/**
* \fn msiAclPolicy(msParam_t *msParam, ruleExecInfo_t *)
*
* \brief When called (e.g. from acAclPolicy) and with "STRICT" as the
* argument, this will set the ACL policy (for GeneralQuery) to be
* extended (most strict).
*
* \module core
*
* \since pre-2.1
*
*
* \note Should not be used outside of the rules defined in core.re.
* Once set STRICT, strict mode remains in force (users can't call it in
* another rule to change the mode back to non-strict).
* See core.re.
*
* \usage See clients/icommands/test/rules/
*
* \param[in] msParam - a msParam of type STR_MS_T - can have value 'STRICT'
* \param[in,out] - The RuleExecInfo structure that is automatically
* handled by the rule engine. The user does not include rei as a
* parameter in the rule invocation.
*
* \DolVarDependence
* \DolVarModified
* \iCatAttrDependence
* \iCatAttrModified
* \sideeffect none
*
* \return integer
* \retval status
* \pre none
* \post none
* \sa none
**/
int
msiAclPolicy( msParam_t* msParam, ruleExecInfo_t* ) {
char *inputArg;
std::string strict = "off";
inputArg = ( char * ) msParam->inOutStruct;
if ( inputArg != NULL ) {
if ( strncmp( inputArg, "STRICT", 6 ) == 0 ) {
#ifdef RODS_CAT
chlGenQueryAccessControlSetup( NULL, NULL, NULL, 0, 2 );
strict = "on";
#endif
}
}
else {
#ifdef RODS_CAT
chlGenQueryAccessControlSetup( NULL, NULL, NULL, 0, 0 );
#endif
}
// capture the server properties and set a strict acl prop
irods::server_properties& props = irods::server_properties::getInstance();
props.capture_if_needed();
irods::error ret = props.set_property<std::string>(
irods::STRICT_ACL_KW,
strict );
return 0;
}
/**
* \fn msiAclPolicy(msParam_t *msParam, ruleExecInfo_t *rei)
*
* \brief When called (e.g. from acAclPolicy) and with "STRICT" as the
* argument, this will set the ACL policy (for GeneralQuery) to be
* extended (most strict).
*
* \module core
*
* \since pre-2.1
*
* \author Wayne Schroeder
* \date March 2009
*
* \note Should not be used outside of the rules defined in core.irb.
* Once set STRICT, strict mode remains in force (users can't call it in
* another rule to change the mode back to non-strict).
* See core.irb.
*
* \usage See clients/icommands/test/rules3.0/
*
* \param[in] msParam - a msParam of type STR_MS_T - can have value 'STRICT'
* \param[in,out] rei - The RuleExecInfo structure that is automatically
* handled by the rule engine. The user does not include rei as a
* parameter in the rule invocation.
*
* \DolVarDependence
* \DolVarModified
* \iCatAttrDependence
* \iCatAttrModified
* \sideeffect none
*
* \return integer
* \retval status
* \pre none
* \post none
* \sa none
**/
int
msiAclPolicy( msParam_t *msParam, ruleExecInfo_t *rei ) {
char *inputArg;
inputArg = ( char * ) msParam->inOutStruct;
if ( inputArg != NULL ) {
if ( strncmp( inputArg, "STRICT", 6 ) == 0 ) {
#ifdef RODS_CAT
chlGenQueryAccessControlSetup( NULL, NULL, NULL, 0, 2 );
#endif
}
}
else {
#ifdef RODS_CAT
chlGenQueryAccessControlSetup( NULL, NULL, NULL, 0, 0 );
#endif
}
return ( 0 );
}
int
_rsGenQuery (rsComm_t *rsComm, genQueryInp_t *genQueryInp,
genQueryOut_t **genQueryOut)
{
int status;
static int ruleExecuted=0;
ruleExecInfo_t rei;
static int ruleResult=0;
static int PrePostProcForGenQueryFlag = -2;
int i, argc;
ruleExecInfo_t rei2;
char *args[MAX_NUM_OF_ARGS_IN_ACTION];
if (PrePostProcForGenQueryFlag < 0) {
if (getenv("PREPOSTPROCFORGENQUERYFLAG") != NULL)
PrePostProcForGenQueryFlag = 1;
else
PrePostProcForGenQueryFlag = 0;
}
memset ((char*)&rei2, 0, sizeof (ruleExecInfo_t));
rei2.rsComm = rsComm;
if (rsComm != NULL) {
rei2.uoic = &rsComm->clientUser;
rei2.uoip = &rsComm->proxyUser;
}
/* printGenQI(genQueryInp); for debug */
*genQueryOut = (genQueryOut_t*)malloc(sizeof(genQueryOut_t));
memset((char *)*genQueryOut, 0, sizeof(genQueryOut_t));
if (ruleExecuted==0) {
#if 0
msParam_t *outMsParam;
#endif
memset((char*)&rei,0,sizeof(rei));
rei.rsComm = rsComm;
if (rsComm != NULL) {
/* Include the user info for possible use by the rule. Note
that when this is called (as the agent is initializing),
this user info is not confirmed yet. For password
authentication though, the agent will soon exit if this
is not valid. But tor GSI, the user information may not
be present and/or may be changed when the authentication
completes, so it may not be safe to use this in a GSI
enabled environment. This addition of user information
was requested by ARCS/IVEC (Sean Fleming) to avoid a
local patch.
