︙ | | | ︙ | |
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
(define sauthorize:help (conc "Usage: " *exe-name* " [action [params ...]]
list : list areas $USER's can access
log : get listing of recent activity.
sauth list-area-user <area code> : list the users that can access the area.
sauth open <path> --group <grpname> : Open up an area. User needs to be the owner of the area to open it.
--code <unique short identifier for an area>
--retrieve|--publish
sauth open <area code> --retrieve|--publish : update the binaries with the lates changes
sauth grant <username> --area <area identifier> : Grant permission to read or write to a area that is alrady opend up.
--expiration yyyy/mm/dd --retrieve|--publish
[--restrict <comma separated directory names> ]
sauth read-shell <area identifier> : Open sretrieve shell for reading.
sauth write-shell <area identifier> : Open spublish shell for writing.
Part of the Megatest tool suite.
|
|
|
|
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
(define sauthorize:help (conc "Usage: " *exe-name* " [action [params ...]]
list : list areas $USER's can access
log : get listing of recent activity.
sauth list-area-user <area code> : list the users that can access the area.
sauth open <path> --group <grpname> : Open up an area. User needs to be the owner of the area to open it.
--code <unique short identifier for an area>
--retrieve|--publish [--additional-grps <comma separated unix grps requierd to get to the path>]
sauth update <area code> --retrieve|--publish : update the binaries with the lates changes
sauth grant <username> --area <area identifier> : Grant permission to read or write to a area that is alrady opend up.
--expiration yyyy/mm/dd --retrieve|--publish
[--restrict <comma separated directory names> ]
sauth read-shell <area identifier> : Open sretrieve shell for reading.
sauth write-shell <area identifier> : Open spublish shell for writing.
Part of the Megatest tool suite.
|
︙ | | | ︙ | |
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
datetime TIMESTAMP DEFAULT (datetime('now','localtime'))
);"
"CREATE TABLE IF NOT EXISTS areas
(id INTEGER PRIMARY KEY,
basepath TEXT NOT NULL,
code TEXT NOT NULL,
exe_name TEXT NOT NULL,
datetime TIMESTAMP DEFAULT (datetime('now','localtime'))
);"
"CREATE TABLE IF NOT EXISTS permissions
(id INTEGER PRIMARY KEY,
access_type TEXT NOT NULL,
user_id INTEGER NOT NULL,
datetime TIMESTAMP DEFAULT (datetime('now','localtime')),
|
>
|
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
datetime TIMESTAMP DEFAULT (datetime('now','localtime'))
);"
"CREATE TABLE IF NOT EXISTS areas
(id INTEGER PRIMARY KEY,
basepath TEXT NOT NULL,
code TEXT NOT NULL,
exe_name TEXT NOT NULL,
required_grps TEXT DEFAULT '' NOT NULL,
datetime TIMESTAMP DEFAULT (datetime('now','localtime'))
);"
"CREATE TABLE IF NOT EXISTS permissions
(id INTEGER PRIMARY KEY,
access_type TEXT NOT NULL,
user_id INTEGER NOT NULL,
datetime TIMESTAMP DEFAULT (datetime('now','localtime')),
|
︙ | | | ︙ | |
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
(close-input-port inp)
(close-output-port oup))
(loop (read-line inp)))))
ret-val))
;check if a paths/codes are vaid and if area is alrady open
(define (open-area group path code access-type)
(let* ((exe-name (get-exe-name path group))
(path-obj (get-obj-by-path path))
(code-obj (get-obj-by-code code)))
;(print path-obj)
(cond
((not (null? path-obj))
(if (equal? code (car path-obj))
(begin
(if (equal? exe-name (cadr path-obj))
(begin
|
|
|
|
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
(close-input-port inp)
(close-output-port oup))
(loop (read-line inp)))))
ret-val))
;check if a paths/codes are vaid and if area is alrady open
(define (open-area group path code access-type other-grps)
(let* ((exe-name (get-exe-name path group))
(path-obj (get-obj-by-path path))
(code-obj (get-obj-by-code-no-grp-validation code)))
;(print path-obj)
(cond
((not (null? path-obj))
(if (equal? code (car path-obj))
(begin
(if (equal? exe-name (cadr path-obj))
(begin
|
︙ | | | ︙ | |
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
|
(print "Code " code " is used for diffrent path. Please try diffrent value of --code" )
(exit 1))
(else
; (print (exe-exist exe-name access-type))
(if (not (exe-exist exe-name access-type))
(copy-exe access-type exe-name group))
(sauthorize:db-do (lambda (db)
