#define M_LIST 2
#define M_STRING 3
#define M_KERBEROS 4
+#define M_NONE 5
+
+char *typename[] = { "ANY", "USER", "LIST", "STRING", "KERBEROS", "NONE" };
/* argument parsing macro */
#define argis(a, b) (!strcmp(*arg + 1, a) || !strcmp(*arg + 1, b))
int showusers, showstrings, showkerberos, showlists, showtags;
int createflag, setinfo, active, public, hidden, maillist, grouplist;
int nfsgroup;
-struct member *owner;
+struct member *owner, *memacl;
char *desc, *newname;
/* various member lists */
struct member *parse_member(char *s);
int membercmp(const void *mem1, const void *mem2);
int sq_count_elts(struct save_queue *q);
+char *get_username(void);
int main(int argc, char **argv)
{
active = public = hidden = maillist = grouplist = nfsgroup = -1;
listname = newname = desc = NULL;
owner = NULL;
+ memacl = NULL;
addlist = sq_create();
dellist = sq_create();
memberlist = sq_create();
else
usage(argv);
}
+ else if (argis("MA", "memacl"))
+ {
+ if (arg - argv < argc -1)
+ {
+ setinfo++;
+ ++arg;
+ memacl = parse_member(*arg);
+ }
+ else
+ usage(argv);
+ }
else if (argis("R", "rename"))
{
if (arg - argv < argc - 1)
showusers = showstrings = showlists = showkerberos = 1;
/* fire up Moira */
- status = mrcl_connect(server, "blanche", 3, !noauth);
+ status = mrcl_connect(server, "blanche", 4, !noauth);
if (status == MRCL_AUTH_ERROR)
{
+ com_err(whoami, 0, "Authentication error while working on list %s",
+ listname);
com_err(whoami, 0, "Try the -noauth flag if you don't "
"need authentication.");
}
/* create if needed */
if (createflag)
{
- char *argv[11];
+ char *argv[13];
argv[L_NAME] = listname;
argv[L_ACTIVE] = (active == 0) ? "0" : "1";
argv[L_NFSGROUP] = (nfsgroup == 1) ? "1" : "0";
argv[L_DESC] = desc ? desc : "none";
+ if (memacl)
+ {
+ if (memacl->type == M_ANY)
+ {
+ status = mr_query("get_user_account_by_login", 1,
+ &memacl->name, NULL, NULL);
+ if (status == MR_NO_MATCH)
+ memacl->type = M_LIST;
+ else
+ memacl->type = M_USER;
+ }
+ argv[L_MEMACE_TYPE] = typename[memacl->type];
+ argv[L_MEMACE_NAME] = memacl->name;
+ if (memacl->type == M_KERBEROS)
+ {
+ status = mrcl_validate_kerberos_member(argv[L_MEMACE_NAME],
+ &argv[L_MEMACE_NAME]);
+ if (mrcl_get_message())
+ mrcl_com_err(whoami);
+ }
+ }
+ else
+ argv[L_MEMACE_TYPE] = argv[L_MEMACE_NAME] = "NONE";
+
if (owner)
{
argv[L_ACE_NAME] = owner->name;
case M_ANY:
case M_USER:
argv[L_ACE_TYPE] = "USER";
- status = mr_query("add_list", 11, argv, NULL, NULL);
+ status = mr_query("add_list", 13, argv, NULL, NULL);
if (owner->type != M_ANY || status != MR_USER)
break;
case M_LIST:
argv[L_ACE_TYPE] = "LIST";
- status = mr_query("add_list", 11, argv, NULL, NULL);
+ status = mr_query("add_list", 13, argv, NULL, NULL);
break;
case M_KERBEROS:
argv[L_ACE_TYPE] = "KERBEROS";
- status = mr_query("add_list", 11, argv, NULL, NULL);
+ status = mrcl_validate_kerberos_member(argv[L_ACE_NAME],
+ &argv[L_ACE_NAME]);
+ if (mrcl_get_message())
+ mrcl_com_err(whoami);
+ status = mr_query("add_list", 13, argv, NULL, NULL);
+ break;
+ case M_NONE:
+ argv[L_ACE_TYPE] = argv[L_ACE_NAME] = "NONE";
+ status = mr_query("add_list", 13, argv, NULL, NULL);
break;
}
}
else
{
argv[L_ACE_TYPE] = "USER";
- argv[L_ACE_NAME] = getenv("USER");
+ argv[L_ACE_NAME] = get_username();
- status = mr_query("add_list", 11, argv, NULL, NULL);
+ status = mr_query("add_list", 13, argv, NULL, NULL);
}
if (status)
}
else if (setinfo)
{
- char *argv[12];
+ char *argv[14];
status = mr_query("get_list_info", 1, &listname,
save_list_info, argv);
if (desc)
argv[L_DESC + 1] = desc;
+ if (memacl)
