Skip to content

Commit

Permalink
Merge branch 'bareos-15.2' into bareos-16.2
Browse files Browse the repository at this point in the history
  • Loading branch information
Marco van Wieringen committed Sep 1, 2016
2 parents 0813dae + a742240 commit b35f371
Show file tree
Hide file tree
Showing 3 changed files with 233 additions and 43 deletions.
12 changes: 9 additions & 3 deletions src/cats/bvfs.c
View file
Expand Up @@ -215,7 +215,7 @@ static void build_path_hierarchy(JCR *jcr, B_DB *mdb,
bstrncpy(pathid, org_pathid, sizeof(pathid));

/* Does the ppathid exist for this ? we use a memory cache... In order to
* avoid the full loop, we consider that if a dir is allready in the
* avoid the full loop, we consider that if a dir is already in the
* PathHierarchy table, then there is no need to calculate all the
* hierarchy
*/
Expand All @@ -235,14 +235,20 @@ static void build_path_hierarchy(JCR *jcr, B_DB *mdb,
if (sql_num_rows(mdb) > 0) {
ppathid_cache.insert(pathid);
/* This dir was in the db ...
* It means we can leave, the tree has allready been built for
* It means we can leave, the tree has already been built for
* this dir
*/
goto bail_out;
} else {
/* search or create parent PathId in Path table */
mdb->path = bvfs_parent_dir(path);
mdb->pnl = strlen(mdb->path);

/* Don't add an empty path to the db */
if (!mdb->pnl) {
goto bail_out;
}

if (!db_create_path_record(jcr, mdb, &parent)) {
goto bail_out;
}
Expand All @@ -262,7 +268,7 @@ static void build_path_hierarchy(JCR *jcr, B_DB *mdb,
}
} else {
/* It's already in the cache. We can leave, no time to waste here,
* all the parent dirs have allready been done
* all the parent dirs have already been done
*/
goto bail_out;
}
Expand Down
113 changes: 86 additions & 27 deletions src/dird/ua_acl.c
View file
Expand Up @@ -36,6 +36,41 @@ bool acl_access_ok(UAContext *ua, int acl, const char *item, bool audit_event)
return acl_access_ok(ua, acl, item, strlen(item), audit_event);
}

/*
* Check if this is a regular expresion.
* A regexp uses the following chars:
* ., (, ), [, ], |, ^, $, +, ?, *
*/
static inline bool is_regex(const char *regexp)
{
const char *p;
bool retval = false;

p = regexp;
while (p) {
switch (*p++) {
case '.':
case '(':
case ')':
case '[':
case ']':
case '|':
case '^':
case '$':
case '+':
case '?':
case '*':
retval = true;
goto bail_out;
default:
break;
}
}

bail_out:
return retval;
}

/*
* Loop over the items in the alist and verify if they match the given item
* that access was requested for.
Expand All @@ -44,7 +79,9 @@ static inline bool find_in_acl_list(alist *list, int acl, const char *item, int
{
int rc;
regex_t preg;
int nmatch = 1;
bool retval = false;
regmatch_t pmatch[1];
const char *list_value;

/*
Expand Down Expand Up @@ -83,22 +120,33 @@ static inline bool find_in_acl_list(alist *list, int acl, const char *item, int
/*
* If we didn't get an exact match see if we can use the pattern as a regex.
*/
rc = regcomp(&preg, list_value + 1, REG_EXTENDED | REG_ICASE | REG_NOSUB);
if (rc != 0) {
/*
* Not a valid regular expression so skip it.
*/
Dmsg1(1400, "Not a valid regex %s, ignoring for regex compare\n", list_value);
continue;
}
if (is_regex(list_value + 1)) {
int match_length;

match_length = strlen(item);
rc = regcomp(&preg, list_value + 1, REG_EXTENDED | REG_ICASE);
if (rc != 0) {
/*
* Not a valid regular expression so skip it.
*/
Dmsg1(1400, "Not a valid regex %s, ignoring for regex compare\n", list_value);
continue;
}

if (regexec(&preg, item, nmatch, pmatch, 0) == 0) {
/*
* Make sure its not a partial match but a full match.
*/
Dmsg2(1400, "Found match start offset %d end offset %d\n", pmatch[0].rm_so, pmatch[0].rm_eo);
if ((pmatch[0].rm_eo - pmatch[0].rm_so) >= match_length) {
Dmsg3(1400, "ACL found %s in %d using regex %s\n", item, acl, list_value);
regfree(&preg);
goto bail_out;
}
}

if (regexec(&preg, item, 0, NULL, 0) == 0) {
Dmsg3(1400, "ACL found %s in %d using regex %s\n", item, acl, list_value);
regfree(&preg);
goto bail_out;
}

regfree(&preg);
} else {
/*
* Special case *all* gives full access
Expand All @@ -118,23 +166,34 @@ static inline bool find_in_acl_list(alist *list, int acl, const char *item, int
/*
* If we didn't get an exact match see if we can use the pattern as a regex.
*/
rc = regcomp(&preg, list_value, REG_EXTENDED | REG_ICASE | REG_NOSUB);
if (rc != 0) {
/*
* Not a valid regular expression so skip it.
*/
Dmsg1(1400, "Not a valid regex %s, ignoring for regex compare\n", list_value);
continue;
}
if (is_regex(list_value)) {
int match_length;

match_length = strlen(item);
rc = regcomp(&preg, list_value, REG_EXTENDED | REG_ICASE);
if (rc != 0) {
/*
* Not a valid regular expression so skip it.
*/
Dmsg1(1400, "Not a valid regex %s, ignoring for regex compare\n", list_value);
continue;
}

if (regexec(&preg, item, nmatch, pmatch, 0) == 0) {
/*
* Make sure its not a partial match but a full match.
*/
Dmsg2(1400, "Found match start offset %d end offset %d\n", pmatch[0].rm_so, pmatch[0].rm_eo);
if ((pmatch[0].rm_eo - pmatch[0].rm_so) >= match_length) {
Dmsg3(1400, "ACL found %s in %d using regex %s\n", item, acl, list_value);
retval = true;
regfree(&preg);
goto bail_out;
}
}

if (regexec(&preg, item, 0, NULL, 0) == 0) {
Dmsg3(1400, "ACL found %s in %d using regex %s\n", item, acl, list_value);
retval = true;
regfree(&preg);
goto bail_out;
}

regfree(&preg);
}
}

Expand Down

0 comments on commit b35f371

Please sign in to comment.