attr_fn_acl.c

openPBS的开放源代码

/*
*         OpenPBS (Portable Batch System) v2.3 Software License
* 
* Copyright (c) 1999-2000 Veridian Information Solutions, Inc.
* All rights reserved.
* 
* ---------------------------------------------------------------------------
* For a license to use or redistribute the OpenPBS software under conditions
* other than those described below, or to purchase support for this software,
* please contact Veridian Systems, PBS Products Department ("Licensor") at:
* 
*    www.OpenPBS.org  +1 650 967-4675                  sales@OpenPBS.org
*                        877 902-4PBS (US toll-free)
* ---------------------------------------------------------------------------
* 
* This license covers use of the OpenPBS v2.3 software (the "Software") at
* your site or location, and, for certain users, redistribution of the
* Software to other sites and locations.  Use and redistribution of
* OpenPBS v2.3 in source and binary forms, with or without modification,
* are permitted provided that all of the following conditions are met.
* After December 31, 2001, only conditions 3-6 must be met:
* 
* 1. Commercial and/or non-commercial use of the Software is permitted
*    provided a current software registration is on file at www.OpenPBS.org.
*    If use of this software contributes to a publication, product, or
*    service, proper attribution must be given; see www.OpenPBS.org/credit.html
* 
* 2. Redistribution in any form is only permitted for non-commercial,
*    non-profit purposes.  There can be no charge for the Software or any
*    software incorporating the Software.  Further, there can be no
*    expectation of revenue generated as a consequence of redistributing
*    the Software.
* 
* 3. Any Redistribution of source code must retain the above copyright notice
*    and the acknowledgment contained in paragraph 6, this list of conditions
*    and the disclaimer contained in paragraph 7.
* 
* 4. Any Redistribution in binary form must reproduce the above copyright
*    notice and the acknowledgment contained in paragraph 6, this list of
*    conditions and the disclaimer contained in paragraph 7 in the
*    documentation and/or other materials provided with the distribution.
* 
* 5. Redistributions in any form must be accompanied by information on how to
*    obtain complete source code for the OpenPBS software and any
*    modifications and/or additions to the OpenPBS software.  The source code
*    must either be included in the distribution or be available for no more
*    than the cost of distribution plus a nominal fee, and all modifications
*    and additions to the Software must be freely redistributable by any party
*    (including Licensor) without restriction.
* 
* 6. All advertising materials mentioning features or use of the Software must
*    display the following acknowledgment:
* 
*     "This product includes software developed by NASA Ames Research Center,
*     Lawrence Livermore National Laboratory, and Veridian Information 
*     Solutions, Inc.
*     Visit www.OpenPBS.org for OpenPBS software support,
*     products, and information."
* 
* 7. DISCLAIMER OF WARRANTY
* 
* THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
* ARE EXPRESSLY DISCLAIMED.
* 
* IN NO EVENT SHALL VERIDIAN CORPORATION, ITS AFFILIATED COMPANIES, OR THE
* U.S. GOVERNMENT OR ANY OF ITS AGENCIES BE LIABLE FOR ANY DIRECT OR INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
* OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* 
* This license will be governed by the laws of the Commonwealth of Virginia,
* without reference to its choice of law rules.
*/
#include <pbs_config.h>   /* the master config generated by configure */

#include <assert.h>
#include <ctype.h>
#include <memory.h>
#ifndef NDEBUG
#include <stdio.h>
#endif
#include <stdlib.h>
#include <string.h>
#include "pbs_ifl.h"
#include "list_link.h"
#include "attribute.h"
#include "pbs_error.h"

static char ident[] = "@(#) $RCSfile: attr_fn_acl.c,v $ $Revision: 2.1.10.5 $";

/*
 * This file contains general functions for attributes of type
 *      User/Group/Hosts Acess Control List.
 *
 * The following functions should be used for the 3 types of ACLs:
 *
 *	 User ACL	 Group ACL	 Host ACL
 *	(+ mgrs + ops)
 *	---------------------------------------------
 * 	decode_arst	decode_arst	decode_arst
 * 	encode_arst	encode_arst	encode_arst
 *	set_uacl	set_arst	set_hostacl
 *	comp_arst	comp_arst	comp_arst
 *	free_arst	free_arst	free_arst
 *
 * The "encoded" or external form of the value is a string with the orginial
 * strings separated by commas (or new-lines) and terminated by a null.
 *
 * The "decoded" form is a set of strings pointed to by an array_strings struct
 *
 * These forms are identical to ATR_TYPE_ARST, and in fact encode_arst(), 
 * comp_arst(), and free_arst() are used for those functions.
 *
 * set_ugacl() is different because of the special  sorting required.
 */

/* External Functions called */

/* Private Functions */

static int hacl_match A_((const char *can, const char *master));
static int user_match A_((const char *can, const char *master));
static int host_order A_((char *old, char *new));
static int user_order A_((char *old, char *new));
static int set_allacl A_((attribute *, attribute *, enum batch_op,
			  int (*order_func)()));

/* for all decode_*acl() - use decode_arst() */
/* for all encode_*acl() - use encode_arst() */

