/* vg.remove(string group, string name) */
xmlrpc_value *m_vg_remove(xmlrpc_env *env, xmlrpc_value *p, void *c)
{
LOG_TRACEME
xmlrpc_value *params;
char *group, *name;
int rc, gid = 0;
xid_t xid;
params = method_init(env, p, c, VCD_CAP_AUTH, 0);
method_return_if_fault(env);
xmlrpc_decompose_value(env, params,
"{s:s,s:s,*}",
"group", &group,
"name", &name);
method_return_if_fault(env);
if (!validate_group(group))
method_return_faultf(env, MEINVAL,
"invalid group value: %s", group);
if (str_equal(group, "all"))
method_return_faultf(env, MEINVAL,
"cannot remove reserved group '%s'", group);
if (!(gid = vxdb_getgid(group)))
method_return_fault(env, MENOVG);
if (!str_isempty(name)) {
if (!validate_name(name))
method_return_faultf(env, MEINVAL,
"invalid name value: %s", name);
if (!(xid = vxdb_getxid(name)))
method_return_fault(env, MENOVPS);
rc = vxdb_exec(
"DELETE FROM xid_gid_map WHERE xid = %d AND gid = %d",
xid, gid);
}
else {
rc = vxdb_exec(
"BEGIN EXCLUSIVE TRANSACTION;"
"DELETE FROM xid_gid_map WHERE gid = %d;"
"DELETE FROM groups WHERE gid = %d;"
"COMMIT TRANSACTION;",
gid, gid);
}
if (rc != VXDB_OK)
method_return_vxdb_fault(env);
return xmlrpc_nil_new(env);
}
/* part_filter_set - Set the partition's hidden flag based upon a user's
* group access. This must be followed by a call to part_filter_clear() */
extern void part_filter_set(uid_t uid)
{
struct part_record *part_ptr;
ListIterator part_iterator;
part_iterator = list_iterator_create(part_list);
while ((part_ptr = (struct part_record *) list_next(part_iterator))) {
if (part_ptr->flags & PART_FLAG_HIDDEN)
continue;
if (validate_group (part_ptr, uid) == 0) {
part_ptr->flags |= PART_FLAG_HIDDEN;
part_ptr->flags |= PART_FLAG_HIDDEN_CLR;
}
}
list_iterator_destroy(part_iterator);
}
/*
* pack_all_part - dump all partition information for all partitions in
* machine independent form (for network transmission)
* OUT buffer_ptr - the pointer is set to the allocated buffer.
* OUT buffer_size - set to size of the buffer in bytes
* IN show_flags - partition filtering options
* IN uid - uid of user making request (for partition filtering)
* global: part_list - global list of partition records
* NOTE: the buffer at *buffer_ptr must be xfreed by the caller
* NOTE: change slurm_load_part() in api/part_info.c if data format changes
*/
extern void pack_all_part(char **buffer_ptr, int *buffer_size,
uint16_t show_flags, uid_t uid,
uint16_t protocol_version)
{
ListIterator part_iterator;
struct part_record *part_ptr;
uint32_t parts_packed;
int tmp_offset;
Buf buffer;
time_t now = time(NULL);
buffer_ptr[0] = NULL;
*buffer_size = 0;
buffer = init_buf(BUF_SIZE);
/* write header: version and time */
parts_packed = 0;
pack32(parts_packed, buffer);
pack_time(now, buffer);
/* write individual partition records */
part_iterator = list_iterator_create(part_list);
while ((part_ptr = (struct part_record *) list_next(part_iterator))) {
xassert (part_ptr->magic == PART_MAGIC);
if (((show_flags & SHOW_ALL) == 0) && (uid != 0) &&
((part_ptr->flags & PART_FLAG_HIDDEN)
|| (validate_group (part_ptr, uid) == 0)))
continue;
pack_part(part_ptr, buffer, protocol_version);
parts_packed++;
}
list_iterator_destroy(part_iterator);
/* put the real record count in the message body header */
tmp_offset = get_buf_offset(buffer);
set_buf_offset(buffer, 0);
pack32(parts_packed, buffer);
set_buf_offset(buffer, tmp_offset);
*buffer_size = get_buf_offset(buffer);
buffer_ptr[0] = xfer_buf_data(buffer);
}
/****************************************************************************
check for authority to login to a service with a given username/password
****************************************************************************/
BOOL authorise_login(int snum,char *user,char *password, int pwlen,
BOOL *guest,BOOL *force,uint16 vuid)
{
BOOL ok = False;
*guest = False;
#if DEBUG_PASSWORD
DEBUG(100,("checking authorisation on user=%s pass=%s\n",user,password));
#endif
/* there are several possibilities:
1) login as the given user with given password
2) login as a previously registered username with the given password
3) login as a session list username with the given password
4) login as a previously validated user/password pair
5) login as the "user ="******"user ="******"ACCEPTED: given username password ok\n"));
}
/* check for a previously registered guest username */
if (!ok && (vuser != 0) && vuser->guest) {
if (user_ok(vuser->name,snum) &&
password_ok(vuser->name, password, pwlen, NULL)) {
