diff options
author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-10-14 19:19:41 +0000 |
---|---|---|
committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-10-14 19:19:41 +0000 |
commit | 368fef44d8b9cc8cd1a527fab6aa9be20fd95e18 (patch) | |
tree | 9286382968d893baf5a8c3384f8e15744de1dbb1 | |
parent | 580ad6f7786fba0740a00f98cf3d398bb5dfcd58 (diff) | |
download | neon-368fef44d8b9cc8cd1a527fab6aa9be20fd95e18.tar.gz |
Introduce new ACL interface under separate header, function name, and
restore API/ABI backwards-compat with old ACL interface:
* src/ne_acl3744.c, src/ne_acl3744.h: Renamed from ne_acl.c, ne_acl.h.
(ne_acl3744_set): Renamed from ne_acl_set.
* src/ne_oldacl.c, src/ne_acl.h: Copied from old ne_acl.c, ne_acl.h on
0.28.x branch.
* src/Makefile.in: Update deps.
* test/acl3744.c: Renamed from acl.c.
(test_acl): Call new function name.
* test/oldacl.c: Copied from acl.c on 0.28.x branch.
* test/Makefile.in: Update accordingly.
* macros/neon.m4 (LIBNEON_SOURCE_CHECKS): Update for new source file
names.
* neon.mak: Update for new source file names.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1567 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
-rw-r--r-- | macros/neon.m4 | 2 | ||||
-rw-r--r-- | neon.mak | 9 | ||||
-rw-r--r-- | src/Makefile.in | 5 | ||||
-rw-r--r-- | src/ne_acl.h | 69 | ||||
-rw-r--r-- | src/ne_acl3744.c (renamed from src/ne_acl.c) | 8 | ||||
-rw-r--r-- | src/ne_acl3744.h | 85 | ||||
-rw-r--r-- | src/ne_oldacl.c | 132 | ||||
-rw-r--r-- | test/Makefile.in | 11 | ||||
-rw-r--r-- | test/acl3744.c (renamed from test/acl.c) | 4 | ||||
-rw-r--r-- | test/oldacl.c | 101 |
10 files changed, 362 insertions, 64 deletions
diff --git a/macros/neon.m4 b/macros/neon.m4 index 8f47d80..be2de7d 100644 --- a/macros/neon.m4 +++ b/macros/neon.m4 @@ -715,7 +715,7 @@ if test "x$neon_no_acl" = "xyes"; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_acl" + NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_oldacl ne_acl3744" fi NEON_SSL() @@ -133,7 +133,8 @@ LIB32_OBJS= \ "$(INTDIR)\ne_207.obj" \ "$(INTDIR)\ne_xml.obj" \ "$(INTDIR)\ne_xmlreq.obj" \ - "$(INTDIR)\ne_acl.obj" \ + "$(INTDIR)\ne_oldacl.obj" \ + "$(INTDIR)\ne_acl3744.obj" \ "$(INTDIR)\ne_props.obj" \ "$(INTDIR)\ne_locks.obj" !ENDIF @@ -162,7 +163,8 @@ ALL: ".\src\config.h" "$(TARGET)" CLEAN: $(ZLIB_CLEAN) -@erase "$(INTDIR)\ne_207.obj" -@erase "$(INTDIR)\ne_alloc.obj" - -@erase "$(INTDIR)\ne_acl.obj" + -@erase "$(INTDIR)\ne_oldacl.obj" + -@erase "$(INTDIR)\ne_acl3744.obj" -@erase "$(INTDIR)\ne_auth.obj" -@erase "$(INTDIR)\ne_basic.obj" -@erase "$(INTDIR)\ne_compress.obj" @@ -210,7 +212,8 @@ CLEAN: $(ZLIB_CLEAN) "$(INTDIR)\ne_207.obj": .\src\ne_207.c "$(INTDIR)\ne_alloc.obj": .\src\ne_alloc.c -"$(INTDIR)\ne_acl.obj": .\src\ne_acl.c +"$(INTDIR)\ne_acl3744.obj": .\src\ne_acl3744.c +"$(INTDIR)\ne_oldacl.obj": .\src\ne_oldacl.c "$(INTDIR)\ne_auth.obj": .\src\ne_auth.c "$(INTDIR)\ne_basic.obj": .\src\ne_basic.c "$(INTDIR)\ne_compress.obj": .