Commit | Line | Data |
---|---|---|
6171ab79 DO |
1 | #!/bin/sh |
2 | ||
6d1d621f DO |
3 | if [ ! -s "$MYDIR/userauth.php" ]; then |
4 | echo "ERR!Authorization file $MYDIR/userauth.php is either missing or empty" | |
5 | return | |
6 | fi | |
7 | ||
6171ab79 DO |
8 | authorized() |
9 | { | |
10 | local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval | |
11 | [ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1 | |
12 | ||
13 | # Now we strip PHP wrapping(s) and process auth rules only. | |
14 | # Accept more than one ruleset on the floor. | |
15 | while read line; do | |
16 | if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then | |
17 | skip=no | |
18 | continue | |
19 | fi | |
20 | if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then | |
21 | skip=yes | |
22 | continue | |
23 | fi | |
24 | [ "$skip" = "yes" ] && continue | |
25 | # Allow comments. | |
26 | [ -z "${line###*}" ] && continue | |
27 | ||
28 | # Parse the line and try to make a decision earliest possible. | |
29 | # Username and endpoint must match values/regexps, action | |
30 | # must exactly match. Action arguments are tested agains values | |
31 | # or regexps, but only for 'change' action. | |
32 | # If the current rule doesn't match, advance to the next one. | |
33 | # We will fail authorization by default anyway. | |
34 | ||
35 | # Test action. | |
36 | cval=`echo "$line" | cut -s -d' ' -f3` | |
37 | [ "$action" = "$cval" ] || continue | |
38 | ||
39 | # Test username. | |
40 | cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f1` | |
41 | [ -z "${user##$cval}" ] || continue | |
42 | ||
43 | # Test endpoint. | |
44 | cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f2` | |
45 | [ -z "${endp##$cval}" ] || continue | |
46 | ||
47 | if [ "$action" = "change" ]; then | |
48 | [ -z "$arg1" -o -z "$arg2" ] && return 1 | |
49 | cval=`echo "$line" | cut -s -d' ' -f4` | |
50 | [ -z "${arg1##$cval}" ] || continue | |
51 | cval=`echo "$line" | cut -s -d' ' -f5` | |
52 | [ -z "${arg2##$cval}" ] || continue | |
53 | fi | |
54 | ||
55 | # All criterias match. Pick the permission and bail out. | |
56 | cval=`echo "$line" | cut -s -d' ' -f1` | |
57 | if [ "$cval" = "allow" ]; then | |
58 | return 0 | |
59 | else | |
60 | return 1 | |
61 | fi | |
62 | done < "$MYDIR/userauth.php" | |
63 | return 1 | |
64 | } |