Context Navigation

qaccess.pc @ 23740

Visit:

Revision 23740, 25.9 KB checked in by broder, 15 years ago (diff)
In moira: * New CVS snapshot (Trac: #195) * Drop patches that have been incorporated upstream. * Update to build without krb4 on systems that no longer have it. This doesn't build yet on squeeze, which lacks a krb4 library, but I'm committing now before I start hacking away at a patch to fix that.

Line
1	/* $Id: qaccess.pc,v 2.36 2008-08-29 14:50:07 zacheiss Exp $
2	*
3	* Check access to queries
4	*
5	* Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
6	* For copying and distribution information, please see the file
7	* <mit-copyright.h>.
8	*/
9
10	#include <mit-copyright.h>
11	#include "mr_server.h"
12	#include "qrtn.h"
13	#include "query.h"
14
15	#include <ctype.h>
16	#include <stdlib.h>
17	#include <netdb.h>
18	#include <sys/types.h>
19	#include <netinet/in.h>
20	#include <arpa/nameser.h>
21
22	EXEC SQL INCLUDE sqlca;
23
24	RCSID("$Header: /afs/athena.mit.edu/astaff/project/moiradev/repository/moira/server/qaccess.pc,v 2.36 2008-08-29 14:50:07 zacheiss Exp $");
25
26	extern char *whoami;
27	extern int dbms_errno, mr_errcode;
28
29	EXEC SQL WHENEVER SQLERROR DO dbmserr();
30
31
32	/* Specialized Access Routines */
33
34	/* access_user - verify that client name equals specified login name
35	*
36	* - since field validation routines are called first, a users_id is
37	* now in argv[0] instead of the login name.
38	*/
39
40	int access_user(struct query q, char argv[], client *cl)
41	{
42	if (cl->users_id != (int )argv[0])
43	return MR_PERM;
44	else
45	return MR_SUCCESS;
46	}
47
48	int access_update_user(struct query q, char argv[], client *cl)
49	{
50	EXEC SQL BEGIN DECLARE SECTION;
51	int users_id, unix_uid, status, comments, secure;
52	char login[USERS_LOGIN_SIZE], shell[USERS_SHELL_SIZE];
53	char winconsoleshell[USERS_WINCONSOLESHELL_SIZE], last[USERS_LAST_SIZE];
54	char first[USERS_FIRST_SIZE], middle[USERS_MIDDLE_SIZE];
55	char clearid[USERS_CLEARID_SIZE], type[USERS_TYPE_SIZE];
56	char signature[USERS_SIGNATURE_SIZE];
57	EXEC SQL END DECLARE SECTION;
58
59	/* The two fields we let users update themselves didn't appear until
60	* version 11.
61	*/
62	if (q->version < 11)
63	return MR_PERM;
64
65	if (cl->users_id != (int )argv[0])
66	return MR_PERM;
67
68	users_id = (int )argv[0];
69
70	EXEC SQL SELECT u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last,
71	u.first, u.middle, u.status, u.clearid, u.type, u.comments, u.signature,
72	u.secure INTO :login, :unix_uid, :shell, :winconsoleshell, :last, :first,
73	:middle, :status, :clearid, :type, :comments, :signature, :secure
74	FROM USERS u WHERE u.users_id = :users_id;
75
76	/* None of these things can have changed. */
77	if (strcmp(argv[1], strtrim(login)) \|\|
78	(unix_uid != atoi(argv[2])) \|\|
79	strcmp(argv[3], strtrim(shell)) \|\|
80	strcmp(argv[4], strtrim(winconsoleshell)) \|\|
81	strcmp(argv[5], strtrim(last)) \|\|
82	strcmp(argv[6], strtrim(first)) \|\|
83	strcmp(argv[7], strtrim(middle)) \|\|
84	(status != atoi(argv[8])) \|\|
85	strcmp(argv[9], strtrim(clearid)) \|\|
86	strcmp(argv[10], strtrim(type)) \|\|
87	(comments != (int )argv[11]) \|\|
88	strcmp(argv[12], strtrim(signature)) \|\|
89	(secure != atoi(argv[13])))
90	return MR_PERM;
91
92	return MR_SUCCESS;
93	}
94
95	/* access_login - verify that client name equals specified login name
96	*
97	* argv[0...n] contain search info. q->
98	*/
99
100	int access_login(struct query q, char argv[], client *cl)
101	{
102	EXEC SQL BEGIN DECLARE SECTION;
103	int id;
104	EXEC SQL END DECLARE SECTION;
105
106	if (q->argc != 1)
107	return MR_ARGS;
108
109	if (!strcmp(q->shortname, "gual"))
110	{
111	EXEC SQL SELECT users_id INTO :id FROM users
112	WHERE login = :argv[0] AND users_id != 0;
113	}
114	else if (!strcmp(q->shortname, "gubl"))
115	{
116	EXEC SQL SELECT users_id INTO :id FROM users u
117	WHERE u.login = :argv[0] AND u.users_id != 0;
118	}
119	else if (!strcmp(q->shortname, "guau"))
120	{
121	EXEC SQL SELECT users_id INTO :id FROM users
122	WHERE unix_uid = :argv[0] AND users_id != 0;
123	}
124	else if (!strcmp(q->shortname, "gubu"))
125	{
126	EXEC SQL SELECT users_id INTO :id FROM users u
127	WHERE u.unix_uid = :argv[0] AND u.users_id != 0;
128	}
129
130	if (sqlca.sqlcode == SQL_NO_MATCH)
131	return MR_NO_MATCH; /* ought to be MR_USER, but this is what
132	gual returns, so we have to be consistent */
133	else if (sqlca.sqlerrd[2] != 1 \|\| id != cl->users_id)
134	return MR_PERM;
135	else
136	return MR_SUCCESS;
137	}
138
139
140	/* access_spob - check access for set_pobox */
141
142	int access_spob(struct query q, char argv[], client *cl)
143	{
144	EXEC SQL BEGIN DECLARE SECTION;
145	int id;
146	EXEC SQL END DECLARE SECTION;
147	int status;
148
149	if (!strcmp(argv[1], "IMAP"))
150	{
151	EXEC SQL SELECT owner INTO :id FROM filesys f
152	WHERE f.label = :argv[2] AND f.type = 'IMAP' AND
153	f.lockertype = 'USER';
154	if (cl->users_id != id)
155	return MR_PERM;
156	}
157
158	/* Non-query owners can't forward mail to a POSTOFFICE or MAILHUB server,
159	* nor to a nonresolving domain.
160	*/
161	if (!strcmp(argv[1], "SMTP") \|\| !strcmp(argv[1], "SPLIT"))
162	{
163	status = check_mail_string(argv[2]);
164	if (status)
165	return status;
166	}
167
168	if (cl->users_id != (int )argv[0])
169	return MR_PERM;
170	else
171	return MR_SUCCESS;
172	}
173
174
175	/* access_list - check access for most list operations
176	*
177	* Inputs: argv[0] - list_id
178	* q - query name
179	* argv[2] - member ID (only for queries "amtl" and "dmfl")
180	* argv[7] - group ID (only for query "ulis")
181	* cl - client name
182	*
183	* - check that client is a member of the access control list
184	* - OR, if the query is add_member_to_list or delete_member_from_list
185	* and the list is public, allow access if client = member
186	*/
187
188	int access_list(struct query q, char argv[], client *cl)
189	{
190	EXEC SQL BEGIN DECLARE SECTION;
191	int list_id, acl_id, flags, gid, users_id, member_id, member_acl_id;
192	int memacl_id, mailman, mailman_id;
193	char acl_type[LIST_ACL_TYPE_SIZE], name[LIST_NAME_SIZE], *newname;
194	char member_acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
195	EXEC SQL END DECLARE SECTION;
196	int status, cnt;
197	char *buf;
198
199	list_id = (int )argv[0];
200	member_id = (int )argv[2];
201	EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type,
202	gid, publicflg, name, mailman, mailman_id
203	INTO :acl_id, :acl_type, :memacl_id, :memacl_type,
204	:gid, :flags, :name, :mailman, :mailman_id
205	FROM list
206	WHERE list_id = :list_id;
207
208	if (sqlca.sqlerrd[2] != 1)
209	return MR_INTERNAL;
210
211	/* if update_list, don't allow them to change the GID or rename to a
212	username other than their own */
213	if (!strcmp("ulis", q->shortname))
214	{
215	if (!strcmp(argv[7], UNIQUE_GID))
216	{
217	if (gid != -1)
218	return MR_PERM;
219	}
220	else
221	{
222	if (gid != atoi(argv[7]))
223	return MR_PERM;
224	}
225
226	newname = argv[1];
227
228	/* Check that it doesn't conflict with the Grouper namespace. */
229	if (strlen(newname) > 4 && isdigit(newname[2]) &&
230	isdigit(newname[3]) && newname[4] == '-')
231	{
232	if (!strncasecmp(newname, "fa", 2) \|\|
233	!strncasecmp(newname, "sp", 2) \|\|
234	!strncasecmp(newname, "su", 2) \|\|
235	!strncasecmp(newname, "ja", 2))
236	return MR_RESERVED;
237	}
238
239	/* Don't let anyone take owner-foo list names. They interact
240	* weirdly with the aliases automatically generated by
241	* mailhub.gen.
