1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-22 13:33:52 +03:00

feature #203: authorization now in RM.*allocate for IMAGEs and NETs

This commit is contained in:
Ruben S. Montero 2010-07-14 19:37:43 +02:00
parent 235186a998
commit 0dbb3330fe
11 changed files with 204 additions and 133 deletions

View File

@ -221,7 +221,7 @@ public:
string& name,
vector<const Attribute*>& values) const
{
return image_template.get(name,values);
return image_template->get(name,values);
};
/**
@ -235,7 +235,7 @@ public:
vector<const Attribute*>& values) const
{
string str=name;
return image_template.get(str,values);
return image_template->get(str,values);
};
/**
@ -248,7 +248,7 @@ public:
string& value) const
{
string str=name;
image_template.get(str,value);
image_template->get(str,value);
}
/**
@ -261,7 +261,7 @@ public:
int& value) const
{
string str=name;
image_template.get(str,value);
image_template->get(str,value);
}
/**
@ -270,7 +270,7 @@ public:
*/
int remove_template_attribute(SqlDB * db, const string& name)
{
return image_template.remove_attribute(db, name);
return image_template->remove_attribute(db, name);
}
private:
@ -332,7 +332,7 @@ private:
/**
* The Image template, holds the Image attributes.
*/
ImageTemplate image_template;
ImageTemplate * image_template;
// *************************************************************************
@ -382,7 +382,7 @@ protected:
// Constructor
// *************************************************************************
Image(int id=-1);
Image(int uid=-1, ImageTemplate *img_template = 0);
virtual ~Image();

View File

@ -55,9 +55,9 @@ public:
* -2 in case of template parse failure
*/
int allocate (
int uid,
const string& stemplate,
int * oid);
int uid,
ImageTemplate * img_template,
int * oid);
/**
* Function to get a Image from the pool, if the object is not in memory
@ -133,7 +133,7 @@ public:
{
SingleAttribute * sattr = new SingleAttribute(name,value);
return image->image_template.replace_attribute(db,sattr);
return image->image_template->replace_attribute(db,sattr);
}
/** Delete an image attribute in the template (Image MUST be locked)
@ -145,7 +145,7 @@ public:
Image * image,
const string& name)
{
return image->image_template.remove_attribute(db, name);
return image->image_template->remove_attribute(db, name);
}
/**

View File

@ -195,7 +195,7 @@ public:
string& name,
vector<const Attribute*>& values) const
{
return vn_template.get(name,values);
return vn_template->get(name,values);
};
/**
@ -209,7 +209,7 @@ public:
vector<const Attribute*>& values) const
{
string str=name;
return vn_template.get(str,values);
return vn_template->get(str,values);
};
/**
@ -222,7 +222,7 @@ public:
string& value) const
{
string str=name;
vn_template.get(str,value);
vn_template->get(str,value);
}
/**
@ -235,7 +235,7 @@ public:
int& value) const
{
string str=name;
vn_template.get(str,value);
vn_template->get(str,value);
}
private:
@ -293,7 +293,7 @@ private:
/**
* The Virtual Network template, holds the VNW attributes.
*/
VirtualNetworkTemplate vn_template;
VirtualNetworkTemplate * vn_template;
// *************************************************************************
// DataBase implementation (Private)
@ -355,7 +355,7 @@ private:
int rc;
sattr = new SingleAttribute(name,value);
rc = vn_template.replace_attribute(db,sattr);
rc = vn_template->replace_attribute(db,sattr);
if (rc != 0)
{
@ -371,7 +371,7 @@ protected:
// Constructor
//**************************************************************************
VirtualNetwork();
VirtualNetwork(VirtualNetworkTemplate * _vn_template = 0);
~VirtualNetwork();
@ -428,7 +428,7 @@ protected:
{
int rc;
rc = vn_template.drop(db);
rc = vn_template->drop(db);
rc += leases->drop(db);

View File

@ -40,16 +40,15 @@ public:
~VirtualNetworkPool(){};
/**
* Function to allocate a new VN object
* Function to allocate a new VNET object
* @param uid user identifier
* @param stemplate a string describing the VN
* @param vn_template a VirtualNetworkTemplate describing the VNET
* @param oid the id assigned to the VM (output)
* @return oid on success, -1 error inserting in DB,-2 error parsing
* the template, -3 wrong attributes in template
* @return oid on success, -1 error
*/
int allocate (
int uid,
const string& stemplate,
VirtualNetworkTemplate * vn_template,
int * oid);
/**