+ {
+ if (memacl->type == M_ANY)
+ {
+ status = mr_query("get_user_account_by_login", 1,
+ &memacl->name, NULL, NULL);
+ if (status == MR_NO_MATCH)
+ memacl->type = M_LIST;
+ else
+ memacl->type = M_USER;
+ }
+ argv[L_MEMACE_TYPE + 1] = typename[memacl->type];
+ argv[L_MEMACE_NAME + 1] = memacl->name;
+ if (memacl->type == M_KERBEROS)
+ {
+ status = mrcl_validate_kerberos_member(argv[L_MEMACE_NAME + 1],
+ &argv[L_MEMACE_NAME + 1]);
+ if (mrcl_get_message())
+ mrcl_com_err(whoami);
+ }
+ }
+
if (owner)
{
argv[L_ACE_NAME + 1] = owner->name;
case M_ANY:
case M_USER:
argv[L_ACE_TYPE + 1] = "USER";
- status = mr_query("update_list", 12, argv, NULL, NULL);
+ status = mr_query("update_list", 14, argv, NULL, NULL);
if (owner->type != M_ANY || status != MR_USER)
break;
case M_LIST:
argv[L_ACE_TYPE + 1] = "LIST";
- status = mr_query("update_list", 12, argv, NULL, NULL);
+ status = mr_query("update_list", 14, argv, NULL, NULL);
break;
case M_KERBEROS:
argv[L_ACE_TYPE + 1] = "KERBEROS";
- status = mr_query("update_list", 12, argv, NULL, NULL);
+ status = mrcl_validate_kerberos_member(argv[L_ACE_NAME + 1],
+ &argv[L_ACE_NAME + 1]);
+ if (mrcl_get_message())
+ mrcl_com_err(whoami);
+ status = mr_query("update_list", 14, argv, NULL, NULL);
+ break;
+ case M_NONE:
+ argv[L_ACE_TYPE + 1] = argv[L_ACE_NAME + 1] = "NONE";
+ status = mr_query("update_list", 14, argv, NULL, NULL);
break;
}
}
else
- status = mr_query("update_list", 12, argv, NULL, NULL);
+ status = mr_query("update_list", 14, argv, NULL, NULL);
if (status)
{
NULL, NULL);
if (status == MR_SUCCESS)
{
- if (!strcmp(membervec[0], getenv("USER")))
+ if (!strcmp(membervec[0], get_username()))
{
fprintf(stderr, "\nWARNING: \"LIST:%s\" was just added "
"to list \"%s\".\n", membervec[2], membervec[0]);
break;
}
case M_STRING:
- if (memberstruct->type == M_ANY &&
- !strchr(memberstruct->name, '@') &&
- !strchr(memberstruct->name, '!') &&
- !strchr(memberstruct->name, '%'))
+ status = mrcl_validate_string_member(memberstruct->name);
+ if (memberstruct->type == M_ANY && status == MRCL_WARN)
{
/* if user is trying to add something which isn't a
remote string, or a list, or a user, and didn't
success = 0;
break;
}
+ else
+ mrcl_com_err(whoami);
+
+ if (status == MRCL_REJECT)
+ {
+ success = 0;
+ break;
+ }
membervec[1] = "STRING";
status = mr_query("add_tagged_member_to_list", 4, membervec,
break;
case M_KERBEROS:
membervec[1] = "KERBEROS";
+ status = mrcl_validate_kerberos_member(membervec[2], &membervec[2]);
+ if (mrcl_get_message())
+ mrcl_com_err(whoami);
status = mr_query("add_tagged_member_to_list", 4, membervec,
NULL, NULL);
if (status != MR_SUCCESS)
memberstruct->name, listname);
success = 0;
}
+ free(membervec[2]);
}
}
memberstruct->type != M_ANY)
{
if (status == MR_PERM && memberstruct->type == M_ANY &&
- !strcmp(membervec[2], getenv("USER")))
+ !strcmp(membervec[2], get_username()))
{
/* M_ANY means we've fallen through from the user
* case. The user is trying to remove himself from
com_err(whoami, 0, " Unable to find member %s to delete from %s",
memberstruct->name, listname);
success = 0;
- if (!strcmp(membervec[0], getenv("USER")))
+ if (!strcmp(membervec[0], get_username()))
{
fprintf(stderr, "(If you were trying to remove yourself "
"from the list \"%s\",\n", membervec[2]);
membervec[1] = "KERBEROS";
status = mr_query("delete_member_from_list", 3, membervec,
NULL, NULL);
+ if (status == MR_STRING || status == MR_NO_MATCH)
+ {
+ /* Try canonicalizing the Kerberos principal and trying
+ * again. If we succeed, print the message from mrcl.
