1 | /* $Id: qaccess.pc 4110 2013-05-09 15:43:17Z zacheiss $ |
---|
2 | * |
---|
3 | * Check access to queries |
---|
4 | * |
---|
5 | * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology |
---|
6 | * For copying and distribution information, please see the file |
---|
7 | * <mit-copyright.h>. |
---|
8 | */ |
---|
9 | |
---|
10 | #include <mit-copyright.h> |
---|
11 | #include "mr_server.h" |
---|
12 | #include "qrtn.h" |
---|
13 | #include "query.h" |
---|
14 | |
---|
15 | #include <string.h> |
---|
16 | #include <ctype.h> |
---|
17 | #include <stdlib.h> |
---|
18 | #include <netdb.h> |
---|
19 | #include <sys/types.h> |
---|
20 | #include <netinet/in.h> |
---|
21 | #include <arpa/nameser.h> |
---|
22 | #ifndef _PROC_ |
---|
23 | #include <resolv.h> |
---|
24 | #endif |
---|
25 | |
---|
26 | EXEC SQL INCLUDE sqlca; |
---|
27 | |
---|
28 | RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/server/qaccess.pc $ $Id: qaccess.pc 4110 2013-05-09 15:43:17Z zacheiss $"); |
---|
29 | |
---|
30 | extern char *whoami; |
---|
31 | extern int dbms_errno, mr_errcode; |
---|
32 | |
---|
33 | EXEC SQL WHENEVER SQLERROR DO dbmserr(); |
---|
34 | |
---|
35 | |
---|
36 | /* Specialized Access Routines */ |
---|
37 | |
---|
38 | /* access_user - verify that client name equals specified login name |
---|
39 | * |
---|
40 | * - since field validation routines are called first, a users_id is |
---|
41 | * now in argv[0] instead of the login name. |
---|
42 | */ |
---|
43 | |
---|
44 | int access_user(struct query *q, char *argv[], client *cl) |
---|
45 | { |
---|
46 | if (cl->users_id != *(int *)argv[0]) |
---|
47 | return MR_PERM; |
---|
48 | else |
---|
49 | return MR_SUCCESS; |
---|
50 | } |
---|
51 | |
---|
52 | int access_update_user(struct query *q, char *argv[], client *cl) |
---|
53 | { |
---|
54 | EXEC SQL BEGIN DECLARE SECTION; |
---|
55 | int users_id, unix_uid, status, comments, secure, sponsor_id; |
---|
56 | char login[USERS_LOGIN_SIZE], shell[USERS_SHELL_SIZE]; |
---|
57 | char winconsoleshell[USERS_WINCONSOLESHELL_SIZE], last[USERS_LAST_SIZE]; |
---|
58 | char first[USERS_FIRST_SIZE], middle[USERS_MIDDLE_SIZE]; |
---|
59 | char clearid[USERS_CLEARID_SIZE], type[USERS_TYPE_SIZE]; |
---|
60 | char signature[USERS_SIGNATURE_SIZE], sponsor_type[USERS_SPONSOR_TYPE_SIZE]; |
---|
61 | char expiration[USERS_EXPIRATION_SIZE], alternate_email[USERS_ALTERNATE_EMAIL_SIZE]; |
---|
62 | char alternate_phone[USERS_ALTERNATE_PHONE_SIZE]; |
---|
63 | EXEC SQL END DECLARE SECTION; |
---|
64 | |
---|
65 | /* The two fields we let users update themselves didn't appear until |
---|
66 | * version 11. |
---|
67 | */ |
---|
68 | if (q->version < 11) |
---|
69 | return MR_PERM; |
---|
70 | |
---|
71 | if (cl->users_id != *(int *)argv[0]) |
---|
72 | return MR_PERM; |
---|
73 | |
---|
74 | users_id = *(int *)argv[0]; |
---|
75 | |
---|
76 | EXEC SQL SELECT u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, |
---|
77 | u.first, u.middle, u.status, u.clearid, u.type, u.comments, u.signature, |
---|
78 | u.secure, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, |
---|
79 | u.alternate_phone INTO :login, :unix_uid, :shell, :winconsoleshell, :last, :first, |
---|
80 | :middle, :status, :clearid, :type, :comments, :signature, :secure, :sponsor_type, |
---|
81 | :sponsor_id, :expiration, :alternate_email, :alternate_phone |
---|
82 | FROM USERS u WHERE u.users_id = :users_id; |
---|
83 | |
---|
84 | /* None of these things can have changed. */ |
---|
85 | if (strcmp(argv[1], strtrim(login)) || |
---|
86 | (unix_uid != atoi(argv[2])) || |
---|
87 | strcmp(argv[3], strtrim(shell)) || |
---|
88 | strcmp(argv[4], strtrim(winconsoleshell)) || |
---|
89 | strcmp(argv[5], strtrim(last)) || |
---|
90 | strcmp(argv[6], strtrim(first)) || |
---|
91 | strcmp(argv[7], strtrim(middle)) || |
---|
92 | (status != atoi(argv[8])) || |
---|
93 | strcmp(argv[9], strtrim(clearid)) || |
---|
94 | strcmp(argv[10], strtrim(type)) || |
---|
95 | (comments != *(int *)argv[11]) || |
---|
96 | strcmp(argv[12], strtrim(signature)) || |
---|
97 | (secure != atoi(argv[13]))) |
---|
98 | return MR_PERM; |
---|
99 | |
---|
100 | /* These fields added in version 12 of the query. */ |
---|
101 | if (q->version >= 12) |
---|
102 | { |
---|
103 | if (strcmp(argv[16], strtrim(sponsor_type)) || |
---|
104 | (sponsor_id != *(int *)argv[17]) || |
---|
105 | strcmp(argv[18], strtrim(expiration))) |
---|
106 | return MR_PERM; |
---|
107 | } |
---|
108 | |
---|
109 | /* These fields added in version 14 of the query. */ |
---|
110 | if (q->version >= 14) |
---|
111 | { |
---|
112 | if (strcmp(argv[19], strtrim(alternate_email)) || |
---|
113 | strcmp(argv[20], strtrim(alternate_phone))) |
---|
114 | return MR_PERM; |
---|
115 | } |
---|
116 | |
---|
117 | return MR_SUCCESS; |
---|
118 | } |
---|
119 | |
---|
120 | /* access_login - verify that client name equals specified login name |
---|
121 | * |
---|
122 | * argv[0...n] contain search info. q-> |
---|
123 | */ |
---|
124 | |
---|
125 | int access_login(struct query *q, char *argv[], client *cl) |
---|
126 | { |
---|
127 | EXEC SQL BEGIN DECLARE SECTION; |
---|
128 | int id; |
---|
129 | EXEC SQL END DECLARE SECTION; |
---|
130 | |
---|
131 | if (q->argc != 1) |
---|
132 | return MR_ARGS; |
---|
133 | |
---|
134 | if (!strcmp(q->shortname, "gual") || !strcmp(q->shortname, "gura")) |
---|
135 | { |
---|
136 | EXEC SQL SELECT users_id INTO :id FROM users |
---|
137 | WHERE login = :argv[0] AND users_id != 0; |
---|
138 | } |
---|
139 | else if (!strcmp(q->shortname, "gubl")) |
---|
140 | { |
---|
141 | EXEC SQL SELECT users_id INTO :id FROM users u |
---|
142 | WHERE u.login = :argv[0] AND u.users_id != 0; |
---|
143 | } |
---|
144 | else if (!strcmp(q->shortname, "guau")) |
---|
145 | { |
---|
146 | EXEC SQL SELECT users_id INTO :id FROM users |
---|
147 | WHERE unix_uid = :argv[0] AND users_id != 0; |
---|
148 | } |
---|
149 | else if (!strcmp(q->shortname, "gubu")) |
---|
150 | { |
---|
151 | EXEC SQL SELECT users_id INTO :id FROM users u |
---|
152 | WHERE u.unix_uid = :argv[0] AND u.users_id != 0; |
---|
