[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-commits-diffs] net.venge.monotone.levitte.permissions-directo
From: |
code |
Subject: |
[Monotone-commits-diffs] net.venge.monotone.levitte.permissions-directories: 83c0403c272c27635da26e4802bb5f24e00ebf08 |
Date: |
Wed, 29 Dec 2010 14:48:06 GMT |
revision: 83c0403c272c27635da26e4802bb5f24e00ebf08
date: 2010-12-29T14:47:39
author: Richard Levitte <address@hidden>
branch: net.venge.monotone.levitte.permissions-directories
changelog:
These changes implement an extension of the standard permissions hooks to
also read permission files from the directories `read-permissions.d' and
`write-permissions.d' that reside in the same directory as the usual
permissions files `read-permissinons' and `write-permissions'.
* tester.cc, luaext_platform.cc: The Lua extensions `mkdir', `exists',
`isdir' and `read_directory' are moved from tester.cc to
luaext_platform.cc, to be made available for Lua hooks.
Quite honestly, there are probably more functions that could be moved to
be made available for more than just the tester scripts.
* std_hooks.lua: get_netsync_(read|write)_permitted were renamed to the
same name with an underscore as prefix, and new functions that would
feed the old one with `(read|write)-permissions' and then all files in
`(read|write)_permissions.d' were created.
Extra care was taken with get_netsync_read_permitted, where a certain
amount of state needed to be passed along between calls.
One test was changed accordingly.
* test/netsync_permissions/closed/write-permissions: Renamed to
`tests/netsync_permissions/closed/write-permissions.d/tester' to see
that `get_netsync_write_permitted' would catch it anyway.
* tests/netsync_permissions/closed/read-permissions: Part of this file was
moved to `tests/netsync_permissions/closed/read-permissions.d/tester'.
* tests/netsync_permissions/__driver__.lua: Modified to place new
permissions in
`tests/netsync_permissions/closed/read-permissions.d/tester-by-hash' and
`tests/netsync_permissions/closed/write-permissions.d/tester-by-hash'.
manifest:
format_version "1"
new_manifest [f4b5ad66d12c5634169675ca0bbbbfc25ca502c5]
old_revision [b12aab0da6c572a6773bb816686d753e63b32975]
rename "tests/netsync_permissions/closed/write-permissions"
to "tests/netsync_permissions/closed/write-permissions.d/tester"
add_dir "tests/netsync_permissions/closed/read-permissions.d"
add_dir "tests/netsync_permissions/closed/write-permissions.d"
add_file "tests/netsync_permissions/closed/read-permissions.d/tester"
content [b9bae8e35f085049ddfa0cfe92308a79998ad6d0]
patch "luaext_platform.cc"
from [b22b5f7fa127055e909280379694c1635f4923ff]
to [288a571d7c91fbb4abffb66611b52aac74889aa2]
patch "std_hooks.lua"
from [c97901eafc09c1ae80f7f33425761c1ea06a6929]
to [b1a61ba83a6e8c0c9d72393aaf0e86089b75464d]
patch "tester.cc"
from [adb12440ea0b944027ea7f8eb35e06acbce2bcce]
to [969901c130b3d7701a780802dbc73061bafbe57d]
patch "tests/netsync_permissions/__driver__.lua"
from [a0632f717c1fff69661ccc56516bcae93e3b3de8]
to [8a675ebd2b67064a295f5143b2159580d1028ac9]
patch "tests/netsync_permissions/closed/read-permissions"
from [2164855b160ba5bfa19257d29dc4e820becc5459]
to [eff21031c117b085855d3a6220dfb95f3e000efa]
============================================================
--- std_hooks.lua c97901eafc09c1ae80f7f33425761c1ea06a6929
+++ std_hooks.lua b1a61ba83a6e8c0c9d72393aaf0e86089b75464d
@@ -1078,46 +1078,51 @@ end
end
end
-function get_netsync_read_permitted(branch, ident)
- local permfile = io.open(get_confdir() .. "/read-permissions", "r")
+function _get_netsync_read_permitted(branch, ident, permfilename, state)
+ if not exists(permfilename) or isdir(permfilename) then
+ return false
+ end
+ local permfile = io.open(permfilename, "r")
if (permfile == nil) then return false end
local dat = permfile:read("*a")
io.close(permfile)
local res = parse_basic_io(dat)
if res == nil then
- io.stderr:write("file read-permissions cannot be parsed\n")
- return false
+ io.stderr:write("file "..permfilename.." cannot be parsed\n")
+ return false,"continue"
end
- local matches = false
- local cont = false
+ state["matches"] = state["matches"] or false
+ state["cont"] = state["cont"] or false
for i, item in pairs(res)
do
-- legal names: pattern, allow, deny, continue
if item.name == "pattern" then
- if matches and not cont then return false end
- matches = false
- cont = false
+ if state["matches"] and not state["cont"] then return false end
+ state["matches"] = false
+ state["cont"] = false
for j, val in pairs(item.values) do
- if globish_match(val, branch) then matches = true end
+ if globish_match(val, branch) then state["matches"] = true end
