source: trunk/third/moira/server/qaccess.pc @ 23740

Revision 23740, 25.9 KB checked in by broder, 16 years ago (diff)
In moira: * New CVS snapshot (Trac: #195) * Drop patches that have been incorporated upstream. * Update to build without krb4 on systems that no longer have it. This doesn't build yet on squeeze, which lacks a krb4 library, but I'm committing now before I start hacking away at a patch to fix that.
RevLine 
[23740]1/* $Id: qaccess.pc,v 2.36 2008-08-29 14:50:07 zacheiss Exp $
[23095]2 *
3 * Check access to queries
4 *
5 * Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include "mr_server.h"
12#include "qrtn.h"
13#include "query.h"
14
15#include <ctype.h>
16#include <stdlib.h>
17#include <netdb.h>
18#include <sys/types.h>
19#include <netinet/in.h>
20#include <arpa/nameser.h>
21
22EXEC SQL INCLUDE sqlca;
23
[23740]24RCSID("$Header: /afs/athena.mit.edu/astaff/project/moiradev/repository/moira/server/qaccess.pc,v 2.36 2008-08-29 14:50:07 zacheiss Exp $");
[23095]25
26extern char *whoami;
27extern int dbms_errno, mr_errcode;
28
29EXEC SQL WHENEVER SQLERROR DO dbmserr();
30
31
32/* Specialized Access Routines */
33
34/* access_user - verify that client name equals specified login name
35 *
36 *  - since field validation routines are called first, a users_id is
37 *    now in argv[0] instead of the login name.
38 */
39
40int access_user(struct query *q, char *argv[], client *cl)
41{
42  if (cl->users_id != *(int *)argv[0])
43    return MR_PERM;
44  else
45    return MR_SUCCESS;
46}
47
48int access_update_user(struct query *q, char *argv[], client *cl)
49{
50  EXEC SQL BEGIN DECLARE SECTION;
51  int users_id, unix_uid, status, comments, secure;
52  char login[USERS_LOGIN_SIZE], shell[USERS_SHELL_SIZE];
53  char winconsoleshell[USERS_WINCONSOLESHELL_SIZE], last[USERS_LAST_SIZE];
54  char first[USERS_FIRST_SIZE], middle[USERS_MIDDLE_SIZE];
55  char clearid[USERS_CLEARID_SIZE], type[USERS_TYPE_SIZE];
56  char signature[USERS_SIGNATURE_SIZE];
57  EXEC SQL END DECLARE SECTION;
58
59  /* The two fields we let users update themselves didn't appear until
60   * version 11.
61   */
62  if (q->version < 11)
63    return MR_PERM;
64
65  if (cl->users_id != *(int *)argv[0])
66    return MR_PERM;
67
68  users_id = *(int *)argv[0];
69
70  EXEC SQL SELECT u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last,
71    u.first, u.middle, u.status, u.clearid, u.type, u.comments, u.signature,
72    u.secure INTO :login, :unix_uid, :shell, :winconsoleshell, :last, :first,
73    :middle, :status, :clearid, :type, :comments, :signature, :secure
74    FROM USERS u WHERE u.users_id = :users_id;
75
76  /* None of these things can have changed. */
77  if (strcmp(argv[1], strtrim(login)) ||
78      (unix_uid != atoi(argv[2])) ||
79      strcmp(argv[3], strtrim(shell)) ||
80      strcmp(argv[4], strtrim(winconsoleshell)) ||
81      strcmp(argv[5], strtrim(last)) ||
82      strcmp(argv[6], strtrim(first)) ||
83      strcmp(argv[7], strtrim(middle)) ||
84      (status != atoi(argv[8])) ||
85      strcmp(argv[9], strtrim(clearid)) ||
86      strcmp(argv[10], strtrim(type)) ||
87      (comments != *(int *)argv[11]) ||
88      strcmp(argv[12], strtrim(signature)) ||
89      (secure != atoi(argv[13])))
90    return MR_PERM;
91
92  return MR_SUCCESS;
93}
94
95/* access_login - verify that client name equals specified login name
96 *
97 *   argv[0...n] contain search info.  q->
98 */
99
100int access_login(struct query *q, char *argv[], client *cl)
101{
102  EXEC SQL BEGIN DECLARE SECTION;
103  int id;
104  EXEC SQL END DECLARE SECTION;
105
106  if (q->argc != 1)
107    return MR_ARGS;
108
109  if (!strcmp(q->shortname, "gual"))
110    {
111      EXEC SQL SELECT users_id INTO :id FROM users
112        WHERE login = :argv[0] AND users_id != 0;
113    }
114  else if (!strcmp(q->shortname, "gubl"))
115    {
116      EXEC SQL SELECT users_id INTO :id FROM users u
117        WHERE u.login = :argv[0] AND u.users_id != 0;
118    }
119  else if (!strcmp(q->shortname, "guau"))
