[1971] in Moira Commits
/svn/moira r4110 - in trunk/moira: clients/moira clients/stanley clients/stella include man server
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Thu May 9 11:43:26 2013
Date: Thu, 9 May 2013 11:43:19 -0400
From: Garry Zacheiss <zacheiss@MIT.EDU>
Message-Id: <201305091543.r49FhJsS014902@drugstore.mit.edu>
To: moira-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: zacheiss
Date: 2013-05-09 11:43:17 -0400 (Thu, 09 May 2013)
New Revision: 4110
Modified:
trunk/moira/clients/moira/cluster.c
trunk/moira/clients/moira/defs.h
trunk/moira/clients/moira/f_defs.h
trunk/moira/clients/moira/menus.c
trunk/moira/clients/moira/user.c
trunk/moira/clients/stanley/stanley.c
trunk/moira/clients/stella/stella.c
trunk/moira/include/moira_site.h
trunk/moira/man/stella.1
trunk/moira/server/increment.pc
trunk/moira/server/mr_server.h
trunk/moira/server/qaccess.pc
trunk/moira/server/qsupport.pc
trunk/moira/server/queries2.c
Log:
Add new query for firewall opt-out (set_host_opt) and associated client
support.
Add new query for setting host TTL (set_host_ttl) and retrieving it
(get_host_ttl) and associated client support.
Rework host record authorization logic so Roles 'CAN SPEND OR COMMIT
FUNDS' access on associated cost object is equivalent to host ownership
for most operations.
Add new fields to machine table incrementals.
Modified: trunk/moira/clients/moira/cluster.c
===================================================================
--- trunk/moira/clients/moira/cluster.c 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/moira/cluster.c 2013-05-09 15:43:17 UTC (rev 4110)
@@ -43,6 +43,7 @@
RCSID("$HeadURL$ $Id$");
void PrintAliases(char **info);
+void PrintTTL(char **info);
static void PrintMachine(char **info);
struct mqelem *GetMCInfo(int type, char *name1, char *name2);
struct mqelem *GetMachineByOwner(char *type, char *name);
@@ -239,6 +240,19 @@
}
}
+void PrintTTL(char **info)
+{
+ char buf[256];
+
+ if (strcmp(info[0], DEFAULT_TTL))
+ {
+ sprintf(buf, "DNS TTL: %s\n", info[0]);
+ Put_message(buf);
+ }
+ else
+ Put_message("");
+}
+
/* Function Name: PrintMachInfo
* Description: This function Prints out the Machine info in
* a coherent form.
@@ -256,6 +270,7 @@
Put_message("");
sprintf(buf, "Machine: %s", info[M_NAME]);
Put_message(buf);
+
args[0] = "*";
args[1] = info[M_NAME];
if ((stat = do_mr_query("get_hostalias", 2, args, StoreInfo, &elem)))
@@ -267,10 +282,21 @@
{
Loop(QueueTop(elem), (void (*)(char **)) PrintAliases);
FreeQueue(elem);
+ elem = NULL;
Put_message(aliases);
free(aliases);
aliases = NULL;
}
+
+ args[0] = info[M_NAME];
+ if ((stat = do_mr_query("get_host_ttl", 1, args, StoreInfo, &elem)))
+ com_err(program_name, stat, " getting host TTL");
+ else
+ {
+ Loop(QueueTop(elem), (void (*)(char **)) PrintTTL);
+ FreeQueue(elem);
+ }
+
sprintf(tbuf, "%s %s", info[M_OWNER_TYPE],
strcmp(info[M_OWNER_TYPE], "NONE") ? info[M_OWNER_NAME] : "");
sprintf(buf, "Address: %-16s Network: %-16s",
@@ -1296,6 +1322,60 @@
return DM_NORMAL;
}
+int SetMachineOpt(int argc, char **argv)
+{
+ char *args[3];
+ int status;
+
+ args[0] = canonicalize_hostname(strdup(argv[1]));
+ args[1] = strdup("0");
+ args[2] = strdup("");
+
+ if (GetYesNoValueFromUser("Opt out of network firewall policy?:", &args[1]) ==
+ SUB_ERROR)
+ return DM_NORMAL;
+
+ if (!strcmp(args[1], "1"))
+ {
+ if (GetValueFromUser("Reason for opting out:", &args[2]) == SUB_ERROR)
+ return DM_NORMAL;
+ }
+
+ if ((status = do_mr_query("set_host_opt", 3, args, NULL, NULL)))
+ com_err(program_name, status, " in SetMachineOpt");
+
+ free(args[0]);
+ free(args[1]);
+ free(args[2]);
+ return DM_NORMAL;
+}
+
+int SetMachineTTL(int argc, char **argv)
+{
+ char *args[2];
+ struct mqelem *elem = NULL;
+ int status;
+
+ args[0] = canonicalize_hostname(strdup(argv[1]));
+
+ if ((status = do_mr_query("get_host_ttl", 1, args, StoreInfo, &elem)))
+ com_err(program_name, status, " in SetMachineTTL");
+
+ args[1] = strdup(((char **)elem->q_data)[0]);
+
+ if (GetValueFromUser("TTL", &args[1]) == SUB_ERROR)
+ return DM_NORMAL;
+
+ if ((status = do_mr_query("set_host_ttl", 2, args, NULL, NULL)))
+ com_err(program_name, status, " in SetMachineTTL");
+
+ FreeQueue(elem);
+ free(args[0]);
+ free(args[1]);
+
+ return DM_NORMAL;
+}
+
/* Function Name: ShowCname
* Description: This function shows machine aliases
* Arguments: argc, argv - the alias argv[1], the real name in argv[2]
Modified: trunk/moira/clients/moira/defs.h
===================================================================
--- trunk/moira/clients/moira/defs.h 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/moira/defs.h 2013-05-09 15:43:17 UTC (rev 4110)
@@ -37,6 +37,8 @@
#define DEFAULT_NO ("0")
#define DEFAULT_COMMENT ("none")
+#define DEFAULT_TTL "1800"
+
#define SUB_NORMAL 0
#define SUB_ERROR 1
@@ -50,7 +52,7 @@
/* What version of the queries are we asking for? */
-#define QUERY_VERSION 14
+#define QUERY_VERSION 15
/* This is unimplemented in the menu stuff, but would be nice. */
Modified: trunk/moira/clients/moira/f_defs.h
===================================================================
--- trunk/moira/clients/moira/f_defs.h 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/moira/f_defs.h 2013-05-09 15:43:17 UTC (rev 4110)
@@ -51,6 +51,8 @@
int AddMachine(int argc, char **argv);
int UpdateMachine(int argc, char **argv);
int DeleteMachine(int argc, char **argv);
+int SetMachineOpt(int argc, char **argv);
+int SetMachineTTL(int argc, char **argv);
int MachineToClusterMap(int argc, char **argv);
int AddMachineToCluster(int argc, char **argv);
int RemoveMachineFromCluster(int argc, char **argv);
Modified: trunk/moira/clients/moira/menus.c
===================================================================
--- trunk/moira/clients/moira/menus.c 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/moira/menus.c 2013-05-09 15:43:17 UTC (rev 4110)
@@ -534,7 +534,7 @@
NULLFUNC,
NULLFUNC,
"Machine Menu",
- 10,
+ 12,
{
{ ShowMachineInfo, NULLMENU, 2, {
{"show", "Get machine information"},
@@ -562,9 +562,17 @@
{"delete", "Delete this machine"},
{"name", "Machine's Name: "}
} },
+ { SetMachineOpt, NULLMENU, 2, {
+ {"setopt", "Set network security options for this machine"},
+ {"name", "Machine's Name: "},
+ } },
SUBMENU("cnames", "Alias names for machines", &cname_menu),
SUBMENU("mappings", "Machine To Cluster Mappings Menu", &mappings_menu),
SUBMENU("hwaddrs", "Hardware Addresses for machines", &hwaddr_menu),
