Context Navigation

qaccess.pc @ 26024

Visit:

Revision 26024, 36.2 KB checked in by jdreed, 11 years ago (diff)
In moira: * Snapshot moira at r4113 to pick up new firewall-related changes

Line
1	/* $Id: qaccess.pc 4110 2013-05-09 15:43:17Z zacheiss $
2	*
3	* Check access to queries
4	*
5	* Copyright (C) 1987-1998 by the Massachusetts Institute of Technology
6	* For copying and distribution information, please see the file
7	* <mit-copyright.h>.
8	*/
9
10	#include <mit-copyright.h>
11	#include "mr_server.h"
12	#include "qrtn.h"
13	#include "query.h"
14
15	#include <string.h>
16	#include <ctype.h>
17	#include <stdlib.h>
18	#include <netdb.h>
19	#include <sys/types.h>
20	#include <netinet/in.h>
21	#include <arpa/nameser.h>
22	#ifndef _PROC_
23	#include <resolv.h>
24	#endif
25
26	EXEC SQL INCLUDE sqlca;
27
28	RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/server/qaccess.pc $ $Id: qaccess.pc 4110 2013-05-09 15:43:17Z zacheiss $");
29
30	extern char *whoami;
31	extern int dbms_errno, mr_errcode;
32
33	EXEC SQL WHENEVER SQLERROR DO dbmserr();
34
35
36	/* Specialized Access Routines */
37
38	/* access_user - verify that client name equals specified login name
39	*
40	* - since field validation routines are called first, a users_id is
41	* now in argv[0] instead of the login name.
42	*/
43
44	int access_user(struct query q, char argv[], client *cl)
45	{
46	if (cl->users_id != (int )argv[0])
47	return MR_PERM;
48	else
49	return MR_SUCCESS;
50	}
51
52	int access_update_user(struct query q, char argv[], client *cl)
53	{
54	EXEC SQL BEGIN DECLARE SECTION;
55	int users_id, unix_uid, status, comments, secure, sponsor_id;
56	char login[USERS_LOGIN_SIZE], shell[USERS_SHELL_SIZE];
57	char winconsoleshell[USERS_WINCONSOLESHELL_SIZE], last[USERS_LAST_SIZE];
58	char first[USERS_FIRST_SIZE], middle[USERS_MIDDLE_SIZE];
59	char clearid[USERS_CLEARID_SIZE], type[USERS_TYPE_SIZE];
60	char signature[USERS_SIGNATURE_SIZE], sponsor_type[USERS_SPONSOR_TYPE_SIZE];
61	char expiration[USERS_EXPIRATION_SIZE], alternate_email[USERS_ALTERNATE_EMAIL_SIZE];
62	char alternate_phone[USERS_ALTERNATE_PHONE_SIZE];
63	EXEC SQL END DECLARE SECTION;
64
65	/* The two fields we let users update themselves didn't appear until
66	* version 11.
67	*/
68	if (q->version < 11)
69	return MR_PERM;
70
71	if (cl->users_id != (int )argv[0])
72	return MR_PERM;
73
74	users_id = (int )argv[0];
75
76	EXEC SQL SELECT u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last,
77	u.first, u.middle, u.status, u.clearid, u.type, u.comments, u.signature,
78	u.secure, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email,
79	u.alternate_phone INTO :login, :unix_uid, :shell, :winconsoleshell, :last, :first,
80	:middle, :status, :clearid, :type, :comments, :signature, :secure, :sponsor_type,
81	:sponsor_id, :expiration, :alternate_email, :alternate_phone
82	FROM USERS u WHERE u.users_id = :users_id;
83
84	/* None of these things can have changed. */
85	if (strcmp(argv[1], strtrim(login)) \|\|
86	(unix_uid != atoi(argv[2])) \|\|
87	strcmp(argv[3], strtrim(shell)) \|\|
88	strcmp(argv[4], strtrim(winconsoleshell)) \|\|
89	strcmp(argv[5], strtrim(last)) \|\|
90	strcmp(argv[6], strtrim(first)) \|\|
91	strcmp(argv[7], strtrim(middle)) \|\|
92	(status != atoi(argv[8])) \|\|
93	strcmp(argv[9], strtrim(clearid)) \|\|
94	strcmp(argv[10], strtrim(type)) \|\|
95	(comments != (int )argv[11]) \|\|
96	strcmp(argv[12], strtrim(signature)) \|\|
97	(secure != atoi(argv[13])))
98	return MR_PERM;
99
100	/* These fields added in version 12 of the query. */
101	if (q->version >= 12)
102	{
103	if (strcmp(argv[16], strtrim(sponsor_type)) \|\|
104	(sponsor_id != (int )argv[17]) \|\|
105	strcmp(argv[18], strtrim(expiration)))
106	return MR_PERM;
107	}
108
109	/* These fields added in version 14 of the query. */
110	if (q->version >= 14)
111	{
112	if (strcmp(argv[19], strtrim(alternate_email)) \|\|
113	strcmp(argv[20], strtrim(alternate_phone)))
114	return MR_PERM;
115	}
116
117	return MR_SUCCESS;
118	}
119
120	/* access_login - verify that client name equals specified login name
121	*
122	* argv[0...n] contain search info. q->
123	*/
124
125	int access_login(struct query q, char argv[], client *cl)
126	{
127	EXEC SQL BEGIN DECLARE SECTION;
128	int id;
129	EXEC SQL END DECLARE SECTION;
130
131	if (q->argc != 1)
132	return MR_ARGS;
133
134	if (!strcmp(q->shortname, "gual") \|\| !strcmp(q->shortname, "gura"))
135	{
136	EXEC SQL SELECT users_id INTO :id FROM users
137	WHERE login = :argv[0] AND users_id != 0;
