From 8da54b00859724b6253b976859b33361a95c68e2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Milo=C5=A1=20Mula=C4=8D?= Date: Wed, 12 Apr 2006 14:34:46 +0000 Subject: [PATCH] added authz checks for RecordTag, GetJobAttrs and GetJobFiles calls (only job owner is allowed to do it) --- org.glite.jp.primary/src/authz.c | 9 ++++++- org.glite.jp.primary/src/soap_ops.c | 51 +++++++++++++++++++++++++++++++++++-- 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/org.glite.jp.primary/src/authz.c b/org.glite.jp.primary/src/authz.c index 3ceba02..f7f415f 100644 --- a/org.glite.jp.primary/src/authz.c +++ b/org.glite.jp.primary/src/authz.c @@ -31,8 +31,14 @@ int glite_jpps_authz(glite_jp_context_t ctx,int op,const char *job,const char *o case SOAP_TYPE___jpsrv__GetJobFiles: case SOAP_TYPE___jpsrv__GetJobAttributes: + case SOAP_TYPE___jpsrv__RecordTag: assert(owner); - return strcmp(owner,ctx->peer) ? glite_jp_stack_error(ctx,&err) : 0; + if (strcmp(owner,ctx->peer)) { + err.desc = "you are not a job owner"; + glite_jp_stack_error(ctx,&err); + return 1; + } + return 0; break; default: @@ -76,3 +82,4 @@ int glite_jpps_readauth(glite_jp_context_t ctx,const char *file) fclose(f); return 0; } + diff --git a/org.glite.jp.primary/src/soap_ops.c b/org.glite.jp.primary/src/soap_ops.c index 61ba754..e2bceaa 100644 --- a/org.glite.jp.primary/src/soap_ops.c +++ b/org.glite.jp.primary/src/soap_ops.c @@ -194,10 +194,22 @@ SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__RecordTag( CONTEXT_FROM_SOAP(soap,ctx); void *file_be,*file_p; glite_jpps_fplug_data_t **pd = NULL; - glite_jp_attrval_t attr[2]; + glite_jp_attrval_t attr[2], meta[2]; + file_be = file_p = NULL; + memset(meta,0,sizeof meta); + meta[0].name = strdup(GLITE_JP_ATTR_OWNER); + + if (glite_jppsbe_get_job_metadata(ctx,in->jobid,meta)) { + goto err; + } + + if (glite_jpps_authz(ctx,SOAP_TYPE___jpsrv__RecordTag,in->jobid,meta[0].value)) { + goto err; + } + attr[0].name = in->tag->name; if (in->tag->value->string) { attr[0].value = in->tag->value->string; @@ -250,6 +262,10 @@ SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__RecordTag( free(pd); return SOAP_OK; +err: + glite_jp_attrval_free(meta,0); + err2fault(ctx,soap); + return SOAP_FAULT; } static void s2jp_qval(const struct jptype__stringOrBlob *in, char **value, int *binary, size_t *size) @@ -405,10 +421,22 @@ SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__GetJobFiles( glite_jp_error_t err; void **pd; struct jptype__jppsFile **f = NULL; + glite_jp_attrval_t meta[2]; memset(&err,0,sizeof err); out->__sizefiles = 0; + memset(meta,0,sizeof meta); + meta[0].name = strdup(GLITE_JP_ATTR_OWNER); + + if (glite_jppsbe_get_job_metadata(ctx,in->jobid,meta)) { + goto err; + } + + if (glite_jpps_authz(ctx,SOAP_TYPE___jpsrv__GetJobFiles,in->jobid,meta[0].value)) { + goto err; + } + for (pd = ctx->plugins; *pd; pd++) { glite_jpps_fplug_data_t *plugin = *pd; @@ -452,6 +480,10 @@ SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__GetJobFiles( memcpy(out->files,f,out->__sizefiles * sizeof *f); return SOAP_OK; +err: + glite_jp_attrval_free(meta,0); + err2fault(ctx,soap); + return SOAP_FAULT; } SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__GetJobAttributes( @@ -459,11 +491,22 @@ SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__GetJobAttributes( struct _jpelem__GetJobAttributes *in, struct _jpelem__GetJobAttributesResponse *out) { - glite_jp_attrval_t *attr; + glite_jp_attrval_t *attr, meta[2]; int i,n; CONTEXT_FROM_SOAP(soap,ctx); + memset(meta,0,sizeof meta); + meta[0].name = strdup(GLITE_JP_ATTR_OWNER); + + if (glite_jppsbe_get_job_metadata(ctx,in->jobid,meta)) { + goto err; + } + + if (glite_jpps_authz(ctx,SOAP_TYPE___jpsrv__GetJobAttributes,in->jobid,meta[0].value)) { + goto err; + } + if (glite_jpps_get_attrs(ctx,in->jobid, in->attributes, in->__sizeattributes,&attr)) { @@ -475,4 +518,8 @@ SOAP_FMAC5 int SOAP_FMAC6 __jpsrv__GetJobAttributes( out->__sizeattrValues = jp2s_attrValues(soap,attr,&out->attrValues,1); return SOAP_OK; +err: + glite_jp_attrval_free(meta,0); + err2fault(ctx,soap); + return SOAP_FAULT; } -- 1.8.2.3