diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2010-10-22 17:41:31 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-10-22 17:41:31 +0200 |
commit | 83a6d2aee10e81862dbd1d6526ccbab93ef9afbe (patch) | |
tree | 912cc117be397007670367b3a88a973129149cba /eurephiadm/commands/adminaccess.c | |
parent | 7a80a43a1fdc15a462d27bc0494c15385c592082 (diff) | |
download | eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.tar.gz eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.tar.xz eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.zip |
eurephiadm/adminaccess: Check granted accesses before modifying them
It was reported that it was possible to grant the same access level
several times using the eurephiadm adminaccess command. This is now
fixed by quering the access levels for the user before executing the
grant or revoke operation.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Report-URL: https://sourceforge.net/tracker/index.php?func=detail&aid=3092583&group_id=236344&atid=1099760
Diffstat (limited to 'eurephiadm/commands/adminaccess.c')
-rw-r--r-- | eurephiadm/commands/adminaccess.c | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/eurephiadm/commands/adminaccess.c b/eurephiadm/commands/adminaccess.c index 1140d63..9cd210b 100644 --- a/eurephiadm/commands/adminaccess.c +++ b/eurephiadm/commands/adminaccess.c @@ -243,6 +243,7 @@ int list_adminaccess(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) { xmlDoc *upd_xml = NULL, *res_xml = NULL; xmlNode *root_n = NULL, *fmap_n = NULL; + xmlAttr *mode_a = NULL; char actmode = '-', *actmode_str = NULL; int i = 0, rc = 0; int f_uid = 0, f_acl = 0, f_intf = 0; @@ -264,11 +265,9 @@ int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, i if( (strcmp(argv[0], "--grant") == 0) || (strcmp(argv[0], "-G") == 0) ) { actmode = 'G'; actmode_str = "granted"; - xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "grant"); } else if( (strcmp(argv[0], "--revoke") == 0) || (strcmp(argv[0], "-R") == 0) ) { actmode = 'R'; actmode_str = "revoked"; - xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "revoke"); } for( i = 1; i < argc; i++ ) { @@ -325,6 +324,45 @@ int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, i xmlNewChild(fmap_n, NULL, (xmlChar *) "interface", (xmlChar *) "C"); } + // Check if this access level has already been granted + mode_a = xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "list"); + res_xml = eDBadminAccessLevel(ctx, upd_xml); + if( res_xml == NULL ) { + fprintf(stderr, "%s: Failed to check the access level\n", MODULE); + rc = 1; + } else { + xmlNode *ptr_n = eurephiaXML_getRoot(ctx, res_xml, "admin_access_list", 1); + if( (ptr_n == NULL) || (xmlStrcmp(ptr_n->name, (xmlChar *) "admin_access_list") != 0) ) { + if( !eurephiaXML_IsResultMsg(ctx, res_xml) ) { + fprintf(stderr, "%s: Failed to check the access level (unknown error)\n", MODULE); + } else { + eurephiaRESULT *res = eurephiaXML_ParseResultMsg(ctx, res_xml); + fprintf(stderr, "%s: %s\n", MODULE, res->message); + free_nullsafe(ctx, res); + } + rc = 1; + } else { + xmlNode *ptr2_n = xmlFindNode(ptr_n, "user_access"); + + // If ptr2_n is not NULL, it means this access already exists. + // That is expected for REVOKE operations, but not expected + // for GRANT operations + rc = ((actmode == 'G' && ptr2_n != NULL) || (actmode == 'R' && ptr2_n == NULL) ? 1 : 0); + if( rc > 0 ) { + fprintf(stderr, "%s: This access level is %s to the user\n", MODULE, + (actmode == 'G' ? "already granted" : "not granted")); + } + } + xmlFreeDoc(res_xml); + } + if( rc > 0 ) { + goto error; + } + + // Prepare for the real update. Replace the 'mode' attribute to contain the proper action. + xmlRemoveProp(mode_a); + xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) (actmode == 'G' ? "grant" : "revoke")); + res_xml = eDBadminAccessLevel(ctx, upd_xml); if( res_xml == NULL ) { fprintf(stderr, "%s: Failed to update the access level\n", MODULE); @@ -347,6 +385,8 @@ int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, i free_nullsafe(ctx, res); xmlFreeDoc(res_xml); } + + error: xmlFreeDoc(upd_xml); return rc; } |