diff options
| author | Phil Davis <phil.davis@inf.org> | 2015-02-28 14:25:49 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2015-02-28 14:25:49 +0545 |
| commit | b37a2e8c90dd8d28c9a967750a9aee3898a6cdd5 (patch) | |
| tree | 369fdd549f789b6baedceb96ef605a2615fe109d /etc/inc/priv.inc | |
| parent | 139deffb0fc8285d6e58388ae29d5f37902da84f (diff) | |
| download | pfsense-b37a2e8c90dd8d28c9a967750a9aee3898a6cdd5.zip pfsense-b37a2e8c90dd8d28c9a967750a9aee3898a6cdd5.tar.gz | |
Code style for etc inc i to p
Diffstat (limited to 'etc/inc/priv.inc')
| -rw-r--r-- | etc/inc/priv.inc | 141 |
1 files changed, 92 insertions, 49 deletions
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index 8d1a736..ee6e876 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -49,46 +49,57 @@ require_once("priv.defs.inc"); /* Load and process custom privs. */ function get_priv_files($directory) { $dir_array = array(); - if(!is_dir($directory)) + if (!is_dir($directory)) { return; + } if ($dh = opendir($directory)) { while (($file = readdir($dh)) !== false) { $canadd = 0; - if($file == ".") + if ($file == ".") { $canadd = 1; - if($file == "..") + } + if ($file == "..") { $canadd = 1; - if($canadd == 0) + } + if ($canadd == 0) { array_push($dir_array, $file); + } } closedir($dh); } - if(!is_array($dir_array)) + if (!is_array($dir_array)) { return; + } return $dir_array; } // Load and sort privs $dir_array = get_priv_files("/etc/inc/priv"); -foreach ($dir_array as $file) - if (!is_dir("/etc/inc/priv/{$file}") && stristr($file,".inc")) +foreach ($dir_array as $file) { + if (!is_dir("/etc/inc/priv/{$file}") && stristr($file,".inc")) { include("/etc/inc/priv/{$file}"); -if(is_dir("/usr/local/pkg/priv")) { + } +} +if (is_dir("/usr/local/pkg/priv")) { $dir_array = get_priv_files("/usr/local/pkg/priv"); - foreach ($dir_array as $file) - if (!is_dir("/usr/local/pkg/priv/{$file}") && stristr($file,".inc")) + foreach ($dir_array as $file) { + if (!is_dir("/usr/local/pkg/priv/{$file}") && stristr($file,".inc")) { include("/usr/local/pkg/priv/{$file}"); + } + } } -if(is_array($priv_list)) +if (is_array($priv_list)) { sort_privs($priv_list); +} function cmp_privkeys($a, $b) { /* user privs at the top */ $auser = strncmp("user-", $a, 5); $buser = strncmp("user-", $b, 5); - if($auser != $buser) + if ($auser != $buser) { return $auser - $buser; + } /* name compare others */ return strcasecmp($a, $b); @@ -103,27 +114,31 @@ function cmp_page_matches($page, & $matches, $fullwc = true) { // $dbg_matches = implode(",", $matches); // log_error("debug: checking page {$page} match with {$dbg_matches}"); - if (!is_array($matches)) + if (!is_array($matches)) { return false; + } /* skip any leading fwdslash */ $test = strpos($page, "/"); - if ($test !== false && $test == 0) + if ($test !== false && $test == 0) { $page = substr($page, 1); + } /* look for a match */ foreach ($matches as $match) { /* possibly ignore full wildcard match */ - if (!$fullwc && !strcmp($match ,"*")) + if (!$fullwc && !strcmp($match ,"*")) { continue; + } /* compare exact or wildcard match */ $match = str_replace(array(".", "*","?"), array("\.", ".*","\?"), $match); $result = preg_match("@^/{$match}$@", "/{$page}"); - - if ($result) + + if ($result) { return true; + } } return false; @@ -133,13 +148,16 @@ function map_page_privname($page) { global $priv_list; foreach ($priv_list as $pname => $pdata) { - if (strncmp($pname, "page-", 5)) + if (strncmp($pname, "page-", 5)) { continue; + } $fullwc = false; - if (!strcasecmp($page,"any")||!strcmp($page,"*")) + if (!strcasecmp($page,"any")||!strcmp($page,"*")) { $fullwc = true; - if (cmp_page_matches($page, $pdata['match'], $fullwc)) + } + if (cmp_page_matches($page, $pdata['match'], $fullwc)) { return $pname; + } } return false; @@ -151,30 +169,36 @@ function get_user_privdesc(& $user) { $privs = array(); $user_privs = $user['priv']; - if (!is_array($user_privs)) + if (!is_array($user_privs)) { $user_privs = array(); + } $names = local_user_get_groups($user, true); foreach ($names as $name) { $group = getGroupEntry($name); $group_privs = $group['priv']; - if (!is_array($group_privs)) + if (!is_array($group_privs)) { continue; + } foreach ($group_privs as $pname) { - if (in_array($pname,$user_privs)) + if (in_array($pname,$user_privs)) { continue; - if (!