138	}
139	else if (!strcmp(q->shortname, "gubl"))
140	{
141	EXEC SQL SELECT users_id INTO :id FROM users u
142	WHERE u.login = :argv[0] AND u.users_id != 0;
143	}
144	else if (!strcmp(q->shortname, "guau"))
145	{
146	EXEC SQL SELECT users_id INTO :id FROM users
147	WHERE unix_uid = :argv[0] AND users_id != 0;
148	}
149	else if (!strcmp(q->shortname, "gubu"))
150	{
151	EXEC SQL SELECT users_id INTO :id FROM users u
152	WHERE u.unix_uid = :argv[0] AND u.users_id != 0;
153	}
154
155	if (sqlca.sqlcode == SQL_NO_MATCH)
156	return MR_NO_MATCH; /* ought to be MR_USER, but this is what
157	gual returns, so we have to be consistent */
158	else if (sqlca.sqlerrd[2] != 1 \|\| id != cl->users_id)
159	return MR_PERM;
160	else
161	return MR_SUCCESS;
162	}
163
164
165	/* access_spob - check access for set_pobox */
166
167	int access_spob(struct query q, char argv[], client *cl)
168	{
169	EXEC SQL BEGIN DECLARE SECTION;
170	int id;
171	EXEC SQL END DECLARE SECTION;
172	int status;
173
174	if (!strcmp(argv[1], "IMAP"))
175	{
176	EXEC SQL SELECT owner INTO :id FROM filesys f
177	WHERE f.label = :argv[2] AND f.type = 'IMAP' AND
178	f.lockertype = 'USER';
179	if (cl->users_id != id)
180	return MR_PERM;
181	}
182
183	/* Non-query owners can't forward mail to a POSTOFFICE or MAILHUB server,
184	* nor to a nonresolving domain.
185	*/
186	if (!strcmp(argv[1], "SMTP") \|\| !strcmp(argv[1], "SPLIT"))
187	{
188	status = check_mail_string(argv[2]);
189	if (status)
190	return status;
191	}
192
193	if (cl->users_id != (int )argv[0])
194	return MR_PERM;
195	else
196	return MR_SUCCESS;
197	}
198
199
200	/* access_list - check access for most list operations
201	*
202	* Inputs: argv[0] - list_id
203	* q - query name
204	* argv[2] - member ID (only for queries "amtl" and "dmfl")
205	* argv[7] - group ID (only for query "ulis")
206	* cl - client name
207	*
208	* - check that client is a member of the access control list
209	* - OR, if the query is add_member_to_list or delete_member_from_list
210	* and the list is public, allow access if client = member
211	*/
212
213	int access_list(struct query q, char argv[], client *cl)
214	{
215	EXEC SQL BEGIN DECLARE SECTION;
216	int list_id, acl_id, flags, gid, users_id, member_id, member_acl_id;
217	int memacl_id, mailman, mailman_id;
218	char acl_type[LIST_ACL_TYPE_SIZE], name[LIST_NAME_SIZE], *newname;
219	char member_acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
220	EXEC SQL END DECLARE SECTION;
221	int status, cnt;
222	char *buf;
223
224	list_id = (int )argv[0];
225	member_id = (int )argv[2];
226	EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type,
227	gid, publicflg, name, mailman, mailman_id
228	INTO :acl_id, :acl_type, :memacl_id, :memacl_type,
229	:gid, :flags, :name, :mailman, :mailman_id
230	FROM list
231	WHERE list_id = :list_id;
232
233	if (sqlca.sqlerrd[2] != 1)
234	return MR_INTERNAL;
235
236	/* if update_list, don't allow them to change the GID or rename to a
237	username other than their own */
238	if (!strcmp("ulis", q->shortname))
239	{
240	if (!strcmp(argv[7], UNIQUE_GID))
241	{
242	if (gid != -1)
243	return MR_PERM;
244	}
245	else
246	{
247	if (gid != atoi(argv[7]))
248	return MR_PERM;
249	}
250
251	newname = argv[1];
252
253	/* Check that it doesn't conflict with the Grouper namespace. */
254	if (strlen(newname) > 4 && isdigit(newname[2]) &&
255	isdigit(newname[3]) && newname[4] == '-')
256	{
257	if (!strncasecmp(newname, "fa", 2) \|\|
258	!strncasecmp(newname, "sp", 2) \|\|
259	!strncasecmp(newname, "su", 2) \|\|
260	!strncasecmp(newname, "ja", 2))
261	return MR_RESERVED;
262	}
263
264	/* Don't let anyone take owner-foo list names. They interact
265	* weirdly with the aliases automatically generated by
266	* mailhub.gen.
267	*/
268	if (!strncasecmp(newname, "owner-", 6))
269	return MR_RESERVED;
270
271	EXEC SQL SELECT users_id INTO :users_id FROM users
272	WHERE login = :newname;
273	if ((sqlca.sqlcode != SQL_NO_MATCH) && strcmp(strtrim(name), newname) &&
274	(users_id != cl->users_id))
275	return MR_PERM;
276
277	/* For modern enough clients, don't allow ordinary users to toggle
278	* the mailman bit or change the server.
279	*/
280	if (q->version >= 10)
281	{
282	if (mailman != atoi(argv[9]))
283	return MR_PERM;
284
285	if (mailman_id != (int )argv[10])
286	return MR_PERM;
287	}
288	}
289
290	/* Don't allow non-query owners to add STRINGs to lists if they end
291	* in a domain that's MIT.EDU or one of the hosts that provide the
292	* MAILHUB or POSTOFFICE services.
293	*/
294	if (!strcmp(q->shortname, "amtl") \|\| !strcmp(q->shortname, "atml"))
295	{
296	if (!strcmp("STRING", argv[1]))
297	{
298	buf = malloc(0);
299	status = id_to_name((int )argv[2], STRINGS_TABLE, &buf);
300	if (status)
301	return status;
302
303	status = check_mail_string(buf);
304	free(buf);
305	if (status)
306	return status;
307	}
308	}
309
310	/* check for client in access control list and return success right
311	* away if it's there. */
312	if (find_member(acl_type, acl_id, cl))
313	return MR_SUCCESS;
314
315	/* If not amtl, atml, or dmfl, we lose. */
316	if (strcmp(q->shortname, "amtl") && strcmp(q->shortname, "atml") &&
317	strcmp(q->shortname, "dmfl") && strcmp(q->shortname, "tmol"))
318	return MR_PERM;
319
320	if (find_member(memacl_type, memacl_id, cl))
321	return MR_SUCCESS;
322
323	if (flags \|\| q->type == MR_Q_DELETE)
324	{
325	if (!strcmp("USER", argv[1]) && (int )argv[2] == cl->users_id)
326	return MR_SUCCESS;
327	if (!strcmp("KERBEROS", argv[1]) && (int )argv[2] == -cl->client_id)
328	return MR_SUCCESS;
329	if (!strcmp("LIST", argv[1]) && !strcmp("dmfl", q->shortname))
330	{
331	EXEC SQL SELECT acl_id, acl_type INTO :member_acl_id,
332	:member_acl_type
333	FROM list
334	WHERE list_id = :member_id;
335
336	if (find_member(member_acl_type, member_acl_id, cl))
337	return MR_SUCCESS;
338	}
339	}
340
341	/* Otherwise fail. */
342	return MR_PERM;
343	}
344
345
346	/* access_visible_list - allow access to list only if it is not hidden,
347	* or if the client is on the ACL
348	*
349	* Inputs: argv[0] - list_id
350	* cl - client identifier
351	*/
352
353	int access_visible_list(struct query q, char argv[], client *cl)
354	{
355	EXEC SQL BEGIN DECLARE SECTION;
356	int list_id, acl_id, memacl_id, flags ;
357	char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
358	EXEC SQL END DECLARE SECTION;
359	int status;
360
361	list_id = (int )argv[0];
362	EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type
363	INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
364	FROM list
365	WHERE list_id = :list_id;
366	if (sqlca.sqlerrd[2] != 1)
367	return MR_INTERNAL;
368	if (!flags)
369	return MR_SUCCESS;
370
371	/* check for client in access control list */
372	status = find_member(acl_type, acl_id, cl);
373	if (!status)
374	{
375	status = find_member(memacl_type, memacl_id, cl);
376	if (!status)
377	return MR_PERM;
378	}
379	return MR_SUCCESS;
380	}
381
382
383	/* access_vis_list_by_name - allow access to list only if it is not hidden,
384	* or if the client is on the ACL
385	*
386	* Inputs: argv[0] - list name
387	* cl - client identifier
388	*/
389
390	int access_vis_list_by_name(struct query q, char argv[], client *cl)
391	{
392	EXEC SQL BEGIN DECLARE SECTION;
393	int acl_id, memacl_id, flags, rowcount, list_id;
394	char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
395	char *listname;
396	EXEC SQL END DECLARE SECTION;
397	int status;
398
399	listname = argv[0];
400	EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type, list_id
401	INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type, :list_id
402	FROM list
403	WHERE name = :listname;
404
405	rowcount = sqlca.sqlerrd[2];
406	if (rowcount > 1)
407	return MR_WILDCARD;
408	if (rowcount == 0)
409	return MR_NO_MATCH;
410	if (!flags)
411	return MR_SUCCESS;
412
413	/* If the user is a member of the acl, memacl, or the list itself,
414	* accept them.
415	*/
416	status = find_member(acl_type, acl_id, cl);
417	if (!status)
418	status = find_member(memacl_type, memacl_id, cl);
419	if (!status)
420	status = find_member("LIST", list_id, cl);
421	if (!status)
422	return MR_PERM;
423
424	return MR_SUCCESS;
425	}
426
427
428	/* access_member - allow user to access member of type "USER" and name matches
429	* username, or to access member of type "KERBEROS" and the principal matches
430	* the user, or to access member of type "LIST" and list is one that user is
431	* on the acl of, or the list is visible. Allow anyone to look up list
432	* memberships of MACHINEs.
433	*/
434
435	int access_member(struct query q, char argv[], client *cl)
436	{
437	if (!strcmp(argv[0], "LIST") \|\| !strcmp(argv[0], "RLIST"))
438	return access_visible_list(q, &argv[1], cl);
439
440	if (!strcmp(argv[0], "USER") \|\| !strcmp(argv[0], "RUSER"))
441	{
442	if (cl->users_id == (int )argv[1])
443	return MR_SUCCESS;
444	}
445
446	if (!strcmp(argv[0], "KERBEROS") \|\| !strcmp(argv[0], "RKERBEROS"))
447	{
448	if (cl->client_id == -(int )argv[1])
449	return MR_SUCCESS;
450	}
451
452	if (!strcmp(argv[0], "MACHINE") \|\| !strcmp(argv[0], "RMACHINE"))
453	return MR_SUCCESS;
454
455	return MR_PERM;
456	}
457
458
459	/* access_qgli - special access routine for Qualified_get_lists. Allows
460	* access iff argv[0] == "TRUE" and argv[2] == "FALSE".
