From 0783e4fe2ad3211a9e27a512b5ff6b9f6f53a9a7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zden=C4=9Bk=20=C5=A0ustr?= Date: Tue, 21 Feb 2012 15:57:31 +0000 Subject: [PATCH] HTTPs notif details fixed - Distinguish between non-existent notifications and other people's notifications - Allow superuser to vew details for all notifications - List owner among notification details --- org.glite.lb.server/src/lb_html.c | 1 + org.glite.lb.server/src/lb_proto.c | 64 ++++++++++++++++++++++---------------- org.glite.lb.server/src/lb_proto.h | 1 + org.glite.lb.server/src/lb_text.c | 1 + 4 files changed, 41 insertions(+), 26 deletions(-) diff --git a/org.glite.lb.server/src/lb_html.c b/org.glite.lb.server/src/lb_html.c index 31ade56..69e16a7 100644 --- a/org.glite.lb.server/src/lb_html.c +++ b/org.glite.lb.server/src/lb_html.c @@ -204,6 +204,7 @@ int edg_wll_NotificationToHTML(edg_wll_Context ctx UNUSED_VAR, notifInfo *ni, ch flags = edg_wll_stat_flags_to_string(ni->flags); printf("flags %d - %s", ni->flags, flags); + TR("Owner", "%s", ni->owner, NULL); TR("Destination", "%s", ni->destination, NULL); TR("Valid until", "%s", ni->valid, NULL); TR("Flags", "%s", flags, NULL); diff --git a/org.glite.lb.server/src/lb_proto.c b/org.glite.lb.server/src/lb_proto.c index 96fb612..5a63f47 100644 --- a/org.glite.lb.server/src/lb_proto.c +++ b/org.glite.lb.server/src/lb_proto.c @@ -49,6 +49,7 @@ limitations under the License. #include "lb_xml_parse_V21.h" #include "db_supp.h" #include "server_notification.h" +#include "authz_policy.h" #define METHOD_GET "GET " @@ -262,36 +263,47 @@ err: static int getNotifInfo(edg_wll_Context ctx, char *notifId, notifInfo *ni){ char *q = NULL; glite_lbu_Statement notif = NULL; - char *notifc[4] = {NULL, NULL, NULL, NULL}; + char *notifc[5] = {NULL, NULL, NULL, NULL, NULL}; - char *can_peername = edg_wll_gss_normalize_subj(ctx->peerName, 0); - char *userid = strmd5(can_peername, NULL); + char *can_peername = NULL; + struct _edg_wll_GssPrincipal_data principal; + int retval = HTTP_OK; - trio_asprintf(&q, "select destination, valid, conditions, flags " - "from notif_registrations " - "where notifid='%s' " - "and userid='%s'", - notifId, userid); + trio_asprintf(&q, "select n.destination, n.valid, n.conditions, n.flags, u.cert_subj " + "from notif_registrations as n, users as u " + "where (n.notifid='%s') AND (n.userid=u.userid)", notifId); glite_common_log_msg(LOG_CATEGORY_LB_SERVER_DB, LOG_PRIORITY_DEBUG, q); - if (edg_wll_ExecSQL(ctx, q, ¬if) < 0) goto err; + if (edg_wll_ExecSQL(ctx, q, ¬if) < 0) return HTTP_INTERNAL; free(q); q = NULL; - ni->notifid = strdup(notifId); + can_peername = edg_wll_gss_normalize_subj(ctx->peerName, 0); + memset(&principal, 0, sizeof principal); + principal.name = can_peername; + principal.fqans = ctx->fqans; + if (edg_wll_FetchRow(ctx, notif, sizeof(notifc)/sizeof(notifc[0]), NULL, notifc)){ - ni->destination = notifc[0]; - ni->valid = notifc[1]; - ni->conditions_text = notifc[2]; - parseJobQueryRec(ctx, notifc[2], strlen(notifc[2]), &(ni->conditions)); - ni->flags = atoi(notifc[3]); - } - else - goto err; - return 0; + if (edg_wll_gss_equal_subj(principal.name, notifc[4]) || ctx->noAuth || check_authz_policy(&ctx->authz_policy, &principal, ADMIN_ACCESS)) { + ni->notifid = strdup(notifId); + ni->destination = notifc[0]; + ni->valid = notifc[1]; + ni->conditions_text = notifc[2]; + parseJobQueryRec(ctx, notifc[2], strlen(notifc[2]), &(ni->conditions)); + ni->flags = atoi(notifc[3]); + ni->owner = notifc[4]; + } + else { + retval = HTTP_UNAUTH; + edg_wll_SetError(ctx, EPERM, "You are not authorized to view details for this Notification ID."); + } + } + else { + retval = HTTP_NOTFOUND; + edg_wll_SetError(ctx, ENOENT, "Notification ID not known."); + } -err: free(can_peername); - return -1; + return retval; } static void freeNotifInfo(notifInfo *ni){ @@ -309,6 +321,7 @@ static void freeNotifInfo(notifInfo *ni){ free(ni->conditions); } if (ni->conditions_text) free(ni->conditions_text); + if (ni->owner) free(ni->owner); } static int getJobsRSS(edg_wll_Context ctx, char *feedType, edg_wll_JobStat **statesOut){ @@ -798,11 +811,10 @@ edg_wll_ErrorCode edg_wll_Proto(edg_wll_Context ctx, pomCopy = strdup(requestPTR + 1); for (pom=pomCopy; *pom && !isspace(*pom); pom++); *pom = 0; - if (getNotifInfo(ctx, strrchr(pomCopy, ':')+1, &ni)){ - ret = HTTP_NOTFOUND; - edg_wll_SetError(ctx, ENOENT, "Notification ID not know."); - goto err; - } + + ret = getNotifInfo(ctx, strrchr(pomCopy, ':')+1, &ni); + if (ret != HTTP_OK) goto err; + free(pomCopy); if (text) { diff --git a/org.glite.lb.server/src/lb_proto.h b/org.glite.lb.server/src/lb_proto.h index 4b0eebe..63496d9 100644 --- a/org.glite.lb.server/src/lb_proto.h +++ b/org.glite.lb.server/src/lb_proto.h @@ -46,6 +46,7 @@ typedef struct _notifInfo{ edg_wll_QueryRec **conditions; char *conditions_text; int flags; + char *owner; } notifInfo; extern char *edg_wll_HTTPErrorMessage(int); diff --git a/org.glite.lb.server/src/lb_text.c b/org.glite.lb.server/src/lb_text.c index 9913e0d..f882a90 100644 --- a/org.glite.lb.server/src/lb_text.c +++ b/org.glite.lb.server/src/lb_text.c @@ -177,6 +177,7 @@ int edg_wll_NotificationToText(edg_wll_Context ctx UNUSED_VAR, notifInfo *ni, ch int pomL = 0; TR("Notif_id", "%s", ni->notifid); + TR("Owner", "%s", ni->owner); TR("Destination", "%s", ni->destination); TR("Valid_until", "%s", ni->valid); flags = edg_wll_stat_flags_to_string(ni->flags); -- 1.8.2.3