120    {
121      EXEC SQL SELECT users_id INTO :id FROM users
122        WHERE unix_uid = :argv[0] AND users_id != 0;
123    }
124  else if (!strcmp(q->shortname, "gubu"))
125    {
126      EXEC SQL SELECT users_id INTO :id FROM users u
127        WHERE u.unix_uid = :argv[0] AND u.users_id != 0;
128    }
129
130  if (sqlca.sqlcode == SQL_NO_MATCH)
131    return MR_NO_MATCH; /* ought to be MR_USER, but this is what
132                           gual returns, so we have to be consistent */
133  else if (sqlca.sqlerrd[2] != 1 || id != cl->users_id)
134    return MR_PERM;
135  else
136    return MR_SUCCESS;
137}
138
139
140/* access_spob - check access for set_pobox */
141
142int access_spob(struct query *q, char *argv[], client *cl)
143{
144  EXEC SQL BEGIN DECLARE SECTION;
145  int id;
146  EXEC SQL END DECLARE SECTION;
147  int status;
148
149  if (!strcmp(argv[1], "IMAP"))
[23178]150    {
151      EXEC SQL SELECT owner INTO :id FROM filesys f
152        WHERE f.label = :argv[2] AND f.type = 'IMAP' AND
153        f.lockertype = 'USER';
154      if (cl->users_id != id)
155        return MR_PERM;
156    }
[23095]157
158  /* Non-query owners can't forward mail to a POSTOFFICE or MAILHUB server,
159   * nor to a nonresolving domain.
160   */
161  if (!strcmp(argv[1], "SMTP") || !strcmp(argv[1], "SPLIT"))
162    {
163      status = check_mail_string(argv[2]);
164      if (status)
165        return status;
166    }
[23178]167 
[23095]168  if (cl->users_id != *(int *)argv[0])
169    return MR_PERM;
170  else
171    return MR_SUCCESS;
172}
173
174
175/* access_list - check access for most list operations
176 *
177 * Inputs: argv[0] - list_id
178 *          q - query name
179 *          argv[2] - member ID (only for queries "amtl" and  "dmfl")
180 *          argv[7] - group ID (only for query "ulis")
181 *          cl - client name
182 *
183 * - check that client is a member of the access control list
184 * - OR, if the query is add_member_to_list or delete_member_from_list
185 *      and the list is public, allow access if client = member
186 */
187
188int access_list(struct query *q, char *argv[], client *cl)
189{
190  EXEC SQL BEGIN DECLARE SECTION;
191  int list_id, acl_id, flags, gid, users_id, member_id, member_acl_id;
192  int memacl_id, mailman, mailman_id;
193  char acl_type[LIST_ACL_TYPE_SIZE], name[LIST_NAME_SIZE], *newname;
194  char member_acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
195  EXEC SQL END DECLARE SECTION;
196  int status, cnt;
197  char *buf;
198
199  list_id = *(int *)argv[0];
200  member_id = *(int *)argv[2];
201  EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type,
202    gid, publicflg, name, mailman, mailman_id
203    INTO :acl_id, :acl_type, :memacl_id, :memacl_type,
204    :gid, :flags, :name, :mailman, :mailman_id
205    FROM list
206    WHERE list_id = :list_id;
207
208  if (sqlca.sqlerrd[2] != 1)
209    return MR_INTERNAL;
210
211  /* if update_list, don't allow them to change the GID or rename to a
212         username other than their own */
213  if (!strcmp("ulis", q->shortname))
214    {
215      if (!strcmp(argv[7], UNIQUE_GID))
216        {
217          if (gid != -1)
218            return MR_PERM;
219        }
220      else
221        {
222          if (gid != atoi(argv[7]))
223            return MR_PERM;
224        }
225
226      newname = argv[1];
227
228      /* Check that it doesn't conflict with the Grouper namespace. */
229      if (strlen(newname) > 4 && isdigit(newname[2]) &&
230          isdigit(newname[3]) && newname[4] == '-')
231        {
232          if (!strncasecmp(newname, "fa", 2) ||
233              !strncasecmp(newname, "sp", 2) ||
234              !strncasecmp(newname, "su", 2) ||
235              !strncasecmp(newname, "ja", 2))
236            return MR_RESERVED;
237        }
238     
239      /* Don't let anyone take owner-foo list names.  They interact
240       * weirdly with the aliases automatically generated by
241       * mailhub.gen.
