[moira.git] / server / qaccess.dc

/*
 *	$Source$
 *	$Author$
 *	$Header$
 *
 *	Copyright (C) 1987 by the Massachusetts Institute of Technology
 *	For copying and distribution information, please see the file
 *	<mit-copyright.h>.
 *
 */

#ifndef lint
static char *rcsid_qsupport_dc = "$Header$";
#endif lint

#include <mit-copyright.h>
#include "query.h"
#include "mr_server.h"
#include <ctype.h>
EXEC SQL INCLUDE sqlca;
EXEC SQL INCLUDE sqlda;
#include "qrtn.h"

extern char *whoami;
extern int ingres_errno, mr_errcode;

EXEC SQL BEGIN DECLARE SECTION;
extern char stmt_buf[];
EXEC SQL END DECLARE SECTION;

EXEC SQL WHENEVER SQLERROR CALL ingerr;


/* Specialized Access Routines */

/* access_user - verify that client name equals specified login name
 *
 *  - since field validation routines are called first, a users_id is
 *    now in argv[0] instead of the login name.
 */

access_user(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    if (cl->users_id != *(int *)argv[0])
	return(MR_PERM);
    else
	return(MR_SUCCESS);
}


/* access_login - verify that client name equals specified login name
 *
 *   argv[0...n] contain search info.  q->
 */

access_login(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int id;
    char qual[256];
    EXEC SQL END DECLARE SECTION;

    build_qual(q->qual, q->argc, argv, qual);
    if (!strncmp(q->name,"get_user_account",strlen("get_user_account"))) {
	EXEC SQL SELECT users_id INTO :id FROM users u, strings str WHERE :qual;
    } else {
	EXEC SQL SELECT users_id INTO :id FROM users u WHERE :qual;
    }

    if (sqlca.sqlerrd[2] != 1 || id != cl->users_id)
	return(MR_PERM);
    else
	return(MR_SUCCESS);
}


/* access_list - check access for most list operations
 *
 * Inputs: argv[0] - list_id
 *	    q - query name
 *	    argv[2] - member ID (only for queries "amtl" and  "dmfl")
 *	    argv[7] - group IID (only for query "ulis")
 *          cl - client name
 *
 * - check that client is a member of the access control list
 * - OR, if the query is add_member_to_list or delete_member_from_list
 *	and the list is public, allow access if client = member
 */

access_list(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int list_id, acl_id, flags, gid;
    char acl_type[9];
    EXEC SQL END DECLARE SECTION;
    char *client_type;
    int client_id, status;

    list_id = *(int *)argv[0];
    EXEC SQL SELECT acl_id, acl_type, gid, publicflg
      INTO :acl_id, :acl_type, :gid, :flags
      FROM list
      WHERE list_id = :list_id;

    if (sqlca.sqlerrd[2] != 1)
      return(MR_INTERNAL);

    /* parse client structure */
    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
	return(status);

    /* if amtl or dmfl and list is public allow client to add or delete self */
    if (((!strcmp("amtl", q->shortname) && flags) ||
	 (!strcmp("dmfl", q->shortname))) &&
	(!strcmp("USER", argv[1]))) {
	if (*(int *)argv[2] == client_id) return(MR_SUCCESS);
    /* if update_list, don't allow them to change the GID */
    } else if (!strcmp("ulis", q->shortname)) {
	if ((!strcmp(argv[7], UNIQUE_GID) && (gid != -1)) ||
	    (strcmp(argv[7], UNIQUE_GID) && (gid != atoi(argv[7]))))
	  return(MR_PERM);
    }

    /* check for client in access control list */
    status = find_member(acl_type, acl_id, client_type, client_id, 0);
    if (!status) return(MR_PERM);

    return(MR_SUCCESS);
}


/* access_visible_list - allow access to list only if it is not hidden,
 *	or if the client is on the ACL
 *
 * Inputs: argv[0] - list_id
 *         cl - client identifier
 */

access_visible_list(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int list_id, acl_id, flags ;
    char acl_type[9];
    EXEC SQL END DECLARE SECTION;
    char *client_type;
    int client_id, status;

    list_id = *(int *)argv[0];
    EXEC SQL SELECT hidden, acl_id, acl_type
      INTO :flags, :acl_id, :acl_type
      FROM list
      WHERE list_id = :list_id;
    if (sqlca.sqlerrd[2] != 1)
      return(MR_INTERNAL);
    if (!flags)
        return(MR_SUCCESS);

    /* parse client structure */
    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
	return(status);

    /* check for client in access control list */
    status = find_member(acl_type, acl_id, client_type, client_id, 0);
    if (!status)
	return(MR_PERM);

    return(MR_SUCCESS);
}


/* access_vis_list_by_name - allow access to list only if it is not hidden,
 *	or if the client is on the ACL
 *
 * Inputs: argv[0] - list name
 *         cl - client identifier
 */

access_vis_list_by_name(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int acl_id, flags, rowcount;
    char acl_type[9], *listname;
    EXEC SQL END DECLARE SECTION;
    char *client_type;
    int client_id, status;

    listname = argv[0];
    EXEC SQL SELECT hidden, acl_id, acl_type INTO :flags, :acl_id, :acl_type
      FROM list WHERE name = :listname;

    rowcount=sqlca.sqlerrd[2];
    if (rowcount > 1)
      return(MR_WILDCARD);
    if (rowcount == 0)
      return(MR_NO_MATCH);
    if (!flags)
	return(MR_SUCCESS);

    /* parse client structure */
    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
	return(status);

    /* check for client in access control list */
    status = find_member(acl_type, acl_id, client_type, client_id, 0);
    if (!status)
	return(MR_PERM);

    return(MR_SUCCESS);
}


/* access_member - allow user to access member of type "USER" and name matches
 * username, or to access member of type "LIST" and list is one that user is
 * on the acl of, or the list is visible.
 */

access_member(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    if (!strcmp(argv[0], "LIST") || !strcmp(argv[0], "RLIST"))
      return(access_visible_list(q, &argv[1], cl));

    if (!strcmp(argv[0], "USER") || !strcmp(argv[0], "RUSER")) {
	if (cl->users_id == *(int *)argv[1])
	  return(MR_SUCCESS);
    }

    if (!strcmp(argv[0], "KERBEROS") || !strcmp(argv[0], "RKERBERO")) {
        if (cl->client_id == *(int *)argv[1])
	  return(MR_SUCCESS);
    }

    return(MR_PERM);
}


/* access_qgli - special access routine for Qualified_get_lists.  Allows
 * access iff argv[0] == "TRUE" and argv[2] == "FALSE".
 */

access_qgli(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE"))
      return(MR_SUCCESS);
    return(MR_PERM);
}


/* access_service - allow access if user is on ACL of service.  Don't
 * allow access if a wildcard is used.
 */

access_service(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int acl_id;
    char *name, acl_type[9];
    EXEC SQL END DECLARE SECTION;
    int client_id, status;
    char *client_type, *c;

    name = argv[0];
    for(c=name;*c;c++) if(islower(*c)) *c = toupper(*c);  /* uppercasify */
    EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers
      WHERE name = :name;
    if (sqlca.sqlerrd[2] > 1)
      return(MR_PERM);

    /* parse client structure */
    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
	return(status);

    /* check for client in access control list */
    status = find_member(acl_type, acl_id, client_type, client_id, 0);
    if (!status) return(MR_PERM);

    return(MR_SUCCESS);
}


/* access_filesys - verify that client is owner or on owners list of filesystem
 *	named by argv[0]
 */

access_filesys(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int users_id, list_id;
    char *name;
    EXEC SQL END DECLARE SECTION;
    int status, client_id;
    char *client_type;

    name = argv[0];
    EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys
      WHERE label = :name;

    if (sqlca.sqlerrd[2] != 1)
      return(MR_PERM);
    if (users_id == cl->users_id)
      return(MR_SUCCESS);
    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
      return(status);
    status = find_member("LIST", list_id, client_type, client_id, 0);
    if (status)
      return(MR_SUCCESS);
    else
      return(MR_PERM);
}


/* access_host - successful if owner of host, or subnet containing host
 */

int host_access_level = 0;              /* 1 for network, 2 for host */

access_host(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int mid, sid, users_id, id;
    char mtype[9], stype[9], *name;
    EXEC SQL END DECLARE SECTION;
    int status, client_id;
    char *client_type;

    if (q->type == APPEND) {
	id = *(int *)argv[8];
	EXEC SQL SELECT s.owner_type, s.owner_id
	  INTO :stype, :sid FROM subnet s
	  WHERE s.snet_id=:id;
	mid =0;
    } else if (q->type == RETRIEVE) {
	return(MR_SUCCESS);
    } else {
	id = *(int *)argv[0];
	EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
	  INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
	  WHERE m.mach_id=:id and s.snet_id=m.snet_id;
    }
    if (sqlca.sqlerrd[2] != 1)
      return(MR_PERM);

    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
      return(status);
    status = find_member(stype, sid, client_type, client_id, 0);
    if (status) {
	host_access_level = 1;
	return(MR_SUCCESS);
    }
    status = find_member(mtype, mid, client_type, client_id, 0);
    if (status) {
	host_access_level = 2;
	return(MR_SUCCESS);
    } else
      return(MR_PERM);
}


/* access_ahal - check for adding a host alias.
 * successful if host has less then 2 aliases and (client is owner of
 * host or subnet).
 * If deleting an alias, any owner will do.
 */

access_ahal(q, argv, cl)
    struct query *q;
    char *argv[];
    client *cl;
{
    EXEC SQL BEGIN DECLARE SECTION;
    int cnt, id, mid, sid;
    char mtype[256], stype[256];
    EXEC SQL END DECLARE SECTION;
    char *client_type;
    int status, client_id;

    if (q->type == RETRIEVE)
      return(MR_SUCCESS);

    id = *(int *)argv[1];

    EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
    if (ingres_errno) return(mr_errcode);
    /* if the type is APPEND, this is ahal and we need to make sure there
     * will be no more than 2 aliases.  If it's not, it must be dhal and
     * any owner will do.
     */
    if (q->type == APPEND && cnt >= 2)
      return(MR_PERM);
    EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
      INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
      WHERE m.mach_id=:id and s.snet_id=m.snet_id;
    if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
      return(status);
    status = find_member(mtype, mid, client_type, client_id, 0);
    if (status)
      return(MR_SUCCESS);
    status = find_member(stype, sid, client_type, client_id, 0);
    if (status)
      return(MR_SUCCESS);
    else
      return(MR_PERM);
}
Commit	Line	Data
73cf66ba	1	/*
	2	* $Source$
	3	* $Author$
	4	* $Header$
	5	*
	6	* Copyright (C) 1987 by the Massachusetts Institute of Technology
	7	* For copying and distribution information, please see the file
	8	* <mit-copyright.h>.
	9	*
	10	*/
	11
	12	#ifndef lint
	13	static char *rcsid_qsupport_dc = "$Header$";
	14	#endif lint
	15
	16	#include <mit-copyright.h>
	17	#include "query.h"
	18	#include "mr_server.h"
	19	#include <ctype.h>
	20	EXEC SQL INCLUDE sqlca;
	21	EXEC SQL INCLUDE sqlda;
	22	#include "qrtn.h"
	23
	24	extern char *whoami;
	25	extern int ingres_errno, mr_errcode;
	26
	27	EXEC SQL BEGIN DECLARE SECTION;
	28	extern char stmt_buf[];
	29	EXEC SQL END DECLARE SECTION;
	30
	31	EXEC SQL WHENEVER SQLERROR CALL ingerr;
	32
	33
	34	/* Specialized Access Routines */
	35
	36	/* access_user - verify that client name equals specified login name
	37	*
	38	* - since field validation routines are called first, a users_id is
	39	* now in argv[0] instead of the login name.
	40	*/
	41
	42	access_user(q, argv, cl)
	43	struct query *q;
	44	char *argv[];
	45	client *cl;
	46	{
	47	if (cl->users_id != (int )argv[0])
	48	return(MR_PERM);
	49	else
	50	return(MR_SUCCESS);
	51	}
	52
	53
	54
	55	/* access_login - verify that client name equals specified login name
	56	*
	57	* argv[0...n] contain search info. q->
	58	*/
	59
	60	access_login(q, argv, cl)
	61	struct query *q;
	62	char *argv[];
	63	client *cl;
	64	{
65	EXEC SQL BEGIN DECLARE SECTION;
66	int id;
67	char qual[256];
68	EXEC SQL END DECLARE SECTION;
69
70	build_qual(q->qual, q->argc, argv, qual);
71	if (!strncmp(q->name,"get_user_account",strlen("get_user_account"))) {
72	EXEC SQL SELECT users_id INTO :id FROM users u, strings str WHERE :qual;
73	} else {
74	EXEC SQL SELECT users_id INTO :id FROM users u WHERE :qual;
75	}
76
77	if (sqlca.sqlerrd[2] != 1 \|\| id != cl->users_id)
78	return(MR_PERM);
79	else
80	return(MR_SUCCESS);
81	}
82
83
84
85	/* access_list - check access for most list operations
86	*
87	* Inputs: argv[0] - list_id
88	* q - query name
89	* argv[2] - member ID (only for queries "amtl" and "dmfl")
90	* argv[7] - group IID (only for query "ulis")
91	* cl - client name
92	*
93	* - check that client is a member of the access control list
94	* - OR, if the query is add_member_to_list or delete_member_from_list
95	* and the list is public, allow access if client = member
96	*/
97
98	access_list(q, argv, cl)
99	struct query *q;
100	char *argv[];
101	client *cl;
102	{
103	EXEC SQL BEGIN DECLARE SECTION;
104	int list_id, acl_id, flags, gid;
105	char acl_type[9];
106	EXEC SQL END DECLARE SECTION;
107	char *client_type;
108	int client_id, status;
109
110	list_id = (int )argv[0];
111	EXEC SQL SELECT acl_id, acl_type, gid, publicflg
112	INTO :acl_id, :acl_type, :gid, :flags
113	FROM list
114	WHERE list_id = :list_id;
115
116	if (sqlca.sqlerrd[2] != 1)
117	return(MR_INTERNAL);
118
119	/* parse client structure */
120	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
121	return(status);
122
123	/* if amtl or dmfl and list is public allow client to add or delete self */
124	if (((!strcmp("amtl", q->shortname) && flags) \|\|
125	(!strcmp("dmfl", q->shortname))) &&
126	(!strcmp("USER", argv[1]))) {
127	if ((int )argv[2] == client_id) return(MR_SUCCESS);
128	/* if update_list, don't allow them to change the GID */
