1 /* Copyright (c) 2008, 2009
2 * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
3 * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
4 * Micah Cowan (micah@cowan.name)
5 * Sadrul Habib Chowdhury (sadrul@users.sourceforge.net)
6 * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007
7 * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
8 * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
9 * Copyright (c) 1987 Oliver Laumann
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3, or (at your option)
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program (see the file COPYING); if not, see
23 * http://www.gnu.org/licenses/, or contact Free Software Foundation, Inc.,
24 * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
26 ****************************************************************
29 #include <sys/types.h>
34 /* XXX: WHY IS THIS HERE?? :XXX */
38 # include <stdio.h> /* needed by <pwd.h> */
39 # endif /* _SEQUENT_ */
43 # endif /* SHADOWPW */
44 #endif /* CHECKLOGIN */
50 #include "screen.h" /* includes acls.h */
54 /************************************************************************
55 * user managing code, this does not really belong into the acl stuff *
56 ************************************************************************/
58 extern struct comm comms
[];
59 extern struct win
*windows
, *wtab
[];
60 extern char NullStr
[];
61 extern char SockPath
[];
62 extern struct display
*display
, *displays
;
63 struct acluser
*users
;
66 int maxusercount
= 0; /* used in process.c: RC_MONITOR, RC_SILENCE */
68 /* record given user ids here */
69 static AclBits userbits
;
72 * rights a new unknown user will have on windows and cmds.
73 * These are changed by a "umask ?-..." command:
75 static char default_w_bit
[ACL_BITS_PER_WIN
] =
82 static char default_c_bit
[ACL_BITS_PER_CMD
] =
87 /* rights of all users per newly created window */
89 * are now stored per user (umask)
90 * static AclBits default_w_userbits[ACL_BITS_PER_WIN];
91 * static AclBits default_c_userbits[ACL_BITS_PER_CMD];
94 static int GrowBitfield
__P((AclBits
*, int, int, int));
95 static struct aclusergroup
**FindGroupPtr
__P((struct aclusergroup
**, struct acluser
*, int));
96 static int AclSetPermCmd
__P((struct acluser
*, char *, struct comm
*));
97 static int AclSetPermWin
__P((struct acluser
*, struct acluser
*, char *, struct win
*));
98 static int UserAcl
__P((struct acluser
*, struct acluser
**, int, char **));
99 static int UserAclCopy
__P((struct acluser
**, struct acluser
**));
103 GrowBitfield(bfp
, len
, delta
, defaultbit
)
105 int len
, delta
, defaultbit
;
110 if (!(n
= (AclBits
)calloc(1, (unsigned long)(&ACLBYTE((char *)0, len
+ delta
+ 1)))))
112 for (i
= 0; i
< (len
+ delta
); i
++)
114 if (((i
< len
) && (ACLBIT(i
) & ACLBYTE(o
, i
))) ||
115 ((i
>= len
) && (defaultbit
)))
116 ACLBYTE(n
, i
) |= ACLBIT(i
);
124 #endif /* MULTIUSER */
127 * Returns an nonzero Address. Its contents is either a User-ptr,
128 * or NULL which may be replaced by a User-ptr to create the entry.
136 for (u
= &users
; *u
; u
= &(*u
)->u_next
)
137 if (!strcmp((*u
)->u_name
, name
))
140 debug3("FindUserPtr %s %sfound, id %d\n", name
, (*u
)?"":"not ",
142 #else /* MULTIUSER */
143 debug2("FindUserPtr %s %sfound\n", name
, (*u
)?"":"not ");
144 #endif /* MULTIUSER */
148 int DefaultEsc
= -1; /* initialised by screen.c:main() */
149 int DefaultMetaEsc
= -1;
152 * Add a new user. His password may be NULL or "" if none. His name must not
153 * be "none", as this represents the NULL-pointer when dealing with groups.
154 * He has default rights, determined by umask.
