" : "succeded", (*up
)->u_name
);
572 openlog("screen", LOG_PID
);
574 openlog("screen", LOG_PID
, LOG_AUTH
);
576 syslog(LOG_NOTICE
, "%s: \"su %s\" %s for \"%s\"", SockPath
, name
,
577 sorry
? "failed" : "succeded", (*up
)->u_name
);
580 debug("NOT LOGGED.\n");
581 #endif /* NOSYSLOG */
586 *up
= u
; /* substitute user now */
589 #endif /* MULTIUSER */
591 /************************************************************************
592 * end of user managing code *
593 ************************************************************************/
598 /* This gives the users default rights to the new window w created by u */
606 debug2("NewWindowAcl %s's umask_w_bits for window %d\n",
607 u
? u
->u_name
: "everybody", w
->w_number
);
609 /* keep these in sync with UserAdd part five. */
610 if (GrowBitfield(&w
->w_mon_notify
, 0, maxusercount
, 0) ||
611 GrowBitfield(&w
->w_lio_notify
, 0, maxusercount
, 0))
613 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
615 /* we start with len 0 for the new bitfield size and add maxusercount */
616 if (GrowBitfield(&w
->w_userbits
[j
], 0, maxusercount
, 0))
619 free((char *)w
->w_userbits
[j
]);
620 free((char *)w
->w_mon_notify
);
621 free((char *)w
->w_lio_notify
);
624 for (i
= 0; i
< maxusercount
; i
++)
625 if (u
? (ACLBIT(i
) & ACLBYTE(u
->u_umask_w_bits
[j
], i
)) :
627 ACLBYTE(w
->w_userbits
[j
], i
) |= ACLBIT(i
);
638 for (i
= 0; i
< ACL_BITS_PER_WIN
; i
++)
639 free((char *)w
->w_userbits
[i
]);
640 free((char *)w
->w_mon_notify
);
641 free((char *)w
->w_lio_notify
);
645 /* if mode starts with '-' we remove the users exec bit for cmd */
647 * NOTE: before you make this function look the same as
648 * AclSetPermWin, try to merge both functions.
651 AclSetPermCmd(u
, mode
, cmd
)
672 /* debug3("AclSetPermCmd %s %s %s\n", u->u_name, mode, cmd->name); */
674 ACLBYTE(cmd
->userbits
[ACL_EXEC
], u
->u_id
) &= ~ACLBIT(u
->u_id
);
676 ACLBYTE(cmd
->userbits
[ACL_EXEC
], u
->u_id
) |= ACLBIT(u
->u_id
);
688 /* mode strings of the form +rwx -w+rx r -wx are parsed and evaluated */
691 * releases a writelock on window 2 held by user nerd.
692 * Letter n allows network access on a window.
693 * uu should be NULL, except if you want to change his umask.
696 AclSetPermWin(uu
, u
, mode
, win
)
697 struct acluser
*u
, *uu
;
708 debug3("AclSetPermWin %s UMASK %s %s\n", uu
->u_name
, u
->u_name
, mode
);
709 bitarray
= uu
->u_umask_w_bits
;
714 bitarray
= win
->w_userbits
;
715 debug3("AclSetPermWin %s %s %d\n", u
->u_name
, mode
, win
->w_number
);
729 bits
= (1 << ACL_READ
);
732 bits
= (1 << ACL_WRITE
);
735 bits
= (1 << ACL_EXEC
);
738 bits
= (1 << ACL_BITS_PER_WIN
) - 1;
743 for (bit
= 0; bit
< ACL_BITS_PER_WIN
; bit
++)
745 if (!(bits
& (1 << bit
)))
748 ACLBYTE(bitarray
[bit
], u
->u_id
) &= ~ACLBIT(u
->u_id
);
750 ACLBYTE(bitarray
[bit
], u
->u_id
) |= ACLBIT(u
->u_id
);
751 if (!uu
&& (win
->w_wlockuser
== u
) && neg
&& (bit
== ACL_WRITE
))
753 debug2("%s lost writelock on win %d\n", u
->u_name
, win
->w_number
);
754 win
->w_wlockuser
= NULL
;
755 if (win
->w_wlock
== WLOCK_ON
)
756 win
->w_wlock
= WLOCK_AUTO
;
760 if (uu
&& u
->u_name
[0] == '?' && u
->u_name
[1] == '\0')
763 * It is Mr. '?', the unknown user. He deserves special treatment as
764 * he defines the defaults. Sorry, this is global, not per user.
768 debug1("AclSetPermWin: default_w_bits '%s'.\n", mode
);
769 for (bit
= 0; bit
< ACL_BITS_PER_WIN
; bit
++)
771 (ACLBYTE(bitarray
[bit
], u
->u_id
) & ACLBIT(u
->u_id
)) ? 1 : 0;
776 * Hack. I do not want to duplicate all the above code for
777 * AclSetPermCmd. This asumes that there are not more bits
778 * per cmd than per win.