153 | } |
---|
154 | |
---|
155 | if (sqlca.sqlcode == SQL_NO_MATCH) |
---|
156 | return MR_NO_MATCH; /* ought to be MR_USER, but this is what |
---|
157 | gual returns, so we have to be consistent */ |
---|
158 | else if (sqlca.sqlerrd[2] != 1 || id != cl->users_id) |
---|
159 | return MR_PERM; |
---|
160 | else |
---|
161 | return MR_SUCCESS; |
---|
162 | } |
---|
163 | |
---|
164 | |
---|
165 | /* access_spob - check access for set_pobox */ |
---|
166 | |
---|
167 | int access_spob(struct query *q, char *argv[], client *cl) |
---|
168 | { |
---|
169 | EXEC SQL BEGIN DECLARE SECTION; |
---|
170 | int id; |
---|
171 | EXEC SQL END DECLARE SECTION; |
---|
172 | int status; |
---|
173 | |
---|
174 | if (!strcmp(argv[1], "IMAP")) |
---|
175 | { |
---|
176 | EXEC SQL SELECT owner INTO :id FROM filesys f |
---|
177 | WHERE f.label = :argv[2] AND f.type = 'IMAP' AND |
---|
178 | f.lockertype = 'USER'; |
---|
179 | if (cl->users_id != id) |
---|
180 | return MR_PERM; |
---|
181 | } |
---|
182 | |
---|
183 | /* Non-query owners can't forward mail to a POSTOFFICE or MAILHUB server, |
---|
184 | * nor to a nonresolving domain. |
---|
185 | */ |
---|
186 | if (!strcmp(argv[1], "SMTP") || !strcmp(argv[1], "SPLIT")) |
---|
187 | { |
---|
188 | status = check_mail_string(argv[2]); |
---|
189 | if (status) |
---|
190 | return status; |
---|
191 | } |
---|
192 | |
---|
193 | if (cl->users_id != *(int *)argv[0]) |
---|
194 | return MR_PERM; |
---|
195 | else |
---|
196 | return MR_SUCCESS; |
---|
197 | } |
---|
198 | |
---|
199 | |
---|
200 | /* access_list - check access for most list operations |
---|
201 | * |
---|
202 | * Inputs: argv[0] - list_id |
---|
203 | * q - query name |
---|
204 | * argv[2] - member ID (only for queries "amtl" and "dmfl") |
---|
205 | * argv[7] - group ID (only for query "ulis") |
---|
206 | * cl - client name |
---|
207 | * |
---|
208 | * - check that client is a member of the access control list |
---|
209 | * - OR, if the query is add_member_to_list or delete_member_from_list |
---|
210 | * and the list is public, allow access if client = member |
---|
211 | */ |
---|
212 | |
---|
213 | int access_list(struct query *q, char *argv[], client *cl) |
---|
214 | { |
---|
215 | EXEC SQL BEGIN DECLARE SECTION; |
---|
216 | int list_id, acl_id, flags, gid, users_id, member_id, member_acl_id; |
---|
217 | int memacl_id, mailman, mailman_id; |
---|
218 | char acl_type[LIST_ACL_TYPE_SIZE], name[LIST_NAME_SIZE], *newname; |
---|
219 | char member_acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE]; |
---|
220 | EXEC SQL END DECLARE SECTION; |
---|
221 | int status, cnt; |
---|
222 | char *buf; |
---|
223 | |
---|
224 | list_id = *(int *)argv[0]; |
---|
225 | member_id = *(int *)argv[2]; |
---|
226 | EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, |
---|
227 | gid, publicflg, name, mailman, mailman_id |
---|
228 | INTO :acl_id, :acl_type, :memacl_id, :memacl_type, |
---|
229 | :gid, :flags, :name, :mailman, :mailman_id |
---|
230 | FROM list |
---|
231 | WHERE list_id = :list_id; |
---|
232 | |
---|
233 | if (sqlca.sqlerrd[2] != 1) |
---|
234 | return MR_INTERNAL; |
---|
235 | |
---|
236 | /* if update_list, don't allow them to change the GID or rename to a |
---|
237 | username other than their own */ |
---|
238 | if (!strcmp("ulis", q->shortname)) |
---|
239 | { |
---|
240 | if (!strcmp(argv[7], UNIQUE_GID)) |
---|
241 | { |
---|
242 | if (gid != -1) |
---|
243 | return MR_PERM; |
---|
244 | } |
---|
245 | else |
---|
246 | { |
---|
247 | if (gid != atoi(argv[7])) |
---|
248 | return MR_PERM; |
---|
249 | } |
---|
250 | |
---|
251 | newname = argv[1]; |
---|
252 | |
---|
253 | /* Check that it doesn't conflict with the Grouper namespace. */ |
---|
254 | if (strlen(newname) > 4 && isdigit(newname[2]) && |
---|
255 | isdigit(newname[3]) && newname[4] == '-') |
---|
256 | { |
---|
257 | if (!strncasecmp(newname, "fa", 2) || |
---|
258 | !strncasecmp(newname, "sp", 2) || |
---|
259 | !strncasecmp(newname, "su", 2) || |
---|
260 | !strncasecmp(newname, "ja", 2)) |
---|
261 | return MR_RESERVED; |
---|
262 | } |
---|
263 | |
---|
264 | /* Don't let anyone take owner-foo list names. They interact |
---|
265 | * weirdly with the aliases automatically generated by |
---|
266 | * mailhub.gen. |
---|
267 | */ |
---|
268 | if (!strncasecmp(newname, "owner-", 6)) |
---|
269 | return MR_RESERVED; |
---|
270 | |
---|
271 | EXEC SQL SELECT users_id INTO :users_id FROM users |
---|
272 | WHERE login = :newname; |
---|
273 | if ((sqlca.sqlcode != SQL_NO_MATCH) && strcmp(strtrim(name), newname) && |
---|
274 | (users_id != cl->users_id)) |
---|
275 | return MR_PERM; |
---|
276 | |
---|
277 | /* For modern enough clients, don't allow ordinary users to toggle |
---|
278 | * the mailman bit or change the server. |
---|
279 | */ |
---|
280 | if (q->version >= 10) |
---|
281 | { |
---|
282 | if (mailman != atoi(argv[9])) |
---|
283 | return MR_PERM; |
---|
284 | |
---|
285 | if (mailman_id != *(int *)argv[10]) |
---|
286 | return MR_PERM; |
---|
287 | } |
---|
288 | } |
---|
289 | |
---|
290 | /* Don't allow non-query owners to add STRINGs to lists if they end |
---|
291 | * in a domain that's MIT.EDU or one of the hosts that provide the |
---|
292 | * MAILHUB or POSTOFFICE services. |
---|
293 | */ |
---|
294 | if (!strcmp(q->shortname, "amtl") || !strcmp(q->shortname, "atml")) |
---|
295 | { |
---|
296 | if (!strcmp("STRING", argv[1])) |
---|
297 | { |
---|
298 | buf = malloc(0); |
---|
299 | status = id_to_name(*(int *)argv[2], STRINGS_TABLE, &buf); |
---|
300 | if (status) |
---|
301 | return status; |
---|
302 | |
---|
303 | status = check_mail_string(buf); |
---|
304 | free(buf); |
---|
305 | if (status) |
---|
306 | return status; |
---|
307 | } |
---|
308 | } |
---|
309 | |
---|
310 | /* check for client in access control list and return success right |
---|
311 | * away if it's there. */ |
---|
312 | if (find_member(acl_type, acl_id, cl)) |
---|
313 | return MR_SUCCESS; |
---|
314 | |
---|
315 | /* If not amtl, atml, or dmfl, we lose. */ |
---|
316 | if (strcmp(q->shortname, "amtl") && strcmp(q->shortname, "atml") && |