$priv_list[$pname]) + } + if (!$priv_list[$pname]) { continue; + } $priv = $priv_list[$pname]; $priv['group'] = $group['name']; $privs[] = $priv; } } - foreach ($user_privs as $pname) - if($priv_list[$pname]) + foreach ($user_privs as $pname) { + if ($priv_list[$pname]) { $privs[] = $priv_list[$pname]; + } + } return $privs; } @@ -182,19 +206,24 @@ function get_user_privdesc(& $user) { function isAllowed($username, $page) { global $_SESSION; - if (!isset($username)) + if (!isset($username)) { return false; + } /* admin/root access check */ $user = getUserEntry($username); - if (isset($user)) - if (isset($user['uid'])) - if ($user['uid']==0) + if (isset($user)) { + if (isset($user['uid'])) { + if ($user['uid']==0) { return true; + } + } + } /* user privilege access check */ - if (cmp_page_matches($page, $_SESSION['page-match'])) + if (cmp_page_matches($page, $_SESSION['page-match'])) { return true; + } return false; } @@ -206,15 +235,19 @@ function isAllowedPage($page) { $username = $_SESSION['Username']; - if (!isset($username)) + if (!isset($username)) { return false; + } /* admin/root access check */ $user = getUserEntry($username); - if (isset($user)) - if (isset($user['uid'])) - if ($user['uid']==0) + if (isset($user)) { + if (isset($user['uid'])) { + if ($user['uid']==0) { return true; + } + } + } /* user privilege access check */ return cmp_page_matches($page, $_SESSION['page-match']); @@ -223,51 +256,61 @@ function isAllowedPage($page) { function getPrivPages(& $entry, & $allowed_pages) { global $priv_list; - if (!is_array($entry['priv'])) + if (!is_array($entry['priv'])) { return; + } foreach ($entry['priv'] as $pname) { - if (strncmp($pname, "page-", 5)) + if (strncmp($pname, "page-", 5)) { continue; + } $priv = &$priv_list[$pname]; - if (!is_array($priv)) + if (!is_array($priv)) { continue; + } $matches = &$priv['match']; - if (!is_array($matches)) + if (!is_array($matches)) { continue; - foreach ($matches as $match) + } + foreach ($matches as $match) { $allowed_pages[] = $match; + } } } function getAllowedPages($username) { global $config, $_SESSION; - if (!function_exists("ldap_connect")) + if (!function_exists("ldap_connect")) { return; - + } + $allowed_pages = array(); $allowed_groups = array(); - + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); // obtain ldap groups if we are in ldap mode - if ($authcfg['type'] == "ldap") + if ($authcfg['type'] == "ldap") { $allowed_groups = @ldap_get_groups($username, $authcfg); - else { + } else { // search for a local user by name $local_user = getUserEntry($username); getPrivPages($local_user, $allowed_pages); // obtain local groups if we have a local user - if ($local_user) + if ($local_user) { $allowed_groups = local_user_get_groups($local_user); + } } // build a list of allowed pages - if (is_array($config['system']['group']) && is_array($allowed_groups)) - foreach ($config['system']['group'] as $group) - if (in_array($group['name'], $allowed_groups)) + if (is_array($config['system']['group']) && is_array($allowed_groups)) { + foreach ($config['system']['group'] as $group) { + if (in_array($group['name'], $allowed_groups)) { getPrivPages($group, $allowed_pages); + } + } + } // $dbg_pages = implode(",", $allowed_pages); // $dbg_groups = implode(",", $allowed_groups); |