157 UserAdd(name
, pass
, up
)
166 up
= FindUserPtr(name
);
170 (*up
)->u_password
= SaveStr(pass
);
171 return 1; /* he is already there */
173 if (strcmp("none", name
)) /* "none" is a reserved word */
174 *up
= (struct acluser
*)calloc(1, sizeof(struct acluser
));
176 return -1; /* he still does not exist */
178 (*up
)->u_plop
.buf
= NULL
;
179 (*up
)->u_plop
.len
= 0;
181 (*up
)->u_plop
.enc
= 0;
184 (*up
)->u_Esc
= DefaultEsc
;
185 (*up
)->u_MetaEsc
= DefaultMetaEsc
;
186 strncpy((*up
)->u_name
, name
, 20);
187 (*up
)->u_password
= NULL
;
189 (*up
)->u_password
= SaveStr(pass
);
190 if (!(*up
)->u_password
)
191 (*up
)->u_password
= NullStr
;
192 (*up
)->u_detachwin
= -1;
193 (*up
)->u_detachotherwin
= -1;
196 (*up
)->u_group
= NULL
;
197 /* now find an unused index */
198 for ((*up
)->u_id
= 0; (*up
)->u_id
< maxusercount
; (*up
)->u_id
++)
199 if (!(ACLBIT((*up
)->u_id
) & ACLBYTE(userbits
, (*up
)->u_id
)))
201 debug2("UserAdd %s id %d\n", name
, (*up
)->u_id
);
202 if ((*up
)->u_id
== maxusercount
)
208 debug2("growing all bitfields %d += %d\n", maxusercount
, USER_CHUNK
);
209 /* the bitfields are full, grow a chunk */
210 /* first, the used_uid_indicator: */
211 if (GrowBitfield(&userbits
, maxusercount
, USER_CHUNK
, 0))
213 free((char *)*up
); *up
= NULL
; return -1;
215 /* second, default command bits */
216 /* (only if we generate commands dynamically) */
218 for (j = 0; j < ACL_BITS_PER_CMD; j++)
219 if (GrowBitfield(&default_c_userbits[j], maxusercount, USER_CHUNK,
222 free((char *)*up); *up = NULL; return -1;
225 /* third, the bits for each commands */
226 for (j
= 0; j
<= RC_LAST
; j
++)
230 for (i
= 0; i
< ACL_BITS_PER_CMD
; i
++)
231 if (GrowBitfield(&comms
[j
].userbits
[i
], maxusercount
, USER_CHUNK
,
234 free((char *)*up
); *up
= NULL
; return -1;
237 /* fourth, default window creation bits per user */
238 for (u
= users
; u
!= *up
; u
= u
->u_next
)
240 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
242 if (GrowBitfield(&u
->u_umask_w_bits
[j
], maxusercount
, USER_CHUNK
,
245 free((char *)*up
); *up
= NULL
; return -1;
250 /* fifth, the bits for each window */
251 /* keep these in sync with NewWindowAcl() */
252 for (w
= windows
; w
; w
= w
->w_next
)
254 /* five a: the access control list */
255 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
256 if (GrowBitfield(&w
->w_userbits
[j
], maxusercount
, USER_CHUNK
,
259 free((char *)*up
); *up
= NULL
; return -1;
261 /* five b: the activity notify list */
262 /* five c: the silence notify list */
263 if (GrowBitfield(&w
->w_mon_notify
, maxusercount
, USER_CHUNK
, 0) ||
264 GrowBitfield(&w
->w_lio_notify
, maxusercount
, USER_CHUNK
, 0))
266 free((char *)*up
); *up
= NULL
; return -1;
269 maxusercount
+= USER_CHUNK
;
272 /* mark the user-entry as "in-use" */
273 ACLBYTE(userbits
, (*up
)->u_id
) |= ACLBIT((*up
)->u_id
);
275 /* user id 0 is the session creator, he has all rights */
276 if ((*up
)->u_id
== 0)
277 AclSetPerm(NULL
, *up
, "+a", "#?");
279 /* user nobody has a fixed set of rights: */
280 if (!strcmp((*up
)->u_name
, "nobody"))
282 AclSetPerm(NULL
, *up
, "-rwx", "#?");
283 AclSetPerm(NULL
, *up
, "+x", "su");
284 AclSetPerm(NULL
, *up
, "+x", "detach");
285 AclSetPerm(NULL
, *up
, "+x", "displays");
286 AclSetPerm(NULL
, *up
, "+x", "version");
291 * Give default_w_bit's for all users,
292 * but allow himself everything on "his" windows.