---|
317 | strcmp(q->shortname, "dmfl") && strcmp(q->shortname, "tmol")) |
---|
318 | return MR_PERM; |
---|
319 | |
---|
320 | if (find_member(memacl_type, memacl_id, cl)) |
---|
321 | return MR_SUCCESS; |
---|
322 | |
---|
323 | if (flags || q->type == MR_Q_DELETE) |
---|
324 | { |
---|
325 | if (!strcmp("USER", argv[1]) && *(int *)argv[2] == cl->users_id) |
---|
326 | return MR_SUCCESS; |
---|
327 | if (!strcmp("KERBEROS", argv[1]) && *(int *)argv[2] == -cl->client_id) |
---|
328 | return MR_SUCCESS; |
---|
329 | if (!strcmp("LIST", argv[1]) && !strcmp("dmfl", q->shortname)) |
---|
330 | { |
---|
331 | EXEC SQL SELECT acl_id, acl_type INTO :member_acl_id, |
---|
332 | :member_acl_type |
---|
333 | FROM list |
---|
334 | WHERE list_id = :member_id; |
---|
335 | |
---|
336 | if (find_member(member_acl_type, member_acl_id, cl)) |
---|
337 | return MR_SUCCESS; |
---|
338 | } |
---|
339 | } |
---|
340 | |
---|
341 | /* Otherwise fail. */ |
---|
342 | return MR_PERM; |
---|
343 | } |
---|
344 | |
---|
345 | |
---|
346 | /* access_visible_list - allow access to list only if it is not hidden, |
---|
347 | * or if the client is on the ACL |
---|
348 | * |
---|
349 | * Inputs: argv[0] - list_id |
---|
350 | * cl - client identifier |
---|
351 | */ |
---|
352 | |
---|
353 | int access_visible_list(struct query *q, char *argv[], client *cl) |
---|
354 | { |
---|
355 | EXEC SQL BEGIN DECLARE SECTION; |
---|
356 | int list_id, acl_id, memacl_id, flags ; |
---|
357 | char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE]; |
---|
358 | EXEC SQL END DECLARE SECTION; |
---|
359 | int status; |
---|
360 | |
---|
361 | list_id = *(int *)argv[0]; |
---|
362 | EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type |
---|
363 | INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type |
---|
364 | FROM list |
---|
365 | WHERE list_id = :list_id; |
---|
366 | if (sqlca.sqlerrd[2] != 1) |
---|
367 | return MR_INTERNAL; |
---|
368 | if (!flags) |
---|
369 | return MR_SUCCESS; |
---|
370 | |
---|
371 | /* check for client in access control list */ |
---|
372 | status = find_member(acl_type, acl_id, cl); |
---|
373 | if (!status) |
---|
374 | { |
---|
375 | status = find_member(memacl_type, memacl_id, cl); |
---|
376 | if (!status) |
---|
377 | return MR_PERM; |
---|
378 | } |
---|
379 | return MR_SUCCESS; |
---|
380 | } |
---|
381 | |
---|
382 | |
---|
383 | /* access_vis_list_by_name - allow access to list only if it is not hidden, |
---|
384 | * or if the client is on the ACL |
---|
385 | * |
---|
386 | * Inputs: argv[0] - list name |
---|
387 | * cl - client identifier |
---|
388 | */ |
---|
389 | |
---|
390 | int access_vis_list_by_name(struct query *q, char *argv[], client *cl) |
---|
391 | { |
---|
392 | EXEC SQL BEGIN DECLARE SECTION; |
---|
393 | int acl_id, memacl_id, flags, rowcount, list_id; |
---|
394 | char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE]; |
---|
395 | char *listname; |
---|
396 | EXEC SQL END DECLARE SECTION; |
---|
397 | int status; |
---|
398 | |
---|
399 | listname = argv[0]; |
---|
400 | EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type, list_id |
---|
401 | INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type, :list_id |
---|
402 | FROM list |
---|
403 | WHERE name = :listname; |
---|
404 | |
---|
405 | rowcount = sqlca.sqlerrd[2]; |
---|
406 | if (rowcount > 1) |
---|
407 | return MR_WILDCARD; |
---|
408 | if (rowcount == 0) |
---|
409 | return MR_NO_MATCH; |
---|
410 | if (!flags) |
---|
411 | return MR_SUCCESS; |
---|
412 | |
---|
413 | /* If the user is a member of the acl, memacl, or the list itself, |
---|
414 | * accept them. |
---|
415 | */ |
---|
416 | status = find_member(acl_type, acl_id, cl); |
---|
417 | if (!status) |
---|
418 | status = find_member(memacl_type, memacl_id, cl); |
---|
419 | if (!status) |
---|
420 | status = find_member("LIST", list_id, cl); |
---|
421 | if (!status) |
---|
422 | return MR_PERM; |
---|
423 | |
---|
424 | return MR_SUCCESS; |
---|
425 | } |
---|
426 | |
---|
427 | |
---|
428 | /* access_member - allow user to access member of type "USER" and name matches |
---|
429 | * username, or to access member of type "KERBEROS" and the principal matches |
---|
430 | * the user, or to access member of type "LIST" and list is one that user is |
---|
431 | * on the acl of, or the list is visible. Allow anyone to look up list |
---|
432 | * memberships of MACHINEs. |
---|
433 | */ |
---|
434 | |
---|
435 | int access_member(struct query *q, char *argv[], client *cl) |
---|
436 | { |
---|
437 | if (!strcmp(argv[0], "LIST") || !strcmp(argv[0], "RLIST")) |
---|
438 | return access_visible_list(q, &argv[1], cl); |
---|
439 | |
---|
440 | if (!strcmp(argv[0], "USER") || !strcmp(argv[0], "RUSER")) |
---|
441 | { |
---|
442 | if (cl->users_id == *(int *)argv[1]) |
---|
443 | return MR_SUCCESS; |
---|
444 | } |
---|
445 | |
---|
446 | if (!strcmp(argv[0], "KERBEROS") || !strcmp(argv[0], "RKERBEROS")) |
---|
447 | { |
---|
448 | if (cl->client_id == -*(int *)argv[1]) |
---|
449 | return MR_SUCCESS; |
---|
450 | } |
---|
451 | |
---|
452 | if (!strcmp(argv[0], "MACHINE") || !strcmp(argv[0], "RMACHINE")) |
---|
453 | return MR_SUCCESS; |
---|
454 | |
---|
455 | return MR_PERM; |
---|
456 | } |
---|
457 | |
---|
458 | |
---|
459 | /* access_qgli - special access routine for Qualified_get_lists. Allows |
---|
460 | * access iff argv[0] == "TRUE" and argv[2] == "FALSE". |
---|
461 | */ |
---|
462 | |
---|
463 | int access_qgli(struct query *q, char *argv[], client *cl) |
---|
464 | { |
---|
465 | if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE")) |
---|
466 | return MR_SUCCESS; |
---|
467 | return MR_PERM; |
---|
468 | } |
---|
469 | |
---|
470 | |
---|
471 | /* access_service - allow access if user is on ACL of service. Don't |
---|
472 | * allow access if a wildcard is used. |
---|
473 | */ |
---|
474 | |
---|
475 | int access_service(struct query *q, char *argv[], client *cl) |
---|
476 | { |
---|
477 | EXEC SQL BEGIN DECLARE SECTION; |
---|
478 | int acl_id; |
---|
479 | char *name, acl_type[LIST_ACL_TYPE_SIZE]; |
---|
