libdb.pm.in 50.9 KB
Newer Older
1
2
#!/usr/bin/perl -w

Leigh B. Stoller's avatar
Leigh B. Stoller committed
3
4
5
6
7
8
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#

9
#
10
11
# A library of useful DB stuff. Mostly things that get done a lot.
# Saves typing.
12
13
14
15
16
#
# XXX: The notion of "uid" is a tad confused. A unix uid is a number,
#      while in the DB a user uid is a string (equiv to unix login).
#      Needs to be cleaned up.
#
17

18
19
20
21
package libdb;
use Exporter;
@ISA = "Exporter";
@EXPORT =
22
23
24
    qw ( NODERELOADING_PID NODERELOADING_EID NODEDEAD_PID NODEDEAD_EID
	 NODEBOOTSTATUS_OKAY NODEBOOTSTATUS_FAILED NODEBOOTSTATUS_UNKNOWN
	 NODESTARTSTATUS_NOSTATUS PROJMEMBERTRUST_NONE PROJMEMBERTRUST_USER
Leigh B. Stoller's avatar
Leigh B. Stoller committed
25
26
27
28
29
30
31
	 PROJMEMBERTRUST_ROOT PROJMEMBERTRUST_GROUPROOT
	 PROJMEMBERTRUST_PROJROOT

	 TBTrustConvert TBMinTrust TBGrpTrust TBProjTrust

	 TB_NODEACCESS_READINFO TB_NODEACCESS_MODIFYINFO
	 TB_NODEACCESS_LOADIMAGE TB_NODEACCESS_REBOOT
32
33
	 TB_NODEACCESS_POWERCYCLE TB_NODEACCESS_MODIFYVLANS
	 TB_NODEACCESS_MIN TB_NODEACCESS_MAX
Leigh B. Stoller's avatar
Leigh B. Stoller committed
34
35
36
37

	 TB_USERINFO_READINFO TB_USERINFO_MODIFYINFO
	 TB_USERINFO_MIN TB_USERINFO_MAX

38
39
	 USERSTATUS_ACTIVE USERSTATUS_FROZEN
	 USERSTATUS_UNAPPROVED USERSTATUS_UNVERIFIED USERSTATUS_NEWUSER
40

Leigh B. Stoller's avatar
Leigh B. Stoller committed
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
	 TB_EXPT_READINFO TB_EXPT_MODIFY TB_EXPT_DESTROY
	 TB_EXPT_MIN TB_EXPT_MAX

	 TB_PROJECT_READINFO TB_PROJECT_MAKEGROUP
	 TB_PROJECT_EDITGROUP TB_PROJECT_DELGROUP
	 TB_PROJECT_LEADGROUP TB_PROJECT_ADDUSER
	 TB_PROJECT_DELUSER TB_PROJECT_MAKEOSID
	 TB_PROJECT_DELOSID TB_PROJECT_MAKEIMAGEID TB_PROJECT_DELIMAGEID
	 TB_PROJECT_CREATEEXPT TB_PROJECT_MIN TB_PROJECT_MAX

	 TB_OSID_READINFO TB_OSID_CREATE
	 TB_OSID_DESTROY TB_OSID_MIN TB_OSID_MAX

	 TB_IMAGEID_READINFO TB_IMAGEID_MODIFYINFO
	 TB_IMAGEID_CREATE TB_IMAGEID_DESTROY
	 TB_IMAGEID_ACCESS TB_IMAGEID_MIN TB_IMAGEID_MAX
	 
	 DBLIMIT_NSFILESIZE NODERELOADPENDING_EID
59

60
61
	 EXPTSTATE_NEW EXPTSTATE_PRERUN EXPTSTATE_SWAPPED EXPTSTATE_SWAPPING
	 EXPTSTATE_ACTIVATING EXPTSTATE_ACTIVE EXPTSTATE_TESTING
62
	 EXPTSTATE_TERMINATING EXPTSTATE_TERMINATED EXPTSTATE_UPDATING
63

64
65
	 BATCHSTATE_POSTED BATCHSTATE_RUNNING BATCHSTATE_TERMINATING
	 BATCHSTATE_ACTIVATING
Leigh B. Stoller's avatar
Leigh B. Stoller committed
66
67
	 TBBatchState TBSetBatchState