294 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
296 if (GrowBitfield(&(*up
)->u_umask_w_bits
[j
], 0, maxusercount
,
299 free((char *)*up
); *up
= NULL
; return -1;
301 ACLBYTE((*up
)->u_umask_w_bits
[j
], (*up
)->u_id
) |= ACLBIT((*up
)->u_id
);
303 #else /* MULTIUSER */
304 debug1("UserAdd %s\n", name
);
305 #endif /* MULTIUSER */
310 /* change user's password */
312 UserSetPass(name
, pass
, up
)
317 up
= FindUserPtr(name
);
319 return UserAdd(name
, pass
, up
);
320 if (!strcmp(name
, "nobody")) /* he remains without password */
322 strncpy((*up
)->u_password
, pass
? pass
: "", 20);
323 (*up
)->u_password
[20] = '\0';
329 * Remove a user from the list.
330 * Destroy all his permissions and completely detach him from the session.
341 struct display
*old
, *next
;
344 up
= FindUserPtr(name
);
346 return -1; /* he who does not exist cannot be removed */
348 for (display
= displays
; display
; display
= next
)
350 next
= display
->d_next
; /* read the next ptr now, Detach may zap it. */
361 for (up
= &users
; *up
; up
= &(*up
)->u_next
)
363 /* unlink all group references to this user */
364 struct aclusergroup
**g
= &(*up
)->u_group
;
370 struct aclusergroup
*next
= (*g
)->next
;
379 ACLBYTE(userbits
, u
->u_id
) &= ~ACLBIT(u
->u_id
);
380 /* restore the bits in his slot to default: */
381 AclSetPerm(NULL
, u
, default_w_bit
[ACL_READ
] ? "+r" : "-r", "#");
382 AclSetPerm(NULL
, u
, default_w_bit
[ACL_WRITE
]? "+w" : "-w", "#");
383 AclSetPerm(NULL
, u
, default_w_bit
[ACL_EXEC
] ? "+x" : "-x", "#");
384 AclSetPerm(NULL
, u
, default_c_bit
[ACL_EXEC
] ? "+x" : "-x", "?");
385 for (i
= 0; i
< ACL_BITS_PER_WIN
; i
++)
386 free((char *)u
->u_umask_w_bits
[i
]);
387 #endif /* MULTIUSER */
388 debug1("FREEING user structure for %s\n", u
->u_name
);
390 UserFreeCopyBuffer(u
);
395 debug("Last user deleted. Feierabend.\n");
396 Finit(0); /* Destroying whole session. Noone could ever attach again. */
405 * returns 0 if the copy buffer was really deleted.
406 * Also removes any references into the users copybuffer
409 UserFreeCopyBuffer(u
)
417 for (w
= windows
; w
; w
= w
->w_next
)
420 if (pa
->pa_pasteptr
>= u
->u_plop
.buf
&&
421 pa
->pa_pasteptr
- u
->u_plop
.buf
< u
->u_plop
.len
)
424 free((char *)u
->u_plop
.buf
);
429 #endif /* COPY_PASTE */
433 * Traverses group nodes. It searches for a node that references user u.
434 * If recursive is true, nodes found in the users are also searched using
435 * depth first method. If none of the nodes references u, the address of
436 * the last next pointer is returned. This address will contain NULL.
438 static struct aclusergroup
**
439 FindGroupPtr(gp
, u
, recursive
)
440 struct aclusergroup
**gp
;
444 struct aclusergroup
**g
;
446 ASSERT(recursive
< 1000); /* Ouch, cycle detection failed */
450 return gp
; /* found him here. */
452 *(g
= FindGroupPtr(&(*gp
)->u
->u_group
, u
, recursive
+ 1)))
453 return g
; /* found him there. */
456 return gp
; /* *gp is NULL */
460 * Returns nonzero if failed or already linked.
461 * Both users are created on demand.
462 * Cyclic links are prevented.
465 AclLinkUser(from
, to
)
468 struct acluser
**u1
, **u2
;
469 struct aclusergroup
**g
;
471 if (!*(u1
= FindUserPtr(from
)) && UserAdd(from
, NULL
, u1
))
473 if (!*(u2
= FindUserPtr(to
)) && UserAdd(to
, NULL
, u2
))
474 return -1; /* hmm, could not find both users. */
476 if (*FindGroupPtr(&(*u2
)->u_group
, *u1
, 1))
477 return 1; /* cyclic link detected! */
478 if (*(g
= FindGroupPtr(&(*u1
)->u_group
, *u2
, 0)))
479 return 2; /* aha, we are already linked! */
481 if (!(*g
= (struct aclusergroup
*)malloc(sizeof(struct aclusergroup
))))
482 return -1; /* Could not alloc link. Poor screen */
489 * The user pointer stored at *up will be substituted by a pointer
490 * to the named user's structure, if passwords match.
