Index: grantnodetype.in =================================================================== RCS file: /usr/DETER/cvsroot/testbed/utils/grantnodetype.in,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 grantnodetype.in --- grantnodetype 2 Oct 2008 22:53:26 -0000 1.1.1.3 +++ grantnodetype 4 Dec 2008 16:48:02 -0000 @@ -29,16 +29,22 @@ # permission to use all of the types in that class, the class itself, and any # aux nodetypes for the type/class (node_types_auxtypes table). # +# The -R option removes the specified access and the -C option confirms that it +# exists (via exit code). +# sub usage() { - print STDERR "Usage: grantnodetype [-h] -p \n"; + print STDERR "Usage: grantnodetype [-RCh] -p \n"; + print STDERR " -R Remove access\n"; + print STDERR " -C Confirm access\n"; print STDERR " -h This message\n"; exit(-1); } -my $optlist = "hp:dn"; +my $optlist = "CRhp:dn"; my $impotent = 0; my $debug = 0; my %newtypes = (); +my $operation = "add"; my $pid; # @@ -76,6 +82,7 @@ # Untaint the path # $ENV{'PATH'} = "/bin:/sbin:/usr/bin:"; +delete $ENV{'CDPATH'}; # # Parse command arguments. Once we return from getopts, all that should be @@ -94,6 +101,18 @@ if (defined($options{d})) { $debug = 1; } +if (defined($options{R})) { + $operation = "remove"; +} +if (defined($options{C})) { + if ($operation eq "add" ) { + $operation = "confirm"; + } + else { + print STDERR "Only one of -C or -R permitted\n"; + usage(); + } +} if (defined($options{p})) { $pid = $options{p}; } @@ -176,6 +195,8 @@ # # Run the queries. # + +my $confirm = 1; foreach my $newtype (keys(%newtypes)) { print STDERR "Granting permission to use type $newtype\n" if ($debug); @@ -197,17 +218,45 @@ " There is no '-' policy for node type $newtype! Stopping.\n"); } - # - # Add generic rules that say the project is allowed to use "infinite" - # number of nodes of each type. - # - DBQueryFatal("replace into group_policies ". - "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ". - "values ($pid_idx, $pid_idx, '$pid', '$pid', ". - " 'type', '$newtype', 999999)") - if (!$impotent); + if ($operation eq "add") { + # + # Add generic rules that say the project is allowed to use "infinite" + # number of nodes of each type. + # + DBQueryFatal("replace into group_policies ". + "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ". + "values ($pid_idx, $pid_idx, '$pid', '$pid', ". + " 'type', '$newtype', 999999)") + if (!$impotent); + } + elsif ($operation eq 'remove') { + # + # Remove rules with this pid and this type + # + DBQueryFatal("delete from group_policies where pid='$pid' " . + "and auxdata='$newtype'") + if (!$impotent); + } + elsif ($operation eq 'confirm') { + # + # Confirm that all the table entries add would make are there. + # + if (!$impotent) { + my $result = DBQueryFatal("select pid from group_policies ". + "where pid='$pid' and auxdata='$newtype'"); + if (!$result->num_rows) { + $confirm = 0; + last; + } + } + else { + next; + } + } } +exit($confirm ? 0 : 20) if ($operation eq 'confirm'); + # # Now update the permissions table. #