68
69
70
	 TB_NODELOGTYPE_MISC TB_NODELOGTYPES TB_DEFAULT_NODELOGTYPE 

	 TB_DEFAULT_RELOADTYPE TB_RELOADTYPE_FRISBEE TB_RELOADTYPE_NETDISK
71

72
73
	 TB_EXPTPRIORITY_LOW TB_EXPTPRIORITY_HIGH

74
	 TB_ASSIGN_TOOFEWNODES TB_OPSPID
75

76
77
78
79
80
81
82
83
84
	 TBDB_TBEVENT_NODESTATE TBDB_TBEVENT_NODEOPMODE
	 TBDB_TBEVENT_ISUP TBDB_TBEVENT_REBOOTING TBDB_TBEVENT_REBOOTED
	 TBDB_TBEVENT_NORMAL TBDB_TBEVENT_DELAYING TBDB_TBEVENT_UNKNOWNOS
	 TBDB_TBEVENT_RELOADING
	 TBDB_NODESTATE_ISUP TBDB_NODESTATE_REBOOTING TBDB_NODESTATE_REBOOTED
	 TBDB_NODESTATE_UNKNOWN
	 TBDB_NODEOPMODE_NORMAL TBDB_NODEOPMODE_DELAYING
	 TBDB_NODEOPMODE_UNKNOWNOS TBDB_NODEOPMODE_RELOADING
	 TBDB_NODEOPMODE_UNKNOWN
85
	 TBDB_EXPT_WORKDIR
86
	 TBSetNodeEventState TBGetNodeEventState
87
	 TBSetNodeOpMode TBGetNodeOpMode
88

Leigh B. Stoller's avatar
Leigh B. Stoller committed
89
90
	 TBAdmin TBProjAccessCheck TBNodeAccessCheck TBOSIDAccessCheck
	 TBImageIDAccessCheck TBExptAccessCheck ExpLeader MarkNodeDown
91
	 SetNodeBootStatus OSFeatureSupported IsShelved NodeidToExp
92
	 UserDBInfo DBQuery DBQueryFatal DBQueryWarn DBWarn DBFatal
93
	 DBQuoteSpecial UNIX2DBUID ExpState SetExpState ProjLeader
Leigh B. Stoller's avatar
Leigh B. Stoller committed
94
	 ExpNodes DBDateTime DefaultImageID GroupLeader TBGroupUnixInfo
95
	 TBValidNodeLogType TBValidNodeName TBSetNodeLogEntry
96
	 TBSetSchedReload MapNodeOSID TBLockExp TBUnLockExp TBSetExpSwapTime
97
	 TBUnixGroupList TBOSID TBImageID TBdbfork VnameToNodeid TBExpLocked
98
	 TBIsNodeRemote TBExptSetLogFile TBExptClearLogFile TBExptGetLogFile
99
	 TBIsNodeVirtual TBControlNetIP TBPhysNodeID
100
	 TBExptOpenLogFile TBExptCloseLogFile TBExptCreateLogFile
101
	 TBNodeUpdateAccountsByPid TBNodeUpdateAccountsByType
102
	 TBSaveExpLogFiles TBExptWorkDir TBExptUserDir TBExptLogDir
103
	 TBExptDestroy
104
105
106

	 TBDB_WIDEAREA_LOCALNODE
	 TBWideareaNodeID
107
	 );
108

109
# Must come after package declaration!
110
use lib '@prefix@/lib';
111
use English;
112
use File::Basename;
113
use POSIX qw(strftime);
114
115
require Mysql;

116
117
118
# Configure variables
my $TB		= "@prefix@";
my $DBNAME	= "@TBDBNAME@";
119
my $TBOPS       = "@TBOPSEMAIL@";
120
121
my $EVENTSYS    = "@EVENTSYS@";
my $BOSSNODE    = "@BOSSNODE@";
122
my $TBOPSPID	= "emulab-ops";
123

124
125
126
127
128
if ($EVENTSYS) {
    require event;
    import event;
}

129
#
130
131
# Set up for querying the database. Note that fork causes a reconnect
# to the DB in the child. 
132
133
134
135
136
137
#
my $DB;

sub TBDBConnect()
{
    my $maxtries = 5;
138
139
140
141
142
143

    #
    # Construct a 'username' from the name of this script and the user who
    # ran it. This is for accounting purposes.
    #
    my $scriptname;
144
145
146
147
148
    my $prog="";
    if ($0 =~ /^([a-z0-9\-\/\.\_]*)$/) { $prog = $1; }
    if ($prog) {
	$scriptname = basename($prog);
    }
149
150
151
152
153
154
155
156
157
    if (!$scriptname) {
	$scriptname = "unknown";
    }
    my $name = getpwuid($UID);
    if (!$name) {
	$name = "uid$UID";
    }
    my $dbuser = "$scriptname:$name";

158
    while ($maxtries) {
159
	$DB = Mysql->connect("localhost", $DBNAME, $dbuser, "none");
160
161
162
	if (defined($DB)) {
	    last;
	}
163
164
165
166
167
168
169
170
171
	$maxtries--;
	sleep(1);
    }
    if (!defined($DB)) {
	die("Cannot connect to DB after several attempts!\n");
    }
    $DB->{'dbh'}->{'PrintError'} = 0;    
}
TBDBConnect();
172

