git://scientific.zcu.cz / jra1mw.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7bd883d)
favour superusers when delivering notifications
authorAleš Křenek <ljocha@ics.muni.cz>
Tue, 23 Sep 2008 12:03:05 +0000 (12:03 +0000)
committerAleš Křenek <ljocha@ics.muni.cz>
Tue, 23 Sep 2008 12:03:05 +0000 (12:03 +0000)
org.glite.lb.common/interface/context-int.h patch | blob | blame | history
org.glite.lb.server/interface/lb_authz.h patch | blob | blame | history
org.glite.lb.server/src/bkserverd.c patch | blob | blame | history
org.glite.lb.server/src/lb_authz.c patch | blob | blame | history
org.glite.lb.server/src/notif_match.c patch | blob | blame | history

diff --git a/org.glite.lb.common/interface/context-int.h b/org.glite.lb.common/interface/context-int.h
index 6222591..e5f5aba 100644 (file)
--- a/org.glite.lb.common/interface/context-int.h
+++ b/org.glite.lb.common/interface/context-int.h
@@ -153,6 +153,8 @@ glite_lb_padded_struct(_edg_wll_Context,150,
        edg_wll_QueryRec        **notif_index;
        void            *notif_index_cols;
        time_t          notifDurationMax;
+
+       char            **super_users;
 )
 
 /* to be used internally: set, update and and clear the error information in 
diff --git a/org.glite.lb.server/interface/lb_authz.h b/org.glite.lb.server/interface/lb_authz.h
index a2f4149..fb078b9 100644 (file)
--- a/org.glite.lb.server/interface/lb_authz.h
+++ b/org.glite.lb.server/interface/lb_authz.h
@@ -65,6 +65,9 @@ edg_wll_FreeVomsGroups(edg_wll_VomsGroups *);
 extern int
 check_store_authz(edg_wll_Context ctx, edg_wll_Event *ev);
 
+int edg_wll_amIroot(const char *subj, char **fqans,char **super_users);
+
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/org.glite.lb.server/src/bkserverd.c b/org.glite.lb.server/src/bkserverd.c
index 02ba9ae..a7badea 100644 (file)
--- a/org.glite.lb.server/src/bkserverd.c
+++ b/org.glite.lb.server/src/bkserverd.c
@@ -284,7 +284,6 @@ static int decrement_timeout(struct timeval *, struct timeval, struct timeval);
 static int add_root(char *);
 static int read_roots(const char *);
 static int asyn_gethostbyaddr(char **, const char *, int, int, struct timeval *);
-static int amIroot(const char *, char **);
 static int parse_limits(char *, int *, int *, int *);
 static int check_mkdir(const char *);
 
@@ -1149,16 +1148,18 @@ int bk_handle_connection(int conn, struct timeval *timeout, void *data)
        /* used also to reset start_time after edg_wll_ssl_accept! */
        /* gettimeofday(&start_time,0); */
        
-       ctx->noAuth = noAuth || amIroot(ctx->peerName, ctx->fqans);
+       ctx->noAuth = noAuth || edg_wll_amIroot(ctx->peerName, ctx->fqans,super_users);
        switch ( noIndex )
        {
        case 0: ctx->noIndex = 0; break;
-       case 1: ctx->noIndex = amIroot(ctx->peerName, ctx->fqans); break;
+       case 1: ctx->noIndex = edg_wll_amIroot(ctx->peerName, ctx->fqans,super_users); break;
        case 2: ctx->noIndex = 1; break;
        }
        ctx->strict_locking = strict_locking;
        ctx->greyjobs = greyjobs;
 
+       ctx->super_users = super_users;
+
        return 0;
 }
 
@@ -1739,22 +1740,6 @@ static int read_roots(const char *file)
        return 0;
 }
 
-static int amIroot(const char *subj, char **fqans)
-{
-       int     i;
-       char    **f;
-
-       if (!subj && !fqans ) return 0;
-       for (i=0; super_users && super_users[i]; i++)
-               if (strncmp(super_users[i], "FQAN:", 5) == 0) {
-                       for (f = fqans; f && *f; f++)
-                               if (strcmp(*f, super_users[i]+5) == 0) return 1;
-               } else
-                       if (strcmp(subj,super_users[i]) == 0) return 1;
-
-       return 0;
-}
-
 static int parse_limits(char *opt, int *j_limit, int *e_limit, int *size_limit)
 {
        return (sscanf(opt, "%d:%d:%d", j_limit, e_limit, size_limit) == 3);
diff --git a/org.glite.lb.server/src/lb_authz.c b/org.glite.lb.server/src/lb_authz.c
index 85cb33c..cc1b2f0 100644 (file)
--- a/org.glite.lb.server/src/lb_authz.c
+++ b/org.glite.lb.server/src/lb_authz.c
@@ -920,3 +920,20 @@ int edg_wll_GetACL(edg_wll_Context ctx, glite_jobid_const_t jobid, edg_wll_Acl *
 
 #endif
 
+
+int edg_wll_amIroot(const char *subj, char **fqans,char **super_users)
+{
+       int     i;
+       char    **f;
+
+       if (!subj && !fqans ) return 0;
+       for (i=0; super_users && super_users[i]; i++)
+               if (strncmp(super_users[i], "FQAN:", 5) == 0) {
+                       for (f = fqans; f && *f; f++)
+                               if (strcmp(*f, super_users[i]+5) == 0) return 1;
+               } else
+                       if (strcmp(subj,super_users[i]) == 0) return 1;
+
+       return 0;
+}
+
diff --git a/org.glite.lb.server/src/notif_match.c b/org.glite.lb.server/src/notif_match.c
index aeb880e..b1d715f 100644 (file)
--- a/org.glite.lb.server/src/notif_match.c
+++ b/org.glite.lb.server/src/notif_match.c
@@ -207,7 +207,8 @@ static int notif_check_acl(edg_wll_Context ctx,const edg_wll_JobStat *stat,const
        int             ret;
 
        edg_wll_ResetError(ctx);
-       if (ctx->noAuth || strcmp(stat->owner,recip) == 0) return 1;
+       if (strcmp(stat->owner,recip) == 0
+               || edg_wll_amIroot(recip,NULL,ctx->super_users)) return 1;
 
        if (stat->acl == NULL) return 0;
 
jra1mw project from LCG CVS.