int testDelRule(rsComm_t *rsComm, char *ruleName, char *userName) { if (userName!=NULL && strlen(userName)>0) { rsComm->clientUser.authInfo.authFlag = LOCAL_USER_AUTH; rsComm->proxyUser.authInfo.authFlag = LOCAL_USER_AUTH; strncpy(rsComm->clientUser.userName, userName, sizeof rsComm->clientUser.userName); } else { rsComm->clientUser.authInfo.authFlag = LOCAL_PRIV_USER_AUTH; rsComm->proxyUser.authInfo.authFlag = LOCAL_PRIV_USER_AUTH; } return(chlDelRuleExec(rsComm, ruleName)); }
int _rsRuleExecDel( rsComm_t *rsComm, ruleExecDelInp_t *ruleExecDelInp ) { genQueryOut_t *genQueryOut = NULL; int status; sqlResult_t *reiFilePath; sqlResult_t *ruleUserName; char reiDir[MAX_NAME_LEN]; std::string svc_role; irods::error ret = get_catalog_service_role(svc_role); if(!ret.ok()) { irods::log(PASS(ret)); return ret.code(); } status = getReInfoById( rsComm, ruleExecDelInp->ruleExecId, &genQueryOut ); if ( status < 0 ) { rodsLog( LOG_ERROR, "_rsRuleExecDel: getReInfoById failed, status = %d", status ); /* unregister it anyway */ if( irods::CFG_SERVICE_ROLE_PROVIDER == svc_role ) { status = chlDelRuleExec( rsComm, ruleExecDelInp->ruleExecId ); if ( status < 0 ) { rodsLog( LOG_ERROR, "_rsRuleExecDel: chlDelRuleExec for %s error, status = %d", ruleExecDelInp->ruleExecId, status ); } return status; } else if( irods::CFG_SERVICE_ROLE_CONSUMER == svc_role ) { rodsLog( LOG_ERROR, "_rsRuleExecDel: chlDelRuleExec only in ICAT host" ); return SYS_NO_RCAT_SERVER_ERR; } else { const auto err{ERROR(SYS_SERVICE_ROLE_NOT_SUPPORTED, (boost::format("role not supported [%s]") % svc_role.c_str()).str().c_str())}; irods::log(err); return err.code(); } } if ( ( reiFilePath = getSqlResultByInx( genQueryOut, COL_RULE_EXEC_REI_FILE_PATH ) ) == NULL ) { rodsLog( LOG_NOTICE, "_rsRuleExecDel: getSqlResultByInx for REI_FILE_PATH failed" ); return UNMATCHED_KEY_OR_INDEX; } /* First check permission (now that API is allowed for non-admin users) */ if ( rsComm->proxyUser.authInfo.authFlag < LOCAL_PRIV_USER_AUTH ) { if ( rsComm->proxyUser.authInfo.authFlag == LOCAL_USER_AUTH ) { if ( ( ruleUserName = getSqlResultByInx( genQueryOut, COL_RULE_EXEC_USER_NAME ) ) == NULL ) { rodsLog( LOG_NOTICE, "_rsRuleExecDel: getSqlResultByInx for COL_RULE_EXEC_USER_NAME failed" ); return UNMATCHED_KEY_OR_INDEX; } if ( strncmp( ruleUserName->value, rsComm->clientUser.userName, MAX_NAME_LEN ) != 0 ) { return USER_ACCESS_DENIED; } } else { return USER_ACCESS_DENIED; } } /* some sanity check */ snprintf( reiDir, MAX_NAME_LEN, "/%-s/%-s.", PACKED_REI_DIR, REI_FILE_NAME ); if ( strstr( reiFilePath->value, reiDir ) == NULL ) { if( irods::CFG_SERVICE_ROLE_PROVIDER == svc_role ) { int i; char errMsg[105]; rodsLog( LOG_NOTICE, "_rsRuleExecDel: reiFilePath: %s is not a proper rei path", reiFilePath->value ); /* Try to unregister it anyway */ status = chlDelRuleExec( rsComm, ruleExecDelInp->ruleExecId ); if ( status ) { return ( status ); /* that failed too, report it */ } /* Add a message to the error stack for the client user */ snprintf( errMsg, sizeof errMsg, "Rule was removed but reiPath was invalid: %s", reiFilePath->value ); i = addRErrorMsg( &rsComm->rError, 0, errMsg ); if ( i < 0 ) { irods::log( ERROR( i, "addRErrorMsg failed" ) ); } freeGenQueryOut( &genQueryOut ); return SYS_INVALID_FILE_PATH; } else if( irods::CFG_SERVICE_ROLE_CONSUMER == svc_role ) { rodsLog( LOG_ERROR, "_rsRuleExecDel: chlDelRuleExec only in ICAT host" ); return SYS_NO_RCAT_SERVER_ERR; } else { const auto err{ERROR(SYS_SERVICE_ROLE_NOT_SUPPORTED, (boost::format("role not supported [%s]") % svc_role.c_str()).str().c_str())}; irods::log(err); return err.code(); } } status = unlink( reiFilePath->value ); if ( status < 0 ) { status = UNIX_FILE_UNLINK_ERR - errno; rodsLog( LOG_ERROR, "_rsRuleExecDel: unlink of %s error, status = %d", reiFilePath->value, status ); if ( errno != ENOENT ) { freeGenQueryOut( &genQueryOut ); return status; } } if( irods::CFG_SERVICE_ROLE_PROVIDER == svc_role ) { int unlinkStatus = status; /* unregister it */ status = chlDelRuleExec( rsComm, ruleExecDelInp->ruleExecId ); if ( status < 0 ) { rodsLog( LOG_ERROR, "_rsRuleExecDel: chlDelRuleExec for %s error, status = %d", ruleExecDelInp->ruleExecId, status ); } if ( unlinkStatus ) { int i; char errMsg[105]; /* Add a message to the error stack for the client user */ snprintf( errMsg, sizeof errMsg, "Rule was removed but unlink of rei file failed" ); i = addRErrorMsg( &rsComm->rError, 0, errMsg ); if ( i < 0 ) { irods::log( ERROR( i, "addRErrorMsg failed" ) ); } snprintf( errMsg, sizeof errMsg, "rei file: %s", reiFilePath->value ); i = addRErrorMsg( &rsComm->rError, 1, errMsg ); if (i < 0) { irods::log(ERROR(i, "addRErrorMsg failed")); } if ( status == 0 ) { /* return this error if no other error occurred */ status = unlinkStatus; } } freeGenQueryOut( &genQueryOut ); return status; } else if( irods::CFG_SERVICE_ROLE_CONSUMER == svc_role ) { rodsLog( LOG_ERROR, "_rsRuleExecDel: chlDelRuleExec only in ICAT host" ); return SYS_NO_RCAT_SERVER_ERR; } else { const auto err{ERROR(SYS_SERVICE_ROLE_NOT_SUPPORTED, (boost::format("role not supported [%s]") % svc_role.c_str()).str().c_str())}; irods::log(err); return err.code(); } }