int access_vis_list_by_name(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int acl_id, memacl_id, flags, rowcount;
+ int acl_id, memacl_id, flags, rowcount, list_id;
char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
char *listname;
EXEC SQL END DECLARE SECTION;
int status;
listname = argv[0];
- EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type
- INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
+ EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type, list_id
+ INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type, :list_id
FROM list
WHERE name = :listname;
if (!flags)
return MR_SUCCESS;
- /* check for client in access control list */
+ /* If the user is a member of the acl, memacl, or the list itself,
+ * accept them.
+ */
status = find_member(acl_type, acl_id, cl);
if (!status)
- {
- status = find_member(memacl_type, memacl_id, cl);
- if (!status)
- return MR_PERM;
- }
+ status = find_member(memacl_type, memacl_id, cl);
+ if (!status)
+ status = find_member("LIST", list_id, cl);
+ if (!status)
+ return MR_PERM;
+
return MR_SUCCESS;
}
int access_container(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int cnt_id, acl_id, memacl_id;
+ int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
char name[CONTAINERS_NAME_SIZE], *newname;
+ char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
int status;
/* if amcn or dmcn, container id is the second argument */
if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0)
+ {
+ mach_id = *(int *)argv[0];
cnt_id = *(int *)argv[1];
+ }
- EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name
- INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name
+ EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
+ INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
FROM containers
WHERE cnt_id = :cnt_id;
if (find_member(memacl_type, memacl_id, cl))
return MR_SUCCESS;
+ /* if the container is public or the query is delete, grant access if client
+ * is on owner list */
+ if (flag || q->type == DELETE)
+ {
+ EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
+ :machine_owner_id
+ FROM machine
+ WHERE mach_id = :mach_id;
+
+ if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
+ find_member(machine_owner_type, machine_owner_id, cl))
+ return MR_SUCCESS;
+ }
/* Otherwise fail. */
return MR_PERM;
}