780 debug1("AclSetPermWin: default_c_bits '%s'.\n", mode
);
781 for (bit
= 0; bit
< ACL_BITS_PER_CMD
; bit
++)
783 (ACLBYTE(bitarray
[bit
], u
->u_id
) & ACLBIT(u
->u_id
)) ? 1 : 0;
785 UserDel(u
->u_name
, NULL
);
791 * String is broken down into comand and window names, mode applies
792 * A command name matches first, so do not use these as window names.
793 * uu should be NULL, except if you want to change his umask.
796 AclSetPerm(uu
, u
, mode
, s
)
797 struct acluser
*uu
, *u
;
804 debug3("AclSetPerm(uu, user '%s', mode '%s', object '%s')\n",
810 case '*': /* all windows and all commands */
811 return AclSetPerm(uu
, u
, mode
, "#?");
813 if (uu
) /* window umask or .. */
814 AclSetPermWin(uu
, u
, mode
, (struct win
*)1);
815 else /* .. or all windows */
816 for (w
= windows
; w
; w
= w
->w_next
)
817 AclSetPermWin((struct acluser
*)0, u
, mode
, w
);
821 if (uu
) /* command umask or .. */
822 AclSetPermWin(uu
, u
, mode
, (struct win
*)0);
823 else /* .. or all commands */
824 for (i
= 0; i
<= RC_LAST
; i
++)
825 AclSetPermCmd(u
, mode
, &comms
[i
]);
829 for (p
= s
; *p
&& *p
!= ' ' && *p
!= '\t' && *p
!= ','; p
++)
833 if ((i
= FindCommnr(s
)) != RC_ILLEGAL
)
834 AclSetPermCmd(u
, mode
, &comms
[i
]);
835 else if (((i
= WindowByNoN(s
)) >= 0) && wtab
[i
])
836 AclSetPermWin((struct acluser
*)0, u
, mode
, wtab
[i
]);
838 /* checking group name */
849 * Generic ACL Manager:
851 * This handles acladd and aclchg identical.
852 * With 2 or 4 parameters, the second parameter is a password.
853 * With 3 or 4 parameters the last two parameters specify the permissions
854 * else user is added with full permissions.
855 * With 1 parameter the users permissions are copied from user *argv.
856 * Unlike the other cases, u->u_name should not match *argv here.
857 * uu should be NULL, except if you want to change his umask.
860 UserAcl(uu
, u
, argc
, argv
)
861 struct acluser
*uu
, **u
;
865 if ((*u
&& !strcmp((*u
)->u_name
, "nobody")) ||
866 (argc
> 1 && !strcmp(argv
[0], "nobody")))
867 return -1; /* do not change nobody! */
872 debug2("UserAcl: user '%s', password '%s':", argv
[0], argv
[1]);
873 return (UserAdd(argv
[0], argv
[1], u
) < 0) ||
874 AclSetPerm(uu
, *u
, argv
[2], argv
[3]);
876 debug1("UserAcl: user '%s', no password:", argv
[0]);
877 return (UserAdd(argv
[0], NULL
, u
) < 0) ||
878 AclSetPerm(uu
, *u
, argv
[1], argv
[2]);
880 debug2("UserAcl: user '%s', password '%s'\n", argv
[0], argv
[1]);
881 return UserAdd(argv
[0], argv
[1], u
) < 0;
883 debug1("UserAcl: user '%s', no password:", argv
[0]);
884 return (UserAdd(argv
[0], NULL
, u
) < 0) ||
885 AclSetPerm(uu
, *u
, "+a", "#?");
892 UserAclCopy(to_up
, from_up
)
893 struct acluser
**to_up
, **from_up
;
896 int i
, j
, to_id
, from_id
;
898 if (!*to_up
|| !*from_up
)
900 debug2("UserAclCopy: from user '%s' to user '%s'\n",
901 (*from_up
)->u_name
, (*to_up
)->u_name
);
902 if ((to_id
= (*to_up
)->u_id
) == (from_id
= (*from_up
)->u_id
))
904 for (w
= windows
; w
; w
= w
->w_next
)
906 for (i
= 0; i
< ACL_BITS_PER_WIN
; i
++)
908 if (ACLBYTE(w
->w_userbits
[i
], from_id
) & ACLBIT(from_id
))
909 ACLBYTE(w
->w_userbits
[i
], to_id
) |= ACLBIT(to_id
);
912 ACLBYTE(w
->w_userbits
[i
], to_id
) &= ~ACLBIT(to_id
);
913 if ((w
->w_wlockuser
== *to_up
) && (i
== ACL_WRITE
))
915 debug2("%s lost wlock on win %d\n",
916 (*to_up
)->u_name
, w
->w_number
);
917 w
->w_wlockuser
= NULL
;
918 if (w
->w_wlock
== WLOCK_ON
)
919 w
->w_wlock
= WLOCK_AUTO
;
924 for (j
= 0; j
<= RC_LAST
; j
++)
926 for (i
= 0; i
< ACL_BITS_PER_CMD
; i
++)
928 if (ACLBYTE(comms
[j
].userbits
[i
], from_id
) & ACLBIT(from_id
))
929 ACLBYTE(comms
[j
].userbits
[i
], to_id
) |= ACLBIT(to_id
);
931 ACLBYTE(comms
[j
].userbits
[i
], to_id
) &= ~ACLBIT(to_id
);
940 * user [password] [+rwx #?]
