eurephiadm/adminaccess: Check granted accesses before modifying them

It was reported that it was possible to grant the same access level several times using the eurephiadm adminaccess command. This is now fixed by quering the access levels for the user before executing the grant or revoke operation. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Report-URL: https://sourceforge.net/tracker/index.php?func=detail&aid=3092583&group_id=236344&atid=1099760
author: David Sommerseth <dazo@users.sourceforge.net> 2010-10-22 17:41:31 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2010-10-22 17:41:31 +0200
commit: 83a6d2aee10e81862dbd1d6526ccbab93ef9afbe (patch)
tree: 912cc117be397007670367b3a88a973129149cba /eurephiadm
parent: 7a80a43a1fdc15a462d27bc0494c15385c592082 (diff)
download: eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.tar.gz
eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.tar.xz
eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.zip
1 files changed, 42 insertions, 2 deletions
diff --git a/eurephiadm/commands/adminaccess.c b/eurephiadm/commands/adminaccess.c
index 1140d63..9cd210b 100644
--- a/eurephiadm/commands/adminaccess.c
+++ b/eurephiadm/commands/adminaccess.c
@@ -243,6 +243,7 @@ int list_adminaccess(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
 int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) {
         xmlDoc *upd_xml = NULL, *res_xml = NULL;
         xmlNode *root_n = NULL, *fmap_n = NULL;
+        xmlAttr *mode_a = NULL;
         char actmode = '-', *actmode_str = NULL;
         int i = 0, rc = 0;
         int f_uid = 0, f_acl = 0, f_intf = 0;
@@ -264,11 +265,9 @@ int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, i
         if( (strcmp(argv[0], "--grant") == 0) || (strcmp(argv[0], "-G") == 0) ) {
                 actmode = 'G';
                 actmode_str = "granted";
-                xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "grant");
         } else if( (strcmp(argv[0], "--revoke") == 0) || (strcmp(argv[0], "-R") == 0) ) {
                 actmode = 'R';
                 actmode_str = "revoked";
-                xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "revoke");
         }
 
         for( i = 1; i < argc; i++ ) {
@@ -325,6 +324,45 @@ int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, i
                 xmlNewChild(fmap_n, NULL, (xmlChar *) "interface", (xmlChar *) "C");
         }
 
+        // Check if this access level has already been granted
+        mode_a = xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "list");
+        res_xml = eDBadminAccessLevel(ctx, upd_xml);
+        if( res_xml == NULL ) {
+                fprintf(stderr, "%s: Failed to check the access level\n", MODULE);
+                rc = 1;
+        } else {
+                xmlNode *ptr_n = eurephiaXML_getRoot(ctx, res_xml, "admin_access_list", 1);
+                if( (ptr_n == NULL) || (xmlStrcmp(ptr_n->name, (xmlChar *) "admin_access_list") != 0) ) {
+                        if( !eurephiaXML_IsResultMsg(ctx, res_xml) ) {
+                                fprintf(stderr, "%s: Failed to check the access level (unknown error)\n", MODULE);
+                        } else {
+                                eurephiaRESULT *res = eurephiaXML_ParseResultMsg(ctx, res_xml);
+                                fprintf(stderr, "%s: %s\n", MODULE, res->message);
+                                free_nullsafe(ctx, res);
+                        }
+                        rc = 1;
+                } else {
+                        xmlNode *ptr2_n = xmlFindNode(ptr_n, "user_access");
+
+                        // If ptr2_n is not NULL, it means this access already exists.
+                        // That is expected for REVOKE operations, but not expected
+                        // for GRANT operations
+                        rc = ((actmode == 'G' && ptr2_n != NULL) || (actmode == 'R' && ptr2_n == NULL) ? 1 : 0);
+                        if( rc > 0 ) {
+                                fprintf(stderr, "%s: This access level is %s to the user\n", MODULE,
+                                        (actmode == 'G' ? "already granted" : "not granted"));
+                        }
+                }
+                xmlFreeDoc(res_xml);
+        }
+        if( rc > 0 ) {
+                goto error;
+        }
+
+        // Prepare for the real update.  Replace the 'mode' attribute to contain the proper action.
+        xmlRemoveProp(mode_a);
+        xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) (actmode == 'G' ? "grant" : "revoke"));
+
         res_xml = eDBadminAccessLevel(ctx, upd_xml);
         if( res_xml == NULL ) {
                 fprintf(stderr, "%s: Failed to update the access level\n", MODULE);
@@ -347,6 +385,8 @@ int grant_revoke(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, i
                 free_nullsafe(ctx, res);
                 xmlFreeDoc(res_xml);
         }
+
+ error:
         xmlFreeDoc(upd_xml);
         return rc;
 }
author	David Sommerseth <dazo@users.sourceforge.net>	2010-10-22 17:41:31 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2010-10-22 17:41:31 +0200
commit	83a6d2aee10e81862dbd1d6526ccbab93ef9afbe (patch)
tree	912cc117be397007670367b3a88a973129149cba /eurephiadm
parent	7a80a43a1fdc15a462d27bc0494c15385c592082 (diff)
download	eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.tar.gz eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.tar.xz eurephia-83a6d2aee10e81862dbd1d6526ccbab93ef9afbe.zip