miniroon

Simplistic macaroon-based authorization for Unix systems
git clone https://ccx.te2000.cz/git/miniroon
Log | Files | Refs

caveat_env_fnmatch.c (2071B)

      1 #include <assert.h>
      2 #include <string.h>
      3 #include <fnmatch.h>
      4 
      5 #include "verify_common.h"
      6 #define caveat_name "env-glob"
      7 #include "caveats_impl.h"
      8 
      9 
     10 void miniroon_caveat_prepare_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state) {
     11   bytebuffer name, pattern;
     12 
     13   if(!netstring_chunk_next(c)) {
     14     caveat_die1("missing variable name");
     15   }
     16   name = c->inner;
     17 
     18   if(!netstring_chunk_next(c)) {
     19     caveat_die1("missing variable pattern");
     20   }
     21   pattern = c->inner;
     22 
     23   if(netstring_chunk_next(c)) {
     24     caveat_die1("unexpected argument");
     25   }
     26 
     27   char name_0[name.len + 1];
     28   memcpy(name_0, name.data, name.len);
     29   name_0[name.len] = 0;
     30 
     31   miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
     32   if(entry == NULL) {
     33     caveat_die3("variable '", name_0, "' not in allowlist");
     34   }
     35 }
     36 
     37 void miniroon_caveat_validate_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state) {
     38   bytebuffer name, pattern;
     39 
     40   if(!netstring_chunk_next(c)) {
     41     caveat_die1("missing variable name");
     42   }
     43   name = c->inner;
     44 
     45   if(!netstring_chunk_next(c)) {
     46     caveat_die1("missing variable pattern");
     47   }
     48   pattern = c->inner;
     49 
     50   if(netstring_chunk_next(c)) {
     51     caveat_die1("unexpected argument");
     52   }
     53 
     54   char name_0[name.len + 1];
     55   memcpy(name_0, name.data, name.len);
     56   name_0[name.len] = 0;
     57 
     58   miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
     59   if(entry == NULL) {
     60     caveat_die3("variable '", name_0, "' not in allowlist");
     61   }
     62 
     63   if(entry->state != ENV_SET) {
     64     caveat_die3("required variable '", name_0, "' not provided: ");
     65   }
     66   assert(entry->value.len);
     67   assert(entry->value.data);
     68 
     69   char pattern_0[pattern.len + 1];
     70   memcpy(pattern_0, pattern.data, pattern.len);
     71   pattern_0[pattern.len] = 0;
     72 
     73   switch(fnmatch(pattern_0, entry->value.data, 0)) {
     74     case 0:
     75       return;  /* OK */
     76     case FNM_NOMATCH:
     77       caveat_die3("variable '", name_0, "' does not match required pattern");
     78       break;
     79     default:
     80       caveat_die2("failure matching required pattern: ", name_0);
     81       break;
     82   }
     83 
     84 }
     85 
     86 /*  vim: sts=2 sw=2 et
     87 */