/* -*- LPC -*- */ /* * $Locker: $ * $Id: perm_it.c,v 1.7 2003/05/13 18:25:01 ceres Exp $ * $Log: perm_it.c,v $ * Revision 1.7 2003/05/13 18:25:01 ceres * Modified to allow multiple assignments * * Revision 1.6 2003/04/18 00:14:23 pinkfish * Remove the update abilioty. * * Revision 1.5 2003/04/17 20:56:20 pinkfish * Add in some code to update the error assignments. * * Revision 1.4 2003/03/27 22:14:01 trilogy * Was using /secure/login. * * Revision 1.3 2003/03/21 17:14:48 drakkos * Added a filter option for permit assignment summary * * Revision 1.2 2003/03/05 22:46:28 pinkfish * Make it sort the keys correctly and make it pick up details of domain * directory assignments. * * Revision 1.1 2003/03/05 18:57:00 pinkfish * Initial revision * * Revision 1.6 2003/03/04 23:01:49 pinkfish * Allow you to remove permissions too. * * Revision 1.5 2003/03/04 22:29:34 pinkfish * Add in directory stuff. * * Revision 1.4 1999/01/21 18:35:19 ceres * Forgot to remove a debug statement. * * Revision 1.2 1999/01/20 00:54:55 ceres * Modified add_command * * Revision 1.1 1998/12/29 06:03:04 ceres * Initial revision * * Revision 1.1 1998/01/06 05:29:21 ceres * Initial revision * */ #include <parser.h> #include <access.h> #include <player_handler.h> #include <error_handler.h> inherit "/cmds/base"; #define READ_MASK 1 #define WRITE_MASK 2 #define GRANT_MASK 4 #define LOCK_MASK 8 int help(); mixed cmd(string command, string euid, string path) { string* euids; string* bing; if (this_player() != this_player(1)) { return 0; } seteuid("Root"); notify_fail("Something went wrong.\n"); path = (string)this_player()->get_path(path); switch(command) { case "assign" : // Assign someone to the directory. if (file_size(path) != -2) { notify_fail("The path " + path + " does not exist.\n"); return 0; } euids = explode(replace_string(euid, " ", ""), ",") - ({ "none" }); bing = filter(euids, (: !PLAYER_HANDLER->test_creator($1) && $1 != ERROR_ASSIGNED_NO_ONE:)); if (sizeof(bing)) { notify_fail("The people " + query_multiple_short(bing) + " are not creators.\n"); return 0; } if ((int)master()->assign_people_to_directory(path, euids)) { add_succeeded_mess("Assigned the directory " + path + " to " + query_multiple_short(euids) + ".\n"); return 1; } notify_fail("Unable to assign the directory, not creator names?\n"); return 0; case "read": if (!master()->high_programmer(previous_object(-1)) && !master()->valid_grant(this_player(), path, READ_MASK)) return notify_fail("You do not have permission to add read access.\n"); return (int)master()->add_read_permission(euid, path); break; case "write": if (!master()->high_programmer(previous_object(-1)) && !master()->valid_grant(this_player(), path, WRITE_MASK)) return notify_fail("You do not have permission to add write " "access.\n"); return (int)master()->add_write_permission(euid, path); break; case "grant": if (!master()->high_programmer(previous_object(-1)) && !master()->valid_grant(this_player(), path, GRANT_MASK)) return notify_fail("You do not have permission to add grant access.\n"); return (int)master()->add_grant_permission(euid, path); break; case "lock": if (!master()->query_lord(previous_object(-1))) return notify_fail("You don't have permission to lock paths.\n"); if ((path[0..2] != "/d/") && !master()->high_programmer(previous_object(-1))) return notify_fail("You don't have permission to lock paths there.\n"); return (int)master()->lock_path(path); case "noread": if (!master()->high_programmer(previous_object(-1)) && !master()->valid_grant(this_player(), path, READ_MASK)) return notify_fail("You do not have permission to remove read " "access.\n"); return (int)master()->remove_read_permission(euid, path); break; case "nowrite": if (!master()->high_programmer(previous_object(-1)) && !master()->valid_grant(this_player(), path, WRITE_MASK)) return notify_fail("You do not have permission to remove write " "access.