From 5d9d9fbe48225c6909d477712a0f6906adcebba9 Mon Sep 17 00:00:00 2001
From: Philipp Schafft <lion@lion.leolix.org>
Date: Sat, 6 Dec 2014 20:04:21 +0000
Subject: [PATCH] ACL: added {allow,deny}-all, support bool notation

Added {allow,deny}-all option to ACL parser. Setting this will
set {allow,deny}-{method,admin,web} to *.

Also allow boolean values (insteed of *) for
{allow,deny}-{web,all}.
---
 src/acl.c | 37 ++++++++++++++++++++++++++++++++++---
 1 file changed, 34 insertions(+), 3 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index 9a1ddff1..99e100d3 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -125,6 +125,7 @@ acl_t * acl_new_from_xml_node(xmlNodePtr node) {
     while (prop) {
         tmp = (char*)xmlGetProp(node, prop->name);
         if (tmp) {
+            /* basic {allow|deny}-* options */
             if (strcmp((const char*)prop->name, "allow-method") == 0) {
                 acl_set_method_str(ret, ACL_POLICY_ALLOW, tmp);
             } else if (strcmp((const char*)prop->name, "deny-method") == 0) {
@@ -134,11 +135,41 @@ acl_t * acl_new_from_xml_node(xmlNodePtr node) {
             } else if (strcmp((const char*)prop->name, "deny-admin") == 0) {
                 acl_set_admin_str(ret, ACL_POLICY_DENY, tmp);
             } else if (strcmp((const char*)prop->name, "allow-web") == 0) {
-                if (strstr(tmp, "*"))
+                if (strstr(tmp, "*") || util_str_to_bool(tmp)) {
                     acl_set_web_policy(ret, ACL_POLICY_ALLOW);
-            } else if (strcmp((const char*)prop->name, "deny-web") == 0) {
-                if (strstr(tmp, "*"))
+                } else {
                     acl_set_web_policy(ret, ACL_POLICY_DENY);
+                }
+            } else if (strcmp((const char*)prop->name, "deny-web") == 0) {
+                if (strstr(tmp, "*") || util_str_to_bool(tmp)) {
+                    acl_set_web_policy(ret, ACL_POLICY_DENY);
+                } else {
+                    acl_set_web_policy(ret, ACL_POLICY_ALLOW);
+                }
+
+            /* wildcard {allow,deny} option */
+            } else if (strcmp((const char*)prop->name, "allow-all") == 0) {
+                if (strstr(tmp, "*") || util_str_to_bool(tmp)) {
+                    acl_set_method_str(ret, ACL_POLICY_ALLOW, "*");
+                    acl_set_admin_str(ret,  ACL_POLICY_ALLOW, "*");
+                    acl_set_web_policy(ret, ACL_POLICY_ALLOW);
+                } else {
+                    acl_set_method_str(ret, ACL_POLICY_DENY, "*");
+                    acl_set_admin_str(ret,  ACL_POLICY_DENY, "*");
+                    acl_set_web_policy(ret, ACL_POLICY_DENY);
+                }
+            } else if (strcmp((const char*)prop->name, "deny-all") == 0) {
+                if (strstr(tmp, "*") || util_str_to_bool(tmp)) {
+                    acl_set_method_str(ret, ACL_POLICY_DENY, "*");
+                    acl_set_admin_str(ret,  ACL_POLICY_DENY, "*");                    
+                    acl_set_web_policy(ret, ACL_POLICY_DENY);
+                } else {
+                    acl_set_method_str(ret, ACL_POLICY_ALLOW, "*");
+                    acl_set_admin_str(ret,  ACL_POLICY_ALLOW, "*");
+                    acl_set_web_policy(ret, ACL_POLICY_ALLOW);
+                }
+
+            /* other options */
             } else if (strcmp((const char*)prop->name, "connections-per-user") == 0) {
                 if (strcmp(tmp, "*") == 0 || strcmp(tmp, "unlimited") == 0) {
                     acl_set_max_connections_per_user(ret, 0);