#include "get_events.h"
#include "server_stats.h"
#include "lb_authz.h"
+#include "authz_policy.h"
typedef struct {
const edg_wll_NotifId nid,
time_t *valid)
{
- int i;
+ int i,j;
char *q = NULL,
*nid_s = NULL,
*time_s = NULL,
notif_stream_t *arg = NULL;
int npref, okpref;
char *msgpref;
+ struct _edg_wll_GssPrincipal_data princ;
+ memset(&princ, 0, sizeof princ);
/* Format notification ID
goto cleanup;
}
+ /* Check permissions
+ */
+ princ.name = ctx->peerName;
+ princ.fqans = ctx->fqans;
+ if (!ctx->noAuth && check_authz_policy(&ctx->authz_policy, &princ, READ_ANONYMIZED))
+ for (i=0; conditions && conditions[i]; i++)
+ for (j=0; conditions[i][j].attr; j++)
+ if (conditions[i][j].attr == EDG_WLL_QUERY_ATTR_OWNER &&
+ !edg_wll_gss_equal_subj(conditions[i][j].value.c, ctx->peerName) &&
+ !check_authz_policy(&ctx->authz_policy, &princ, ADMIN_ACCESS) &&
+ !check_authz_policy(&ctx->authz_policy, &princ, READ_ALL)) {
+ edg_wll_SetError(ctx, EPERM, "Forbidden subject. You are only authorized to register for anonymized notifications.");
+ goto cleanup;
+ }
+
/* Format the address
*/
if ( address_override )
git://scientific.zcu.cz / jra1mw.git / commitdiff