242       */
243      if (!strncasecmp(newname, "owner-", 6))
244        return MR_RESERVED;
245     
246      EXEC SQL SELECT users_id INTO :users_id FROM users
247        WHERE login = :newname;
248      if ((sqlca.sqlcode != SQL_NO_MATCH) && strcmp(strtrim(name), newname) &&
249          (users_id != cl->users_id))
250        return MR_PERM;
251
252      /* For modern enough clients, don't allow ordinary users to toggle
253       * the mailman bit or change the server.
254       */
255      if (q->version >= 10)
256        {
257          if (mailman != atoi(argv[9]))
258            return MR_PERM;
259
260          if (mailman_id != *(int *)argv[10])
261            return MR_PERM;
262        }
263    }
264
265  /* Don't allow non-query owners to add STRINGs to lists if they end
266   * in a domain that's MIT.EDU or one of the hosts that provide the
267   * MAILHUB or POSTOFFICE services.
268   */
269  if (!strcmp(q->shortname, "amtl") || !strcmp(q->shortname, "atml"))
270    {
271      if (!strcmp("STRING", argv[1]))
272        {
273          buf = malloc(0);
274          status = id_to_name(*(int *)argv[2], STRINGS_TABLE, &buf);
275          if (status)
276            return status;
277
278          status = check_mail_string(buf);
279          free(buf);
280          if (status)
281            return status;
282        }
283    }
284
285  /* check for client in access control list and return success right
286   * away if it's there. */
287  if (find_member(acl_type, acl_id, cl))
288    return MR_SUCCESS;
289
290  /* If not amtl, atml, or dmfl, we lose. */
291  if (strcmp(q->shortname, "amtl") && strcmp(q->shortname, "atml") &&
292      strcmp(q->shortname, "dmfl") && strcmp(q->shortname, "tmol"))
293    return MR_PERM;
294
295  if (find_member(memacl_type, memacl_id, cl))
296    return MR_SUCCESS;
297
[23178]298  if (flags || q->type == MR_Q_DELETE)
[23095]299    {
300      if (!strcmp("USER", argv[1]) && *(int *)argv[2] == cl->users_id)
301        return MR_SUCCESS;
302      if (!strcmp("KERBEROS", argv[1]) && *(int *)argv[2] == -cl->client_id)
303        return MR_SUCCESS;
304      if (!strcmp("LIST", argv[1]) && !strcmp("dmfl", q->shortname))
305        {
306          EXEC SQL SELECT acl_id, acl_type INTO :member_acl_id,
307            :member_acl_type
308            FROM list
309            WHERE list_id = :member_id;
310         
311          if (find_member(member_acl_type, member_acl_id, cl))
312            return MR_SUCCESS;
313        }
314    }
315
316  /* Otherwise fail. */
317  return MR_PERM;
318}
319
320
321/* access_visible_list - allow access to list only if it is not hidden,
322 *      or if the client is on the ACL
323 *
324 * Inputs: argv[0] - list_id
325 *         cl - client identifier
326 */
327
328int access_visible_list(struct query *q, char *argv[], client *cl)
329{
330  EXEC SQL BEGIN DECLARE SECTION;
331  int list_id, acl_id, memacl_id, flags ;
332  char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
333  EXEC SQL END DECLARE SECTION;
334  int status;
335
336  list_id = *(int *)argv[0];
337  EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type
338    INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