173
174
175
sub TBdbfork()
{
    undef($DB);
176
    TBDBConnect();
177
178
}

179
180
181
182
183
#
# Record last DB error string.
#
my $DBErrorString = "";

184
185
186
187
188
#
# Needs to be config'ed.
#
sub TBDB_EXPT_WORKDIR()		{ "/usr/testbed/expwork"; }
    
189
190
191
192
193
#
# Define exported "constants". Basically, these are just perl subroutines
# that look like constants cause you do not need to call a perl subroutine
# with parens. That is, FOO and FOO() are the same thing.
#
194
sub NODERELOADING_PID()		{ "emulab-ops"; }
195
sub NODERELOADING_EID()		{ "reloading"; }
196
sub NODERELOADPENDING_EID()	{ "reloadpending"; }
197
198
199
200
201
202
203
204
sub NODEDEAD_PID()		{ "emulab-ops"; }
sub NODEDEAD_EID()		{ "hwdown"; }

sub NODEBOOTSTATUS_OKAY()	{ "okay" ; }
sub NODEBOOTSTATUS_FAILED()	{ "failed"; }
sub NODEBOOTSTATUS_UNKNOWN()	{ "unknown"; }
sub NODESTARTSTATUS_NOSTATUS()	{ "none"; }

205
206
207
208
209
210
211
212
213
sub EXPTSTATE_NEW()		{ "new"; }
sub EXPTSTATE_PRERUN()		{ "prerunning"; }
sub EXPTSTATE_SWAPPED()		{ "swapped"; }
sub EXPTSTATE_SWAPPING()	{ "swapping"; }
sub EXPTSTATE_ACTIVATING()	{ "activating"; }
sub EXPTSTATE_ACTIVE()		{ "active"; }
sub EXPTSTATE_TESTING()		{ "testing"; }
sub EXPTSTATE_TERMINATING()	{ "terminating"; }
sub EXPTSTATE_TERMINATED()	{ "ended"; }
214
sub EXPTSTATE_UPDATING()	{ "updating"; }
215

Leigh B. Stoller's avatar
Leigh B. Stoller committed
216
217
218
219
220
sub BATCHSTATE_POSTED()		{ "posted"; }
sub BATCHSTATE_ACTIVATING()	{ "activating"; }
sub BATCHSTATE_RUNNING()	{ "active"; }
sub BATCHSTATE_TERMINATING()	{ "terminating"; }

221
222
sub USERSTATUS_ACTIVE()		{ "active"; }
sub USERSTATUS_FROZEN()		{ "frozen"; }
223
224
225
sub USERSTATUS_UNAPPROVED()	{ "unapproved"; }
sub USERSTATUS_UNVERIFIED()	{ "unverified"; }
sub USERSTATUS_NEWUSER()	{ "newuser"; }
226

227
228
229
230
231
232
#
# We want valid project membership to be non-zero for easy membership
# testing. Specific trust levels are encoded thusly.
# 
sub PROJMEMBERTRUST_NONE()	{ 0; }
sub PROJMEMBERTRUST_USER()	{ 1; }
233
sub PROJMEMBERTRUST_ROOT()	{ 2; }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
234
235
236
237
238
239
240
241
242
243
244
245
246
247
sub PROJMEMBERTRUST_LOCALROOT()	{ 2; }
sub PROJMEMBERTRUST_GROUPROOT()	{ 3; }
sub PROJMEMBERTRUST_PROJROOT()	{ 4; }
sub PROJMEMBERTRUST_ADMIN()	{ 5; }

#
# Access types. Duplicated in the web interface. Make changes there too!
# 
# Things you can do to a node.
sub TB_NODEACCESS_READINFO()	{ 1; }
sub TB_NODEACCESS_MODIFYINFO()	{ 2; }
sub TB_NODEACCESS_LOADIMAGE()	{ 3; }
sub TB_NODEACCESS_REBOOT()	{ 4; }
sub TB_NODEACCESS_POWERCYCLE()	{ 5; }
248
sub TB_NODEACCESS_MODIFYVLANS()	{ 6; }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
249
sub TB_NODEACCESS_MIN()		{ TB_NODEACCESS_READINFO; }
250
sub TB_NODEACCESS_MAX()		{ TB_NODEACCESS_MODIFYVLANS; }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

# User Info (modinfo web page, etc).
sub TB_USERINFO_READINFO()	{ 1; }
sub TB_USERINFO_MODIFYINFO()	{ 2; }
sub TB_USERINFO_MIN()		{ TB_USERINFO_READINFO; }
sub TB_USERINFO_MAX()		{ TB_USERINFO_MODIFYINFO; }

# Experiments (also batch experiments).
sub TB_EXPT_READINFO()		{ 1; }
sub TB_EXPT_MODIFY()		{ 2; }
sub TB_EXPT_DESTROY()		{ 3; }
sub TB_EXPT_MIN()		{ TB_EXPT_READINFO; }
sub TB_EXPT_MAX()		{ TB_EXPT_DESTROY; }

