/**
* \fn msiSetACL (msParam_t *recursiveFlag, msParam_t *accessLevel, msParam_t *userName, msParam_t *pathName, ruleExecInfo_t *rei)
*
* \brief This microservice changes the ACL for a given pathname,
* either a collection or a data object.
*
* \module core
*
* \since 2.3
*
*
* \note This microservice modifies the access rights on a given iRODS object or
* collection. For the collections, the modification can be recursive and the
* inheritence bit can be changed as well.
* For admin mode, add MOD_ADMIN_MODE_PREFIX to the access level string,
* e.g: msiSetACL("default", "admin:read", "rods", *path)
*
* \usage See clients/icommands/test/rules/
*
* \param[in] recursiveFlag - a STR_MS_T, either "default" or "recursive". "recursive"
* is only relevant if set with accessLevel set to "inherit".
* \param[in] accessLevel - a STR_MS_T containing one of the following:
* \li read
* \li write
* \li own
* \li inherit
* \li null
* \param[in] userName - a STR_MS_T, the user name or group name who will have ACL changed.
* \param[in] pathName - a STR_MS_T, the collection or data object that will have its ACL changed.
* \param[in,out] rei - The RuleExecInfo structure that is automatically
* handled by the rule engine. The user does not include rei as a
* parameter in the rule invocation.
*
* \DolVarDependence $userName and/or $objPath and/or $collName
* \DolVarModified none
* \iCatAttrDependence none
* \iCatAttrModified none
* \sideeffect none
*
* \return integer
* \retval 0 on success
* \pre N/A
* \post N/A
* \sa N/A
**/
int msiSetACL( msParam_t *recursiveFlag, msParam_t *accessLevel, msParam_t *userName,
msParam_t *pathName, ruleExecInfo_t *rei ) {
char *acl, *path, *recursiveFlg, *user, uname[NAME_LEN], *zone;
int recFlg, rc;
modAccessControlInp_t modAccessControlInp;
rsComm_t *rsComm = 0; // JMC cppcheck - uninit var
RE_TEST_MACRO( " Calling msiSetACL" )
/* the above line is needed for loop back testing using irule -i option */
if ( recursiveFlag == NULL || accessLevel == NULL || userName == NULL ||
pathName == NULL ) {
rodsLogAndErrorMsg( LOG_ERROR, &rsComm->rError, rei->status,
"msiSetACL: one of the input parameter is NULL" );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
recFlg = 0; /* non recursive mode */
if ( strcmp( recursiveFlag->type, STR_MS_T ) == 0 ) {
recursiveFlg = ( char * ) recursiveFlag->inOutStruct;
if ( strcmp( recursiveFlg, "recursive" ) == 0 ) {
/* recursive mode */
recFlg = 1;
}
}
else {
rodsLogAndErrorMsg( LOG_ERROR, &rsComm->rError, rei->status,
"msiSetACL: Unsupported input recursiveFlag type %i",
recursiveFlag->type );
return USER_PARAM_TYPE_ERR;
}
if ( strcmp( accessLevel->type, STR_MS_T ) == 0 ) {
acl = ( char * ) accessLevel->inOutStruct;
}
else {
rodsLogAndErrorMsg( LOG_ERROR, &rsComm->rError, rei->status,
"msiSetACL: Unsupported input accessLevel type %s",
accessLevel->type );
return USER_PARAM_TYPE_ERR;
}
if ( strcmp( userName->type, STR_MS_T ) == 0 ) {
user = ( char * ) userName->inOutStruct;
}
else {
rodsLogAndErrorMsg( LOG_ERROR, &rsComm->rError, rei->status,
"msiSetACL: Unsupported input userName type %s",
userName->type );
return USER_PARAM_TYPE_ERR;
}
if ( strcmp( pathName->type, STR_MS_T ) == 0 ) {
path = ( char * ) pathName->inOutStruct;
}
else {
rodsLogAndErrorMsg( LOG_ERROR, &rsComm->rError, rei->status,
"msiSetACL: Unsupported input pathName type %s",
pathName->type );
return USER_PARAM_TYPE_ERR;
}
rsComm = rei->rsComm;
modAccessControlInp.recursiveFlag = recFlg;