491 * returns NULL if successfull, an static error string otherwise
494 DoSu(up
, name
, pw1
, pw2
)
496 char *name
, *pw1
, *pw2
;
501 if (!(u
= *FindUserPtr(name
)))
513 if (!(pp
= getpwnam(name
)))
515 debug1("getpwnam(\"%s\") failed\n", name
);
516 if (!(pw1
&& *pw1
&& *pw1
!= '\377'))
518 debug("no unix account, no screen passwd\n");
523 pass
= pp
->pw_passwd
;
525 for (t
= 0; t
< 13; t
++)
528 if (!(c
== '.' || c
== '/' ||
529 (c
>= '0' && c
<= '9') ||
530 (c
>= 'a' && c
<= 'z') ||
531 (c
>= 'A' && c
<= 'Z')))
536 if (!(ss
= getspnam(name
)))
538 debug1("getspnam(\"%s\") failed\n", name
);
544 #endif /* SHADOWPW */
546 if (pw2
&& *pw2
&& *pw2
!= '\377') /* provided a system password */
548 if (!*pass
|| /* but needed none */
549 strcmp(crypt(pw2
, pass
), pass
))
551 debug("System password mismatch\n");
555 else /* no pasword provided */
556 if (*pass
) /* but need one */
559 if (pw1
&& *pw1
&& *pw1
!= '\377') /* provided a screen password */
561 if (!*u
->u_password
|| /* but needed none */
562 strcmp(crypt(pw1
, u
->u_password
), u
->u_password
))
564 debug("screen password mismatch\n");
568 else /* no pasword provided */
569 if (*u
->u_password
) /* but need one */
573 debug2("syslog(LOG_NOTICE, \"screen %s: \"su %s\" ", SockPath
, name
);
574 debug2("%s for \"%s\"\n", sorry
? "failed" : "succeded", (*up
)->u_name
);
577 openlog("screen", LOG_PID
);
579 openlog("screen", LOG_PID
, LOG_AUTH
);
581 syslog(LOG_NOTICE
, "%s: \"su %s\" %s for \"%s\"", SockPath
, name
,
582 sorry
? "failed" : "succeded", (*up
)->u_name
);
585 debug("NOT LOGGED.\n");
586 #endif /* NOSYSLOG */
591 *up
= u
; /* substitute user now */
594 #endif /* MULTIUSER */
596 /************************************************************************
597 * end of user managing code *
598 ************************************************************************/
603 /* This gives the users default rights to the new window w created by u */
611 debug2("NewWindowAcl %s's umask_w_bits for window %d\n",
612 u
? u
->u_name
: "everybody", w
->w_number
);
614 /* keep these in sync with UserAdd part five. */
615 if (GrowBitfield(&w
->w_mon_notify
, 0, maxusercount
, 0) ||
616 GrowBitfield(&w
->w_lio_notify
, 0, maxusercount
, 0))
618 for (j
= 0; j
< ACL_BITS_PER_WIN
; j
++)
620 /* we start with len 0 for the new bitfield size and add maxusercount */
621 if (GrowBitfield(&w
->w_userbits
[j
], 0, maxusercount
, 0))
624 free((char *)w
->w_userbits
[j
]);
625 free((char *)w
->w_mon_notify
);
626 free((char *)w
->w_lio_notify
);
629 for (i
= 0; i
< maxusercount
; i
++)
630 if (u
? (ACLBIT(i
) & ACLBYTE(u
->u_umask_w_bits
[j
], i
)) :
632 ACLBYTE(w
->w_userbits
[j
], i
) |= ACLBIT(i
);
643 for (i
= 0; i
< ACL_BITS_PER_WIN
; i
++)
644 free((char *)w
->w_userbits
[i
]);
645 free((char *)w
->w_mon_notify
);
646 free((char *)w
->w_lio_notify
);
650 /* if mode starts with '-' we remove the users exec bit for cmd */
652 * NOTE: before you make this function look the same as
653 * AclSetPermWin, try to merge both functions.