461	*/
462
463	int access_qgli(struct query q, char argv[], client *cl)
464	{
465	if (!strcmp(argv[0], "TRUE") && !strcmp(argv[2], "FALSE"))
466	return MR_SUCCESS;
467	return MR_PERM;
468	}
469
470
471	/* access_service - allow access if user is on ACL of service. Don't
472	* allow access if a wildcard is used.
473	*/
474
475	int access_service(struct query q, char argv[], client *cl)
476	{
477	EXEC SQL BEGIN DECLARE SECTION;
478	int acl_id;
479	char *name, acl_type[LIST_ACL_TYPE_SIZE];
480	EXEC SQL END DECLARE SECTION;
481	int status;
482	char *c;
483
484	name = argv[0];
485	for (c = name; *c; c++)
486	{
487	if (islower(*c))
488	c = toupper(c);
489	}
490	EXEC SQL SELECT acl_id, acl_type INTO :acl_id, :acl_type FROM servers
491	WHERE name = :name;
492	if (sqlca.sqlerrd[2] > 1)
493	return MR_PERM;
494
495	/* check for client in access control list */
496	status = find_member(acl_type, acl_id, cl);
497	if (!status)
498	return MR_PERM;
499
500	return MR_SUCCESS;
501	}
502
503
504	/* access_filesys - verify that client is owner or on owners list of filesystem
505	* named by argv[0]
506	*/
507
508	int access_filesys(struct query q, char argv[], client *cl)
509	{
510	EXEC SQL BEGIN DECLARE SECTION;
511	int users_id, list_id;
512	char *name;
513	EXEC SQL END DECLARE SECTION;
514	int status;
515
516	name = argv[0];
517	EXEC SQL SELECT owner, owners INTO :users_id, :list_id FROM filesys
518	WHERE label = :name;
519
520	if (sqlca.sqlerrd[2] != 1)
521	return MR_PERM;
522	if (users_id == cl->users_id)
523	return MR_SUCCESS;
524	status = find_member("LIST", list_id, cl);
525	if (status)
526	return MR_SUCCESS;
527	else
528	return MR_PERM;
529	}
530
531	/* access_shot - successful if:
532	* - opt is 0 or 1.
533	* - user is owner of subnet containing host.
534	* - user is owner of host and network isn't RESERVED / INFRASTRUCTURE.
535	* - user has 'CAN SPEND OR COMMIT FUNDS' for host cost object and
536	* affiliation is one of student, faculty, or research staff.
537	*/
538	int access_shot(struct query q, char argv[], client *cl)
539	{
540	EXEC SQL BEGIN DECLARE SECTION;
541	int mid, sid, status;
542	char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
543	char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
544	char login[USERS_LOGIN_SIZE], affiliation[USERS_AFFILIATION_DETAILED_SIZE];
545	EXEC SQL END DECLARE SECTION;
546	int id;
547	char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
548
549	id = (int )argv[0];
550
551	/* opt must be zero or one for non-query owner */
552	if (atoi(argv[1]) != 0 && atoi(argv[1]) != 1)
553	return MR_PERM;
554
555	EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type,
556	s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid, :status
557	FROM machine m, subnet s WHERE m.mach_id = :id AND m.snet_id = s.snet_id;
558
559	/* subnet owner? */
560	if (find_member(stype, sid, cl))
561	return MR_SUCCESS;
562
563	/* If we're not the subnet owner, don't allow this for certain types of networks */
564	if (status == SNET_STATUS_RESERVED \|\| status == SNET_STATUS_INFRASTRUCTURE)
565	return MR_PERM;
566
567	/* host owner? */
568	if (find_member(mtype, mid, cl))
569	return MR_SUCCESS;
570
571	/* If we've gotten this far, you must be student/faculty/research staff. */
572	EXEC SQL SELECT u.login, u.affiliation_detailed INTO :login, :affiliation
573	FROM USERS u WHERE u.users_id = :cl->users_id;
574
575	if (strcmp(strtrim(affiliation), "Faculty") &&
576	strcmp(strtrim(affiliation), "Undergraduate Student") &&
577	strcmp(strtrim(affiliation), "Graduate Student") &&
578	strcmp(strtrim(affiliation), "Sponsored Research Staff") &&
579	strcmp(strtrim(affiliation), "Other Academic Group"))
580	return MR_PERM;
581
582	/* Need to check all possible cost object types in Roles */
583	sprintf(roles_qualifier, "F%s", strtrim(account_number));
584	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
585	return MR_SUCCESS;
586
587	sprintf(roles_qualifier, "C%s", strtrim(account_number));
588	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
589	return MR_SUCCESS;
590
591	sprintf(roles_qualifier, "I%s", strtrim(account_number));
592	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
593	return MR_SUCCESS;
594
595	sprintf(roles_qualifier, "P%s", strtrim(account_number));
596	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
597	return MR_SUCCESS;
598
599	/* Default case */
600	return MR_PERM;
601	}
602
603	/* access_host - successful if owner of host, or subnet containing host
604	*/
605
606	int access_host(struct query q, char argv[], client *cl)
607	{
608	EXEC SQL BEGIN DECLARE SECTION;
609	int mid, sid, id, subnet_status;
610	char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
611	EXEC SQL END DECLARE SECTION;
612	int status, idx;
613
614	if (q->version < 6)
615	idx = 0;
616	else if (q->version >= 6 && q->version < 8)
617	idx = 1;
618	else
619	idx = 2;
620