# Projects.
sub TB_PROJECT_READINFO()	{ 1; }
sub TB_PROJECT_MAKEGROUP()	{ 2; }
sub TB_PROJECT_EDITGROUP()	{ 3; }
sub TB_PROJECT_DELGROUP()	{ 4; }
sub TB_PROJECT_LEADGROUP()	{ 5; }
sub TB_PROJECT_ADDUSER()	{ 6; }
sub TB_PROJECT_DELUSER()	{ 7; }
sub TB_PROJECT_MAKEOSID		{ 8; }
sub TB_PROJECT_DELOSID		{ 9; }
sub TB_PROJECT_MAKEIMAGEID	{ 10; }
sub TB_PROJECT_DELIMAGEID	{ 11; }
sub TB_PROJECT_CREATEEXPT	{ 12; }
sub TB_PROJECT_MIN()		{ TB_PROJECT_READINFO; }
sub TB_PROJECT_MAX()		{ TB_PROJECT_CREATEEXPT; }

# OSIDs 
sub TB_OSID_READINFO()		{ 1; }
sub TB_OSID_CREATE()		{ 2; }
sub TB_OSID_DESTROY()		{ 3; }
sub TB_OSID_MIN()		{ TB_OSID_READINFO; }
sub TB_OSID_MAX()		{ TB_OSID_DESTROY; }

# ImageIDs
289
290
291
292
293
#
# Clarification:
# READINFO is read-only access to the image and its contents
# (This is what people get for shared images)
# ACCESS means complete power over the image and its [meta]data
Leigh B. Stoller's avatar
Leigh B. Stoller committed
294
295
296
297
298
299
300
sub TB_IMAGEID_READINFO()	{ 1; }
sub TB_IMAGEID_MODIFYINFO()	{ 2; }
sub TB_IMAGEID_CREATE()		{ 3; }
sub TB_IMAGEID_DESTROY()	{ 4; }
sub TB_IMAGEID_ACCESS()		{ 5; }
sub TB_IMAGEID_MIN()		{ TB_IMAGEID_READINFO; }
sub TB_IMAGEID_MAX()		{ TB_IMAGEID_ACCESS; }
301

302
# Node Log Types
303
304
305
306
307
308
309
sub TB_NODELOGTYPE_MISC		{ "misc"; }
sub TB_NODELOGTYPES()		{ ( TB_NODELOGTYPE_MISC ) ; }
sub TB_DEFAULT_NODELOGTYPE()	{ TB_NODELOGTYPE_MISC; }

# Reload Types.
sub TB_RELOADTYPE_NETDISK()	{ "netdisk"; }
sub TB_RELOADTYPE_FRISBEE()	{ "frisbee"; }
310
sub TB_DEFAULT_RELOADTYPE()	{ TB_RELOADTYPE_FRISBEE; }
311

312
313
314
315
316
317
318
# Experiment priorities.
sub TB_EXPTPRIORITY_LOW()	{ 0; }
sub TB_EXPTPRIORITY_HIGH()	{ 20; }

# Assign exit status for too few nodes.
sub TB_ASSIGN_TOOFEWNODES()	{ 2; }

319
320
321
# System PID.
sub TB_OPSPID()			{ $TBOPSPID; }

322
#
323
324
325
326
327
328
329
# Events we may want to send
#
sub TBDB_TBEVENT_NODESTATE	{ "TBNODESTATE"; }
sub TBDB_TBEVENT_NODEOPMODE	{ "TBNODEOPMODE"; }

#
# TBNODESTATE Events
330
331
#
sub TBDB_TBEVENT_ISUP()		{ "ISUP"; }
332
333
334
335
336
337
338
339
340
341
sub TBDB_TBEVENT_REBOOTED()	{ "REBOOTED"; }
sub TBDB_TBEVENT_REBOOTING()	{ "REBOOTING"; }

#
# TBNODEOPMODE Events
#
sub TBDB_TBEVENT_NORMAL()	{ "NORMAL"; }
sub TBDB_TBEVENT_DELAYING()	{ "DELAYING"; }
sub TBDB_TBEVENT_UNKNOWNOS()	{ "UNKNOWNOS"; }
sub TBDB_TBEVENT_RELOADING()	{ "RELOADING"; }
342
343
344
345

#
# For nodes, we use this set of events.
#
346
sub TBDB_NODESTATE_ISUP()	{ TBDB_TBEVENT_ISUP; }
347
348
sub TBDB_NODESTATE_REBOOTED()	{ TBDB_TBEVENT_REBOOTED; }
sub TBDB_NODESTATE_REBOOTING()	{ TBDB_TBEVENT_REBOOTING; }
349
350
sub TBDB_NODESTATE_UNKNOWN()	{ "UNKNOWN"; };