656 AclSetPermCmd(u
, mode
, cmd
)
677 /* debug3("AclSetPermCmd %s %s %s\n", u->u_name, mode, cmd->name); */
679 ACLBYTE(cmd
->userbits
[ACL_EXEC
], u
->u_id
) &= ~ACLBIT(u
->u_id
);
681 ACLBYTE(cmd
->userbits
[ACL_EXEC
], u
->u_id
) |= ACLBIT(u
->u_id
);
693 /* mode strings of the form +rwx -w+rx r -wx are parsed and evaluated */
696 * releases a writelock on window 2 held by user nerd.
697 * Letter n allows network access on a window.
698 * uu should be NULL, except if you want to change his umask.
701 AclSetPermWin(uu
, u
, mode
, win
)
702 struct acluser
*u
, *uu
;
713 debug3("AclSetPermWin %s UMASK %s %s\n", uu
->u_name
, u
->u_name
, mode
);
714 bitarray
= uu
->u_umask_w_bits
;
719 bitarray
= win
->w_userbits
;
720 debug3("AclSetPermWin %s %s %d\n", u
->u_name
, mode
, win
->w_number
);
734 bits
= (1 << ACL_READ
);
737 bits
= (1 << ACL_WRITE
);
740 bits
= (1 << ACL_EXEC
);
743 bits
= (1 << ACL_BITS_PER_WIN
) - 1;
748 for (bit
= 0; bit
< ACL_BITS_PER_WIN
; bit
++)
750 if (!(bits
& (1 << bit
)))
753 ACLBYTE(bitarray
[bit
], u
->u_id
) &= ~ACLBIT(u
->u_id
);
755 ACLBYTE(bitarray
[bit
], u
->u_id
) |= ACLBIT(u
->u_id
);
756 if (!uu
&& (win
->w_wlockuser
== u
) && neg
&& (bit
== ACL_WRITE
))
758 debug2("%s lost writelock on win %d\n", u
->u_name
, win
->w_number
);
759 win
->w_wlockuser
= NULL
;
760 if (win
->w_wlock
== WLOCK_ON
)
761 win
->w_wlock
= WLOCK_AUTO
;
765 if (uu
&& u
->u_name
[0] == '?' && u
->u_name
[1] == '\0')
768 * It is Mr. '?', the unknown user. He deserves special treatment as
769 * he defines the defaults. Sorry, this is global, not per user.
773 debug1("AclSetPermWin: default_w_bits '%s'.\n", mode
);
774 for (bit
= 0; bit
< ACL_BITS_PER_WIN
; bit
++)
776 (ACLBYTE(bitarray
[bit
], u
->u_id
) & ACLBIT(u
->u_id
)) ? 1 : 0;
781 * Hack. I do not want to duplicate all the above code for
782 * AclSetPermCmd. This asumes that there are not more bits
783 * per cmd than per win.
785 debug1("AclSetPermWin: default_c_bits '%s'.\n", mode
);
786 for (bit
= 0; bit
< ACL_BITS_PER_CMD
; bit
++)
788 (ACLBYTE(bitarray
[bit
], u
->u_id
) & ACLBIT(u
->u_id
)) ? 1 : 0;
790 UserDel(u
->u_name
, NULL
);
796 * String is broken down into comand and window names, mode applies
797 * A command name matches first, so do not use these as window names.
798 * uu should be NULL, except if you want to change his umask.
801 AclSetPerm(uu
, u
, mode
, s
)
802 struct acluser
*uu
, *u
;
809 debug3("AclSetPerm(uu, user '%s', mode '%s', object '%s')\n",
815 case '*': /* all windows and all commands */
816 return AclSetPerm(uu
, u
, mode
, "#?");
818 if (uu
) /* window umask or .. */
819 AclSetPermWin(uu
, u
, mode
, (struct win
*)1);
820 else /* .. or all windows */
821 for (w
= windows
; w
; w
= w
->w_next
)
822 AclSetPermWin((struct acluser
*)0, u
, mode
, w
);
826 if (uu
) /* command umask or .. */
827 AclSetPermWin(uu
, u
, mode
, (struct win
*)0);
828 else /* .. or all commands */
829 for (i
= 0; i
<= RC_LAST
; i
++)
830 AclSetPermCmd(u
, mode
, &comms
[i
]);
834 for (p
= s
; *p
&& *p
!= ' ' && *p
!= '\t' && *p
!= ','; p
++)
838 if ((i
= FindCommnr(s
)) != RC_ILLEGAL
)
839 AclSetPermCmd(u
, mode
, &comms
[i
]);
840 else if (((i
= WindowByNoN(s
)) >= 0) && wtab
[i
])
841 AclSetPermWin((struct acluser
*)0, u
, mode
, wtab
[i
]);
843 /* checking group name */
854 * Generic ACL Manager:
856 * This handles acladd and aclchg identical.
