/* If not amtl, atml, or dmfl, we lose. */
if (strcmp(q->shortname, "amtl") && strcmp(q->shortname, "atml") &&
- strcmp(q->shortname, "dmfl"))
+ strcmp(q->shortname, "dmfl") && strcmp(q->shortname, "tmol"))
return MR_PERM;
if (find_member(memacl_type, memacl_id, cl))
int mid, sid, id;
char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
- int status;
+ int status, idx;
+
+ if (q->version < 6)
+ idx = 0;
+ else
+ idx = 1;
if (q->type == RETRIEVE)
{
if (q->type == APPEND)
{
/* Non-query owner must set use to zero */
- if (atoi(argv[6]) != 0)
+ if (atoi(argv[6 + idx]) != 0)
return MR_PERM;
/* ... and start the hostname with a letter */
if (isdigit(argv[0][0]))
return MR_BAD_CHAR;
- id = *(int *)argv[8];
+ id = *(int *)argv[8 + idx];
EXEC SQL SELECT s.owner_type, s.owner_id
INTO :stype, :sid FROM subnet s
WHERE s.snet_id = :id;
int status, acomment, use, ocomment, snid;
char contact[MACHINE_CONTACT_SIZE], address[MACHINE_ADDRESS_SIZE];
char name[MACHINE_NAME_SIZE];
+ char billing_contact[MACHINE_BILLING_CONTACT_SIZE];
EXEC SQL END DECLARE SECTION;
id = *(int *)argv[0];
- EXEC SQL SELECT m.name, m.use, m.contact, m.status, m.address,
- m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
- s.owner_type, s.owner_id INTO :name, :use, :contact, :status,
- :address, :mtype, :mid, :acomment, :ocomment, :snid, :stype, :sid
+ EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.status,
+ m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
+ s.owner_type, s.owner_id INTO :name, :use, :contact, :billing_contact,
+ :status, :address, :mtype, :mid, :acomment, :ocomment, :snid, :stype,
+ :sid
FROM machine m, subnet s
WHERE m.mach_id = :id AND s.snet_id = m.snet_id;
if (dbms_errno)
return mr_errcode;
/* non-query-owner cannot change use or ocomment */
- if ((use != atoi(argv[7])) || (ocomment != *(int *)argv[14]))
+ if ((use != atoi(argv[7 + idx])) || (ocomment != *(int *)argv[14 + idx]))
return MR_PERM;
/* or rename to start with digit */
/* host owner also cannot change contact, status, address,
owner, or acomment */
if (strcmp(argv[6], strtrim(contact)) ||
- (status != atoi(argv[8])) ||
- strcmp(argv[10], strtrim(address)) ||
- strcmp(argv[11], strtrim(mtype)) ||
- (mid != *(int *)argv[12]) || (acomment != *(int *)argv[13]))
+ (status != atoi(argv[8 + idx])) ||
+ strcmp(argv[10 + idx], strtrim(address)) ||
+ strcmp(argv[11 + idx], strtrim(mtype)) ||
+ (mid != *(int *)argv[12 + idx]) ||
+ (acomment != *(int *)argv[13 + idx]))
return MR_PERM;
+ /* Billing contact field didn't appear until version 6 */
+ if (q->version >= 6)
+ if (strcmp(argv[7], strtrim(billing_contact)))
+ return MR_PERM;
}
else
return MR_PERM;
}
/* If moving to a new subnet, make sure user is on acl there */
- id = *(int *)argv[9];
+ id = *(int *)argv[9 + idx];
if (id != snid)
{
EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid
return MR_PERM;
}
+/* access_container - check access for most container operations
+ *
+ * Inputs: argv[0] - cnt_id
+ * q - query name
+ * cl - client name
+ *
+ * - check if that client is a member of the access control list
+ * - OR, if the query is add_machine_to_container or delete_machine_from_container
+ * check if the client is a memeber of the mem_acl list
+ * - if the query is update_container and the container is to be renamed and
+ * it is a top-level container, only priviledged users can do it
+ */
+
+int access_container(struct query *q, char *argv[], client *cl)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ int cnt_id, acl_id, memacl_id;
+ char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
+ char name[CONTAINERS_NAME_SIZE], *newname;
+ EXEC SQL END DECLARE SECTION;
+ int status;
+
+ cnt_id = *(int *)argv[0];
+
+ /* if amcn or dmcn, container id is the second argument */
+ if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0)
+ cnt_id = *(int *)argv[1];
+
+ EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name
+ INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name
+ FROM containers
+ WHERE cnt_id = :cnt_id;
+
+ if (sqlca.sqlerrd[2] != 1)
+ return MR_INTERNAL;
+
+ /* trim off the trailing spaces */
+ strcpy(name, strtrim(name));
+
+ /* if the query is update_container and the containers is to be renamed
+ * and it is a top-level container, only dbadmin can do it */
+ if (!strcmp(q->shortname, "ucon"))
+ {
+ newname = argv[1];
+ if (strcmp(name, newname) && strchr(name, '/') == NULL)
+ return MR_PERM;
+ }
+
+ /* check for client in access control list and return success right
+ * away if it's there. */
+ if (find_member(acl_type, acl_id, cl))
+ return MR_SUCCESS;
+
+ /* If not amcn, dmcn, we lose. */
+ if (strcmp(q->shortname, "amcn") && strcmp(q->shortname, "dmcn"))
+ return MR_PERM;
+
+ if (find_member(memacl_type, memacl_id, cl))
+ return MR_SUCCESS;
+
+ /* Otherwise fail. */
+ return MR_PERM;
+}
andersk / moira.git / blobdiff