add msiproxy_user for application of logical quota policy

jasoncoposky · Sep 25, 2019 · 6349530 · 6349530
1 parent d4a4676
commit 6349530
Show file tree

Hide file tree

Showing 4 changed files with 128 additions and 1 deletion.
diff --git a/microservices/CMakeLists.txt b/microservices/CMakeLists.txt
@@ -36,6 +36,7 @@ include_directories(${IRODS_EXTERNALS_FULLPATH_CLANG}/include/c++/v1)
 set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,defs")
 
 include(cmake/set_avu.cmake)
+include(cmake/proxy_user.cmake)
 
 if (NOT CPACK_PACKAGING_INSTALL_PREFIX)
   set(CPACK_PACKAGING_INSTALL_PREFIX "/" CACHE STRING "Package root path. \"/\" is correct for normal package builds.." FORCE)

diff --git a/microservices/cmake/proxy_user.cmake b/microservices/cmake/proxy_user.cmake
@@ -0,0 +1,50 @@
+set(
+  IRODS_SET_AVU_PLUGIN_COMPILE_DEFINITIONS
+  RODS_SERVER
+  ENABLE_RE
+  )
+
+set(
+  PLUGIN
+  msiproxy_user
+  )
+
+  add_library(
+      ${PLUGIN}
+      MODULE
+      ${CMAKE_SOURCE_DIR}/src/libmsiproxy_user.cpp
+      )
+
+  target_include_directories(
+      ${PLUGIN}
+      PRIVATE
+      /usr/include/irods
+      ${IRODS_EXTERNALS_FULLPATH_QPID}/include
+      ${IRODS_EXTERNALS_FULLPATH_BOOST}/include
+      ${IRODS_EXTERNALS_FULLPATH_JANSSON}/include
+      ${IRODS_EXTERNALS_FULLPATH_ARCHIVE}/include
+      )
+
+  target_link_libraries(
+      ${PLUGIN}
+      PRIVATE
+      irods_server
+      irods_common
+      ${IRODS_EXTERNALS_FULLPATH_BOOST}/lib/libboost_filesystem.so
+      ${IRODS_EXTERNALS_FULLPATH_BOOST}/lib/libboost_system.so
+      ${IRODS_EXTERNALS_FULLPATH_ARCHIVE}/lib/libarchive.so
+      ${OPENSSL_CRYPTO_LIBRARY}
+      )
+
+  target_compile_definitions(${PLUGIN} PRIVATE ${IRODS_SET_AVU_PLUGIN_COMPILE_DEFINITIONS} ${IRODS_COMPILE_DEFINITIONS} BOOST_SYSTEM_NO_DEPRECATED)
+  target_compile_options(${PLUGIN} PRIVATE -Wno-write-strings)
+  set_property(TARGET ${PLUGIN} PROPERTY CXX_STANDARD ${IRODS_CXX_STANDARD})
+
+install(
+  TARGETS
+  ${PLUGIN}
+  LIBRARY
+    DESTINATION usr/lib/irods/plugins/microservices
+  )
+
+
diff --git a/microservices/src/libmsiproxy_user.cpp b/microservices/src/libmsiproxy_user.cpp
@@ -0,0 +1,44 @@
+#define RODS_SERVER 1
+
+#include <cstddef>
+
+#include "irods_error.hpp"
+#include "irods_ms_plugin.hpp"
+#include "rsModAVUMetadata.hpp"
+
+namespace {
+    int msiproxy_user(
+        msParam_t* _user_name,
+        msParam_t* _prev_user_name,
+        ruleExecInfo_t* _rei ) {
+        if(_rei->rsComm->clientUser.authInfo.authFlag < LOCAL_PRIV_USER_AUTH) {
+            return _rei->status = SYS_NO_API_PRIV;
+        }
+
+        char *user_name_str = parseMspForStr( _user_name );
+        if( !user_name_str ) {
+            return SYS_INVALID_INPUT_PARAM;
+        }
+
+        fillStrInMsParam(_prev_user_name,  _rei->rsComm->clientUser.userName);
+        rstrcpy(_rei->rsComm->clientUser.userName, user_name_str, NAME_LEN);
+        _rei->status = 0;
+        return _rei->status;
+    }
+}
+
+extern "C"
+irods::ms_table_entry* plugin_factory() {
+    irods::ms_table_entry* msvc = new irods::ms_table_entry(2);
+
+    msvc->add_operation<
+        msParam_t*,
+        msParam_t*,
+        ruleExecInfo_t*>("msiproxy_user",
+                         std::function<int(
+                             msParam_t*,
+                             msParam_t*,
+                             ruleExecInfo_t*)>(msiproxy_user));
+    return msvc;
+}
+
diff --git a/policy/irods_policy_logical_quotas.re b/policy/irods_policy_logical_quotas.re
@@ -96,6 +96,34 @@ logical_quotas_invalid_object_type_error(*path, *obj_type)
     failmsg(*INVALID_OBJECT_TYPE, "Object is not a collection or data object [path => *path, type => *obj_type]");
 }
 
+get_collection_id(*coll_path) {
+    *id = 0;
+    foreach(*row in SELECT COLL_ID WHERE COLL_NAME = '*coll_path') {
+        *id = *row.COLL_ID
+    }
+
+    *id
+} # get_collection_id
+
+get_collection_owner_user_id(*coll_id) {
+    *user_id = 0
+    foreach(*row in SELECT COLL_ACCESS_USER_ID WHERE COLL_ACCESS_COLL_ID = '*coll_id' and COLL_ACCESS_NAME = 'own') {
+        *user_id = *row.COLL_ACCESS_USER_ID
+    }
+    *user_id
+} # get_collection_owner_user_id
+
+collection_owner_user_name(*coll_path) {
+    *coll_id = get_collection_id(*coll_path)
+    *user_id = get_collection_owner_user_id(*coll_id)
+    *user_name = ""
+    foreach(*row in SELECT USER_NAME WHERE USER_ID = '*user_id') {
+        *user_name = *row.USER_NAME
+    }
+
+    *user_name
+}
+
 # Adds metadata to a collection that helps to enforce an upper limit
 # on the number of objects (collections and data objects) and size (in bytes)
 # a particular collection can hold.
@@ -106,9 +134,11 @@ logical_quotas_invalid_object_type_error(*path, *obj_type)
 # - *max_size_in_bytes: The total number of bytes the collection is allowed to hold.
 logical_quotas_init(*coll_path, *max_number_of_objects, *max_size_in_bytes)
 {
+    *owner_name = collection_owner_user_name(*coll_path)
+    msiproxy_user(*owner_name, *prev_user_name)
+
     *count = 0;
     *size = 0;
-
     foreach (*row in select count(DATA_NAME), sum(DATA_SIZE) where COLL_NAME = "*coll_path" || like "*coll_path/%") {
         *count = int(*row.DATA_NAME);
         *size = int(*row.DATA_SIZE);
@@ -126,6 +156,8 @@ logical_quotas_init(*coll_path, *max_number_of_objects, *max_size_in_bytes)
 
     *ec = errormsg(msiSetKeyValuePairsToObj(*kvp, *coll_path, "-C"), *msg);
 
+    msiproxy_user(*prev_user_name, *dontcare)
+
     logical_quotas_fail_if_error(*ec, "Could not initialize logical quotas policy for path [" ++ *coll_path ++ "]");
 }