Overview
| Comment: | update to override user when triggering mtutil run |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | v1.65 |
| Files: | files | file ages | folders |
| SHA1: |
c28e4b5652ff8d1c9c3a5525a3762034 |
| User & Date: | pjhatwal on 2018-02-27 16:38:22 |
| Other Links: | branch diff | manifest | tags |
Context
|
2018-02-27
| ||
| 16:41 | removed test rule from make file check-in: 94a053d0ea user: pjhatwal tags: v1.65 | |
| 16:38 | update to override user when triggering mtutil run check-in: c28e4b5652 user: pjhatwal tags: v1.65 | |
|
2018-02-20
| ||
| 15:50 | fixed success message to print actual path of genrated path check-in: f8b993531b user: pjhatwal tags: v1.65 | |
Changes
Modified Makefile from [6fdc76eed3] to [6bc13503d4].
| ︙ | ︙ | |||
66 67 68 69 70 71 72 73 74 75 76 77 78 79 | #all : $(PREFIX)/bin/.$(ARCHSTR) mtest dboard mtut ndboard all : $(PREFIX)/bin/.$(ARCHSTR) mtest dboard mtut mtest: $(OFILES) readline-fix.scm megatest.o $(MOFILES) mofiles/ftail.o csc $(CSCOPTS) $(OFILES) $(MOFILES) megatest.o -o mtest dboard : $(OFILES) $(GOFILES) dashboard.scm $(MOFILES) csc $(CSCOPTS) $(OFILES) dashboard.scm $(GOFILES) $(MOFILES) -o dboard ndboard : newdashboard.scm $(OFILES) $(GOFILES) csc $(CSCOPTS) $(OFILES) $(GOFILES) newdashboard.scm -o ndboard mtut: $(OFILES) megatest-fossil-hash.scm mtut.scm | > > > > > > | 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 | #all : $(PREFIX)/bin/.$(ARCHSTR) mtest dboard mtut ndboard all : $(PREFIX)/bin/.$(ARCHSTR) mtest dboard mtut mtest: $(OFILES) readline-fix.scm megatest.o $(MOFILES) mofiles/ftail.o csc $(CSCOPTS) $(OFILES) $(MOFILES) megatest.o -o mtest stest: $(OFILES) sretrieve.scm csc $(OFILES) sretrieve.scm -o datashare-testing/sretrieve_pjhatwal satest: echo $(CSCOPTS) "--" $(OFILES) "--" $(GOFILES) "--" $(MOFILES) dboard : $(OFILES) $(GOFILES) dashboard.scm $(MOFILES) csc $(CSCOPTS) $(OFILES) dashboard.scm $(GOFILES) $(MOFILES) -o dboard ndboard : newdashboard.scm $(OFILES) $(GOFILES) csc $(CSCOPTS) $(OFILES) $(GOFILES) newdashboard.scm -o ndboard mtut: $(OFILES) megatest-fossil-hash.scm mtut.scm |
| ︙ | ︙ |
Modified mtut.scm from [a090b1db10] to [785749fa0e].
| ︙ | ︙ | |||
190 191 192 193 194 195 196 197 198 199 200 201 202 203 |
("-status" . s)
("-target" . t)
("-tag-expr" . x)
;; misc
("-debug" . #f) ;; for *verbosity* > 2
("-load" . #f) ;; load and exectute a scheme file
("-log" . #f)
("-msg" . M)
("-start-dir" . S)
("-set-vars" . v)
("-config" . h)
))
(define *switch-keys*
'(
| > | 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 |
("-status" . s)
("-target" . t)
("-tag-expr" . x)
;; misc
("-debug" . #f) ;; for *verbosity* > 2
("-load" . #f) ;; load and exectute a scheme file
("-log" . #f)
("-override-user" . #f)
("-msg" . M)
("-start-dir" . S)
("-set-vars" . v)
("-config" . h)
))
(define *switch-keys*
'(
|
| ︙ | ︙ | |||
472 473 474 475 476 477 478 | ;; ;; sched => force the run start time to be recorded as sched Unix ;; epoch. This aligns times properly for triggers in some cases. ;; ;; extra-dat format is ( 'x xval 'y yval .... ) ;; (define (command-line->pkt action args-alist sched-in #!key (extra-dat '())(area-path #f)(new-ss #f)) | | > > > > | | > | < > | 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 |
;;
;; sched => force the run start time to be recorded as sched Unix
;; epoch. This aligns times properly for triggers in some cases.
;;
;; extra-dat format is ( 'x xval 'y yval .... )
;;
(define (command-line->pkt action args-alist sched-in #!key (extra-dat '())(area-path #f)(new-ss #f))
(let* ((sched (cond
((vector? sched-in)(local-time->seconds sched-in)) ;; we recieved a time
((number? sched-in) sched-in)
(else (current-seconds))))
(user (if (and args-alist (hash-table? args-alist))
(hash-table-ref/default args-alist "-override-user" (current-user-name))
(current-user-name)))
(args-data (if args-alist
(if (hash-table? args-alist) ;; seriously?