242	*/
243	if (!strncasecmp(newname, "owner-", 6))
244	return MR_RESERVED;
245
246	EXEC SQL SELECT users_id INTO :users_id FROM users
247	WHERE login = :newname;
248	if ((sqlca.sqlcode != SQL_NO_MATCH) && strcmp(strtrim(name), newname) &&
249	(users_id != cl->users_id))
250	return MR_PERM;
251
252	/* For modern enough clients, don't allow ordinary users to toggle
253	* the mailman bit or change the server.
254	*/
255	if (q->version >= 10)
256	{
257	if (mailman != atoi(argv[9]))
258	return MR_PERM;
259
260	if (mailman_id != (int )argv[10])
261	return MR_PERM;
262	}
263	}
264
265	/* Don't allow non-query owners to add STRINGs to lists if they end
266	* in a domain that's MIT.EDU or one of the hosts that provide the
267	* MAILHUB or POSTOFFICE services.
268	*/
269	if (!strcmp(q->shortname, "amtl") \|\| !strcmp(q->shortname, "atml"))
270	{
271	if (!strcmp("STRING", argv[1]))
272	{
273	buf = malloc(0);
274	status = id_to_name((int )argv[2], STRINGS_TABLE, &buf);
275	if (status)
276	return status;
277
278	status = check_mail_string(buf);
279	free(buf);
280	if (status)
281	return status;
282	}
283	}
284
285	/* check for client in access control list and return success right
286	* away if it's there. */
287	if (find_member(acl_type, acl_id, cl))
288	return MR_SUCCESS;
289
290	/* If not amtl, atml, or dmfl, we lose. */
291	if (strcmp(q->shortname, "amtl") && strcmp(q->shortname, "atml") &&
292	strcmp(q->shortname, "dmfl") && strcmp(q->shortname, "tmol"))
293	return MR_PERM;
294
295	if (find_member(memacl_type, memacl_id, cl))
296	return MR_SUCCESS;
297
298	if (flags \|\| q->type == MR_Q_DELETE)
299	{
300	if (!strcmp("USER", argv[1]) && (int )argv[2] == cl->users_id)
301	return MR_SUCCESS;
302	if (!strcmp("KERBEROS", argv[1]) && (int )argv[2] == -cl->client_id)
303	return MR_SUCCESS;
304	if (!strcmp("LIST", argv[1]) && !strcmp("dmfl", q->shortname))
305	{
306	EXEC SQL SELECT acl_id, acl_type INTO :member_acl_id,
307	:member_acl_type
308	FROM list
309	WHERE list_id = :member_id;
310
311	if (find_member(member_acl_type, member_acl_id, cl))
312	return MR_SUCCESS;
313	}
314	}
315
316	/* Otherwise fail. */
317	return MR_PERM;
318	}
319
320
321	/* access_visible_list - allow access to list only if it is not hidden,
322	* or if the client is on the ACL
323	*
324	* Inputs: argv[0] - list_id
325	* cl - client identifier
326	*/
327
328	int access_visible_list(struct query q, char argv[], client *cl)
329	{
330	EXEC SQL BEGIN DECLARE SECTION;
331	int list_id, acl_id, memacl_id, flags ;
332	char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
333	EXEC SQL END DECLARE SECTION;
334	int status;
335
336	list_id = (int )argv[0];
337	EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type
338	INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
339	FROM list
340	WHERE list_id = :list_id;
341	if (sqlca.sqlerrd[2] != 1)
342	return MR_INTERNAL;
343	if (!flags)
344	return MR_SUCCESS;
345
