summaryrefslogtreecommitdiff
path: root/src/libs6
diff options
context:
space:
mode:
Diffstat (limited to 'src/libs6')
-rw-r--r--src/libs6/s6_accessrules_backend_cdb.c48
-rw-r--r--src/libs6/s6_accessrules_backend_fs.c4
-rw-r--r--src/libs6/s6_accessrules_keycheck_ip4.c2
-rw-r--r--src/libs6/s6_accessrules_keycheck_ip6.c2
-rw-r--r--src/libs6/s6_accessrules_keycheck_reversedns.c2
-rw-r--r--src/libs6/s6_accessrules_keycheck_uidgid.c2
-rw-r--r--src/libs6/s6_accessrules_uidgid_cdb.c2
7 files changed, 34 insertions, 28 deletions
diff --git a/src/libs6/s6_accessrules_backend_cdb.c b/src/libs6/s6_accessrules_backend_cdb.c
index 4c454d1..49eca68 100644
--- a/src/libs6/s6_accessrules_backend_cdb.c
+++ b/src/libs6/s6_accessrules_backend_cdb.c
@@ -3,38 +3,44 @@
#include <string.h>
#include <stdint.h>
#include <errno.h>
+
#include <skalibs/uint16.h>
#include <skalibs/cdb.h>
#include <skalibs/stralloc.h>
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_backend_cdb (char const *key, size_t keylen, void *data, s6_accessrules_params_t *params)
+s6_accessrules_result_t s6_accessrules_backend_cdb (char const *key, size_t keylen, void const *arg, s6_accessrules_params_t *params)
{
- struct cdb *c = data ;
- size_t execbase ;
- unsigned int n ;
+ cdb_data data ;
+ int wasnull = !params->env.s ;
uint16_t envlen, execlen ;
- int r = cdb_find(c, key, keylen) ;
+ cdb const *c = arg ;
+ cdb_reader reader = CDB_READER_ZERO ;
+ int r = cdb_find(c, &reader, &data, key, keylen) ;
if (r < 0) return S6_ACCESSRULES_ERROR ;
else if (!r) return S6_ACCESSRULES_NOTFOUND ;
- n = cdb_datalen(c) ;
- if (!n || n > 8197) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
- if (!stralloc_readyplus(&params->exec, n)) return S6_ACCESSRULES_ERROR ;
- execbase = params->exec.len ;
- if (cdb_read(c, params->exec.s + execbase, n, cdb_datapos(c)) < 0) return S6_ACCESSRULES_ERROR ;
- if (params->exec.s[execbase] == 'D') return S6_ACCESSRULES_DENY ;
- else if (params->exec.s[execbase] != 'A') return S6_ACCESSRULES_NOTFOUND ;
- else if (n < 5) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
- uint16_unpack_big(params->exec.s + execbase + 1, &envlen) ;
- if ((envlen > 4096) || (envlen + 5 > n)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
- uint16_unpack_big(params->exec.s + execbase + 3 + envlen, &execlen) ;
- if ((execlen > 4096) || (5 + envlen + execlen != n)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
- if (!stralloc_catb(&params->env, params->exec.s + execbase + 3, envlen)) return S6_ACCESSRULES_ERROR ;
- memcpy(params->exec.s + execbase, params->exec.s + execbase + 5 + envlen, execlen) ;
+ if (!data.len || data.len > 8197) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
+ if (data.s[0] == 'D') return S6_ACCESSRULES_DENY ;
+ if (data.s[0] != 'A') return S6_ACCESSRULES_NOTFOUND ;
+ if (data.len < 5) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
+ uint16_unpack_big(data.s + 1, &envlen) ;
+ if ((envlen > 4096) || (data.len - 5 < envlen)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
+ uint16_unpack_big(data.s + 3 + envlen, &execlen) ;
+ if ((execlen > 4096) || (5 + envlen + execlen != data.len)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ;
+ if (envlen && !stralloc_catb(&params->env, data.s + 3, envlen)) return S6_ACCESSRULES_ERROR ;
if (execlen)
{
- params->exec.len += execlen ;
- params->exec.s[params->exec.len++] = 0 ;
+ if (!stralloc_readyplus(&params->exec, execlen + 1))
+ {
+ if (envlen)
+ {
+ if (wasnull) stralloc_free(&params->env) ;
+ else params->env.len -= envlen ;
+ }
+ return S6_ACCESSRULES_ERROR ;
+ }
+ stralloc_catb(&params->exec, data.s + 5 + envlen, execlen) ;
+ stralloc_0(&params->exec) ;
