if (edg_wll_PurgeServerProxy(ctx, ev->any.jobId)) goto rollback;
}
+ if ((ev->any.type == EDG_WLL_EVENT_TAKEPAYLOADOWNERSHIP || ev->any.type == EDG_WLL_EVENT_GRANTPAYLOADOWNERSHIP) &&
+ oldstat.payload_owner != newstat.payload_owner)
+ edg_wll_UpdateACL(ctx, ev->any.jobId,
+ newstat.payload_owner, EDG_WLL_CHANGEACL_DN,
+ EDG_WLL_CHANGEACL_TAG, EDG_WLL_CHANGEACL_ALLOW,
+ EDG_WLL_CHANGEACL_ADD);
+
if (ev->any.type == EDG_WLL_EVENT_REGJOB &&
(ev->regJob.jobtype == EDG_WLL_REGJOB_DAG ||
static int
check_jobstat_authz(edg_wll_Context ctx,
- char *owner,
+ edg_wll_JobStat *stat,
edg_wll_Acl acl,
int *flags)
{
struct _edg_wll_GssPrincipal_data princ;
*flags = 0;
+
if (ctx->noAuth)
return 1;
- if (ctx->peerName && edg_wll_gss_equal_subj(ctx->peerName, owner))
+ if (ctx->peerName == NULL)
+ return 0;
+ if (edg_wll_gss_equal_subj(ctx->peerName, stat->owner))
+ return 1;
+ if (stat->payload_owner && edg_wll_gss_equal_subj(ctx->peerName, stat->payload_owner))
return 1;
if (acl && edg_wll_CheckACL(ctx, acl, EDG_WLL_CHANGEACL_READ) == 0)
return 1;
if (edg_wll_GetACL(ctx, job, &acl)) goto rollback;
- if (check_jobstat_authz(ctx, stat->owner, acl, &authz_flags) == 0) {
+ if (check_jobstat_authz(ctx, stat, acl, &authz_flags) == 0) {
edg_wll_SetError(ctx, EPERM, "not owner");
goto rollback;
}
edg_wll_ResetError(ctx);
if (strcmp(stat->owner,recip) == 0
|| edg_wll_amIroot(recip,NULL,&ctx->authz_policy)) return 1;
+ if (stat->payload_owner && strcmp(stat->payload_owner,recip) == 0)
+ return 1;
princ.name = (char *)recip;
if (check_authz_policy(&ctx->authz_policy, &princ, READ_ALL))
return 1;
git://scientific.zcu.cz / jra1mw.git / commitdiff