shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-02-26 09:57:23 +03:00
Code Releases Wiki Activity

feature #622: Added auth for the pool infos. New Auth action is INFO_POOL

Browse Source
This commit is contained in:
Ruben S. Montero 2011-05-24 17:52:17 +02:00
parent ac46cf5dee
commit 01d932adea
6 changed files with 84 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/AuthManager.h
View File

@ -281,6 +281,7 @@ public:
USE, /** Authorization to use an object */
MANAGE, /** Authorization to manage an object */
INFO, /** Authorization to view an object */
INFO_POOL, /** Authorization to view all objects in the pool */
INSTANTIATE /** Authorization to instantiate a VM from a TEMPLATE */
};

16
include/RequestManagerPoolInfo.h
View File

@ -19,6 +19,7 @@
#include "Request.h"
#include "Nebula.h"
#include "AuthManager.h"
using namespace std;
@ -43,7 +44,8 @@ protected:
/* -------------------------------------------------------------------- */
PoolSQL *pool;
PoolSQL * pool;
AuthRequest::Object auth_object;
};
/* ------------------------------------------------------------------------- */
@ -56,8 +58,9 @@ public:
RequestManagerPoolInfo("HostPoolInfo",
"Returns the host pool")
{
Nebula& nd = Nebula::instance();
pool = nd.get_hpool();
Nebula& nd = Nebula::instance();
pool = nd.get_hpool();
auth_object = AuthRequest::HOST;
};
~HostPoolInfo(){};
@ -75,6 +78,7 @@ public:
{
Nebula& nd = Nebula::instance();
pool = nd.get_cpool();
auth_object = AuthRequest::CLUSTER;
};
~ClusterPoolInfo(){};
@ -97,6 +101,7 @@ public:
{
Nebula& nd = Nebula::instance();
pool = nd.get_gpool();
auth_object = AuthRequest::GROUP;
};
~GroupPoolInfo(){};
@ -112,8 +117,9 @@ public:
RequestManagerPoolInfo("UserPoolInfo",
"Returns the user pool")
{
Nebula& nd = Nebula::instance();
pool = nd.get_upool();
Nebula& nd = Nebula::instance();
pool = nd.get_upool();
auth_object = AuthRequest::USER;
};
~UserPoolInfo(){};

25
include/RequestManagerPoolInfoFilter.h
View File

@ -19,7 +19,7 @@
#include "Request.h"
#include "Nebula.h"
//#include "AuthManager.h"
#include "AuthManager.h"
using namespace std;
@ -50,7 +50,8 @@ protected:
/* -------------------------------------------------------------------- */
PoolSQL *pool;
PoolSQL * pool;
AuthRequest::Object auth_object;
};
/* ------------------------------------------------------------------------- */
@ -63,8 +64,9 @@ public:
RequestManagerPoolInfoFilter("VirtualMachinePoolInfo",
"Returns the virtual machine instances pool")
{
Nebula& nd = Nebula::instance();
pool = nd.get_vmpool();
Nebula& nd = Nebula::instance();
pool = nd.get_vmpool();
auth_object = AuthRequest::VM;
};
~VirtualMachinePoolInfo(){};
@ -80,8 +82,9 @@ public:
RequestManagerPoolInfoFilter("TemplatePoolInfo",
"Returns the virtual machine template pool")
{
Nebula& nd = Nebula::instance();
pool = nd.get_tpool();
Nebula& nd = Nebula::instance();
pool = nd.get_tpool();
auth_object = AuthRequest::TEMPLATE;
};
~TemplatePoolInfo(){};
@ -102,8 +105,9 @@ public:
RequestManagerPoolInfoFilter("VirtualNetworkPoolInfo",
"Returns the virtual network pool")
{
Nebula& nd = Nebula::instance();
pool = nd.get_vnpool();
Nebula& nd = Nebula::instance();
pool = nd.get_vnpool();
auth_object = AuthRequest::NET;
};
~VirtualNetworkPoolInfo(){};
@ -119,8 +123,9 @@ public:
RequestManagerPoolInfoFilter("ImagePoolInfo",
"Returns the image pool")
{
Nebula& nd = Nebula::instance();
pool = nd.get_ipool();
Nebula& nd = Nebula::instance();
pool = nd.get_ipool();
auth_object = AuthRequest::IMAGE;
};
~ImagePoolInfo(){};

11
src/authm/AuthManager.cc
View File

@ -92,6 +92,10 @@ void AuthRequest::add_auth(Object ob,
oss << "INFO:" ;
break;
case INFO_POOL:
oss << "INFO_POOL:" ;
break;
case INSTANTIATE:
oss << "INSTANTIATE:" ;
break;
@ -149,6 +153,13 @@ void AuthRequest::add_auth(Object ob,
case INFO: // This is for completeness, as the only INFO existing
// is for UserPool, and just oneadmin can see it
break;
case INFO_POOL:
if ( ob != USER )
{
auth = true;
}
break;
}
}

25
src/rm/RequestManagerPoolInfo.cc
View File

@ -28,7 +28,24 @@ void RequestManagerPoolInfo::request_execute(
{
ostringstream oss;
int rc;
//Authorize the operation
if ( uid != 0 ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(auth_object,
-1,
AuthRequest::INFO_POOL,
0,
false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Call the template pool dump
rc = pool->dump(oss,"");
@ -40,9 +57,13 @@ void RequestManagerPoolInfo::request_execute(
success_response(oss.str());
return;
//TODO Get the object name from the AuthRequest Class
error_authorize:
failure_response(AUTHORIZATION,
authorization_error("INFO","USER",uid,-1));
return;
error_dump: //TBD Improve Error messages for DUMP
oss.str();
failure_response(INTERNAL,"Internal Error");
return;
}

23
src/rm/RequestManagerPoolInfoFilter.cc
View File

@ -66,6 +66,23 @@ void RequestManagerPoolInfoFilter::request_execute(
break;
}
//Authorize the operation
if ( uid != 0 && (filter_flag == ALL || filter_flag >= 0) ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(auth_object,
-1,
AuthRequest::INFO_POOL,
0,
false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Call the template pool dump
rc = pool->dump(oss,where_string.str());
@ -82,6 +99,12 @@ error_filter:
failure_response(XML_RPC_API, "Incorrect filter_flag, must be >= -3.");
return;
//TODO Get the object name from the AuthRequest Class
error_authorize:
failure_response(AUTHORIZATION,
authorization_error("INFO","USER",uid,-1));
return;
error_dump: //TBD Improve Error messages for DUMP
oss.str();
failure_response(INTERNAL,"Internal Error");