+ * Otherwise, just pretend we never did this and print
+ * the original error message.
+ */
+ mrcl_validate_kerberos_member(membervec[2], &membervec[2]);
+ if (mrcl_get_message())
+ {
+ if (mr_query("delete_member_from_list", 3, membervec,
+ NULL, NULL) == MR_SUCCESS)
+ mrcl_com_err(whoami);
+ status = MR_SUCCESS;
+ }
+ }
if (status != MR_SUCCESS)
{
com_err(whoami, status, "while deleting member %s from %s",
membervec[1] = "KERBEROS";
status = mr_query("tag_member_of_list", 4, membervec,
NULL, NULL);
+ if (status == MR_STRING || status == MR_NO_MATCH)
+ {
+ /* Try canonicalizing the Kerberos principal and trying
+ * again. If we succeed, print the message from mrcl.
+ * Otherwise, just pretend we never did this and print
+ * the original error message.
+ */
+ mrcl_validate_kerberos_member(membervec[2], &membervec[2]);
+ if (mrcl_get_message())
+ {
+ if (mr_query("tag_member_of_list", 4, membervec,
+ NULL, NULL) == MR_SUCCESS)
+ mrcl_com_err(whoami);
+ status = MR_SUCCESS;
+ }
+ }
if (status != MR_SUCCESS)
{
com_err(whoami, status, "while changing tag on member %s of %s",
}
}
-
/* Display the members of the list now, if requested */
if (memberflg)
{
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-t | -tags",
"-O | -owner owner");
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-n | -noauth",
- "-db | -database host[:port]");
+ "-MA | -memacl membership_acl");
+ fprintf(stderr, USAGE_OPTIONS_FORMAT, "-db | -database host[:port]",
+ "");
exit(1);
}
else
printf("\n");
printf("Owner: %s %s\n", argv[L_ACE_TYPE], argv[L_ACE_NAME]);
+ if (strcmp(argv[L_MEMACE_TYPE], "NONE"))
+ printf("Membership ACL: %s %s\n", argv[L_MEMACE_TYPE],
+ argv[L_MEMACE_NAME]);
printf("Last modified by %s with %s on %s\n",
argv[L_MODBY], argv[L_MODWITH], argv[L_MODTIME]);
return MR_CONT;
{
char **nargv = hint;
- for (argc = 0; argc < 11; argc++)
+ for (argc = 0; argc < 14; argc++)
nargv[argc + 1] = strdup(argv[argc]);
return MR_CONT;
}
m->type = M_STRING;
else if (!strcasecmp("kerberos", s))
m->type = M_KERBEROS;
+ else if (!strcasecmp("none", s))
+ m->type = M_NONE;
else
{
m->type = M_ANY;
else
{
m->name = strdup(s);
- m->type = M_ANY;
+ m->type = strcasecmp(s, "none") ? M_ANY : M_NONE;
}
return m;
}
count++;
return count;
}
+
+char *get_username(void)
+{
+ char *username;
+
+ username = getenv("USER");
+ if (!username)
+ {
+ username = mrcl_krb_user();
+ if (!username)
+ {
+ com_err(whoami, 0, "Could not determine username");
+ exit(1);
+ }
+ }
+ return username;
+}