summaryrefslogtreecommitdiff
path: root/stoc/source/security
diff options
context:
space:
mode:
Diffstat (limited to 'stoc/source/security')
-rw-r--r--stoc/source/security/access_controller.cxx94
-rw-r--r--stoc/source/security/permissions.cxx102
2 files changed, 98 insertions, 98 deletions
diff --git a/stoc/source/security/access_controller.cxx b/stoc/source/security/access_controller.cxx
index 9ddca3b1e076..38bf046a4032 100644
--- a/stoc/source/security/access_controller.cxx
+++ b/stoc/source/security/access_controller.cxx
@@ -386,19 +386,19 @@ AccessController::AccessController( Reference< XComponentContext > const & xComp
}
// switch on caching for DYNAMIC_ONLY and ON (shareable multi-user process)
- if (ON == m_mode || DYNAMIC_ONLY == m_mode)
+ if (!(ON == m_mode || DYNAMIC_ONLY == m_mode))
+ return;
+
+ sal_Int32 cacheSize = 0; // multi-user cache size
+ if (! (m_xComponentContext->getValueByName(
+ "/services/" SERVICE_NAME "/user-cache-size" ) >>= cacheSize))
{
- sal_Int32 cacheSize = 0; // multi-user cache size
- if (! (m_xComponentContext->getValueByName(
- "/services/" SERVICE_NAME "/user-cache-size" ) >>= cacheSize))
- {
- cacheSize = 128; // reasonable default?
- }
+ cacheSize = 128; // reasonable default?
+ }
#ifdef __CACHE_DIAGNOSE
- cacheSize = 2;
+ cacheSize = 2;
#endif
- m_user2permissions.setSize( cacheSize );
- }
+ m_user2permissions.setSize( cacheSize );
}
void AccessController::disposing()
@@ -495,53 +495,53 @@ void AccessController::checkAndClearPostPoned()
std::unique_ptr< t_rec_vec > rec( static_cast< t_rec_vec * >( m_rec.getData() ) );
m_rec.setData( nullptr ); // takeover ownership
OSL_ASSERT(rec);
- if (rec)
+ if (!rec)
+ return;
+
+ t_rec_vec const& vec = *rec;
+ switch (m_mode)
{
- t_rec_vec const& vec = *rec;
- switch (m_mode)
+ case SINGLE_USER:
+ {
+ OSL_ASSERT( m_singleUser_init );
+ for (const auto & p : vec)
{
- case SINGLE_USER:
+ OSL_ASSERT( m_singleUserId == p.first );
+ m_singleUserPermissions.checkPermission( p.second );
+ }
+ break;
+ }
+ case SINGLE_DEFAULT_USER:
+ {
+ OSL_ASSERT( m_defaultPerm_init );
+ for (const auto & p : vec)
{
- OSL_ASSERT( m_singleUser_init );
- for (const auto & p : vec)
- {
- OSL_ASSERT( m_singleUserId == p.first );
- m_singleUserPermissions.checkPermission( p.second );
- }
- break;
+ OSL_ASSERT( p.first.isEmpty() ); // default-user
+ m_defaultPermissions.checkPermission( p.second );
}
- case SINGLE_DEFAULT_USER:
+ break;
+ }
+ case ON:
+ {
+ for (const auto & p : vec)
{
- OSL_ASSERT( m_defaultPerm_init );
- for (const auto & p : vec)
+ PermissionCollection const * pPermissions;
+ // lookup policy for user
{
- OSL_ASSERT( p.first.isEmpty() ); // default-user
- m_defaultPermissions.checkPermission( p.second );
+ MutexGuard guard( m_mutex );
+ pPermissions = m_user2permissions.lookup( p.first );
}
- break;
- }
- case ON:
- {
- for (const auto & p : vec)
+ OSL_ASSERT( pPermissions );
+ if (pPermissions)
{
- PermissionCollection const * pPermissions;
- // lookup policy for user
- {
- MutexGuard guard( m_mutex );
- pPermissions = m_user2permissions.lookup( p.first );
- }
- OSL_ASSERT( pPermissions );
- if (pPermissions)
- {
- pPermissions->checkPermission( p.second );
- }
+ pPermissions->checkPermission( p.second );
}
- break;
- }
- default:
- OSL_FAIL( "### this should never be called in this ac mode!" );
- break;
}
+ break;
+ }
+ default:
+ OSL_FAIL( "### this should never be called in this ac mode!" );
+ break;
}
}
