diff options
Diffstat (limited to 'src/libs6')
-rw-r--r-- | src/libs6/s6_accessrules_backend_cdb.c | 48 | ||||
-rw-r--r-- | src/libs6/s6_accessrules_backend_fs.c | 4 | ||||
-rw-r--r-- | src/libs6/s6_accessrules_keycheck_ip4.c | 2 | ||||
-rw-r--r-- | src/libs6/s6_accessrules_keycheck_ip6.c | 2 | ||||
-rw-r--r-- | src/libs6/s6_accessrules_keycheck_reversedns.c | 2 | ||||
-rw-r--r-- | src/libs6/s6_accessrules_keycheck_uidgid.c | 2 | ||||
-rw-r--r-- | src/libs6/s6_accessrules_uidgid_cdb.c | 2 |
7 files changed, 34 insertions, 28 deletions
diff --git a/src/libs6/s6_accessrules_backend_cdb.c b/src/libs6/s6_accessrules_backend_cdb.c index 4c454d1..49eca68 100644 --- a/src/libs6/s6_accessrules_backend_cdb.c +++ b/src/libs6/s6_accessrules_backend_cdb.c @@ -3,38 +3,44 @@ #include <string.h> #include <stdint.h> #include <errno.h> + #include <skalibs/uint16.h> #include <skalibs/cdb.h> #include <skalibs/stralloc.h> #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_backend_cdb (char const *key, size_t keylen, void *data, s6_accessrules_params_t *params) +s6_accessrules_result_t s6_accessrules_backend_cdb (char const *key, size_t keylen, void const *arg, s6_accessrules_params_t *params) { - struct cdb *c = data ; - size_t execbase ; - unsigned int n ; + cdb_data data ; + int wasnull = !params->env.s ; uint16_t envlen, execlen ; - int r = cdb_find(c, key, keylen) ; + cdb const *c = arg ; + cdb_reader reader = CDB_READER_ZERO ; + int r = cdb_find(c, &reader, &data, key, keylen) ; if (r < 0) return S6_ACCESSRULES_ERROR ; else if (!r) return S6_ACCESSRULES_NOTFOUND ; - n = cdb_datalen(c) ; - if (!n || n > 8197) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; - if (!stralloc_readyplus(¶ms->exec, n)) return S6_ACCESSRULES_ERROR ; - execbase = params->exec.len ; - if (cdb_read(c, params->exec.s + execbase, n, cdb_datapos(c)) < 0) return S6_ACCESSRULES_ERROR ; - if (params->exec.s[execbase] == 'D') return S6_ACCESSRULES_DENY ; - else if (params->exec.s[execbase] != 'A') return S6_ACCESSRULES_NOTFOUND ; - else if (n < 5) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; - uint16_unpack_big(params->exec.s + execbase + 1, &envlen) ; - if ((envlen > 4096) || (envlen + 5 > n)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; - uint16_unpack_big(params->exec.s + execbase + 3 + envlen, &execlen) ; - if ((execlen > 4096) || (5 + envlen + execlen != n)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; - if (!stralloc_catb(¶ms->env, params->exec.s + execbase + 3, envlen)) return S6_ACCESSRULES_ERROR ; - memcpy(params->exec.s + execbase, params->exec.s + execbase + 5 + envlen, execlen) ; + if (!data.len || data.len > 8197) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + if (data.s[0] == 'D') return S6_ACCESSRULES_DENY ; + if (data.s[0] != 'A') return S6_ACCESSRULES_NOTFOUND ; + if (data.len < 5) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + uint16_unpack_big(data.s + 1, &envlen) ; + if ((envlen > 4096) || (data.len - 5 < envlen)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + uint16_unpack_big(data.s + 3 + envlen, &execlen) ; + if ((execlen > 4096) || (5 + envlen + execlen != data.len)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + if (envlen && !stralloc_catb(¶ms->env, data.s + 3, envlen)) return S6_ACCESSRULES_ERROR ; if (execlen) { - params->exec.len += execlen ; - params->exec.s[params->exec.len++] = 0 ; + if (!stralloc_readyplus(¶ms->exec, execlen + 1)) + { + if (envlen) + { + if (wasnull) stralloc_free(¶ms->env) ; + else params->env.len -= envlen ; + } + return S6_ACCESSRULES_ERROR ; + } + stralloc_catb(¶ms->exec, data.s + 5 + envlen, execlen) ; + stralloc_0(¶ms->exec) ; } return S6_ACCESSRULES_ALLOW ; } diff --git a/src/libs6/s6_accessrules_backend_fs.c b/src/libs6/s6_accessrules_backend_fs.c index aa1cfc6..1995757 100644 --- a/src/libs6/s6_accessrules_backend_fs.c +++ b/src/libs6/s6_accessrules_backend_fs.c @@ -8,9 +8,9 @@ #include <skalibs/djbunix.h> #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_backend_fs (char const *key, size_t keylen, void *data, s6_accessrules_params_t *params) +s6_accessrules_result_t s6_accessrules_backend_fs (char const *key, size_t keylen, void const *data, s6_accessrules_params_t *params) { - char *dir = data ; + char const *dir = data ; size_t dirlen = strlen(dir) ; size_t envbase = params->env.len ; int wasnull = !params->env.s ; diff --git a/src/libs6/s6_accessrules_keycheck_ip4.c b/src/libs6/s6_accessrules_keycheck_ip4.c index de402be..142be0e 100644 --- a/src/libs6/s6_accessrules_keycheck_ip4.c +++ b/src/libs6/s6_accessrules_keycheck_ip4.c @@ -5,7 +5,7 @@ #include <skalibs/fmtscan.h> #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_keycheck_ip4 (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +s6_accessrules_result_t s6_accessrules_keycheck_ip4 (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) { char fmt[IP4_FMT + UINT_FMT + 6] = "ip4/" ; uint32_t ip ; diff --git a/src/libs6/s6_accessrules_keycheck_ip6.c b/src/libs6/s6_accessrules_keycheck_ip6.c index 93418d3..5922db6 100644 --- a/src/libs6/s6_accessrules_keycheck_ip6.c +++ b/src/libs6/s6_accessrules_keycheck_ip6.c @@ -6,7 +6,7 @@ #include <skalibs/fmtscan.h> #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_keycheck_ip6 (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +s6_accessrules_result_t s6_accessrules_keycheck_ip6 (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) { char fmt[IP6_FMT + UINT_FMT + 6] = "ip6/" ; char ip6[16] ; diff --git a/src/libs6/s6_accessrules_keycheck_reversedns.c b/src/libs6/s6_accessrules_keycheck_reversedns.c index 34da90f..d0dac27 100644 --- a/src/libs6/s6_accessrules_keycheck_reversedns.c +++ b/src/libs6/s6_accessrules_keycheck_reversedns.c @@ -5,7 +5,7 @@ #include <skalibs/bytestr.h> #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_keycheck_reversedns (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +s6_accessrules_result_t s6_accessrules_keycheck_reversedns (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) { char const *name = key ; size_t len = strlen(name) ; diff --git a/src/libs6/s6_accessrules_keycheck_uidgid.c b/src/libs6/s6_accessrules_keycheck_uidgid.c index 573382c..4d8c079 100644 --- a/src/libs6/s6_accessrules_keycheck_uidgid.c +++ b/src/libs6/s6_accessrules_keycheck_uidgid.c @@ -6,7 +6,7 @@ #include <skalibs/types.h> #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_keycheck_uidgid (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +s6_accessrules_result_t s6_accessrules_keycheck_uidgid (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) { uidgid_t const *uidgid = key ; char fmt[4 + UINT64_FMT] = "uid/" ; diff --git a/src/libs6/s6_accessrules_uidgid_cdb.c b/src/libs6/s6_accessrules_uidgid_cdb.c index 707086e..d06b51b 100644 --- a/src/libs6/s6_accessrules_uidgid_cdb.c +++ b/src/libs6/s6_accessrules_uidgid_cdb.c @@ -2,7 +2,7 @@ #include <s6/accessrules.h> -s6_accessrules_result_t s6_accessrules_uidgid_cdb (uid_t uid, gid_t gid, struct cdb *c, s6_accessrules_params_t *params) +s6_accessrules_result_t s6_accessrules_uidgid_cdb (uid_t uid, gid_t gid, cdb const *c, s6_accessrules_params_t *params) { uidgid_t uidgid = { .left = uid, .right = gid } ; return s6_accessrules_keycheck_uidgid(&uidgid, c, params, &s6_accessrules_backend_cdb) ; |