From 03fac9096a50f6fdaf6871163daa839234f9e71f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= Date: Thu, 7 Jul 2011 12:45:13 +0200 Subject: [PATCH] Bug #702: xmlrpc-c does not create a new xmlrpc_c::method class for each request. Instead, it creates a single instance and its execute method is called for each new request. This caused some variables to be shared by several threads, which eventually ended in segmentation fault. --- include/Request.h | 66 +++++++++------ include/RequestManagerAcl.h | 12 ++- include/RequestManagerAllocate.h | 33 +++++--- include/RequestManagerChown.h | 6 +- include/RequestManagerDelete.h | 3 +- include/RequestManagerHost.h | 6 +- include/RequestManagerImage.h | 9 +- include/RequestManagerInfo.h | 3 +- include/RequestManagerPoolInfo.h | 3 +- include/RequestManagerPoolInfoFilter.h | 3 +- include/RequestManagerPublish.h | 3 +- include/RequestManagerUpdateTemplate.h | 3 +- include/RequestManagerUser.h | 3 +- include/RequestManagerVMTemplate.h | 6 +- include/RequestManagerVirtualMachine.h | 26 ++++-- include/RequestManagerVirtualNetwork.h | 3 +- src/rm/Request.cc | 58 +++++++------ src/rm/RequestManagerAcl.cc | 27 +++--- src/rm/RequestManagerAllocate.cc | 84 ++++++++++++------- src/rm/RequestManagerChown.cc | 38 +++++---- src/rm/RequestManagerDelete.cc | 13 +-- src/rm/RequestManagerHost.cc | 12 ++- src/rm/RequestManagerImage.cc | 23 +++-- src/rm/RequestManagerInfo.cc | 15 ++-- src/rm/RequestManagerPoolInfo.cc | 10 ++- src/rm/RequestManagerPoolInfoFilter.cc | 24 ++++-- src/rm/RequestManagerPublish.cc | 16 ++-- src/rm/RequestManagerUpdateTemplate.cc | 17 ++-- src/rm/RequestManagerUser.cc | 14 ++-- src/rm/RequestManagerVMTemplate.cc | 29 +++++-- src/rm/RequestManagerVirtualMachine.cc | 111 ++++++++++++++++--------- src/rm/RequestManagerVirtualNetwork.cc | 16 ++-- 32 files changed, 436 insertions(+), 259 deletions(-) diff --git a/include/Request.h b/include/Request.h index c4cb137a02..b8f8ed8f78 100644 --- a/include/Request.h +++ b/include/Request.h @@ -59,27 +59,38 @@ protected: /* ------------------- Attributes of the Request ---------------------- */ - int uid; /**< id of the user */ - int gid; /**< id of the user's group */ + struct RequestAttributes + { + int uid; /**< id of the user */ + int gid; /**< id of the user's group */ - string uname; /**< name of the user */ - string gname; /**< name of the user's group */ + string uname; /**< name of the user */ + string gname; /**< name of the user's group */ - set group_ids; /**< set of user's group ids */ + set group_ids; /**< set of user's group ids */ + + /** + * Session token from the OpenNebula XML-RPC API + */ + string session; + + /** + * Return value of the request from libxmlrpc-c + */ + xmlrpc_c::value * retval; + }; PoolSQL * pool; /**< Pool of objects */ - string method_name; /**< The name of the XML-RPC method */ AuthRequest::Object auth_object; /**< Auth object for the request */ AuthRequest::Operation auth_op; /**< Auth operation for the request */ - /* -------------------- Constructors ---------------------------------- */ Request(const string& mn, const string& signature, - const string& help): uid(-1),gid(-1),pool(0),method_name(mn),retval(0) + const string& help): pool(0),method_name(mn) { _signature = signature; _help = help; @@ -97,12 +108,13 @@ protected: * object and type of operation for the request. * @param oid of the object, can be -1 for objects to be created, or * pools. + * @param att the specific request attributes * * @return true if the user is authorized. */ - bool basic_authorization(int oid) + bool basic_authorization(int oid, RequestAttributes& att) { - return basic_authorization(oid, auth_op); + return basic_authorization(oid, auth_op, att); }; /** @@ -113,39 +125,48 @@ protected: * @param oid of the object, can be -1 for objects to be created, or * pools. * @param op operation of the request. + * @param att the specific request attributes * * @return true if the user is authorized. */ - bool basic_authorization(int oid, AuthRequest::Operation op); + bool basic_authorization(int oid, AuthRequest::Operation op, + RequestAttributes& att); /** * Actual Execution method for the request. Must be implemented by the * XML-RPC requests * @param _paramlist of the XML-RPC call (complete list) + * @param att the specific request attributes */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList) = 0; + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att) = 0; /** * Builds an XML-RPC response updating retval. After calling this function * the xml-rpc excute method should return * @param val to be returned to the client + * @param att the specific request attributes */ - void success_response(int val); + void success_response(int val, RequestAttributes& att); /** * Builds an XML-RPC response updating retval. After calling this function * the xml-rpc excute method should return * @param val string to be returned to the client + * @param att the specific request attributes */ - void success_response(const string& val); + void success_response(const string& val, RequestAttributes& att); /** * Builds an XML-RPC response updating retval. After calling this function * the xml-rpc excute method should return * @param ec error code for this call * @param val string representation of the error + * @param att the specific request attributes */ - void failure_response(ErrorCode ec, const string& val); + void failure_response(ErrorCode ec, + const string& val, + RequestAttributes& att); /** * Gets a string representation for the Auth object in the @@ -159,8 +180,10 @@ protected: * Logs authorization errors * @param message with the authorization error details * @return string for logging + * @param att the specific request attributes */ - string authorization_error (const string &message); + string authorization_error (const string &message, RequestAttributes& att); + /** * Logs authenticate errors * @return string for logging @@ -204,17 +227,6 @@ protected: * @return string for logging */ string allocate_error (char *error); - -private: - /** - * Session token from the OpenNebula XML-RPC API - */ - string session; - - /** - * Return value of the request from libxmlrpc-c - */ - xmlrpc_c::value * retval; }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerAcl.h b/include/RequestManagerAcl.h index fdb75e6539..0ee2bfe989 100644 --- a/include/RequestManagerAcl.h +++ b/include/RequestManagerAcl.h @@ -45,7 +45,8 @@ protected: /* -------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList) = 0; + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att) = 0; /* -------------------------------------------------------------------- */ @@ -66,7 +67,8 @@ public: ~AclAddRule(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -83,7 +85,8 @@ public: ~AclDelRule(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -100,7 +103,8 @@ public: ~AclInfo(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerAllocate.h