346	/* check for client in access control list */
347	status = find_member(acl_type, acl_id, cl);
348	if (!status)
349	{
350	status = find_member(memacl_type, memacl_id, cl);
351	if (!status)
352	return MR_PERM;
353	}
354	return MR_SUCCESS;
355	}
356
357
358	/* access_vis_list_by_name - allow access to list only if it is not hidden,
359	* or if the client is on the ACL
360	*
361	* Inputs: argv[0] - list name
362	* cl - client identifier
363	*/
364
365	int access_vis_list_by_name(struct query q, char argv[], client *cl)
366	{
367	EXEC SQL BEGIN DECLARE SECTION;
368	int acl_id, memacl_id, flags, rowcount, list_id;
369	char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
370	char *listname;
371	EXEC SQL END DECLARE SECTION;
372	int status;
373
374	listname = argv[0];
375	EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type, list_id
376	INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type, :list_id
377	FROM list
378	WHERE name = :listname;
379
380	rowcount = sqlca.sqlerrd[2];
381	if (rowcount > 1)
382	return MR_WILDCARD;
383	if (rowcount == 0)
384	return MR_NO_MATCH;
385	if (!flags)
386	return MR_SUCCESS;
387
388	/* If the user is a member of the acl, memacl, or the list itself,
389	* accept them.
390	*/
391	status = find_member(acl_type, acl_id, cl);
392	if (!status)
393	status = find_member(memacl_type, memacl_id, cl);
394	if (!status)
395	status = find_member("LIST", list_id, cl);
396	if (!status)
397	return MR_PERM;
398
399	return MR_SUCCESS;
400	}
401
402
403	/* access_member - allow user to access member of type "USER" and name matches
404	* username, or to access member of type "KERBEROS" and the principal matches
405	* the user, or to access member of type "LIST" and list is one that user is
406	* on the acl of, or the list is visible. Allow anyone to look up list
407	* memberships of MACHINEs.
408	*/
409
410	int access_member(struct query q, char argv[], client *cl)
411	{
412	if (!strcmp(argv[0], "LIST") \|\| !strcmp(argv[0], "RLIST"))
413	return access_visible_list(q, &argv[1], cl);
414
415	if (!strcmp(argv[0], "USER") \|\| !strcmp(argv[0], "RUSER"))
416	{
417	if (cl->users_id == (int )argv[1])
418	return MR_SUCCESS;
419	}
420
421	if (!strcmp(argv[0], "KERBEROS") \|\| !strcmp(argv[0], "RKERBEROS"))
422	{
423	if (cl->client_id == -(int )argv[1])
424	return MR_SUCCESS;
425	}
426
427	if (!strcmp(argv[0], "MACHINE") \|\| !strcmp(argv[0], "RMACHINE"))
428	return MR_SUCCESS;
429
430	return MR_PERM;
431	}
432
433
434	/* access_qgli - special access routine for Qualified_get_lists. Allows
435	* access iff argv[0] == "TRUE" and argv[2] == "FALSE".
436	*/
437
438	int access_qgli(struct query q, char argv[], client *cl)
439	{
440	if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE"))
441	return MR_SUCCESS;
442	return MR_PERM;
443	}
444
445
446	/* access_service - allow access if user is on ACL of service. Don't
447	* allow access if a wildcard is used.
