+/* if we're restricting writes to the base directory,
+ * check whether the file falls within the dir
+ * returns 1 if OK, otherwise 0
+ */
+static int check_file_access (const char *file, listen_socket_t *sock) /* {{{ */
+{
+ assert(file != NULL);
+
+ if (!config_write_base_only
+ || sock == NULL /* journal replay */
+ || config_base_dir == NULL)
+ return 1;
+
+ if (strstr(file, "../") != NULL) goto err;
+
+ /* relative paths without "../" are ok */
+ if (*file != '/') return 1;
+
+ /* file must be of the format base + "/" + <1+ char filename> */
+ if (strlen(file) < _config_base_dir_len + 2) goto err;
+ if (strncmp(file, config_base_dir, _config_base_dir_len) != 0) goto err;
+ if (*(file + _config_base_dir_len) != '/') goto err;
+
+ return 1;
+
+err:
+ if (sock != NULL && sock->fd >= 0)
+ send_response(sock, RESP_ERR, "%s\n", rrd_strerror(EACCES));
+
+ return 0;
+} /* }}} static int check_file_access */
+
+/* when using a base dir, convert relative paths to absolute paths.
+ * if necessary, modifies the "filename" pointer to point
+ * to the new path created in "tmp". "tmp" is provided
+ * by the caller and sizeof(tmp) must be >= PATH_MAX.
+ *
+ * this allows us to optimize for the expected case (absolute path)
+ * with a no-op.
+ */
+static void get_abs_path(char **filename, char *tmp)
+{
+ assert(tmp != NULL);
+ assert(filename != NULL && *filename != NULL);
+
+ if (config_base_dir == NULL || **filename == '/')
+ return;
+
+ snprintf(tmp, PATH_MAX, "%s/%s", config_base_dir, *filename);
+ *filename = tmp;
+} /* }}} static int get_abs_path */
+
+/* returns 1 if we have the required privilege level,
+ * otherwise issue an error to the user on sock */
+static int has_privilege (listen_socket_t *sock, /* {{{ */
+ socket_privilege priv)
+{
+ if (sock == NULL) /* journal replay */
+ return 1;
+
+ if (sock->privilege >= priv)
+ return 1;
+
+ return send_response(sock, RESP_ERR, "%s\n", rrd_strerror(EACCES));
+} /* }}} static int has_privilege */
+