View File

@ -32,7 +32,7 @@
/* Image :: Constructor/Destructor */
/* ************************************************************************ */
Image::Image(int _uid):
Image::Image(int _uid, ImageTemplate * _image_template):
PoolObjectSQL(-1),
uid(_uid),
name(""),
@ -41,9 +41,24 @@ Image::Image(int _uid):
source(""),
state(INIT),
running_vms(0)
{};
{
if (_image_template != 0)
{
image_template = _image_template;
}
else
{
image_template = new ImageTemplate;
}
};
Image::~Image(){};
Image::~Image()
{
if (image_template != 0)
{
delete image_template;
}
};
/* ************************************************************************ */
/* Image :: Database Access Functions */
@ -93,7 +108,7 @@ int Image::select_cb(void * nil, int num, char **values, char ** names)
running_vms = atoi(values[RUNNING_VMS]);
image_template.id = oid;
image_template->id = oid;
return 0;
}
@ -123,7 +138,7 @@ int Image::select(SqlDB *db)
// Get the template
rc = image_template.select(db);
rc = image_template->select(db);
if ( rc != 0 )
{
@ -182,7 +197,7 @@ int Image::insert(SqlDB *db)
// ------------ PUBLIC --------------------
get_template_attribute("PUBLIC", public_attr);
image_template.erase("PUBLIC");
image_template->erase("PUBLIC");
transform (public_attr.begin(), public_attr.end(), public_attr.begin(),
(int(*)(int))toupper);
@ -198,7 +213,7 @@ int Image::insert(SqlDB *db)
SingleAttribute * dev_att = new SingleAttribute("DEV_PREFIX",
ImagePool::default_dev_prefix());
image_template.set(dev_att);
image_template->set(dev_att);
}
// ------------ SOURCE (path to store the image)--------------------
@ -212,14 +227,14 @@ int Image::insert(SqlDB *db)
// ------------ INSERT THE TEMPLATE --------------------
if ( image_template.id == -1 )
if ( image_template->id == -1 )
{
image_template.id = oid;
image_template->id = oid;
}
state = DISABLED;
rc = image_template.insert(db);
rc = image_template->insert(db);
if ( rc != 0 )
{
@ -234,7 +249,7 @@ int Image::insert(SqlDB *db)
if ( rc != 0 )
{
image_template.drop(db);
image_template->drop(db);
return rc;
}
@ -374,7 +389,7 @@ int Image::drop(SqlDB * db)
return -1;
}
image_template.drop(db);
image_template->drop(db);
oss << "DELETE FROM " << table << " WHERE oid=" << oid;
@ -424,7 +439,7 @@ string& Image::to_xml(string& xml) const
"<SOURCE>" << source << "</SOURCE>" <<
"<STATE>" << state << "</STATE>" <<
"<RUNNING_VMS>" << running_vms << "</RUNNING_VMS>" <<
image_template.to_xml(template_xml) <<
image_template->to_xml(template_xml) <<
"</IMAGE>";
xml = oss.str();
@ -452,7 +467,7 @@ string& Image::to_str(string& str) const
"STATE = " << state << endl <<
"RUNNING_VMS = " << running_vms << endl <<
"TEMPLATE" << endl
<< image_template.to_str(template_str)
<< image_template->to_str(template_str)
<< endl;
str = os.str();

View File

@ -89,55 +89,31 @@ ImagePool::ImagePool( SqlDB * db,
int ImagePool::allocate (
int uid,
const string& stemplate,
ImageTemplate* img_template,
int * oid)
{
int rc;
Image * img;
string name;
char * error_msg;
// ---------------------------------------------------------------------
// Build a new Image object
// ---------------------------------------------------------------------
img = new Image(uid);
// ---------------------------------------------------------------------
// Parse template
// ---------------------------------------------------------------------
rc = img->image_template.parse(stemplate, &error_msg);
if ( rc != 0 )
{
ostringstream oss;
oss << "ImagePool template parse error: " << error_msg;
NebulaLog::log("IMG", Log::ERROR, oss);
free(error_msg);
delete img;
return -1;
}
img = new Image(uid,img_template);
img->get_template_attribute("NAME", name);
// ---------------------------------------------------------------------
// Insert the Object in the pool
// ---------------------------------------------------------------------
*oid = PoolSQL::allocate(img);
if ( *oid == -1 )
{
return -1;
}
// ---------------------------------------------------------------------
// Add the image name to the map of image_names
// ---------------------------------------------------------------------
image_names.insert(make_pair(name, *oid));
if ( *oid != -1 )
{
image_names.insert(make_pair(name, *oid));
}
return *oid;
}

View File

@ -70,7 +70,6 @@ void RequestManager::VirtualMachineAllocate::execute(
//--------------------------------------------------------------------------
// Authorize this request
//--------------------------------------------------------------------------
vm_template = new VirtualMachineTemplate;
rc = vm_template->parse(str_template,&error_msg);
@ -129,7 +128,6 @@ void RequestManager::VirtualMachineAllocate::execute(
//--------------------------------------------------------------------------
// Allocate the VirtualMAchine
//--------------------------------------------------------------------------
rc = vmpool->allocate(uid,vm_template,&vid,false);
if ( rc < 0 )