*/
rei.uoic = &rsComm->clientUser;
rei.uoip = &rsComm->proxyUser;
}
#ifdef RULE_ENGINE_N
if (getRuleEngineStatus() == UNINITIALIZED) {
/* Skip the call to run acAclPolicy if the Rule Engine
hasn't been initialized yet, which happens for a couple
initial queries made by the agent when starting up. The
new RE logs these types of errors and so this avoids that.
*/
status = -1;
}
else
#endif
{
status = applyRule ("acAclPolicy", NULL, &rei, NO_SAVE_REI);
ruleResult = rei.status;
}
if (status==0) {
ruleExecuted=1; /* No need to retry next time since it
succeeded. Since this is called at
startup, the Rule Engine may not be
initialized yet, in which case the
default setting is fine and we should
retry next time. */
#if 0
/* No longer need this as msiAclPolicy calls
chlGenQueryAccessControlSetup to set the flag. Leaving
it in the code for now in case needed later. */
outMsParam = getMsParamByLabel(&rei.inOutMsParamArray, "STRICT");
printf("outMsParam=%x\n",(int)outMsParam);
if (outMsParam != NULL) {
ruleResult=1;
}
#endif
}
#if 0
printf("rsGenQuery rule status=%d ruleResult=%d\n",status,ruleResult);
#endif
}
chlGenQueryAccessControlSetup(rsComm->clientUser.userName,
rsComm->clientUser.rodsZone,
rsComm->clientAddr,
rsComm->clientUser.authInfo.authFlag,
-1);
#if 0
rodsLog (LOG_NOTICE,
"_rsGenQuery debug: client %s %d proxy %s %d",
rsComm->clientUser.userName,
rsComm->clientUser.authInfo.authFlag,
rsComm->proxyUser.userName,
rsComm->proxyUser.authInfo.authFlag);
#endif
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
if (PrePostProcForGenQueryFlag == 1) {
args[0] = (char *) malloc(300);
sprintf(args[0],"%ld",(long) genQueryInp);
argc = 1;
i = applyRuleArg("acPreProcForGenQuery",args,argc, &rei2, NO_SAVE_REI);
free(args[0]);
if (i < 0) {
rodsLog (LOG_ERROR,
"rsGenQuery:acPreProcForGenQuery error,stat=%d", i);
if (i != NO_MICROSERVICE_FOUND_ERR)
return i;
}
}
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
status = chlGenQuery(*genQueryInp, *genQueryOut);
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
if (PrePostProcForGenQueryFlag == 1) {
args[0] = (char *) malloc(300);
args[1] = (char *) malloc(300);
args[2] = (char *) malloc(300);
sprintf(args[0],"%ld",(long) genQueryInp);
sprintf(args[1],"%ld",(long) *genQueryOut);
sprintf(args[2],"%d",status);
argc = 3;
i = applyRuleArg("acPostProcForGenQuery",args,argc, &rei2, NO_SAVE_REI);
free(args[0]);
free(args[1]);
free(args[2]);
if (i < 0) {
rodsLog (LOG_ERROR,
"rsGenQuery:acPostProcForGenQuery error,stat=%d", i);
if (i != NO_MICROSERVICE_FOUND_ERR)
return i;
}
}
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
if (status < 0) {
clearGenQueryOut (*genQueryOut);
free (*genQueryOut);
*genQueryOut = NULL;
if (status != CAT_NO_ROWS_FOUND) {
rodsLog (LOG_NOTICE,
"_rsGenQuery: genQuery status = %d", status);
}
return (status);
}
return (status);
}
int
_rsGenQuery( rsComm_t *rsComm, genQueryInp_t *genQueryInp,
genQueryOut_t **genQueryOut ) {
int status;
static int ruleExecuted = 0;
ruleExecInfo_t rei;
static int PrePostProcForGenQueryFlag = -2;
int i, argc;
ruleExecInfo_t rei2;
char *args[MAX_NUM_OF_ARGS_IN_ACTION];
if ( PrePostProcForGenQueryFlag < 0 ) {