diff --git a/stoc/source/security/permissions.cxx b/stoc/source/security/permissions.cxx
index d8a4ac9b0c70..d871956c1817 100644
--- a/stoc/source/security/permissions.cxx
+++ b/stoc/source/security/permissions.cxx
@@ -140,28 +140,28 @@ SocketPermission::SocketPermission(
// separate host from portrange
sal_Int32 colon = m_host.indexOf( ':' );
- if (colon >= 0) // port [range] given
+ if (colon < 0) // port [range] not given
+ return;
+
+ sal_Int32 minus = m_host.indexOf( '-', colon +1 );
+ if (minus < 0)
{
- sal_Int32 minus = m_host.indexOf( '-', colon +1 );
- if (minus < 0)
- {
- m_lowerPort = m_upperPort = m_host.copy( colon +1 ).toInt32();
- }
- else if (minus == (colon +1)) // -N
- {
- m_upperPort = m_host.copy( minus +1 ).toInt32();
- }
- else if (minus == (m_host.getLength() -1)) // N-
- {
- m_lowerPort = m_host.copy( colon +1, m_host.getLength() -1 -colon -1 ).toInt32();
- }
- else // A-B
- {
- m_lowerPort = m_host.copy( colon +1, minus - colon -1 ).toInt32();
- m_upperPort = m_host.copy( minus +1 ).toInt32();
- }
- m_host = m_host.copy( 0, colon );
+ m_lowerPort = m_upperPort = m_host.copy( colon +1 ).toInt32();
+ }
+ else if (minus == (colon +1)) // -N
+ {
+ m_upperPort = m_host.copy( minus +1 ).toInt32();
+ }
+ else if (minus == (m_host.getLength() -1)) // N-
+ {
+ m_lowerPort = m_host.copy( colon +1, m_host.getLength() -1 -colon -1 ).toInt32();
+ }
+ else // A-B
+ {
+ m_lowerPort = m_host.copy( colon +1, minus - colon -1 ).toInt32();
+ m_upperPort = m_host.copy( minus +1 ).toInt32();
}
+ m_host = m_host.copy( 0, colon );
}
inline bool SocketPermission::resolveHost() const
@@ -301,40 +301,40 @@ FilePermission::FilePermission(
, m_url( perm.URL )
, m_allFiles( perm.URL == "<<ALL FILES>>" )
{
- if (! m_allFiles)
+ if ( m_allFiles)
+ return;
+
+ if ( m_url == "*" )
{
- if ( m_url == "*" )
- {
- OUStringBuffer buf( 64 );
- buf.append( getWorkingDir() );
- buf.append( "/*" );
- m_url = buf.makeStringAndClear();
- }
- else if ( m_url == "-" )
- {
- OUStringBuffer buf( 64 );
- buf.append( getWorkingDir() );
- buf.append( "/-" );
- m_url = buf.makeStringAndClear();
- }
- else if (!m_url.startsWith("file:///"))
- {
- // relative path
- OUString out;
- oslFileError rc = ::osl_getAbsoluteFileURL(
- getWorkingDir().pData, perm.URL.pData, &out.pData );
- m_url = (osl_File_E_None == rc ? out : perm.URL); // fallback
- }
+ OUStringBuffer buf( 64 );
+ buf.append( getWorkingDir() );
+ buf.append( "/*" );
+ m_url = buf.makeStringAndClear();
+ }
+ else if ( m_url == "-" )
+ {
+ OUStringBuffer buf( 64 );
+ buf.append( getWorkingDir() );
+ buf.append( "/-" );
+ m_url = buf.makeStringAndClear();
+ }
+ else if (!m_url.startsWith("file:///"))
+ {
+ // relative path
+ OUString out;
+ oslFileError rc = ::osl_getAbsoluteFileURL(
+ getWorkingDir().pData, perm.URL.pData, &out.pData );
+ m_url = (osl_File_E_None == rc ? out : perm.URL); // fallback
+ }
#ifdef _WIN32
- // correct win drive letters
- if (9 < m_url.getLength() && '|' == m_url[ 9 ]) // file:///X|
- {
- static OUString s_colon = ":";
- // common case in API is a ':' (sal), so convert '|' to ':'
- m_url = m_url.replaceAt( 9, 1, s_colon );
- }
-#endif
+ // correct win drive letters
+ if (9 < m_url.getLength() && '|' == m_url[ 9 ]) // file:///X|
+ {
+ static OUString s_colon = ":";
+ // common case in API is a ':' (sal), so convert '|' to ':'
+ m_url = m_url.replaceAt( 9, 1, s_colon );
}
+#endif
}
bool FilePermission::implies( Permission const & perm ) const
generated by cgit (git 2.34.1) at 2024-07-27 03:30:18 +0000