View File

@ -29,11 +29,14 @@ void RequestManager::ImageAllocate::execute(
xmlrpc_c::value * const retval)
{
string session;
string image_template;
string str_template;
ImageTemplate * img_template;
int iid;
int uid;
int rc;
char * error_msg = 0;
ostringstream oss;
@ -42,15 +45,15 @@ void RequestManager::ImageAllocate::execute(
vector<xmlrpc_c::value> arrayData;
xmlrpc_c::value_array * arrayresult;
NebulaLog::log("ReM",Log::DEBUG,"ImageAllocate invoked");
session = xmlrpc_c::value_string(paramList.getString(0));
image_template = xmlrpc_c::value_string(paramList.getString(1));
image_template += "\n";
session = xmlrpc_c::value_string(paramList.getString(0));
str_template = xmlrpc_c::value_string(paramList.getString(1));
str_template += "\n";
// First, we need to authenticate the user
//--------------------------------------------------------------------------
// Authorize this request
//--------------------------------------------------------------------------
uid = ImageAllocate::upool->authenticate(session);
if ( uid == -1 )
@ -58,7 +61,39 @@ void RequestManager::ImageAllocate::execute(
goto error_authenticate;
}
rc = ImageAllocate::ipool->allocate(uid,image_template,&iid);
//--------------------------------------------------------------------------
// Authorize this request
//--------------------------------------------------------------------------
img_template = new ImageTemplate;
rc = img_template->parse(str_template,&error_msg);
if ( rc != 0 )
{
goto error_parse;
}
if ( uid != 0 )
{
AuthRequest ar(uid);
string t64;
ar.add_auth(AuthRequest::IMAGE,
img_template->to_xml(t64),
AuthRequest::CREATE,
uid,
false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
//--------------------------------------------------------------------------
// Allocate the Image
//--------------------------------------------------------------------------
rc = ImageAllocate::ipool->allocate(uid,img_template,&iid);
if ( rc < 0 )
{
@ -81,6 +116,22 @@ error_authenticate:
oss.str(authenticate_error(method_name));
goto error_common;
error_authorize:
oss.str(authorization_error(method_name, "CREATE", "IMAGE", uid, -1));
delete img_template;
goto error_common;
error_parse:
oss.str(action_error(method_name, "PARSE", "IMAGE TEMPLATE",-2,rc));
if (error_msg != 0)
{
oss << "Reason: " << error_msg;
free(error_msg);
}
delete img_template;
goto error_common;
error_allocate:
oss.str(action_error(method_name, "CREATE", "IMAGE", -2, rc));
goto error_common;

View File

@ -27,19 +27,18 @@ void RequestManager::VirtualNetworkAllocate::execute(
xmlrpc_c::value * const retval)
{
string session;
string username;
string password;
string name;
string stemplate;
string str_template;
VirtualNetworkTemplate * vn_template;
int nid;
int uid;
int rc;
User * user;
char * error_msg = 0;
ostringstream oss;
const string method_name = "VirtualNetworkAllocate";
/* -- RPC specific vars -- */
@ -49,27 +48,52 @@ void RequestManager::VirtualNetworkAllocate::execute(
NebulaLog::log("ReM",Log::DEBUG,"VirtualNetworkAllocate method invoked");
// Get the parameters & host
session = xmlrpc_c::value_string(paramList.getString(0));
stemplate = xmlrpc_c::value_string(paramList.getString(1));
session = xmlrpc_c::value_string(paramList.getString(0));
str_template = xmlrpc_c::value_string(paramList.getString(1));
if ( User::split_secret(session,username,password) != 0 )
//--------------------------------------------------------------------------
// Authorize this request
//--------------------------------------------------------------------------
uid = VirtualNetworkAllocate::upool->authenticate(session);
if ( uid == -1 )
{
goto error_authenticate;
}
// Now let's get the user
user = VirtualNetworkAllocate::upool->get(username,true);
//--------------------------------------------------------------------------
// Authorize this request
//--------------------------------------------------------------------------
vn_template = new VirtualNetworkTemplate;
if ( user == 0 )
rc = vn_template->parse(str_template,&error_msg);
if ( rc != 0 )
{
goto error_get_user;
goto error_parse;
}
uid = user->get_uid();
if ( uid != 0 )
{
AuthRequest ar(uid);
string t64;
user->unlock();
rc = vnpool->allocate(uid,stemplate,&nid);
ar.add_auth(AuthRequest::NET,
vn_template->to_xml(t64),
AuthRequest::CREATE,
uid,
false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
//--------------------------------------------------------------------------
// Allocate the Virtual Network
//--------------------------------------------------------------------------
rc = vnpool->allocate(uid,vn_template,&nid);
if ( rc < 0 )
{
@ -92,10 +116,22 @@ error_authenticate:
oss.str(authenticate_error(method_name));
goto error_common;
error_get_user:
oss.str(get_error(method_name, "USER", -1));
error_authorize:
oss.str(authorization_error(method_name, "CREATE", "VNET", uid, -1));
delete vn_template;
goto error_common;
error_parse:
oss.str(action_error(method_name, "PARSE", "VNET TEMPLATE",-2,rc));
if (error_msg != 0)
{
oss << "Reason: " << error_msg;
free(error_msg);
}
delete vn_template;
goto error_common;
error_vn_allocate:
oss.str(action_error(method_name, "CREATE", "NET", -2, rc));
goto error_common;