if ( getenv( "PREPOSTPROCFORGENQUERYFLAG" ) != NULL ) {
PrePostProcForGenQueryFlag = 1;
}
else {
PrePostProcForGenQueryFlag = 0;
}
}
memset( ( char* )&rei2, 0, sizeof( ruleExecInfo_t ) );
rei2.rsComm = rsComm;
if ( rsComm != NULL ) {
rei2.uoic = &rsComm->clientUser;
rei2.uoip = &rsComm->proxyUser;
}
/* printGenQI(genQueryInp); for debug */
*genQueryOut = ( genQueryOut_t* )malloc( sizeof( genQueryOut_t ) );
memset( ( char * )*genQueryOut, 0, sizeof( genQueryOut_t ) );
if ( ruleExecuted == 0 ) {
memset( ( char* )&rei, 0, sizeof( rei ) );
rei.rsComm = rsComm;
if ( rsComm != NULL ) {
/* Include the user info for possible use by the rule. Note
that when this is called (as the agent is initializing),
this user info is not confirmed yet. For password
authentication though, the agent will soon exit if this
is not valid. But tor GSI, the user information may not
be present and/or may be changed when the authentication
completes, so it may not be safe to use this in a GSI
enabled environment. This addition of user information
was requested by ARCS/IVEC (Sean Fleming) to avoid a
local patch.
*/
rei.uoic = &rsComm->clientUser;
rei.uoip = &rsComm->proxyUser;
}
if ( getRuleEngineStatus() == UNINITIALIZED ) {
/* Skip the call to run acAclPolicy if the Rule Engine
hasn't been initialized yet, which happens for a couple
initial queries made by the agent when starting up. The
new RE logs these types of errors and so this avoids that.
*/
status = -1;
}
else {
status = applyRule( "acAclPolicy", NULL, &rei, NO_SAVE_REI );
}
if ( status == 0 ) {
ruleExecuted = 1; /* No need to retry next time since it
succeeded. Since this is called at
startup, the Rule Engine may not be
initialized yet, in which case the
default setting is fine and we should
retry next time. */
}
}
// =-=-=-=-=-=-=-
// verify that we are running a query for another agent connection
irods::server_properties& props = irods::server_properties::getInstance();
props.capture_if_needed();
std::string svr_sid;
irods::error err = props.get_property< std::string >( irods::AGENT_CONN_KW, svr_sid );
bool agent_conn_flg = err.ok();
// =-=-=-=-=-=-=-
// detect if a request for disable of strict acls is made
int acl_val = -1;
char* dis_kw = getValByKey( &genQueryInp->condInput, DISABLE_STRICT_ACL_KW );
if ( agent_conn_flg && dis_kw ) {
acl_val = 0;
}
// =-=-=-=-=-=-=-
// cache the old acl value for reuse later if necessary
int old_acl_val = chlGenQueryAccessControlSetup(
rsComm->clientUser.userName,
rsComm->clientUser.rodsZone,
rsComm->clientAddr,
rsComm->clientUser.authInfo.authFlag,
acl_val );
if ( PrePostProcForGenQueryFlag == 1 ) {
args[0] = ( char * ) malloc( 300 );
sprintf( args[0], "%ld", ( long ) genQueryInp );
argc = 1;
i = applyRuleArg( "acPreProcForGenQuery", args, argc, &rei2, NO_SAVE_REI );
free( args[0] );
if ( i < 0 ) {
rodsLog( LOG_ERROR,
"rsGenQuery:acPreProcForGenQuery error,stat=%d", i );
if ( i != NO_MICROSERVICE_FOUND_ERR ) {
return i;
}
}
}
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
status = chlGenQuery( *genQueryInp, *genQueryOut );
// =-=-=-=-=-=-=-
// if a disable was requested, repave with old value immediately
if ( agent_conn_flg && dis_kw ) {
