Vyššie na [Platon] / scripts / shell / access

Changed email address from <8host AT pauli.fmph.uniba.sk> to <rajo AT platon.sk>

#!/bin/sh

# access.sh - permissions manager
# Developed by Lubomir Host 'rajo' <rajo AT platon.sk>
# Copyright (c) 2002 Platon Software Development Group
# $Id: access.sh,v 1.8 2004/03/16 19:44:39 rajo Exp $

# Script to test, if user has a permision to execute some actions.
# You may test, if action is allowed or denied

# Because there is a problem to test return code, we return "yes|no" string
# on the stdout

usage()
{
    echo "Usage: $0 <config-file> <username> <action> [parameters]"
    exit 1;
}

# function to check, if action is permitted or NOT {{{
check()
{
    #echo "check_deny $*"
    
    CONFIG="$1"; shift
    USER="$1"  ; shift
    ACTION="$1"; shift
    PARAM="$*" ; shift
    
    awk "
    BEGIN {
        user=\"$USER\";
        action=\"$ACTION\";
        param=\"$PARAM\";
        result=\"no\";
        hard_result=\"\";
    }
    # comments, ORDER:, empty lines ...
    /^[#;]/   { next; }
    /^ORDER:/ { next; }
    /^$/      { next; }
    # check it there are at least 3 fields on the line
    // {
        if (NF < 3) {
            printf \"Error in config file at line %d\n\", NR;
            exit;
        }
    }
    # ignore line 'deny ALL ALL'
    /^$first_order/ {    # /^deny/ for 'ORDER: deny allow'
        if (\$2 == \"ALL\" && \$3 == \"ALL\")
            next;
        if (\$2 == user && \$3 == action) {
            #print > \"/dev/stderr\" ;
            result=\"no\";
            exit;
        }
        if (\$2 == \"ALL\" && \$3 == action ) {
            #printf \"hard_result %s\n\", \$0 > \"/dev/stderr\" ;
            hard_result=\"no\";
            next;
        }
    }
    /^$second_order/ {    # /^allow/ for 'ORDER: deny allow'
        if (\$2 == user && (match(action, \$3) == 1)) {
            #print > \"/dev/stderr\" ;
            result=\"yes\";
            exit;
        }
        # if line 'deny ALL action' is not found hard_result=\"\"
        if (\$2 == user && (\$3 == action || \$3 == \"ALL\") && hard_result != \"no\") {
            #printf \"hard_result=%s\n\", hard_result > \"/dev/stderr\" ;
            result=\"yes\";
        }
    }
    END { printf \"%s\n\", result; }
    " $CONFIG
} # }}}

if [ "$#" -lt 3 ]; then
    usage;
fi

CONFIG="$1"; shift
USER="$1"  ; shift
ACTION="$1"; shift
PARAM="$*" ; shift

if [ ! -r $CONFIG ]; then
    echo "Config file '$CONFIG' doesn't exist or isn't readable." > /dev/stderr
    exit -1;
fi

first_order="` awk '/^ORDER:/ { print $2; }' $CONFIG`"
second_order="`awk '/^ORDER:/ { print $3; }' $CONFIG`"

if [ "x$first_order" = "x" -o "x$second_order" = "x" ]; then
    echo "Empty orders.";
    echo "Please set 'ORDER: ' to appropriate value in your '$CONFIG' config file." \
        > /dev/stderr;
    exit -1;
fi
        
if [ "x$first_order" = "xallow" ]; then
    check $CONFIG $USER $ACTION $PARAM
else
    if [ "x$first_order" = "xdeny" ]; then
        check $CONFIG $USER $ACTION $PARAM
    else
        echo "Bad order '$first_order'."
        exit -1;
    fi
fi

# vim:set ts=4:
# vim600:fdm=marker fdl=0 fdc=3 vb t_vb=: