6 * Copyright (C) 1987 by the Massachusetts Institute of Technology
7 * For copying and distribution information, please see the file
13 static char *rcsid_qsupport_dc = "$Header$";
16 #include <mit-copyright.h>
17 #include "mr_server.h"
20 EXEC SQL INCLUDE sqlca;
24 extern int dbms_errno, mr_errcode;
26 EXEC SQL BEGIN DECLARE SECTION;
27 extern char stmt_buf[];
28 EXEC SQL END DECLARE SECTION;
30 EXEC SQL WHENEVER SQLERROR DO dbmserr();
33 /* Specialized Access Routines */
35 /* access_user - verify that client name equals specified login name
37 * - since field validation routines are called first, a users_id is
38 * now in argv[0] instead of the login name.
41 int access_user(q, argv, cl)
46 if (cl->users_id != *(int *)argv[0])
54 /* access_login - verify that client name equals specified login name
56 * argv[0...n] contain search info. q->
59 int access_login(q, argv, cl)
64 EXEC SQL BEGIN DECLARE SECTION;
66 EXEC SQL END DECLARE SECTION;
68 if(q->argc != 1) return MR_ARGS;
70 if(!strcmp(q->shortname, "gual")) {
71 EXEC SQL SELECT users_id INTO :id FROM users u, strings str
72 WHERE u.login LIKE :argv[0] AND u.users_id != 0
73 AND u.comments = str.string_id;
74 } else if (!strcmp(q->shortname, "gubl")) {
75 EXEC SQL SELECT users_id INTO :id FROM users u
76 WHERE u.login LIKE :argv[0] AND u.users_id != 0;
77 } else if (!strcmp(q->shortname, "guau")) {
78 EXEC SQL SELECT users_id INTO :id FROM users u, strings str
79 WHERE u.unix_uid = :argv[0] AND u.users_id != 0
80 AND u.comments = str.string_id;
81 } else if(!strcmp(q->shortname, "gubu")) {
82 EXEC SQL SELECT users_id INTO :id FROM users u
83 WHERE u.unix_uid = :argv[0] AND u.users_id != 0;
86 if (sqlca.sqlerrd[2] != 1 || id != cl->users_id)
94 /* access_list - check access for most list operations
96 * Inputs: argv[0] - list_id
98 * argv[2] - member ID (only for queries "amtl" and "dmfl")
99 * argv[7] - group IID (only for query "ulis")
102 * - check that client is a member of the access control list
103 * - OR, if the query is add_member_to_list or delete_member_from_list
104 * and the list is public, allow access if client = member
107 int access_list(q, argv, cl)
112 EXEC SQL BEGIN DECLARE SECTION;
113 int list_id, acl_id, flags, gid;
115 EXEC SQL END DECLARE SECTION;
117 int client_id, status;
119 list_id = *(int *)argv[0];
120 EXEC SQL SELECT acl_id, acl_type, gid, publicflg
121 INTO :acl_id, :acl_type, :gid, :flags
123 WHERE list_id = :list_id;
125 if (sqlca.sqlerrd[2] != 1)
128 /* parse client structure */
129 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
132 /* if amtl or dmfl and list is public allow client to add or delete self */
133 if (((!strcmp("amtl", q->shortname) && flags) ||
134 (!strcmp("dmfl", q->shortname))) &&
135 (!strcmp("USER", argv[1]))) {
136 if (*(int *)argv[2] == client_id) return(MR_SUCCESS);
137 /* if update_list, don't allow them to change the GID */
138 } else if (!strcmp("ulis", q->shortname)) {
139 if (!strcmp(argv[7], UNIQUE_GID)) {
140 if(gid != -1) return MR_PERM;
142 if(gid != atoi(argv[7])) return MR_PERM;
146 /* check for client in access control list */
147 status = find_member(acl_type, acl_id, client_type, client_id);
148 if (!status) return(MR_PERM);
154 /* access_visible_list - allow access to list only if it is not hidden,
155 * or if the client is on the ACL
157 * Inputs: argv[0] - list_id
158 * cl - client identifier
161 int access_visible_list(q, argv, cl)
166 EXEC SQL BEGIN DECLARE SECTION;
167 int list_id, acl_id, flags ;
169 EXEC SQL END DECLARE SECTION;
171 int client_id, status;
173 list_id = *(int *)argv[0];
174 EXEC SQL SELECT hidden, acl_id, acl_type
175 INTO :flags, :acl_id, :acl_type
177 WHERE list_id = :list_id;
178 if (sqlca.sqlerrd[2] != 1)
183 /* parse client structure */
184 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
187 /* check for client in access control list */
188 status = find_member(acl_type, acl_id, client_type, client_id);
196 /* access_vis_list_by_name - allow access to list only if it is not hidden,
197 * or if the client is on the ACL
199 * Inputs: argv[0] - list name
200 * cl - client identifier
203 int access_vis_list_by_name(q, argv, cl)
208 EXEC SQL BEGIN DECLARE SECTION;
209 int acl_id, flags, rowcount;
210 char acl_type[9], *listname;
211 EXEC SQL END DECLARE SECTION;
213 int client_id, status;
216 EXEC SQL SELECT hidden, acl_id, acl_type INTO :flags, :acl_id, :acl_type
217 FROM list WHERE name = :listname;
219 rowcount=sqlca.sqlerrd[2];
227 /* parse client structure */
228 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
231 /* check for client in access control list */
232 status = find_member(acl_type, acl_id, client_type, client_id);
240 /* access_member - allow user to access member of type "USER" and name matches
241 * username, or to access member of type "LIST" and list is one that user is
242 * on the acl of, or the list is visible.
245 int access_member(q, argv, cl)
250 if (!strcmp(argv[0], "LIST") || !strcmp(argv[0], "RLIST"))
251 return(access_visible_list(q, &argv[1], cl));
253 if (!strcmp(argv[0], "USER") || !strcmp(argv[0], "RUSER")) {
254 if (cl->users_id == *(int *)argv[1])
258 if (!strcmp(argv[0], "KERBEROS") || !strcmp(argv[0], "RKERBERO")) {
259 if (cl->client_id == *(int *)argv[1])
267 /* access_qgli - special access routine for Qualified_get_lists. Allows
268 * access iff argv[0] == "TRUE" and argv[2] == "FALSE".
271 int access_qgli(q, argv, cl)
276 if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE"))
282 /* access_service - allow access if user is on ACL of service. Don't
283 * allow access if a wildcard is used.
286 int access_service(q, argv, cl)
291 EXEC SQL BEGIN DECLARE SECTION;
293 char *name, acl_type[9];
294 EXEC SQL END DECLARE SECTION;
295 int client_id, status;
296 char *client_type, *c;
299 for(c=name;*c;c++) if(islower(*c)) *c = toupper(*c); /* uppercasify */
300 EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers
302 if (sqlca.sqlerrd[2] > 1)
305 /* parse client structure */
306 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
309 /* check for client in access control list */
310 status = find_member(acl_type, acl_id, client_type, client_id);
311 if (!status) return(MR_PERM);
317 /* access_filesys - verify that client is owner or on owners list of filesystem
321 int access_filesys(q, argv, cl)
326 EXEC SQL BEGIN DECLARE SECTION;
327 int users_id, list_id;
329 EXEC SQL END DECLARE SECTION;
330 int status, client_id;
334 EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys
337 if (sqlca.sqlerrd[2] != 1)
339 if (users_id == cl->users_id)
341 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
343 status = find_member("LIST", list_id, client_type, client_id);
351 /* access_host - successful if owner of host, or subnet containing host
354 int host_access_level = 0; /* 1 for network, 2 for host */
356 int access_host(q, argv, cl)
361 EXEC SQL BEGIN DECLARE SECTION;
363 char mtype[9], stype[9];
364 EXEC SQL END DECLARE SECTION;
365 int status, client_id;
368 if (q->type == APPEND) {
369 id = *(int *)argv[8];
370 EXEC SQL SELECT s.owner_type, s.owner_id
371 INTO :stype, :sid FROM subnet s
374 } else if (q->type == RETRIEVE) {
377 id = *(int *)argv[0];
378 EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
379 INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
380 WHERE m.mach_id=:id and s.snet_id=m.snet_id;
382 if (sqlca.sqlerrd[2] != 1)
385 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
387 status = find_member(stype, sid, client_type, client_id);
389 host_access_level = 1;
392 status = find_member(mtype, mid, client_type, client_id);
394 host_access_level = 2;
401 /* access_ahal - check for adding a host alias.
402 * successful if host has less then 2 aliases and (client is owner of
404 * If deleting an alias, any owner will do.
407 int access_ahal(q, argv, cl)
412 EXEC SQL BEGIN DECLARE SECTION;
413 int cnt, id, mid, sid;
414 char mtype[256], stype[256];
415 EXEC SQL END DECLARE SECTION;
417 int status, client_id;
419 if (q->type == RETRIEVE)
422 id = *(int *)argv[1];
424 EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
425 if (dbms_errno) return(mr_errcode);
426 /* if the type is APPEND, this is ahal and we need to make sure there
427 * will be no more than 2 aliases. If it's not, it must be dhal and
430 if (q->type == APPEND && cnt >= 2)
432 EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
433 INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
434 WHERE m.mach_id=:id and s.snet_id=m.snet_id;
435 if ((status = get_client(cl, &client_type, &client_id)) != MR_SUCCESS)
437 status = find_member(mtype, mid, client_type, client_id);
440 status = find_member(stype, sid, client_type, client_id);
449 /* access_snt - check for retrieving network structure
452 int access_snt(q, argv, cl)
457 if(q->type == RETRIEVE)