summaryrefslogtreecommitdiff
path: root/src/sp_config_keywords.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2021-08-07 15:56:57 +0200
committerBen Fuhrmannek2021-08-07 15:56:57 +0200
commitbd8b5bb241ca359b65c1a3717c9905d034b9703b (patch)
tree152cf1c0c91433ef7599097b4e9d12241c5dc628 /src/sp_config_keywords.c
parente8bb162220ac17cb9b8cc229666356e88f081887 (diff)
more ini protection features
Diffstat (limited to 'src/sp_config_keywords.c')
-rw-r--r--src/sp_config_keywords.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index e6eb05e..c547f10 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -566,14 +566,19 @@ int parse_upload_validation(char *line) {
566int parse_ini_protection(char *line) { 566int parse_ini_protection(char *line) {
567 bool disable = false, enable = false; 567 bool disable = false, enable = false;
568 bool rw = false, ro = false; // rw is ignored, but declaring .policy_rw is valid for readability 568 bool rw = false, ro = false; // rw is ignored, but declaring .policy_rw is valid for readability
569 sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini;
569 sp_config_functions sp_config_ini_protection[] = { 570 sp_config_functions sp_config_ini_protection[] = {
570 {parse_empty, SP_TOKEN_ENABLE, &(enable)}, 571 {parse_empty, SP_TOKEN_ENABLE, &(enable)},
571 {parse_empty, SP_TOKEN_DISABLE, &(disable)}, 572 {parse_empty, SP_TOKEN_DISABLE, &(disable)},
572 {parse_empty, SP_TOKEN_SIMULATION, &(SNUFFLEUPAGUS_G(config).config_ini->simulation)}, 573 {parse_empty, SP_TOKEN_SIMULATION, &cfg->simulation},
573 {parse_empty, ".policy_readonly(", &ro}, 574 {parse_empty, ".policy_readonly(", &ro},
574 {parse_empty, ".policy_ro(", &ro}, 575 {parse_empty, ".policy_ro(", &ro},
575 {parse_empty, ".policy_readwrite(", &rw}, 576 {parse_empty, ".policy_readwrite(", &rw},
576 {parse_empty, ".policy_rw(", &rw}, 577 {parse_empty, ".policy_rw(", &rw},
578 {parse_empty, ".policy_silent_ro(", &cfg->policy_silent_ro},
579 {parse_empty, ".policy_silent_fail(", &cfg->policy_silent_fail},
580 {parse_empty, ".policy_no_log(", &cfg->policy_silent_fail},
581 {parse_empty, ".policy_drop(", &cfg->policy_drop},
577 {0, 0, 0}}; 582 {0, 0, 0}};
578 583
579 int ret = parse_keywords(sp_config_ini_protection, line); 584 int ret = parse_keywords(sp_config_ini_protection, line);
@@ -585,15 +590,19 @@ int parse_ini_protection(char *line) {
585 return -1; 590 return -1;
586 } 591 }
587 if (enable || disable) { 592 if (enable || disable) {
588 SNUFFLEUPAGUS_G(config).config_ini->enable = (enable || !disable); 593 cfg->enable = (enable || !disable);
589 } 594 }
590 595
591 if (ro && rw) { 596 if (ro && rw) {
592 sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); 597 sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no);
593 return -1; 598 return -1;
594 } 599 }
595 SNUFFLEUPAGUS_G(config).config_ini->policy_readonly = ro; 600 cfg->policy_readonly = ro;
596 601
602 if (cfg->policy_silent_fail && cfg->policy_drop) {
603 sp_log_err("config", "policy cannot be drop and silent at the same time on line %zu", sp_line_no);
604 return -1;
605 }
597 return ret; 606 return ret;
598} 607}
599 608
@@ -611,8 +620,10 @@ int parse_ini_entry(char *line) {
611 {parse_regexp, ".regexp(", &entry->regexp}, 620 {parse_regexp, ".regexp(", &entry->regexp},
612 {parse_empty, ".readonly(", &ro}, 621 {parse_empty, ".readonly(", &ro},
613 {parse_empty, ".ro(", &ro}, 622 {parse_empty, ".ro(", &ro},
614 {parse_empty, ".readwrite()", &rw}, 623 {parse_empty, ".readwrite(", &rw},
615 {parse_empty, ".rw()", &rw}, 624 {parse_empty, ".rw(", &rw},
625 {parse_empty, ".drop(", &entry->drop},
626 {parse_empty, ".allow_null(", &entry->allow_null},
616 {0, 0, 0}}; 627 {0, 0, 0}};
617 628
618 int ret = parse_keywords(sp_config_ini_protection, line); 629 int ret = parse_keywords(sp_config_ini_protection, line);