/* 
 * set_uacl - set value of one User ACL attribute to another
 *	with special sorting.
 *
 *	A=B --> set of strings in A replaced by set of strings in B
 *	A+B --> set of strings in B appended to set of strings in A
 *	A-B --> any string in B found is A is removed from A
 *
 *	Returns: 0 if ok
 *		>0 if error
 */

int set_uacl(attr, new, op)
	struct attribute *attr;
	struct attribute *new;
	enum batch_op op;
{

	return (set_allacl(attr, new, op, user_order));
}

/* 
 * set_hostacl - set value of one Host ACL attribute to another
 *	with special sorting.
 *
 *	A=B --> set of strings in A replaced by set of strings in B
 *	A+B --> set of strings in B appended to set of strings in A
 *	A-B --> any string in B found is A is removed from A
 *
 *	Returns: 0 if ok
 *		>0 if error
 */

int set_hostacl(attr, new, op)
	struct attribute *attr;
	struct attribute *new;
	enum batch_op op;
{

	return (set_allacl(attr, new, op, host_order));
}


/*
 * acl_check - check a name:
 *		user or [user@]full_host_name
 *		group_name
 *		full_host_name
 *	against the entries in an access control list.
 *	Match is done by calling the approprate comparison function
 *	with the name and each string from the list in turn.
 *
 * Returns: 1 if access is allowed;  0 if not allowed
 */

int acl_check(pattr, name, type)
	attribute *pattr;
	char      *name;
	int	   type;
{
	int		      i;
#ifdef HOST_ACL_DEFAULT_ALL
	int		      default_rtn = 1;
#else	/* HOST_ACL_DEFAULT_ALL */
	int		      default_rtn = 0;
#endif	/* HOST_ACL_DEFAULT_ALL */
	struct array_strings *pas;
	char		     *pstr;
	int (*match_func) A_((const char *name, const char *master));

	extern char server_host[];

	switch (type) {
	    case ACL_Host:
		match_func = hacl_match;
		break;
	    case ACL_User:
		match_func = user_match;
		break;
	    case ACL_Group:
	    default:
		match_func = (int (*)())strcmp;
		break;
	}
	    
	if ( !(pattr->at_flags & ATR_VFLAG_SET) || 
	    ((pas = pattr->at_val.at_arst) == (struct array_strings *)0) ||
	    (pas->as_usedptr == 0)) {

#ifdef HOST_ACL_DEFAULT_ALL
		/* no list, default to everybody is allowed */
		return (1);
#else
		if (type == ACL_Host) {
			/* if there is no list set, allow only from my host */
			return ( ! hacl_match(name, server_host));
		} else
			return (0);
#endif
	}

	for (i=0; i<pas->as_usedptr; i++) {
		pstr = pas->as_string[i];
		if ((*pstr == '+') || (*pstr == '-')) {
			if (*(pstr+1) == '\0')	/* "+" or "-" sets default */
				if (*pstr == '+')
					default_rtn = 1;
				else
					default_rtn = 0;

			pstr++;		/* skip over +/- if present */
		}
		if ( ! match_func(name, pstr))
			if (*pas->as_string[i] == '-')
				return (0);	/* deny */
			else
				return (1);	/* allow */
	}
	return (default_rtn);
}
	

/*
 * chk_dup_acl - check for duplicate in list (array_strings)
 *	Return 0 if no duplicate, 1 if duplicate within the new list or
 *	between the new and old list.
 */

static int chk_dup_acl(old, new)
	struct array_strings *old;
	struct array_strings *new;
{
	int i;
	int j;

	for (i=0; i<new->as_usedptr; ++i) {

		/* first check against self */

		for (j=0; j<new->as_usedptr; ++j) {

		    if (i != j) {
			if (strcmp(new->as_string[i], new->as_string[j]) == 0)
				return 1;
		    }
		}

		/* next check new against existing (old) strings */

		for (j=0; j<old->as_usedptr; ++j) {

		    if (strcmp(new->as_string[i], old->as_string[j]) == 0)
			return 1;
		}
	}
	return 0;
}

/*
 * set_allacl - general set function for all types of acls
 *	This function is private to this file.  It is called
 *	by the public set function which is specific to the
 *	ACL type.  The public function passes an extra
 *	parameter which indicates the ACL type.
 */

static int set_allacl(attr, new, op, order_func)
	struct attribute *attr;
	struct attribute *new;
	enum batch_op op;
	int (*order_func) A_((char *, char *));
{
	int	 i;
	int	 j;
	int 	 k;
	unsigned long nsize;
	unsigned long need;
	long	 offset;
	char	*pc;
	char	*where;
	int	 used;
	struct array_strings *tmppas;
	struct array_strings *pas;
	struct array_strings *newpas;
	extern void free_arst A_((attribute *));

	assert(attr && new && (new->at_flags & ATR_VFLAG_SET));

	pas = attr->at_val.at_arst;	/* array of strings control struct */
	newpas = new->at_val.at_arst;	/* array of strings control struct */
	if ( !newpas )
		return (PBSE_INTERNAL);

	if ( !pas ) {