351
352
353
354
355
356
sub TBDB_NODEOPMODE_NORMAL	{ TBDB_TBEVENT_NORMAL; }
sub TBDB_NODEOPMODE_DELAYING	{ TBDB_TBEVENT_DELAYING; }
sub TBDB_NODEOPMODE_UNKNOWNOS	{ TBDB_TBEVENT_UNKNOWNOS; }
sub TBDB_NODEOPMODE_RELOADING	{ TBDB_TBEVENT_RELOADING; }
sub TBDB_NODEOPMODE_UNKNOWN	{ "UNKNOWN"; }

357
358
359
360
361
362
#
# Node name we use in the widearea_* tables to represent a generic local node.
# All local nodes are considered to have the same network characteristcs.
#
sub TBDB_WIDEAREA_LOCALNODE     { "boss"; }

363
364
365
366
367
#
# We should list all of the DB limits.
#
sub DBLIMIT_NSFILESIZE()	{ (1024 * 16); }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
#
# Auth stuff.
#

#
# Convert a trust string to the above numeric values.
#
sub TBTrustConvert($)
{
    my($trust_string) = @_;
    my $trust_value = 0;

    #
    # Convert string to value. Perhaps the DB should have done it this way?
    # 
    if ($trust_string eq "none") {
	$trust_value = PROJMEMBERTRUST_NONE;
    }
    elsif ($trust_string eq "user") {
	$trust_value = PROJMEMBERTRUST_USER;
    }
    elsif ($trust_string eq "local_root") {
	$trust_value = PROJMEMBERTRUST_LOCALROOT;
    }
    elsif ($trust_string eq "group_root") {
	$trust_value = PROJMEMBERTRUST_GROUPROOT;
    }
    elsif ($trust_string eq "project_root") {
	$trust_value = PROJMEMBERTRUST_PROJROOT;
    }
    elsif ($trust_string eq "admin") {
	$trust_value = PROJMEMBERTRUST_ADMIN;
    }
    else {
	    die("*** Invalid trust value $trust_string!");
    }

    return $trust_value;
}

#
# Return true if the given trust string is >= to the minimum required.
# The trust value can be either numeric or a string; if a string its
# first converted to the numeric equiv.
#
sub TBMinTrust($$)
{
    my ($trust_value, $minimum) = @_;

    if ($minimum < PROJMEMBERTRUST_NONE ||
	$minimum > PROJMEMBERTRUST_ADMIN) {
	    die("*** Invalid minimum trust $minimum!");
    }

    #
    # Sleazy? How do you do a typeof in perl?
    #
    if (length($trust_value) != 1) {
	$trust_value = TBTrustConvert($trust_value);
    }
    
    return $trust_value >= $minimum;
}

#
# Determine the trust level for a uid/pid/gid. That is, each uid will have
# a different trust level depending on the project/group in question.
# Return that trust level as one of the numeric values above. 
# 
# usage: TBGrpTrust($dbuid, $pid, $gid)
#        returns numeric trust value if a group member.
#        returns PROJMEMBERTRUST_NONE if not a group member.
# 
sub TBGrpTrust($$$)
{
    my ($uid, $pid, $gid) = @_;

    #
    # No group, then use the default group.
    #
    if (! $gid) {
	$gid = $pid;
    }

    my $query_result =
	DBQueryFatal("select trust from group_membership ".
		     "where uid='$uid' and pid='$pid' and gid='$gid'");

    #
    # No membership is the same as no trust. True? Maybe an error instead?
    #
    if ($query_result->numrows == 0) {
	return PROJMEMBERTRUST_NONE;
    }

    my @row = $query_result->fetchrow_array();
    $trust_string = $row[0];

    return TBTrustConvert($trust_string);
}

#
# Determine the project trust level for a uid/pid. This is the trust level
# for the default group in the project.
#
# usage: TBProjTrust($dbuid, $pid)
#        returns numeric trust value if a project member.
#        returns PROJMEMBERTRUST_NONE if not a project member.
# 
sub TBProjTrust($$)
{
    my ($uid, $pid) = @_;
    
    return TBGrpTrust($uid, $pid, $pid);
}

484
#
485
486
# Test admin status. Optional argument is the UID or Name to test. If not
# provided, then test the current UID.
487
#
488
489
490
# XXX Argument is *either* a numeric UID, or a string name.
#
# usage: TBAdmin([int or char* uid]);
491
492
493
494
495
496
#        returns 1 if an admin type.
#        returns 0 if a mere user.
# 
sub TBAdmin(;$)
{
    my($uid) = @_;
497
    my($name);
498

499
500
501
502
    #
    # No one is considered an admin unless they have the magic environment
    # variable set (so that you have to be a bit more explict about wanting
    # admin privs.) Use the withadminprivs script to get this variable set.
503
504
    # Also check with HTTP_ at the front of the name, since this is required
    # to get it through suexec from the web scripts.
505
    #
506
    if (!($ENV{WITH_TB_ADMIN_PRIVS} || $ENV{HTTP_WITH_TB_ADMIN_PRIVS})) {
507
508
509
	return 0;
    }

