From: Aleš Křenek Date: Tue, 23 Sep 2008 12:03:05 +0000 (+0000) Subject: favour superusers when delivering notifications X-Git-Tag: myproxy-config-R_2_0_2_1~21 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=83d0f0483e5c479ad45162436b13d0e0e0231a8b;p=jra1mw.git favour superusers when delivering notifications --- diff --git a/org.glite.lb.common/interface/context-int.h b/org.glite.lb.common/interface/context-int.h index 6222591..e5f5aba 100644 --- a/org.glite.lb.common/interface/context-int.h +++ b/org.glite.lb.common/interface/context-int.h @@ -153,6 +153,8 @@ glite_lb_padded_struct(_edg_wll_Context,150, edg_wll_QueryRec **notif_index; void *notif_index_cols; time_t notifDurationMax; + + char **super_users; ) /* to be used internally: set, update and and clear the error information in diff --git a/org.glite.lb.server/interface/lb_authz.h b/org.glite.lb.server/interface/lb_authz.h index a2f4149..fb078b9 100644 --- a/org.glite.lb.server/interface/lb_authz.h +++ b/org.glite.lb.server/interface/lb_authz.h @@ -65,6 +65,9 @@ edg_wll_FreeVomsGroups(edg_wll_VomsGroups *); extern int check_store_authz(edg_wll_Context ctx, edg_wll_Event *ev); +int edg_wll_amIroot(const char *subj, char **fqans,char **super_users); + + #ifdef __cplusplus } #endif diff --git a/org.glite.lb.server/src/bkserverd.c b/org.glite.lb.server/src/bkserverd.c index 02ba9ae..a7badea 100644 --- a/org.glite.lb.server/src/bkserverd.c +++ b/org.glite.lb.server/src/bkserverd.c @@ -284,7 +284,6 @@ static int decrement_timeout(struct timeval *, struct timeval, struct timeval); static int add_root(char *); static int read_roots(const char *); static int asyn_gethostbyaddr(char **, const char *, int, int, struct timeval *); -static int amIroot(const char *, char **); static int parse_limits(char *, int *, int *, int *); static int check_mkdir(const char *); @@ -1149,16 +1148,18 @@ int bk_handle_connection(int conn, struct timeval *timeout, void *data) /* used also to reset start_time after edg_wll_ssl_accept! */ /* gettimeofday(&start_time,0); */ - ctx->noAuth = noAuth || amIroot(ctx->peerName, ctx->fqans); + ctx->noAuth = noAuth || edg_wll_amIroot(ctx->peerName, ctx->fqans,super_users); switch ( noIndex ) { case 0: ctx->noIndex = 0; break; - case 1: ctx->noIndex = amIroot(ctx->peerName, ctx->fqans); break; + case 1: ctx->noIndex = edg_wll_amIroot(ctx->peerName, ctx->fqans,super_users); break; case 2: ctx->noIndex = 1; break; } ctx->strict_locking = strict_locking; ctx->greyjobs = greyjobs; + ctx->super_users = super_users; + return 0; } @@ -1739,22 +1740,6 @@ static int read_roots(const char *file) return 0; } -static int amIroot(const char *subj, char **fqans) -{ - int i; - char **f; - - if (!subj && !fqans ) return 0; - for (i=0; super_users && super_users[i]; i++) - if (strncmp(super_users[i], "FQAN:", 5) == 0) { - for (f = fqans; f && *f; f++) - if (strcmp(*f, super_users[i]+5) == 0) return 1; - } else - if (strcmp(subj,super_users[i]) == 0) return 1; - - return 0; -} - static int parse_limits(char *opt, int *j_limit, int *e_limit, int *size_limit) { return (sscanf(opt, "%d:%d:%d", j_limit, e_limit, size_limit) == 3); diff --git a/org.glite.lb.server/src/lb_authz.c b/org.glite.lb.server/src/lb_authz.c index 85cb33c..cc1b2f0 100644 --- a/org.glite.lb.server/src/lb_authz.c +++ b/org.glite.lb.server/src/lb_authz.c @@ -920,3 +920,20 @@ int edg_wll_GetACL(edg_wll_Context ctx, glite_jobid_const_t jobid, edg_wll_Acl * #endif + +int edg_wll_amIroot(const char *subj, char **fqans,char **super_users) +{ + int i; + char **f; + + if (!subj && !fqans ) return 0; + for (i=0; super_users && super_users[i]; i++) + if (strncmp(super_users[i], "FQAN:", 5) == 0) { + for (f = fqans; f && *f; f++) + if (strcmp(*f, super_users[i]+5) == 0) return 1; + } else + if (strcmp(subj,super_users[i]) == 0) return 1; + + return 0; +} + diff --git a/org.glite.lb.server/src/notif_match.c b/org.glite.lb.server/src/notif_match.c index aeb880e..b1d715f 100644 --- a/org.glite.lb.server/src/notif_match.c +++ b/org.glite.lb.server/src/notif_match.c @@ -207,7 +207,8 @@ static int notif_check_acl(edg_wll_Context ctx,const edg_wll_JobStat *stat,const int ret; edg_wll_ResetError(ctx); - if (ctx->noAuth || strcmp(stat->owner,recip) == 0) return 1; + if (strcmp(stat->owner,recip) == 0 + || edg_wll_amIroot(recip,NULL,ctx->super_users)) return 1; if (stat->acl == NULL) return 0;