}
return S6_ACCESSRULES_ALLOW ;
}
diff --git a/src/libs6/s6_accessrules_backend_fs.c b/src/libs6/s6_accessrules_backend_fs.c
index aa1cfc6..1995757 100644
--- a/src/libs6/s6_accessrules_backend_fs.c
+++ b/src/libs6/s6_accessrules_backend_fs.c
@@ -8,9 +8,9 @@
#include <skalibs/djbunix.h>
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_backend_fs (char const *key, size_t keylen, void *data, s6_accessrules_params_t *params)
+s6_accessrules_result_t s6_accessrules_backend_fs (char const *key, size_t keylen, void const *data, s6_accessrules_params_t *params)
{
- char *dir = data ;
+ char const *dir = data ;
size_t dirlen = strlen(dir) ;
size_t envbase = params->env.len ;
int wasnull = !params->env.s ;
diff --git a/src/libs6/s6_accessrules_keycheck_ip4.c b/src/libs6/s6_accessrules_keycheck_ip4.c
index de402be..142be0e 100644
--- a/src/libs6/s6_accessrules_keycheck_ip4.c
+++ b/src/libs6/s6_accessrules_keycheck_ip4.c
@@ -5,7 +5,7 @@
#include <skalibs/fmtscan.h>
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_keycheck_ip4 (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
+s6_accessrules_result_t s6_accessrules_keycheck_ip4 (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
{
char fmt[IP4_FMT + UINT_FMT + 6] = "ip4/" ;
uint32_t ip ;
diff --git a/src/libs6/s6_accessrules_keycheck_ip6.c b/src/libs6/s6_accessrules_keycheck_ip6.c
index 93418d3..5922db6 100644
--- a/src/libs6/s6_accessrules_keycheck_ip6.c
+++ b/src/libs6/s6_accessrules_keycheck_ip6.c
@@ -6,7 +6,7 @@
#include <skalibs/fmtscan.h>
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_keycheck_ip6 (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
+s6_accessrules_result_t s6_accessrules_keycheck_ip6 (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
{
char fmt[IP6_FMT + UINT_FMT + 6] = "ip6/" ;
char ip6[16] ;
diff --git a/src/libs6/s6_accessrules_keycheck_reversedns.c b/src/libs6/s6_accessrules_keycheck_reversedns.c
index 34da90f..d0dac27 100644
--- a/src/libs6/s6_accessrules_keycheck_reversedns.c
+++ b/src/libs6/s6_accessrules_keycheck_reversedns.c
@@ -5,7 +5,7 @@
#include <skalibs/bytestr.h>
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_keycheck_reversedns (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
+s6_accessrules_result_t s6_accessrules_keycheck_reversedns (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
{
char const *name = key ;
size_t len = strlen(name) ;
diff --git a/src/libs6/s6_accessrules_keycheck_uidgid.c b/src/libs6/s6_accessrules_keycheck_uidgid.c
index 573382c..4d8c079 100644
--- a/src/libs6/s6_accessrules_keycheck_uidgid.c
+++ b/src/libs6/s6_accessrules_keycheck_uidgid.c
@@ -6,7 +6,7 @@
#include <skalibs/types.h>
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_keycheck_uidgid (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
+s6_accessrules_result_t s6_accessrules_keycheck_uidgid (void const *key, void const *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
{
uidgid_t const *uidgid = key ;
char fmt[4 + UINT64_FMT] = "uid/" ;
diff --git a/src/libs6/s6_accessrules_uidgid_cdb.c b/src/libs6/s6_accessrules_uidgid_cdb.c
index 707086e..d06b51b 100644
--- a/src/libs6/s6_accessrules_uidgid_cdb.c
+++ b/src/libs6/s6_accessrules_uidgid_cdb.c
@@ -2,7 +2,7 @@
#include <s6/accessrules.h>
-s6_accessrules_result_t s6_accessrules_uidgid_cdb (uid_t uid, gid_t gid, struct cdb *c, s6_accessrules_params_t *params)
+s6_accessrules_result_t s6_accessrules_uidgid_cdb (uid_t uid, gid_t gid, cdb const *c, s6_accessrules_params_t *params)
{
uidgid_t uidgid = { .left = uid, .right = gid } ;
return s6_accessrules_keycheck_uidgid(&uidgid, c, params, &s6_accessrules_backend_cdb) ;