510
511
512
513
    if (!defined($uid)) {
	$uid = $UID;
    }

514
515
516
517
518
519
520
521
522
523
    #
    # Test if numeric. Map to name if it is.
    # 
    if ($uid =~ /^[0-9]+$/) {
	($name) = getpwuid($uid)
	    or die "$uid not in passwd file\n";
    }
    else {
	$name = $uid;
    }
524
525

    my $query_result =
526
	DBQueryFatal("select admin from users where uid='$name'");
527
528
529
530
531
532
533
534
535

    my @row = $query_result->fetchrow_array();
    if ($row[0] == 1) {
	return 1;
    }
    return 0;
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
536
537
# Project permission checks. The group id (gid) can be undef, in which case
# the pid is used (ie: a default group check is made).
538
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
539
540
541
542
543
# Usage: TBProjAccessCheck($uid, $pid, $gid, $access_type)
#	 returns 0 if not allowed.
#        returns 1 if allowed.
# 
sub TBProjAccessCheck($$$$)
544
{
Leigh B. Stoller's avatar
Leigh B. Stoller committed
545
546
    my ($uid, $pid, $gid, $access_type) = @_;
    my $mintrust;
547

Leigh B. Stoller's avatar
Leigh B. Stoller committed
548
549
550
    if ($access_type < TB_PROJECT_MIN ||
	$access_type > TB_PROJECT_MAX) {
	die("*** Invalid access type: $access_type!");
551
552
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
553
554
555
556
557
    #
    # Admins do whatever they want!
    # 
    if (TBAdmin($uid)) {
	return 1;
558
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
559
560
561
562
563
564
565
    $uid = MapNumericUID($uid);

    #
    # No group, then use the default group.
    #
    if (! defined($gid)) {
	$gid = $pid;
566
567
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
    if ($access_type == TB_PROJECT_READINFO) {
	$mintrust = PROJMEMBERTRUST_USER;
    }
    elsif ($access_type == TB_PROJECT_CREATEEXPT) {
	$mintrust = PROJMEMBERTRUST_LOCALROOT;
    }
    else {
	die("*** Unexpected access type: $access_type!");
    }

    return TBMinTrust(TBGrpTrust($uid, $pid, $gid), $mintrust);
}

#
# Experiment permission checks.
#
# Usage: TBExptAccessCheck($uid, $pid, $eid, $access_type)
#	 returns 0 if not allowed.
#        returns 1 if allowed.
# 
sub TBExptAccessCheck($$$$)
{
    my ($uid, $pid, $eid, $access_type) = @_;
    my $mintrust;

    if ($access_type < TB_EXPT_MIN ||
	$access_type > TB_EXPT_MAX) {
	die("*** Invalid access type: $access_type!");
596
597
598
    }

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
599
600
601
    # Admins do whatever they want!
    # 
    if (TBAdmin($uid)) {
602
603
	return 1;
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
604
    $uid = MapNumericUID($uid);
605

Leigh B. Stoller's avatar
Leigh B. Stoller committed
606
    my $query_result =
607
	DBQueryFatal("SELECT gid,expt_head_uid FROM experiments WHERE ".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
608
609
610
611
612
613
		     "eid='$eid' and pid='$pid'");
    
    if ($query_result->numrows == 0) {
	return 0;
    }
    my @row = $query_result->fetchrow_array();
614
615
    my $gid     = $row[0];
    my $creator = $row[1];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
616

617
618
619
620
621
622
623
624
625
626
627
    #
    # An experiment may be destroyed by the experiment creator or the
    # project/group leader.
    # 
    if ($access_type == TB_EXPT_DESTROY) {
	if ($uid eq $creator) {
	    return 1;
	}
	$mintrust = PROJMEMBERTRUST_GROUPROOT;
    }
    elsif ($access_type == TB_EXPT_READINFO) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
	$mintrust = PROJMEMBERTRUST_USER;
    }
    else {
	$mintrust = PROJMEMBERTRUST_LOCALROOT;
    }

    return TBMinTrust(TBGrpTrust($uid, $pid, $gid), $mintrust);
}

#
# Determine if uid can access a node or list of nodes.
#
# Usage: TBNodeAccessCheck($uid, $access_type, $node_id, ...)
#	 returns 0 if not allowed.
#        returns 1 if allowed.
# 
sub TBNodeAccessCheck($$@)
{
    my ($uid, $access_type) = (shift, shift);
    my @nodelist = @_;
    my $mintrust;

    if ($access_type < TB_NODEACCESS_MIN ||
	$access_type > TB_NODEACCESS_MAX) {
	die("*** Invalid access type: $access_type!");
    }
654
655