448	*/
449
450	int access_service(struct query q, char argv[], client *cl)
451	{
452	EXEC SQL BEGIN DECLARE SECTION;
453	int acl_id;
454	char *name, acl_type[LIST_ACL_TYPE_SIZE];
455	EXEC SQL END DECLARE SECTION;
456	int status;
457	char *c;
458
459	name = argv[0];
460	for (c = name; *c; c++)
461	{
462	if (islower(*c))
463	c = toupper(c);
464	}
465	EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers
466	WHERE name = :name;
467	if (sqlca.sqlerrd[2] > 1)
468	return MR_PERM;
469
470	/* check for client in access control list */
471	status = find_member(acl_type, acl_id, cl);
472	if (!status)
473	return MR_PERM;
474
475	return MR_SUCCESS;
476	}
477
478
479	/* access_filesys - verify that client is owner or on owners list of filesystem
480	* named by argv[0]
481	*/
482
483	int access_filesys(struct query q, char argv[], client *cl)
484	{
485	EXEC SQL BEGIN DECLARE SECTION;
486	int users_id, list_id;
487	char *name;
488	EXEC SQL END DECLARE SECTION;
489	int status;
490
491	name = argv[0];
492	EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys
493	WHERE label = :name;
494
495	if (sqlca.sqlerrd[2] != 1)
496	return MR_PERM;
497	if (users_id == cl->users_id)
498	return MR_SUCCESS;
499	status = find_member("LIST", list_id, cl);
500	if (status)
501	return MR_SUCCESS;
502	else
503	return MR_PERM;
504	}
505
506
507	/* access_host - successful if owner of host, or subnet containing host
508	*/
509
510	int access_host(struct query q, char argv[], client *cl)
511	{
512	EXEC SQL BEGIN DECLARE SECTION;
513	int mid, sid, id, subnet_status;
514	char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
515	char *account_number;
516	EXEC SQL END DECLARE SECTION;
517	int status, idx;
518
519	if (q->version < 6)
520	idx = 0;
521	else if (q->version >= 6 && q->version < 8)
522	idx = 1;
523	else
524	idx = 2;
525
526	if (q->type == MR_Q_APPEND)
527	{
528	/* Non-query owner must set use to zero */
529	if (atoi(argv[6 + idx]) != 0)
530	return MR_PERM;
531
532	/* ... and start the hostname with a letter */
533	if (isdigit(argv[0][0]))
534	return MR_BAD_CHAR;
535
536	id = (int )argv[8 + idx];
537	EXEC SQL SELECT s.owner_type, s.owner_id, s.status
538	INTO :stype, :sid, :subnet_status FROM subnet s
539	WHERE s.snet_id = :id;
540	mid = 0;
541
542	/* Non query owner must provide valid billing information. */
543	if (q->version >= 8)
544	{
545	if (subnet_status == SNET_STATUS_BILLABLE)
546	{
547	account_number = argv[7];
548	EXEC SQL SELECT account_number FROM accountnumbers
549	WHERE account_number = :account_number;
550	if (sqlca.sqlcode == SQL_NO_MATCH)
551	return MR_ACCOUNT_NUMBER;
552	}
553	}
554
555	if (find_member(stype, sid, cl))
556	return MR_SUCCESS;
557	else
558	return MR_PERM;
559	}
560	else /* q-type == MR_Q_UPDATE */
561	{
562	EXEC SQL BEGIN DECLARE SECTION;
563	int status, acomment, use, ocomment, snid;
564	char contact[MACHINE_CONTACT_SIZE], address[MACHINE_ADDRESS_SIZE];
565	char name[MACHINE_NAME_SIZE];
566	char billing_contact[MACHINE_BILLING_CONTACT_SIZE];
567	EXEC SQL END DECLARE SECTION;
568
569	id = (int )argv[0];
570	EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.status,
571	m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
572	s.owner_type, s.owner_id, s.status INTO :name, :use, :contact,
573	:billing_contact, :status, :address, :mtype, :mid, :acomment,
574	:ocomment, :snid, :stype, :sid, :subnet_status
575	FROM machine m, subnet s
576	WHERE m.mach_id = :id AND s.snet_id = m.snet_id;
577	if (dbms_errno)
578	return mr_errcode;
579
580	/* Non query owner must provide valid billing information. */
581	if (q->version >= 8)
582	{
583	if ((subnet_status == SNET_STATUS_BILLABLE) &&
584	(atoi(argv[10]) != 3))
585	{
586	account_number = argv[8];
587	EXEC SQL SELECT account_number FROM accountnumbers
588	WHERE account_number = :account_number;
589	if (sqlca.sqlcode == SQL_NO_MATCH)
590	return MR_ACCOUNT_NUMBER;
591	}
592	}
593
594	/* non-query-owner cannot change use or ocomment */
595	if ((use != atoi(argv[7 + idx])) \|\| (ocomment != (int )argv[14 + idx]))
596	return MR_PERM;
597