480 | EXEC SQL END DECLARE SECTION; |
---|
481 | int status; |
---|
482 | char *c; |
---|
483 | |
---|
484 | name = argv[0]; |
---|
485 | for (c = name; *c; c++) |
---|
486 | { |
---|
487 | if (islower(*c)) |
---|
488 | *c = toupper(*c); |
---|
489 | } |
---|
490 | EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers |
---|
491 | WHERE name = :name; |
---|
492 | if (sqlca.sqlerrd[2] > 1) |
---|
493 | return MR_PERM; |
---|
494 | |
---|
495 | /* check for client in access control list */ |
---|
496 | status = find_member(acl_type, acl_id, cl); |
---|
497 | if (!status) |
---|
498 | return MR_PERM; |
---|
499 | |
---|
500 | return MR_SUCCESS; |
---|
501 | } |
---|
502 | |
---|
503 | |
---|
504 | /* access_filesys - verify that client is owner or on owners list of filesystem |
---|
505 | * named by argv[0] |
---|
506 | */ |
---|
507 | |
---|
508 | int access_filesys(struct query *q, char *argv[], client *cl) |
---|
509 | { |
---|
510 | EXEC SQL BEGIN DECLARE SECTION; |
---|
511 | int users_id, list_id; |
---|
512 | char *name; |
---|
513 | EXEC SQL END DECLARE SECTION; |
---|
514 | int status; |
---|
515 | |
---|
516 | name = argv[0]; |
---|
517 | EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys |
---|
518 | WHERE label = :name; |
---|
519 | |
---|
520 | if (sqlca.sqlerrd[2] != 1) |
---|
521 | return MR_PERM; |
---|
522 | if (users_id == cl->users_id) |
---|
523 | return MR_SUCCESS; |
---|
524 | status = find_member("LIST", list_id, cl); |
---|
525 | if (status) |
---|
526 | return MR_SUCCESS; |
---|
527 | else |
---|
528 | return MR_PERM; |
---|
529 | } |
---|
530 | |
---|
531 | /* access_shot - successful if: |
---|
532 | * - opt is 0 or 1. |
---|
533 | * - user is owner of subnet containing host. |
---|
534 | * - user is owner of host and network isn't RESERVED / INFRASTRUCTURE. |
---|
535 | * - user has 'CAN SPEND OR COMMIT FUNDS' for host cost object and |
---|
536 | * affiliation is one of student, faculty, or research staff. |
---|
537 | */ |
---|
538 | int access_shot(struct query *q, char *argv[], client *cl) |
---|
539 | { |
---|
540 | EXEC SQL BEGIN DECLARE SECTION; |
---|
541 | int mid, sid, status; |
---|
542 | char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE]; |
---|
543 | char account_number[MACHINE_ACCOUNT_NUMBER_SIZE]; |
---|
544 | char login[USERS_LOGIN_SIZE], affiliation[USERS_AFFILIATION_DETAILED_SIZE]; |
---|
545 | EXEC SQL END DECLARE SECTION; |
---|
546 | int id; |
---|
547 | char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1]; |
---|
548 | |
---|
549 | id = *(int *)argv[0]; |
---|
550 | |
---|
551 | /* opt must be zero or one for non-query owner */ |
---|
552 | if (atoi(argv[1]) != 0 && atoi(argv[1]) != 1) |
---|
553 | return MR_PERM; |
---|
554 | |
---|
555 | EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type, |
---|
556 | s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid, :status |
---|
557 | FROM machine m, subnet s WHERE m.mach_id = :id AND m.snet_id = s.snet_id; |
---|
558 | |
---|
559 | /* subnet owner? */ |
---|
560 | if (find_member(stype, sid, cl)) |
---|
561 | return MR_SUCCESS; |
---|
562 | |
---|
563 | /* If we're not the subnet owner, don't allow this for certain types of networks */ |
---|
564 | if (status == SNET_STATUS_RESERVED || status == SNET_STATUS_INFRASTRUCTURE) |
---|
565 | return MR_PERM; |
---|
566 | |
---|
567 | /* host owner? */ |
---|
568 | if (find_member(mtype, mid, cl)) |
---|
569 | return MR_SUCCESS; |
---|
570 | |
---|
571 | /* If we've gotten this far, you must be student/faculty/research staff. */ |
---|
572 | EXEC SQL SELECT u.login, u.affiliation_detailed INTO :login, :affiliation |
---|
573 | FROM USERS u WHERE u.users_id = :cl->users_id; |
---|
574 | |
---|
575 | if (strcmp(strtrim(affiliation), "Faculty") && |
---|
576 | strcmp(strtrim(affiliation), "Undergraduate Student") && |
---|
577 | strcmp(strtrim(affiliation), "Graduate Student") && |
---|
578 | strcmp(strtrim(affiliation), "Sponsored Research Staff") && |
---|
579 | strcmp(strtrim(affiliation), "Other Academic Group")) |
---|
580 | return MR_PERM; |
---|
581 | |
---|
582 | /* Need to check all possible cost object types in Roles */ |
---|
583 | sprintf(roles_qualifier, "F%s", strtrim(account_number)); |
---|
584 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
585 | return MR_SUCCESS; |
---|
586 | |
---|
587 | sprintf(roles_qualifier, "C%s", strtrim(account_number)); |
---|
588 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
589 | return MR_SUCCESS; |
---|
590 | |
---|
591 | sprintf(roles_qualifier, "I%s", strtrim(account_number)); |
---|
592 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
593 | return MR_SUCCESS; |
---|
594 | |
---|
595 | sprintf(roles_qualifier, "P%s", strtrim(account_number)); |
---|
596 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
597 | return MR_SUCCESS; |
---|
598 | |
---|
599 | /* Default case */ |
---|
600 | return MR_PERM; |
---|
601 | } |
---|
602 | |
---|
603 | /* access_host - successful if owner of host, or subnet containing host |
---|
604 | */ |
---|
605 | |
---|
606 | int access_host(struct query *q, char *argv[], client *cl) |
---|
607 | { |
---|
608 | EXEC SQL BEGIN DECLARE SECTION; |
---|
609 | int mid, sid, id, subnet_status; |
---|
610 | char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE]; |
---|
611 | EXEC SQL END DECLARE SECTION; |
---|
612 | int status, idx; |
---|
613 | |
---|
614 | if (q->version < 6) |
---|
615 | idx = 0; |
---|
616 | else if (q->version >= 6 && q->version < 8) |
---|
617 | idx = 1; |
---|
618 | else |
---|
619 | idx = 2; |
---|
620 | |
---|
621 | if (q->type == MR_Q_APPEND) |
---|
622 | { |
---|
623 | /* Non-query owner must set use to zero. is ignored anyway */ |
---|
624 | if (atoi(argv[6 + idx]) != 0) |
---|
625 | return MR_PERM; |
---|
626 | |
---|
627 | /* ... and start the hostname with a letter */ |
---|
628 | if (isdigit(argv[0][0])) |
---|
629 | return MR_BAD_CHAR; |
---|
630 | |
---|
631 | id = *(int *)argv[8 + idx]; |
---|
632 | EXEC SQL SELECT s.owner_type, s.owner_id, s.status |
---|
633 | INTO :stype, :sid, :subnet_status FROM subnet s |