modAccessControlInp.accessLevel = acl;
if ( strchr( user, '#' ) == NULL ) {
modAccessControlInp.userName = user;
modAccessControlInp.zone = rei->uoic->rodsZone;
}
else {
zone = strchr( user, '#' ) + 1;
memset( uname, '\0', NAME_LEN );
strncpy( uname, user, strlen( user ) - strlen( zone ) - 1 );
modAccessControlInp.userName = uname;
modAccessControlInp.zone = zone;
}
modAccessControlInp.path = path;
rc = rsModAccessControl( rsComm, &modAccessControlInp );
if ( rc < 0 ) {
rodsLog( LOG_NOTICE, "msiSetACL: ACL modifications has failed for user %s on object %s, error = %i\n", user, path, rc );
}
return rc;
}
int
mountFileDir (rsComm_t *rsComm, dataObjInp_t *phyPathRegInp, char *filePath,
rescInfo_t *rescInfo)
{
collInp_t collCreateInp;
int rescTypeInx;
int status;
fileStatInp_t fileStatInp;
rodsStat_t *myStat = NULL;
rodsObjStat_t *rodsObjStatOut = NULL;
if (rsComm->clientUser.authInfo.authFlag < LOCAL_PRIV_USER_AUTH)
return(CAT_INSUFFICIENT_PRIVILEGE_LEVEL);
status = collStat (rsComm, phyPathRegInp, &rodsObjStatOut);
if (status < 0) return status;
if (rodsObjStatOut->specColl != NULL) {
freeRodsObjStat (rodsObjStatOut);
rodsLog (LOG_ERROR,
"mountFileDir: %s already mounted", phyPathRegInp->objPath);
return (SYS_MOUNT_MOUNTED_COLL_ERR);
}
freeRodsObjStat (rodsObjStatOut);
if (isCollEmpty (rsComm, phyPathRegInp->objPath) == False) {
rodsLog (LOG_ERROR,
"mountFileDir: collection %s not empty", phyPathRegInp->objPath);
return (SYS_COLLECTION_NOT_EMPTY);
}
memset (&fileStatInp, 0, sizeof (fileStatInp));
rstrcpy (fileStatInp.fileName, filePath, MAX_NAME_LEN);
rescTypeInx = rescInfo->rescTypeInx;
fileStatInp.fileType = (fileDriverType_t)RescTypeDef[rescTypeInx].driverType;
rstrcpy (fileStatInp.addr.hostAddr, rescInfo->rescLoc, NAME_LEN);
status = rsFileStat (rsComm, &fileStatInp, &myStat);
if (status < 0) {
fileMkdirInp_t fileMkdirInp;
rodsLog (LOG_NOTICE,
"mountFileDir: rsFileStat failed for %s, status = %d, create it",
fileStatInp.fileName, status);
memset (&fileMkdirInp, 0, sizeof (fileMkdirInp));
rstrcpy (fileMkdirInp.dirName, filePath, MAX_NAME_LEN);
fileMkdirInp.fileType = (fileDriverType_t)RescTypeDef[rescTypeInx].driverType;
fileMkdirInp.mode = getDefDirMode ();
rstrcpy (fileMkdirInp.addr.hostAddr, rescInfo->rescLoc, NAME_LEN);
status = rsFileMkdir (rsComm, &fileMkdirInp);
if (status < 0) {
return (status);
}
} else if ((myStat->st_mode & S_IFDIR) == 0) {
rodsLog (LOG_ERROR,
"mountFileDir: phyPath %s is not a directory",
fileStatInp.fileName);
free (myStat);
return (USER_FILE_DOES_NOT_EXIST);
}
free (myStat);
/* mk the collection */
memset (&collCreateInp, 0, sizeof (collCreateInp));
rstrcpy (collCreateInp.collName, phyPathRegInp->objPath, MAX_NAME_LEN);
addKeyVal (&collCreateInp.condInput, COLLECTION_TYPE_KW, MOUNT_POINT_STR);
addKeyVal (&collCreateInp.condInput, COLLECTION_INFO1_KW, filePath);
addKeyVal (&collCreateInp.condInput, COLLECTION_INFO2_KW,
rescInfo->rescName);
/* try to mod the coll first */
status = rsModColl (rsComm, &collCreateInp);
if (status < 0) { /* try to create it */
status = rsRegColl (rsComm, &collCreateInp);
}
if (status >= 0) {
char outLogPath[MAX_NAME_LEN];
int status1;
/* see if the phyPath is mapped into a real collection */
if (getLogPathFromPhyPath (filePath, rescInfo, outLogPath) >= 0 &&
strcmp (outLogPath, phyPathRegInp->objPath) != 0) {
/* log path not the same as input objPath */
if (isColl (rsComm, outLogPath, NULL) >= 0) {
modAccessControlInp_t modAccessControl;