598	/* or rename to start with digit */
599	if (isdigit(argv[1][0]) && strcmp(strtrim(name), argv[1]))
600	return MR_BAD_CHAR;
601
602	if (!find_member(stype, sid, cl))
603	{
604	if (find_member(mtype, mid, cl))
605	{
606	/* host owner also cannot change contact, status, address,
607	owner, or acomment */
608	if (strcmp(argv[6], strtrim(contact)) \|\|
609	(status != atoi(argv[8 + idx])) \|\|
610	strcmp(argv[10 + idx], strtrim(address)) \|\|
611	strcmp(argv[11 + idx], strtrim(mtype)) \|\|
612	(mid != (int )argv[12 + idx]) \|\|
613	(acomment != (int )argv[13 + idx]))
614	return MR_PERM;
615	/* Billing contact field didn't appear until version 6 */
616	if (q->version >= 6)
617	if (strcmp(argv[7], strtrim(billing_contact)))
618	return MR_PERM;
619	}
620	else
621	return MR_PERM;
622	}
623
624	/* If moving to a new subnet, make sure user is on acl there */
625	id = (int )argv[9 + idx];
626	if (id != snid)
627	{
628	EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid
629	FROM subnet WHERE snet_id=:id;
630	if (!find_member(stype, sid, cl))
631	return MR_PERM;
632	}
633
634	return MR_SUCCESS;
635	}
636	}
637
638
639	/* access_ahal - check for adding a host alias.
640	* successful if host has less then 2 aliases and (client is owner of
641	* host or subnet).
642	* If deleting an alias, any owner will do.
643	*/
644
645	int access_ahal(struct query q, char argv[], client *cl)
646	{
647	EXEC SQL BEGIN DECLARE SECTION;
648	int cnt, id, mid, sid;
649	char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
650	EXEC SQL END DECLARE SECTION;
651	int status;
652
653	if (q->type == MR_Q_RETRIEVE)
654	return MR_SUCCESS;
655
656	id = (int )argv[1];
657
658	if (q->type == MR_Q_APPEND && isdigit(argv[0][0]))
659	return MR_BAD_CHAR;
660
661	EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
662	if (dbms_errno)
663	return mr_errcode;
664	/* if the type is MR_Q_APPEND, this is ahal and we need to make sure there
665	* will be no more than 2 aliases. If it's not, it must be dhal and
666	* any owner will do.
667	*/
668	if (q->type == MR_Q_APPEND && cnt >= 2)
669	return MR_PERM;
670	EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
671	INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
672	WHERE m.mach_id = :id and s.snet_id = m.snet_id;
673	status = find_member(mtype, mid, cl);
674	if (status)
675	return MR_SUCCESS;
676	status = find_member(stype, sid, cl);
677	if (status)
678	return MR_SUCCESS;
679	else
680	return MR_PERM;
681	}
682
683
684	/* access_snt - check for retrieving network structure
685	*/
686
687	int access_snt(struct query q, char argv[], client *cl)
688	{
689	if (q->type == MR_Q_RETRIEVE)
690	return MR_SUCCESS;
691
692	return MR_PERM;
693	}
694
695
696	/* access_printer */
697	int access_printer(struct query q, char argv[], client *cl)
698	{
699	EXEC SQL BEGIN DECLARE SECTION;
700	char type[PRINTSERVERS_OWNER_TYPE_SIZE];
701	int id, mach_id;
702	EXEC SQL END DECLARE SECTION;
703	int status;
704
705	mach_id = (int )argv[PRN_RM];
706	EXEC SQL SELECT owner_type, owner_id INTO :type, :id
707	FROM printservers WHERE mach_id = :mach_id;
708	if (sqlca.sqlcode)
709	return MR_PERM;
710
711	status = find_member(type, id, cl);
712	if (status)
713	return MR_SUCCESS;
714	else
715	return MR_PERM;
716	}
717
718	/* access_zephyr */
719	int access_zephyr(struct query q, char argv[], client *cl)
720	{
721	EXEC SQL BEGIN DECLARE SECTION;
722	char type[ZEPHYR_OWNER_TYPE_SIZE];
723	char *class;
724	int id;
725	EXEC SQL END DECLARE SECTION;
726	int status;
727
728	class = argv[ZA_CLASS];
729	EXEC SQL SELECT owner_type, owner_id INTO :type, :id
730	FROM zephyr WHERE class = :class;
731	if (sqlca.sqlcode)
732	return MR_PERM;
733
734	status = find_member(type, id, cl);
735	if (status)
736	return MR_SUCCESS;
737	else
738	return MR_PERM;
739	}
740
741	/* access_container - check access for most container operations
742	*
743	* Inputs: argv[0] - cnt_id
744	* q - query name
745	* cl - client name
746	*
747	* - check if that client is a member of the access control list
748	* - OR, if the query is add_machine_to_container or delete_machine_from_container