+ { SetMachineTTL, NULLMENU, 2, {
+ {"setttl", "Set DNS TTL for this machine"},
+ {"name", "Machine's Name: "},
+ } },
}
};
Modified: trunk/moira/clients/moira/user.c
===================================================================
--- trunk/moira/clients/moira/user.c 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/moira/user.c 2013-05-09 15:43:17 UTC (rev 4110)
@@ -112,12 +112,14 @@
sprintf(name, "%s, %s %s", info[U_LAST], info[U_FIRST], info[U_MIDDLE]);
sprintf(buf, "Login name: %-20s Full name: %s", info[U_NAME], name);
Put_message(buf);
- sprintf(buf, "User id: %-23s Login shell: %-10s",
- info[U_UID], info[U_SHELL]);
+ sprintf(buf, "Account is %-20s", UserState(atoi(info[U_STATE])));
Put_message(buf);
- sprintf(buf, "Class: %-25s Windows Console Shell: %-10s",
- info[U_CLASS], info[U_WINCONSOLESHELL]);
+ sprintf(buf, "User id: %-23s MIT ID number: %s",
+ info[U_UID], info[U_MITID]);
Put_message(buf);
+ sprintf(buf, "Class: %-25s Affiliation: %s (%s)",
+ info[U_CLASS], info[U_AFF_DETAILED], info[U_AFF_BASIC]);
+ Put_message(buf);
sprintf(sponsor, "%s %s", info[U_SPONSOR_TYPE], info[U_SPONSOR_NAME]);
sprintf(buf, "Sponsor: %-23s Expiration date: %s", sponsor, info[U_EXPIRATION]);
Put_message(buf);
@@ -125,13 +127,12 @@
Put_message(buf);
sprintf(buf, "Alternate Phone: %s", info[U_ALT_PHONE]);
Put_message(buf);
- sprintf(buf, "Account is: %-20s MIT ID number: %s",
- UserState(atoi(info[U_STATE])), info[U_MITID]);
+ sprintf(buf, "Login shell: %-19s Windows Console shell: %s", info[U_SHELL],
+ info[U_WINCONSOLESHELL]);
Put_message(buf);
- sprintf(buf, "Windows Home Directory: %s", info[U_WINHOMEDIR]);
+ sprintf(buf, "Windows Home Directory: %-08s Windows Profile Directory: %s",
+ info[U_WINHOMEDIR], info[U_WINPROFILEDIR]);
Put_message(buf);
- sprintf(buf, "Windows Profile Directory: %s", info[U_WINPROFILEDIR]);
- Put_message(buf);
status = atoi(info[U_STATE]);
if (status == 0 || status == 2)
{
Modified: trunk/moira/clients/stanley/stanley.c
===================================================================
--- trunk/moira/clients/stanley/stanley.c 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/stanley/stanley.c 2013-05-09 15:43:17 UTC (rev 4110)
@@ -331,7 +331,7 @@
}
/* fire up Moira */
- status = mrcl_connect(server, "stanley", 14, !noauth);
+ status = mrcl_connect(server, "stanley", 15, !noauth);
if (status == MRCL_AUTH_ERROR)
{
com_err(whoami, 0, "Try the -noauth flag if you don't "
@@ -343,10 +343,10 @@
/* create if needed */
if (create_flag)
{
- char *argv[25];
+ char *argv[27];
int cnt;
- for (cnt = 0; cnt < 25; cnt++) {
+ for (cnt = 0; cnt < 27; cnt++) {
argv[cnt] = "";
}
@@ -452,8 +452,8 @@
}
else if (update_flag)
{
- char *old_argv[25];
- char *argv[25];
+ char *old_argv[27];
+ char *argv[27];
char *args[5];
args[0] = username;
@@ -636,7 +636,7 @@
if (info_flag)
{
char *args[2];
- char *argv[25];
+ char *argv[27];
args[0] = username;
status = wrap_mr_query("get_user_account_by_login", 1, args,
@@ -656,7 +656,7 @@
if (reg_flag)
{
char *args[3];
- char *argv[25];
+ char *argv[27];
args[0] = username;
status = wrap_mr_query("get_user_account_by_login", 1, args,
@@ -797,18 +797,20 @@
sprintf(tbuf, "%s, %s %s", argv[U_LAST], argv[U_FIRST], argv[U_MIDDLE]);
printf("Login name: %-20s Full name: %s\n", argv[U_NAME], tbuf);
- printf("User id: %-23s Login shell: %-10s\n", argv[U_UID], argv[U_SHELL]);
- printf("Class: %-25s Windows Console Shell: %-10s\n", argv[U_CLASS],
- argv[U_WINCONSOLESHELL]);
- printf("Account is: %-20s MIT ID number: %s\n",
- UserState(atoi(argv[U_STATE])), argv[U_MITID]);
+ printf("Account is: %-20s\n",
+ UserState(atoi(argv[U_STATE])));
+ printf("User id: %-23s MIT ID number: %s\n", argv[U_UID], argv[U_MITID]);
+ printf("Class: %-25s Affiliation: %s (%s)\n", argv[U_CLASS],
+ argv[U_AFF_DETAILED], argv[U_AFF_BASIC]);
sprintf(tbuf, "%s %s", argv[U_SPONSOR_TYPE],
strcmp(argv[U_SPONSOR_TYPE], "NONE") ? argv[U_SPONSOR_NAME] : "");
printf("Sponsor: %-23s Expiration date: %s\n", tbuf, argv[U_EXPIRATION]);
printf("Alternate Email: %s\n", argv[U_ALT_EMAIL]);
printf("Alternate Phone: %s\n", argv[U_ALT_PHONE]);
- printf("Windows Home Directory: %s\n", argv[U_WINHOMEDIR]);
- printf("Windows Profile Directory: %s\n", argv[U_WINPROFILEDIR]);
+ printf("Login shell: %-19s Windows Console shell: %s\n", argv[U_SHELL],
+ argv[U_WINCONSOLESHELL]);
+ printf("Windows Home Directory: %-08s Windows Profile Directory: %s\n",
+ argv[U_WINHOMEDIR], argv[U_WINPROFILEDIR]);
status = atoi(argv[U_STATE]);
if (status == 0 || status == 2)
{
@@ -835,6 +837,8 @@
strcmp(argv[U_SPONSOR_TYPE], "NONE") ? argv[U_SPONSOR_NAME] : "");
printf("Sponsor: %s\n", tbuf);
printf("Expiration date: %s\n", argv[U_EXPIRATION]);
+ printf("Basic Affiliation: %s\n", argv[U_AFF_BASIC]);
+ printf("Detailed Affiliation: %s\n", argv[U_AFF_DETAILED]);
printf("Alternate Email: %s\n", argv[U_ALT_EMAIL]);
printf("Alternate Phone: %s\n", argv[U_ALT_PHONE]);
printf("Login shell: %s\n", argv[U_SHELL]);
Modified: trunk/moira/clients/stella/stella.c
===================================================================
--- trunk/moira/clients/stella/stella.c 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/clients/stella/stella.c 2013-05-09 15:43:17 UTC (rev 4110)
@@ -64,6 +64,7 @@
int update_alias_flag, update_map_flag, verbose, noauth;
int list_container_flag, update_container_flag, unformatted_flag;
int list_hwaddr_flag, update_hwaddr_flag;
+int set_host_opt_flag, set_ttl_flag;
struct string_list *alias_add_queue, *alias_remove_queue;
struct string_list *map_add_queue, *map_remove_queue;
@@ -74,7 +75,7 @@
char *newname, *address, *network, *h_status, *vendor, *model;
char *os, *location, *contact, *billing_contact, *account_number;
-char *adm_cmt, *op_cmt;
+char *adm_cmt, *op_cmt, *opt, *ttl;
in_addr_t ipaddress;
struct owner_type *owner;
@@ -103,9 +104,10 @@
update_alias_flag = verbose = noauth = 0;
list_container_flag = update_container_flag = 0;
list_hwaddr_flag = update_hwaddr_flag = 0;
+ set_host_opt_flag = set_ttl_flag = 0;
newname = address = network = h_status = vendor = model = NULL;
os = location = contact = billing_contact = account_number = adm_cmt = NULL;
- op_cmt = NULL;
+ op_cmt = opt = NULL;
owner = NULL;
alias_add_queue = alias_remove_queue = NULL;
map_add_queue = map_remove_queue = NULL;
@@ -241,10 +243,10 @@
} else
usage(argv);
}
+ /* This could be for either update_host or set_host_opt * Don't set any flags and take our cues from the other * arguments we're given. */