/* it is a real collection. better set the collection
* to read-only mode because any modification to files
* through this mounted collection can be trouble */
bzero (&modAccessControl, sizeof (modAccessControl));
modAccessControl.accessLevel = "read";
modAccessControl.userName = rsComm->clientUser.userName;
modAccessControl.zone = rsComm->clientUser.rodsZone;
modAccessControl.path = phyPathRegInp->objPath;
status1 = rsModAccessControl(rsComm, &modAccessControl);
if (status1 < 0) {
rodsLog (LOG_NOTICE,
"mountFileDir: rsModAccessControl err for %s, stat = %d",
phyPathRegInp->objPath, status1);
}
}
}
}
return (status);
}
/**
* \fn msiDataObjAutoMove(msParam_t *inpParam1, msParam_t *inpParam2, msParam_t *inpParam3,
* msParam_t *inpParam4, msParam_t *inpParam5, ruleExecInfo_t *rei)
*
* \brief This microservice is used to automatically move the newly created file into a destination collection.
*
* \module core
*
* \since 2.2
*
* \author Bing Zhu
* \date 2009-07
*
* \note This microservice changes the ownership for the dataset(s) being moved.
*
* \usage See clients/icommands/test/rules3.0/
*
* \param[in] inpParam1 - a STR_MS_T containing the object name with path. It usually comes from query as "$objPat
* like /zone/../%" in the deployed microservice
* \param[in] inpParam2 - a STR_MS_T containing the leading collection name to be truncated
* \param[in] inpParam3 - a STR_MS_T containing the destination collection
* \param[in] inpParam4 - a STR_MS_T containing the new owner
* \param[in] inpParam5 - a STR_MS_T containing a flag for whether the checksum should be computed
\li true - default - will compute the checksum
\li false - will not compute the checksum
* \param[in,out] rei - The RuleExecInfo structure that is automatically
* handled by the rule engine. The user does not include rei as a
* parameter in the rule invocation.
*
* \DolVarDependence none
* \DolVarModified none
* \iCatAttrDependence none
* \iCatAttrModified none
* \sideeffect none
*
* \return integer
* \retval 0 upon success
* \pre none
* \post none
* \sa none
**/
int msiDataObjAutoMove( msParam_t *inpParam1, msParam_t *inpParam2, msParam_t *inpParam3,
msParam_t *inpParam4, msParam_t *inpParam5, ruleExecInfo_t *rei ) {
char *obj_path, *truct_path, *dest_coll, *new_owner;
char *new_truct_path;
char *new_obj_path;
int t;
int new_truct_path_len;
rsComm_t *rsconn;
char mdest_coll[MAX_NAME_LEN];
char query_str[2048];
genQueryInp_t genQueryInp;
genQueryOut_t *genQueryOut = NULL;
char new_obj_parent[MAX_NAME_LEN];
char obj_name[MAX_NAME_LEN];
collInp_t collCreateInp;
dataObjCopyInp_t dataObjRenameInp;
modAccessControlInp_t myModAccessCntlInp;
dataObjInp_t myDataObjInp;
char own_perm[20], null_perm[20];
char user_name[NAME_LEN], zone_name[NAME_LEN];
char *sTmpstr;
int compute_checksum = 0;
char *chksum_str = NULL;
char tmpstr[1024];
strcpy( own_perm, "own" );
strcpy( null_perm, "null" );
if ( rei == NULL || rei->rsComm == NULL ) {
rodsLog( LOG_ERROR,
"msiDataObjAutoMove: input rei or rei->rsComm is NULL" );
return ( SYS_INTERNAL_NULL_INPUT_ERR );
}
rsconn = rei->rsComm;
if ( inpParam1 == NULL ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input objpath (inpParam1) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
obj_path = ( char * )inpParam1->inOutStruct;
if ( ( obj_path == NULL ) || ( strlen( obj_path ) == 0 ) ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input objpath (inpParam1->inOutStruct) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