339    FROM list
340    WHERE list_id = :list_id;
341  if (sqlca.sqlerrd[2] != 1)
342    return MR_INTERNAL;
343  if (!flags)
344    return MR_SUCCESS;
345
346  /* check for client in access control list */
347  status = find_member(acl_type, acl_id, cl);
348  if (!status)
349    {
350      status = find_member(memacl_type, memacl_id, cl);
351      if (!status)
352        return MR_PERM;
353    }
354  return MR_SUCCESS;
355}
356
357
358/* access_vis_list_by_name - allow access to list only if it is not hidden,
359 *      or if the client is on the ACL
360 *
361 * Inputs: argv[0] - list name
362 *         cl - client identifier
363 */
364
365int access_vis_list_by_name(struct query *q, char *argv[], client *cl)
366{
367  EXEC SQL BEGIN DECLARE SECTION;
368  int acl_id, memacl_id, flags, rowcount, list_id;
369  char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
370  char *listname;
371  EXEC SQL END DECLARE SECTION;
372  int status;
373
374  listname = argv[0];
375  EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type, list_id
376    INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type, :list_id
377    FROM list
378    WHERE name = :listname;
379
380  rowcount = sqlca.sqlerrd[2];
381  if (rowcount > 1)
382    return MR_WILDCARD;
383  if (rowcount == 0)
384    return MR_NO_MATCH;
385  if (!flags)
386    return MR_SUCCESS;
387
388  /* If the user is a member of the acl, memacl, or the list itself,
389   * accept them.
390   */
391  status = find_member(acl_type, acl_id, cl);
392  if (!status)
393    status = find_member(memacl_type, memacl_id, cl);
394  if (!status)
395    status = find_member("LIST", list_id, cl);
396  if (!status)
397    return MR_PERM;
398
399  return MR_SUCCESS;
400}
401
402
403/* access_member - allow user to access member of type "USER" and name matches
404 * username, or to access member of type "KERBEROS" and the principal matches
405 * the user, or to access member of type "LIST" and list is one that user is
406 * on the acl of, or the list is visible.  Allow anyone to look up list
407 * memberships of MACHINEs.
408 */
409
410int access_member(struct query *q, char *argv[], client *cl)
411{
412  if (!strcmp(argv[0], "LIST") || !strcmp(argv[0], "RLIST"))
413    return access_visible_list(q, &argv[1], cl);
414
415  if (!strcmp(argv[0], "USER") || !strcmp(argv[0], "RUSER"))
416    {
417      if (cl->users_id == *(int *)argv[1])
418        return MR_SUCCESS;
419    }
420
421  if (!strcmp(argv[0], "KERBEROS") || !strcmp(argv[0], "RKERBEROS"))
422    {
423      if (cl->client_id == -*(int *)argv[1])
424        return MR_SUCCESS;
425    }
426
427  if (!strcmp(argv[0], "MACHINE") || !strcmp(argv[0], "RMACHINE"))
428    return MR_SUCCESS;   
429
430  return MR_PERM;
431}
432
433
434/* access_qgli - special access routine for Qualified_get_lists.  Allows
435 * access iff argv[0] == "TRUE" and argv[2] == "FALSE".
436 */
437
438int access_qgli(struct query *q, char *argv[], client *cl)
439{
440  if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE"))
441    return MR_SUCCESS;
442  return MR_PERM;
443}
444
445
446/* access_service - allow access if user is on ACL of service.  Don't
447 * allow access if a wildcard is used.