else if (argis("oc", "opcmt")) {
if (arg - argv < argc - 1) {
arg++;
- update_flag++;
op_cmt = *arg;
} else
usage(argv);
@@ -319,6 +321,22 @@
usage(argv);
update_hwaddr_flag++;
}
+ else if (argis("oi", "optin")) {
+ set_host_opt_flag++;
+ opt = "0";
+ }
+ else if (argis("oo", "optout")) {
+ set_host_opt_flag++;
+ opt = "1";
+ }
+ else if (argis("ttl", "setttl")) {
+ if (arg - argv < argc - 1) {
+ arg++;
+ set_ttl_flag++;
+ ttl = *arg;
+ } else
+ usage(argv);
+ }
else if (argis("lhw", "listhwaddr"))
list_hwaddr_flag++;
else if (argis("u", "unformatted"))
@@ -348,17 +366,20 @@
if (hostname == NULL)
usage(argv);
+ if (op_cmt && !set_host_opt_flag)
+ update_flag++;
+
/* default to info_flag if nothing else was specified */
if(!(info_flag || update_flag || create_flag || \
delete_flag || list_map_flag || update_map_flag || \
update_alias_flag || update_container_flag || \
list_container_flag || update_hwaddr_flag || \
- list_hwaddr_flag)) {
+ list_hwaddr_flag || set_host_opt_flag || set_ttl_flag)) {
info_flag++;
}
/* fire up Moira */
- status = mrcl_connect(server, "stella", 8, !noauth);
+ status = mrcl_connect(server, "stella", 9, !noauth);
if (status == MRCL_AUTH_ERROR)
{
com_err(whoami, 0, "Try the -noauth flag if you don't "
@@ -832,6 +853,42 @@
}
}
+ if (set_host_opt_flag) {
+ char *argv[3];
+
+ /* Must specify non-null admin. comment if opting out */
+ if (atoi(opt) > 0 && !op_cmt)
+ {
+ com_err(whoami, 0, "Must specify operational comment when opting out of default network security policy");
+ exit(1);
+ }
+ else if (!op_cmt)
+ op_cmt = "";
+
+ argv[0] = canonicalize_hostname(strdup(hostname));
+ argv[1] = opt;
+ argv[2] = op_cmt;
+
+ status = wrap_mr_query("shot", 3, argv, NULL, NULL);
+ if (status) {
+ com_err(whoami, status, "while setting host network security options");
+ exit(1);
+ }
+ }
+
+ if (set_ttl_flag) {
+ char *argv[2];
+
+ argv[0] = canonicalize_hostname(strdup(hostname));
+ argv[1] = ttl;
+
+ status = wrap_mr_query("set_host_ttl", 2, argv, NULL, NULL);
+ if (status) {
+ com_err(whoami, status, "while setting host TTL");
+ exit(1);
+ }
+ }
+
if (delete_flag) {
char *argv[1];
@@ -869,7 +926,8 @@
"-c | -contact contact");
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-ac | -admcmt adm_cmt",
"-bc | -billingcontact billing_contact");
- fprintf(stderr, USAGE_OPTIONS_FORMAT, "-an | -accountnumber account_number", "-A | -address address");
+ fprintf(stderr, USAGE_OPTIONS_FORMAT, "-an | -accountnumber account_number",
+ "-A | -address address");
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-N | -network network",
"-am | -addmap cluster");
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-dm | deletemap cluster",
@@ -883,7 +941,10 @@
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-ahw | -addhwaddr hwaddr",
"-dhw | -delhwaddr hwaddr");
fprintf(stderr, USAGE_OPTIONS_FORMAT, "-lhw | -listhwaddr",
- "-db | -database host[:port]");
+ "-oi | -optin");
+ fprintf(stderr, USAGE_OPTIONS_FORMAT, "-oo | -optout",
+ "-ttl | -setttl ttl");
+ fprintf(stderr, " %-39s\n", "-db | -database host[:port]");
exit(1);
}
@@ -911,6 +972,26 @@
return MR_CONT;
}
+/* Show TTL if not default */
+
+#define DEFAULT_TTL "1800"
+
+int show_ttl(int argc, char **argv, void *hint)
+{
+ if (strcmp(argv[0], DEFAULT_TTL))
+ printf("DNS TTL: %s\n\n", argv[0]);
+
+ return MR_CONT;
+}
+
+int show_ttl_unformatted(int argc, char **argv, void *hint)
+{
+ if (strcmp(argv[0], DEFAULT_TTL))
+ printf("DNS TTL: %s\n", argv[0]);
+
+ return MR_CONT;
+}
+
static char *states[] = {
"Reserved (0)",
"Active (1)",
@@ -953,6 +1034,7 @@
printf("Machine: %s\n", argv[M_NAME]);
args[0] = "*";
args[1] = argv[M_NAME];
+
show_has_aliases = 0;
stat = wrap_mr_query("get_hostalias", 2, args, show_alias_info, &elem);
printf("\n");
@@ -962,6 +1044,15 @@
} else {
printf("\n");
}
+
+ args[0] = argv[M_NAME];
+
+ stat = wrap_mr_query("get_host_ttl", 1, args, show_ttl, &elem);
+ if (stat) {
+ if (stat != MR_NO_MATCH)
+ com_err(whoami, stat, "while getting host TTL");
+ }
+
sprintf(tbuf, "%s %s", argv[M_OWNER_TYPE],
strcmp(argv[M_OWNER_TYPE], "NONE") ? argv[M_OWNER_NAME] : "");
printf("Address: %-16s Network: %-16s\n",
@@ -992,6 +1083,7 @@
int stat;
printf("Machine: %s\n", argv[M_NAME]);
+
args[0] = "*";
args[1] = argv[M_NAME];
show_has_aliases = 0;
@@ -1001,6 +1093,13 @@
com_err(whoami, stat, "while getting aliases");
else
printf("\n");
+
+ args[0] = argv[M_NAME];
+ stat = wrap_mr_query("get_host_ttl", 1, args, show_ttl_unformatted,
+ &elem);
+ if (stat && stat != MR_NO_MATCH)
+ com_err(whoami, stat, "while getting host TTL");
+
printf("Address: %s\n", argv[M_ADDR]);
printf("Network: %s\n", argv[M_SUBNET]);
printf("Owner Type: %s\n", argv[M_OWNER_TYPE]);
Modified: trunk/moira/include/moira_site.h
===================================================================
--- trunk/moira/include/moira_site.h 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/include/moira_site.h 2013-05-09 15:43:17 UTC (rev 4110)
@@ -383,12 +383,14 @@
#define U_EXPIRATION 17
#define U_ALT_EMAIL 18
#define U_ALT_PHONE 19
-#define U_MODTIME 20
-#define U_MODBY 21
-#define U_MODWITH 22
-#define U_CREATED 23
-#define U_CREATOR 24
-#define U_END 25
+#define U_AFF_BASIC 20
+#define U_AFF_DETAILED 21
+#define U_MODTIME 22
+#define U_MODBY 23
+#define U_MODWITH 24
+#define U_CREATED 25
+#define U_CREATOR 26
+#define U_END 27
/* User states (the value of argv[U_STATE] from a user query) */
Modified: trunk/moira/man/stella.1
===================================================================
--- trunk/moira/man/stella.1 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/man/stella.1 2013-05-09 15:43:17 UTC (rev 4110)
@@ -93,7 +93,15 @@
.B Stella
will try first as a user, and if that fails will try the member as a
list.
-
+.IP \fB-optin\ \fRor\ \fB-oi\fR
+Enable the network firewall policy for the specified host. Using this
+option will clear the associated operational comment for the host.
+.IP \fB-optout\ \fRor\ \fB-oo\fR
+Disable the network firewall policy for the specified host.
+When this option is given, \fB-opcmt\ \fIop_cmt\ \fR must also be specified
+with the reason for the opt-out.
+.IP \fB-ttl\ \fIttl\ \fRor\ \fB-setttl\ \fIttl\fR
+Set the DNS TTL for the specified host to \fIttl\fR.
.IP \fB-unformatted\ \fRor\ \fB-u\fR
Display host information with each field on a seperate line, in the
form "fieldname: value".