;(print (conc "insert into areas (code, basepath, exe_name) values ('" code "', '" path "', '" exe-name "') "))
(sauthorize:db-qry db (conc "insert into areas (code, basepath, exe_name) values ('" code "', '" path "', '" exe-name "') "))))))))
(define (user-has-open-perm user path access)
(let* ((has-access #f)
(eid (current-user-id)))
(cond
((is-admin user)
(set! has-access #t ))
|
|
|
|
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
|
(print "Code " code " is used for diffrent path. Please try diffrent value of --code" )
(exit 1))
(else
; (print (exe-exist exe-name access-type))
(if (not (exe-exist exe-name access-type))
(copy-exe access-type exe-name group))
(sauthorize:db-do (lambda (db)
(print conc "insert into areas (code, basepath, exe_name, required_grps) values ('" code "', '" path "', '" exe-name "', '" other-grps "') ")
(sauthorize:db-qry db (conc "insert into areas (code, basepath, exe_name, required_grps) values ('" code "', '" path "', '" exe-name "', '" other-grps "') "))))))))
(define (user-has-open-perm user path access)
(let* ((has-access #f)
(eid (current-user-id)))
(cond
((is-admin user)
(set! has-access #t ))
|
︙ | | | ︙ | |
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
|
#t)
((null? tal)
#f)
(else
(loop (car tal)(cdr tal))))))
;create executables with appropriate suids
(define (sauthorize:open user path group code access-type)
(let* ((gpid (group-information group))
(req_grpid (if (equal? group "none")
group
(if (equal? gpid #f)
#f
(caddr gpid))))
(current-grp-list (get-groups))
|
|
|
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
|
#t)
((null? tal)
#f)
(else
(loop (car tal)(cdr tal))))))
;create executables with appropriate suids
(define (sauthorize:open user path group code access-type other-groups)
(let* ((gpid (group-information group))
(req_grpid (if (equal? group "none")
group
(if (equal? gpid #f)
#f
(caddr gpid))))
(current-grp-list (get-groups))
|
︙ | | | ︙ | |
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
|
(if (not (file-write-access? path))
(begin
(print "You can open areas owned by yourself. You do not have permissions to open path." path)
(exit 1)))
(if (user-has-open-perm user path access-type)
(begin
;(print "here")
(open-area group path code access-type)
(sauthorize:grant user user code "2017/12/25" "read-admin" "")
(sauthorize:db-do (lambda (db)
(sauthorize:db-qry db (conc "INSERT INTO actions (cmd,user_id,area_id,action_type ) VALUES ('sauthorize open " path " --code " code " --group " group " --" access-type "'," (car (get-user user)) "," (car (get-area code)) ", 'open' )"))))
(print "Area has " path " been opened for " access-type ))))
(define (sauthorize:update username exe area access-type)
(let* ((parts (string-split exe "_"))
|
|
|
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
(if (not (file-write-access? path))
(begin
(print "You can open areas owned by yourself. You do not have permissions to open path." path)
(exit 1)))
(if (user-has-open-perm user path access-type)
(begin
;(print "here")
(open-area group path code access-type other-groups)
(sauthorize:grant user user code "2017/12/25" "read-admin" "")
(sauthorize:db-do (lambda (db)
(sauthorize:db-qry db (conc "INSERT INTO actions (cmd,user_id,area_id,action_type ) VALUES ('sauthorize open " path " --code " code " --group " group " --" access-type "'," (car (get-user user)) "," (car (get-area code)) ", 'open' )"))))
(print "Area has " path " been opened for " access-type ))))
(define (sauthorize:update username exe area access-type)
(let* ((parts (string-split exe "_"))
|
︙ | | | ︙ | |
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
|
(area (cadr args))
(cmd-args (cddr args))
(code-obj (get-obj-by-code area)))
(if (or (null? code-obj)
(not (exe-exist (cadr code-obj) "publish")))
(begin
(print "Area " area " is not open for writing!!")
(exit 1)))
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *exe-path* "/publish/" (cadr code-obj) ) (append (list action area ) cmd-args))))))
((retrieve)
(if (< (length args) 2)
(begin
(print "Missing argument to publish. \n publish <action> <area> [opts] ")
(exit 1)))
(let* ((action (car args))
(area (cadr args))
(cmd-args (cddr args))
(code-obj (get-obj-by-code area)))
(if (or (null? code-obj)
(not (exe-exist (cadr code-obj) "retrieve")))
(begin
(print "Area " area " is not open for reading!!")
