FeddDownload: grantnodetype.patch

File grantnodetype.patch, 3.2 KB (added by faber, 10 years ago)
  • grantnodetype

    RCS file: /usr/DETER/cvsroot/testbed/utils/grantnodetype.in,v
    retrieving revision 1.1.1.3
    diff -u -r1.1.1.3 grantnodetype.in
     
    2929# permission to use all of the types in that class, the class itself, and any
    3030# aux nodetypes for the type/class (node_types_auxtypes table).
    3131#
     32# The -R option removes the specified access and the -C option confirms that it
     33# exists (via exit code).
     34#
    3235sub usage()
    3336{
    34     print STDERR "Usage: grantnodetype [-h] -p <pid> <type>\n";
     37    print STDERR "Usage: grantnodetype [-RCh] -p <pid> <type>\n";
     38    print STDERR "      -R   Remove access\n";
     39    print STDERR "      -C   Confirm access\n";
    3540    print STDERR "      -h   This message\n";
    3641    exit(-1);
    3742}
    38 my $optlist  = "hp:dn";
     43my $optlist  = "CRhp:dn";
    3944my $impotent = 0;
    4045my $debug    = 0;
    4146my %newtypes = ();
     47my $operation = "add";
    4248my $pid;
    4349
    4450#
     
    7682# Untaint the path
    7783#
    7884$ENV{'PATH'} = "/bin:/sbin:/usr/bin:";
     85delete $ENV{'CDPATH'};
    7986
    8087#
    8188# Parse command arguments. Once we return from getopts, all that should be
     
    94101if (defined($options{d})) {
    95102    $debug = 1;
    96103}
     104if (defined($options{R})) {
     105    $operation = "remove";
     106}
     107if (defined($options{C})) {
     108    if ($operation eq "add" ) {
     109        $operation = "confirm";
     110    }
     111    else {
     112        print STDERR "Only one of -C or -R permitted\n";
     113        usage();
     114    }
     115}
    97116if (defined($options{p})) {
    98117    $pid = $options{p};
    99118}
     
    176195#
    177196# Run the queries.
    178197#
     198
     199my $confirm = 1;
    179200foreach my $newtype (keys(%newtypes)) {
    180201    print STDERR "Granting permission to use type $newtype\n"
    181202        if ($debug);
     
    197218            "    There is no '-' policy for node type $newtype! Stopping.\n");
    198219    }
    199220
    200     #
    201     # Add generic rules that say the project is allowed to use "infinite"
    202     # number of nodes of each type.
    203     #
    204     DBQueryFatal("replace into group_policies ".
    205                  "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
    206                  "values ($pid_idx, $pid_idx, '$pid', '$pid', ".
    207                  "        'type', '$newtype', 999999)")
    208         if (!$impotent);
     221    if ($operation eq "add") {
     222        #
     223        # Add generic rules that say the project is allowed to use "infinite"
     224        # number of nodes of each type.
     225        #
     226        DBQueryFatal("replace into group_policies ".
     227                     "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
     228                     "values ($pid_idx, $pid_idx, '$pid', '$pid', ".
     229                     "        'type', '$newtype', 999999)")
     230            if (!$impotent);
     231    }
     232    elsif ($operation eq 'remove') {
     233        #
     234        # Remove rules with this pid and this type
     235        #
     236        DBQueryFatal("delete from group_policies where pid='$pid' " .
     237                "and auxdata='$newtype'")
     238            if (!$impotent);
     239    }
     240    elsif ($operation eq 'confirm') {
     241        #
     242        # Confirm that all the table entries add would make are there.
     243        #
     244        if (!$impotent) {
     245            my $result  = DBQueryFatal("select pid from group_policies ".
     246                "where pid='$pid' and auxdata='$newtype'");
     247            if (!$result->num_rows) {
     248                $confirm = 0;
     249                last;
     250            }
     251        }
     252        else {
     253            next;
     254        }
     255    }
    209256}
    210257
     258exit($confirm ? 0 : 20) if ($operation eq 'confirm');
     259
    211260#
    212261# Now update the permissions table.
    213262#