Modified: trunk/moira/server/increment.pc
===================================================================
--- trunk/moira/server/increment.pc 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/server/increment.pc 2013-05-09 15:43:17 UTC (rev 4110)
@@ -104,11 +104,12 @@
break;
case MACHINE_TABLE:
sprintf(stmt_buf, "SELECT m.name, m.mach_id, m.vendor, m.model, m.os, m.location, "
- "m.contact, m.billing_contact, m.account_number, m.status, m.address,"
- "m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id FROM machine m "
+ "m.contact, m.billing_contact, m.account_number, m.status, m.address, "
+ "m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id, m.use, "
+ "TO_CHAR(m.inuse, 'DD-mon-YYYY'), m.ttl FROM machine m "
"WHERE %s", qual);
dosql(before);
- beforec = 16;
+ beforec = 19;
name = xmalloc(0);
id = atoi(before[12]);
if (!strncmp(before[11], "USER", 4))
@@ -146,7 +147,9 @@
case HWADDRMAP_TABLE:
strcpy(before[0], argv[0]);
strcpy(before[1], argv[1]);
- beforec = 2;
+ name_to_id(before[1], MACHINE_TABLE, &id);
+ sprintf(before[2], "%d", id);
+ beforec = 3;
break;
case CLUSTERS_TABLE:
sprintf(stmt_buf, "SELECT c.name, c.description, c.location, "
@@ -328,11 +331,12 @@
break;
case MACHINE_TABLE:
sprintf(stmt_buf, "SELECT m.name, m.mach_id, m.vendor, m.model, m.os, m.location, "
- "m.contact, m.billing_contact, m.account_number, m.status, m.address,"
- "m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id FROM machine m "
+ "m.contact, m.billing_contact, m.account_number, m.status, m.address, "
+ "m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id, m.use, "
+ "TO_CHAR(m.inuse, 'DD-mon-YYYY'), m.ttl FROM machine m "
"WHERE %s", qual);
dosql(after);
- afterc = 16;
+ afterc = 19;
name = xmalloc(0);
id = atoi(after[12]);
if (!strncmp(after[11], "USER", 4))
@@ -370,7 +374,9 @@
case HWADDRMAP_TABLE:
strcpy(after[0], argv[0]);
strcpy(after[1], argv[1]);
- afterc = 2;
+ name_to_id(after[1], MACHINE_TABLE, &id);
+ sprintf(after[2], "%d", id);
+ afterc = 3;
break;
case CLUSTERS_TABLE:
sprintf(stmt_buf, "SELECT c.name, c.description, c.location, "
Modified: trunk/moira/server/mr_server.h
===================================================================
--- trunk/moira/server/mr_server.h 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/server/mr_server.h 2013-05-09 15:43:17 UTC (rev 4110)
@@ -12,6 +12,7 @@
#include <netinet/in.h>
+#include <stdio.h>
#include <stdarg.h>
#ifdef HAVE_KRB4
@@ -60,7 +61,7 @@
/* max length of query argument allowed */
#define ARGLEN 257
/* Used to setup static argv, maximum argc */
-#define QMAXARGS 25
+#define QMAXARGS 30
/* statistics on number of queries by version number */
extern int newqueries;
@@ -159,8 +160,10 @@
int access_qgli(struct query *q, char *argv[], client *cl);
int access_service(struct query *q, char *argv[], client *cl);
int access_filesys(struct query *q, char *argv[], client *cl);
+int access_shot(struct query *q, char *argv[], client *cl);
int access_host(struct query *q, char *argv[], client *cl);
int access_ahal(struct query *q, char *argv[], client *cl);
+int access_hwaddr(struct query *q, char *argv[], client *cl);
int access_snt(struct query *q, char *argv[], client *cl);
int access_printer(struct query *q, char *argv[], client *cl);
int access_zephyr(struct query *q, char *argv[], client *cl);
@@ -168,6 +171,8 @@
int access_update_user(struct query *q, char *argv[], client *cl);
int check_mail_string(char *mailstring);
struct mxentry *getmxrecords(const char *);
+int check_roles_authorization(char *login, char *function_name,
+ char *qualifier_code);
/* prototypes from qfollow.pc */
int followup_fix_modby(struct query *q, struct save_queue *sq,
Modified: trunk/moira/server/qaccess.pc
===================================================================
--- trunk/moira/server/qaccess.pc 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/server/qaccess.pc 2013-05-09 15:43:17 UTC (rev 4110)
@@ -131,7 +131,7 @@
if (q->argc != 1)
return MR_ARGS;
- if (!strcmp(q->shortname, "gual"))
+ if (!strcmp(q->shortname, "gual") || !strcmp(q->shortname, "gura"))
{
EXEC SQL SELECT users_id INTO :id FROM users
WHERE login = :argv[0] AND users_id != 0;
@@ -528,7 +528,78 @@
return MR_PERM;
}
+/* access_shot - successful if:
+ * - opt is 0 or 1.
+ * - user is owner of subnet containing host.
+ * - user is owner of host and network isn't RESERVED / INFRASTRUCTURE.
+ * - user has 'CAN SPEND OR COMMIT FUNDS' for host cost object and
+ * affiliation is one of student, faculty, or research staff.
+ */
+int access_shot(struct query *q, char *argv[], client *cl)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ int mid, sid, status;
+ char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
+ char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
+ char login[USERS_LOGIN_SIZE], affiliation[USERS_AFFILIATION_DETAILED_SIZE];
+ EXEC SQL END DECLARE SECTION;
+ int id;
+ char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
+ id = *(int *)argv[0];
+
+ /* opt must be zero or one for non-query owner */
+ if (atoi(argv[1]) != 0 && atoi(argv[1]) != 1)
+ return MR_PERM;
+
+ EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type,
+ s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid, :status
+ FROM machine m, subnet s WHERE m.mach_id = :id AND m.snet_id = s.snet_id;
+
+ /* subnet owner? */
+ if (find_member(stype, sid, cl))
+ return MR_SUCCESS;
+
+ /* If we're not the subnet owner, don't allow this for certain types of networks */
+ if (status == SNET_STATUS_RESERVED || status == SNET_STATUS_INFRASTRUCTURE)
+ return MR_PERM;
+
+ /* host owner? */
+ if (find_member(mtype, mid, cl))
+ return MR_SUCCESS;
+
+ /* If we've gotten this far, you must be student/faculty/research staff. */
+ EXEC SQL SELECT u.login, u.affiliation_detailed INTO :login, :affiliation
+ FROM USERS u WHERE u.users_id = :cl->users_id;
+
+ if (strcmp(strtrim(affiliation), "Faculty") &&
+ strcmp(strtrim(affiliation), "Undergraduate Student") &&
+ strcmp(strtrim(affiliation), "Graduate Student") &&
+ strcmp(strtrim(affiliation), "Sponsored Research Staff") &&
+ strcmp(strtrim(affiliation), "Other Academic Group"))
+ return MR_PERM;
+
+ /* Need to check all possible cost object types in Roles */
+ sprintf(roles_qualifier, "F%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "C%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "I%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "P%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ /* Default case */
+ return MR_PERM;
+}
+
/* access_host - successful if owner of host, or subnet containing host
*/
@@ -537,7 +608,6 @@
EXEC SQL BEGIN DECLARE SECTION;
int mid, sid, id, subnet_status;
char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
- char *account_number;
EXEC SQL END DECLARE SECTION;
int status, idx;
@@ -550,7 +620,7 @@
if (q->type == MR_Q_APPEND)
{
- /* Non-query owner must set use to zero */
+ /* Non-query owner must set use to zero. is ignored anyway */
if (atoi(argv[6 + idx]) != 0)
return MR_PERM;
@@ -569,9 +639,8 @@
{
if (subnet_status == SNET_STATUS_BILLABLE)
{
- account_number = argv[7];
EXEC SQL SELECT account_number FROM accountnumbers
- WHERE account_number = :account_number;
+ WHERE account_number = :argv[7];
if (sqlca.sqlcode == SQL_NO_MATCH)
return MR_ACCOUNT_NUMBER;
}
@@ -589,13 +658,17 @@