621	if (q->type == MR_Q_APPEND)
622	{
623	/* Non-query owner must set use to zero. is ignored anyway */
624	if (atoi(argv[6 + idx]) != 0)
625	return MR_PERM;
626
627	/* ... and start the hostname with a letter */
628	if (isdigit(argv[0][0]))
629	return MR_BAD_CHAR;
630
631	id = (int )argv[8 + idx];
632	EXEC SQL SELECT s.owner_type, s.owner_id, s.status
633	INTO :stype, :sid, :subnet_status FROM subnet s
634	WHERE s.snet_id = :id;
635	mid = 0;
636
637	/* Non query owner must provide valid billing information. */
638	if (q->version >= 8)
639	{
640	if (subnet_status == SNET_STATUS_BILLABLE)
641	{
642	EXEC SQL SELECT account_number FROM accountnumbers
643	WHERE account_number = :argv[7];
644	if (sqlca.sqlcode == SQL_NO_MATCH)
645	return MR_ACCOUNT_NUMBER;
646	}
647	}
648
649	if (find_member(stype, sid, cl))
650	return MR_SUCCESS;
651	else
652	return MR_PERM;
653	}
654	else /* q-type == MR_Q_UPDATE */
655	{
656	EXEC SQL BEGIN DECLARE SECTION;
657	int status, acomment, use, ocomment, snid;
658	char contact[MACHINE_CONTACT_SIZE], address[MACHINE_ADDRESS_SIZE];
659	char name[MACHINE_NAME_SIZE];
660	char billing_contact[MACHINE_BILLING_CONTACT_SIZE];
661	char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
662	char login[USERS_LOGIN_SIZE];
663	EXEC SQL END DECLARE SECTION;
664	int is_machine_owner = 0;
665	char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
666
667	id = (int )argv[0];
668	EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.account_number,
669	m.status, m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
670	s.owner_type, s.owner_id, s.status INTO :name, :use, :contact,
671	:billing_contact, :account_number, :status, :address, :mtype, :mid, :acomment,
672	:ocomment, :snid, :stype, :sid, :subnet_status
673	FROM machine m, subnet s
674	WHERE m.mach_id = :id AND s.snet_id = m.snet_id;
675	if (dbms_errno)
676	return mr_errcode;
677
678	/* Non query owner must provide valid billing information. */
679	if (q->version >= 8)
680	{
681	if ((subnet_status == SNET_STATUS_BILLABLE) &&
682	(atoi(argv[10]) != 3))
683	{
684	EXEC SQL SELECT account_number FROM accountnumbers
685	WHERE account_number = :argv[8];
686	if (sqlca.sqlcode == SQL_NO_MATCH)
687	return MR_ACCOUNT_NUMBER;
688	}
689	}
690
691	/* non-query-owner cannot change use or ocomment */
692	if ((use != atoi(argv[7 + idx])) \|\| (ocomment != (int )argv[14 + idx]))
693	return MR_PERM;
694
695	/* or rename to start with digit */
696	if (isdigit(argv[1][0]) && strcmp(strtrim(name), argv[1]))
697	return MR_BAD_CHAR;
698
699	if (find_member(stype, sid, cl))
700	{
701	/* If moving to a new subnet, make sure user is on acl there */
702	id = (int )argv[9 + idx];
703	if (id != snid)
704	{
705	EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid
706	FROM subnet WHERE snet_id=:id;
707	if (!find_member(stype, sid, cl))
708	return MR_PERM;
709	}
710
711	return MR_SUCCESS;
712	}
713
714	/* Check host owner */
715	if (find_member(mtype, mid, cl))
716	is_machine_owner = 1;
717	/* Check roles permissions, don't let them work for reserved and infrastructure networks */
718	else if (subnet_status != SNET_STATUS_RESERVED && subnet_status != SNET_STATUS_INFRASTRUCTURE)
719	{
720	EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id;
721
722	/* Need to check all possible cost object types in Roles */
723	sprintf(roles_qualifier, "F%s", strtrim(account_number));
724	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
725	is_machine_owner = 1;
726
727	if (!is_machine_owner)
728	{
729	sprintf(roles_qualifier, "C%s", strtrim(account_number));
730	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
731	is_machine_owner = 1;
732	}
733
734	if (!is_machine_owner)
735	{
736	sprintf(roles_qualifier, "I%s", strtrim(account_number));
737	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
738	is_machine_owner = 1;
739	}
740
741	if (!is_machine_owner)
742	{
743	sprintf(roles_qualifier, "P%s", strtrim(account_number));
744	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
745	is_machine_owner = 1;
746	}
747	}
748
749	if (!is_machine_owner)
750	return MR_PERM;
751
752	/* host owner also cannot change contact, status, subnet, address, owner, or acomment */
753	if (strcmp(argv[6], strtrim(contact)) \|\|
754	(status != atoi(argv[8 + idx])) \|\|
755	(snid != (int )argv[9 + idx]) \|\|
756	strcmp(argv[10 + idx], strtrim(address)) \|\|
757	strcmp(argv[11 + idx], strtrim(mtype)) \|\|
758	(mid != (int )argv[12 + idx]) \|\|
759	(acomment != (int )argv[13 + idx]))
760	return MR_PERM;
761
762	/* Billing contact field didn't appear until version 6 */
763	if (q->version >= 6)
764	if (strcmp(argv[7], strtrim(billing_contact)))
765	return MR_PERM;
766
767	return MR_SUCCESS;
768	}
769	}
770
771	/* access_ahal - check for adding a host alias.
772	* successful if host has less then 2 aliases and (client is owner of
773	* host or subnet).
774	* If deleting an alias, any owner will do.
