int _rsGenQuery (rsComm_t *rsComm, genQueryInp_t *genQueryInp, genQueryOut_t **genQueryOut) { int status; static int ruleExecuted=0; ruleExecInfo_t rei; static int ruleResult=0; static int PrePostProcForGenQueryFlag = -2; int i, argc; ruleExecInfo_t rei2; char *args[MAX_NUM_OF_ARGS_IN_ACTION]; if (PrePostProcForGenQueryFlag < 0) { if (getenv("PREPOSTPROCFORGENQUERYFLAG") != NULL) PrePostProcForGenQueryFlag = 1; else PrePostProcForGenQueryFlag = 0; } memset ((char*)&rei2, 0, sizeof (ruleExecInfo_t)); rei2.rsComm = rsComm; if (rsComm != NULL) { rei2.uoic = &rsComm->clientUser; rei2.uoip = &rsComm->proxyUser; } /* printGenQI(genQueryInp); for debug */ *genQueryOut = (genQueryOut_t*)malloc(sizeof(genQueryOut_t)); memset((char *)*genQueryOut, 0, sizeof(genQueryOut_t)); if (ruleExecuted==0) { #if 0 msParam_t *outMsParam; #endif memset((char*)&rei,0,sizeof(rei)); rei.rsComm = rsComm; if (rsComm != NULL) { /* Include the user info for possible use by the rule. Note that when this is called (as the agent is initializing), this user info is not confirmed yet. For password authentication though, the agent will soon exit if this is not valid. But tor GSI, the user information may not be present and/or may be changed when the authentication completes, so it may not be safe to use this in a GSI enabled environment. This addition of user information was requested by ARCS/IVEC (Sean Fleming) to avoid a local patch. */ rei.uoic = &rsComm->clientUser; rei.uoip = &rsComm->proxyUser; } #ifdef RULE_ENGINE_N if (getRuleEngineStatus() == UNINITIALIZED) { /* Skip the call to run acAclPolicy if the Rule Engine hasn't been initialized yet, which happens for a couple initial queries made by the agent when starting up. The new RE logs these types of errors and so this avoids that. */ status = -1; } else #endif { status = applyRule ("acAclPolicy", NULL, &rei, NO_SAVE_REI); ruleResult = rei.status; } if (status==0) { ruleExecuted=1; /* No need to retry next time since it succeeded. Since this is called at startup, the Rule Engine may not be initialized yet, in which case the default setting is fine and we should retry next time. */ #if 0 /* No longer need this as msiAclPolicy calls chlGenQueryAccessControlSetup to set the flag. Leaving it in the code for now in case needed later. */ outMsParam = getMsParamByLabel(&rei.inOutMsParamArray, "STRICT"); printf("outMsParam=%x\n",(int)outMsParam); if (outMsParam != NULL) { ruleResult=1; } #endif } #if 0 printf("rsGenQuery rule status=%d ruleResult=%d\n",status,ruleResult); #endif } chlGenQueryAccessControlSetup(rsComm->clientUser.userName, rsComm->clientUser.rodsZone, rsComm->clientAddr, rsComm->clientUser.authInfo.authFlag, -1); #if 0 rodsLog (LOG_NOTICE, "_rsGenQuery debug: client %s %d proxy %s %d", rsComm->clientUser.userName, rsComm->clientUser.authInfo.authFlag, rsComm->proxyUser.userName, rsComm->proxyUser.authInfo.authFlag); #endif /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ if (PrePostProcForGenQueryFlag == 1) { args[0] = (char *) malloc(300); sprintf(args[0],"%ld",(long) genQueryInp); argc = 1; i = applyRuleArg("acPreProcForGenQuery",args,argc, &rei2, NO_SAVE_REI); free(args[0]); if (i < 0) { rodsLog (LOG_ERROR, "rsGenQuery:acPreProcForGenQuery error,stat=%d", i); if (i != NO_MICROSERVICE_FOUND_ERR) return i; } } /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ status = chlGenQuery(*genQueryInp, *genQueryOut); /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ if (PrePostProcForGenQueryFlag == 1) { args[0] = (char *) malloc(300); args[1] = (char *) malloc(300); args[2] = (char *) malloc(300); sprintf(args[0],"%ld",(long) genQueryInp); sprintf(args[1],"%ld",(long) *genQueryOut); sprintf(args[2],"%d",status); argc = 3; i = applyRuleArg("acPostProcForGenQuery",args,argc, &rei2, NO_SAVE_REI); free(args[0]); free(args[1]); free(args[2]); if (i < 0) { rodsLog (LOG_ERROR, "rsGenQuery:acPostProcForGenQuery error,stat=%d", i); if (i != NO_MICROSERVICE_FOUND_ERR) return i; } } /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ if (status < 0) { clearGenQueryOut (*genQueryOut); free (*genQueryOut); *genQueryOut = NULL; if (status != CAT_NO_ROWS_FOUND) { rodsLog (LOG_NOTICE, "_rsGenQuery: genQuery status = %d", status); } return (status); } return (status); }