char contact[MACHINE_CONTACT_SIZE], address[MACHINE_ADDRESS_SIZE];
char name[MACHINE_NAME_SIZE];
char billing_contact[MACHINE_BILLING_CONTACT_SIZE];
+ char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
+ char login[USERS_LOGIN_SIZE];
EXEC SQL END DECLARE SECTION;
+ int is_machine_owner = 0;
+ char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
id = *(int *)argv[0];
- EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.status,
- m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
+ EXEC SQL SELECT m.name, m.use, m.contact, m.billing_contact, m.account_number,
+ m.status, m.address, m.owner_type, m.owner_id, m.acomment, m.ocomment, m.snet_id,
s.owner_type, s.owner_id, s.status INTO :name, :use, :contact,
- :billing_contact, :status, :address, :mtype, :mid, :acomment,
+ :billing_contact, :account_number, :status, :address, :mtype, :mid, :acomment,
:ocomment, :snid, :stype, :sid, :subnet_status
FROM machine m, subnet s
WHERE m.mach_id = :id AND s.snet_id = m.snet_id;
@@ -608,9 +681,8 @@
if ((subnet_status == SNET_STATUS_BILLABLE) &&
(atoi(argv[10]) != 3))
{
- account_number = argv[8];
EXEC SQL SELECT account_number FROM accountnumbers
- WHERE account_number = :account_number;
+ WHERE account_number = :argv[8];
if (sqlca.sqlcode == SQL_NO_MATCH)
return MR_ACCOUNT_NUMBER;
}
@@ -624,43 +696,78 @@
if (isdigit(argv[1][0]) && strcmp(strtrim(name), argv[1]))
return MR_BAD_CHAR;
- if (!find_member(stype, sid, cl))
+ if (find_member(stype, sid, cl))
{
- if (find_member(mtype, mid, cl))
+ /* If moving to a new subnet, make sure user is on acl there */
+ id = *(int *)argv[9 + idx];
+ if (id != snid)
{
- /* host owner also cannot change contact, status, address,
- owner, or acomment */
- if (strcmp(argv[6], strtrim(contact)) ||
- (status != atoi(argv[8 + idx])) ||
- strcmp(argv[10 + idx], strtrim(address)) ||
- strcmp(argv[11 + idx], strtrim(mtype)) ||
- (mid != *(int *)argv[12 + idx]) ||
- (acomment != *(int *)argv[13 + idx]))
+ EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid
+ FROM subnet WHERE snet_id=:id;
+ if (!find_member(stype, sid, cl))
return MR_PERM;
- /* Billing contact field didn't appear until version 6 */
- if (q->version >= 6)
- if (strcmp(argv[7], strtrim(billing_contact)))
- return MR_PERM;
}
- else
- return MR_PERM;
+
+ return MR_SUCCESS;
}
- /* If moving to a new subnet, make sure user is on acl there */
- id = *(int *)argv[9 + idx];
- if (id != snid)
+ /* Check host owner */
+ if (find_member(mtype, mid, cl))
+ is_machine_owner = 1;
+ /* Check roles permissions, don't let them work for reserved and infrastructure networks */
+ else if (subnet_status != SNET_STATUS_RESERVED && subnet_status != SNET_STATUS_INFRASTRUCTURE)
{
- EXEC SQL SELECT owner_type, owner_id INTO :stype, :sid
- FROM subnet WHERE snet_id=:id;
- if (!find_member(stype, sid, cl))
- return MR_PERM;
+ EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id;
+
+ /* Need to check all possible cost object types in Roles */
+ sprintf(roles_qualifier, "F%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ is_machine_owner = 1;
+
+ if (!is_machine_owner)
+ {
+ sprintf(roles_qualifier, "C%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ is_machine_owner = 1;
+ }
+
+ if (!is_machine_owner)
+ {
+ sprintf(roles_qualifier, "I%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ is_machine_owner = 1;
+ }
+
+ if (!is_machine_owner)
+ {
+ sprintf(roles_qualifier, "P%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ is_machine_owner = 1;
+ }
}
+ if (!is_machine_owner)
+ return MR_PERM;
+
+ /* host owner also cannot change contact, status, subnet, address, owner, or acomment */
+ if (strcmp(argv[6], strtrim(contact)) ||
+ (status != atoi(argv[8 + idx])) ||
+ (snid != *(int *)argv[9 + idx]) ||
+ strcmp(argv[10 + idx], strtrim(address)) ||
+ strcmp(argv[11 + idx], strtrim(mtype)) ||
+ (mid != *(int *)argv[12 + idx]) ||
+ (acomment != *(int *)argv[13 + idx]))
+ return MR_PERM;
+
+ /* Billing contact field didn't appear until version 6 */
+ if (q->version >= 6)
+ if (strcmp(argv[7], strtrim(billing_contact)))
+ return MR_PERM;
+
return MR_SUCCESS;
}
}
-
/* access_ahal - check for adding a host alias.
* successful if host has less then 2 aliases and (client is owner of
* host or subnet).
@@ -670,10 +777,13 @@
int access_ahal(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int cnt, id, mid, sid;
+ int cnt, id, mid, sid, subnet_status;
char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
+ char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
+ char login[USERS_LOGIN_SIZE];
EXEC SQL END DECLARE SECTION;
int status;
+ char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
if (q->type == MR_Q_RETRIEVE)
return MR_SUCCESS;
@@ -692,20 +802,109 @@
*/
if (q->type == MR_Q_APPEND && cnt >= 2)
return MR_PERM;
- EXEC SQL SELECT m.owner_type, m.owner_id, s.owner_type, s.owner_id
- INTO :mtype, :mid, :stype, :sid FROM machine m, subnet s
- WHERE m.mach_id = :id and s.snet_id = m.snet_id;
+
+ EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type,
+ s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid,
+ :subnet_status FROM machine m, subnet s WHERE m.mach_id = :id and s.snet_id = m.snet_id;
+
status = find_member(mtype, mid, cl);
if (status)
return MR_SUCCESS;
+
status = find_member(stype, sid, cl);
if (status)
return MR_SUCCESS;
- else
+
+ /* If you're only a Roles owner, punt for network reserved / infrastructure */
+ if (subnet_status == SNET_STATUS_RESERVED || subnet_status == SNET_STATUS_INFRASTRUCTURE)
return MR_PERM;
+
+ EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id;
+
+ /* Need to check all possible cost object types in Roles */
+ sprintf(roles_qualifier, "F%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "C%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "I%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "P%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ return MR_PERM;
}
+/* Same logic as access_ahal, for different table */
+int access_hwaddr(struct query *q, char *argv[], client *cl)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ int cnt, id, mid, sid, subnet_status;
+ char mtype[MACHINE_OWNER_TYPE_SIZE], stype[SUBNET_OWNER_TYPE_SIZE];
+ char account_number[MACHINE_ACCOUNT_NUMBER_SIZE];
+ char login[USERS_LOGIN_SIZE];
+ EXEC SQL END DECLARE SECTION;
+ int status;
+ char roles_qualifier[MACHINE_ACCOUNT_NUMBER_SIZE + 1];
+
+ id = *(int *)argv[0];
+
+ EXEC SQL SELECT count(name) INTO :cnt from hwaddrmap WHERE mach_id = :id;
+ if (dbms_errno)
+ return mr_errcode;
+
+ /* if the type is MR_Q_APPEND, this is ahha and we need to make sure
+ * there will be no more than 2 hwaddrs. If it's not, it must be
+ * dhha and any owner will do.
+ */
+ if (q->type == MR_Q_APPEND && cnt >= 2)
+ return MR_PERM;
+
+ EXEC SQL SELECT m.owner_type, m.owner_id, m.account_number, s.owner_type,
+ s.owner_id, s.status INTO :mtype, :mid, :account_number, :stype, :sid,
+ :subnet_status FROM machine m, subnet s WHERE m.mach_id = :id and s.snet_id = m.snet_id;
+
+ status = find_member(mtype, mid, cl);
+ if (status)
+ return MR_SUCCESS;
+
+ status = find_member(stype, sid, cl);
+ if (status)
+ return MR_SUCCESS;
+
+ /* If you're only a Roles owner, punt for network reserved / infrastructure */
+ if (subnet_status == SNET_STATUS_RESERVED || subnet_status == SNET_STATUS_INFRASTRUCTURE)