chlGenQueryAccessControlSetup(
rsComm->clientUser.userName,
rsComm->clientUser.rodsZone,
rsComm->clientAddr,
rsComm->clientUser.authInfo.authFlag,
old_acl_val );
}
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
if ( PrePostProcForGenQueryFlag == 1 ) {
args[0] = ( char * ) malloc( 300 );
args[1] = ( char * ) malloc( 300 );
args[2] = ( char * ) malloc( 300 );
sprintf( args[0], "%ld", ( long ) genQueryInp );
sprintf( args[1], "%ld", ( long ) *genQueryOut );
sprintf( args[2], "%d", status );
argc = 3;
i = applyRuleArg( "acPostProcForGenQuery", args, argc, &rei2, NO_SAVE_REI );
free( args[0] );
free( args[1] );
free( args[2] );
if ( i < 0 ) {
rodsLog( LOG_ERROR,
"rsGenQuery:acPostProcForGenQuery error,stat=%d", i );
if ( i != NO_MICROSERVICE_FOUND_ERR ) {
return i;
}
}
}
/** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/
if ( status < 0 ) {
clearGenQueryOut( *genQueryOut );
free( *genQueryOut );
*genQueryOut = NULL;
if ( status != CAT_NO_ROWS_FOUND ) {
rodsLog( LOG_NOTICE,
"_rsGenQuery: genQuery status = %d", status );
}
return status;
}
return status;
}
int
main( int argc, char **argv ) {
int i1 = 0, i2 = 0, i3 = 0, i = 0;
genQueryInp_t genQueryInp;
int i1a[10];
int i2a[10];
int done = 0;
int mode = 0;
char *condVal[2];
char v1[20];
/* remove this call or change to LOG_NOTICE for more verbosity */
rodsLogLevel( LOG_ERROR );
/* this will cause the sql to be printed, comment this out to skip it */
rodsLogSqlReq( 1 );
i1 = 7;
i2 = 5;
done = 0;
mode = 0;
if ( argc >= 2 ) {
if ( strcmp( argv[1], "gen" ) == 0 ) {
mode = 1;
}
if ( strcmp( argv[1], "ls" ) == 0 ) {
mode = 2;
}
if ( strcmp( argv[1], "gen2" ) == 0 ) {
mode = 3;
}
if ( strcmp( argv[1], "gen3" ) == 0 ) {
mode = 4;
}
if ( strcmp( argv[1], "gen4" ) == 0 ) {
mode = 5;
}
if ( strcmp( argv[1], "gen5" ) == 0 ) {
mode = 6;
}
if ( strcmp( argv[1], "gen6" ) == 0 ) {
mode = 7;
}
if ( strcmp( argv[1], "gen7" ) == 0 ) {
mode = 8;
}
if ( strcmp( argv[1], "gen8" ) == 0 ) {
mode = 9;
}
if ( strcmp( argv[1], "gen9" ) == 0 ) {
mode = 10;
}
if ( strcmp( argv[1], "gen10" ) == 0 ) {
mode = 11;
}
if ( strcmp( argv[1], "gen11" ) == 0 ) {
mode = 12;
}
if ( strcmp( argv[1], "gen12" ) == 0 ) {
mode = 13;
}
if ( strcmp( argv[1], "gen13" ) == 0 ) {
mode = 14;
}
if ( strcmp( argv[1], "lsr" ) == 0 ) {
mode = 15;
}
if ( strcmp( argv[1], "gen15" ) == 0 ) {
mode = 16;
}
}
if ( argc == 3 && mode == 0 ) {
i1 = atoi( argv[1] );
i2 = atoi( argv[2] );
sTest( i1, i2 );
done++;
}
if ( argc == 4 && mode == 0 ) {
i1 = atoi( argv[1] );
i2 = atoi( argv[2] );
i3 = atoi( argv[3] );
sTest2( i1, i2, i3 );
done++;
}
if ( argc == 2 && mode == 0 ) {
int j;
j = atoi( argv[1] );
if ( j >= 0 ) {
printf( "finding cycles starting with table %d\n", j );
i = findCycles( j );
printf( "status = %d\n", i );
}
else {
printf( "finding cycles for all tables\n" );
printf( "last test should be -816000 if last table finished\n" );
i = 0;
for ( j = 0; i == 0; j++ ) {
i = findCycles( j );
printf( "starting with table %d status = %d\n", j, i );
}
if ( j > 70 && i == CAT_INVALID_ARGUMENT ) {
printf(
"Success: Searched all tables (0 to %d) and no cycles found\n",
j - 1 );
exit( 0 );
}
else {
exit( 5 );
}
}
done++;
}