if ( inpParam2 == NULL ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input truct_path (inpParam2) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
truct_path = ( char * )inpParam2->inOutStruct;
if ( ( truct_path == NULL ) || ( strlen( truct_path ) == 0 ) ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input truct_path (inpParam2->inOutStruct) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
if ( inpParam3 == NULL ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input dest_coll (inpParam3) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
dest_coll = ( char * )inpParam3->inOutStruct;
if ( ( dest_coll == NULL ) || ( strlen( dest_coll ) == 0 ) ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input dest_coll (inpParam3->inOutStruct) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
if ( inpParam4 == NULL ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input new_owner (inpParam4) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
new_owner = ( char * )inpParam4->inOutStruct;
if ( new_owner != NULL ) {
if ( strlen( new_owner ) == 0 ) {
new_owner = NULL;
}
else if ( strcmp( new_owner, "null" ) == 0 ) {
new_owner = NULL;
}
}
if ( new_owner != NULL ) {
user_name[0] = '\0';
zone_name[0] = '\0';
t = parseUserName( new_owner, user_name, zone_name );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: parseUserName() failed. errStatus=%d.", t );
return t;
}
if ( strlen( zone_name ) == 0 ) {
strcpy( zone_name, rei->uoip->rodsZone );
}
}
if ( inpParam5 == NULL ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: input compute_checksum (inpParam5) is NULL." );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
sTmpstr = ( char * )inpParam5->inOutStruct;
compute_checksum = 1; /* default to true */
if ( ( sTmpstr != NULL ) && ( strlen( sTmpstr ) >= 0 ) ) {
if ( strcmp( sTmpstr, "false" ) == 0 ) {
compute_checksum = 0;
}
}
if ( compute_checksum == 1 ) {
chksum_str = NULL;
memset( &myDataObjInp, 0, sizeof( dataObjInp_t ) );
strncpy( myDataObjInp.objPath, obj_path, MAX_NAME_LEN );
addKeyVal( &myDataObjInp.condInput, VERIFY_CHKSUM_KW, "" );
sprintf( tmpstr, "%d", 0 );
addKeyVal( &myDataObjInp.condInput, REPL_NUM_KW, tmpstr );
t = rsDataObjChksum( rsconn, &myDataObjInp, &chksum_str );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: rsDataObjChksum() for '%s' failed. errStatus=%d.", obj_path, t );
return t;
}
}
if ( new_owner != NULL ) {
/* add ownership */
memset( &myModAccessCntlInp, 0, sizeof( modAccessControlInp_t ) );
myModAccessCntlInp.recursiveFlag = False;
myModAccessCntlInp.accessLevel = own_perm;
myModAccessCntlInp.userName = user_name;
myModAccessCntlInp.zone = zone_name;
myModAccessCntlInp.path = obj_path;
t = rsModAccessControl( rsconn, &myModAccessCntlInp );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: rsModAccessControl() add new owner for '%s' failed. errStatus=%d.", obj_path, t );
return t;
}
}
t = strlen( truct_path );
new_truct_path = ( char * )calloc( t + 2, sizeof( char ) );
if ( truct_path[t - 1] != '/' ) {
strcpy( new_truct_path, truct_path );
new_truct_path_len = t;
}
else {
strcpy( new_truct_path, truct_path );
new_truct_path[t] = '/';
new_truct_path[t + 1] = '\0';
new_truct_path_len = t + 1;
}
if ( strncmp( new_truct_path, obj_path, t ) != 0 ) {
/* when the object is not match, we don't move */
rodsLog( LOG_ERROR, "msiDataObjAutoMove: The object path, %s, is not in the specified collection, %s.", obj_path, new_truct_path );
