- added new authZ actions

- extended status fields made available for RTM & comp.

diff --git a/org.glite.lb.server/src/authz_policy.c b/org.glite.lb.server/src/authz_policy.c
index 136805c..cfc09e5 100644 (file)
--- a/org.glite.lb.server/src/authz_policy.c
+++ b/org.glite.lb.server/src/authz_policy.c
@@ -22,10 +22,13 @@ limitations under the License.
 #include "authz_policy.h"
 
 struct action_name action_names[] = {
-    { READ_ALL,                "READ_ALL" },
+    { ADMIN_ACCESS,    "ADMIN_ACCESS" },
     { STATUS_FOR_RTM,  "STATUS_FOR_RTM" },
     { LOG_WMS_EVENTS,  "LOG_WMS_EVENTS" },
+    { LOG_CE_EVENTS,   "LOG_CE_EVENTS" },
     { LOG_GENERAL_EVENTS,      "LOG_GENERAL_EVENTS" },
+    { GET_STATISTICS,  "GET_STATISTICS" },
+    { REGISTER_JOBS,   "REGISTER_JOBS" },      
 };
 
 static int num_actions =
@@ -87,6 +90,17 @@ find_authz_action(const char *name)
     return ACTION_UNDEF;
 }
 
+const char *
+action2name(authz_action a)
+{
+    int i;
+
+    for (i = 0; i < num_actions; i++)
+       if (action_names[i].action == a)
+           return action_names[i].name;
+    return NULL;
+}
+
 authz_attr_id
 find_authz_attr(const char *name)
 {
@@ -103,11 +117,25 @@ blacken_fields(edg_wll_JobStat *stat, int flags)
 {
     edg_wll_JobStat new_stat;
 
-    memset(&new_stat, 0, sizeof(new_stat));
+    edg_wll_InitStatus(&new_stat);
 
     if (flags & STATUS_FOR_RTM) {
        new_stat.state = stat->state;
-       /* XXX save anything else */
+       edg_wlc_JobIdDup(stat->jobId, &new_stat.jobId);
+       if (stat->destination)
+           new_stat.destination = strdup(stat->destination);
+       if (stat->network_server)
+           new_stat.network_server = strdup(stat->network_server);
+       new_stat.stateEnterTime = stat->stateEnterTime;
+       new_stat.lastUpdateTime = stat->lastUpdateTime;
+       if (stat->stateEnterTimes) {
+           int i = 1 + stat->stateEnterTimes[0];
+           new_stat.stateEnterTimes = malloc(sizeof(*stat->stateEnterTimes)*i);
+           memcpy(new_stat.stateEnterTimes, stat->stateEnterTimes,
+                  sizeof(*stat->stateEnterTimes)*i);
+       }
+       if (stat->ui_host)
+           new_stat.ui_host = strdup(stat->ui_host);
     }
 
     edg_wll_FreeStatus(stat);

diff --git a/org.glite.lb.server/src/authz_policy.h b/org.glite.lb.server/src/authz_policy.h
index 4e10969..c326510 100644 (file)
--- a/org.glite.lb.server/src/authz_policy.h
+++ b/org.glite.lb.server/src/authz_policy.h
@@ -24,10 +24,13 @@ limitations under the License.
 
 typedef enum {
     ACTION_UNDEF       = 0,
-    READ_ALL           = 2,
-    STATUS_FOR_RTM     = 4,
-    LOG_WMS_EVENTS     = 8,
-    LOG_GENERAL_EVENTS = 16,
+    ADMIN_ACCESS       = 1 << 0,
+    STATUS_FOR_RTM     = 1 << 1,
+    LOG_WMS_EVENTS     = 1 << 2,
+    LOG_CE_EVENTS      = 1 << 3,
+    LOG_GENERAL_EVENTS = 1 << 4,
+    GET_STATISTICS     = 1 << 5,
+    REGISTER_JOBS      = 1 << 6,
 } authz_action;
 
 typedef struct action_name {
@@ -37,8 +40,8 @@ typedef struct action_name {
 
 typedef enum {
     ATTR_UNDEF         = 0,
-    ATTR_SUBJECT       = 2,
-    ATTR_FQAN          = 4,
+    ATTR_SUBJECT       = 1,
+    ATTR_FQAN          = 2,
 } authz_attr_id;
 
 struct attr_id_name {
@@ -55,6 +58,9 @@ check_authz_policy(edg_wll_authz_policy, edg_wll_GssPrincipal, authz_action);
 authz_action
 find_authz_action(const char *name);
 
+const char *
+action2name(authz_action);
+
 authz_attr_id
 find_authz_attr(const char *name);
 

diff --git a/org.glite.lb.server/src/lb_authz.c b/org.glite.lb.server/src/lb_authz.c
index 0cbbbac..250995b 100644 (file)
--- a/org.glite.lb.server/src/lb_authz.c
+++ b/org.glite.lb.server/src/lb_authz.c
@@ -888,27 +888,36 @@ int
 check_store_authz(edg_wll_Context ctx, edg_wll_Event *ev)
 {
    char *pem_string = NULL;
-   char *request = NULL;
+   const char *request = NULL;
    int ret;
+   authz_action action;
 
    /* XXX make a real RSL ? */
 
    switch (ev->any.type) {
        case EDG_WLL_EVENT_REGJOB:
+            action = REGISTER_JOBS;
+            break;
+
+       case EDG_WLL_EVENT_CURDESCR:
        case EDG_WLL_EVENT_USERTAG:
        case EDG_WLL_EVENT_CHANGEACL:
-       case EDG_WLL_EVENT_NOTIFICATION:
-       case EDG_WLL_EVENT_RESOURCEUSAGE:
+            action = LOG_GENERAL_EVENTS;
+            break;
+
+       case EDG_WLL_EVENT_RUNNING:
        case EDG_WLL_EVENT_REALLYRUNNING:
-       case EDG_WLL_EVENT_SUSPEND:
-       case EDG_WLL_EVENT_RESUME:
-            request = "LOG_GENERAL_EVENTS";
+       case EDG_WLL_EVENT_DONE:
+            action = LOG_CE_EVENTS;
             break;
+
        default:
-            request = "LOG_WMS_EVENTS";
+            action = LOG_WMS_EVENTS;
             break;
    }
 
+   request = (char *) action2name(action);
+
    ret = edg_wll_gss_get_client_pem(&ctx->connections->serverConnection->gss,
                                    server_cert, server_key,
                                     &pem_string);
@@ -932,7 +941,7 @@ int edg_wll_amIroot(const char *subj, char **fqans,edg_wll_authz_policy policy)
        princ.name = (char *) subj;
        princ.fqans = fqans;
 
-       return check_authz_policy(policy, &princ, READ_ALL);
+       return check_authz_policy(policy, &princ, ADMIN_ACCESS);
 }
 
 edg_wll_authz_policy