\n"); return (int)master()->remove_write_permission(euid, path); break; case "nogrant": if (!master()->high_programmer(previous_object(-1)) && !master()->valid_grant(this_player(), path, GRANT_MASK)) return notify_fail("You do not have permission to remove grant " "access.\n"); return (int)master()->remove_grant_permission(euid, path); break; case "unlock": if (!master()->query_lord(previous_object(-1))) return notify_fail("You don't have permission to lock paths.\n"); if ((path[0..2] != "/d/") && !master()->high_programmer(previous_object(-1))) return notify_fail("You don't have permission to lock paths there.\n"); return (int)master()->unlock_path(path); break; default: return help(); } } /* cmd() */ int do_directory_summary(string dir) { mapping assignments; mapping new_assignments; string* paths; string path; string ret; string domain; assignments = master()->query_directory_assignments(); foreach (domain in master()->query_domains()) { ret = catch(new_assignments = ("/d/" + domain + "/master")->query_directory_assignments()); if (sizeof(new_assignments)) { assignments += new_assignments; } } if (sizeof (dir)) { assignments = filter (assignments, (: strsrch ($1, $(dir)) != -1 :)); } //paths = sort_array( keys( assignments ), "list_before", this_object() ); paths = sort_array( keys( assignments ), 1 ); ret = sprintf("%40-s Assigned To\n", "Path"); foreach (path in paths) { ret += sprintf("%-40s %s\n", path, query_multiple_short(assignments[path])); } write("$P$Directory Assignments$P$" + ret); return 1; } // This updates the directory assignments int do_directory_update(string dir) { mapping assignments; mapping new_assignments; string* paths; string path; string ret; string domain; string* bits; assignments = master()->query_directory_assignments(); foreach (domain in master()->query_domains()) { ret = catch(new_assignments = ("/d/" + domain + "/master")->query_directory_assignments()); if (sizeof(new_assignments)) { assignments += new_assignments; } } if (sizeof (dir)) { assignments = filter (assignments, (: strsrch ($1, $(dir)) != -1 :)); } //paths = sort_array( keys( assignments ), "list_before", this_object() ); paths = sort_array( keys( assignments ), 0 ); foreach (path in paths) { if (sizeof(assignments[path])) { bits = explode(path, "/"); if (bits[0] == "d") { ERROR_HANDLER->do_update_directory_assignment(("/d/" + bits[1] + "/master")->query_lord(), assignments[path][0], path, (: 1 :)); } else { ERROR_HANDLER->do_update_directory_assignment("nobody", assignments[path][0], path, (: 1 :)); } write("Updated " + path + " to " + assignments[path][0] + "\n"); } } write("$P$Directory Assignments$P$" + ret); return 1; } int do_summary(string str) { mapping perms; string *paths, *euids, ret, creator; int i, j, k; perms = (mapping)master()->query_permissions(); if (str) { if (!perms[str]) { if (!PLAYER_HANDLER->test_user(str) && !master()->valid_euid(str)) { write("There are no permissions for "+str+".\n"); return 1; } else { creator = str; } } else { perms = ([ str : perms[str] ]); } } //paths = sort_array( keys( perms ), "list_before", this_object() ); paths = sort_array( keys( perms ), 1 ); if (!sizeof(paths)) { ret = "No permissions set.