749	* check if the client is a memeber of the mem_acl list
750	* - if the query is update_container and the container is to be renamed and
751	* it is a top-level container, only priviledged users can do it
752	*/
753
754	int access_container(struct query q, char argv[], client *cl)
755	{
756	EXEC SQL BEGIN DECLARE SECTION;
757	int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
758	char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
759	char name[CONTAINERS_NAME_SIZE], *newname;
760	char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
761	EXEC SQL END DECLARE SECTION;
762	int status;
763
764	cnt_id = (int )argv[0];
765
766	/* if amcn or dmcn, container id is the second argument */
767	if (strcmp(q->shortname, "amcn") == 0 \|\| strcmp(q->shortname, "dmcn") == 0)
768	{
769	mach_id = (int )argv[0];
770	cnt_id = (int )argv[1];
771	}
772
773	EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
774	INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
775	FROM containers
776	WHERE cnt_id = :cnt_id;
777
778	if (sqlca.sqlerrd[2] != 1)
779	return MR_INTERNAL;
780
781	/* trim off the trailing spaces */
782	strcpy(name, strtrim(name));
783
784	/* Only dbadmin can rename containers. */
785	if (!strcmp(q->shortname, "ucon"))
786	{
787	newname = argv[1];
788	if (strcmp(name, newname))
789	return MR_PERM;
790	}
791
792	/* check for client in access control list and return success right
793	* away if it's there. */
794	if (find_member(acl_type, acl_id, cl))
795	return MR_SUCCESS;
796
797	/* If not amcn, dmcn, we lose. */
798	if (strcmp(q->shortname, "amcn") && strcmp(q->shortname, "dmcn"))
799	return MR_PERM;
800
801	if (find_member(memacl_type, memacl_id, cl))
802	return MR_SUCCESS;
803
804	/* if the container is public or the query is delete, grant access if client
805	* is on owner list */
806	if (flag \|\| q->type == MR_Q_DELETE)
807	{
808	EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
809	:machine_owner_id
810	FROM machine
811	WHERE mach_id = :mach_id;
812
813	if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
814	find_member(machine_owner_type, machine_owner_id, cl))
815	return MR_SUCCESS;
816	}
817	/* Otherwise fail. */
818	return MR_PERM;
819	}
820
821	int check_mail_string(char *mailstring)
822	{
823	EXEC SQL BEGIN DECLARE SECTION;
824	char mname[MACHINE_NAME_SIZE];
825	EXEC SQL END DECLARE SECTION;
826	char p, host, *hostdomain;
827	struct hostent *hp;
828	struct mxentry *mxrecords = NULL;
829	int index;
830
831	p = strchr(mailstring, '@');
832	if (p)
833	{
834	host = strdup(++p);
835
836	/* Replace .LOCAL at end of host with .MIT.EDU if needed. */
837	hostdomain = strrchr(host, '.');
838	if (hostdomain && !strcasecmp(hostdomain, ".LOCAL"))
839	{
840	index = hostdomain - host;
841	host[index] = '\0';
842	host = realloc(host, strlen(host) + strlen(".MIT.EDU") + 1);
843	strcat(host, ".MIT.EDU");
844	}
845
846	hp = gethostbyname(host);
847	if (hp)
848	{
849	host = realloc(host, strlen(hp->h_name) + 1);
850	if (host)
851	strcpy(host, hp->h_name);
852	}
853	else
854	{
855	/* Possibly a host with no A record but MX records. Check. */
856	mxrecords = getmxrecords(host);
857	if (!mxrecords)
858	return MR_BAD_MAIL_STRING;
859	else
860	return MR_SUCCESS;
861	}
862
863	if (!strcasecmp(host, "MIT.EDU"))
864	{
865	free(host);
866	return MR_BAD_MAIL_STRING;
867	}
868
869	EXEC SQL DECLARE csr_listmem CURSOR FOR
870	SELECT UNIQUE m.name FROM machine m, serverhosts sh
871	WHERE m.mach_id = sh.mach_id
872	AND (sh.service = 'MAILHUB' or sh.service = 'POSTOFFICE');
873	if (dbms_errno)
874	{
875	free(host);
876	return mr_errcode;
877	}
878	EXEC SQL OPEN csr_listmem;
879	if (dbms_errno)
880	{
881	free(host);
882	return mr_errcode;
883	}
884	while (1)
885	{
886	EXEC SQL FETCH csr_listmem INTO :mname;
887	if (sqlca.sqlcode)
888	break;
889
890	if (!strcasecmp(host, strtrim(mname)))
891	{
892	free(host);
893	return MR_BAD_MAIL_STRING;
894	}
895	}
896	free(host);
897	}
898
899	return MR_SUCCESS;
900	}
901
902	/*
903	* This ought to be in the bind library. It's adapted from sendmail.