941 * * [password] [+rwx #?]
942 * user1,user2,user3 [password] [+rwx #?]
943 * user1,user2,user3=user
944 * uu should be NULL, except if you want to change his umask.
947 UsersAcl(uu
, argc
, argv
)
954 struct acluser
**cf_u
= NULL
;
962 if (*s
++ == '=') p
= s
;
966 cf_u
= FindUserPtr(p
);
970 if (argv
[0][0] == '*' && argv
[0][1] == '\0')
974 debug("all users acls.\n");
975 for (u
= &users
; *u
; u
= &(*u
)->u_next
)
976 if (strcmp("nobody", (*u
)->u_name
) &&
978 ((r
= UserAclCopy(u
, cf_u
)) < 0) :
979 ((r
= UserAcl(uu
, u
, argc
, argv
)) < 0)))
986 for (s
= argv
[0]; *s
&& *s
!=' ' && *s
!='\t' && *s
!=',' && *s
!='='; s
++)
988 *s
? (*s
++ = '\0') : (*s
= '\0');
989 debug2("UsersAcl(uu, \"%s\", argc=%d)\n", argv
[0], argc
);
991 ((r
= UserAclCopy(FindUserPtr(argv
[0]), cf_u
)) < 0) :
992 ((r
= UserAcl(uu
, FindUserPtr(argv
[0]), argc
, argv
)) < 0))
994 } while (*(argv
[0] = s
));
999 * Preprocess argments, so that umask can be set with UsersAcl
1001 * all current users umask ±rwxn
1002 * one specific user umask user1±rwxn
1003 * several users umask user1,user2,...±rwxn
1004 * default_w_bits umask ?±rwxn
1005 * default_c_bits umask ??±rwxn
1008 AclUmask(u
, str
, errp
)
1017 /* split str into user and bits section. */
1018 for (p
= str
; *p
; p
++)
1019 if ((c
= *p
) == '+' || c
== '-')
1023 *errp
= "Bad argument. Should be ``[user[,user...]{+|-}rwxn''.";
1026 strncpy(mode
, p
, 15);
1030 /* construct argument vector */
1031 if (!strcmp("??", str
))
1039 av
[0] = *str
? str
: "*";
1041 if (UsersAcl(u
, 3, av
))
1043 *errp
= "UsersAcl failed. Hmmm.";
1055 debug2("AclWinSwap(%d, %d) NOP.\n", a
, b
);
1058 struct acluser
*EffectiveAclUser
= NULL
; /* hook for AT command permission */
1061 AclCheckPermWin(u
, mode
, w
)
1068 if (mode
< 0 || mode
>= ACL_BITS_PER_WIN
)
1070 if (EffectiveAclUser
)
1072 debug1("AclCheckPermWin: WARNING user %s overridden!\n", u
->u_name
);
1073 u
= EffectiveAclUser
;
1075 ok
= ACLBYTE(w
->w_userbits
[mode
], u
->u_id
) & ACLBIT(u
->u_id
);
1076 debug3("AclCheckPermWin(%s, %d, %d) = ", u
->u_name
, mode
, w
->w_number
);
1080 struct aclusergroup
**g
= &u
->u_group
;
1081 struct acluser
*saved_eff
= EffectiveAclUser
;
1083 EffectiveAclUser
= NULL
;
1086 if (!AclCheckPermWin((*g
)->u
, mode
, w
))
1090 EffectiveAclUser
= saved_eff
;
1094 debug1("%d\n", !ok
);
1099 AclCheckPermCmd(u
, mode
, c
)
1106 if (mode
< 0 || mode
>= ACL_BITS_PER_CMD
)
1108 if (EffectiveAclUser
)
1110 debug1("AclCheckPermCmd: WARNING user %s overridden!\n", u
->u_name
);
1111 u
= EffectiveAclUser
;
1113 ok
= ACLBYTE(c
->userbits
[mode
], u
->u_id
) & ACLBIT(u
->u_id
);
1114 debug3("AclCheckPermCmd(%s %d %s) = ", u
->u_name
, mode
, c
->name
);
1117 struct aclusergroup
**g
= &u
->u_group
;
1118 struct acluser
*saved_eff
= EffectiveAclUser
;
1120 EffectiveAclUser
= NULL
;
1123 if (!AclCheckPermCmd((*g
)->u
, mode
, c
))
1127 EffectiveAclUser
= saved_eff
;
1131 debug1("%d\n", !ok
);
1135 #endif /* MULTIUSER */