+ return MR_PERM;
+
+ EXEC SQL SELECT u.login INTO :login FROM users u WHERE u.users_id = :cl->users_id;
+
+ /* Need to check all possible cost object types in Roles */
+ sprintf(roles_qualifier, "F%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "C%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "I%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ sprintf(roles_qualifier, "P%s", strtrim(account_number));
+ if (check_roles_authorization(strtrim(login), "CAN SPEND OR COMMIT FUNDS", roles_qualifier) == MR_SUCCESS)
+ return MR_SUCCESS;
+
+ return MR_PERM;
+}
+
/* access_snt - check for retrieving network structure
*/
@@ -1021,3 +1220,42 @@
pmx[ind].pref = -1;
return(pmx);
}
+
+/* Based heavily on Roles PL/SQL function ROLESAPI_IS_USER_AUTHORIZED */
+int check_roles_authorization(char *login, char *function_name,
+ char *qualifier_code)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ int rowcount;
+ EXEC SQL END DECLARE SECTION;
+
+ /* Check for direct authorization */
+ EXEC SQL SELECT COUNT(*) INTO :rowcount FROM roles_authorization
+ WHERE kerberos_name = UPPER(:login)
+ AND function_name = :function_name
+ AND qualifier_code = :qualifier_code
+ AND do_function = 'Y'
+ AND effective_date <= SYSDATE
+ AND (SYSDATE <= expiration_date OR expiration_date is NULL);
+
+ if (rowcount > 0)
+ return MR_SUCCESS;
+
+ /* Check for indirect authorization */
+ EXEC SQL SELECT COUNT(*) INTO :rowcount FROM roles_authorization
+ WHERE kerberos_name = UPPER(:login)
+ AND function_name = :function_name
+ AND do_function = 'Y' AND descend = 'Y'
+ AND effective_date <= SYSDATE
+ AND (SYSDATE <= expiration_date OR expiration_date is NULL)
+ AND qualifier_id IN (SELECT parent_id FROM roles_qualifier_descendent
+ WHERE child_id = (SELECT qualifier_id FROM roles_qualifier
+ WHERE qualifier_code = :qualifier_code AND qualifier_type =
+ (SELECT qualifier_type FROM roles_function WHERE function_name = :function_name)));
+
+ if (rowcount > 0)
+ return MR_SUCCESS;
+
+ return MR_PERM;
+}
+
Modified: trunk/moira/server/qsupport.pc
===================================================================
--- trunk/moira/server/qsupport.pc 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/server/qsupport.pc 2013-05-09 15:43:17 UTC (rev 4110)
@@ -991,7 +991,34 @@
found++;
}
EXEC SQL CLOSE csr115b;
-
+
+ if (!strcmp(type, "USER"))
+ {
+ /* Check for permissions granted via Roles */
+ EXEC SQL DECLARE csr115c CURSOR FOR
+ SELECT m.name FROM machine m, subnet s
+ WHERE m.account_number IN (SELECT SUBSTR(ra.qualifier_code, 2)
+ FROM roles_authorization ra, users u WHERE ra.kerberos_name = UPPER(u.login)
+ AND u.users_id = :id AND ra.function_name = 'CAN SPEND OR COMMIT FUNDS'
+ AND ra.do_function = 'Y' AND ra.effective_date <= SYSDATE
+ AND (SYSDATE <= ra.expiration_date OR ra.expiration_date IS NULL))
+ AND m.snet_id = s.snet_id AND (s.status != 0 AND s.status != 6);
+ if (dbms_errno)
+ return mr_errcode;
+ EXEC SQL OPEN csr115c;
+ if (dbms_errno)
+ return mr_errcode;
+ while (1)
+ {
+ EXEC SQL FETCH csr115c INTO :name;
+ if (sqlca.sqlcode)
+ break;
+ (*action)(1, rargv, actarg);
+ found++;
+ }
+ EXEC SQL CLOSE csr115c;
+ }
+
if (!found)
return MR_NO_MATCH;
return MR_SUCCESS;
@@ -1005,8 +1032,10 @@
EXEC SQL BEGIN DECLARE SECTION;
char *atype;
long aid, listid, id;
+ char name[MACHINE_NAME_SIZE];
EXEC SQL END DECLARE SECTION;
struct save_queue *sq;
+ char *rargv[1];
atype = argv[0];
aid = *(int *)argv[1];
@@ -1069,6 +1098,35 @@
}
if (ghbo_internal("USER", aid, action, actarg) == MR_SUCCESS)
found++;
+
+ /* Check for implied permissions from Roles */
+ rargv[0] = name;
+
+ EXEC SQL DECLARE csr108r CURSOR FOR
+ SELECT m.name FROM machine m, subnet s WHERE m.account_number IN
+ (SELECT SUBSTR(qualifier_code, 2) FROM roles_qualifier WHERE qualifier_id IN
+ (SELECT child_id FROM roles_qualifier_descendent WHERE parent_id IN
+ (SELECT qualifier_id FROM roles_authorization ra, users u
+ WHERE ra.kerberos_name = UPPER(u.login) AND u.users_id = :aid
+ AND ra.do_function = 'Y' AND ra.descend = 'Y' AND ra.effective_date <= SYSDATE
+ AND (SYSDATE <= ra.expiration_date OR ra.expiration_date IS NULL)))
+ AND qualifier_type = (SELECT qualifier_type FROM roles_function
+ WHERE function_name = 'CAN SPEND OR COMMIT FUNDS'))
+ AND m.snet_id = s.snet_id AND (s.status != 0 AND s.status != 6);
+ if (dbms_errno)
+ return mr_errcode;
+ EXEC SQL OPEN csr108r;
+ if (dbms_errno)
+ return mr_errcode;
+ while (1)
+ {
+ EXEC SQL FETCH csr108r INTO :name;
+ if (sqlca.sqlcode)
+ break;
+ (*action)(1, rargv, actarg);
+ found++;
+ }
+ EXEC SQL CLOSE csr108r;
}
if (!strcmp(atype, "RKERBEROS"))
Modified: trunk/moira/server/queries2.c
===================================================================
--- trunk/moira/server/queries2.c 2013-05-09 15:40:36 UTC (rev 4109)
+++ trunk/moira/server/queries2.c 2013-05-09 15:43:17 UTC (rev 4110)
@@ -111,7 +111,7 @@
"modtime", "modby", "modwith", "created", "creator",
};
-static char *gual_fields[] = {
+static char *gual14_fields[] = {
"login",
"login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
"status", "clearid", "class", "comments", "signature", "secure",
@@ -119,6 +119,15 @@
"alternate_email", "alternate_phone", "modtime", "modby", "modwith", "created", "creator",
};
+static char *gual_fields[] = {
+ "login",
+ "login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
+ "status", "clearid", "class", "comments", "signature", "secure",
+ "winhomedir", "winprofiledir", "sponsor_type", "sponsor_name", "expiration",
+ "alternate_email", "alternate_phone", "affiliation_basic", "affiliation_detailed",
+ "modtime", "modby", "modwith", "created", "creator",
+};
+
static char *gubl2_fields[] = {
"login",
"login", "unix_uid", "shell", "last", "first", "middle", "status",
@@ -158,6 +167,24 @@
followup_get_user,
};
+static char *gura_fields[] = {
+ "login",
+ "login", "function_category", "function_name", "qualifier_code", "do_function", "grant",
+};
+
+static struct validate gura_validate =
+{
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ access_login,
+ 0,
+ 0,
+};
+
static char *guau2_fields[] = {
"unix_uid",
"login", "unix_uid", "shell", "last", "first", "middle", "status",
@@ -188,7 +215,7 @@
"modtime", "modby", "modwith", "created", "creator",
};
-static char *guau_fields[] = {
+static char *guau14_fields[] = {
"unix_uid",
"login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
"status", "clearid", "class", "comments", "signature", "secure",
@@ -196,6 +223,15 @@
"alternate_email", "alternate_phone", "modtime", "modby", "modwith", "created", "creator",
};
+static char *guau_fields[] = {
+ "unix_uid",
+ "login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
+ "status", "clearid", "class", "comments", "signature", "secure",
+ "winhomedir", "winprofiledir", "sponsor_type", "sponsor_name", "expiration",
+ "alternate_email", "alternate_phone", "affiliation_basic", "affiliation_detailed",
+ "modtime", "modby", "modwith", "created", "creator",
+};
+
static char *guan2_fields[] = {
"first", "last",
"login", "unix_uid", "shell", "last", "first", "middle", "status",
@@ -226,7 +262,7 @@
"modtime", "modby", "modwith", "created", "creator",
};
-static char *guan_fields[] = {
+static char *guan14_fields[] = {
"first", "last",
"login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