---|
634 | WHERE s.snet_id = :id; |
---|
635 | mid = 0; |
---|
636 | |
---|
637 | /* Non query owner must provide valid billing information. */ |
---|
638 | if (q->version >= 8) |
---|
639 | { |
---|
640 | if (subnet_status == SNET_STATUS_BILLABLE) |
---|
641 | { |
---|
642 | EXEC SQL SELECT account_number FROM accountnumbers |
---|
643 | WHERE account_number = :argv[7]; |
---|
644 | if (sqlca.sqlcode == SQL_NO_MATCH) |
---|
645 | return MR_ACCOUNT_NUMBER; |
---|
646 | } |
---|
647 | } |
---|
648 | |
---|
649 | if (find_member(stype, sid, cl)) |
---|
650 | return MR_SUCCESS; |
---|
651 | else |
---|
652 | return MR_PERM; |
---|
653 | } |
---|
654 | else /* q-type == MR_Q_UPDATE */ |
---|
655 | { |
---|
656 | EXEC SQL BEGIN DECLARE SECTION; |
---|
657 | int status, acomment, use, ocomment, snid; |
---|
658 | char contact[MACHINE_CONTACT_SIZE], address[MACHINE_ADDRESS_SIZE]; |
---|
659 | char name[MACHINE_NAME_SIZE]; |
---|
660 | char billing_contact[MACHINE_BILLING_CONTACT_SIZE]; |
---|
661 | char account_number[MACHINE_ACCOUNT_NUMBER_SIZE]; |
---|
662 | char login[USERS_LOGIN_SIZE]; |
---|
663 | EXEC SQL END DECLARE SECTION; |
---|
664 | int is_machine_owner = 0; |
---|
665 | char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1]; |
---|
666 | |
---|
667 | id = *(int *)argv[0]; |
---|
668 | EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.account_number, |
---|
669 | m.status, m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id, |
---|
670 | s.owner_type, s.owner_id, s.status INTO :name, :use, :contact, |
---|
671 | :billing_contact, :account_number, :status, :address, :mtype, :mid, :acomment, |
---|
672 | :ocomment, :snid, :stype, :sid, :subnet_status |
---|
673 | FROM machine m, subnet s |
---|
674 | WHERE m.mach_id = :id AND s.snet_id = m.snet_id; |
---|
675 | if (dbms_errno) |
---|
676 | return mr_errcode; |
---|
677 | |
---|
678 | /* Non query owner must provide valid billing information. */ |
---|
679 | if (q->version >= 8) |
---|
680 | { |
---|
681 | if ((subnet_status == SNET_STATUS_BILLABLE) && |
---|
682 | (atoi(argv[10]) != 3)) |
---|
683 | { |
---|
684 | EXEC SQL SELECT account_number FROM accountnumbers |
---|
685 | WHERE account_number = :argv[8]; |
---|
686 | if (sqlca.sqlcode == SQL_NO_MATCH) |
---|
687 | return MR_ACCOUNT_NUMBER; |
---|
688 | } |
---|
689 | } |
---|
690 | |
---|
691 | /* non-query-owner cannot change use or ocomment */ |
---|
692 | if ((use != atoi(argv[7 + idx])) || (ocomment != *(int *)argv[14 + idx])) |
---|
693 | return MR_PERM; |
---|
694 | |
---|
695 | /* or rename to start with digit */ |
---|
696 | if (isdigit(argv[1][0]) && strcmp(strtrim(name), argv[1])) |
---|
697 | return MR_BAD_CHAR; |
---|
698 | |
---|
699 | if (find_member(stype, sid, cl)) |
---|
700 | { |
---|
701 | /* If moving to a new subnet, make sure user is on acl there */ |
---|
702 | id = *(int *)argv[9 + idx]; |
---|
703 | if (id != snid) |
---|
704 | { |
---|
705 | EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid |
---|
706 | FROM subnet WHERE snet_id=:id; |
---|
707 | if (!find_member(stype, sid, cl)) |
---|
708 | return MR_PERM; |
---|
709 | } |
---|
710 | |
---|
711 | return MR_SUCCESS; |
---|
712 | } |
---|
713 | |
---|
714 | /* Check host owner */ |
---|
715 | if (find_member(mtype, mid, cl)) |
---|
716 | is_machine_owner = 1; |
---|
717 | /* Check roles permissions, don't let them work for reserved and infrastructure networks */ |
---|
718 | else if (subnet_status != SNET_STATUS_RESERVED && subnet_status != SNET_STATUS_INFRASTRUCTURE) |
---|
719 | { |
---|
720 | EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id; |
---|
721 | |
---|
722 | /* Need to check all possible cost object types in Roles */ |
---|
723 | sprintf(roles_qualifier, "F%s", strtrim(account_number)); |
---|
724 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
725 | is_machine_owner = 1; |
---|
726 | |
---|
727 | if (!is_machine_owner) |
---|
728 | { |
---|
729 | sprintf(roles_qualifier, "C%s", strtrim(account_number)); |
---|
730 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
731 | is_machine_owner = 1; |
---|
732 | } |
---|
733 | |
---|
734 | if (!is_machine_owner) |
---|
735 | { |
---|
736 | sprintf(roles_qualifier, "I%s", strtrim(account_number)); |
---|
737 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
738 | is_machine_owner = 1; |
---|
739 | } |
---|
740 | |
---|
741 | if (!is_machine_owner) |
---|
742 | { |
---|
743 | sprintf(roles_qualifier, "P%s", strtrim(account_number)); |
---|
744 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
745 | is_machine_owner = 1; |
---|
746 | } |
---|
747 | } |
---|
748 | |
---|
749 | if (!is_machine_owner) |
---|
750 | return MR_PERM; |
---|
751 | |
---|
752 | /* host owner also cannot change contact, status, subnet, address, owner, or acomment */ |
---|
753 | if (strcmp(argv[6], strtrim(contact)) || |
---|
754 | (status != atoi(argv[8 + idx])) || |
---|
755 | (snid != *(int *)argv[9 + idx]) || |
---|
756 | strcmp(argv[10 + idx], strtrim(address)) || |
---|
757 | strcmp(argv[11 + idx], strtrim(mtype)) || |
---|
758 | (mid != *(int *)argv[12 + idx]) || |
---|
759 | (acomment != *(int *)argv[13 + idx])) |
---|
760 | return MR_PERM; |
---|
761 | |
---|
762 | /* Billing contact field didn't appear until version 6 */ |
---|
763 | if (q->version >= 6) |
---|
764 | if (strcmp(argv[7], strtrim(billing_contact))) |
---|
765 | return MR_PERM; |
---|
766 | |
---|
767 | return MR_SUCCESS; |
---|
768 | } |
---|
769 | } |
---|
770 | |
---|
771 | /* access_ahal - check for adding a host alias. |
---|
772 | * successful if host has less then 2 aliases and (client is owner of |
---|
773 | * host or subnet). |
---|
774 | * If deleting an alias, any owner will do. |
---|
775 | */ |
---|
776 | |
---|
777 | int access_ahal(struct query *q, char *argv[], client *cl) |
---|
778 | { |
---|
779 | EXEC SQL BEGIN DECLARE SECTION; |
---|
780 | int cnt, id, mid, sid, subnet_status; |
---|
781 | char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE]; |
---|
782 | char account_number[MACHINE_ACCOUNT_NUMBER_SIZE]; |
---|
783 | char login[USERS_LOGIN_SIZE]; |
---|
784 | EXEC SQL END DECLARE SECTION; |
---|
785 | int status; |
---|
786 | char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1]; |
---|
787 | |
---|
788 | if (q->type == MR_Q_RETRIEVE) |
---|
789 | return MR_SUCCESS; |
---|
790 | |
---|
791 | id = *(int *)argv[1]; |
---|
792 | |
---|
793 | if (q->type == MR_Q_APPEND && isdigit(argv[0][0])) |
---|
794 | return MR_BAD_CHAR; |
---|
795 | |
---|
796 | EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id; |
---|
797 | if (dbms_errno) |
---|
798 | return mr_errcode; |
---|
799 | /* if the type is MR_Q_APPEND, this is ahal and we need to make sure there |
---|
800 | * will be no more than 2 aliases. If it's not, it must be dhal and |
---|
801 | * any owner will do. |
---|
802 | */ |
---|
803 | if (q->type == MR_Q_APPEND && cnt >= 2) |
---|
804 | return MR_PERM; |
---|
805 | |
---|
806 | EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type, |
---|
807 | s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid, |
---|
808 | :subnet_status FROM machine m, subnet s WHERE m.mach_id = :id and s.snet_id = m.snet_id; |
---|
809 | |
---|
810 | status = find_member(mtype, mid, cl); |
---|
811 | if (status) |
---|
812 | return MR_SUCCESS; |
---|
813 | |
---|
814 | status = find_member(stype, sid, cl); |
---|
815 | if (status) |
---|
816 | return MR_SUCCESS; |
---|
817 | |
---|
818 | /* If you're only a Roles owner, punt for network reserved / infrastructure */ |
---|
819 | if (subnet_status == SNET_STATUS_RESERVED || subnet_status == SNET_STATUS_INFRASTRUCTURE) |
---|
820 | return MR_PERM; |
---|
821 | |
---|
822 | EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id; |
---|
823 | |
---|
824 | /* Need to check all possible cost object types in Roles */ |
---|
825 | sprintf(roles_qualifier, "F%s", strtrim(account_number)); |
---|
826 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
827 | return MR_SUCCESS; |
---|
828 | |
---|
829 | sprintf(roles_qualifier, "C%s", strtrim(account_number)); |
---|
830 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
831 | return MR_SUCCESS; |
---|
832 | |
---|
833 | sprintf(roles_qualifier, "I%s", strtrim(account_number)); |
---|
834 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
835 | return MR_SUCCESS; |
---|
836 | |
---|
837 | sprintf(roles_qualifier, "P%s", strtrim(account_number)); |
---|
838 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
839 | return MR_SUCCESS; |
---|
840 | |
---|
841 | return MR_PERM; |
---|
842 | } |
---|
843 | |
---|
844 | /* Same logic as access_ahal, for different table */ |
---|
845 | |
---|
846 | int access_hwaddr(struct query *q, char *argv[], client *cl) |
---|
847 | { |
---|
848 | EXEC SQL BEGIN DECLARE SECTION; |
---|
849 | int cnt, id, mid, sid, subnet_status; |
---|
850 | char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE]; |
---|
851 | char account_number[MACHINE_ACCOUNT_NUMBER_SIZE]; |
---|
852 | char login[USERS_LOGIN_SIZE]; |
---|
853 | EXEC SQL END DECLARE SECTION; |
---|
854 | int status; |
---|
855 | char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1]; |
---|
856 | |
---|
857 | id = *(int *)argv[0]; |
---|
858 | |
---|
859 | EXEC SQL SELECT count(name) INTO :cnt from hwaddrmap WHERE mach_id = :id; |
---|
860 | if (dbms_errno) |
---|
861 | return mr_errcode; |
---|
862 | |
---|
863 | /* if the type is MR_Q_APPEND, this is ahha and we need to make sure |
---|
864 | * there will be no more than 2 hwaddrs. If it's not, it must be |
---|
865 | * dhha and any owner will do. |
---|
866 | */ |
---|
867 | if (q->type == MR_Q_APPEND && cnt >= 2) |
---|
868 | return MR_PERM; |
---|
869 | |
---|
870 | EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type, |
---|
871 | s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid, |
---|
872 | :subnet_status FROM machine m, subnet s WHERE m.mach_id = :id and s.snet_id = m.snet_id; |
---|
873 | |
---|
874 | status = find_member(mtype, mid, cl); |
---|
875 | if (status) |
---|
876 | return MR_SUCCESS; |
---|
877 | |
---|
878 | status = find_member(stype, sid, cl); |
---|
879 | if (status) |
---|
880 | return MR_SUCCESS; |
---|
881 | |
---|
882 | /* If you're only a Roles owner, punt for network reserved / infrastructure */ |
---|
883 | if (subnet_status == SNET_STATUS_RESERVED || subnet_status == SNET_STATUS_INFRASTRUCTURE) |
---|
884 | return MR_PERM; |
---|
885 | |
---|
886 | EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id; |
---|
887 | |
---|
888 | /* Need to check all possible cost object types in Roles */ |
---|
889 | sprintf(roles_qualifier, "F%s", strtrim(account_number)); |
---|
890 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
891 | return MR_SUCCESS; |
---|
892 | |
---|
893 | sprintf(roles_qualifier, "C%s", strtrim(account_number)); |
---|
894 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
895 | return MR_SUCCESS; |
---|
896 | |
---|
897 | sprintf(roles_qualifier, "I%s", strtrim(account_number)); |
---|
898 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
899 | return MR_SUCCESS; |
---|
900 | |
---|
901 | sprintf(roles_qualifier, "P%s", strtrim(account_number)); |
---|
902 | if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS) |
---|
903 | return MR_SUCCESS; |
---|
904 | |
---|
905 | return MR_PERM; |
---|
906 | } |
---|
907 | |
---|
908 | /* access_snt - check for retrieving network structure |
---|
909 | */ |
---|
910 | |
---|
911 | int access_snt(struct query *q, char *argv[], client *cl) |
---|
912 | { |
---|
913 | if (q->type == MR_Q_RETRIEVE) |
---|
914 | return MR_SUCCESS; |
---|
915 | |
---|
916 | return MR_PERM; |
---|
917 | } |
---|
918 | |
---|
919 | |
---|
920 | /* access_printer */ |
---|
921 | int access_printer(struct query *q, char *argv[], client *cl) |
---|
922 | { |
---|
923 | EXEC SQL BEGIN DECLARE SECTION; |
---|
924 | char type[PRINTSERVERS_OWNER_TYPE_SIZE]; |
---|
925 | int id, mach_id; |
---|
926 | EXEC SQL END DECLARE SECTION; |
---|
927 | int status, row; |
---|
928 | |
---|
929 | /* Check for aprn or uprn. */ |
---|
930 | if (q->type == MR_Q_APPEND) |
---|
931 | row = 0; |
---|
932 | else |
---|
933 | row = 1; |
---|
934 | |