\src\ne_compress.c diff --git a/src/Makefile.in b/src/Makefile.in index 5774cd6..af0456f 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -161,6 +161,9 @@ ne_locks.@NEON_OBJEXT@: ne_locks.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_xmlreq.@NEON_OBJEXT@: ne_xmlreq.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_xmlreq.h \ ne_request.h ne_utils.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h \ ne_uri.h ne_socket.h ne_xml.h ne_basic.h -ne_acl.@NEON_OBJEXT@: ne_acl.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ +ne_oldacl.@NEON_OBJEXT@: ne_oldacl.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ + ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ + ne_locks.h ne_acl.h ne_xml.h +ne_acl3744.@NEON_OBJEXT@: ne_acl3744.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_locks.h ne_acl.h ne_xml.h diff --git a/src/ne_acl.h b/src/ne_acl.h index 94e973b..7bcc80a 100644 --- a/src/ne_acl.h +++ b/src/ne_acl.h @@ -1,8 +1,6 @@ /* Access control - Copyright (C) 2001-2007, Joe Orton <joe@manyfish.co.uk> - Copyright (C) 2001, Arun Garg <arung@pspl.co.in> - Copyright (C) 2007 Henrik Holst <henrik.holst2@gmail.com> + Copyright (C) 2001-2006, Joe Orton <joe@manyfish.co.uk> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -28,52 +26,25 @@ NE_BEGIN_DECLS -#define NE_ACL_READ (0x0001) -#define NE_ACL_WRITE (0x0002) -#define NE_ACL_WRITE_PROPERTIES (0x0004) -#define NE_ACL_WRITE_CONTENT (0x0008) -#define NE_ACL_UNLOCK (0x0010) -#define NE_ACL_READ_ACL (0x0020) -#define NE_ACL_READ_CUPRIVSET (0x0040) -#define NE_ACL_WRITE_ACL (0x0080) -#define NE_ACL_BIND (0x0100) -#define NE_ACL_UNBIND (0x0200) -#define NE_ACL_ALL (0x0400) - -enum ne_acl_target { - ne_acl_href, - ne_acl_property, - ne_acl_all, - ne_acl_authenticated, - ne_acl_unauthenticated, - ne_acl_self -}; - -enum ne_acl_optype { - ne_acl_grant, - ne_acl_deny -}; - -/* A simplified representation of an Access Control Element (ACE): */ -typedef struct { - /* Identify the principal(s) to which this ACE applies: */ - enum ne_acl_target target; - - /* Whether to grant or deny access: */ - enum ne_acl_optype type; - - /* If target == ne_acl_href, tname must be non-NULL and give the - * principal URL. If target == ne_acl_property, tname must be - * non-NULL and be a property name, including an XML namespace - * definition, if appropriate (the default namespace being - * "DAV:"). This restricts access as described at: - * http://tools.ietf.org/html/rfc3744#section-5.5.1 */ - char *tname; - - /* The set of privileges to be restricted; a bit mask of one or - * more of the NE_ACL_* constants defined above: */ - unsigned int privileges; - +typedef struct +{ + enum { + ne_acl_href, + ne_acl_property, + ne_acl_all + } apply; + + enum { + ne_acl_grant, + ne_acl_deny + } type; + + char *principal; + int read; + int read_acl; + int write; + int write_acl; + int read_cuprivset; } ne_acl_entry; /* Set the ACL for the given resource to the list of ACL entries. */ diff --git a/src/ne_acl.c b/src/ne_acl3744.c index 50df2af..3ad7e1d 100644 --- a/src/ne_acl.c +++ b/src/ne_acl3744.c @@ -1,6 +1,6 @@ /* Access control - Copyright (C) 2001-2006, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2001-2006, 2008, Joe Orton <joe@manyfish.co.uk> Copyright (C) 2001, Arun Garg <arung@pspl.co.in> Copyright (C) 2007 Henrik Holst <henrik.holst2@gmail.com> @@ -41,7 +41,7 @@ #include "ne_locks.h" #include "ne_alloc.h" #include "ne_string.h" -#include "ne_acl.h" +#include "ne_acl3744.h" #include "ne_uri.h" #include "ne_xml.h" /* for NE_XML_MEDIA_TYPE */ @@ -153,8 +153,8 @@ static ne_buffer *acl_body(const ne_acl_entry *right, int count) return body; } -int ne_acl_set(ne_session *sess, const char *uri, - const ne_acl_entry *entries, int numentries) +int ne_acl3744_set(ne_session *sess, const char *uri, + const ne_acl_entry *entries, int numentries) { int ret; ne_request *req = ne_request_create(sess, "ACL", uri); diff --git a/src/ne_acl3744.h b/src/ne_acl3744.h new file mode 100644 index 0000000..dc8835c --- /dev/null +++ b/src/ne_acl3744.h @@ -0,0 +1,85 @@ +/* + Access control + Copyright (C) 2001-2007, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2001, Arun Garg <arung@pspl.co.in> + Copyright (C) 2007 Henrik Holst <henrik.holst2@gmail.com> + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA + +*/ + +#ifndef NE_ACL3744_H +#define NE_ACL3744_H + +#include "ne_session.h" + +NE_BEGIN_DECLS + +#define NE_ACL_READ (0x0001) +#define NE_ACL_WRITE (0x0002) +#define NE_ACL_WRITE_PROPERTIES (0x0004) +#define NE_ACL_WRITE_CONTENT (0x0008) +#define NE_ACL_UNLOCK (0x0010) +#define NE_ACL_READ_ACL (0x0020) +#define NE_ACL_READ_CUPRIVSET (0x0040) +#define NE_ACL_WRITE_ACL (0x0080) +#define NE_ACL_BIND (0x0100) +#define NE_ACL_UNBIND (0x0200) +#define NE_ACL_ALL (0x0400) + +enum ne_acl_target { + ne_acl_href, + ne_acl_property, + ne_acl_all, + ne_acl_authenticated, + ne_acl_unauthenticated, + ne_acl_self +}; + +enum ne_acl_optype { + ne_acl_grant, + ne_acl_deny +}; + +/* A simplified representation of an Access Control Element (ACE): */ +typedef struct { + /* Identify the principal(s) to which this ACE applies: */ + enum ne_acl_target target; + + /* Whether to grant or deny access: */ + enum ne_acl_optype type; + + /* If target == ne_acl_href, tname must be non-NULL and give the + * principal URL. If target == ne_acl_property, tname must be + * non-NULL and be a property name, including an XML namespace + * definition, if appropriate (the default namespace being + * "DAV:"). This restricts access as described at: + * http://tools.ietf.org/html/rfc3744#section-5.5.1 */ + char *tname; + + /* The set of privileges to be restricted; a bit mask of one or + * more of the NE_ACL_* constants defined above: */ + unsigned int privileges; + +} ne_acl_entry; + +/* Set the ACL for the given resource to the list of ACL entries. */ +int ne_acl3744_set(ne_session *sess, const char *path, + const ne_acl_entry entries[], int numentries); + +NE_END_DECLS + +#endif /* NE_ACL3744_H */ diff --git a/src/ne_oldacl.c b/src/ne_oldacl.c new file mode 100644 index 0000000..80a6838 --- /dev/null +++ b/src/ne_oldacl.c @@ -0,0 +1,132 @@ +/* + Access control + Copyright (C) 2001-2006, Joe Orton <joe@manyfish.co.uk> + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA + +*/ + +/* Contributed by Arun Garg <arung@pspl.co.in> */ + +#include "config.h" + +#include <sys/types.h> + +#ifdef HAVE_STRING_H +#include <string.