857 * With 2 or 4 parameters, the second parameter is a password.
858 * With 3 or 4 parameters the last two parameters specify the permissions
859 * else user is added with full permissions.
860 * With 1 parameter the users permissions are copied from user *argv.
861 * Unlike the other cases, u->u_name should not match *argv here.
862 * uu should be NULL, except if you want to change his umask.
865 UserAcl(uu
, u
, argc
, argv
)
866 struct acluser
*uu
, **u
;
870 if ((*u
&& !strcmp((*u
)->u_name
, "nobody")) ||
871 (argc
> 1 && !strcmp(argv
[0], "nobody")))
872 return -1; /* do not change nobody! */
877 debug2("UserAcl: user '%s', password '%s':", argv
[0], argv
[1]);
878 return (UserAdd(argv
[0], argv
[1], u
) < 0) ||
879 AclSetPerm(uu
, *u
, argv
[2], argv
[3]);
881 debug1("UserAcl: user '%s', no password:", argv
[0]);
882 return (UserAdd(argv
[0], NULL
, u
) < 0) ||
883 AclSetPerm(uu
, *u
, argv
[1], argv
[2]);
885 debug2("UserAcl: user '%s', password '%s'\n", argv
[0], argv
[1]);
886 return UserAdd(argv
[0], argv
[1], u
) < 0;
888 debug1("UserAcl: user '%s', no password:", argv
[0]);
889 return (UserAdd(argv
[0], NULL
, u
) < 0) ||
890 AclSetPerm(uu
, *u
, "+a", "#?");
897 UserAclCopy(to_up
, from_up
)
898 struct acluser
**to_up
, **from_up
;
901 int i
, j
, to_id
, from_id
;
903 if (!*to_up
|| !*from_up
)
905 debug2("UserAclCopy: from user '%s' to user '%s'\n",
906 (*from_up
)->u_name
, (*to_up
)->u_name
);
907 if ((to_id
= (*to_up
)->u_id
) == (from_id
= (*from_up
)->u_id
))
909 for (w
= windows
; w
; w
= w
->w_next
)
911 for (i
= 0; i
< ACL_BITS_PER_WIN
; i
++)
913 if (ACLBYTE(w
->w_userbits
[i
], from_id
) & ACLBIT(from_id
))
914 ACLBYTE(w
->w_userbits
[i
], to_id
) |= ACLBIT(to_id
);
917 ACLBYTE(w
->w_userbits
[i
], to_id
) &= ~ACLBIT(to_id
);
918 if ((w
->w_wlockuser
== *to_up
) && (i
== ACL_WRITE
))
920 debug2("%s lost wlock on win %d\n",
921 (*to_up
)->u_name
, w
->w_number
);
922 w
->w_wlockuser
= NULL
;
923 if (w
->w_wlock
== WLOCK_ON
)
924 w
->w_wlock
= WLOCK_AUTO
;
929 for (j
= 0; j
<= RC_LAST
; j
++)
931 for (i
= 0; i
< ACL_BITS_PER_CMD
; i
++)
933 if (ACLBYTE(comms
[j
].userbits
[i
], from_id
) & ACLBIT(from_id
))
934 ACLBYTE(comms
[j
].userbits
[i
], to_id
) |= ACLBIT(to_id
);
936 ACLBYTE(comms
[j
].userbits
[i
], to_id
) &= ~ACLBIT(to_id
);
945 * user [password] [+rwx #?]
946 * * [password] [+rwx #?]
947 * user1,user2,user3 [password] [+rwx #?]
948 * user1,user2,user3=user
949 * uu should be NULL, except if you want to change his umask.