\n"; } else { ret = sprintf("%11-s Path\n", "Euid"); } for (i=0;i<sizeof(paths);i++) { euids = keys(perms[paths[i]]); for (j=0;j<sizeof(euids);j++) { if (!creator || (euids[j] == creator ) ) { k = perms[paths[i]][euids[j]]; if (k & LOCK_MASK) ret += sprintf("%11-s LCK %s\n", euids[j], paths[i]); else ret += sprintf("%11-s %c%c%c %s\n", euids[j],(k & READ_MASK?'R':' '), (k & WRITE_MASK?'W':' '), (k & GRANT_MASK?'G':' '), paths[i]); } } } this_player()->more_string( ret, "Permissions", 1 ); return 1; } /* do_summary() */ int do_tidy() { int i, j, perm, same; string path, creator, *bits; mapping perms, euids, others; if (!sizeof(filter(previous_object(-1), (: interactive($1) :)))) { event( users(), "inform", "illegal attempt to call do_tidy() by "+ (string)this_player()->query_name(), "cheat" ); unguarded((: write_file, "/log/CHEAT", ctime( time() ) +": illegal " "attempt to call do_tidy() by "+ (string)this_player()->query_name() +"\n" :)); return notify_fail( "Failed.\n" ); } perms = (mapping)master()->query_permissions(); foreach( path in keys( perms ) ) { euids = perms[ path ]; foreach( creator in keys( euids ) ) { perm = euids[ creator ]; if ( !PLAYER_HANDLER->test_creator( creator ) && !master()->valid_euid( creator ) ) { write( "No creator: "+ creator +".\n" ); if ( perm & READ_MASK ) master()->remove_read_permission( creator, path ); if ( perm & WRITE_MASK ) master()->remove_write_permission( creator, path ); if ( perm & GRANT_MASK ) master()->remove_grant_permission( creator, path ); continue; } if ( path == "/" ) continue; same = perms[ "/" ][ creator ] & perm; if ( same ) { write( "Access to / supercedes "+ path +" for "+ creator +".\n" ); if ( same & READ_MASK ) master()->remove_read_permission( creator, path ); if ( same & WRITE_MASK ) master()->remove_write_permission( creator, path ); if ( same & GRANT_MASK ) master()->remove_grant_permission( creator, path ); continue; } bits = explode( path, "/" ); j = sizeof( bits ) - 1; for ( i = 0; i < j; i++ ) { others = perms[ "/"+ implode( bits[ 0 .. i ], "/" ) ]; if ( !others ) continue; same = others[ creator ] & perm; if ( same ) { write( "Access to /"+ implode( bits[ 0 .. i ], "/" ) + " supercedes "+ path +" for "+ creator +".\n" ); if ( same & READ_MASK ) master()->remove_read_permission( creator, path ); if ( same & WRITE_MASK ) master()->remove_write_permission( creator, path ); if ( same & GRANT_MASK ) master()->remove_grant_permission( creator, path ); break; } } } } return 1; } /* do_tidy() */ int help() { write("Available commands:\n" " read <euid> <path> : add read permison to the path.\n" " write <euid> <path> : add write permission to the path.\n" " grant <euid> <path> : add granting privileges to the path.\n" " lock <path> : restrict access to the path.\n" " noread <euid> <path> : remove read permission from the path.\n" " nowrite <euid> <path> : remove write permission from the path.\n" " nogrant <euid> <path> : remove granting privileges to the path.\n" " unlock <path> : remove restrictions to path.\n" " summary [path|euid] : give a list of all the read/write perms.\n" " tidy : tidy away unnecessary perms.\n" " assign <euid> <path> : assigns someone to look after a directory.\n" " assignment summary : summary of directory assignments.\n" ); return 1; } mixed *query_patterns() { return ({ "summary", (: do_summary(0) :), "summary <string>", (: do_summary($4[0]) :), "assignment summary", (: do_directory_summary(0) :), // "assignment update", (: do_directory_update(0) :), "assignment summary <string'filter'>", (: do_directory_summary($4[0]) :), "tidy", (: do_tidy() :), "help", (: help() :), "<word'permission'> <string'euid'> <word'path'>", (: cmd($4[0], $4[1], $4[2] ) :) #ifdef 0 , "write <string'euid'> <string>", (: cmd("write", $4[0], $4[1]) :), "grant <string'euid'> <string>", (: cmd("grant", $4[0], $4[1]) :), "lock <string'euid'> <string>", (: cmd("lock", $4[0], $4[1]) :), "noread <string'euid'> <string>", (: cmd("noread", $4[0], $4[1]) :), "nowrite <string'euid'> <string>", (: cmd("nowrite", $4[0], $4[1]) :), "nogrant <string'euid'> <string>", (: cmd("nogrant", $4[0], $4[1]) :), "unlock <string'euid'> <string>", (: cmd("unlock", $4[0], $4[1]) :), #endif }); } /* query_patterns() */