---|
935 | if (q->version < 13) |
---|
936 | mach_id = *(int *)argv[6 + row]; |
---|
937 | else |
---|
938 | mach_id = *(int *)argv[PRN_RM + row]; |
---|
939 | |
---|
940 | EXEC SQL SELECT owner_type, owner_id INTO :type, :id |
---|
941 | FROM printservers WHERE mach_id = :mach_id; |
---|
942 | if (sqlca.sqlcode) |
---|
943 | return MR_PERM; |
---|
944 | |
---|
945 | status = find_member(type, id, cl); |
---|
946 | if (status) |
---|
947 | return MR_SUCCESS; |
---|
948 | else |
---|
949 | return MR_PERM; |
---|
950 | } |
---|
951 | |
---|
952 | /* access_zephyr */ |
---|
953 | int access_zephyr(struct query *q, char *argv[], client *cl) |
---|
954 | { |
---|
955 | EXEC SQL BEGIN DECLARE SECTION; |
---|
956 | char type[ZEPHYR_OWNER_TYPE_SIZE]; |
---|
957 | char *class; |
---|
958 | int id; |
---|
959 | EXEC SQL END DECLARE SECTION; |
---|
960 | int status; |
---|
961 | |
---|
962 | class = argv[ZA_CLASS]; |
---|
963 | EXEC SQL SELECT owner_type, owner_id INTO :type, :id |
---|
964 | FROM zephyr WHERE class = :class; |
---|
965 | if (sqlca.sqlcode) |
---|
966 | return MR_PERM; |
---|
967 | |
---|
968 | status = find_member(type, id, cl); |
---|
969 | if (status) |
---|
970 | return MR_SUCCESS; |
---|
971 | else |
---|
972 | return MR_PERM; |
---|
973 | } |
---|
974 | |
---|
975 | /* access_container - check access for most container operations |
---|
976 | * |
---|
977 | * Inputs: argv[0] - cnt_id |
---|
978 | * q - query name |
---|
979 | * cl - client name |
---|
980 | * |
---|
981 | * - check if that client is a member of the access control list |
---|
982 | * - OR, if the query is add_machine_to_container or delete_machine_from_container |
---|
983 | * check if the client is a memeber of the mem_acl list |
---|
984 | * - if the query is update_container and the container is to be renamed and |
---|
985 | * it is a top-level container, only priviledged users can do it |
---|
986 | */ |
---|
987 | |
---|
988 | int access_container(struct query *q, char *argv[], client *cl) |
---|
989 | { |
---|
990 | EXEC SQL BEGIN DECLARE SECTION; |
---|
991 | int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag; |
---|
992 | char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE]; |
---|
993 | char name[CONTAINERS_NAME_SIZE], *newname; |
---|
994 | char machine_owner_type[MACHINE_OWNER_TYPE_SIZE]; |
---|
995 | EXEC SQL END DECLARE SECTION; |
---|
996 | int status; |
---|
997 | |
---|
998 | cnt_id = *(int *)argv[0]; |
---|
999 | |
---|
1000 | /* if amcn or dmcn, container id is the second argument */ |
---|
1001 | if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0) |
---|
1002 | { |
---|
1003 | mach_id = *(int *)argv[0]; |
---|
1004 | cnt_id = *(int *)argv[1]; |
---|
1005 | } |
---|
1006 | |
---|
1007 | EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg |
---|
1008 | INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag |
---|
1009 | FROM containers |
---|
1010 | WHERE cnt_id = :cnt_id; |
---|
1011 | |
---|
1012 | if (sqlca.sqlerrd[2] != 1) |
---|
1013 | return MR_INTERNAL; |
---|
1014 | |
---|
1015 | /* trim off the trailing spaces */ |
---|
1016 | strcpy(name, strtrim(name)); |
---|
1017 | |
---|
1018 | /* Only dbadmin can rename containers. */ |
---|
1019 | if (!strcmp(q->shortname, "ucon")) |
---|
1020 | { |
---|
1021 | newname = argv[1]; |
---|
1022 | if (strcmp(name, newname)) |
---|
1023 | return MR_PERM; |
---|
1024 | } |
---|
1025 | |
---|
1026 | /* check for client in access control list and return success right |
---|
1027 | * away if it's there. */ |
---|
1028 | if (find_member(acl_type, acl_id, cl)) |
---|
1029 | return MR_SUCCESS; |
---|
1030 | |
---|
1031 | /* If not amcn, dmcn, we lose. */ |
---|
1032 | if (strcmp(q->shortname, "amcn") && strcmp(q->shortname, "dmcn")) |
---|
1033 | return MR_PERM; |
---|
1034 | |
---|
1035 | if (find_member(memacl_type, memacl_id, cl)) |
---|
1036 | return MR_SUCCESS; |
---|
1037 | |
---|
1038 | /* if the container is public or the query is delete, grant access if client |
---|
1039 | * is on owner list */ |
---|
1040 | if (flag || q->type == MR_Q_DELETE) |
---|
1041 | { |
---|
1042 | EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type, |
---|
1043 | :machine_owner_id |
---|
1044 | FROM machine |
---|
1045 | WHERE mach_id = :mach_id; |
---|
1046 | |
---|
1047 | if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) && |
---|
1048 | find_member(machine_owner_type, machine_owner_id, cl)) |
---|
1049 | return MR_SUCCESS; |
---|
1050 | } |
---|
1051 | /* Otherwise fail. */ |
---|
1052 | return MR_PERM; |
---|
1053 | } |
---|
1054 | |
---|
1055 | int check_mail_string(char *mailstring) |
---|
1056 | { |
---|
1057 | EXEC SQL BEGIN DECLARE SECTION; |
---|
1058 | char mname[MACHINE_NAME_SIZE]; |
---|
1059 | EXEC SQL END DECLARE SECTION; |
---|
1060 | char *p, *host, *hostdomain; |
---|
1061 | struct hostent *hp; |
---|
1062 | struct mxentry *mxrecords = NULL; |
---|
1063 | int index; |
---|
1064 | |
---|
1065 | p = strchr(mailstring, '@'); |
---|
1066 | if (p) |
---|
1067 | { |
---|
1068 | host = strdup(++p); |
---|
1069 | |
---|
1070 | /* Replace .LOCAL at end of host with .MIT.EDU if needed. */ |
---|
1071 | hostdomain = strrchr(host, '.'); |
---|
1072 | if (hostdomain && !strcasecmp(hostdomain, ".LOCAL")) |
---|
1073 | { |
---|
1074 | index = hostdomain - host; |
---|
1075 | host[index] = '\0'; |
---|
1076 | host = realloc(host, strlen(host) + strlen(".MIT.EDU") + 1); |
---|
1077 | strcat(host, ".MIT.EDU"); |
---|
1078 | } |
---|
1079 | |
---|
1080 | hp = gethostbyname(host); |
---|
1081 | if (hp) |
---|
1082 | { |
---|
1083 | host = realloc(host, strlen(hp->h_name) + 1); |
---|
1084 | if (host) |
---|
1085 | strcpy(host, hp->h_name); |
---|
1086 | } |
---|
1087 | else |
---|
1088 | { |
---|
1089 | /* Possibly a host with no A record but MX records. Check. */ |
---|
1090 | mxrecords = getmxrecords(host); |
---|
1091 | if (!mxrecords) |
---|
1092 | return MR_BAD_MAIL_STRING; |
---|
1093 | else |
---|
1094 | return MR_SUCCESS; |
---|
1095 | } |
---|
1096 | |
---|
1097 | if (!strcasecmp(host, "MIT.EDU")) |
---|
1098 | { |
---|
1099 | free(host); |
