Check and fix public links

Author: diocas

cernbox-share

@@ -97,6 +97,7 @@ def main():
    subcmd.add_argument("--project-name", default="", action='store', help="check project and override home directory")
    subcmd.add_argument("--logdir",default="",action="store",help="log directory")
    subcmd.add_argument("--orphans", default=False, action='store_true', help="check for shares already marked as orphans")
+   subcmd.add_argument("--public-links", default=False, action='store_true', help="Check public links as well (if not, it will only check internal shares)")
    subcmd.add_argument("shares_owner", help="'-' to check all users in the system")
 
    subcmd = subparser.add_parser('remove-orphan-xbits', help="remove xbits which were set in the initial implementation in the parent ACLs")

python/cernbox_utils/cmd_share_admin.py

@@ -39,7 +39,15 @@ def verify(args,config,eos,db):
          fh.setFormatter(logging.Formatter("%(asctime)s %(message)s"))
          logger.addHandler(fh)
 
-      shares=db.get_share(owner=args.shares_owner,share_type="regular",orphans=args.orphans)
+      share_type="regular"
+      if args.public_links:
+         if args.deep_fs_check:
+            logger.critical("Cannot set deep fs scan with public links option")
+            return
+         # Search for normal shares AND public links
+         share_type=None
+
+      shares=db.get_share(owner=args.shares_owner,share_type=share_type,orphans=args.orphans)
 
       # if needed this can be used to split read from write traffic in order not to overload the instance
 
@@ -142,7 +150,7 @@ def verify(args,config,eos,db):
          except KeyError:
             unique_share_keys[unique_key] = s
 
-         if s.file_target.count("/")>1:
+         if s.share_type != 3 and s.file_target.count("/")>1:
             logger.error("FILE_TARGET_MULTIPLE_SLASH_PROBLEM id=%d owner=%s sharee=%s target='%s' fid=%s stime=%s",s.id,s.uid_owner,s.share_with,s.file_target,fid,s.stime)
             fixed_target='/%s'%os.path.basename(s.file_target)
             assert("'" not in fixed_target)
@@ -164,6 +172,8 @@ def verify(args,config,eos,db):
 
          if s.share_type == 1:
             logger.info("Share type 1 (egroup). Not checking if destination exists")
+         elif s.share_type == 3:
+            logger.info("Share type 3 (public link). Not checking if destination exists")
          else:
             try:
                pwd.getpwnam(s.share_with)
@@ -181,16 +191,16 @@ def verify(args,config,eos,db):
             if args.fix:
                   db.set_orphan(s.id, orphan=0)
 
-         
-         # this is the expected ACL entry in the shared directory tree
-         acl = cernbox_utils.sharing.share2acl(s)
+         if s.share_type != 3:
+            # this is the expected ACL entry in the shared directory tree
+            acl = cernbox_utils.sharing.share2acl(s)
 
-         shared_fids.setdefault(fid,[]).append(acl)
+            shared_fids.setdefault(fid,[]).append(acl)
 
-         p = os.path.normpath(f.file)+"/" # append trailing slash, otherwise directories which basename is a substring give false positive, e.g.: /eos/user/k/kuba/tmp.readonly /eos/user/k/kuba/tmp
-         p = p.decode('utf8')
-         shared_paths[p] = fid
-         shared_acls.setdefault(p,[]).append(acl)
+            p = os.path.normpath(f.file)+"/" # append trailing slash, otherwise directories which basename is a substring give false positive, e.g.: /eos/user/k/kuba/tmp.readonly /eos/user/k/kuba/tmp
+            p = p.decode('utf8')
+            shared_paths[p] = fid
+            shared_acls.setdefault(p,[]).append(acl)
 
 
       logger.info("Expected shared paths with visibility to others (%s)",len(shared_acls))