448 */
449
450int access_service(struct query *q, char *argv[], client *cl)
451{
452  EXEC SQL BEGIN DECLARE SECTION;
453  int acl_id;
454  char *name, acl_type[LIST_ACL_TYPE_SIZE];
455  EXEC SQL END DECLARE SECTION;
456  int status;
457  char *c;
458
459  name = argv[0];
460  for (c = name; *c; c++)
461    {
462      if (islower(*c))
463        *c = toupper(*c);
464    }
465  EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers
466    WHERE name = :name;
467  if (sqlca.sqlerrd[2] > 1)
468    return MR_PERM;
469
470  /* check for client in access control list */
471  status = find_member(acl_type, acl_id, cl);
472  if (!status)
473    return MR_PERM;
474
475  return MR_SUCCESS;
476}
477
478
479/* access_filesys - verify that client is owner or on owners list of filesystem
480 *      named by argv[0]
481 */
482
483int access_filesys(struct query *q, char *argv[], client *cl)
484{
485  EXEC SQL BEGIN DECLARE SECTION;
486  int users_id, list_id;
487  char *name;
488  EXEC SQL END DECLARE SECTION;
489  int status;
490
491  name = argv[0];
492  EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys
493    WHERE label = :name;
494
495  if (sqlca.sqlerrd[2] != 1)
496    return MR_PERM;
497  if (users_id == cl->users_id)
498    return MR_SUCCESS;
499  status = find_member("LIST", list_id, cl);
500  if (status)
501    return MR_SUCCESS;
502  else
503    return MR_PERM;
504}
505
506
507/* access_host - successful if owner of host, or subnet containing host
508 */
509
510int access_host(struct query *q, char *argv[], client *cl)
511{
512  EXEC SQL BEGIN DECLARE SECTION;
513  int mid, sid, id, subnet_status;
514  char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
515  char *account_number;
516  EXEC SQL END DECLARE SECTION;
517  int status, idx;
518
519  if (q->version < 6)
520    idx = 0;
521  else if (q->version >= 6 && q->version < 8)
522    idx = 1;
523  else
524    idx = 2;
525 
[23178]526  if (q->type == MR_Q_APPEND)
[23095]527    {
528      /* Non-query owner must set use to zero */
529      if (atoi(argv[6 + idx]) != 0)
530        return MR_PERM;
531
532      /* ... and start the hostname with a letter */
533      if (isdigit(argv[0][0]))
534        return MR_BAD_CHAR;
535
536      id = *(int *)argv[8 + idx];
537      EXEC SQL SELECT s.owner_type, s.owner_id, s.status
538        INTO :stype, :sid, :subnet_status FROM subnet s
539        WHERE s.snet_id = :id;
540      mid = 0;
541
542      /* Non query owner must provide valid billing information. */
543      if (q->version >= 8)
544        {
545          if (subnet_status == SNET_STATUS_BILLABLE)
546            {
547              account_number = argv[7];
548              EXEC SQL SELECT account_number FROM accountnumbers
549                WHERE account_number = :account_number;
550              if (sqlca.sqlcode == SQL_NO_MATCH)
551                return MR_ACCOUNT_NUMBER;
552            }
553        }
554
555      if (find_member(stype, sid, cl))
556        return MR_SUCCESS;
557      else
558        return MR_PERM;
559    }
[23178]560  else /* q-type == MR_Q_UPDATE */
[23095]561    {
562      EXEC SQL BEGIN DECLARE SECTION;
563      int status, acomment, use, ocomment, snid;
564      char contact[MACHINE_CONTACT_SIZE], address[MACHINE_ADDRESS_SIZE];
565      char name[MACHINE_NAME_SIZE];
566      char billing_contact[MACHINE_BILLING_CONTACT_SIZE];
567      EXEC SQL END DECLARE SECTION;
568
569      id = *(int *)argv[0];
570      EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.status,
571        m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
572        s.owner_type, s.owner_id, s.status INTO :name, :use, :contact,
573        :billing_contact, :status, :address, :mtype, :mid, :acomment,
574        :ocomment, :snid, :stype, :sid, :subnet_status
575        FROM machine m, subnet s
576        WHERE m.mach_id = :id AND s.snet_id = m.snet_id;
577      if (dbms_errno)
578        return mr_errcode;
579
580      /* Non query owner must provide valid billing information. */
581      if (q->version >= 8)
582        {
583          if ((subnet_status == SNET_STATUS_BILLABLE) &&
584              (atoi(argv[10]) != 3))
585            {
586              account_number = argv[8];
587              EXEC SQL SELECT account_number FROM accountnumbers
588                WHERE account_number = :account_number;
589              if (sqlca.sqlcode == SQL_NO_MATCH)
590                return MR_ACCOUNT_NUMBER;
591            }
592        }
593
594      /* non-query-owner cannot change use or ocomment */
595      if ((use != atoi(argv[7 + idx])) || (ocomment != *(int *)argv[14 + idx]))
596        return MR_PERM;
597
598      /* or rename to start with digit */
599      if (isdigit(argv[1][0]) && strcmp(strtrim(name), argv[1]))
600        return MR_BAD_CHAR;
601
602      if (!find_member(stype, sid, cl))
603        {
604          if (find_member(mtype, mid, cl))
605            {
606              /* host owner also cannot change contact, status, address,
607                 owner, or acomment */
608              if (strcmp(argv[6], strtrim(contact)) ||
609                  (status != atoi(argv[8 + idx])) ||
610                  strcmp(argv[10 + idx], strtrim(address)) ||
611                  strcmp(argv[11 + idx], strtrim(mtype)) ||
612                  (mid != *(int *)argv[12 + idx]) ||
613                  (acomment != *(int *)argv[13 + idx]))
614                return MR_PERM;
615              /* Billing contact field didn't appear until version 6 */
616              if (q->version >= 6)
617                if (strcmp(argv[7], strtrim(billing_contact)))
618                    return MR_PERM;
619            }
620          else
621            return MR_PERM;
622        }
623
624      /* If moving to a new subnet, make sure user is on acl there */
625      id = *(int *)argv[9 + idx];
626      if (id != snid)
627        {
628          EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid
629            FROM subnet WHERE snet_id=:id;
630          if (!find_member(stype, sid, cl))
631            return MR_PERM;
632        }
633
634      return MR_SUCCESS;
635    }
636}
637
638
639/* access_ahal - check for adding a host alias.
