miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs | README

caveat_env_fnmatch.c (2171B)

      1 #include <assert.h>
      2 #include <string.h>
      3 #include <fnmatch.h>
      4 
      5 #include "verify_common.h"
      6 #define caveat_name "env-glob"
      7 #include "caveats_impl.h"
      8 
      9 
     10 miniroon_error miniroon_caveat_prepare_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state) {
     11   bytebuffer name, pattern;
     12 
     13   if(!netstring_chunk_next(c)) {
     14     return caveat_inv1("missing variable name");
     15   }
     16   name = c->inner;
     17 
     18   if(!netstring_chunk_next(c)) {
     19     return caveat_inv1("missing variable pattern");
     20   }
     21   pattern = c->inner;
     22 
     23   if(netstring_chunk_next(c)) {
     24     return caveat_inv1("unexpected argument");
     25   }
     26 
     27   char name_0[name.len + 1];
     28   memcpy(name_0, name.data, name.len);
     29   name_0[name.len] = 0;
     30 
     31   miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
     32   if(entry == NULL) {
     33     return caveat_fail3("variable '", name_0, "' not in allowlist");
     34   }
     35   return MINIROON_OK;
     36 }
     37 
     38 miniroon_error miniroon_caveat_validate_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state) {
     39   bytebuffer name, pattern;
     40 
     41   if(!netstring_chunk_next(c)) {
     42     return caveat_inv1("missing variable name");
     43   }
     44   name = c->inner;
     45 
     46   if(!netstring_chunk_next(c)) {
     47     return caveat_inv1("missing variable pattern");
     48   }
     49   pattern = c->inner;
     50 
     51   if(netstring_chunk_next(c)) {
     52     return caveat_inv1("unexpected argument");
     53   }
     54 
     55   char name_0[name.len + 1];
     56   memcpy(name_0, name.data, name.len);
     57   name_0[name.len] = 0;
     58 
     59   miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
     60   if(entry == NULL) {
     61     return caveat_fail3("variable '", name_0, "' not in allowlist");
     62   }
     63 
     64   if(entry->state != ENV_SET) {
     65     return caveat_fail3("required variable '", name_0, "' not provided: ");
     66   }
     67   assert(entry->value.len);
     68   assert(entry->value.data);
     69 
     70   char pattern_0[pattern.len + 1];
     71   memcpy(pattern_0, pattern.data, pattern.len);
     72   pattern_0[pattern.len] = 0;
     73 
     74   switch(fnmatch(pattern_0, entry->value.data, 0)) {
     75     case 0:
     76       return MINIROON_OK;
     77     case FNM_NOMATCH:
     78       return caveat_fail3("variable '", name_0, "' does not match required pattern");
     79     default:
     80       return caveat_fail2("failure matching required pattern: ", name_0);
     81   }
     82 
     83 }
     84 
     85 /*  vim: sts=2 sw=2 et
     86 */