Add ability to create usergroup based policy rules

This implements feature request #1848 Signed-off-by: Samveen <[email protected]>
xcat2 · Feb 27, 2024 · badd52c · badd52c
1 parent 540fbf2
commit badd52c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/perl-xCAT/xCAT/Utils.pm b/perl-xCAT/xCAT/Utils.pm
@@ -4987,6 +4987,26 @@ sub natural_sort_cmp($$) {
 
 #--------------------------------------------------------------------------------
 
+=head3  groups
+      Pure perl implementation of /bin/groups
+=cut
+
+#--------------------------------------------------------------------------------
+sub groups($) {
+    my ($name)=@_;
+    my @list;
+    my $n=(getpwnam($name))[3];
+    @list=((getgrgid($n))[0]);
+    while (my @l=getgrent()) {
+        if ($l[3] && $l[3] ne "" && $l[3] =~ /$name/) {
+            push @list, $l[0];
+        }
+    }
+    endgrent();
+}
+
+#--------------------------------------------------------------------------------
+
 =head3  console_sleep
       A wrap for sleep subroutine, if goconserver is used, just exit immidiately
       as goconserver has its own sleep mechanism.

diff --git a/xCAT-server/lib/perl/xCAT/xcatd.pm b/xCAT-server/lib/perl/xCAT/xcatd.pm
@@ -105,11 +105,17 @@ sub validate {
         }
     }
 
+    # Get groups for peername
+    my $usergroups = xCAT::Utils->groups($peername);
+
   RULE: foreach $rule (@sortedpolicies) {
         if ($rule->{name} and $rule->{name} ne '*') {
 
             #TODO: more complex matching (lists, wildcards)
-            next unless ($peername and $peername eq $rule->{name});
+	    if (!$usergroups or index($usergroups,$rule->{name}) < 0) {
+		# If the user's group is empty, or usergroups doesn't contain rule name then...
+                next unless ($peername and $peername eq $rule->{name});
+	    }
         }
         if ($rule->{name} and $rule->{name} eq '*') { #a name is required, but can be any name whatsoever....
             next unless ($peername);