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
    # Admins do whatever they want!
    # 
    if (TBAdmin($uid)) {
	return 1;
    }
    $uid = MapNumericUID($uid);
 
    if ($access_type == TB_NODEACCESS_READINFO) {
	$mintrust = PROJMEMBERTRUST_USER;
    }
    else {
	$mintrust = PROJMEMBERTRUST_LOCALROOT;
    }

    foreach my $node (@nodelist) {
671
	my $query_result =
Leigh B. Stoller's avatar
Leigh B. Stoller committed
672
673
674
675
676
677
	    DBQueryFatal("select trust from reserved as n ".
			 "left join experiments as e on ".
			 "     e.pid=n.pid and e.eid=n.eid ".
			 "left join group_membership as g on ".
			 "     g.pid=e.pid and g.gid=e.gid ".
			 "where g.uid='$uid' and n.node_id='$node'");
678

679
	if ($query_result->numrows == 0) {
680
681
	    return 0;
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
682
683
684
685
686
	my @row = $query_result->fetchrow_array();

	if (! TBMinTrust($row[0], $mintrust)) {
	    return 0;
	}
687
688
689
690
691
    }
    return 1;
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
692
# Access checks for an OSID. Tests for tbadmin.
693
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
694
695
696
# Usage: TBOSIDAccessCheck($uid, $osid, $access_type)
#	 returns 0 if not allowed.
#        returns 1 if allowed.
697
# 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
698
sub TBOSIDAccessCheck($$$)
699
{
Leigh B. Stoller's avatar
Leigh B. Stoller committed
700
701
    my ($uid, $osid, $access_type) = @_;
    my $mintrust;
702

Leigh B. Stoller's avatar
Leigh B. Stoller committed
703
704
    if ($access_type < TB_OSID_MIN || $access_type > TB_OSID_MAX) {
	die("*** Invalid access type $access_type!");
705
706
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
707
708
709
710
711
712
713
    #
    # Admins do whatever they want!
    # 
    if (TBAdmin($uid)) {
	return 1;
    }
    $uid = MapNumericUID($uid);
714

Leigh B. Stoller's avatar
Leigh B. Stoller committed
715
716
717
718
    #
    # No GIDs yet.
    #
    my $query_result =
719
	DBQueryFatal("SELECT pid,shared FROM os_info WHERE osid='$osid'");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
720
    
721
    if ($query_result->numrows == 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
722
	return 0;
723
    }
724
    my @row = $query_result->fetchrow_array();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
725
    my $pid = $row[0];
726
    my $shared = $row[1];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
727
728
729
730

    #
    # Global OSIDs can be read by anyone.
    # 
731
    if ($shared) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
	if ($access_type == TB_OSID_READINFO) {
	    return 1;
	}
	return 0;
    }
    
    #
    # Otherwise must have proper trust in the project.
    # 
    if ($access_type == TB_OSID_READINFO) {
	$mintrust = PROJMEMBERTRUST_USER;
    }
    else {
	$mintrust = PROJMEMBERTRUST_LOCALROOT;
    }

    return TBMinTrust(TBProjTrust($uid, $pid), $mintrust);
}

#
# Access checks for an ImageID
#
# Usage: TBImageIDAccessCheck($uid, $imageid, $access_type)
#	 returns 0 if not allowed.
#        returns 1 if allowed.
# 
sub TBImageIDAccessCheck($$$)
{
    my ($uid, $imageid, $access_type) = @_;
    my $mintrust;

    if ($access_type < TB_IMAGEID_MIN || $access_type > TB_IMAGEID_MAX) {
	die("*** Invalid access type $access_type!");
765
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
766
767

    #
768
    # Admins and root do whatever they want!
Leigh B. Stoller's avatar
Leigh B. Stoller committed
769
    # 
770
    if (TBAdmin($uid) || !$UID || $UID eq "root" || $uid eq "root") {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
771
	return 1;
772
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
773
774
775
776
777
778
    $uid = MapNumericUID($uid);

    #
    # No GIDs yet.
    #
    my $query_result =
779
	DBQueryFatal("SELECT pid,shared FROM images WHERE imageid='$imageid'");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
780
781
782
    
    if ($query_result->numrows == 0) {
	return 0;
783
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
784
785
    my @row = $query_result->fetchrow_array();
    my $pid = $row[0];
786
    my $shared = $row[1];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
787

788
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
789
790
    # Global ImageIDs can be read by anyone.
    # 
791
    if ($shared) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
792
793
794
795
796
797
	if ($access_type == TB_IMAGEID_READINFO) {
	    return 1;
	}
	return 0;
    }

