+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#include "config.h"
-
-#include "stg/user.h"
-#include "stg/common.h"
-
-#include <vector>
-#include <stdexcept>
-
-#include <strings.h> // strncasecmp
-
-using STG::Config;
-
-namespace
-{
-
-struct ParserError : public std::runtime_error
-{
- ParserError(const std::string& message)
- : runtime_error("Config is not valid. " + message),
- position(0),
- error(message)
- {}
- ParserError(size_t pos, const std::string& message)
- : runtime_error("Parsing error at position " + x2str(pos) + ". " + message),
- position(pos),
- error(message)
- {}
- virtual ~ParserError() throw() {}
-
- size_t position;
- std::string error;
-};
-
-size_t skipSpaces(const std::string& value, size_t start)
-{
- while (start < value.length() && std::isspace(value[start]))
- ++start;
- return start;
-}
-
-size_t checkChar(const std::string& value, size_t start, char ch)
-{
- if (start >= value.length())
- throw ParserError(start, "Unexpected end of string. Expected '" + std::string(1, ch) + "'.");
- if (value[start] != ch)
- throw ParserError(start, "Expected '" + std::string(1, ch) + "', got '" + std::string(1, value[start]) + "'.");
- return start + 1;
-}
-
-std::pair<size_t, std::string> readString(const std::string& value, size_t start)
-{
- std::string dest;
- while (start < value.length() && !std::isspace(value[start]) &&
- value[start] != ',' && value[start] != '(' && value[start] != ')')
- dest.push_back(value[start++]);
- if (dest.empty()) {
- if (start == value.length())
- throw ParserError(start, "Unexpected end of string. Expected string.");
- else
- throw ParserError(start, "Unexpected whitespace. Expected string.");
- }
- return std::make_pair(start, dest);
-}
-
-Config::Pairs toPairs(const std::vector<std::string>& values)
-{
- if (values.empty())
- return Config::Pairs();
- std::string value(values[0]);
- Config::Pairs res;
- size_t start = 0;
- while (start < value.size()) {
- Config::Pair pair;
- start = skipSpaces(value, start);
- if (!res.empty())
- {
- start = checkChar(value, start, ',');
- start = skipSpaces(value, start);
- }
- size_t pairStart = start;
- start = checkChar(value, start, '(');
- const std::pair<size_t, std::string> key = readString(value, start);
- start = key.first;
- pair.first = key.second;
- start = skipSpaces(value, start);
- start = checkChar(value, start, ',');
- start = skipSpaces(value, start);
- const std::pair<size_t, std::string> val = readString(value, start);
- start = val.first;
- pair.second = val.second;
- start = skipSpaces(value, start);
- start = checkChar(value, start, ')');
- if (res.find(pair.first) != res.end())
- throw ParserError(pairStart, "Duplicate field.");
- res.insert(pair);
- }
- return res;
-}
-
-bool toBool(const std::vector<std::string>& values)
-{
- if (values.empty())
- return false;
- std::string value(values[0]);
- return strncasecmp(value.c_str(), "yes", 3) == 0;
-}
-
-std::string toString(const std::vector<std::string>& values)
-{
- if (values.empty())
- return "";
- return values[0];
-}
-
-uid_t toUID(const std::vector<std::string>& values)
-{
- if (values.empty())
- return -1;
- uid_t res = str2uid(values[0]);
- if (res == static_cast<uid_t>(-1))
- throw ParserError("Invalid user name: '" + values[0] + "'");
- return res;
-}
-
-gid_t toGID(const std::vector<std::string>& values)
-{
- if (values.empty())
- return -1;
- gid_t res = str2gid(values[0]);
- if (res == static_cast<gid_t>(-1))
- throw ParserError("Invalid group name: '" + values[0] + "'");
- return res;
-}
-
-mode_t toMode(const std::vector<std::string>& values)
-{
- if (values.empty())
- return -1;
- mode_t res = str2mode(values[0]);
- if (res == static_cast<mode_t>(-1))
- throw ParserError("Invalid mode: '" + values[0] + "'");
- return res;
-}
-
-template <typename T>
-T toInt(const std::vector<std::string>& values)
-{
- if (values.empty())
- return 0;
- T res = 0;
- if (str2x(values[0], res) == 0)
- return res;
- return 0;
-}
-
-uint16_t toPort(const std::string& value)
-{
- if (value.empty())
- return 0;
- uint16_t res = 0;
- if (str2x(value, res) == 0)
- return res;
- throw ParserError("'" + value + "' is not a valid port number.");
-}
-
-typedef std::map<std::string, Config::ReturnCode> Codes;
-
-// One-time call to initialize the list of codes.
