r1575 + don't remove the tempfile
[racktables] / gateways / lib.sh
1 #!/bin/sh
2
3 authorized()
4 {
5 local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval
6 [ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1
7
8 # Now we strip PHP wrapping(s) and process auth rules only.
9 # Accept more than one ruleset on the floor.
10 while read line; do
11 if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then
12 skip=no
13 continue
14 fi
15 if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then
16 skip=yes
17 continue
18 fi
19 [ "$skip" = "yes" ] && continue
20 # Allow comments.
21 [ -z "${line###*}" ] && continue
22
23 # Parse the line and try to make a decision earliest possible.
24 # Username and endpoint must match values/regexps, action
25 # must exactly match. Action arguments are tested agains values
26 # or regexps, but only for 'change' action.
27 # If the current rule doesn't match, advance to the next one.
28 # We will fail authorization by default anyway.
29
30 # Test action.
31 cval=`echo "$line" | cut -s -d' ' -f3`
32 [ "$action" = "$cval" ] || continue
33
34 # Test username.
35 cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f1`
36 [ -z "${user##$cval}" ] || continue
37
38 # Test endpoint.
39 cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f2`
40 [ -z "${endp##$cval}" ] || continue
41
42 if [ "$action" = "change" ]; then
43 [ -z "$arg1" -o -z "$arg2" ] && return 1
44 cval=`echo "$line" | cut -s -d' ' -f4`
45 [ -z "${arg1##$cval}" ] || continue
46 cval=`echo "$line" | cut -s -d' ' -f5`
47 [ -z "${arg2##$cval}" ] || continue
48 fi
49
50 # All criterias match. Pick the permission and bail out.
51 cval=`echo "$line" | cut -s -d' ' -f1`
52 if [ "$cval" = "allow" ]; then
53 return 0
54 else
55 return 1
56 fi
57 done < "$MYDIR/userauth.php"
58 return 1
59 }