int _rsGenQuery( rsComm_t *rsComm, genQueryInp_t *genQueryInp, genQueryOut_t **genQueryOut ) { int status; static int ruleExecuted = 0; ruleExecInfo_t rei; static int PrePostProcForGenQueryFlag = -2; int i, argc; ruleExecInfo_t rei2; char *args[MAX_NUM_OF_ARGS_IN_ACTION]; if ( PrePostProcForGenQueryFlag < 0 ) { if ( getenv( "PREPOSTPROCFORGENQUERYFLAG" ) != NULL ) { PrePostProcForGenQueryFlag = 1; } else { PrePostProcForGenQueryFlag = 0; } } memset( ( char* )&rei2, 0, sizeof( ruleExecInfo_t ) ); rei2.rsComm = rsComm; if ( rsComm != NULL ) { rei2.uoic = &rsComm->clientUser; rei2.uoip = &rsComm->proxyUser; } /* printGenQI(genQueryInp); for debug */ *genQueryOut = ( genQueryOut_t* )malloc( sizeof( genQueryOut_t ) ); memset( ( char * )*genQueryOut, 0, sizeof( genQueryOut_t ) ); if ( ruleExecuted == 0 ) { memset( ( char* )&rei, 0, sizeof( rei ) ); rei.rsComm = rsComm; if ( rsComm != NULL ) { /* Include the user info for possible use by the rule. Note that when this is called (as the agent is initializing), this user info is not confirmed yet. For password authentication though, the agent will soon exit if this is not valid. But tor GSI, the user information may not be present and/or may be changed when the authentication completes, so it may not be safe to use this in a GSI enabled environment. This addition of user information was requested by ARCS/IVEC (Sean Fleming) to avoid a local patch. */ rei.uoic = &rsComm->clientUser; rei.uoip = &rsComm->proxyUser; } if ( getRuleEngineStatus() == UNINITIALIZED ) { /* Skip the call to run acAclPolicy if the Rule Engine hasn't been initialized yet, which happens for a couple initial queries made by the agent when starting up. The new RE logs these types of errors and so this avoids that. */ status = -1; } else { status = applyRule( "acAclPolicy", NULL, &rei, NO_SAVE_REI ); } if ( status == 0 ) { ruleExecuted = 1; /* No need to retry next time since it succeeded. Since this is called at startup, the Rule Engine may not be initialized yet, in which case the default setting is fine and we should retry next time. */ } } // =-=-=-=-=-=-=- // verify that we are running a query for another agent connection irods::server_properties& props = irods::server_properties::getInstance(); props.capture_if_needed(); std::string svr_sid; irods::error err = props.get_property< std::string >( irods::AGENT_CONN_KW, svr_sid ); bool agent_conn_flg = err.ok(); // =-=-=-=-=-=-=- // detect if a request for disable of strict acls is made int acl_val = -1; char* dis_kw = getValByKey( &genQueryInp->condInput, DISABLE_STRICT_ACL_KW ); if ( agent_conn_flg && dis_kw ) { acl_val = 0; } // =-=-=-=-=-=-=- // cache the old acl value for reuse later if necessary int old_acl_val = chlGenQueryAccessControlSetup( rsComm->clientUser.userName, rsComm->clientUser.rodsZone, rsComm->clientAddr, rsComm->clientUser.authInfo.authFlag, acl_val ); if ( PrePostProcForGenQueryFlag == 1 ) { args[0] = ( char * ) malloc( 300 ); sprintf( args[0], "%ld", ( long ) genQueryInp ); argc = 1; i = applyRuleArg( "acPreProcForGenQuery", args, argc, &rei2, NO_SAVE_REI ); free( args[0] ); if ( i < 0 ) { rodsLog( LOG_ERROR, "rsGenQuery:acPreProcForGenQuery error,stat=%d", i ); if ( i != NO_MICROSERVICE_FOUND_ERR ) { return i; } } } /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ status = chlGenQuery( *genQueryInp, *genQueryOut ); // =-=-=-=-=-=-=- // if a disable was requested, repave with old value immediately if ( agent_conn_flg && dis_kw ) { chlGenQueryAccessControlSetup( rsComm->clientUser.userName, rsComm->clientUser.rodsZone, rsComm->clientAddr, rsComm->clientUser.authInfo.authFlag, old_acl_val ); } /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ if ( PrePostProcForGenQueryFlag == 1 ) { args[0] = ( char * ) malloc( 300 ); args[1] = ( char * ) malloc( 300 ); args[2] = ( char * ) malloc( 300 ); sprintf( args[0], "%ld", ( long ) genQueryInp ); sprintf( args[1], "%ld", ( long ) *genQueryOut ); sprintf( args[2], "%d", status ); argc = 3; i = applyRuleArg( "acPostProcForGenQuery", args, argc, &rei2, NO_SAVE_REI ); free( args[0] ); free( args[1] ); free( args[2] ); if ( i < 0 ) { rodsLog( LOG_ERROR, "rsGenQuery:acPostProcForGenQuery error,stat=%d", i ); if ( i != NO_MICROSERVICE_FOUND_ERR ) { return i; } } } /** RAJA ADDED June 1 2009 for pre-post processing rule hooks **/ if ( status < 0 ) { clearGenQueryOut( *genQueryOut ); free( *genQueryOut ); *genQueryOut = NULL; if ( status != CAT_NO_ROWS_FOUND ) { rodsLog( LOG_NOTICE, "_rsGenQuery: genQuery status = %d", status ); } return status; } return status; }