From ebfcf75e14f51523ece1ba4b2ece8fde7bb893f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Tue, 24 May 2022 14:37:22 +0200 Subject: [PATCH] acl: fix handling of sub-components containing '/' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit previously with an ACL for the path "/foo/bar" without propagation and a check for `&["foo", "bar/baz"] this code would return the ACL (roles) for "/foo/bar" for the path "/foo/bar/baz". Signed-off-by: Fabian Grünbichler --- pbs-config/src/acl.rs | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/pbs-config/src/acl.rs b/pbs-config/src/acl.rs index 3362612d..61cdc12e 100644 --- a/pbs-config/src/acl.rs +++ b/pbs-config/src/acl.rs @@ -603,15 +603,22 @@ impl AclTree { let mut node = &self.root; let mut role_map = node.extract_roles(auth_id, path.is_empty()); - for (pos, comp) in path.iter().enumerate() { - let last_comp = (pos + 1) == path.len(); - for scomp in comp.split('/') { - node = match node.children.get(scomp) { + let mut comp_iter = path.iter().peekable(); + + while let Some(comp) = comp_iter.next() { + let last_comp = comp_iter.peek().is_none(); + + let mut sub_comp_iter = comp.split('/').peekable(); + + while let Some(sub_comp) = sub_comp_iter.next() { + let last_sub_comp = last_comp && sub_comp_iter.peek().is_none(); + + node = match node.children.get(sub_comp) { Some(n) => n, None => return role_map, // path not found }; - let new_map = node.extract_roles(auth_id, last_comp); + let new_map = node.extract_roles(auth_id, last_sub_comp); if !new_map.is_empty() { // overwrite previous mappings role_map = new_map;