952 UsersAcl(uu
, argc
, argv
)
959 struct acluser
**cf_u
= NULL
;
967 if (*s
++ == '=') p
= s
;
971 cf_u
= FindUserPtr(p
);
975 if (argv
[0][0] == '*' && argv
[0][1] == '\0')
979 debug("all users acls.\n");
980 for (u
= &users
; *u
; u
= &(*u
)->u_next
)
981 if (strcmp("nobody", (*u
)->u_name
) &&
983 ((r
= UserAclCopy(u
, cf_u
)) < 0) :
984 ((r
= UserAcl(uu
, u
, argc
, argv
)) < 0)))
991 for (s
= argv
[0]; *s
&& *s
!=' ' && *s
!='\t' && *s
!=',' && *s
!='='; s
++)
993 *s
? (*s
++ = '\0') : (*s
= '\0');
994 debug2("UsersAcl(uu, \"%s\", argc=%d)\n", argv
[0], argc
);
996 ((r
= UserAclCopy(FindUserPtr(argv
[0]), cf_u
)) < 0) :
997 ((r
= UserAcl(uu
, FindUserPtr(argv
[0]), argc
, argv
)) < 0))
999 } while (*(argv
[0] = s
));
1004 * Preprocess argments, so that umask can be set with UsersAcl
1006 * all current users umask ±rwxn
1007 * one specific user umask user1±rwxn
1008 * several users umask user1,user2,...±rwxn
1009 * default_w_bits umask ?±rwxn
1010 * default_c_bits umask ??±rwxn
1013 AclUmask(u
, str
, errp
)
1022 /* split str into user and bits section. */
1023 for (p
= str
; *p
; p
++)
1024 if ((c
= *p
) == '+' || c
== '-')
1028 *errp
= "Bad argument. Should be ``[user[,user...]{+|-}rwxn''.";
1031 strncpy(mode
, p
, 15);
1035 /* construct argument vector */
1036 if (!strcmp("??", str
))
1044 av
[0] = *str
? str
: "*";
1046 if (UsersAcl(u
, 3, av
))
1048 *errp
= "UsersAcl failed. Hmmm.";
1060 debug2("AclWinSwap(%d, %d) NOP.\n", a
, b
);
1063 struct acluser
*EffectiveAclUser
= NULL
; /* hook for AT command permission */
1066 AclCheckPermWin(u
, mode
, w
)
1073 if (mode
< 0 || mode
>= ACL_BITS_PER_WIN
)
1075 if (EffectiveAclUser
)
1077 debug1("AclCheckPermWin: WARNING user %s overridden!\n", u
->u_name
);
1078 u
= EffectiveAclUser
;
1080 ok
= ACLBYTE(w
->w_userbits
[mode
], u
->u_id
) & ACLBIT(u
->u_id
);
1081 debug3("AclCheckPermWin(%s, %d, %d) = ", u
->u_name
, mode
, w
->w_number
);
1085 struct aclusergroup
**g
= &u
->u_group
;
1086 struct acluser
*saved_eff
= EffectiveAclUser
;
1088 EffectiveAclUser
= NULL
;
1091 if (!AclCheckPermWin((*g
)->u
, mode
, w
))
1095 EffectiveAclUser
= saved_eff
;
1099 debug1("%d\n", !ok
);
1104 AclCheckPermCmd(u
, mode
, c
)
1111 if (mode
< 0 || mode
>= ACL_BITS_PER_CMD
)
1113 if (EffectiveAclUser
)
1115 debug1("AclCheckPermCmd: WARNING user %s overridden!\n", u
->u_name
);
1116 u
= EffectiveAclUser
;
1118 ok
= ACLBYTE(c
->userbits
[mode
], u
->u_id
) & ACLBIT(u
->u_id
);
1119 debug3("AclCheckPermCmd(%s %d %s) = ", u
->u_name
, mode
, c
->name
);
1122 struct aclusergroup
**g
= &u
->u_group
;
1123 struct acluser
*saved_eff
= EffectiveAclUser
;
1125 EffectiveAclUser
= NULL
;
1128 if (!AclCheckPermCmd((*g
)->u
, mode
, c
))
1132 EffectiveAclUser
= saved_eff
;
1136 debug1("%d\n", !ok
);
1140 #endif /* MULTIUSER */