b/include/RequestManagerAllocate.h index 1106e31df7..d4d30cb2a6 100644 --- a/include/RequestManagerAllocate.h +++ b/include/RequestManagerAllocate.h @@ -46,9 +46,11 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); - virtual bool allocate_authorization(Template * obj_template); + virtual bool allocate_authorization(Template * obj_template, + RequestAttributes& att); /* -------------------------------------------------------------------- */ @@ -57,7 +59,8 @@ protected: virtual int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str) = 0; + string& error_str, + RequestAttributes& att) = 0; private: bool do_template; @@ -92,9 +95,11 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); - bool allocate_authorization(Template * obj_template); + bool allocate_authorization(Template * obj_template, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -126,7 +131,8 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -158,7 +164,8 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -190,7 +197,8 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -215,7 +223,8 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -240,7 +249,8 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -265,7 +275,8 @@ public: int pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str); + string& error_str, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerChown.h b/include/RequestManagerChown.h index 6d530b4a89..6632900d97 100644 --- a/include/RequestManagerChown.h +++ b/include/RequestManagerChown.h @@ -41,7 +41,8 @@ protected: /* -------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList); + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -139,7 +140,8 @@ public: /* -------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList); + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerDelete.h b/include/RequestManagerDelete.h index 89235c6b56..bf665bfc48 100644 --- a/include/RequestManagerDelete.h +++ b/include/RequestManagerDelete.h @@ -41,7 +41,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); /* -------------------------------------------------------------------- */ diff --git a/include/RequestManagerHost.h b/include/RequestManagerHost.h index 2431c491a1..835dbc6f87 100644 --- a/include/RequestManagerHost.h +++ b/include/RequestManagerHost.h @@ -44,7 +44,8 @@ protected: /* -------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList) = 0; + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att) = 0; }; /* ------------------------------------------------------------------------- */ @@ -63,7 +64,8 @@ public: ~HostEnable(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerImage.h b/include/RequestManagerImage.h index 7a24d4b752..c7cda823f0 100644 --- a/include/RequestManagerImage.h +++ b/include/RequestManagerImage.h @@ -44,7 +44,8 @@ protected: /* --------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList) = 0; + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att) = 0; }; /* ------------------------------------------------------------------------- */ @@ -58,7 +59,8 @@ public: ~ImageEnable(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -73,7 +75,8 @@ public: ~ImagePersistent(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerInfo.h b/include/RequestManagerInfo.h index a9416f68b9..be2598bdb2 100644 --- a/include/RequestManagerInfo.h +++ b/include/RequestManagerInfo.h @@ -40,7 +40,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); /* -------------------------------------------------------------------- */ diff --git a/include/RequestManagerPoolInfo.h b/include/RequestManagerPoolInfo.h index d9bca1daa6..11ed712809 100644 --- a/include/RequestManagerPoolInfo.h +++ b/include/RequestManagerPoolInfo.h @@ -41,7 +41,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ diff --git a/include/RequestManagerPoolInfoFilter.h b/include/RequestManagerPoolInfoFilter.h index 738c05c6b6..c92f51e438 100644 --- a/include/RequestManagerPoolInfoFilter.h +++ b/include/RequestManagerPoolInfoFilter.h @@ -48,7 +48,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ diff --git a/include/RequestManagerPublish.h b/include/RequestManagerPublish.h index 95952680b5..e7a3db5bbc 100644 --- a/include/RequestManagerPublish.h +++ b/include/RequestManagerPublish.h @@ -41,7 +41,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); virtual int publish(PoolObjectSQL *object, bool pflag) = 0; }; diff --git a/include/RequestManagerUpdateTemplate.h b/include/RequestManagerUpdateTemplate.h index 444d12479d..c90f681c64 100644 --- a/include/RequestManagerUpdateTemplate.h +++ b/include/RequestManagerUpdateTemplate.h @@ -40,7 +40,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ diff --git a/include/RequestManagerUser.h b/include/RequestManagerUser.h index deff4d2541..386189f6c5 100644 --- a/include/RequestManagerUser.h +++ b/include/RequestManagerUser.h @@ -45,7 +45,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); virtual int user_action(User * user, xmlrpc_c::paramList const& _paramList, diff --git a/include/RequestManagerVMTemplate.h b/include/RequestManagerVMTemplate.h index 7269cbecf7..5a51d9d6a0 100644 --- a/include/RequestManagerVMTemplate.h +++ b/include/RequestManagerVMTemplate.h @@ -44,7 +44,8 @@ protected: /* -------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList) = 0; + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att) = 0; }; /* ------------------------------------------------------------------------- */ @@ -63,7 +64,8 @@ public: ~VMTemplateInstantiate(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerVirtualMachine.h b/include/RequestManagerVirtualMachine.h index 8f42963fe8..5345ffabc6 100644 --- a/include/RequestManagerVirtualMachine.h +++ b/include/RequestManagerVirtualMachine.h @@ -45,19 +45,23 @@ protected: /* -------------------------------------------------------------------- */ - virtual void request_execute(xmlrpc_c::paramList const& _paramList) = 0; + virtual void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att) = 0; - bool vm_authorization(int id, int hid, ImageTemplate *tmpl); + bool vm_authorization(int id, int hid, ImageTemplate *tmpl, + RequestAttributes& att); - int get_host_information(int hid, string& name, string& vmm, string& tm); + int get_host_information(int hid, string& name, string& vmm, string& tm, + RequestAttributes& att); int add_history(VirtualMachine * vm, int hid, const string& hostname, const string& vmm_mad, - const string& tm_mad); + const string& tm_mad, + RequestAttributes& att); - VirtualMachine * get_vm(int id); + VirtualMachine * get_vm(int id, RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -72,7 +76,8 @@ public: "A:ssi"){}; ~VirtualMachineAction(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -88,7 +93,8 @@ public: ~VirtualMachineDeploy(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -104,7 +110,8 @@ public: ~VirtualMachineMigrate(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* ------------------------------------------------------------------------- */ @@ -120,7 +127,8 @@ public: ~VirtualMachineSaveDisk(){}; - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerVirtualNetwork.h b/include/RequestManagerVirtualNetwork.h index 3e77b61b74..f402499ac2 100644 --- a/include/RequestManagerVirtualNetwork.h +++ b/include/RequestManagerVirtualNetwork.h @@ -44,7 +44,8 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList); + void request_execute(xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); virtual int leases_action(VirtualNetwork * vn, VirtualNetworkTemplate * tmpl, diff --git a/src/rm/Request.cc b/src/rm/Request.cc index f9079206ce..27a86ba8ad 100644 --- a/src/rm/Request.cc +++ b/src/rm/Request.cc @@ -25,33 +25,37 @@ void Request::execute( xmlrpc_c::paramList const& _paramList, xmlrpc_c::value * const _retval) { - retval = _retval; - session = xmlrpc_c::value_string (_paramList.getString(0)); + RequestAttributes att; + + att.retval = _retval; + att.session = xmlrpc_c::value_string (_paramList.getString(0)); Nebula& nd = Nebula::instance(); UserPool* upool = nd.get_upool(); NebulaLog::log("ReM",Log::DEBUG, method_name + " method invoked"); - if ( upool->authenticate(session, - uid, - gid, - uname, - gname, - group_ids) == false ) + if ( upool->authenticate(att.session, + att.uid, + att.gid, + att.uname, + att.gname, + att.group_ids) == false ) { - failure_response(AUTHENTICATION, authenticate_error()); + failure_response(AUTHENTICATION, authenticate_error(), att); } else { - request_execute(_paramList); + request_execute(_paramList, att); } }; /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool Request::basic_authorization(int oid, AuthRequest::Operation op) +bool Request::basic_authorization(int oid, + AuthRequest::Operation op, + RequestAttributes& att) { PoolObjectSQL * object; @@ -59,7 +63,7 @@ bool Request::basic_authorization(int oid, AuthRequest::Operation op) int ouid = 0; int ogid = -1; - if ( uid == 0 ) + if ( att.uid == 0 ) { return true; } @@ -70,7 +74,9 @@ bool Request::basic_authorization(int oid, AuthRequest::Operation op) if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),oid), + att); return false; } @@ -81,13 +87,15 @@ bool Request::basic_authorization(int oid, AuthRequest::Operation op) object->unlock(); } - AuthRequest ar(uid, group_ids); + AuthRequest ar(att.uid, att.group_ids); ar.add_auth(auth_object, oid, ogid, op, ouid, pub); if (UserPool::authorize(ar) == -1) { - failure_response(AUTHORIZATION, authorization_error(ar.message)); + failure_response(AUTHORIZATION, + authorization_error(ar.message, att), + att); return false; } @@ -98,7 +106,8 @@ bool Request::basic_authorization(int oid, AuthRequest::Operation op) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void Request::failure_response(ErrorCode ec, const string& str_val) +void Request::failure_response(ErrorCode ec, const string& str_val, + RequestAttributes& att) { vector arrayData; @@ -108,7 +117,7 @@ void Request::failure_response(ErrorCode ec, const string& str_val) xmlrpc_c::value_array arrayresult(arrayData); - *retval = arrayresult; + *(att.retval) = arrayresult; NebulaLog::log("ReM",Log::ERROR,str_val); } @@ -116,7 +125,7 @@ void Request::failure_response(ErrorCode ec, const string& str_val) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void Request::success_response(int id) +void Request::success_response(int id, RequestAttributes& att) { vector arrayData; @@ -127,12 +136,12 @@ void Request::success_response(int id) xmlrpc_c::value_array arrayresult(arrayData); - *retval = arrayresult; + *(att.retval) = arrayresult; } /* -------------------------------------------------------------------------- */ -void Request::success_response(const string& val) +void Request::success_response(const string& val, RequestAttributes& att) { vector arrayData; @@ -142,7 +151,7 @@ void Request::success_response(const string& val) xmlrpc_c::value_array arrayresult(arrayData); - *retval = arrayresult; + *(att.retval) = arrayresult; } /* -------------------------------------------------------------------------- */ @@ -176,11 +185,12 @@ string Request::object_name(AuthRequest::Object ob) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -string Request::authorization_error (const string &message) +string Request::authorization_error (const string &message, + RequestAttributes& att) { ostringstream oss; - oss << "[" << method_name << "]" << " User [" << uid << "] not authorized" + oss << "[" << method_name << "]" << " User [" << att.uid << "] not authorized" << " to perform action on " << object_name(auth_object) << "."; @@ -231,7 +241,7 @@ string Request::request_error (const string &err_desc, const string &err_detail) { ostringstream oss; - oss << "[" << method_name << "]" << err_desc; + oss << "[" << method_name << "] " << err_desc; if (!err_detail.empty()) { diff --git a/src/rm/RequestManagerAcl.cc b/src/rm/RequestManagerAcl.cc index 827e841c7d..70356a339e 100644 --- a/src/rm/RequestManagerAcl.cc +++ b/src/rm/RequestManagerAcl.cc @@ -21,7 +21,8 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void AclAddRule::request_execute(xmlrpc_c::paramList const& paramList) +void AclAddRule::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { /* xmlrpc-c version 1.07 can manage 64 bit numbers, but not all distros. ship @@ -50,7 +51,7 @@ void AclAddRule::request_execute(xmlrpc_c::paramList const& paramList) string error_msg; - if ( basic_authorization(-1) == false ) + if ( basic_authorization(-1, att) == false ) { return; } @@ -59,11 +60,11 @@ void AclAddRule::request_execute(xmlrpc_c::paramList const& paramList) if ( rc < 0 ) { - failure_response(INTERNAL, request_error(error_msg, "")); + failure_response(INTERNAL, request_error(error_msg, ""), att); return; } - success_response(rc); + success_response(rc, att); return; } @@ -71,12 +72,13 @@ void AclAddRule::request_execute(xmlrpc_c::paramList const& paramList) /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void AclDelRule::request_execute(xmlrpc_c::paramList const& paramList) +void AclDelRule::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int oid = xmlrpc_c::value_int(paramList.getInt(1)); string error_msg; - if ( basic_authorization(-1) == false ) + if ( basic_authorization(-1, att) == false ) { return; } @@ -85,11 +87,11 @@ void AclDelRule::request_execute(xmlrpc_c::paramList const& paramList) if ( rc < 0 ) { - failure_response(INTERNAL, request_error(error_msg, "")); + failure_response(INTERNAL, request_error(error_msg, ""), att); return; } - success_response(oid); + success_response(oid, att); return; } @@ -97,12 +99,13 @@ void AclDelRule::request_execute(xmlrpc_c::paramList const& paramList) /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void AclInfo::request_execute(xmlrpc_c::paramList const& paramList) +void AclInfo::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { ostringstream oss; int rc; - if ( basic_authorization(-1) == false ) + if ( basic_authorization(-1, att) == false ) { return; } @@ -111,11 +114,11 @@ void AclInfo::request_execute(xmlrpc_c::paramList const& paramList) if ( rc != 0 ) { - failure_response(INTERNAL, request_error("Internal Error","")); + failure_response(INTERNAL, request_error("Internal Error",""), att); return; } - success_response(oss.str()); + success_response(oss.str(), att); return; } diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 175c92b5b0..97047dda89 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -23,29 +23,33 @@ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool RequestManagerAllocate::allocate_authorization(Template * tmpl) +bool RequestManagerAllocate::allocate_authorization(Template * tmpl, + RequestAttributes& att) { - if ( uid == 0 ) + if ( att.uid == 0 ) { return true; } - AuthRequest ar(uid, group_ids); + AuthRequest ar(att.uid, att.group_ids); if ( tmpl == 0 ) { - ar.add_auth(auth_object,-1,-1,auth_op,uid,false); + ar.add_auth(auth_object,-1,-1,auth_op,att.uid,false); } else { string t64; - ar.add_auth(auth_object,tmpl->to_xml(t64),-1,auth_op,uid,false); + ar.add_auth(auth_object,tmpl->to_xml(t64),-1,auth_op,att.uid,false); } if (UserPool::authorize(ar) == -1) { - failure_response(AUTHORIZATION, authorization_error(ar.message)); + failure_response(AUTHORIZATION, + authorization_error(ar.message, att), + att); + return false; } @@ -55,26 +59,30 @@ bool RequestManagerAllocate::allocate_authorization(Template * tmpl) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool VirtualMachineAllocate::allocate_authorization(Template * tmpl) +bool VirtualMachineAllocate::allocate_authorization(Template * tmpl, + RequestAttributes& att) { - if ( uid == 0 ) + if ( att.uid == 0 ) { return true; } - AuthRequest ar(uid, group_ids); + AuthRequest ar(att.uid, att.group_ids); string t64; VirtualMachineTemplate * ttmpl = static_cast(tmpl); - ar.add_auth(auth_object,tmpl->to_xml(t64),-1,auth_op,uid,false); + ar.add_auth(auth_object,tmpl->to_xml(t64),-1,auth_op,att.uid,false); - VirtualMachine::set_auth_request(uid, ar, ttmpl); + VirtualMachine::set_auth_request(att.uid, ar, ttmpl); if (UserPool::authorize(ar) == -1) { - failure_response(AUTHORIZATION, authorization_error(ar.message)); + failure_response(AUTHORIZATION, + authorization_error(ar.message, att), + att); + return false; } @@ -84,7 +92,8 @@ bool VirtualMachineAllocate::allocate_authorization(Template * tmpl) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params) +void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params, + RequestAttributes& att) { Template * tmpl = 0; @@ -102,27 +111,27 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params) if ( rc != 0 ) { - failure_response(INTERNAL, allocate_error(error_msg)); + failure_response(INTERNAL, allocate_error(error_msg), att); delete tmpl; return; } } - if ( allocate_authorization(tmpl) == false ) + if ( allocate_authorization(tmpl, att) == false ) { return; } - rc = pool_allocate(params, tmpl, id, error_str); + rc = pool_allocate(params, tmpl, id, error_str, att); if ( rc < 0 ) { - failure_response(INTERNAL, allocate_error(error_str)); + failure_response(INTERNAL, allocate_error(error_str), att); return; } - success_response(id); + success_response(id, att); } /* -------------------------------------------------------------------------- */ @@ -131,12 +140,14 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params) int VirtualMachineAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { VirtualMachineTemplate * ttmpl= static_cast(tmpl); VirtualMachinePool * vmpool = static_cast(pool); - return vmpool->allocate(uid, gid, uname, gname, ttmpl, &id,error_str,false); + return vmpool->allocate(att.uid, att.gid, att.uname, att.gname, ttmpl, &id, + error_str, false); } @@ -146,12 +157,14 @@ int VirtualMachineAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, int VirtualNetworkAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { VirtualNetworkPool * vpool = static_cast(pool); VirtualNetworkTemplate * vtmpl=static_cast(tmpl); - return vpool->allocate(uid, gid, uname, gname, vtmpl, &id, error_str); + return vpool->allocate(att.uid, att.gid, att.uname, att.gname, vtmpl, &id, + error_str); } /* -------------------------------------------------------------------------- */ @@ -160,12 +173,14 @@ int VirtualNetworkAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, int ImageAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { ImagePool * ipool = static_cast(pool); ImageTemplate * itmpl = static_cast(tmpl); - return ipool->allocate(uid, gid, uname, gname, itmpl, &id, error_str); + return ipool->allocate(att.uid, att.gid, att.uname, att.gname, itmpl, &id, + error_str); } /* -------------------------------------------------------------------------- */ @@ -174,13 +189,15 @@ int ImageAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, int TemplateAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { VMTemplatePool * tpool = static_cast(pool); VirtualMachineTemplate * ttmpl=static_cast(tmpl); - return tpool->allocate(uid, gid, uname, gname, ttmpl, &id, error_str); + return tpool->allocate(att.uid, att.gid, att.uname, att.gname, ttmpl, &id, + error_str); } /* -------------------------------------------------------------------------- */ @@ -189,7 +206,8 @@ int TemplateAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, int HostAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { string host = xmlrpc_c::value_string(paramList.getString(1)); string im_mad = xmlrpc_c::value_string(paramList.getString(2)); @@ -207,17 +225,18 @@ int HostAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, int UserAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { string uname = xmlrpc_c::value_string(paramList.getString(1)); string passwd = xmlrpc_c::value_string(paramList.getString(2)); UserPool * upool = static_cast(pool); - int ugid = gid; - string ugname = gname; + int ugid = att.gid; + string ugname = att.gname; - if ( gid == GroupPool::ONEADMIN_ID ) + if ( att.gid == GroupPool::ONEADMIN_ID ) { ugid = GroupPool::USERS_ID; ugname = GroupPool::USERS_NAME; @@ -232,7 +251,8 @@ int UserAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, int GroupAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, Template * tmpl, int& id, - string& error_str) + string& error_str, + RequestAttributes& att) { string gname = xmlrpc_c::value_string(paramList.getString(1)); diff --git a/src/rm/RequestManagerChown.cc b/src/rm/RequestManagerChown.cc index 6e5c37b199..711740a663 100644 --- a/src/rm/RequestManagerChown.cc +++ b/src/rm/RequestManagerChown.cc @@ -22,7 +22,8 @@ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int oid = xmlrpc_c::value_int(paramList.getInt(1)); int noid = xmlrpc_c::value_int(paramList.getInt(2)); @@ -31,13 +32,14 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) string