640 * successful if host has less then 2 aliases and (client is owner of
641 * host or subnet).
642 * If deleting an alias, any owner will do.
643 */
644
645int access_ahal(struct query *q, char *argv[], client *cl)
646{
647  EXEC SQL BEGIN DECLARE SECTION;
648  int cnt, id, mid, sid;
649  char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
650  EXEC SQL END DECLARE SECTION;
651  int status;
652
[23178]653  if (q->type == MR_Q_RETRIEVE)
[23095]654    return MR_SUCCESS;
655
656  id = *(int *)argv[1];
657
[23178]658  if (q->type == MR_Q_APPEND && isdigit(argv[0][0]))
[23095]659    return MR_BAD_CHAR;
660
661  EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
662  if (dbms_errno)
663    return mr_errcode;
[23178]664  /* if the type is MR_Q_APPEND, this is ahal and we need to make sure there
[23095]665   * will be no more than 2 aliases.  If it's not, it must be dhal and
666   * any owner will do.
667   */
[23178]668  if (q->type == MR_Q_APPEND && cnt >= 2)
[23095]669    return MR_PERM;
670  EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
671    INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
672    WHERE m.mach_id = :id and s.snet_id = m.snet_id;
673  status = find_member(mtype, mid, cl);
674  if (status)
675    return MR_SUCCESS;
676  status = find_member(stype, sid, cl);
677  if (status)
678    return MR_SUCCESS;
679  else
680    return MR_PERM;
681}
682
683
684/* access_snt - check for retrieving network structure
685 */
686
687int access_snt(struct query *q, char *argv[], client *cl)
688{
[23178]689  if (q->type == MR_Q_RETRIEVE)
[23095]690    return MR_SUCCESS;
691
692  return MR_PERM;
693}
694
695
696/* access_printer */
697int access_printer(struct query *q, char *argv[], client *cl)
698{
699  EXEC SQL BEGIN DECLARE SECTION;
700  char type[PRINTSERVERS_OWNER_TYPE_SIZE];
701  int id, mach_id;
702  EXEC SQL END DECLARE SECTION;
703  int status;
704
705  mach_id = *(int *)argv[PRN_RM];
706  EXEC SQL SELECT owner_type, owner_id INTO :type, :id
707    FROM printservers WHERE mach_id = :mach_id;
708  if (sqlca.sqlcode)
709    return MR_PERM;
710
711  status = find_member(type, id, cl);
712  if (status)
713    return MR_SUCCESS;
714  else
715    return MR_PERM;
716}
717
718/* access_zephyr */
719int access_zephyr(struct query *q, char *argv[], client *cl)
720{
721  EXEC SQL BEGIN DECLARE SECTION;
722  char type[ZEPHYR_OWNER_TYPE_SIZE];
723  char *class;
724  int id;
725  EXEC SQL END DECLARE SECTION;
726  int status;
727
728  class = argv[ZA_CLASS];
729  EXEC SQL SELECT owner_type, owner_id INTO :type, :id
730      FROM zephyr WHERE class = :class;
731  if (sqlca.sqlcode)
732    return MR_PERM;
733
734  status = find_member(type, id, cl);
735  if (status)
736    return MR_SUCCESS;
737  else
738    return MR_PERM;
739}
740
741/* access_container - check access for most container operations
742 *
743 * Inputs: argv[0] - cnt_id
744 *          q - query name       
745 *          cl - client name
746 *
747 * - check if that client is a member of the access control list
748 * - OR, if the query is add_machine_to_container or delete_machine_from_container
749 *      check if the client is a memeber of the mem_acl list
750 * - if the query is update_container and the container is to be renamed and
751 *   it is a top-level container, only priviledged users can do it
752 */
753
754int access_container(struct query *q, char *argv[], client *cl)
755{
756  EXEC SQL BEGIN DECLARE SECTION;
757  int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
758  char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
759  char name[CONTAINERS_NAME_SIZE], *newname;
760  char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
761  EXEC SQL END DECLARE SECTION;
762  int status;
763
764  cnt_id = *(int *)argv[0];
765 
766  /* if amcn or dmcn, container id is the second argument */
767  if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0)
768  {