---|
1100 | return MR_BAD_MAIL_STRING; |
---|
1101 | } |
---|
1102 | |
---|
1103 | EXEC SQL DECLARE csr_listmem CURSOR FOR |
---|
1104 | SELECT UNIQUE m.name FROM machine m, serverhosts sh |
---|
1105 | WHERE m.mach_id = sh.mach_id |
---|
1106 | AND (sh.service = 'MAILHUB' or sh.service = 'POSTOFFICE'); |
---|
1107 | if (dbms_errno) |
---|
1108 | { |
---|
1109 | free(host); |
---|
1110 | return mr_errcode; |
---|
1111 | } |
---|
1112 | EXEC SQL OPEN csr_listmem; |
---|
1113 | if (dbms_errno) |
---|
1114 | { |
---|
1115 | free(host); |
---|
1116 | return mr_errcode; |
---|
1117 | } |
---|
1118 | while (1) |
---|
1119 | { |
---|
1120 | EXEC SQL FETCH csr_listmem INTO :mname; |
---|
1121 | if (sqlca.sqlcode) |
---|
1122 | break; |
---|
1123 | |
---|
1124 | if (!strcasecmp(host, strtrim(mname))) |
---|
1125 | { |
---|
1126 | free(host); |
---|
1127 | return MR_BAD_MAIL_STRING; |
---|
1128 | } |
---|
1129 | } |
---|
1130 | free(host); |
---|
1131 | } |
---|
1132 | |
---|
1133 | return MR_SUCCESS; |
---|
1134 | } |
---|
1135 | |
---|
1136 | /* |
---|
1137 | * This ought to be in the bind library. It's adapted from sendmail. |
---|
1138 | */ |
---|
1139 | |
---|
1140 | /* |
---|
1141 | * These are defined in RFC833. Some bind interface headers don't declare them. |
---|
1142 | * Ghod help us if they're ever actually incompatible with what's in |
---|
1143 | * the arpa/nameser.h header. |
---|
1144 | */ |
---|
1145 | #ifndef PACKETSZ |
---|
1146 | #define PACKETSZ 512 /* maximum packet size */ |
---|
1147 | #endif |
---|
1148 | #ifndef HFIXEDSZ |
---|
1149 | #define HFIXEDSZ 12 /* #/bytes of fixed data in header */ |
---|
1150 | #endif |
---|
1151 | #ifndef INT32SZ |
---|
1152 | #define INT32SZ 4 /* for systems without 32-bit ints */ |
---|
1153 | #endif |
---|
1154 | #ifndef INT16SZ |
---|
1155 | #define INT16SZ 2 /* for systems without 16-bit ints */ |
---|
1156 | #endif |
---|
1157 | |
---|
1158 | /* minimum possible size of MX record in packet */ |
---|
1159 | #define MIN_MX_SIZE 8 /* corresp to "a.com 0" w/ terminating space */ |
---|
1160 | |
---|
1161 | struct mxentry *getmxrecords(const char *name) |
---|
1162 | { |
---|
1163 | char answer[PACKETSZ], *eom, *cp, *bp; |
---|
1164 | int n, ancount, qdcount, buflen, type, pref, ind; |
---|
1165 | static struct mxentry pmx[(PACKETSZ - HFIXEDSZ) / MIN_MX_SIZE]; |
---|
1166 | static char MXHostBuf[PACKETSZ - HFIXEDSZ]; |
---|
1167 | HEADER *hp; |
---|
1168 | |
---|
1169 | pmx->name = (char *)NULL; |
---|
1170 | pmx->pref = -1; |
---|
1171 | n = res_search(name, C_IN,T_MX, (unsigned char *)&answer, sizeof(answer)); |
---|
1172 | if (n == -1) |
---|
1173 | return((struct mxentry *)NULL); |
---|
1174 | if ((size_t)n > sizeof(answer)) |
---|
1175 | n = sizeof(answer); |
---|
1176 | |
---|
1177 | hp = (HEADER *)&answer; |
---|
1178 | cp = answer + HFIXEDSZ; |
---|
1179 | eom = answer + n; |
---|
1180 | h_errno = 0; |
---|
1181 | for (qdcount = ntohs(hp->qdcount); qdcount--; cp += n + QFIXEDSZ) |
---|
1182 | if ((n = dn_skipname((unsigned char *)cp, (unsigned char *)eom)) < 0) |
---|
1183 | return((struct mxentry *)NULL); |
---|
1184 | buflen = sizeof(MXHostBuf) - 1; |
---|
1185 | bp = MXHostBuf; |
---|
1186 | ind = 0; |
---|
1187 | ancount = ntohs(hp->ancount); |
---|
1188 | while (--ancount >= 0 && cp < eom) |
---|
1189 | { |
---|
1190 | if ((n = dn_expand((unsigned char *)answer, (unsigned char *)eom, |
---|
1191 | (unsigned char *)cp, bp, buflen)) < 0) |
---|
1192 | break; |
---|
1193 | cp += n; |
---|
1194 | GETSHORT(type, cp); |
---|
1195 | cp += INT16SZ + INT32SZ; |
---|
1196 | GETSHORT(n, cp); |
---|
1197 | if (type != T_MX) |
---|
1198 | { |
---|
1199 | cp += n; |
---|
1200 | continue; |
---|
1201 | } |
---|
1202 | GETSHORT(pref, cp); |
---|
1203 | if ((n = dn_expand((unsigned char *)answer, (unsigned char *)eom, |
---|
1204 | (unsigned char *)cp, bp, buflen)) < 0) |
---|
1205 | break; |
---|
1206 | cp += n; |
---|
1207 | |
---|
1208 | pmx[ind].name = bp; |
---|
1209 | pmx[ind].pref = pref; |
---|
1210 | ++ind; |
---|
1211 | |
---|
1212 | n = strlen((const char *)bp); |
---|
1213 | bp += n; |
---|
1214 | *bp++ = '\0'; |
---|
1215 | |
---|
1216 | buflen -= n + 1; |
---|
1217 | } |
---|
1218 | |
---|
1219 | pmx[ind].name = (char *)NULL; |
---|
1220 | pmx[ind].pref = -1; |
---|
1221 | return(pmx); |
---|
1222 | } |
---|
1223 | |
---|
1224 | /* Based heavily on Roles PL/SQL function ROLESAPI_IS_USER_AUTHORIZED */ |
---|
1225 | int check_roles_authorization(char *login, char *function_name, |
---|
1226 | char *qualifier_code) |
---|
1227 | { |
---|
1228 | EXEC SQL BEGIN DECLARE SECTION; |
---|
1229 | int rowcount; |
---|
1230 | EXEC SQL END DECLARE SECTION; |
---|
1231 | |
---|
1232 | /* Check for direct authorization */ |
---|
1233 | EXEC SQL SELECT COUNT(*) INTO :rowcount FROM roles_authorization |
---|
1234 | WHERE kerberos_name = UPPER(:login) |
---|
1235 | AND function_name = :function_name |
---|
1236 | AND qualifier_code = :qualifier_code |
---|
1237 | AND do_function = 'Y' |
---|
1238 | AND effective_date <= SYSDATE |
---|
1239 | AND (SYSDATE <= expiration_date OR expiration_date is NULL); |
---|
1240 | |
---|
1241 | if (rowcount > 0) |
---|
1242 | return MR_SUCCESS; |
---|
1243 | |
---|
1244 | /* Check for indirect authorization */ |
---|
1245 | EXEC SQL SELECT COUNT(*) INTO :rowcount FROM roles_authorization |
---|
1246 | WHERE kerberos_name = UPPER(:login) |
---|
1247 | AND function_name = :function_name |
---|
1248 | AND do_function = 'Y' AND descend = 'Y' |
---|
1249 | AND effective_date <= SYSDATE |
---|
1250 | AND (SYSDATE <= expiration_date OR expiration_date is NULL) |
---|
1251 | AND qualifier_id IN (SELECT parent_id FROM roles_qualifier_descendent |
---|
1252 | WHERE child_id = (SELECT qualifier_id FROM roles_qualifier |
---|
1253 | WHERE qualifier_code = :qualifier_code AND qualifier_type = |
---|
1254 | (SELECT qualifier_type FROM roles_function WHERE function_name = :function_name))); |
---|
1255 | |
---|
1256 | if (rowcount > 0) |
---|
1257 | return MR_SUCCESS; |
---|
1258 | |
---|
1259 | return MR_PERM; |
---|
1260 | } |
---|
1261 | |
---|