(exit 1)))
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *exe-path* "/retrieve/" (cadr code-obj) ) (append (list action area ) cmd-args))))))
((open)
(if (< (length args) 6)
(begin
(print "sauthorize open cmd takes 6 arguments!! \n Useage: sauthorize open <path> --group <grpname> --code <unique short identifier for an area> --retrieve|--publish")
(exit 1)))
(let* ((remargs (args:get-args args '("--group" "--code") '() args:arg-hash 0))
(path (car args))
(group (or (args:get-arg "--group") ""))
(area (or (args:get-arg "--code") ""))
(access-type (get-access-type remargs)))
(cond
((equal? path "")
(print "path not found!! Try \"sauthorize help\" for useage ")
(exit 1))
((equal? area "")
(print "--code not found!! Try \"sauthorize help\" for useage ")
(exit 1))
((equal? access-type #f)
(print "Access type not found!! Try \"sauthorize help\" for useage ")
(exit 1))
((and (not (equal? access-type "publish"))
(not (equal? access-type "retrieve")))
(print "Access type can be eiter --retrieve or --publish !! Try \"sauthorize help\" for useage ")
(exit 1)))
(sauthorize:open username path group area access-type)))
((update)
(if (< (length args) 2)
(begin
(print "sauthorize update cmd takes 2 arguments!! \n Useage: sauthorize update <area-code> --retrieve|--publish")
(exit 1)))
(let* ((area (car args))
(code-obj (get-obj-by-code area))
|
|
>
>
>
|
|
>
>
|
|
|
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
|
(area (cadr args))
(cmd-args (cddr args))
(code-obj (get-obj-by-code area)))
(if (or (null? code-obj)
(not (exe-exist (cadr code-obj) "publish")))
(begin
(print "Area " area " is not open for writing!!")
(exit 1)))
;(print "hear")
(sauthorize:do-as-calling-user
(lambda ()
; (print *exe-path* "/publish/" (cadr code-obj) action area cmd-args )
(run-cmd (conc *exe-path* "/publish/" (cadr code-obj) ) (append (list action area ) cmd-args))))))
((retrieve)
(if (< (length args) 2)
(begin
(print "Missing argument to publish. \n publish <action> <area> [opts] ")
(exit 1)))
(let* ((action (car args))
(area (cadr args))
(cmd-args (cddr args))
(code-obj (get-obj-by-code area)))
(if (or (null? code-obj)
(not (exe-exist (cadr code-obj) "retrieve")))
(begin
(print "Area " area " is not open for reading!!")
(exit 1)))
(print (conc *exe-path* "/retrieve/" (cadr code-obj) " " action " " area " " (string-join cmd-args)))
(sauthorize:do-as-calling-user
(lambda ()
(run-cmd (conc *exe-path* "/retrieve/" (cadr code-obj) ) (append (list action area ) cmd-args))))))
((open)
(if (< (length args) 6)
(begin
(print "sauthorize open cmd takes 6 arguments!! \n Useage: sauthorize open <path> --group <grpname> --code <unique short identifier for an area> --retrieve|--publish")
(exit 1)))
(let* ((remargs (args:get-args args '("--group" "--code" "--additional-grps") '() args:arg-hash 0))
(path (car args))
(group (or (args:get-arg "--group") ""))
(area (or (args:get-arg "--code") ""))
(other-grps (or (args:get-arg "--additional-grps") ""))
(access-type (get-access-type remargs)))
(cond
((equal? path "")
(print "path not found!! Try \"sauthorize help\" for useage ")
(exit 1))
((equal? area "")
(print "--code not found!! Try \"sauthorize help\" for useage ")
(exit 1))
((equal? access-type #f)
(print "Access type not found!! Try \"sauthorize help\" for useage ")
(exit 1))
((and (not (equal? access-type "publish"))
(not (equal? access-type "retrieve")))
(print "Access type can be eiter --retrieve or --publish !! Try \"sauthorize help\" for useage ")
(exit 1)))
; (print other-grps)
(sauthorize:open username path group area access-type other-grps)))
((update)
(if (< (length args) 2)
(begin
(print "sauthorize update cmd takes 2 arguments!! \n Useage: sauthorize update <area-code> --retrieve|--publish")
(exit 1)))
(let* ((area (car args))
(code-obj (get-obj-by-code area))
|
︙ | | | ︙ | |