end
- elseif item.name == "allow" then if matches then
+ elseif item.name == "allow" then if state["matches"] then
for j, val in pairs(item.values) do
if val == "*" then return true end
if val == "" and ident == nil then return true end
if ident ~= nil and val == ident.id then return true end
if ident ~= nil and globish_match(val, ident.name) then return true end
end
- end elseif item.name == "deny" then if matches then
+ end elseif item.name == "deny" then if state["matches"] then
for j, val in pairs(item.values) do
if val == "*" then return false end
if val == "" and ident == nil then return false end
if ident ~= nil and val == ident.id then return false end
if ident ~= nil and globish_match(val, ident.name) then return false end
end
- end elseif item.name == "continue" then if matches then
- cont = true
+ end elseif item.name == "continue" then if state["matches"] then
+ state["cont"] = true
for j, val in pairs(item.values) do
- if val == "false" or val == "no" then cont = false end
+ if val == "false" or val == "no" then
+ state["cont"] = false
+ end
end
end elseif item.name ~= "comment" then
io.stderr:write("unknown symbol in read-permissions: " .. item.name .. "\n")
@@ -1127,8 +1132,29 @@ end
return false
end
-function get_netsync_write_permitted(ident)
- local permfile = io.open(get_confdir() .. "/write-permissions", "r")
+function get_netsync_read_permitted(branch, ident)
+ local permfilename = get_confdir() .. "/read-permissions"
+ local permdirname = permfilename .. ".d"
+ local state = {}
+ if _get_netsync_read_permitted(branch, ident, permfilename, state) then
+ return true
+ end
+ if isdir(permdirname) then
+ local files = read_directory(permdirname)
+ table.sort(files)
+ for _,f in ipairs(files) do
+ pf = permdirname.."/"..f
+ if _get_netsync_read_permitted(branch, ident, pf, state) then
+ return true
+ end
+ end
+ end
+ return false
+end
+
+function _get_netsync_write_permitted(ident, permfilename)
+ if not exists(permfilename) or isdir(permfilename) then return false end
+ local permfile = io.open(permfilename, "r")
if (permfile == nil) then
return false
end
@@ -1145,6 +1171,21 @@ end
return matches
end
+function get_netsync_write_permitted(ident)
+ local permfilename = get_confdir() .. "/write-permissions"
+ local permdirname = permfilename .. ".d"
+ if _get_netsync_write_permitted(ident, permfilename) then return true end
+ if isdir(permdirname) then
+ local files = read_directory(permdirname)
+ table.sort(files)
+ for _,f in ipairs(files) do
+ pf = permdirname.."/"..f
+ if _get_netsync_write_permitted(ident, pf) then return true end
+ end
+ end
+ return false
+end
+
-- This is a simple function which assumes you're going to be spawning
-- a copy of mtn, so reuses a common bit at the end for converting
-- local args into remote args. You might need to massage the logic a
============================================================
--- tester.cc adb12440ea0b944027ea7f8eb35e06acbce2bcce
+++ tester.cc 969901c130b3d7701a780802dbc73061bafbe57d
@@ -313,22 +313,6 @@ LUAEXT(copy_recursive, )
}
}
-LUAEXT(mkdir, )
-{
- try
- {
- char const * dirname = luaL_checkstring(LS, -1);
- do_mkdir(dirname);
- lua_pushboolean(LS, true);
- return 1;
- }
- catch(recoverable_failure & e)
- {
- lua_pushnil(LS);
- return 1;
- }
-}
-
LUAEXT(make_temp_dir, )
{
try
@@ -367,88 +351,6 @@ LUAEXT(mtime, )
}
}
-LUAEXT(exists, )
-{
- try
- {
- char const * name = luaL_checkstring(LS, -1);
- switch (get_path_status(name))
- {
- case path::nonexistent: lua_pushboolean(LS, false); break;
- case path::file:
- case path::directory: lua_pushboolean(LS, true); break;
- }
- }
- catch(recoverable_failure & e)
- {
- lua_pushnil(LS);
- }
- return 1;
-}
-
-LUAEXT(isdir, )
-{
- try
- {
- char const * name = luaL_checkstring(LS, -1);
- switch (get_path_status(name))
- {
- case path::nonexistent:
- case path::file: lua_pushboolean(LS, false); break;
- case path::directory: lua_pushboolean(LS, true); break;
- }
- }
- catch(recoverable_failure & e)
- {
- lua_pushnil(LS);
- }
- return 1;
-}
-
-namespace
-{
- struct build_table : public dirent_consumer
- {
- build_table(lua_State * st) : st(st), n(1)
- {
- lua_newtable(st);
- }
- virtual void consume(const char *s)
- {
- lua_pushstring(st, s);
- lua_rawseti(st, -2, n);
- n++;
- }
- private:
- lua_State * st;
- unsigned int n;
- };
-}
-
-LUAEXT(read_directory, )
-{
- int top = lua_gettop(LS);
- try
- {
- string path(luaL_checkstring(LS, -1));
- build_table tbl(LS);
-
- read_directory(path, tbl, tbl, tbl);
- }
- catch(recoverable_failure &)
- {
- // discard the table and any pending path element
- lua_settop(LS, top);
- lua_pushnil(LS);
- }
- catch (...)
