Commit 0d8fc0e9 authored by Steven Murray's avatar Steven Murray
Browse files

Added access-right checks to tapserverd for labelling tapes

parent 83f3f60a
......@@ -525,8 +525,6 @@ void castor::tape::tapeserver::daemon::CatalogueDrive::receivedLabelJob(
<< job.dgn;
throw ex;
}
m_state = DRIVE_STATE_RUNNING;
m_sessionType = SESSION_TYPE_LABEL;
{
const unsigned short rmcPort =
common::CastorConfiguration::getConfig().getConfEntInt("RMC", "PORT",
......@@ -541,6 +539,8 @@ void castor::tape::tapeserver::daemon::CatalogueDrive::receivedLabelJob(
rmcPort,
m_processForker);
}
m_state = DRIVE_STATE_RUNNING;
m_sessionType = SESSION_TYPE_LABEL;
break;
default:
{
......
......@@ -21,9 +21,11 @@
* @author Castor Dev team, castor-dev@cern.ch
*****************************************************************************/
#include "castor/io/io.hpp"
#include "castor/legacymsg/legacymsg.hpp"
#include "castor/tape/tapeserver/daemon/CatalogueLabelSession.hpp"
#include "h/Ctape_constants.h"
#include "h/Cupv_constants.h"
//------------------------------------------------------------------------------
// create
......@@ -39,7 +41,7 @@ castor::tape::tapeserver::daemon::CatalogueLabelSession *
const unsigned short rmcPort,
ProcessForkerProxy &processForker) {
checkUserCanLabelTape(cupv, labelJob, labelCmdConnection);
checkUserCanLabelTape(log, cupv, labelJob, labelCmdConnection);
const pid_t pid = processForker.forkLabel(driveConfig, labelJob, rmcPort);
......@@ -56,18 +58,34 @@ castor::tape::tapeserver::daemon::CatalogueLabelSession *
// checkUserCanLabelTape
//------------------------------------------------------------------------------
void castor::tape::tapeserver::daemon::CatalogueLabelSession::
checkUserCanLabelTape(castor::legacymsg::CupvProxy &cupv,
const castor::legacymsg::TapeLabelRqstMsgBody &labelJob,
checkUserCanLabelTape(log::Logger &log, legacymsg::CupvProxy &cupv,
const legacymsg::TapeLabelRqstMsgBody &labelJob,
const int labelCmdConnection) {
const std::string sourceHost = io::getPeerHostName(labelCmdConnection);
const std::string targetHost = io::getSockHostName(labelCmdConnection);
/*
const bool userIsAdmin = cupv.isGranted(
labelJob.uid,
labelJob.gid,
m_vdqmJob.clientHost,
hostName,
sourceHost,
targetHost,
P_ADMIN);
*/
log::Param params[] = {
log::Param("uid", labelJob.uid),
log::Param("gid", labelJob.gid),
log::Param("sourceHost", sourceHost),
log::Param("targetHost", targetHost),
log::Param("privilegeCode", P_ADMIN),
log::Param("privilegeStr", "ADMIN"),
log::Param("userIsAdmin", userIsAdmin ? "true" : "false")};
log(LOG_INFO, "Queried cupvd for tape to be labelled", params);
if(!userIsAdmin) {
castor::exception::Exception ex;
ex.getMessage() << "Only an administrator can label a tape: vid=" <<
labelJob.vid;
throw ex;
}
}
//------------------------------------------------------------------------------
......
......@@ -198,13 +198,16 @@ private:
* have the necessary access rights or there is an error which prevents this
* method for determining if they have such rights.
*
* @param log Object representing the API of the CASTOR logging system.
* @param cupv Proxy object representing the cupvd daemon.
* @param labelJob The label job received from the castor-tape-label
* command-line tool.
* @param labelCmdConnection The file descriptor of the TCP/IP connection with
* the tape labeling command-line tool castor-tape-label.
*/
static void checkUserCanLabelTape(legacymsg::CupvProxy &cupv,
static void checkUserCanLabelTape(
log::Logger &log,
legacymsg::CupvProxy &cupv,
const legacymsg::TapeLabelRqstMsgBody &labelJob,
const int labelCmdConnection);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment