r1991 + user accounts are now searchable by username
[racktables] / gateways / lib.sh
CommitLineData
6171ab79
DO
1#!/bin/sh
2
6d1d621f
DO
3if [ ! -s "$MYDIR/userauth.php" ]; then
4 echo "ERR!Authorization file $MYDIR/userauth.php is either missing or empty"
5 return
6fi
7
6171ab79
DO
8authorized()
9{
10 local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval
11 [ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1
12
13 # Now we strip PHP wrapping(s) and process auth rules only.
14 # Accept more than one ruleset on the floor.
15 while read line; do
16 if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then
17 skip=no
18 continue
19 fi
20 if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then
21 skip=yes
22 continue
23 fi
24 [ "$skip" = "yes" ] && continue
25 # Allow comments.
26 [ -z "${line###*}" ] && continue
27
28 # Parse the line and try to make a decision earliest possible.
29 # Username and endpoint must match values/regexps, action
30 # must exactly match. Action arguments are tested agains values
31 # or regexps, but only for 'change' action.
32 # If the current rule doesn't match, advance to the next one.
33 # We will fail authorization by default anyway.
34
35 # Test action.
36 cval=`echo "$line" | cut -s -d' ' -f3`
37 [ "$action" = "$cval" ] || continue
38
39 # Test username.
40 cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f1`
41 [ -z "${user##$cval}" ] || continue
42
43 # Test endpoint.
44 cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f2`
45 [ -z "${endp##$cval}" ] || continue
46
47 if [ "$action" = "change" ]; then
48 [ -z "$arg1" -o -z "$arg2" ] && return 1
49 cval=`echo "$line" | cut -s -d' ' -f4`
50 [ -z "${arg1##$cval}" ] || continue
51 cval=`echo "$line" | cut -s -d' ' -f5`
52 [ -z "${arg2##$cval}" ] || continue
53 fi
54
55 # All criterias match. Pick the permission and bail out.
56 cval=`echo "$line" | cut -s -d' ' -f1`
57 if [ "$cval" = "allow" ]; then
58 return 0
59 else
60 return 1
61 fi
62 done < "$MYDIR/userauth.php"
63 return 1
64}