(hash-table->alist args-alist)
args-alist)
(hash-table->alist args:arg-hash))) ;; if no args-alist then we assume this is a call driven directly by commandline
(alldat (apply append
(list 'A action
'U user
'D sched)
(if area-path
(list 'S area-path) ;; the area-path is mapped to the start-dir
'())
(if (list? extra-dat)
extra-dat
(begin
(debug:print 0 *default-log-port* "ERROR: command-line->pkt received bad extra-dat " extra-dat)
'()))
(map (lambda (x)
(let* ((param (car x))
(value (cdr x))
(pmeta (assoc param *arg-keys*)) ;; translate the card key to a megatest switch or parameter
(smeta (assoc param *switch-keys*)) ;; first lookup the key in arg-keys or switch-keys
(meta (if (or pmeta smeta)
(cdr (or pmeta smeta)) ;; found it?
#f)))
(if meta ;; construct the switch/param pair.
(list meta value)
'())))
(filter cdr args-data)))))
(print "Alldat: " alldat ) ;;Do not removed. This is uesed by other applications to calculate z card
;(exit)
(add-z-card
(apply construct-sdat alldat))))
(define (simple-setup start-dir-in)
(let* ((start-dir (or start-dir-in "."))
(mtconfig (or (args:get-arg "-config") "megatest.config"))
(mtconfdat (find-and-read-config ;; NB// sets MT_RUN_AREA_HOME as side effect
|
| ︙ | ︙ | |||
1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 | (add-z-card (construct-sdat 'P uuid 'T "access-denied" 'c (alist-ref 'o pkta) ;; THIS IS WRONG! SHOULD BE 'c 't (alist-ref 't pkta))))) (write-pkt pktsdir ack-uuid ack-pkt)))))) pkts)))))) (define (check-access user mtconf action area) ;; NOTE: Need control over defaults. E.g. default might be no access (let* ((access-ctrl (hash-table-exists? mtconf "access")) ;; if there is an access section the default is to REQUIRE enablement/access (access-list (map (lambda (x) (string-split x ":")) (string-split (or (configf:lookup mtconf "access" area) ;; userid:rightstype userid2:rightstype2 ... (if access-ctrl "*:none" ;; nobody has access by default "*:all"))))) (access-types-dat (configf:get-section mtconf "accesstypes"))) | > | > | > | | 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 |
(add-z-card
(construct-sdat 'P uuid
'T "access-denied"
'c (alist-ref 'o pkta) ;; THIS IS WRONG! SHOULD BE 'c
't (alist-ref 't pkta)))))
(write-pkt pktsdir ack-uuid ack-pkt))))))
pkts))))))
(define (check-access user mtconf action area)
;; NOTE: Need control over defaults. E.g. default might be no access
(let* ((access-ctrl (hash-table-exists? mtconf "access")) ;; if there is an access section the default is to REQUIRE enablement/access
(access-list (map (lambda (x)
(string-split x ":"))
(string-split (or (configf:lookup mtconf "access" area) ;; userid:rightstype userid2:rightstype2 ...
(if access-ctrl
"*:none" ;; nobody has access by default
"*:all")))))
(access-types-dat (configf:get-section mtconf "accesstypes")))
(debug:print 2 *default-log-port* "Checking access in " access-list " with access-ctrl " access-ctrl " for area " area)
(if access-ctrl
(let* ((user-access (or (assoc user access-list)
(assoc "*" access-list)))
(access-type (if user-access
(cadr user-access)
#f))
(access-types (let ((res (alist-ref access-type access-types-dat equal?)))
(if res (car res) res)))
(allowed-actions (string-split (or access-types ""))))
(debug:print 2 *default-log-port* "Got " allowed-actions " for user " user " where access-types=" access-types " access-type=" access-type)
(cond
((and access-types (member action allowed-actions))
;; (print "Access granted for " user " for " action)
#t)
(else
;; (print "Access denied for " user " for " action)
#f))))))
|
| ︙ | ︙ | |||
1124 1125 1126 1127 1128 1129 1130 | ((and area (not area-path)) (print "ERROR: the specified area was not found in the [areas] table. Area name=" area) (exit 1)) ((not area) (print "ERROR: no area specified. Use -area <areaname>") (exit 1)) (else | > > > | > > > > > > | | 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 |
((and area (not area-path))
(print "ERROR: the specified area was not found in the [areas] table. Area name=" area)
(exit 1))
((not area)
(print "ERROR: no area specified. Use -area <areaname>")
(exit 1))
(else
(let* ((usr-admin (check-access (current-user-name) mtconf "override" area))
(user (if (and usr-admin (args:get-arg "-override-user"))
(args:get-arg "-override-user")
(current-user-name))))
; (print "user 123 " usr-admin )
;(exit 1)
(if (and (not usr-admin) (args:get-arg "-override-user"))
(begin
(print user " does not have access to override user")
(exit 1)))
(if (check-access user mtconf *action* area);; check rights
(print "Access granted for " *action* " action by " user)
(begin
(print "Access denied for " *action* " action by " user)
(exit 1))))))
;; (for-each
;; (lambda (key)
|
| ︙ | ︙ |
Modified sretrieve.scm from [310abc8048] to [9b97d338b6].
| ︙ | ︙ | |||
19 20 21 22 23 24 25 | (use defstruct) (use scsh-process) (use srfi-18) (use srfi-19) (use refdb) (use sql-de-lite srfi-1 posix regex regex-case srfi-69) | | | > > | 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | (use defstruct) (use scsh-process) (use srfi-18) (use srfi-19) (use refdb) (use sql-de-lite srfi-1 posix regex regex-case srfi-69) ;(declare (uses common)) ;(declare (uses configf)) (declare (uses margs)) (declare (uses megatest-version)) (include "megatest-fossil-hash.scm") ;;; please create this file before using sautherise. For sample file is avaliable sample-sauth-paths.scm. (include "sauth-paths.scm") (include "sauth-common.scm") (define (toplevel-command . args) #f) (use readline) ;; ;; GLOBALS ;; (define *verbosity* 1) (define *logging* #f) |
| ︙ | ︙ | |||
981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 |
;(print target-path)
(if (not (equal? target-path #f))
(begin
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *sauth-path* "/sauthorize") (list "register-log" (conc "get " area " " sub-path) (number->string (car user-obj)) (number->string (caddr area-obj)) "get"))))
(sretrieve:get-shell-cmd-line target-path base-path restrictions iport))))))
((ls)
(cond
((< (length args) 1)
(begin
(print "ERROR: Missing arguments; <area> ")
(exit 1)))
((equal? (length args) 1)
(let* ((area (car args))
(usr (current-user-name))
(area-obj (get-obj-by-code area))
(user-obj (get-user usr))
(top-areas (sretrieve:get-accessable-projects area))
(base-path (if (null? area-obj)
""
(caddr (cdr area-obj)))))
(if (null? area-obj)
(begin
(print "Area " area " does not exist")
(exit 1)))
(sauth-common:shell-ls-cmd '() area top-areas base-path '())
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *sauth-path* "/sauthorize") (list "register-log" "ls" (number->string (car user-obj)) (number->string (caddr area-obj)) "ls"))))))
((> (length args) 1)
(let* ((remargs (args:get-args args '("-m" ) '() args:arg-hash 0))
(usr (current-user-name))
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 |
;(print target-path)
(if (not (equal? target-path #f))
(begin
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *sauth-path* "/sauthorize") (list "register-log" (conc "get " area " " sub-path) (number->string (car user-obj)) (number->string (caddr area-obj)) "get"))))
(sretrieve:get-shell-cmd-line target-path base-path restrictions iport))))))
((cat)
(if (< (length args) 2)
(begin
(sauth:print-error "Missing arguments; <area> <relative path>" )
(exit 1)))
(let* ((remargs (args:get-args args '("-m" ) '() args:arg-hash 0))
(area (car args))
(usr (current-user-name))
(area-obj (get-obj-by-code area))
(user-obj (get-user usr))
(top-areas (sretrieve:get-accessable-projects area))
(base-path (if (null? area-obj)
""
(caddr (cdr area-obj))))
(sub-path (if (null? remargs)
""
(car remargs))))
(if (null? area-obj)
(begin
(sauth:print-error (conc "Area " area " does not exist"))
(exit 1)))
(let* ((target-path (sauth-common:get-target-path '() (conc area "/" sub-path) top-areas base-path))
(restrictions (if (equal? target-path #f)
""
(sretrieve:shell-lookup base-path))))
;(sauth-common:shell-ls-cmd base-path-list ext-path top-areas base-path tail-cmd-list)
(if (not (equal? target-path #f))
(begin
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *sauth-path* "/sauthorize") (list "register-log" (conc "get " area " " sub-path) (number->string (car user-obj)) (number->string (caddr area-obj)) "get"))))
(sretrieve:shell-cat-cmd (list area) sub-path top-areas base-path '()))))))
((ls)
(cond
((< (length args) 1)
(begin
(print "ERROR: Missing arguments; <area> ")
(exit 1)))
((equal? (length args) 1)
(let* ((area (car args))
(usr (current-user-name))
(area-obj (get-obj-by-code area))
(user-obj (get-user usr))
(top-areas (sretrieve:get-accessable-projects area))
(base-path (if (null? area-obj)
""
(caddr (cdr area-obj)))))
(if (null? area-obj)
(begin
(print "Area " area " does not exist")
(exit 1)))
; (sretrieve:shell-cat-cmd base-pathlist ext-path top-areas base-path tail-cmd-list)
(sauth-common:shell-ls-cmd '() area top-areas base-path '())
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *sauth-path* "/sauthorize") (list "register-log" "ls" (number->string (car user-obj)) (number->string (caddr area-obj)) "ls"))))))
((> (length args) 1)
(let* ((remargs (args:get-args args '("-m" ) '() args:arg-hash 0))
(usr (current-user-name))
|
| ︙ | ︙ |