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif + +#include "ne_request.h" +#include "ne_locks.h" +#include "ne_alloc.h" +#include "ne_string.h" +#include "ne_acl.h" +#include "ne_uri.h" +#include "ne_xml.h" /* for NE_XML_MEDIA_TYPE */ + +#define EOL "\r\n" + +static ne_buffer *acl_body(const ne_acl_entry *right, int count) +{ + ne_buffer *body = ne_buffer_create(); + int m; + + ne_buffer_zappend(body, + "<?xml version=\"1.0\" encoding=\"utf-8\"?>" EOL + "<acl xmlns='DAV:'>" EOL); + + for (m = 0; m < count; m++) { + const char *type; + + type = (right[m].type == ne_acl_grant ? "grant" : "deny"); + + ne_buffer_concat(body, "<ace>" EOL "<principal>", NULL); + + switch (right[m].apply) { + case ne_acl_all: + ne_buffer_zappend(body, "<all/>" EOL); + break; + case ne_acl_property: + ne_buffer_concat(body, "<property><", right[m].principal, + "/></property>" EOL, NULL); + break; + case ne_acl_href: + ne_buffer_concat(body, "<href>", right[m].principal, + "</href>" EOL, NULL); + break; + } + + ne_buffer_concat(body, "</principal>" EOL "<", type, ">" EOL, NULL); + + if (right[m].read == 0) + ne_buffer_concat(body, + "<privilege>" "<read/>" "</privilege>" EOL, + NULL); + if (right[m].read_acl == 0) + ne_buffer_concat(body, + "<privilege>" "<read-acl/>" "</privilege>" EOL, + NULL); + if (right[m].write == 0) + ne_buffer_concat(body, + "<privilege>" "<write/>" "</privilege>" EOL, + NULL); + if (right[m].write_acl == 0) + ne_buffer_concat(body, + "<privilege>" "<write-acl/>" "</privilege>" EOL, + NULL); + if (right[m].read_cuprivset == 0) + ne_buffer_concat(body, + "<privilege>" + "<read-current-user-privilege-set/>" + "</privilege>" EOL, NULL); + ne_buffer_concat(body, "</", type, ">" EOL, NULL); + ne_buffer_zappend(body, "</ace>" EOL); + } + ne_buffer_zappend(body, "</acl>" EOL); + + return body; +} + +int ne_acl_set(ne_session *sess, const char *uri, + const ne_acl_entry *entries, int numentries) +{ + int ret; + ne_request *req = ne_request_create(sess, "ACL", uri); + ne_buffer *body = acl_body(entries, numentries); + +#ifdef NE_HAVE_DAV + ne_lock_using_resource(req, uri, 0); +#endif + + ne_set_request_body_buffer(req, body->data, ne_buffer_size(body)); + ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); + ret = ne_request_dispatch(req); + + ne_buffer_destroy(body); + + if (ret == NE_OK && ne_get_status(req)->code == 207) { + ret = NE_ERROR; + } + + ne_request_destroy(req); + return ret; +} diff --git a/test/Makefile.in b/test/Makefile.in index f6be071..8617a3e 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -24,7 +24,7 @@ BASIC_TESTS = uri-tests util-tests string-tests socket \ ZLIB_TESTS = compress ZLIB_HELPERS = file1.gz file2.gz trailing.gz badcsum.gz truncated.gz \ corrupt1.gz