return SYS_INTERNAL_NULL_INPUT_ERR;
}
t = strlen( dest_coll );
new_obj_path = ( char * )calloc( t + strlen( obj_path ), sizeof( char ) );
strcpy( mdest_coll, dest_coll );
if ( dest_coll[t - 1] == '/' ) {
mdest_coll[t - 1] = '\0';
}
sprintf( new_obj_path, "%s/%s", mdest_coll, &( obj_path[new_truct_path_len + 1] ) );
sprintf( query_str, "SELECT COLL_NAME WHERE COLL_NAME like '%s%%'", mdest_coll );
/* check if the dest_coll exists */
memset( &genQueryInp, 0, sizeof( genQueryInp_t ) );
t = fillGenQueryInpFromStrCond( query_str, &genQueryInp );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: fillGenQueryInpFromStrCond() failed. errStatus=%d", t );
free( new_obj_path ); // JMC cppcheck - leak
free( new_truct_path ); // JMC cppcheck - leak
return t;
}
genQueryInp.maxRows = MAX_SQL_ROWS;
genQueryInp.continueInx = 0;
t = rsGenQuery( rsconn, &genQueryInp, &genQueryOut );
if ( t < 0 ) {
if ( t == CAT_NO_ROWS_FOUND ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: The destination collection '%s' does not exist.", dest_coll );
}
else {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: rsGenQuery() failed. errStatus=%d", t );
}
free( new_obj_path ); // JMC cppcheck - leak
free( new_truct_path ); // JMC cppcheck - leak
return t;
}
/* separate new_obj_path with path and name */
t = splitPathByKey( new_obj_path, new_obj_parent, obj_name, '/' );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: splitPathByKey() failed for splitting '%s'. errStatus=%d.", new_obj_path, t );
free( new_obj_path ); // JMC cppcheck - leak
free( new_truct_path ); // JMC cppcheck - leak
return t;
}
/* fprintf(stderr,"msiDataObjAutoMove: newpar=%s, obj_name=%s, from=%s\n", new_obj_parent, obj_name, obj_path); */
/* create the dires in new_obj_path 'imkidr -p'*/
if ( strlen( new_obj_parent ) > strlen( mdest_coll ) ) {
memset( &collCreateInp, 0, sizeof( collCreateInp ) );
rstrcpy( collCreateInp.collName, new_obj_parent, MAX_NAME_LEN );
addKeyVal( &collCreateInp.condInput, RECURSIVE_OPR__KW, "" ); /* always have '-p' option. */
t = rsCollCreate( rsconn, &collCreateInp );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: rsCollCreate() failed for %s. errStatus=%d.", new_obj_parent, t );
free( new_obj_path ); // JMC cppcheck - leak
free( new_truct_path ); // JMC cppcheck - leak
return t;
}
}
fprintf( stderr, "new_obj_path=%s, obj_path=%s\n", new_obj_path, obj_path );
/* renamed the obj_path to new_obj_path */
memset( &dataObjRenameInp, 0, sizeof( dataObjCopyInp_t ) );
rstrcpy( dataObjRenameInp.destDataObjInp.objPath, new_obj_path, MAX_NAME_LEN );
rstrcpy( dataObjRenameInp.srcDataObjInp.objPath, obj_path, MAX_NAME_LEN );
t = rsDataObjRename( rsconn, &dataObjRenameInp );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: rsDataObjRename() failed. errStatus=%d.", t );
free( new_obj_path ); // JMC cppcheck - leak
free( new_truct_path ); // JMC cppcheck - leak
return t;
}
memset( &myModAccessCntlInp, 0, sizeof( modAccessControlInp_t ) );
myModAccessCntlInp.recursiveFlag = False;
myModAccessCntlInp.accessLevel = null_perm;
myModAccessCntlInp.userName = rei->uoic->userName;
myModAccessCntlInp.zone = zone_name;
myModAccessCntlInp.path = new_obj_path;
t = rsModAccessControl( rsconn, &myModAccessCntlInp );
if ( t < 0 ) {
rodsLog( LOG_ERROR, "msiDataObjAutoMove: rsModAccessControl() remove user for '%s' failed. errStatus=%d.", obj_path, t );
}
free( new_truct_path ); // JMC cppcheck - leak
return 0;
}