129	} else if (!strcmp("ulis", q->shortname)) {
130	if ((!strcmp(argv[7], UNIQUE_GID) && (gid != -1)) \|\|
131	(strcmp(argv[7], UNIQUE_GID) && (gid != atoi(argv[7]))))
132	return(MR_PERM);
133	}
134
135	/* check for client in access control list */
136	status = find_member(acl_type, acl_id, client_type, client_id, 0);
137	if (!status) return(MR_PERM);
138
139	return(MR_SUCCESS);
140	}
141
142
143	/* access_visible_list - allow access to list only if it is not hidden,
144	* or if the client is on the ACL
145	*
146	* Inputs: argv[0] - list_id
147	* cl - client identifier
148	*/
149
150	access_visible_list(q, argv, cl)
151	struct query *q;
152	char *argv[];
153	client *cl;
154	{
155	EXEC SQL BEGIN DECLARE SECTION;
156	int list_id, acl_id, flags ;
157	char acl_type[9];
158	EXEC SQL END DECLARE SECTION;
159	char *client_type;
160	int client_id, status;
161
162	list_id = (int )argv[0];
163	EXEC SQL SELECT hidden, acl_id, acl_type
164	INTO :flags, :acl_id, :acl_type
165	FROM list
166	WHERE list_id = :list_id;
167	if (sqlca.sqlerrd[2] != 1)
168	return(MR_INTERNAL);
169	if (!flags)
170	return(MR_SUCCESS);
171
172	/* parse client structure */
173	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
174	return(status);
175
176	/* check for client in access control list */
177	status = find_member(acl_type, acl_id, client_type, client_id, 0);
178	if (!status)
179	return(MR_PERM);
180
181	return(MR_SUCCESS);
182	}
183
184
185	/* access_vis_list_by_name - allow access to list only if it is not hidden,
186	* or if the client is on the ACL
187	*
188	* Inputs: argv[0] - list name
189	* cl - client identifier
190	*/
191
192	access_vis_list_by_name(q, argv, cl)
193	struct query *q;
194	char *argv[];
195	client *cl;
196	{
197	EXEC SQL BEGIN DECLARE SECTION;
198	int acl_id, flags, rowcount;
199	char acl_type[9], *listname;
200	EXEC SQL END DECLARE SECTION;
201	char *client_type;
202	int client_id, status;
203
204	listname = argv[0];
205	EXEC SQL SELECT hidden, acl_id, acl_type INTO :flags, :acl_id, :acl_type
206	FROM list WHERE name = :listname;
207
208	rowcount=sqlca.sqlerrd[2];
209	if (rowcount > 1)
210	return(MR_WILDCARD);
211	if (rowcount == 0)
212	return(MR_NO_MATCH);
213	if (!flags)
214	return(MR_SUCCESS);
215
216	/* parse client structure */
217	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
218	return(status);
219
220	/* check for client in access control list */
221	status = find_member(acl_type, acl_id, client_type, client_id, 0);
222	if (!status)
223	return(MR_PERM);
224
225	return(MR_SUCCESS);
226	}
227
228
229	/* access_member - allow user to access member of type "USER" and name matches
230	* username, or to access member of type "LIST" and list is one that user is
231	* on the acl of, or the list is visible.
232	*/
233
234	access_member(q, argv, cl)
235	struct query *q;
236	char *argv[];
237	client *cl;
238	{
239	if (!strcmp(argv[0], "LIST") \|\| !strcmp(argv[0], "RLIST"))
240	return(access_visible_list(q, &argv[1], cl));
241
242	if (!strcmp(argv[0], "USER") \|\| !strcmp(argv[0], "RUSER")) {
243	if (cl->users_id == (int )argv[1])
244	return(MR_SUCCESS);
245	}
246
247	if (!strcmp(argv[0], "KERBEROS") \|\| !strcmp(argv[0], "RKERBERO")) {
248	if (cl->client_id == (int )argv[1])
249	return(MR_SUCCESS);
250	}
251
252	return(MR_PERM);
253	}
254
255
256	/* access_qgli - special access routine for Qualified_get_lists. Allows
257	* access iff argv[0] == "TRUE" and argv[2] == "FALSE".
258	*/
259
260	access_qgli(q, argv, cl)
261	struct query *q;
262	char *argv[];
263	client *cl;
264	{
265	if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE"))
266	return(MR_SUCCESS);
267	return(MR_PERM);
268	}
269
270
271	/* access_service - allow access if user is on ACL of service. Don't
272	* allow access if a wildcard is used.
273	*/
274
275	access_service(q, argv, cl)
276	struct query *q;
277	char *argv[];
278	client *cl;
279	{
280	EXEC SQL BEGIN DECLARE SECTION;
281	int acl_id;
282	char *name, acl_type[9];
283	EXEC SQL END DECLARE SECTION;
284	int client_id, status;
285	char client_type, c;
286
287	name = argv[0];
288	for(c=name;c;c++) if(islower(c)) c = toupper(c); /* uppercasify */
