/* access_member - allow user to access member of type "USER" and name matches
* username, or to access member of type "KERBEROS" and the principal matches
* the user, or to access member of type "LIST" and list is one that user is
- * on the acl of, or the list is visible.
+ * on the acl of, or the list is visible. Allow anyone to look up list
+ * memberships of MACHINEs.
*/
int access_member(struct query *q, char *argv[], client *cl)
return MR_SUCCESS;
}
+ if (!strcmp(argv[0], "MACHINE") || !strcmp(argv[0], "RMACHINE"))
+ return MR_SUCCESS;
+
return MR_PERM;
}
int access_host(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int mid, sid, id;
+ int mid, sid, id, subnet_status;
char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
+ char *account_number;
EXEC SQL END DECLARE SECTION;
int status, idx;
if (q->version < 6)
idx = 0;
- else
+ else if (q->version >= 6 && q->version < 8)
idx = 1;
-
+ else
+ idx = 2;
+
if (q->type == RETRIEVE)
{
if (strcmp(argv[0], "*") || strcmp(argv[1], "*") ||
return MR_BAD_CHAR;
id = *(int *)argv[8 + idx];
- EXEC SQL SELECT s.owner_type, s.owner_id
- INTO :stype, :sid FROM subnet s
+ EXEC SQL SELECT s.owner_type, s.owner_id, s.status
+ INTO :stype, :sid, :subnet_status FROM subnet s
WHERE s.snet_id = :id;
mid = 0;
+ /* Non query owner must provide valid billing information. */
+ if (q->version >= 8)
+ {
+ if (subnet_status == SNET_STATUS_BILLABLE)
+ {
+ account_number = argv[7];
+ EXEC SQL SELECT account_number FROM accountnumbers
+ WHERE account_number = :account_number;
+ if (sqlca.sqlcode == SQL_NO_MATCH)
+ return MR_ACCOUNT_NUMBER;
+ }
+ }
+
if (find_member(stype, sid, cl))
return MR_SUCCESS;
else
id = *(int *)argv[0];
EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.status,
m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
- s.owner_type, s.owner_id INTO :name, :use, :contact, :billing_contact,
- :status, :address, :mtype, :mid, :acomment, :ocomment, :snid, :stype,
- :sid
+ s.owner_type, s.owner_id, s.status INTO :name, :use, :contact,
+ :billing_contact, :status, :address, :mtype, :mid, :acomment,
+ :ocomment, :snid, :stype, :sid, :subnet_status
FROM machine m, subnet s
WHERE m.mach_id = :id AND s.snet_id = m.snet_id;
if (dbms_errno)
return mr_errcode;
+ /* Non query owner must provide valid billing information. */
+ if (q->version >= 8)
+ {
+ if ((subnet_status == SNET_STATUS_BILLABLE) &&
+ (atoi(argv[10]) != 3))
+ {
+ account_number = argv[8];
+ EXEC SQL SELECT account_number FROM accountnumbers
+ WHERE account_number = :account_number;
+ if (sqlca.sqlcode == SQL_NO_MATCH)
+ return MR_ACCOUNT_NUMBER;
+ }
+ }
+
/* non-query-owner cannot change use or ocomment */
if ((use != atoi(argv[7 + idx])) || (ocomment != *(int *)argv[14 + idx]))
return MR_PERM;
int access_container(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int cnt_id, acl_id, memacl_id;
+ int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
char name[CONTAINERS_NAME_SIZE], *newname;
+ char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
int status;
/* if amcn or dmcn, container id is the second argument */
if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0)
+ {
+ mach_id = *(int *)argv[0];
cnt_id = *(int *)argv[1];
+ }
- EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name
- INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name
+ EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
+ INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
FROM containers
WHERE cnt_id = :cnt_id;
if (find_member(memacl_type, memacl_id, cl))
return MR_SUCCESS;
+ /* if the container is public or the query is delete, grant access if client
+ * is on owner list */
+ if (flag || q->type == DELETE)
+ {
+ EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
+ :machine_owner_id
+ FROM machine
+ WHERE mach_id = :mach_id;
+
+ if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
+ find_member(machine_owner_type, machine_owner_id, cl))
+ return MR_SUCCESS;
+ }
/* Otherwise fail. */
return MR_PERM;
}