775	*/
776
777	int access_ahal(struct query q, char argv[], client *cl)
778	{
779	EXEC SQL BEGIN DECLARE SECTION;
780	int cnt, id, mid, sid, subnet_status;
781	char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
782	char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
783	char login[USERS_LOGIN_SIZE];
784	EXEC SQL END DECLARE SECTION;
785	int status;
786	char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
787
788	if (q->type == MR_Q_RETRIEVE)
789	return MR_SUCCESS;
790
791	id = (int )argv[1];
792
793	if (q->type == MR_Q_APPEND && isdigit(argv[0][0]))
794	return MR_BAD_CHAR;
795
796	EXEC SQL SELECT count(name) INTO :cnt from hostalias WHERE mach_id = :id;
797	if (dbms_errno)
798	return mr_errcode;
799	/* if the type is MR_Q_APPEND, this is ahal and we need to make sure there
800	* will be no more than 2 aliases. If it's not, it must be dhal and
801	* any owner will do.
802	*/
803	if (q->type == MR_Q_APPEND && cnt >= 2)
804	return MR_PERM;
805
806	EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type,
807	s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid,
808	:subnet_status FROM machine m, subnet s WHERE m.mach_id = :id and s.snet_id = m.snet_id;
809
810	status = find_member(mtype, mid, cl);
811	if (status)
812	return MR_SUCCESS;
813
814	status = find_member(stype, sid, cl);
815	if (status)
816	return MR_SUCCESS;
817
818	/* If you're only a Roles owner, punt for network reserved / infrastructure */
819	if (subnet_status == SNET_STATUS_RESERVED \|\| subnet_status == SNET_STATUS_INFRASTRUCTURE)
820	return MR_PERM;
821
822	EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id;
823
824	/* Need to check all possible cost object types in Roles */
825	sprintf(roles_qualifier, "F%s", strtrim(account_number));
826	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
827	return MR_SUCCESS;
828
829	sprintf(roles_qualifier, "C%s", strtrim(account_number));
830	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
831	return MR_SUCCESS;
832
833	sprintf(roles_qualifier, "I%s", strtrim(account_number));
834	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
835	return MR_SUCCESS;
836
837	sprintf(roles_qualifier, "P%s", strtrim(account_number));
838	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
839	return MR_SUCCESS;
840
841	return MR_PERM;
842	}
843
844	/* Same logic as access_ahal, for different table */
845
846	int access_hwaddr(struct query q, char argv[], client *cl)
847	{
848	EXEC SQL BEGIN DECLARE SECTION;
849	int cnt, id, mid, sid, subnet_status;
850	char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
851	char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
852	char login[USERS_LOGIN_SIZE];
853	EXEC SQL END DECLARE SECTION;
854	int status;
855	char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
856
857	id = (int )argv[0];
858
859	EXEC SQL SELECT count(name) INTO :cnt from hwaddrmap WHERE mach_id = :id;
860	if (dbms_errno)
861	return mr_errcode;
862
863	/* if the type is MR_Q_APPEND, this is ahha and we need to make sure
864	* there will be no more than 2 hwaddrs. If it's not, it must be
865	* dhha and any owner will do.
866	*/
867	if (q->type == MR_Q_APPEND && cnt >= 2)
868	return MR_PERM;
869
870	EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type,
871	s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid,
872	:subnet_status FROM machine m, subnet s WHERE m.mach_id = :id and s.snet_id = m.snet_id;
873
874	status = find_member(mtype, mid, cl);
875	if (status)
876	return MR_SUCCESS;
877
878	status = find_member(stype, sid, cl);
879	if (status)
880	return MR_SUCCESS;
881
882	/* If you're only a Roles owner, punt for network reserved / infrastructure */
883	if (subnet_status == SNET_STATUS_RESERVED \|\| subnet_status == SNET_STATUS_INFRASTRUCTURE)
884	return MR_PERM;
885
886	EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id;
887
888	/* Need to check all possible cost object types in Roles */
889	sprintf(roles_qualifier, "F%s", strtrim(account_number));
890	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
891	return MR_SUCCESS;
892
893	sprintf(roles_qualifier, "C%s", strtrim(account_number));
894	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
895	return MR_SUCCESS;
896
897	sprintf(roles_qualifier, "I%s", strtrim(account_number));
898	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
899	return MR_SUCCESS;
900
901	sprintf(roles_qualifier, "P%s", strtrim(account_number));
902	if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
903	return MR_SUCCESS;
904
905	return MR_PERM;
906	}
907
908	/* access_snt - check for retrieving network structure
909	*/
910
911	int access_snt(struct query q, char argv[], client *cl)
912	{
913	if (q->type == MR_Q_RETRIEVE)
914	return MR_SUCCESS;
915
916	return MR_PERM;
917	}
918
919
920	/* access_printer */
921	int access_printer(struct query q, char argv[], client *cl)
922	{
923	EXEC SQL BEGIN DECLARE SECTION;
924	char type[PRINTSERVERS_OWNER_TYPE_SIZE];
925	int id, mach_id;
926	EXEC SQL END DECLARE SECTION;
927	int status, row;
928
929	/* Check for aprn or uprn. */
930	if (q->type == MR_Q_APPEND)
931	row = 0;
932	else
933	row = 1;
934
935	if (q->version < 13)
936	mach_id = (int )argv[6 + row];
937	else
938	mach_id = (int )argv[PRN_RM + row];
939
940	EXEC SQL SELECT owner_type, owner_id INTO :type, :id