pstrcpy(user, vuser->name);
vuser->guest = False;
DEBUG(3,("ACCEPTED: given password with registered user %s\n", user));
ok = True;
}
}
/* now check the list of session users */
if (!ok)
{
char *auser;
char *user_list = strdup(session_users);
if (!user_list) return(False);
for (auser=strtok(user_list,LIST_SEP);
!ok && auser;
auser = strtok(NULL,LIST_SEP))
{
fstring user2;
fstrcpy(user2,auser);
if (!user_ok(user2,snum)) continue;
if (password_ok(user2,password, pwlen, NULL)) {
ok = True;
pstrcpy(user,user2);
DEBUG(3,("ACCEPTED: session list username and given password ok\n"));
}
}
free(user_list);
}
/* check for a previously validated username/password pair */
if (!ok && (!lp_revalidate(snum) || lp_security() > SEC_SHARE) &&
(vuser != 0) && !vuser->guest &&
user_ok(vuser->name,snum)) {
pstrcpy(user,vuser->name);
*guest = False;
DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n"));
ok = True;
}
/* check for a rhosts entry */
if (!ok && user_ok(user,snum) && check_hosts_equiv(user)) {
ok = True;
DEBUG(3,("ACCEPTED: hosts equiv or rhosts entry\n"));
}
/* check the user= fields and the given password */
if (!ok && lp_username(snum)) {
char *auser;
pstring user_list;
StrnCpy(user_list,lp_username(snum),sizeof(pstring));
string_sub(user_list,"%S",lp_servicename(snum));
for (auser=strtok(user_list,LIST_SEP);
auser && !ok;
auser = strtok(NULL,LIST_SEP))
{
if (*auser == '@')
{
auser = validate_group(auser+1,password,pwlen,snum);
if (auser)
{
ok = True;
pstrcpy(user,auser);
DEBUG(3,("ACCEPTED: group username and given password ok\n"));
}
}
else
{
fstring user2;
fstrcpy(user2,auser);
if (user_ok(user2,snum) &&
password_ok(user2,password,pwlen,NULL))
{
ok = True;
pstrcpy(user,user2);
DEBUG(3,("ACCEPTED: user list username and given password ok\n"));
}
}
}
}
} /* not guest only */
/* check for a normal guest connection */
if (!ok && GUEST_OK(snum))
{
fstring guestname;
StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
if (Get_Pwnam(guestname,True))
{
pstrcpy(user,guestname);
ok = True;
DEBUG(3,("ACCEPTED: guest account and guest ok\n"));
}
else
DEBUG(0,("Invalid guest account %s??\n",guestname));
*guest = True;
*force = True;
}
if (ok && !user_ok(user,snum))
{
DEBUG(0,("rejected invalid user %s\n",user));
ok = False;
}
return(ok);
}
BOOL authorise_login(int snum, fstring user, DATA_BLOB password,
BOOL *guest)
{
BOOL ok = False;
#ifdef DEBUG_PASSWORD
DEBUG(100,("authorise_login: checking authorisation on "
"user=%s pass=%s\n", user,password.data));
#endif
*guest = False;
/* there are several possibilities:
1) login as the given user with given password
2) login as a previously registered username with the given
password
3) login as a session list username with the given password
4) login as a previously validated user/password pair
5) login as the "user ="******"user ="******"");
if (!user_list)
return(False);
for (auser=strtok(user_list,LIST_SEP); !ok && auser;
auser = strtok(NULL,LIST_SEP)) {
fstring user2;
fstrcpy(user2,auser);
if (!user_ok(user2,snum))
continue;
if (password_ok(user2,password)) {
ok = True;
fstrcpy(user,user2);
DEBUG(3,("authorise_login: ACCEPTED: session "
"list username (%s) and given "
"password ok\n", user));
}
}
SAFE_FREE(user_list);
}
/* check the user= fields and the given password */
if (!ok && lp_username(snum)) {
char *auser;
pstring user_list;
pstrcpy(user_list,lp_username(snum));
pstring_sub(user_list,"%S",lp_servicename(snum));
for (auser=strtok(user_list,LIST_SEP); auser && !ok;
auser = strtok(NULL,LIST_SEP)) {
if (*auser == '@') {
auser = validate_group(auser+1,password,snum);
if (auser) {
ok = True;
fstrcpy(user,auser);
DEBUG(3,("authorise_login: ACCEPTED: "
"group username and given "
"password ok (%s)\n", user));
}
} else {
fstring user2;
fstrcpy(user2,auser);
if (user_ok(user2,snum) &&
password_ok(user2,password)) {
ok = True;
fstrcpy(user,user2);
DEBUG(3,("authorise_login: ACCEPTED: "
"user list username and "
"given password ok (%s)\n",
user));
}
}
}
}
/* check for a normal guest connection */
if (!ok && GUEST_OK(snum)) {
fstring guestname;
fstrcpy(guestname,lp_guestaccount());
if (Get_Pwnam(guestname)) {
fstrcpy(user,guestname);
ok = True;
DEBUG(3,("authorise_login: ACCEPTED: guest account "
"and guest ok (%s)\n", user));
} else {
DEBUG(0,("authorise_login: Invalid guest account "
"%s??\n",guestname));
}
*guest = True;
}
if (ok && !user_ok(user, snum)) {
DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
ok = False;
}
return(ok);
}