798
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
799
800
801
802
803
804
805
806
807
808
    # Otherwise must have proper trust in the project.
    # 
    if ($access_type == TB_IMAGEID_READINFO) {
	$mintrust = PROJMEMBERTRUST_USER;
    }
    else {
	$mintrust = PROJMEMBERTRUST_LOCALROOT;
    }

    return TBMinTrust(TBProjTrust($uid, $pid), $mintrust);
809
810
}

811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
#
# Return Project leader. First argument pid.
#
# usage: ProjLeader(char *pid)
#        returns char *leader if a valid pid.
#        returns 0 if an invalid pid.
# 
sub ProjLeader($)
{
    my($pid) = @_;

    my $query_result =
	DBQueryFatal("select head_uid from projects where pid='$pid'");

    if ($query_result->numrows == 0) {
	return 0;
    }

    my @row = $query_result->fetchrow_array();
    return $row[0];
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
#
# Return Group leader. 
#
# usage: GroupLeader(char *pid, char *gid)
#        returns char *leader if a valid pid.
#        returns 0 if an invalid pid.
# 
sub GroupLeader($$)
{
    my($pid, $gid) = @_;

    my $query_result =
	DBQueryFatal("select leader from groups where ".
		     "pid='$pid' and gid='$gid'");

    if ($query_result->numrows == 0) {
	return 0;
    }

    my @row = $query_result->fetchrow_array();
    return $row[0];
}

856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
#
# Return Experiment leader. First argument pid. Second argument is eid.
#
# usage: ExpLeader(char *pid, char *eid)
#        returns char *leader if a valid pid/eid.
#        returns 0 if an invalid pid/eid.
# 
sub ExpLeader($$)
{
    my($pid, $eid) = @_;

    my $query_result =
	DBQueryFatal("select expt_head_uid from experiments ".
		     "where eid='$eid' and pid='$pid'");

    if ($query_result->numrows == 0) {
	return 0;
    }

    my @row = $query_result->fetchrow_array();
    return $row[0];
}

879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
#
# Return Experiment state.
#
# usage: ExpState(char *pid, char *eid)
#        returns state if a valid pid/eid.
#        returns 0 if an invalid pid/eid or if an error.
# 
sub ExpState($$)
{
    my($pid, $eid) = @_;

    my $query_result =
	DBQueryWarn("select state from experiments ".
		    "where eid='$eid' and pid='$pid'");

    if (! $query_result ||
	$query_result->numrows == 0) {
	return 0;
    }

    my @row = $query_result->fetchrow_array();
    return $row[0];
}

#
# Set Experiment state.
#
# usage: SetExpState(char *pid, char *eid, char *state)
#        returns 1 if okay.
#        returns 0 if an invalid pid/eid or if an error.
# 
sub SetExpState($$$)
{
    my($pid, $eid, $state) = @_;

    my $query_result =
	DBQueryWarn("update experiments set state='$state' ".
		    "where eid='$eid' and pid='$pid'");

918
    if (! $query_result) {
919
920
921
922
923
	return 0;
    }
    return 1;
}

924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
#
# Set the swap in/out time for an experiment.
#
# usage: TBSetExpSwapTime(char *pid, char *eid)
#        returns 1 if okay.
#        returns 0 if an invalid pid/eid or if an error.
# 
sub TBSetExpSwapTime($$)
{
    my($pid, $eid) = @_;

    my $query_result =
	DBQueryWarn("update experiments set expt_swapped=now() ".
		    "where eid='$eid' and pid='$pid'");

    if (! $query_result ||
	$query_result->numrows == 0) {
	return 0;
    }
    return 1;
}

946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
#
# Lock Experiment.
#
# usage: TBLockExp(char *pid, char *eid)
#        returns 1 if okay.
#        returns 0 if an invalid pid/eid or if an error.
# 
sub TBLockExp($$)
{
    my($pid, $eid) = @_;

    my $query_result =
	DBQueryWarn("update experiments set expt_locked=now() ".
		    "where eid='$eid' and pid='$pid'");

    if (! $query_result ||
	$query_result->numrows == 0) {
	return 0;
    }
    return 1;
}

968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
#
# Test if Experiment is locked
#
# usage: TBExpLocked(char *pid, char *eid)
#        returns 1 if locked.
#        returns 0 if an invalid pid/eid or if an error.
# 
sub TBExpLocked($$)
{
    my($pid, $eid) = @_;

    my $query_result =
	DBQueryWarn("select expt_locked from experiments ".
		    "where eid='$eid' and pid='$pid'");

    if (! $query_result ||
	$query_result->numrows == 0) {
	return 0;
    }
    my @row = $query_result->fetchrow_array();
    if (! defined($row[0])) {
	return 0;
    }
    return 1;
}

994
995
996
997
998
999
1000
#
# UnLock Experiment.
#
# usage: TBUnLockExp(char *pid, char *eid)
#        returns 1 if okay.
#        returns 0 if an invalid pid/eid or if an error.
# 
For faster browsing, not all history is shown. View entire blame