![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to perm.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Research Unix] / researchv10no / netfs / libnetb|
Return to perm.c CVS log | Up to [Research Unix] / researchv10no / netfs / libnetb |
1.1 root 1: /*
2: * permission-mapping primitives
3: *
4: * for each of user- and group-ids,
5: * there is a map of (client, server) id pairs
6: * ids not in the map are mapped to RFNOID
7: * if rfotherdeny != -0, RFNOID is denied all access
8: * RFNOID may not create files in any case (who would own them?)
9: * (answer: defaultuser and defaultgroup.)
10: */
11:
12: #include "rf.h"
13: #include "perm.h"
14:
15: #define NULL 0
16:
17: #define SUSER 0 /* super-user ID */
18:
19: int rfotherdeny;
20: int rfuid = RFNOID; /* mapped uid of the client */
21: int rfgid = RFNOID; /* mapped gid of the client */
22: int cuid; /* client's uid (unmapped) */
23: int cgid;
24:
25:
26: Tuid *_rfuids, *_rfgids;
27: int _rfuhp, _rfghp; /* hash primes */
28: int *_rfsu, *_rfsg, *_rfcu, *_rfcg; /* hash tables */
29:
30: extern char *malloc();
31: extern int defaultuid;
32: extern int defaultgid;
33:
34: /*
35: * high-level routines to check particular sorts of access
36: * return nonzero if access OK
37: */
38:
39: /*
40: * read access to a regular file
41: * -- execute implies read;
42: * a file server can't tell the difference,
43: * and the data ends up inside the client anyway
44: */
45: _rfpread(f, u, g)
46: register Rfile *f;
47: int u, g;
48: {
49: register int bits;
50:
51: bits = RFPRD|RFPEX;
52: if (u == RFNOID && defaultuid != RFNOID)
53: u = defaultuid;
54: if (g == RFNOID && defaultgid != RFNOID)
55: g = defaultgid;
56: if (u == RFNOID && rfotherdeny)
57: return (0);
58: if (f->uid == u && u != RFNOID)
59: bits <<= RFPOWNER;
60: else if (f->gid == g && g != RFNOID)
61: bits <<= RFPGROUP;
62: else
63: bits <<= RFPOTHER;
64: return (f->mode & bits);
65: }
66:
67: /*
68: * read entries from a directory
69: * -- only read access is relevant
70: */
71: _rfpdread(f, u, g)
72: register Rfile *f;
73: int u, g;
74: {
75: register int bits;
76:
77: if (u == SUSER)
78: return (1);
79: if (u == RFNOID && defaultuid != RFNOID)
80: u = defaultuid;
81: if (g == RFNOID && defaultgid != RFNOID)
82: g = defaultgid;
83: bits = RFPRD;
84: if (u == RFNOID && rfotherdeny)
85: return (0);
86: if (f->uid == u && u != RFNOID)
87: bits <<= RFPOWNER;
88: else if (f->gid == g && g != RFNOID)
89: bits <<= RFPGROUP;
90: else
91: bits <<= RFPOTHER;
92: return (f->mode & bits);
93: }
94:
95: /*
96: * write a regular file
97: */
98: _rfpwrite(f, u, g)
99: register Rfile *f;
100: int u, g;
101: {
102: register int bits;
103:
104: if (u == SUSER)
105: return (1);
106: if (u == RFNOID && defaultuid != RFNOID)
107: u = defaultuid;
108: if (g == RFNOID && defaultgid != RFNOID)
109: g = defaultgid;
110: bits = RFPWR;
111: if (u == RFNOID && rfotherdeny)
112: return (0);
113: if (f->uid == u && u != RFNOID)
114: bits <<= RFPOWNER;
115: else if (f->gid == g && g != RFNOID)
116: bits <<= RFPGROUP;
117: else
118: bits <<= RFPOTHER;
119: return (f->mode & bits);
120: }
121:
122: /*
123: * write a directory (change entries therein)
124: */
125: _rfpdwrite(f, u, g)
126: register Rfile *f;
127: int u, g;
128: {
129: register int bits;
130:
131: if (u == SUSER)
132: return (1);
133: if (u == RFNOID && defaultuid != RFNOID)
134: u = defaultuid;
135: if (g == RFNOID && defaultgid != RFNOID)
136: g = defaultgid;
137: bits = RFPWR;
138: if (u == RFNOID && rfotherdeny)
139: return (0);
140: if (f->uid == u && u != RFNOID)
141: bits <<= RFPOWNER;
142: else if (f->gid == g && g != RFNOID)
143: bits <<= RFPGROUP;
144: else
145: bits <<= RFPOTHER;
146: return (f->mode & bits);
147: }
148:
149: /*
150: * search a directory for a single entry
151: */
152: _rfpdsearch(f, u, g)
153: register Rfile *f;
154: int u, g;
155: {
156: register int bits;
157:
158: if (u == SUSER)
159: return (1);
160: if (u == RFNOID && defaultuid != RFNOID)
161: u = defaultuid;
162: if (g == RFNOID && defaultgid != RFNOID)
163: g = defaultgid;
164: bits = RFPDS;
165: if (u == RFNOID && rfotherdeny)
166: return (0);
167: if (f->uid == u && u != RFNOID)
168: bits <<= RFPOWNER;
169: else if (f->gid == g && g != RFNOID)
170: bits <<= RFPGROUP;
171: else
172: bits <<= RFPOTHER;
173: return (f->mode & bits);
174: }
175:
176: /*
177: * is this the file's owner?