769        mach_id = *(int *)argv[0];
770        cnt_id = *(int *)argv[1];
771  }
772
773  EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
774    INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
775    FROM containers
776    WHERE cnt_id = :cnt_id;
777
778  if (sqlca.sqlerrd[2] != 1)
779    return MR_INTERNAL;
780
781   /* trim off the trailing spaces */
782   strcpy(name, strtrim(name));
783
784  /* Only dbadmin can rename containers. */
785  if (!strcmp(q->shortname, "ucon"))
786  {
787    newname = argv[1];
788    if (strcmp(name, newname))
789      return MR_PERM;
790  }
791
792  /* check for client in access control list and return success right
793   * away if it's there. */
794  if (find_member(acl_type, acl_id, cl))
795    return MR_SUCCESS;
796
797  /* If not amcn, dmcn, we lose. */
798  if (strcmp(q->shortname, "amcn") && strcmp(q->shortname, "dmcn"))
799    return MR_PERM;
800
801  if (find_member(memacl_type, memacl_id, cl))
802    return MR_SUCCESS;
803
804  /* if the container is public or the query is delete, grant access if client
805   * is on owner list */
[23178]806  if (flag || q->type == MR_Q_DELETE)
[23095]807    {
808          EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
809            :machine_owner_id
810            FROM machine
811            WHERE mach_id = :mach_id;
812
813          if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
814                find_member(machine_owner_type, machine_owner_id, cl))
815            return MR_SUCCESS;
816    }
817  /* Otherwise fail. */
818  return MR_PERM;
819}
820
821int check_mail_string(char *mailstring)
822{
823  EXEC SQL BEGIN DECLARE SECTION;
824  char mname[MACHINE_NAME_SIZE];
825  EXEC SQL END DECLARE SECTION;
826  char *p, *host, *hostdomain;
827  struct hostent *hp;
828  struct mxentry *mxrecords = NULL;
829  int index;
830
831  p = strchr(mailstring, '@');
832  if (p)
833    {
834      host = strdup(++p);
835     
836      /* Replace .LOCAL at end of host with .MIT.EDU if needed. */
837      hostdomain = strrchr(host, '.');
838      if (hostdomain && !strcasecmp(hostdomain, ".LOCAL"))
839        {
840          index = hostdomain - host;
841          host[index] = '\0';
842          host = realloc(host, strlen(host) + strlen(".MIT.EDU") + 1);
843          strcat(host, ".MIT.EDU");
844        }
845     
846      hp = gethostbyname(host);
847      if (hp)
848        {
849          host = realloc(host, strlen(hp->h_name) + 1);
850          if (host)
851            strcpy(host, hp->h_name);
852        }
853      else
854        {
855          /* Possibly a host with no A record but MX records.  Check. */
856          mxrecords = getmxrecords(host);
857          if (!mxrecords)
858            return MR_BAD_MAIL_STRING;
859          else
860            return MR_SUCCESS;
861        }
862     
863      if (!strcasecmp(host, "MIT.EDU"))
864        {
865          free(host);
866          return MR_BAD_MAIL_STRING;
867        }
868     
869      EXEC SQL DECLARE csr_listmem CURSOR FOR
870        SELECT UNIQUE m.name FROM machine m, serverhosts sh
871        WHERE m.mach_id = sh.mach_id
872        AND (sh.service = 'MAILHUB' or sh.service = 'POSTOFFICE');
873      if (dbms_errno)
874        {
875          free(host);
876          return mr_errcode;
877        }
878      EXEC SQL OPEN csr_listmem;
879      if (dbms_errno)
880        {
881          free(host);
882          return mr_errcode;
883        }
884      while (1)
885        {
886          EXEC SQL FETCH csr_listmem INTO :mname;
887          if (sqlca.sqlcode)
888            break;
889         
890          if (!strcasecmp(host, strtrim(mname)))
891            {
892              free(host);
893              return MR_BAD_MAIL_STRING;
894            }
895        }
896      free(host);
897    }
898
899  return MR_SUCCESS;
900}
901
902/*
903 * This ought to be in the bind library.  It's adapted from sendmail.