941	FROM printservers WHERE mach_id = :mach_id;
942	if (sqlca.sqlcode)
943	return MR_PERM;
944
945	status = find_member(type, id, cl);
946	if (status)
947	return MR_SUCCESS;
948	else
949	return MR_PERM;
950	}
951
952	/* access_zephyr */
953	int access_zephyr(struct query q, char argv[], client *cl)
954	{
955	EXEC SQL BEGIN DECLARE SECTION;
956	char type[ZEPHYR_OWNER_TYPE_SIZE];
957	char *class;
958	int id;
959	EXEC SQL END DECLARE SECTION;
960	int status;
961
962	class = argv[ZA_CLASS];
963	EXEC SQL SELECT owner_type, owner_id INTO :type, :id
964	FROM zephyr WHERE class = :class;
965	if (sqlca.sqlcode)
966	return MR_PERM;
967
968	status = find_member(type, id, cl);
969	if (status)
970	return MR_SUCCESS;
971	else
972	return MR_PERM;
973	}
974
975	/* access_container - check access for most container operations
976	*
977	* Inputs: argv[0] - cnt_id
978	* q - query name
979	* cl - client name
980	*
981	* - check if that client is a member of the access control list
982	* - OR, if the query is add_machine_to_container or delete_machine_from_container
983	* check if the client is a memeber of the mem_acl list
984	* - if the query is update_container and the container is to be renamed and
985	* it is a top-level container, only priviledged users can do it
986	*/
987
988	int access_container(struct query q, char argv[], client *cl)
989	{
990	EXEC SQL BEGIN DECLARE SECTION;
991	int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
992	char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
993	char name[CONTAINERS_NAME_SIZE], *newname;
994	char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
995	EXEC SQL END DECLARE SECTION;
996	int status;
997
998	cnt_id = (int )argv[0];
999
1000	/* if amcn or dmcn, container id is the second argument */
1001	if (strcmp(q->shortname, "amcn") == 0 \|\| strcmp(q->shortname, "dmcn") == 0)
1002	{
1003	mach_id = (int )argv[0];
1004	cnt_id = (int )argv[1];
1005	}
1006
1007	EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
1008	INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
1009	FROM containers
1010	WHERE cnt_id = :cnt_id;
1011
1012	if (sqlca.sqlerrd[2] != 1)
1013	return MR_INTERNAL;
1014
1015	/* trim off the trailing spaces */
1016	strcpy(name, strtrim(name));
1017
1018	/* Only dbadmin can rename containers. */
1019	if (!strcmp(q->shortname, "ucon"))
1020	{
1021	newname = argv[1];
1022	if (strcmp(name, newname))
1023	return MR_PERM;
1024	}
1025
1026	/* check for client in access control list and return success right
1027	* away if it's there. */
1028	if (find_member(acl_type, acl_id, cl))
1029	return MR_SUCCESS;
1030
1031	/* If not amcn, dmcn, we lose. */
1032	if (strcmp(q->shortname, "amcn") && strcmp(q->shortname, "dmcn"))
1033	return MR_PERM;
1034
1035	if (find_member(memacl_type, memacl_id, cl))
1036	return MR_SUCCESS;
1037
1038	/* if the container is public or the query is delete, grant access if client
1039	* is on owner list */
1040	if (flag \|\| q->type == MR_Q_DELETE)
1041	{
1042	EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
1043	:machine_owner_id
1044	FROM machine
1045	WHERE mach_id = :mach_id;
1046
1047	if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
1048	find_member(machine_owner_type, machine_owner_id, cl))
1049	return MR_SUCCESS;
1050	}
1051	/* Otherwise fail. */
1052	return MR_PERM;
1053	}
1054
1055	int check_mail_string(char *mailstring)
1056	{
1057	EXEC SQL BEGIN DECLARE SECTION;
1058	char mname[MACHINE_NAME_SIZE];
1059	EXEC SQL END DECLARE SECTION;
1060	char p, host, *hostdomain;
1061	struct hostent *hp;
1062	struct mxentry *mxrecords = NULL;
1063	int index;
1064
1065	p = strchr(mailstring, '@');
1066	if (p)
1067	{
1068	host = strdup(++p);
1069
1070	/* Replace .LOCAL at end of host with .MIT.EDU if needed. */
1071	hostdomain = strrchr(host, '.');
1072	if (hostdomain && !strcasecmp(hostdomain, ".LOCAL"))
1073	{
1074	index = hostdomain - host;
1075	host[index] = '\0';
1076	host = realloc(host, strlen(host) + strlen(".MIT.EDU") + 1);
1077	strcat(host, ".MIT.EDU");
1078	}
1079
1080	hp = gethostbyname(host);
1081	if (hp)
1082	{
1083	host = realloc(host, strlen(hp->h_name) + 1);
1084	if (host)
1085	strcpy(host, hp->h_name);
1086	}
1087	else
1088	{
1089	/* Possibly a host with no A record but MX records. Check. */
1090	mxrecords = getmxrecords(host);
1091	if (!mxrecords)
1092	return MR_BAD_MAIL_STRING;
1093	else
1094	return MR_SUCCESS;
1095	}
1096
1097	if (!strcasecmp(host, "MIT.EDU"))
1098	{
1099	free(host);
1100	return MR_BAD_MAIL_STRING;
1101	}
1102
1103	EXEC SQL DECLARE csr_listmem CURSOR FOR
1104	SELECT UNIQUE m.name FROM machine m, serverhosts sh
1105	WHERE m.mach_id = sh.mach_id
1106	AND (sh.service = 'MAILHUB' or sh.service = 'POSTOFFICE');
1107	if (dbms_errno)
1108	{
1109	free(host);
1110	return mr_errcode;
1111	}
1112	EXEC SQL OPEN csr_listmem;
1113	if (dbms_errno)
1114	{
1115	free(host);
1116	return mr_errcode;
1117	}
1118	while (1)
1119	{
1120	EXEC SQL FETCH csr_listmem INTO :mname;
1121	if (sqlca.sqlcode)
1122	break;
1123
1124	if (!strcasecmp(host, strtrim(mname)))
1125	{
1126	free(host);
1127	return MR_BAD_MAIL_STRING;
1128	}
1129	}
1130	free(host);
1131	}
1132
1133	return MR_SUCCESS;
1134	}
1135
1136	/*
1137	* This ought to be in the bind library. It's adapted from sendmail.