corrupt2.gz empty.gz random.txt -DAV_TESTS = xml xmlreq acl props lock +DAV_TESTS = xml xmlreq oldacl acl3744 props lock SSL_TESTS = socket-ssl ssl SSL_HELPERS = ca-stamp TESTS = @TESTS@ @@ -171,7 +171,8 @@ server.lo: $(srcdir)/server.c $(OBJDEPS) request.lo: $(srcdir)/request.c $(OBJDEPS) regress.lo: $(srcdir)/regress.c $(OBJDEPS) compress.lo: $(srcdir)/compress.c $(OBJDEPS) -acl.lo: $(srcdir)/acl.c $(OBJDEPS) +oldacl.lo: $(srcdir)/oldacl.c $(OBJDEPS) +acl3744.lo: $(srcdir)/acl3744.c $(OBJDEPS) utils.lo: $(srcdir)/utils.c $(OBJDEPS) stubs.lo: $(srcdir)/stubs.c $(OBJDEPS) props.lo: $(srcdir)/props.c $(OBJDEPS) @@ -202,8 +203,10 @@ regress: regress.lo $(DEPS) $(LINK) -o $@ regress.lo $(DEPS) compress: compress.lo $(DEPS) $(LINK) -o $@ compress.lo $(DEPS) -acl: acl.lo $(DEPS) - $(LINK) -o $@ acl.lo $(DEPS) +oldacl: oldacl.lo $(DEPS) + $(LINK) -o $@ oldacl.lo $(DEPS) +acl3744: acl3744.lo $(DEPS) + $(LINK) -o $@ acl3744.lo $(DEPS) utils: utils.lo $(DEPS) $(LINK) -o $@ utils.lo $(DEPS) stubs: stubs.lo $(DEPS) diff --git a/test/acl.c b/test/acl3744.c index cad158b..5f0bf8b 100644 --- a/test/acl.c +++ b/test/acl3744.c @@ -18,7 +18,7 @@ */ -#include "ne_acl.h" +#include "ne_acl3744.h" #include "tests.h" #include "child.h" @@ -34,7 +34,7 @@ static int test_acl(const char *uri, ne_acl_entry *es, int nume) "HTTP/1.1 200 OK\r\n" "Connection: close\r\n\r\n")); - ON(ne_acl_set(sess, uri, es, nume)); + ON(ne_acl3744_set(sess, uri, es, nume)); CALL(await_server()); ne_session_destroy(sess); diff --git a/test/oldacl.c b/test/oldacl.c new file mode 100644 index 0000000..2e72caa --- /dev/null +++ b/test/oldacl.c @@ -0,0 +1,101 @@ +/* + Dummy ACL tests + Copyright (C) 2001-2003, Joe Orton <joe@manyfish.co.uk> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "ne_acl.h" + +#include "tests.h" +#include "child.h" +#include "utils.h" + +/**** DUMMY TESTS: just makes sure the stuff doesn't dump core. */ + +static int test_acl(const char *uri, ne_acl_entry *es, int nume) +{ + ne_session *sess; + + CALL(make_session(&sess, single_serve_string, + "HTTP/1.1 200 OK\r\n" + "Connection: close\r\n\r\n")); + + ON(ne_acl_set(sess, uri, es, nume)); + + CALL(await_server()); + ne_session_destroy(sess); + + return OK; +} + +static int grant_all(void) +{ + ne_acl_entry e = {0}; + + e.apply = ne_acl_all; + e.type = ne_acl_grant; + + CALL(test_acl("/foo", &e, 1)); + + return OK; +} + +static int deny_all(void) +{ + ne_acl_entry e = {0}; + + e.apply = ne_acl_all; + e.type = ne_acl_deny; + + CALL(test_acl("/foo", &e, 1)); + + return OK; +} + +static int deny_one(void) +{ + ne_acl_entry e = {0}; + + e.apply = ne_acl_href; + e.type = ne_acl_deny; + e.principal = "http://webdav.org/users/joe"; + + CALL(test_acl("/foo", &e, 1)); + + return OK; +} + +static int deny_byprop(void) +{ + ne_acl_entry e = {0}; + + e.apply = ne_acl_property; + e.type = ne_acl_deny; + e.principal = "owner"; + + CALL(test_acl("/foo", &e, 1)); + + return OK; +} + +ne_test tests[] = { + T(grant_all), + T(deny_all), + T(deny_one), + T(deny_byprop), + T(NULL) +}; |