- {
- lua_settop(LS, top);
- throw;
- }
- return 1;
-}
-
LUAEXT(get_source_dir, )
{
lua_pushstring(LS, source_dir.c_str());
============================================================
--- tests/netsync_permissions/__driver__.lua a0632f717c1fff69661ccc56516bcae93e3b3de8
+++ tests/netsync_permissions/__driver__.lua 8a675ebd2b67064a295f5143b2159580d1028ac9
@@ -116,13 +116,13 @@ check(get("closed"))
check(get("closed"))
-- setup by-hash line in permissions files
-writeperm = readfile("closed/write-permissions")
-writeperm = writeperm .. byhash_hash .. "\n"
-writefile("closed/write-permissions", writeperm)
+writefile("closed/write-permissions.d/tester-by-hash", byhash_hash.."\n")
-readperm = readfile("closed/read-permissions")
-readperm = readperm .. 'allow "' .. byhash_hash .. '"\n'
-writefile("closed/read-permissions", readperm)
+readperm = readfile("closed/read-permissions.d/tester")
+readperm = readperm .. 'continue "yes"\n'
+writefile("closed/read-permissions.d/tester", readperm)
+writefile("closed/read-permissions.d/tester-by-hash",
+ 'pattern "*"\nallow "' .. byhash_hash .. '"\n')
-- general setup
clean()
============================================================
--- tests/netsync_permissions/closed/read-permissions 2164855b160ba5bfa19257d29dc4e820becc5459
+++ tests/netsync_permissions/closed/read-permissions eff21031c117b085855d3a6220dfb95f3e000efa
@@ -1,5 +1,2 @@ deny "*"
pattern "badbranch"
deny "*"
-
-pattern "*"
-allow "address@hidden"
============================================================
--- luaext_platform.cc b22b5f7fa127055e909280379694c1635f4923ff
+++ luaext_platform.cc 288a571d7c91fbb4abffb66611b52aac74889aa2
@@ -14,7 +14,9 @@
#include <cstdlib>
#include "platform.hh"
+#include "sanity.hh"
+using std::string;
using std::malloc;
using std::free;
@@ -185,6 +187,106 @@ LUAEXT(get_pid, )
return 1;
}
+// fs extensions
+
+LUAEXT(mkdir, )
+{
+ try
+ {
+ char const * dirname = luaL_checkstring(LS, -1);
+ do_mkdir(dirname);
+ lua_pushboolean(LS, true);
+ return 1;
+ }
+ catch(recoverable_failure & e)
+ {
+ lua_pushnil(LS);
+ return 1;
+ }
+}
+
+LUAEXT(exists, )
+{
+ try
+ {
+ char const * name = luaL_checkstring(LS, -1);
+ switch (get_path_status(name))
+ {
+ case path::nonexistent: lua_pushboolean(LS, false); break;
+ case path::file:
+ case path::directory: lua_pushboolean(LS, true); break;
+ }
+ }
+ catch(recoverable_failure & e)
+ {
+ lua_pushnil(LS);
+ }
+ return 1;
+}
+
+LUAEXT(isdir, )
+{
+ try
+ {
+ char const * name = luaL_checkstring(LS, -1);
+ switch (get_path_status(name))
+ {
+ case path::nonexistent:
+ case path::file: lua_pushboolean(LS, false); break;
+ case path::directory: lua_pushboolean(LS, true); break;
+ }
+ }
+ catch(recoverable_failure & e)
+ {
+ lua_pushnil(LS);
+ }
+ return 1;
+}
+
+namespace
+{
+ struct build_table : public dirent_consumer
+ {
+ build_table(lua_State * st) : st(st), n(1)
+ {
+ lua_newtable(st);
+ }
+ virtual void consume(const char *s)
+ {
+ lua_pushstring(st, s);
+ lua_rawseti(st, -2, n);
+ n++;
+ }
+ private:
+ lua_State * st;
+ unsigned int n;
+ };
+}
+
+LUAEXT(read_directory, )
+{
+ int top = lua_gettop(LS);
+ try
+ {
+ string path(luaL_checkstring(LS, -1));
+ build_table tbl(LS);
+
+ read_directory(path, tbl, tbl, tbl);
+ }
+ catch(recoverable_failure &)
+ {
+ // discard the table and any pending path element
+ lua_settop(LS, top);
+ lua_pushnil(LS);
+ }
+ catch (...)
+ {
+ lua_settop(LS, top);
+ throw;
+ }
+ return 1;
+}
+
// Local Variables:
// mode: C++
// fill-column: 76
============================================================
--- /dev/null
+++ tests/netsync_permissions/closed/read-permissions.d/tester b9bae8e35f085049ddfa0cfe92308a79998ad6d0
@@ -0,0 +1,2 @@
+pattern "*"
+allow "address@hidden"
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-commits-diffs] net.venge.monotone.levitte.permissions-directories: 83c0403c272c27635da26e4802bb5f24e00ebf08,
code <=