1138	*/
1139
1140	/*
1141	* These are defined in RFC833. Some bind interface headers don't declare them.
1142	* Ghod help us if they're ever actually incompatible with what's in
1143	* the arpa/nameser.h header.
1144	*/
1145	#ifndef PACKETSZ
1146	#define PACKETSZ 512 /* maximum packet size */
1147	#endif
1148	#ifndef HFIXEDSZ
1149	#define HFIXEDSZ 12 /* #/bytes of fixed data in header */
1150	#endif
1151	#ifndef INT32SZ
1152	#define INT32SZ 4 /* for systems without 32-bit ints */
1153	#endif
1154	#ifndef INT16SZ
1155	#define INT16SZ 2 /* for systems without 16-bit ints */
1156	#endif
1157
1158	/* minimum possible size of MX record in packet */
1159	#define MIN_MX_SIZE 8 /* corresp to "a.com 0" w/ terminating space */
1160
1161	struct mxentry getmxrecords(const char name)
1162	{
1163	char answer[PACKETSZ], eom, cp, *bp;
1164	int n, ancount, qdcount, buflen, type, pref, ind;
1165	static struct mxentry pmx[(PACKETSZ - HFIXEDSZ) / MIN_MX_SIZE];
1166	static char MXHostBuf[PACKETSZ - HFIXEDSZ];
1167	HEADER *hp;
1168
1169	pmx->name = (char *)NULL;
1170	pmx->pref = -1;
1171	n = res_search(name, C_IN,T_MX, (unsigned char *)&answer, sizeof(answer));
1172	if (n == -1)
1173	return((struct mxentry *)NULL);
1174	if ((size_t)n > sizeof(answer))
1175	n = sizeof(answer);
1176
1177	hp = (HEADER *)&answer;
1178	cp = answer + HFIXEDSZ;
1179	eom = answer + n;
1180	h_errno = 0;
1181	for (qdcount = ntohs(hp->qdcount); qdcount--; cp += n + QFIXEDSZ)
1182	if ((n = dn_skipname((unsigned char )cp, (unsigned char )eom)) < 0)
1183	return((struct mxentry *)NULL);
1184	buflen = sizeof(MXHostBuf) - 1;
1185	bp = MXHostBuf;
1186	ind = 0;
1187	ancount = ntohs(hp->ancount);
1188	while (--ancount >= 0 && cp < eom)
1189	{
1190	if ((n = dn_expand((unsigned char )answer, (unsigned char )eom,
1191	(unsigned char *)cp, bp, buflen)) < 0)
1192	break;
1193	cp += n;
1194	GETSHORT(type, cp);
1195	cp += INT16SZ + INT32SZ;
1196	GETSHORT(n, cp);
1197	if (type != T_MX)
1198	{
1199	cp += n;
1200	continue;
1201	}
1202	GETSHORT(pref, cp);
1203	if ((n = dn_expand((unsigned char )answer, (unsigned char )eom,
1204	(unsigned char *)cp, bp, buflen)) < 0)
1205	break;
1206	cp += n;
1207
1208	pmx[ind].name = bp;
1209	pmx[ind].pref = pref;
1210	++ind;
1211
1212	n = strlen((const char *)bp);
1213	bp += n;
1214	*bp++ = '\0';
1215
1216	buflen -= n + 1;
1217	}
1218
1219	pmx[ind].name = (char *)NULL;
1220	pmx[ind].pref = -1;
1221	return(pmx);
1222	}
1223
1224	/* Based heavily on Roles PL/SQL function ROLESAPI_IS_USER_AUTHORIZED */
1225	int check_roles_authorization(char login, char function_name,
1226	char *qualifier_code)
1227	{
1228	EXEC SQL BEGIN DECLARE SECTION;
1229	int rowcount;
1230	EXEC SQL END DECLARE SECTION;
1231
1232	/* Check for direct authorization */
1233	EXEC SQL SELECT COUNT(*) INTO :rowcount FROM roles_authorization
1234	WHERE kerberos_name = UPPER(:login)
1235	AND function_name = :function_name
1236	AND qualifier_code = :qualifier_code
1237	AND do_function = 'Y'
1238	AND effective_date <= SYSDATE
1239	AND (SYSDATE <= expiration_date OR expiration_date is NULL);
1240
1241	if (rowcount > 0)
1242	return MR_SUCCESS;
1243
1244	/* Check for indirect authorization */
1245	EXEC SQL SELECT COUNT(*) INTO :rowcount FROM roles_authorization
1246	WHERE kerberos_name = UPPER(:login)
1247	AND function_name = :function_name
1248	AND do_function = 'Y' AND descend = 'Y'
1249	AND effective_date <= SYSDATE
1250	AND (SYSDATE <= expiration_date OR expiration_date is NULL)
1251	AND qualifier_id IN (SELECT parent_id FROM roles_qualifier_descendent
1252	WHERE child_id = (SELECT qualifier_id FROM roles_qualifier
1253	WHERE qualifier_code = :qualifier_code AND qualifier_type =
1254	(SELECT qualifier_type FROM roles_function WHERE function_name = :function_name)));
1255
1256	if (rowcount > 0)
1257	return MR_SUCCESS;
1258
1259	return MR_PERM;
1260	}
1261

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format