nuname; string ngname; + // TODO: Move these to constructor? Nebula& nd = Nebula::instance(); GroupPool * gpool = nd.get_gpool(); UserPool * upool = nd.get_upool(); PoolObjectSQL * object; - if ( basic_authorization(oid) == false ) + if ( basic_authorization(oid, att) == false ) { return; } @@ -51,7 +53,8 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) if ((user = upool->get(noid,true)) == 0) { failure_response(NO_EXISTS, - get_error(object_name(AuthRequest::USER),noid)); + get_error(object_name(AuthRequest::USER),noid), + att); return; } @@ -67,7 +70,8 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) if ((group = gpool->get(ngid,true)) == 0) { failure_response(NO_EXISTS, - get_error(object_name(AuthRequest::GROUP),ngid)); + get_error(object_name(AuthRequest::GROUP),ngid), + att); return; } @@ -82,7 +86,9 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),oid), + att); return; } @@ -100,7 +106,7 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) object->unlock(); - success_response(oid); + success_response(oid, att); return; } @@ -108,7 +114,8 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void UserChown::request_execute(xmlrpc_c::paramList const& paramList) +void UserChown::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int oid = xmlrpc_c::value_int(paramList.getInt(1)); int ngid = xmlrpc_c::value_int(paramList.getInt(2)); @@ -123,7 +130,7 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList) User * user; Group * group; - if ( basic_authorization(oid) == false ) + if ( basic_authorization(oid, att) == false ) { return; } @@ -132,14 +139,15 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList) if ( ngid < 0 ) { - failure_response(XML_RPC_API,request_error("Wrong group ID","")); + failure_response(XML_RPC_API,request_error("Wrong group ID",""), att); return; } if ( (group = gpool->get(ngid,true)) == 0 ) { failure_response(NO_EXISTS, - get_error(object_name(AuthRequest::GROUP),ngid)); + get_error(object_name(AuthRequest::GROUP),ngid), + att); return; } @@ -154,14 +162,15 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList) if ( user == 0 ) { failure_response(NO_EXISTS, - get_error(object_name(AuthRequest::USER),oid)); + get_error(object_name(AuthRequest::USER),oid), + att); return; } if ((old_gid = user->get_gid()) == ngid) { user->unlock(); - success_response(oid); + success_response(oid, att); return; } @@ -181,7 +190,8 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList) if( group == 0 ) { failure_response(NO_EXISTS, - get_error(object_name(AuthRequest::GROUP),ngid));//TODO Rollback + get_error(object_name(AuthRequest::GROUP),ngid), + att);//TODO Rollback return; } @@ -204,7 +214,7 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList) group->unlock(); } - success_response(oid); + success_response(oid, att); return; } diff --git a/src/rm/RequestManagerDelete.cc b/src/rm/RequestManagerDelete.cc index 70f359b46d..9518d300be 100644 --- a/src/rm/RequestManagerDelete.cc +++ b/src/rm/RequestManagerDelete.cc @@ -21,13 +21,14 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void RequestManagerDelete::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerDelete::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int oid = xmlrpc_c::value_int(paramList.getInt(1)); PoolObjectSQL * object; string error_msg; - if ( basic_authorization(oid) == false ) + if ( basic_authorization(oid, att) == false ) { return; } @@ -36,7 +37,8 @@ void RequestManagerDelete::request_execute(xmlrpc_c::paramList const& paramList) if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, get_error(object_name(auth_object), oid), + att); return; } @@ -45,11 +47,12 @@ void RequestManagerDelete::request_execute(xmlrpc_c::paramList const& paramList) if ( rc != 0 ) { failure_response(INTERNAL, - request_error("Can not delete "+object_name(auth_object),error_msg)); + request_error("Can not delete "+object_name(auth_object),error_msg), + att); return; } - success_response(oid); + success_response(oid, att); return; } diff --git a/src/rm/RequestManagerHost.cc b/src/rm/RequestManagerHost.cc index 4bc013ff32..a11f6a8ff2 100644 --- a/src/rm/RequestManagerHost.cc +++ b/src/rm/RequestManagerHost.cc @@ -20,7 +20,8 @@ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void HostEnable::request_execute(xmlrpc_c::paramList const& paramList) +void HostEnable::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int id = xmlrpc_c::value_int(paramList.getInt(1)); bool enable = xmlrpc_c::value_boolean(paramList.getBoolean(2)); @@ -31,7 +32,7 @@ void HostEnable::request_execute(xmlrpc_c::paramList const& paramList) string error_str; - if ( basic_authorization(id) == false ) + if ( basic_authorization(id, att) == false ) { return; } @@ -40,7 +41,10 @@ void HostEnable::request_execute(xmlrpc_c::paramList const& paramList) if ( host == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),id), + att); + return; } @@ -57,7 +61,7 @@ void HostEnable::request_execute(xmlrpc_c::paramList const& paramList) host->unlock(); - success_response(id); + success_response(id, att); } /* -------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerImage.cc b/src/rm/RequestManagerImage.cc index 25de63586e..665e47ba59 100644 --- a/src/rm/RequestManagerImage.cc +++ b/src/rm/RequestManagerImage.cc @@ -21,7 +21,8 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void ImageEnable::request_execute(xmlrpc_c::paramList const& paramList) +void ImageEnable::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int id = xmlrpc_c::value_int(paramList.getInt(1)); bool enable_flag = xmlrpc_c::value_boolean(paramList.getBoolean(2)); @@ -32,7 +33,7 @@ void ImageEnable::request_execute(xmlrpc_c::paramList const& paramList) Nebula& nd = Nebula::instance(); ImageManager * imagem = nd.get_imagem(); - if ( basic_authorization(id) == false ) + if ( basic_authorization(id, att) == false ) { return; } @@ -50,17 +51,18 @@ void ImageEnable::request_execute(xmlrpc_c::paramList const& paramList) err_msg = "Could not disable image"; } - failure_response(INTERNAL, request_error(err_msg,"")); + failure_response(INTERNAL, request_error(err_msg,""), att); return; } - success_response(id); + success_response(id, att); } /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void ImagePersistent::request_execute(xmlrpc_c::paramList const& paramList) +void ImagePersistent::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int id = xmlrpc_c::value_int(paramList.getInt(1)); bool persistent_flag = xmlrpc_c::value_boolean(paramList.getBoolean(2)); @@ -69,7 +71,7 @@ void ImagePersistent::request_execute(xmlrpc_c::paramList const& paramList) Image * image; string err_msg; - if ( basic_authorization(id) == false ) + if ( basic_authorization(id, att) == false ) { return; } @@ -78,7 +80,10 @@ void ImagePersistent::request_execute(xmlrpc_c::paramList const& paramList) if ( image == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),id), + att); + return; } @@ -95,7 +100,7 @@ void ImagePersistent::request_execute(xmlrpc_c::paramList const& paramList) err_msg = "Could not make image non-persistent"; } - failure_response(INTERNAL,request_error(err_msg,"")); + failure_response(INTERNAL,request_error(err_msg,""), att); image->unlock(); return; @@ -105,5 +110,5 @@ void ImagePersistent::request_execute(xmlrpc_c::paramList const& paramList) image->unlock(); - success_response(id); + success_response(id, att); } diff --git a/src/rm/RequestManagerInfo.cc b/src/rm/RequestManagerInfo.cc index edb7724822..a0c73da2cd 100644 --- a/src/rm/RequestManagerInfo.cc +++ b/src/rm/RequestManagerInfo.cc @@ -21,13 +21,14 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int oid = xmlrpc_c::value_int(paramList.getInt(1)); PoolObjectSQL * object; string str; - if ( basic_authorization(oid) == false ) + if ( basic_authorization(oid, att) == false ) { return; } @@ -36,11 +37,11 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList) { if ( auth_object == AuthRequest::USER ) { - oid = uid; + oid = att.uid; } else if ( auth_object == AuthRequest::GROUP ) { - oid = gid; + oid = att.gid; } } @@ -48,7 +49,9 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList) if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),oid), + att); return; } @@ -56,7 +59,7 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList) object->unlock(); - success_response(str); + success_response(str, att); return; } diff --git a/src/rm/RequestManagerPoolInfo.cc b/src/rm/RequestManagerPoolInfo.cc index 024a1854b7..e792ee701a 100644 --- a/src/rm/RequestManagerPoolInfo.cc +++ b/src/rm/RequestManagerPoolInfo.cc @@ -21,12 +21,14 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void RequestManagerPoolInfo::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerPoolInfo::request_execute( + xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { ostringstream oss; int rc; - if ( basic_authorization(-1) == false ) + if ( basic_authorization(-1, att) == false ) { return; } @@ -36,11 +38,11 @@ void RequestManagerPoolInfo::request_execute(xmlrpc_c::paramList const& paramLis if ( rc != 0 ) { - failure_response(INTERNAL,request_error("Internal Error","")); + failure_response(INTERNAL,request_error("Internal Error",""), att); return; } - success_response(oss.str()); + success_response(oss.str(), att); return; } diff --git a/src/rm/RequestManagerPoolInfoFilter.cc b/src/rm/RequestManagerPoolInfoFilter.cc index 37e416294d..894dcbd4c2 100644 --- a/src/rm/RequestManagerPoolInfoFilter.cc +++ b/src/rm/RequestManagerPoolInfoFilter.cc @@ -36,7 +36,9 @@ const int VirtualMachinePoolInfo::NOT_DONE = -1; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void RequestManagerPoolInfoFilter::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerPoolInfoFilter::request_execute( + xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int filter_flag = xmlrpc_c::value_int(paramList.getInt(1)); int start_id = xmlrpc_c::value_int(paramList.getInt(2)); @@ -66,14 +68,16 @@ void RequestManagerPoolInfoFilter::request_execute(xmlrpc_c::paramList const& pa if ( filter_flag < MINE ) { - failure_response(XML_RPC_API,request_error("Incorrect filter_flag","")); + failure_response(XML_RPC_API, + request_error("Incorrect filter_flag",""), + att); return; } switch(filter_flag) { case MINE: - uid_filter << "uid = " << uid; + uid_filter << "uid = " << att.uid; request_op = AuthRequest::INFO_POOL_MINE; break; @@ -84,9 +88,9 @@ void RequestManagerPoolInfoFilter::request_execute(xmlrpc_c::paramList const& pa case MINE_GROUP: - uid_filter << "uid = " << uid; + uid_filter << "uid = " << att.uid; - for ( it = group_ids.begin() ; it != group_ids.end(); it++ ) + for ( it = att.group_ids.begin() ; it != att.group_ids.end(); it++ ) { uid_filter << " OR gid = " << *it; } @@ -128,7 +132,9 @@ void RequestManagerPoolInfoFilter::request_execute(xmlrpc_c::paramList const& pa if (( state < MINE ) || ( state > VirtualMachine::FAILED )) { failure_response(XML_RPC_API, - request_error("Incorrect filter_flag, state","")); + request_error("Incorrect filter_flag, state",""), + att); + return; } @@ -184,7 +190,7 @@ void RequestManagerPoolInfoFilter::request_execute(xmlrpc_c::paramList const& pa // Authorize & get the pool // ------------------------------------------ - if ( basic_authorization(-1, request_op) == false ) + if ( basic_authorization(-1, request_op, att) == false ) { return; } @@ -193,11 +199,11 @@ void RequestManagerPoolInfoFilter::request_execute(xmlrpc_c::paramList const& pa if ( rc != 0 ) { - failure_response(INTERNAL,request_error("Internal Error","")); + failure_response(INTERNAL,request_error("Internal Error",""), att); return; } - success_response(oss.str()); + success_response(oss.str(), att); return; } diff --git a/src/rm/RequestManagerPublish.cc b/src/rm/RequestManagerPublish.cc index 370efa4ced..bce57bb6cf 100644 --- a/src/rm/RequestManagerPublish.cc +++ b/src/rm/RequestManagerPublish.cc @@ -21,13 +21,15 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void RequestManagerPublish::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerPublish::request_execute( + xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int oid = xmlrpc_c::value_int(paramList.getInt(1)); bool pflag = xmlrpc_c::value_boolean(paramList.getBoolean(2)); PoolObjectSQL * object; - if ( basic_authorization(oid) == false ) + if ( basic_authorization(oid, att) == false ) { return; } @@ -36,7 +38,10 @@ void RequestManagerPublish::request_execute(xmlrpc_c::paramList const& paramList if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),oid), + att); + return; } @@ -45,7 +50,8 @@ void RequestManagerPublish::request_execute(xmlrpc_c::paramList const& paramList if ( rc != 0 ) { failure_response(INTERNAL, - request_error("Can not publish/unpublish resource","")); + request_error("Can not publish/unpublish resource",""), + att); object->unlock(); return; @@ -55,7 +61,7 @@ void RequestManagerPublish::request_execute(xmlrpc_c::paramList const& paramList object->unlock(); - success_response(oid); + success_response(oid, att); return; } diff --git a/src/rm/RequestManagerUpdateTemplate.cc b/src/rm/RequestManagerUpdateTemplate.cc index 3e1a0a2c51..452ce2abf0 100644 --- a/src/rm/RequestManagerUpdateTemplate.cc +++ b/src/rm/RequestManagerUpdateTemplate.cc @@ -21,7 +21,9 @@ using namespace std; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -void RequestManagerUpdateTemplate::request_execute(xmlrpc_c::paramList const& paramList) +void RequestManagerUpdateTemplate::request_execute( + xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int rc; string error_str; @@ -31,7 +33,7 @@ void RequestManagerUpdateTemplate::request_execute(xmlrpc_c::paramList const& pa PoolObjectSQL * object; - if ( basic_authorization(oid) == false ) + if ( basic_authorization(oid, att) == false ) { return; } @@ -40,7 +42,10 @@ void RequestManagerUpdateTemplate::request_execute(xmlrpc_c::paramList