"status", "clearid", "class", "comments", "signature", "secure",
@@ -234,6 +270,15 @@
"alternate_email", "alternate_phone", "modtime", "modby", "modwith", "created", "creator",
};
+static char *guan_fields[] = {
+ "first", "last",
+ "login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
+ "status", "clearid", "class", "comments", "signature", "secure",
+ "winhomedir", "winprofiledir", "sponsor_type", "sponsor_name", "expiration",
+ "alternate_email", "alternate_phone", "affiliation_basic", "affiliation_detailed",
+ "modtime", "modby", "modwith", "created", "creator",
+};
+
static struct validate guan2_validate =
{
0,
@@ -290,7 +335,7 @@
"modtime", "modby", "modwith", "created", "creator",
};
-static char *guac_fields[] = {
+static char *guac14_fields[] = {
"class",
"login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
"status", "clearid", "class", "comments", "signature", "secure",
@@ -298,6 +343,15 @@
"alternate_email", "alternate_phone", "modtime", "modby", "modwith", "created", "creator",
};
+static char *guac_fields[] = {
+ "class",
+ "login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
+ "status", "clearid", "class", "comments", "signature", "secure",
+ "winhomedir", "winprofiledir", "sponsor_type", "sponsor_name", "expiration",
+ "alternate_email", "alternate_phone", "affiliation_basic", "affiliation_detailed",
+ "modtime", "modby", "modwith", "created", "creator",
+};
+
static char *guam2_fields[] = {
"clearid",
"login", "unix_uid", "shell", "last", "first", "middle", "status",
@@ -328,7 +382,7 @@
"modtime", "modby", "modwith", "created", "creator",
};
-static char *guam_fields[] = {
+static char *guam14_fields[] = {
"clearid",
"login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
"status", "clearid", "class", "comments", "signature", "secure",
@@ -336,6 +390,15 @@
"alternate_email", "alternate_phone", "modtime", "modby", "modwith", "created", "creator",
};
+static char *guam_fields[] = {
+ "clearid",
+ "login", "unix_uid", "shell", "winconsoleshell", "last", "first", "middle",
+ "status", "clearid", "class", "comments", "signature", "secure",
+ "winhomedir", "winprofiledir", "sponsor_type", "sponsor_name", "expiration",
+ "alternate_email", "alternate_phone", "affiliation_basic", "affiliation_detailed",
+ "modtime", "modby", "modwith", "created", "creator",
+};
+
static char *guas_fields[] = {
"sponsor_type", "sponsor_name",
"login",
@@ -1575,6 +1638,55 @@
set_modtime_by_id,
};
+static char *shot_fields[] = {
+ "name",
+ "use", "ops_comment",
+};
+
+static struct valobj shot_valobj[] = {
+ {V_ID, 0, MACHINE_TABLE, "name", "mach_id", MR_MACHINE},
+ {V_NUM, 1},
+ {V_ID, 2, STRINGS_TABLE, "string", "string_id", MR_NO_MATCH},
+};
+
+static struct validate shot_validate = {
+ shot_valobj,
+ 3,
+ 0,
+ 0,
+ 0,
+ "mach_id",
+ access_shot,
+ 0,
+ set_modtime_by_id,
+};
+
+static char *sttl_fields[] = {
+ "name", "ttl",
+};
+
+static struct valobj sttl_valobj[] = {
+ {V_ID, 0, MACHINE_TABLE, "name", "mach_id", MR_MACHINE},
+ {V_NUM, 1},
+};
+
+static struct validate sttl_validate = {
+ sttl_valobj,
+ 2,
+ 0,
+ 0,
+ 0,
+ "mach_id",
+ 0,
+ 0,
+ set_modtime_by_id,
+};
+
+static char *gttl_fields[] = {
+ "name",
+ "ttl",
+};
+
static char *ahha_fields[] = {
"name", "hwaddr",
};
@@ -1591,7 +1703,7 @@
0,
0,
"mach_id",
- 0,
+ access_hwaddr,
setup_ahha,
set_mach_modtime_by_id,
};
@@ -1612,8 +1724,8 @@
0,
0,
"mach_id",
+ access_hwaddr,
0,
- 0,
set_mach_modtime_by_id,
};
@@ -4340,6 +4452,24 @@
},
{
+ /* Q_GURA - GET_USER_ROLES_AUTHORIZATIONS */
+ "get_user_roles_authorizations",
+ "gura",
+ 1,
+ MR_Q_RETRIEVE,
+ "ra",
+ /* We don't own the schema for this table */
+ NO_TABLE,
+ "LOWER(ra.kerberos_name), ra.function_category, NVL(ra.function_name, CHR(0)), ra.qualifier_code, NVL(ra.do_function, CHR(0)), NVL(ra.grant_and_view, CHR(0)) FROM roles_authorization ra",
+ gura_fields,
+ 6,
+ "ra.kerberos_name LIKE UPPER('%s') AND ra.effective_date < SYSDATE AND (ra.expiration_date > SYSDATE OR expiration_date is null)",
+ 1,
+ "ra.kerberos_name, ra.function_category, ra.function_name, ra.qualifier_code",
+ &gura_validate,
+ },
+
+ {
/* Q_GUAL - GET_USER_ACCOUNT_BY_LOGIN, v2 */
"get_user_account_by_login",
"gual",
@@ -4416,7 +4546,7 @@
"u",
USERS_TABLE,
"u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
- gual_fields,
+ gual14_fields,
25,
"u.login LIKE '%s' AND u.users_id != 0 AND u.comments = str.string_id",
1,
@@ -4425,6 +4555,23 @@
},
{
+ /* Q_GUAL - GET_USER_ACCOUNT_BY_LOGIN, v15 */
+ "get_user_account_by_login",
+ "gual",
+ 15,
+ MR_Q_RETRIEVE,
+ "u",
+ USERS_TABLE,
+ "u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, u.affiliation_basic, u.affiliation_detailed, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
+ gual_fields,
+ 27,
+ "u.login LIKE '%s' AND u.users_id != 0 AND u.comments = str.string_id",
+ 1,
+ "u.login",
+ &gubl_validate,
+ },
+
+ {
/* Q_GUAU - GET_USER_ACCOUNT_BY_UID, v2 */
"get_user_account_by_uid",
"guau",
@@ -4501,7 +4648,7 @@
"u",
USERS_TABLE,
"u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
- guau_fields,
+ guau14_fields,
25,
"u.unix_uid = %s AND u.users_id != 0 AND u.comments = str.string_id",
1,
@@ -4510,6 +4657,23 @@
},
{
+ /* Q_GUAU - GET_USER_ACCOUNT_BY_UID, v15 */
+ "get_user_account_by_uid",
+ "guau",
+ 15,
+ MR_Q_RETRIEVE,
+ "u",
+ USERS_TABLE,
+ "u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, u.affiliation_basic, u.affiliation_detailed, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
+ guau_fields,
+ 27,
+ "u.unix_uid = %s AND u.users_id != 0 AND u.comments = str.string_id",
+ 1,
+ "u.login",
+ &gubu_validate,
+ },
+
+ {
/* Q_GUAN - GET_USER_ACCOUNT_BY_NAME, v2 */
"get_user_account_by_name",
"guan",
@@ -4586,7 +4750,7 @@
"u",
USERS_TABLE,
"u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
- guan_fields,
+ guan14_fields,
25,
"u.first LIKE '%s' AND u.last LIKE '%s' AND u.users_id != 0 and u.comments = str.string_id",
2,
@@ -4595,6 +4759,23 @@
},
{
+ /* Q_GUAN - GET_USER_ACCOUNT_BY_NAME, v15 */
+ "get_user_account_by_name",
+ "guan",
+ 15,
+ MR_Q_RETRIEVE,
+ "u",
+ USERS_TABLE,
+ "u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, u.affiliation_basic, u.affiliation_detailed, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
+ guan_fields,
+ 27,
+ "u.first LIKE '%s' AND u.last LIKE '%s' AND u.users_id != 0 and u.comments = str.string_id",
+ 2,
+ "u.login",
+ &guan_validate,
+ },
+
+ {
/* Q_GUAC - GET_USER_ACCOUNT_BY_CLASS, v2 */
"get_user_account_by_class",
"guac",
@@ -4671,7 +4852,7 @@
"u",
USERS_TABLE,
"u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
- guac_fields,
+ guac14_fields,
25,
"u.type = UPPER('%s') AND u.users_id != 0 AND u.comments = str.string_id",
1,
@@ -4680,6 +4861,23 @@
},
{
+ /* Q_GUAC - GET_USER_ACCOUNT_BY_CLASS, v15 */
+ "get_user_account_by_class",
+ "guac",
+ 15,
+ MR_Q_RETRIEVE,
+ "u",
+ USERS_TABLE,
+ "u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, u.affiliation_basic, u.affiliation_detailed, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
+ guac_fields,
+ 27,
+ "u.type = UPPER('%s') AND u.users_id != 0 AND u.comments = str.string_id",
+ 1,
+ "u.login",
+ &guan_validate,
+ },
+
+ {
/* Q_GUAM - GET_USER_ACCOUNT_BY_MITID, v2 */
"get_user_account_by_id",
"guai",
@@ -4756,7 +4954,7 @@
"u",
USERS_TABLE,
"u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
