[racktables] / gateways / lib.sh

#!/bin/sh

if [ ! -s "$MYDIR/userauth.php" ]; then
	echo "ERR!Authorization file $MYDIR/userauth.php is either missing or empty"
	return
fi

authorized()
{
	local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval
	[ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1

	# Now we strip PHP wrapping(s) and process auth rules only.
	# Accept more than one ruleset on the floor.
	while read line; do
		if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then
			skip=no
			continue
		fi
		if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then
			skip=yes
			continue
		fi
		[ "$skip" = "yes" ] && continue
		# Allow comments.
		[ -z "${line###*}" ] && continue

		# Parse the line and try to make a decision earliest possible.
		# Username and endpoint must match values/regexps, action
		# must exactly match. Action arguments are tested agains values
		# or regexps, but only for 'change' action.
		# If the current rule doesn't match, advance to the next one.
		# We will fail authorization by default anyway.

		# Test action.
		cval=`echo "$line" | cut -s -d' ' -f3`
		[ "$action" = "$cval" ] || continue

		# Test username.
		cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f1`
		[ -z "${user##$cval}" ] || continue

		# Test endpoint.
		cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f2`
		[ -z "${endp##$cval}" ] || continue

		if [ "$action" = "change" ]; then
			[ -z "$arg1" -o -z "$arg2" ] && return 1
			cval=`echo "$line" | cut -s -d' ' -f4`
			[ -z "${arg1##$cval}" ] || continue
			cval=`echo "$line" | cut -s -d' ' -f5`
			[ -z "${arg2##$cval}" ] || continue
		fi

		# All criterias match. Pick the permission and bail out.
		cval=`echo "$line" | cut -s -d' ' -f1`
		if [ "$cval" = "allow" ]; then
			return 0
		else
			return 1
		fi
	done < "$MYDIR/userauth.php"
	return 1
}
Commit	Line	Data
6171ab79 DO	1	#!/bin/sh
6171ab79 DO	2
6d1d621f DO	3	if [ ! -s "$MYDIR/userauth.php" ]; then
	4	echo "ERR!Authorization file $MYDIR/userauth.php is either missing or empty"
	5	return
	6	fi
	7
6171ab79 DO	8	authorized()
	9	{
	10	local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval
	11	[ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1
	12
	13	# Now we strip PHP wrapping(s) and process auth rules only.
	14	# Accept more than one ruleset on the floor.
	15	while read line; do
	16	if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then
	17	skip=no
	18	continue
	19	fi
	20	if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then
	21	skip=yes
	22	continue
	23	fi
	24	[ "$skip" = "yes" ] && continue
	25	# Allow comments.
	26	[ -z "${line###*}" ] && continue
	27
	28	# Parse the line and try to make a decision earliest possible.
	29	# Username and endpoint must match values/regexps, action
	30	# must exactly match. Action arguments are tested agains values
	31	# or regexps, but only for 'change' action.
	32	# If the current rule doesn't match, advance to the next one.
	33	# We will fail authorization by default anyway.
	34
	35	# Test action.
	36	cval=`echo "$line" \| cut -s -d' ' -f3`
	37	[ "$action" = "$cval" ] \|\| continue
	38
	39	# Test username.
	40	cval=`echo "$line" \| cut -s -d' ' -f2 \| cut -s -d'@' -f1`
	41	[ -z "${user##$cval}" ] \|\| continue
	42
	43	# Test endpoint.
	44	cval=`echo "$line" \| cut -s -d' ' -f2 \| cut -s -d'@' -f2`
	45	[ -z "${endp##$cval}" ] \|\| continue
	46
	47	if [ "$action" = "change" ]; then
	48	[ -z "$arg1" -o -z "$arg2" ] && return 1
	49	cval=`echo "$line" \| cut -s -d' ' -f4`
	50	[ -z "${arg1##$cval}" ] \|\| continue
	51	cval=`echo "$line" \| cut -s -d' ' -f5`
	52	[ -z "${arg2##$cval}" ] \|\| continue
	53	fi
	54
	55	# All criterias match. Pick the permission and bail out.
	56	cval=`echo "$line" \| cut -s -d' ' -f1`
	57	if [ "$cval" = "allow" ]; then
	58	return 0
	59	else
	60	return 1
	61	fi
	62	done < "$MYDIR/userauth.php"
	63	return 1
	64	}