289	EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers
290	WHERE name = :name;
291	if (sqlca.sqlerrd[2] > 1)
292	return(MR_PERM);
293
294	/* parse client structure */
295	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
296	return(status);
297
298	/* check for client in access control list */
299	status = find_member(acl_type, acl_id, client_type, client_id, 0);
300	if (!status) return(MR_PERM);
301
302	return(MR_SUCCESS);
303	}
304
305
306	/* access_filesys - verify that client is owner or on owners list of filesystem
307	* named by argv[0]
308	*/
309
310	access_filesys(q, argv, cl)
311	struct query *q;
312	char *argv[];
313	client *cl;
314	{
315	EXEC SQL BEGIN DECLARE SECTION;
316	int users_id, list_id;
317	char *name;
318	EXEC SQL END DECLARE SECTION;
319	int status, client_id;
320	char *client_type;
321
322	name = argv[0];
323	EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys
324	WHERE label = :name;
325
326	if (sqlca.sqlerrd[2] != 1)
327	return(MR_PERM);
328	if (users_id == cl->users_id)
329	return(MR_SUCCESS);
330	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
331	return(status);
332	status = find_member("LIST", list_id, client_type, client_id, 0);
333	if (status)
334	return(MR_SUCCESS);
335	else
336	return(MR_PERM);
337	}
338
1beb5e23	339
	340	/* access_host - successful if owner of host, or subnet containing host
	341	*/
	342
fc2f4a27	343	int host_access_level = 0; /* 1 for network, 2 for host */
1beb5e23	344
	345	access_host(q, argv, cl)
	346	struct query *q;
	347	char *argv[];
	348	client *cl;
	349	{
	350	EXEC SQL BEGIN DECLARE SECTION;
	351	int mid, sid, users_id, id;
	352	char mtype[9], stype[9], *name;
	353	EXEC SQL END DECLARE SECTION;
	354	int status, client_id;
	355	char *client_type;
	356
	357	if (q->type == APPEND) {
	358	id = (int )argv[8];
	359	EXEC SQL SELECT s.owner_type, s.owner_id
	360	INTO :stype, :sid FROM subnet s
	361	WHERE s.snet_id=:id;
	362	mid =0;
	363	} else if (q->type == RETRIEVE) {
fc2f4a27	364	return(MR_SUCCESS);
1beb5e23	365	} else {
	366	id = (int )argv[0];
	367	EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
	368	INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
	369	WHERE m.mach_id=:id and s.snet_id=m.snet_id;
	370	}
	371	if (sqlca.sqlerrd[2] != 1)
	372	return(MR_PERM);
	373
	374	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
	375	return(status);
	376	status = find_member(stype, sid, client_type, client_id, 0);
	377	if (status) {
	378	host_access_level = 1;
	379	return(MR_SUCCESS);
	380	}
	381	status = find_member(mtype, mid, client_type, client_id, 0);
	382	if (status) {
	383	host_access_level = 2;
	384	return(MR_SUCCESS);
	385	} else
	386	return(MR_PERM);
	387	}
	388
	389
	390	/* access_ahal - check for adding a host alias.
	391	* successful if host has less then 2 aliases and (client is owner of
	392	* host or subnet).
	393	* If deleting an alias, any owner will do.
	394	*/
	395
	396	access_ahal(q, argv, cl)
	397	struct query *q;
	398	char *argv[];
	399	client *cl;
	400	{
	401	EXEC SQL BEGIN DECLARE SECTION;
	402	int cnt, id, mid, sid;
	403	char mtype[256], stype[256];
	404	EXEC SQL END DECLARE SECTION;
	405	char *client_type;
	406	int status, client_id;
	407
27343965	408	if (q->type == RETRIEVE)
	409	return(MR_SUCCESS);
	410
1beb5e23	411	id = (int )argv[1];
	412
	413	EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
	414	if (ingres_errno) return(mr_errcode);
	415	/* if the type is APPEND, this is ahal and we need to make sure there
	416	* will be no more than 2 aliases. If it's not, it must be dhal and
	417	* any owner will do.
	418	*/
	419	if (q->type == APPEND && cnt >= 2)
	420	return(MR_PERM);
1beb5e23	421	EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
	422	INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
	423	WHERE m.mach_id=:id and s.snet_id=m.snet_id;
	424	if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
	425	return(status);
	426	status = find_member(mtype, mid, client_type, client_id, 0);
	427	if (status)
	428	return(MR_SUCCESS);
	429	status = find_member(stype, sid, client_type, client_id, 0);
	430	if (status)
	431	return(MR_SUCCESS);
	432	else
	433	return(MR_PERM);
	434	}