- guam_fields,
+ guam14_fields,
25,
"u.clearid LIKE '%s' AND u.users_id != 0 AND u.comments = str.string_id",
1,
@@ -4765,6 +4963,23 @@
},
{
+ /* Q_GUAM - GET_USER_ACCOUNT_BY_MITID, v15 */
+ "get_user_account_by_id",
+ "guai",
+ 15,
+ MR_Q_RETRIEVE,
+ "u",
+ USERS_TABLE,
+ "u.login, u.unix_uid, u.shell, u.winconsoleshell, u.last, u.first, u.middle, u.status, u.clearid, u.type, str.string, CHR(0), u.secure, u.winhomedir, u.winprofiledir, u.sponsor_type, u.sponsor_id, u.expiration, u.alternate_email, u.alternate_phone, u.affiliation_basic, u.affiliation_detailed, TO_CHAR(u.modtime, 'DD-mon-YYYY HH24:MI:SS'), u.modby, u.modwith, TO_CHAR(u.created, 'DD-mon-YYYY HH24:MI:SS'), u.creator FROM users u, strings str",
+ guam_fields,
+ 27,
+ "u.clearid LIKE '%s' AND u.users_id != 0 AND u.comments = str.string_id",
+ 1,
+ "u.login",
+ &guan_validate,
+ },
+
+ {
/* Q_GUAS - GET_USER_ACCOUNT_BY_SPONSOR, v12 */
"get_user_account_by_sponsor",
"guas",
@@ -5846,7 +6061,8 @@
MR_Q_APPEND,
"m",
MACHINE_TABLE,
- "INTO machine (name, vendor, model, os, location, contact, use, status, statuschange, snet_id, address, owner_type, owner_id, acomment, ocomment, created, inuse, mach_id, creator) VALUES (UPPER('%s'), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL('%s', CHR(0)), %s, %s, SYSDATE, %d, '%s', '%s', %d, %d, %d, SYSDATE, SYSDATE, %s, %s)",
+ /* We set use to "NVL('0', '%s')", which is to say, '0', but using up one argv element. */
+ "INTO machine (name, vendor, model, os, location, contact, use, status, statuschange, snet_id, address, owner_type, owner_id, acomment, ocomment, created, inuse, mach_id, creator) VALUES (UPPER('%s'), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL('%s', CHR(0)), NVL('0', '%s'), %s, SYSDATE, %d, '%s', '%s', %d, %d, %d, SYSDATE, TO_DATE('01-JAN-1970', 'DD-mon-YYYY'), %s, %s)",
ahst2_fields,
14,
0,
@@ -5863,7 +6079,8 @@
MR_Q_APPEND,
"m",
MACHINE_TABLE,
- "INTO machine (name, vendor, model, os, location, contact, billing_contact, use, status, statuschange, snet_id, address, owner_type, owner_id, acomment, ocomment, created, inuse, mach_id, creator) VALUES (UPPER('%s'), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL('%s', CHR(0)), NVL('%s', CHR(0)), %s, %s, SYSDATE, %d, '%s', '%s', %d, %d, %d, SYSDATE, SYSDATE, %s, %s)",
+ /* We set use to "NVL('0', '%s')", which is to say, '0', but using up one argv element. */
+ "INTO machine (name, vendor, model, os, location, contact, billing_contact, use, status, statuschange, snet_id, address, owner_type, owner_id, acomment, ocomment, created, inuse, mach_id, creator) VALUES (UPPER('%s'), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL('%s', CHR(0)), NVL('%s', CHR(0)), NVL('0', '%s'), %s, SYSDATE, %d, '%s', '%s', %d, %d, %d, SYSDATE, TO_DATE('01-JAN-1970', 'DD-mon-YYYY'), %s, %s)",
ahst6_fields,
15,
0,
@@ -5880,7 +6097,8 @@
MR_Q_APPEND,
"m",
MACHINE_TABLE,
- "INTO machine (name, vendor, model, os, location, contact, billing_contact, account_number, use, status, statuschange, snet_id, address, owner_type, owner_id, acomment, ocomment, created, inuse, mach_id, creator) VALUES (UPPER('%s'), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL('%s', CHR(0)), NVL('%s', CHR(0)), NVL('%s', CHR(0)), %s, %s, SYSDATE, %d, '%s', '%s', %d, %d, %d, SYSDATE, SYSDATE, %s, %s)",
+ /* We set use to "NVL('0', '%s')", which is to say, '0', but using up one argv element. */
+ "INTO machine (name, vendor, model, os, location, contact, billing_contact, account_number, use, status, statuschange, snet_id, address, owner_type, owner_id, acomment, ocomment, created, inuse, mach_id, creator) VALUES (UPPER('%s'), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL(UPPER('%s'), CHR(0)), NVL('%s', CHR(0)), NVL('%s', CHR(0)), NVL('%s', CHR(0)), NVL('0', '%s'), %s, SYSDATE, %d, '%s', '%s', %d, %d, %d, SYSDATE, TO_DATE('01-JAN-1970', 'DD-mon-YYYY'), %s, %s)",
ahst_fields,
16,
0,
@@ -5897,7 +6115,8 @@
MR_Q_UPDATE,
"m",
MACHINE_TABLE,
- "machine SET name = NVL(UPPER('%s'), CHR(0)), vendor = NVL(UPPER('%s'), CHR(0)), model = NVL(UPPER('%s'), CHR(0)), os = NVL(UPPER('%s'), CHR(0)), location = NVL(UPPER('%s'), CHR(0)), contact = NVL('%s', CHR(0)), use = %s, status = %s, snet_id = %d, address = '%s', owner_type = '%s', owner_id = %d, acomment = %d, ocomment = %d",
+ /* See comment in ahst about use field. */
+ "machine SET name = NVL(UPPER('%s'), CHR(0)), vendor = NVL(UPPER('%s'), CHR(0)), model = NVL(UPPER('%s'), CHR(0)), os = NVL(UPPER('%s'), CHR(0)), location = NVL(UPPER('%s'), CHR(0)), contact = NVL('%s', CHR(0)), use = NVL(use, '%s'), status = %s, snet_id = %d, address = '%s', owner_type = '%s', owner_id = %d, acomment = %d, ocomment = %d",
uhst2_fields,
14,
"mach_id = %d",
@@ -5914,7 +6133,8 @@
MR_Q_UPDATE,
"m",
MACHINE_TABLE,
- "machine SET name = NVL(UPPER('%s'), CHR(0)), vendor = NVL(UPPER('%s'), CHR(0)), model = NVL(UPPER('%s'), CHR(0)), os = NVL(UPPER('%s'), CHR(0)), location = NVL(UPPER('%s'), CHR(0)), contact = NVL('%s', CHR(0)), billing_contact = NVL('%s', CHR(0)), use = %s, status = %s, snet_id = %d, address = '%s', owner_type = '%s', owner_id = %d, acomment = %d, ocomment = %d",
+ /* See comment in ahst about use field */
+ "machine SET name = NVL(UPPER('%s'), CHR(0)), vendor = NVL(UPPER('%s'), CHR(0)), model = NVL(UPPER('%s'), CHR(0)), os = NVL(UPPER('%s'), CHR(0)), location = NVL(UPPER('%s'), CHR(0)), contact = NVL('%s', CHR(0)), billing_contact = NVL('%s', CHR(0)), use = NVL(use, '%s'), status = %s, snet_id = %d, address = '%s', owner_type = '%s', owner_id = %d, acomment = %d, ocomment = %d",
uhst6_fields,
15,
"mach_id = %d",
@@ -5931,7 +6151,8 @@
MR_Q_UPDATE,
"m",
MACHINE_TABLE,
- "machine SET name = NVL(UPPER('%s'), CHR(0)), vendor = NVL(UPPER('%s'), CHR(0)), model = NVL(UPPER('%s'), CHR(0)), os = NVL(UPPER('%s'), CHR(0)), location = NVL(UPPER('%s'), CHR(0)), contact = NVL('%s', CHR(0)), billing_contact = NVL('%s', CHR(0)), account_number = NVL('%s', CHR(0)), use = %s, status = %s, snet_id = %d, address = '%s', owner_type = '%s', owner_id = %d, acomment = %d, ocomment = %d",
+ /* See comment in ahst about use field */
+ "machine SET name = NVL(UPPER('%s'), CHR(0)), vendor = NVL(UPPER('%s'), CHR(0)), model = NVL(UPPER('%s'), CHR(0)), os = NVL(UPPER('%s'), CHR(0)), location = NVL(UPPER('%s'), CHR(0)), contact = NVL('%s', CHR(0)), billing_contact = NVL('%s', CHR(0)), account_number = NVL('%s', CHR(0)), use = NVL(use, '%s'), status = %s, snet_id = %d, address = '%s', owner_type = '%s', owner_id = %d, acomment = %d, ocomment = %d",
uhst_fields,
16,
"mach_id = %d",
@@ -5941,6 +6162,57 @@
},
{
+ /* Q_SHOT - SET_HOST_OPT, v9 */
+ "set_host_opt",
+ "shot",
+ 9,
+ MR_Q_UPDATE,
+ "m",
+ MACHINE_TABLE,
+ "machine SET use = %s, ocomment = %d, inuse = SYSDATE",
+ shot_fields,
+ 2,
+ "mach_id = %d",
+ 1,
+ NULL,
+ &shot_validate,
+ },
+
+ {
+ /* Q_STTL - SET_HOST_TTL, v9 */
+ "set_host_ttl",
+ "sttl",
+ 9,
+ MR_Q_UPDATE,
+ "m",
+ MACHINE_TABLE,
+ "machine SET ttl = %s",
+ sttl_fields,
+ 1,
+ "mach_id = %d",
+ 1,
+ NULL,
+ &sttl_validate,
+ },
+
+ {
+ /* Q_GTTL - GET_HOST_TTL, v9 */
+ "get_host_ttl",
+ "gttl",
+ 2,
+ MR_Q_RETRIEVE,
+ "m",
+ MACHINE_TABLE,
+ "m.ttl FROM machine m",
+ gttl_fields,
+ 1,
+ "m.name LIKE UPPER('%s')",
+ 1,
+ NULL,
+ NULL,
+ },
+
+ {
/* Q_UHHA - UPDATE_HOST_HWADDR */
"update_host_hwaddr",
"uhha",