View File

@ -29,13 +29,23 @@
/* Virtual Network :: Constructor/Destructor */
/* ************************************************************************** */
VirtualNetwork::VirtualNetwork():
VirtualNetwork::VirtualNetwork(VirtualNetworkTemplate *_vn_template):
PoolObjectSQL(-1),
name(""),
uid(-1),
bridge(""),
type(UNINITIALIZED),
leases(0){};
leases(0)
{
if (_vn_template != 0)
{
vn_template = _vn_template;
}
else
{
vn_template = new VirtualNetworkTemplate;
}
};
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -46,6 +56,11 @@ VirtualNetwork::~VirtualNetwork()
{
delete leases;
}
if (vn_template != 0)
{
delete vn_template;
}
}
/* ************************************************************************** */
@ -89,7 +104,7 @@ int VirtualNetwork::select_cb(void * nil, int num, char **values, char **names)
public_vnet = atoi(values[PUBLIC]);
// Virtual Network template ID is the Network ID
vn_template.id = oid;
vn_template->id = oid;
return 0;
}
@ -128,7 +143,7 @@ int VirtualNetwork::select(SqlDB * db)
}
//Get the template
rc = vn_template.select(db);
rc = vn_template->select(db);
if (rc != 0)
{
@ -315,16 +330,16 @@ int VirtualNetwork::insert(SqlDB * db)
public_vnet = (pub == "YES");
vn_template.erase("PUBLIC");
vn_template->erase("PUBLIC");
// ------------ INSERT THE TEMPLATE --------------------
if ( vn_template.id == -1 )
if ( vn_template->id == -1 )
{
vn_template.id = oid;
vn_template->id = oid;
}
rc = vn_template.insert(db);
rc = vn_template->insert(db);
if ( rc != 0 )
{
@ -425,7 +440,7 @@ error_template:
error_update:
ose << "Can not update Virtual Network id " << oid;
vn_template.drop(db);
vn_template->drop(db);
goto error_common;
error_addr:
@ -506,7 +521,7 @@ int VirtualNetwork::vn_drop(SqlDB * db)
ostringstream oss;
int rc;
vn_template.drop(db);
vn_template->drop(db);
if ( leases != 0 )
{
@ -558,7 +573,7 @@ string& VirtualNetwork::to_xml(string& xml) const
"<TYPE>" << type << "</TYPE>" <<
"<BRIDGE>" << bridge << "</BRIDGE>" <<
"<PUBLIC>" << public_vnet << "</PUBLIC>" <<
vn_template.to_xml(template_xml);
vn_template->to_xml(template_xml);
if (leases)
{
os << leases->to_xml(leases_xml);
@ -596,7 +611,8 @@ string& VirtualNetwork::to_str(string& str) const
os << "Bridge : " << bridge << endl;
os << "Public : " << public_vnet << endl << endl;
os << "....: Template :...." << vn_template.to_str(template_str) << endl << endl;
os << "....: Template :...." << vn_template->to_str(template_str) << endl <<
endl;
if (leases)
{

View File

@ -71,35 +71,15 @@ VirtualNetworkPool::VirtualNetworkPool(SqlDB * db,
int VirtualNetworkPool::allocate (
int uid,
const string& stemplate,
VirtualNetworkTemplate * vn_template,
int * oid)
{
VirtualNetwork * vn;
char * error_msg;
int rc;
// Build a new Virtual Network object
vn = new VirtualNetwork();
vn = new VirtualNetwork(vn_template);
vn->uid = uid;
rc = vn->vn_template.parse(stemplate,&error_msg);
if ( rc != 0 )
{
ostringstream oss;
oss << error_msg;
NebulaLog::log("VNM", Log::ERROR, oss);
free(error_msg);
delete vn;
return -1;
}
// Insert the VN in the pool so we have a valid OID
*oid = PoolSQL::allocate(vn);
return *oid;