# # patch "ChangeLog" # from [71c41c875677789a8a849c815c2d56c79387a069] # to [4b511aa2329f261661f2dae6e43a4eb2c40d4999] # # patch "lua.cc" # from [e4dd123e0c07b59361555b521f3b2cc17aa445b5] # to [b7ee2c7123f4941b169840cb5149b9b7130dfb14] # # patch "lua.hh" # from [0c4357742dc32474757a7905380b407e532563f4] # to [0c4f6966a60230b591f07d0a0519485bf451a349] # # patch "netsync.cc" # from [71902ef3677adceaa862dc7c9150cad39ce27c5e] # to [8ea5688a68922a74077e76c8e4fd9da47241b0d5] # --- ChangeLog +++ ChangeLog @@ -1,5 +1,12 @@ 2005-07-03 Nathaniel Smith + * lua.{cc,hh} (hook_get_netsync_write_permitted): Don't take a + branch argument; write permission is now all or none. (It really + was before anyway...) + * netsync.cc: Update accordingly. + +2005-07-03 Nathaniel Smith + * netsync.cc: More updating for pattern stuff; getting there... 2005-06-28 Nathaniel Smith --- lua.cc +++ lua.cc @@ -738,14 +738,14 @@ lua_hooks::hook_expand_date(std::string const & sel, std::string & exp) { - exp.clear(); + exp.clear(); bool res= Lua(st) .func("expand_date") .push_str(sel) .call(1,1) .extract_str(exp) .ok(); - return res && exp.size(); + return res && exp.size(); } bool @@ -1038,14 +1038,14 @@ } bool -lua_hooks::hook_get_netsync_read_permitted(std::string const & pattern, +lua_hooks::hook_get_netsync_read_permitted(std::string const & branch, rsa_keypair_id const & identity) { bool permitted = false, exec_ok = false; exec_ok = Lua(st) .func("get_netsync_read_permitted") - .push_str(pattern) + .push_str(branch) .push_str(identity()) .call(2,1) .extract_bool(permitted) @@ -1055,13 +1055,13 @@ } bool -lua_hooks::hook_get_netsync_anonymous_read_permitted(std::string const & pattern) +lua_hooks::hook_get_netsync_anonymous_read_permitted(std::string const & branch) { bool permitted = false, exec_ok = false; exec_ok = Lua(st) .func("get_netsync_anonymous_read_permitted") - .push_str(pattern) + .push_str(branch) .call(1,1) .extract_bool(permitted) .ok(); @@ -1070,14 +1070,12 @@ } bool -lua_hooks::hook_get_netsync_write_permitted(std::string const & pattern, - rsa_keypair_id const & identity) +lua_hooks::hook_get_netsync_write_permitted(rsa_keypair_id const & identity) { bool permitted = false, exec_ok = false; exec_ok = Lua(st) .func("get_netsync_write_permitted") - .push_str(pattern) .push_str(identity()) .call(2,1) .extract_bool(permitted) --- lua.hh +++ lua.hh @@ -62,11 +62,10 @@ std::map const & new_results); // network hooks - bool hook_get_netsync_read_permitted(std::string const & pattern, + bool hook_get_netsync_read_permitted(std::string const & branch, rsa_keypair_id const & identity); - bool hook_get_netsync_anonymous_read_permitted(std::string const & pattern); - bool hook_get_netsync_write_permitted(std::string const & pattern, - rsa_keypair_id const & identity); + bool hook_get_netsync_anonymous_read_permitted(std::string const & branch); + bool hook_get_netsync_write_permitted(rsa_keypair_id const & identity); // local repo hooks bool hook_ignore_file(file_path const & p); --- netsync.cc +++ netsync.cc @@ -1137,8 +1137,6 @@ // Write permissions checking: // remove heads w/o proper certs, add their children to heads // 1) remove unwanted branch certs from consideration - // - server: check write permission hook - // - client: check against sync pattern // 2) remove heads w/o a branch tag, process new exposed heads // 3) repeat 2 until no change @@ -1162,13 +1160,7 @@ ; else { - bool ok; - if (voice == server_voice) - ok = app.lua.hook_get_netsync_write_permitted(name(), - remote_peer_key_name); - else - ok = our_matcher(name()); - if (ok) + if (our_matcher(name())) { ok_branches.insert(name()); keeping.push_back(*j); @@ -1927,7 +1919,8 @@ return false; } - P(F("allowed '%s' read permission for '%s'\n") % their_id % pattern); + P(F("allowed '%s' read permission for '%s' excluding '%s'\n") + % their_id % their_include_pattern % their_exclude_pattern); } // client as source, server as sink (writing) @@ -1936,23 +1929,22 @@ { if (this->role != sink_role && this->role != source_and_sink_role) { - W(F("denied '%s' write permission for '%s' while running as pure source\n") - % their_id % pattern); + W(F("denied '%s' write permission for '%s' excluding '%s' while running as pure source\n") + % their_id % their_include_pattern % their_exclude_pattern); this->saved_nonce = id(""); return false; } - // Write permissions are now checked from analyze_ancestry_graph. - if (their_role == source_role) + if (!app.lua.hook_get_netsync_write_permitted(their_id)) { - for (vector::const_iterator i = branchnames.begin(); - i != branchnames.end(); i++) - { - ok_branches.insert(utf8(*i)); - } + W(F("denied '%s' write permission for '%s' excluding '%s' while running as pure source\n") + % their_id % their_include_pattern % their_exclude_pattern); + this->saved_nonce = id(""); + return false; } - P(F("allowed '%s' write permission for '%s'\n") % their_id % pattern); + P(F("allowed '%s' write permission for '%s' excluding '%s'\n") + % their_id % their_include_pattern % their_exclude_pattern); } rebuild_merkle_trees(app, ok_branches);