904 */
905
906/*
907 * These are defined in RFC833. Some bind interface headers don't declare them.
908 * Ghod help us if they're ever actually incompatible with what's in
909 * the arpa/nameser.h header.
910 */
911#ifndef PACKETSZ
912#define PACKETSZ        512             /* maximum packet size */
913#endif
914#ifndef HFIXEDSZ
915#define HFIXEDSZ        12              /* #/bytes of fixed data in header */
916#endif
917#ifndef INT32SZ
918#define INT32SZ         4               /* for systems without 32-bit ints */
919#endif
920#ifndef INT16SZ
921#define INT16SZ         2               /* for systems without 16-bit ints */
922#endif
923
924/* minimum possible size of MX record in packet */
925#define MIN_MX_SIZE     8       /* corresp to "a.com 0" w/ terminating space */
926
927struct mxentry *getmxrecords(const char *name)
928{
929  char answer[PACKETSZ], *eom, *cp, *bp;
930  int n, ancount, qdcount, buflen, type, pref, ind;
931  static struct mxentry pmx[(PACKETSZ - HFIXEDSZ) / MIN_MX_SIZE];
932  static char MXHostBuf[PACKETSZ - HFIXEDSZ];
933  HEADER *hp;
934 
935  pmx->name = (char *)NULL;
936  pmx->pref = -1;
937  n = res_search(name, C_IN,T_MX, (unsigned char *)&answer, sizeof(answer));
938  if (n == -1)
939    return((struct mxentry *)NULL);
940  if ((size_t)n > sizeof(answer))
941    n = sizeof(answer);         
942 
943  hp = (HEADER *)&answer;
944  cp = answer + HFIXEDSZ;
945  eom = answer + n;
946  h_errno = 0;
947  for (qdcount = ntohs(hp->qdcount); qdcount--; cp += n + QFIXEDSZ)
948    if ((n = dn_skipname((unsigned char *)cp, (unsigned char *)eom)) < 0)
949      return((struct mxentry *)NULL);
950  buflen = sizeof(MXHostBuf) - 1;
951  bp = MXHostBuf;
952  ind = 0;
953  ancount = ntohs(hp->ancount);
954  while (--ancount >= 0 && cp < eom)
955    {
956      if ((n = dn_expand((unsigned char *)answer, (unsigned char *)eom,
957                         (unsigned char *)cp, bp, buflen)) < 0)
958        break;
959      cp += n;
960      GETSHORT(type, cp);
961      cp += INT16SZ + INT32SZ;
962      GETSHORT(n, cp);
963      if (type != T_MX)
964        {
965          cp += n;
966          continue;
967        }
968      GETSHORT(pref, cp);
969      if ((n = dn_expand((unsigned char *)answer, (unsigned char *)eom,
970                         (unsigned char *)cp, bp, buflen)) < 0)
971        break;
972      cp += n;
973     
974      pmx[ind].name = bp;
975      pmx[ind].pref = pref;
976      ++ind;
977     
978      n = strlen((const char *)bp);
979      bp += n;
980      *bp++ = '\0';
981     
982      buflen -= n + 1;
983    }
984 
985  pmx[ind].name = (char *)NULL;
986  pmx[ind].pref = -1;
987  return(pmx);
988}
Note: See TracBrowser for help on using the repository browser.