/*
// File : /std/priv.c
// Purpose : This is an access checking system that is inherited by
// both generic objects and file security mechanisms.
// 92-05-31 : Buddha wrote it
// 94-03-26 : Pallando added delete_access()
*/
#include <uid.h>
#include <priv.h>
private mapping perms;
static nomask int check_access(mixed what);
nomask int set_access(mixed what, int new_access);
nomask int delete_access(string entry);
// debugging stuff
void debug(string str) {
#ifdef DEBUG
write(str + "\n");
#endif
}
// start with something pretty basic.
void init_access() {
if(!mapp(perms)) perms = ([ ]);
}
// O.K., this one returns an integer value based on the security level
// in question, as defined in priv.h. It gets called by valid_write() and
// valid_read(), and is passed a string such as "obj/equip/sword.c".
// it will return the access for the item, or if that is unavailable, the
// access for the node of the tree that it's on.
static nomask int check_access(string tmp) {
int i;
string *parts;
debug("Passed to check_access: " + tmp);
init_access();
debug("past init_access()");
// okay, first check for a direct match. This will be a lot of
// cases for variables, less for files.
if (perms[tmp]) return perms[tmp];
// there was no match, so let's split this string up into segments.
// If there is only one element in the resulting array, then we
// know it's been passed already.
parts = explode(tmp, "/");
// question, what to do here? For file security, it probably
// means they are trying to write to /, but for variables it sounds
// like they are adding a new one.... one is harmless, the other isn't.
// for now, I'll assume that there is another way to lock the root
// directory... it may be necessary to add a "/" entry.
// This is my solution, but I suspect there's a better way where
// I won't have to do this for all objects.
if (sizeof(parts) == 1) {
debug("Only one level depth to resolve");
if (file_name(this_object()) == "adm/newaccess")
return MASTER_ONLY;
else return PUBLIC;
}
// okay, let's look for the closest match we can find for this,
// starting with things most similar and working towards root.
for (i=sizeof(parts)-1;i>=0;i--) {
tmp = implode(parts[0..i], "/");
debug("debug: checking for an entry for " + tmp);
if(perms[tmp]) {
debug("Matched " + implode(parts, "/") + " with " + tmp);
return perms[tmp];
}
}
debug("No match, returning PUBLIC status.");
return PUBLIC;
}
// This function will take either an access string or an array that
// constitutes a path through a variable tree, and set the access for
// the variable or tree segment specified.
nomask int set_access(string entry, int new_access) {
string eff_user;
int curr_access;
// first, get the identity of who is trying to change the access.
if (!previous_object()) eff_user = geteuid();
else eff_user = geteuid(previous_object());
#ifdef DEBUG
write(eff_user + " is trying to change access " + entry + " to " +
new_access + " for " + file_name(this_object()) + "\n");
#endif
// Only two euid can generally change the permissions on things.
// the owner, because it makes sense, and Root, just because.
if (eff_user != geteuid(this_object()) && eff_user != ROOT_UID)
return 0;
// now get it's protection level.
// then, switch through the various types of protection.
curr_access = check_access(entry);
if(!intp(curr_access)) curr_access = 0;
switch(curr_access) {
case PUBLIC:
case READ_ONLY:
case OWNER_ONLY:
perms[entry] = new_access;
return 1;
break;
case LOCKED:
case PRIVATE:
return 0;
break;
case MASTER_ONLY:
if (eff_user == ROOT_UID) {
perms[entry] = new_access;
return 1;
}
return 0;
break;
default:
// the item isn't even in priv.h - probably an error
perms[entry] = new_access;
return 1;
break;
}
}
// delete() uses delete_access(entry) rather than set_access(entry,0) because
// that is The Right Thing (tm) to do.
nomask int delete_access(string entry)
{
string eff_user;
eff_user = ( previous_object() ? geteuid( previous_object() ) : geteuid() );
if( eff_user != geteuid() && eff_user != ROOT_UID ) return 0; // Fail.
map_delete( perms, entry );
}
// Now, we do something that's purpose may look familiar to some of you
// valid_write() and valid_read() get passed the string that represents
// what is being accessed, and is also passed the object doing the action.
// This way, we can ensure that nothing happens that shouldn't.
// the string passed will look like a file name already, i.e. it will
nomask int valid_write(string what, object act_ob) {
string eff_user;
int security;
if (!what) return 0 ; /* a hack-o by mobydick to fix a crash */
if (!act_ob) act_ob = previous_object(); // who is this? ourself?
if (!act_ob) act_ob = this_player();
if (!act_ob) {
log_file("odd_errors", "no act_ob, /std/priv.c line 149");
return 0;
}
eff_user = geteuid(act_ob);
security = check_access(what);
debug("check_access ok, security level " + security + " returned.");
// Okay, let's check the access situation before going further.
if(!intp(security)) security = 0;
switch (security) {
case PUBLIC :
return 1; break;
case READ_ONLY :
case OWNER_ONLY :
if (eff_user != geteuid() && eff_user != ROOT_UID)
return 0; break;
case MASTER_ONLY :
case LOCKED :
case PRIVATE :
if (eff_user != ROOT_UID) return 0; break;
default : debug("default case reached."); return 0; break;
}
// anything that makes it to this point should be ok, right?
return 1;
}
nomask int valid_read(string what, object act_ob) {
string eff_user;
int security;
if (!act_ob) return 0;
eff_user = geteuid(act_ob);
security = check_access(what);
debug("check_access ok, security level " + security + " returned.");
// Okay, let's check the access situation before going further.
if(!intp(security)) security = 0;
switch (security) {
case PUBLIC :
case READ_ONLY :
case MASTER_ONLY :
case LOCKED :
return 1; break;
case OWNER_ONLY :
case PRIVATE :
if (eff_user != geteuid() && eff_user != ROOT_UID)
return 0; break;
default : debug("default case reached."); return 0; break;
}
// anything that makes it to this point should be ok, right?
return 1;
}
// This function just checks with the access system and returns the
// present permissions set on an attribute.
int query_permission(string prop) { return check_access(prop); }