904	*/
905
906	/*
907	* These are defined in RFC833. Some bind interface headers don't declare them.
908	* Ghod help us if they're ever actually incompatible with what's in
909	* the arpa/nameser.h header.
910	*/
911	#ifndef PACKETSZ
912	#define PACKETSZ 512 /* maximum packet size */
913	#endif
914	#ifndef HFIXEDSZ
915	#define HFIXEDSZ 12 /* #/bytes of fixed data in header */
916	#endif
917	#ifndef INT32SZ
918	#define INT32SZ 4 /* for systems without 32-bit ints */
919	#endif
920	#ifndef INT16SZ
921	#define INT16SZ 2 /* for systems without 16-bit ints */
922	#endif
923
924	/* minimum possible size of MX record in packet */
925	#define MIN_MX_SIZE 8 /* corresp to "a.com 0" w/ terminating space */
926
927	struct mxentry getmxrecords(const char name)
928	{
929	char answer[PACKETSZ], eom, cp, *bp;
930	int n, ancount, qdcount, buflen, type, pref, ind;
931	static struct mxentry pmx[(PACKETSZ - HFIXEDSZ) / MIN_MX_SIZE];
932	static char MXHostBuf[PACKETSZ - HFIXEDSZ];
933	HEADER *hp;
934
935	pmx->name = (char *)NULL;
936	pmx->pref = -1;
937	n = res_search(name, C_IN,T_MX, (unsigned char *)&answer, sizeof(answer));
938	if (n == -1)
939	return((struct mxentry *)NULL);
940	if ((size_t)n > sizeof(answer))
941	n = sizeof(answer);
942
943	hp = (HEADER *)&answer;
944	cp = answer + HFIXEDSZ;
945	eom = answer + n;
946	h_errno = 0;
947	for (qdcount = ntohs(hp->qdcount); qdcount--; cp += n + QFIXEDSZ)
948	if ((n = dn_skipname((unsigned char )cp, (unsigned char )eom)) < 0)
949	return((struct mxentry *)NULL);
950	buflen = sizeof(MXHostBuf) - 1;
951	bp = MXHostBuf;
952	ind = 0;
953	ancount = ntohs(hp->ancount);
954	while (--ancount >= 0 && cp < eom)
955	{
956	if ((n = dn_expand((unsigned char )answer, (unsigned char )eom,
957	(unsigned char *)cp, bp, buflen)) < 0)
958	break;
959	cp += n;
960	GETSHORT(type, cp);
961	cp += INT16SZ + INT32SZ;
962	GETSHORT(n, cp);
963	if (type != T_MX)
964	{
965	cp += n;
966	continue;
967	}
968	GETSHORT(pref, cp);
969	if ((n = dn_expand((unsigned char )answer, (unsigned char )eom,
970	(unsigned char *)cp, bp, buflen)) < 0)
971	break;
972	cp += n;
973
974	pmx[ind].name = bp;
975	pmx[ind].pref = pref;
976	++ind;
977
978	n = strlen((const char *)bp);
979	bp += n;
980	*bp++ = '\0';
981
982	buflen -= n + 1;
983	}
984
985	pmx[ind].name = (char *)NULL;
986	pmx[ind].pref = -1;
987	return(pmx);
988	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format