memset( ( char* )&genQueryInp, 0, sizeof( genQueryInp ) );
genQueryInp.maxRows = 10;
genQueryInp.continueInx = 0;
/*
(another test case that could be used)
i1a[0]=COL_R_RESC_NAME;
i1a[1]=COL_R_ZONE_NAME;
i1a[2]=COL_R_TYPE_NAME;
i1a[3]=COL_R_CLASS_NAME;
*/
/* i1a[0]=COL_COLL_INHERITANCE; */
i1a[0] = COL_COLL_NAME;
genQueryInp.selectInp.inx = i1a;
genQueryInp.selectInp.len = 1;
i2a[0] = COL_D_DATA_PATH;
genQueryInp.sqlCondInp.inx = i2a;
strcpy( v1, "='b'" );
condVal[0] = v1;
genQueryInp.sqlCondInp.value = condVal;
genQueryInp.sqlCondInp.len = 1;
if ( mode == 1 ) {
if ( argc == 3 ) {
i1a[0] = atoi( argv[2] );
}
}
if ( done == 0 ) {
int status;
genQueryOut_t result;
rodsEnv myEnv;
memset( ( char * )&result, 0, sizeof( result ) );
memset( ( char * )&myEnv, 0, sizeof( myEnv ) );
status = getRodsEnv( &myEnv );
if ( status < 0 ) {
rodsLog( LOG_ERROR, "main: getRodsEnv error. status = %d",
status );
exit( 1 );
}
// capture server properties
irods::server_properties::getInstance().capture();
if ( ( status = chlOpen() ) != 0 ) {
rodsLog( LOG_SYS_FATAL,
"chlopen Error. Status = %d",
status );
return status;
}
/* This is no longer ifdef'ed GEN_QUERY_AC (since msiAclPolicy
now used), so just do it. */
chlGenQueryAccessControlSetup( myEnv.rodsUserName,
myEnv.rodsZone,
"",
LOCAL_PRIV_USER_AUTH, 1 );
if ( strstr( myEnv.rodsDebug, "CAT" ) != NULL ) {
chlDebug( myEnv.rodsDebug );
}
if ( mode == 2 ) {
/* doLs(); */
doLs2();
exit( 0 );
}
if ( mode == 3 ) {
doTest2();
exit( 0 );
}
if ( mode == 4 ) {
doTest3();
exit( 0 );
}
if ( mode == 5 ) {
doTest4();
exit( 0 );
}
if ( mode == 6 ) {
doTest5();
exit( 0 );
}
if ( mode == 7 ) {
doTest6( argv[2] );
exit( 0 );
}
if ( mode == 8 ) {
status = doTest7( argv[2], argv[3], argv[4], argv[5] );
if ( status < 0 ) {
exit( 1 );
}
exit( 0 );
}
if ( mode == 9 ) {
status = doTest8( argv[2], argv[3], argv[4] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 10 ) {
status = doTest9( argv[2], argv[3] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 11 ) {
status = doTest10( argv[2], argv[3], argv[4], argv[5] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 12 ) {
status = doTest11( argv[2], argv[3], argv[4], argv[5], argv[6] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 13 ) {
status = doTest12( argv[2], argv[3], argv[4], argv[5] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 14 ) {
status = doTest13( argv[2], argv[3], argv[4], argv[5], argv[6] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 15 ) {
try {
int reps = boost::lexical_cast<int>( argv[2] );
reps = reps > 0 && reps <= std::numeric_limits<int>::max() ? reps : 0;
status = doLs3( reps );
} catch ( boost::bad_lexical_cast e ) {
exit( 2 );
}
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
if ( mode == 16 ) {
status = doTest15( argv[2], argv[3], argv[4] );
if ( status < 0 ) {
exit( 2 );
}
exit( 0 );
}
genQueryInp.maxRows = 2;
i = chlGenQuery( genQueryInp, &result );
printf( "chlGenQuery status=%d\n", i );
printf( "result.rowCnt=%d\n", result.rowCnt );
if ( result.rowCnt > 0 ) {
int i;
for ( i = 0; i < result.rowCnt; i++ ) {
printf( "result.SqlResult[%d].value=%s\n", i,
result.sqlResult[i].value );
}
}
}
exit( 0 );
}