-Codes getCodes()
-{
- Codes res;
- res["reject"] = Config::REJECT;
- res["fail"] = Config::FAIL;
- res["ok"] = Config::OK;
- res["handled"] = Config::HANDLED;
- res["invalid"] = Config::INVALID;
- res["userlock"] = Config::USERLOCK;
- res["notfound"] = Config::NOTFOUND;
- res["noop"] = Config::NOOP;
- res["updated"] = Config::UPDATED;
- return res;
-}
-
-Config::ReturnCode toReturnCode(const std::vector<std::string>& values)
-{
- static Codes codes(getCodes());
- if (values.empty())
- return Config::REJECT;
- std::string code = ToLower(values[0]);
- const Codes::const_iterator it = codes.find(code);
- if (it == codes.end())
- return Config::REJECT;
- return it->second;
-}
-
-Config::Pairs parseVector(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toPairs(params[i].value);
- return Config::Pairs();
-}
-
-Config::Authorize parseAuthorize(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return Config::Authorize(toPairs(params[i].value));
- return Config::Authorize();
-}
-
-Config::ReturnCode parseReturnCode(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toReturnCode(params[i].value);
- return Config::REJECT;
-}
-
-bool parseBool(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toBool(params[i].value);
- return false;
-}
-
-std::string parseString(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toString(params[i].value);
- return "";
-}
-
-std::string parseAddress(Config::Type connectionType, const std::string& value)
-{
- size_t pos = value.find_first_of(':');
- if (pos == std::string::npos)
- throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
- if (connectionType == Config::UNIX)
- return value.substr(pos + 1);
- std::string address(value.substr(pos + 1));
- pos = address.find_first_of(':', pos + 1);
- if (pos == std::string::npos)
- throw ParserError("Port is not specified.");
- return address.substr(0, pos - 1);
-}
-
-std::string parsePort(Config::Type connectionType, const std::string& value)
-{
- size_t pos = value.find_first_of(':');
- if (pos == std::string::npos)
- throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
- if (connectionType == Config::UNIX)
- return "";
- std::string address(value.substr(pos + 1));
- pos = address.find_first_of(':', pos + 1);
- if (pos == std::string::npos)
- throw ParserError("Port is not specified.");
- return address.substr(pos + 1);
-}
-
-Config::Type parseConnectionType(const std::string& address)
-{
- size_t pos = address.find_first_of(':');
- if (pos == std::string::npos)
- throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
- std::string type = ToLower(address.substr(0, pos));
- if (type == "unix")
- return Config::UNIX;
- else if (type == "tcp")
- return Config::TCP;
- throw ParserError("Invalid connection type. Should be either 'unix' or 'tcp', got '" + type + "'");
-}
-
-Config::Section parseSection(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return Config::Section(parseVector("match", params[i].sections),
- parseVector("modify", params[i].sections),
- parseVector("reply", params[i].sections),
- parseReturnCode("no_match", params[i].sections),
- parseAuthorize("authorize", params[i].sections));
- return Config::Section();
-}
-
-uid_t parseUID(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toUID(params[i].value);
- return -1;
-}
-
-gid_t parseGID(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toGID(params[i].value);
- return -1;
-}
-
-mode_t parseMode(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toMode(params[i].value);
- return -1;
-}
-
-} // namespace anonymous
-
-bool Config::Authorize::check(const USER& user, const Config::Pairs& radiusData) const
-{
- if (!m_auth)
- return false; // No flag - no authorization.
-
- if (m_cond.empty())
- return true; // Empty parameter - always authorize.
-
- Config::Pairs::const_iterator it = m_cond.begin();
- for (; it != m_cond.end(); ++it)
- {
- const Config::Pairs::const_iterator pos = radiusData.find(it->first);
- if (pos == radiusData.end())
- return false; // No required Radius parameter.
- if (user.GetParamValue(it->second) != pos->second)
- return false; // No match with the user.
- }
-
- return true;
-}
-
-Config::Config(const MODULE_SETTINGS& settings)
- : autz(parseSection("autz", settings.moduleParams)),
- auth(parseSection("auth", settings.moduleParams)),
- postauth(parseSection("postauth", settings.moduleParams)),
- preacct(parseSection("preacct", settings.moduleParams)),
- acct(parseSection("acct", settings.moduleParams)),
- verbose(parseBool("verbose", settings.moduleParams)),
- address(parseString("bind_address", settings.moduleParams)),
- connectionType(parseConnectionType(address)),
- bindAddress(parseAddress(connectionType, address)),
- portStr(parsePort(connectionType, address)),
- port(toPort(portStr)),
- key(parseString("key", settings.moduleParams)),
- sockUID(parseUID("sock_owner", settings.moduleParams)),
- sockGID(parseGID("sock_group", settings.moduleParams)),
- sockMode(parseMode("sock_mode", settings.moduleParams))
-{
- size_t count = 0;
- if (autz.authorize.exists())
- ++count;
- if (auth.authorize.exists())
- ++count;
- if (postauth.authorize.exists())
- ++count;
- if (preacct.authorize.exists())
- ++count;
- if (acct.authorize.exists())
- ++count;
- if (count > 0)
- throw ParserError("Authorization flag is specified in more than one section.");
-}
git.stg.codes / stg.git / blobdiff