178: * only the owner may change attribute like the mode
179: */
180: _rfpowner(f, u, g)
181: register Rfile *f;
182: int u, g;
183: {
184: if (u == SUSER)
185: return (1);
186: if (u == RFNOID && defaultuid != RFNOID)
187: u = defaultuid;
188: if (g == RFNOID && defaultgid != RFNOID)
189: g = defaultgid;
190: if (u == RFNOID)
191: return (0);
192: return (f->uid == u);
193: }
194:
195: /*
196: * is this a privileged user?
197: */
198: int
199: _rfpsuper(f, u, g)
200: Rfile *f;
201: int u, g;
202: {
203: return (u == SUSER);
204: }
205:
206: /*
207: * given one kind of id (password or group, client or server)
208: * return another
209: */
210:
211: int
212: _rfcuid(id)
213: int id;
214: {
215: register int i;
216:
217: if (id < 0) /* safety */
218: return (RFNOID);
219: for (i = id % _rfuhp; _rfsu[i] != RFNOID; i++)
220: if (_rfuids[_rfsu[i]].sid == id)
221: return (_rfuids[_rfsu[i]].cid);
222: return (RFNOID);
223: }
224:
225: int
226: _rfcgid(id)
227: int id;
228: {
229: register int i;
230:
231: if (id < 0) /* safety */
232: return (RFNOID);
233: for (i = id % _rfghp; _rfsg[i] != RFNOID; i++)
234: if (_rfgids[_rfsg[i]].sid == id)
235: return (_rfgids[_rfsg[i]].cid);
236: return (RFNOID);
237: }
238:
239: int
240: _rfsuid(id)
241: int id;
242: {
243: register int i;
244:
245: if (id < 0) /* safety */
246: return (RFNOID);
247: for (i = id % _rfuhp; _rfcu[i] != RFNOID; i++)
248: if (_rfuids[_rfcu[i]].cid == id)
249: return (_rfuids[_rfcu[i]].sid);
250: return (RFNOID);
251: }
252:
253: int
254: _rfsgid(id)
255: int id;
256: {
257: register int i;
258:
259: if (id < 0) /* safety */
260: return (RFNOID);
261: for (i = id % _rfghp; _rfcg[i] != RFNOID; i++)
262: if (_rfgids[_rfcg[i]].cid == id)
263: return (_rfgids[_rfcg[i]].sid);
264: return (RFNOID);
265: }
266:
267: /*
268: * make hash tables
269: */
270:
271: #define SLOP 4
272:
273: static short primes[] = {23, 47, 97, 199, 397, 797, 1597, 3191, 6397, 12799, 31991, 0};
274:
275: _rfmkhash(tab, size, php, pchash, phhash)
276: Tuid *tab;
277: int size;
278: int *php;
279: int **pchash, **phhash;
280: {
281: register int i, j, hp;
282: register int *ch, *cc;
283: int max;
284:
285: for (i = 0; primes[i] && primes[i] < size * 2; i++)
286: ;
287: hp = primes[i];
288: *php = hp;
289: max = hp + SLOP;
290: if ((ch = (int *)malloc(max*sizeof(int))) == NULL
291: || (cc = (int *)malloc(max*sizeof(int))) == NULL)
292: rfpanic("no memory for hash tables (%d ints)\n", hp);
293: *phhash = ch;
294: *pchash = cc;
295: for (i = 0; i < max; i++)
296: ch[i] = cc[i] = RFNOID;
297: for (i = 0; tab[i].sid != RFNOID; i++) {
298: j = tab[i].sid % hp;
299: while (ch[j] != RFNOID && j < max)
300: j++;
301: if (j >= max)
302: rfpanic("hash overflow\n");
303: ch[j] = i;
304: j = tab[i].cid % hp;
305: while (cc[j] != RFNOID && j < max)
306: j++;
307: if (j >= max)
308: rfpanic("hash overflow\n");
309: cc[j] = i;
310: }
311: }
312:
313: /*
314: * look up a name in an Idmap list
315: * used only in building id tables
316: */
317: int
318: _rflookid(p, s)
319: register Idmap *p;
320: register char *s;
321: {
322:
323: for (; p->name[0]; p++) {
324: if (p->name[0] != s[0]) /* shortcut */
325: continue;
326: if (strncmp(p->name, s, sizeof(p->name)-1) == 0)
327: return (p->id);
328: }
329: return (RFNOID);
330: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.