const& pa if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),oid), + att); + return; } @@ -48,7 +53,9 @@ void RequestManagerUpdateTemplate::request_execute(xmlrpc_c::paramList const& pa if ( rc != 0 ) { - failure_response(INTERNAL, request_error("Can not update template",error_str)); + failure_response(INTERNAL, + request_error("Can not update template",error_str), + att); object->unlock(); return; @@ -58,7 +65,7 @@ void RequestManagerUpdateTemplate::request_execute(xmlrpc_c::paramList const& pa object->unlock(); - success_response(oid); + success_response(oid, att); return; } diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc index 93c8221911..701c19e97c 100644 --- a/src/rm/RequestManagerUser.cc +++ b/src/rm/RequestManagerUser.cc @@ -19,13 +19,14 @@ using namespace std; void RequestManagerUser:: - request_execute(xmlrpc_c::paramList const& paramList) + request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int id = xmlrpc_c::value_int(paramList.getInt(1)); User * user; string error_str; - if ( basic_authorization(id) == false ) + if ( basic_authorization(id, att) == false ) { return; } @@ -34,17 +35,20 @@ void RequestManagerUser:: if ( user == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),id), + att); + return; } if ( user_action(user,paramList,error_str) < 0 ) { - failure_response(INTERNAL, request_error(error_str,"")); + failure_response(INTERNAL, request_error(error_str,""), att); return; } - success_response(id); + success_response(id, att); } /* -------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerVMTemplate.cc b/src/rm/RequestManagerVMTemplate.cc index 39e9e0aea0..9c2437c197 100644 --- a/src/rm/RequestManagerVMTemplate.cc +++ b/src/rm/RequestManagerVMTemplate.cc @@ -20,7 +20,8 @@ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList) +void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int id = xmlrpc_c::value_int(paramList.getInt(1)); string name = xmlrpc_c::value_string(paramList.getString(2)); @@ -40,7 +41,10 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList if ( rtmpl == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),id), + att); + return; } @@ -53,31 +57,38 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList tmpl->erase("NAME"); tmpl->set(new SingleAttribute("NAME",name)); - if ( uid != 0 ) + if ( att.uid != 0 ) { - AuthRequest ar(uid, group_ids); + AuthRequest ar(att.uid, att.group_ids); ar.add_auth(auth_object, id, ogid, auth_op, ouid, false); - VirtualMachine::set_auth_request(uid, ar, tmpl); + VirtualMachine::set_auth_request(att.uid, ar, tmpl); if (UserPool::authorize(ar) == -1) { - failure_response(AUTHORIZATION, authorization_error(ar.message)); + failure_response(AUTHORIZATION, + authorization_error(ar.message, att), + att); + delete tmpl; return; } } - rc = vmpool->allocate(uid, gid, uname, gname, tmpl, &vid, error_str, false); + rc = vmpool->allocate(att.uid, att.gid, att.uname, att.gname, tmpl, &vid, + error_str, false); if ( rc < 0 ) { - failure_response(INTERNAL, allocate_error(AuthRequest::VM,error_str)); + failure_response(INTERNAL, + allocate_error(AuthRequest::VM,error_str), + att); + return; } - success_response(vid); + success_response(vid, att); } /* -------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerVirtualMachine.cc b/src/rm/RequestManagerVirtualMachine.cc index de02b00f1b..09034e2b09 100644 --- a/src/rm/RequestManagerVirtualMachine.cc +++ b/src/rm/RequestManagerVirtualMachine.cc @@ -20,14 +20,17 @@ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool RequestManagerVirtualMachine::vm_authorization(int oid, int hid, ImageTemplate *tmpl) +bool RequestManagerVirtualMachine::vm_authorization(int oid, + int hid, + ImageTemplate *tmpl, + RequestAttributes& att) { PoolObjectSQL * object; int ouid; int ogid; - if ( uid == 0 ) + if ( att.uid == 0 ) { return true; } @@ -36,7 +39,10 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid, int hid, ImageTempl if ( object == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),oid), + att); + return false; } @@ -45,7 +51,7 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid, int hid, ImageTempl object->unlock(); - AuthRequest ar(uid, group_ids); + AuthRequest ar(att.uid, att.group_ids); ar.add_auth(auth_object, oid, ogid, auth_op, ouid, false); @@ -61,13 +67,16 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid, int hid, ImageTempl tmpl->to_xml(t64), -1, AuthRequest::CREATE, - uid, + att.uid, false); } if (UserPool::authorize(ar) == -1) { - failure_response(AUTHORIZATION, authorization_error(ar.message)); + failure_response(AUTHORIZATION, + authorization_error(ar.message, att), + att); + return false; } @@ -80,7 +89,8 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid, int hid, ImageTempl int RequestManagerVirtualMachine::get_host_information(int hid, string& name, string& vmm, - string& tm) + string& tm, + RequestAttributes& att) { Nebula& nd = Nebula::instance(); HostPool * hpool = nd.get_hpool(); @@ -92,7 +102,9 @@ int RequestManagerVirtualMachine::get_host_information(int hid, if ( host == 0 ) { failure_response(NO_EXISTS, - get_error(object_name(AuthRequest::HOST),hid)); + get_error(object_name(AuthRequest::HOST),hid), + att); + return -1; } @@ -108,7 +120,8 @@ int RequestManagerVirtualMachine::get_host_information(int hid, /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -VirtualMachine * RequestManagerVirtualMachine::get_vm(int id) +VirtualMachine * RequestManagerVirtualMachine::get_vm(int id, + RequestAttributes& att) { VirtualMachine * vm; @@ -116,7 +129,7 @@ VirtualMachine * RequestManagerVirtualMachine::get_vm(int id) if ( vm == 0 ) { - failure_response(NO_EXISTS,get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS,get_error(object_name(auth_object),id), att); return 0; } @@ -129,7 +142,8 @@ int RequestManagerVirtualMachine::add_history(VirtualMachine * vm, int hid, const string& hostname, const string& vmm_mad, - const string& tm_mad) + const string& tm_mad, + RequestAttributes& att) { Nebula& nd = Nebula::instance(); string vmdir; @@ -147,7 +161,9 @@ int RequestManagerVirtualMachine::add_history(VirtualMachine * vm, if ( rc != 0 ) { failure_response(INTERNAL, - request_error("Can not update virtual machine history","")); + request_error("Can not update virtual machine history",""), + att); + return -1; } @@ -158,7 +174,8 @@ int RequestManagerVirtualMachine::add_history(VirtualMachine * vm, /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList) +void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { string action = xmlrpc_c::value_string(paramList.getString(1)); int id = xmlrpc_c::value_int(paramList.getInt(2)); @@ -168,7 +185,7 @@ void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList) Nebula& nd = Nebula::instance(); DispatchManager * dm = nd.get_dm(); - if ( vm_authorization(id,-1,0) == false ) + if ( vm_authorization(id,-1,0,att) == false ) { return; } @@ -217,22 +234,27 @@ void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList) switch (rc) { case 0: - success_response(id); + success_response(id, att); break; case -1: - failure_response(NO_EXISTS,get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS, + get_error(object_name(auth_object),id), + att); break; case -2: failure_response(ACTION, - request_error("Worng state to perform action","")); + request_error("Worng state to perform action",""), + att); break; case -3: failure_response(ACTION, - request_error("Virtual machine action not supported","")); + request_error("Virtual machine action not supported",""), + att); break; default: failure_response(INTERNAL, - request_error("Internal error","Action result not defined")); + request_error("Internal error","Action result not defined"), + att); } return; @@ -241,7 +263,8 @@ void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void VirtualMachineDeploy::request_execute(xmlrpc_c::paramList const& paramList) +void VirtualMachineDeploy::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { Nebula& nd = Nebula::instance(); DispatchManager * dm = nd.get_dm(); @@ -255,17 +278,17 @@ void VirtualMachineDeploy::request_execute(xmlrpc_c::paramList const& paramList) int id = xmlrpc_c::value_int(paramList.getInt(1)); int hid = xmlrpc_c::value_int(paramList.getInt(2)); - if ( vm_authorization(id,hid,0) == false ) + if ( vm_authorization(id,hid,0,att) == false ) { return; } - if (get_host_information(hid,hostname,vmm_mad,tm_mad) != 0) + if (get_host_information(hid,hostname,vmm_mad,tm_mad, att) != 0) { return; } - if ( (vm = get_vm(id)) == 0 ) + if ( (vm = get_vm(id, att)) == 0 ) { return; } @@ -273,13 +296,14 @@ void VirtualMachineDeploy::request_execute(xmlrpc_c::paramList const& paramList) if ( vm->get_state() != VirtualMachine::PENDING ) { failure_response(ACTION, - request_error("Worng state to perform action","")); + request_error("Worng state to perform action",""), + att); vm->unlock(); return; } - if ( add_history(vm,hid,hostname,vmm_mad,tm_mad) != 0) + if ( add_history(vm,hid,hostname,vmm_mad,tm_mad,att) != 0) { vm->unlock(); return; @@ -289,13 +313,14 @@ void VirtualMachineDeploy::request_execute(xmlrpc_c::paramList const& paramList) vm->unlock(); - success_response(id); + success_response(id, att); } /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void VirtualMachineMigrate::request_execute(xmlrpc_c::paramList const& paramList) +void VirtualMachineMigrate::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { Nebula& nd = Nebula::instance(); DispatchManager * dm = nd.get_dm(); @@ -310,17 +335,17 @@ void VirtualMachineMigrate::request_execute(xmlrpc_c::paramList const& paramList int hid = xmlrpc_c::value_int(paramList.getInt(2)); bool live = xmlrpc_c::value_boolean(paramList.getBoolean(3)); - if ( vm_authorization(id,hid,0) == false ) + if ( vm_authorization(id,hid,0,att) == false ) { return; } - if (get_host_information(hid,hostname,vmm_mad,tm_mad) != 0) + if (get_host_information(hid,hostname,vmm_mad,tm_mad,att) != 0) { return; } - if ( (vm = get_vm(id)) == 0 ) + if ( (vm = get_vm(id, att)) == 0 ) { return; } @@ -330,13 +355,14 @@ void VirtualMachineMigrate::request_execute(xmlrpc_c::paramList const& paramList (vm->hasPreviousHistory() && vm->get_previous_reason() == History::NONE)) { failure_response(ACTION, - request_error("Worng state to perform action","")); + request_error("Worng state to perform action",""), + att); vm->unlock(); return; } - if ( add_history(vm,hid,hostname,vmm_mad,tm_mad) != 0) + if ( add_history(vm,hid,hostname,vmm_mad,tm_mad,att) != 0) { vm->unlock(); return; @@ -353,13 +379,14 @@ void VirtualMachineMigrate::request_execute(xmlrpc_c::paramList const& paramList vm->unlock(); - success_response(id); + success_response(id, att); } /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramList) +void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { Nebula& nd = Nebula::instance(); ImagePool * ipool = nd.get_ipool(); @@ -391,25 +418,26 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis // ------------------ Authorize the operation ------------------ - if ( vm_authorization(id,-1,itemplate) == false ) + if ( vm_authorization(id,-1,itemplate,att) == false ) { return; } // ------------------ Create the image ------------------ - rc = ipool->allocate(uid, gid, uname, gname, itemplate, &iid,error_str); + rc = ipool->allocate(att.uid, att.gid, att.uname, att.gname, itemplate, + &iid, error_str); - if ( rc < 0 ) + if (rc < 0) { failure_response(INTERNAL, - allocate_error(AuthRequest::IMAGE,error_str)); + allocate_error(AuthRequest::IMAGE, error_str), att); return; } // ------------------ Store image id to save the disk ------------------ - if ( (vm = get_vm(id)) == 0 ) + if ( (vm = get_vm(id, att)) == 0 ) { Image * img; @@ -446,12 +474,13 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis } failure_response(INTERNAL, - request_error("Can not save_as disk",error_str)); + request_error("Can not save_as disk",error_str), + att); return; } // Return the new allocated Image ID - success_response(iid); + success_response(iid, att); } /* -------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerVirtualNetwork.cc b/src/rm/RequestManagerVirtualNetwork.cc index f716ba6554..af410a025f 100644 --- a/src/rm/RequestManagerVirtualNetwork.cc +++ b/src/rm/RequestManagerVirtualNetwork.cc @@ -34,14 +34,15 @@ string RequestManagerVirtualNetwork::leases_error (char *error) free(error); } - return request_error("Error modifiying network leases",oss.str()); + return request_error("Error modifying network leases",oss.str()); } /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ void RequestManagerVirtualNetwork:: - request_execute(xmlrpc_c::paramList const& paramList) + request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { int id = xmlrpc_c::value_int (paramList.getInt(1)); string str_tmpl = xmlrpc_c::value_string (paramList.getString(2)); @@ -53,7 +54,7 @@ void RequestManagerVirtualNetwork:: string error_str; int rc; - if ( basic_authorization(id) == false ) + if ( basic_authorization(id, att) == false ) { return; } @@ -62,7 +63,7 @@ void RequestManagerVirtualNetwork:: if ( rc != 0 ) { - failure_response(INTERNAL, leases_error(error_msg)); + failure_response(INTERNAL, leases_error(error_msg), att); return; } @@ -70,7 +71,7 @@ void RequestManagerVirtualNetwork:: if ( vn == 0 ) { - failure_response(NO_EXISTS, get_error(object_name(auth_object),id)); + failure_response(NO_EXISTS, get_error(object_name(auth_object),id),att); return; } @@ -79,7 +80,8 @@ void RequestManagerVirtualNetwork:: if ( rc < 0 ) { failure_response(INTERNAL, - request_error("Error modifiying network leases",error_str)); + request_error("Error modifiying network leases",error_str), + att); vn->unlock(); return; @@ -89,6 +91,6 @@ void RequestManagerVirtualNetwork:: vn->unlock(); - success_response(id); + success_response(id, att); }