From 0dbb3330fe007b52d427f05ac142bb9cf4f20726 Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Wed, 14 Jul 2010 19:37:43 +0200 Subject: [PATCH] feature #203: authorization now in RM.*allocate for IMAGEs and NETs --- include/Image.h | 14 ++-- include/ImagePool.h | 10 +-- include/VirtualNetwork.h | 16 ++-- include/VirtualNetworkPool.h | 9 +-- src/image/Image.cc | 43 +++++++---- src/image/ImagePool.cc | 36 ++------- src/rm/RequestManagerAllocate.cc | 2 - src/rm/RequestManagerImageAllocate.cc | 67 ++++++++++++++-- .../RequestManagerVirtualNetworkAllocate.cc | 76 ++++++++++++++----- src/vnm/VirtualNetwork.cc | 40 +++++++--- src/vnm/VirtualNetworkPool.cc | 24 +----- 11 files changed, 204 insertions(+), 133 deletions(-) diff --git a/include/Image.h b/include/Image.h index aa87243c2a..63feb4f996 100644 --- a/include/Image.h +++ b/include/Image.h @@ -221,7 +221,7 @@ public: string& name, vector& values) const { - return image_template.get(name,values); + return image_template->get(name,values); }; /** @@ -235,7 +235,7 @@ public: vector& values) const { string str=name; - return image_template.get(str,values); + return image_template->get(str,values); }; /** @@ -248,7 +248,7 @@ public: string& value) const { string str=name; - image_template.get(str,value); + image_template->get(str,value); } /** @@ -261,7 +261,7 @@ public: int& value) const { string str=name; - image_template.get(str,value); + image_template->get(str,value); } /** @@ -270,7 +270,7 @@ public: */ int remove_template_attribute(SqlDB * db, const string& name) { - return image_template.remove_attribute(db, name); + return image_template->remove_attribute(db, name); } private: @@ -332,7 +332,7 @@ private: /** * The Image template, holds the Image attributes. */ - ImageTemplate image_template; + ImageTemplate * image_template; // ************************************************************************* @@ -382,7 +382,7 @@ protected: // Constructor // ************************************************************************* - Image(int id=-1); + Image(int uid=-1, ImageTemplate *img_template = 0); virtual ~Image(); diff --git a/include/ImagePool.h b/include/ImagePool.h index 709f6bcdf3..968188178d 100644 --- a/include/ImagePool.h +++ b/include/ImagePool.h @@ -55,9 +55,9 @@ public: * -2 in case of template parse failure */ int allocate ( - int uid, - const string& stemplate, - int * oid); + int uid, + ImageTemplate * img_template, + int * oid); /** * Function to get a Image from the pool, if the object is not in memory @@ -133,7 +133,7 @@ public: { SingleAttribute * sattr = new SingleAttribute(name,value); - return image->image_template.replace_attribute(db,sattr); + return image->image_template->replace_attribute(db,sattr); } /** Delete an image attribute in the template (Image MUST be locked) @@ -145,7 +145,7 @@ public: Image * image, const string& name) { - return image->image_template.remove_attribute(db, name); + return image->image_template->remove_attribute(db, name); } /** diff --git a/include/VirtualNetwork.h b/include/VirtualNetwork.h index 5d8ac3c8a7..cf37a96753 100644 --- a/include/VirtualNetwork.h +++ b/include/VirtualNetwork.h @@ -195,7 +195,7 @@ public: string& name, vector& values) const { - return vn_template.get(name,values); + return vn_template->get(name,values); }; /** @@ -209,7 +209,7 @@ public: vector& values) const { string str=name; - return vn_template.get(str,values); + return vn_template->get(str,values); }; /** @@ -222,7 +222,7 @@ public: string& value) const { string str=name; - vn_template.get(str,value); + vn_template->get(str,value); } /** @@ -235,7 +235,7 @@ public: int& value) const { string str=name; - vn_template.get(str,value); + vn_template->get(str,value); } private: @@ -293,7 +293,7 @@ private: /** * The Virtual Network template, holds the VNW attributes. */ - VirtualNetworkTemplate vn_template; + VirtualNetworkTemplate * vn_template; // ************************************************************************* // DataBase implementation (Private) @@ -355,7 +355,7 @@ private: int rc; sattr = new SingleAttribute(name,value); - rc = vn_template.replace_attribute(db,sattr); + rc = vn_template->replace_attribute(db,sattr); if (rc != 0) { @@ -371,7 +371,7 @@ protected: // Constructor //************************************************************************** - VirtualNetwork(); + VirtualNetwork(VirtualNetworkTemplate * _vn_template = 0); ~VirtualNetwork(); @@ -428,7 +428,7 @@ protected: { int rc; - rc = vn_template.drop(db); + rc = vn_template->drop(db); rc += leases->drop(db); diff --git a/include/VirtualNetworkPool.h b/include/VirtualNetworkPool.h index 633ff9aebc..f57c53037b 100644 --- a/include/VirtualNetworkPool.h +++ b/include/VirtualNetworkPool.h @@ -40,16 +40,15 @@ public: ~VirtualNetworkPool(){}; /** - * Function to allocate a new VN object + * Function to allocate a new VNET object * @param uid user identifier - * @param stemplate a string describing the VN + * @param vn_template a VirtualNetworkTemplate describing the VNET * @param oid the id assigned to the VM (output) - * @return oid on success, -1 error inserting in DB,-2 error parsing - * the template, -3 wrong attributes in template + * @return oid on success, -1 error */ int allocate ( int uid, - const string& stemplate, + VirtualNetworkTemplate * vn_template, int * oid); /** diff --git a/src/image/Image.cc b/src/image/Image.cc index f5a6fec6f6..fd983e6d7b 100644 --- a/src/image/Image.cc +++ b/src/image/Image.cc @@ -32,7 +32,7 @@ /* Image :: Constructor/Destructor */ /* ************************************************************************ */ -Image::Image(int _uid): +Image::Image(int _uid, ImageTemplate * _image_template): PoolObjectSQL(-1), uid(_uid), name(""), @@ -41,9 +41,24 @@ Image::Image(int _uid): source(""), state(INIT), running_vms(0) - {}; +{ + if (_image_template != 0) + { + image_template = _image_template; + } + else + { + image_template = new ImageTemplate; + } +}; -Image::~Image(){}; +Image::~Image() +{ + if (image_template != 0) + { + delete image_template; + } +}; /* ************************************************************************ */ /* Image :: Database Access Functions */ @@ -93,7 +108,7 @@ int Image::select_cb(void * nil, int num, char **values, char ** names) running_vms = atoi(values[RUNNING_VMS]); - image_template.id = oid; + image_template->id = oid; return 0; } @@ -123,7 +138,7 @@ int Image::select(SqlDB *db) // Get the template - rc = image_template.select(db); + rc = image_template->select(db); if ( rc != 0 ) { @@ -182,7 +197,7 @@ int Image::insert(SqlDB *db) // ------------ PUBLIC -------------------- get_template_attribute("PUBLIC", public_attr); - image_template.erase("PUBLIC"); + image_template->erase("PUBLIC"); transform (public_attr.begin(), public_attr.end(), public_attr.begin(), (int(*)(int))toupper); @@ -198,7 +213,7 @@ int Image::insert(SqlDB *db) SingleAttribute * dev_att = new SingleAttribute("DEV_PREFIX", ImagePool::default_dev_prefix()); - image_template.set(dev_att); + image_template->set(dev_att); } // ------------ SOURCE (path to store the image)-------------------- @@ -212,14 +227,14 @@ int Image::insert(SqlDB *db) // ------------ INSERT THE TEMPLATE -------------------- - if ( image_template.id == -1 ) + if ( image_template->id == -1 ) { - image_template.id = oid; + image_template->id = oid; } state = DISABLED; - rc = image_template.insert(db); + rc = image_template->insert(db); if ( rc != 0 ) { @@ -234,7 +249,7 @@ int Image::insert(SqlDB *db) if ( rc != 0 ) { - image_template.drop(db); + image_template->drop(db); return rc; } @@ -374,7 +389,7 @@ int Image::drop(SqlDB * db) return -1; } - image_template.drop(db); + image_template->drop(db); oss << "DELETE FROM " << table << " WHERE oid=" << oid; @@ -424,7 +439,7 @@ string& Image::to_xml(string& xml) const "" << source << "" << "" << state << "" << "" << running_vms << "" << - image_template.to_xml(template_xml) << + image_template->to_xml(template_xml) << ""; xml = oss.str(); @@ -452,7 +467,7 @@ string& Image::to_str(string& str) const "STATE = " << state << endl << "RUNNING_VMS = " << running_vms << endl << "TEMPLATE" << endl - << image_template.to_str(template_str) + << image_template->to_str(template_str) << endl; str = os.str(); diff --git a/src/image/ImagePool.cc b/src/image/ImagePool.cc index 7d89ccf4c5..6982dda21b 100644 --- a/src/image/ImagePool.cc +++ b/src/image/ImagePool.cc @@ -89,55 +89,31 @@ ImagePool::ImagePool( SqlDB * db, int ImagePool::allocate ( int uid, - const string& stemplate, + ImageTemplate* img_template, int * oid) { - int rc; Image * img; - string name; - char * error_msg; // --------------------------------------------------------------------- // Build a new Image object // --------------------------------------------------------------------- - img = new Image(uid); - - // --------------------------------------------------------------------- - // Parse template - // --------------------------------------------------------------------- - rc = img->image_template.parse(stemplate, &error_msg); - - if ( rc != 0 ) - { - ostringstream oss; - oss << "ImagePool template parse error: " << error_msg; - NebulaLog::log("IMG", Log::ERROR, oss); - - free(error_msg); - delete img; - - return -1; - } + img = new Image(uid,img_template); img->get_template_attribute("NAME", name); // --------------------------------------------------------------------- // Insert the Object in the pool // --------------------------------------------------------------------- - *oid = PoolSQL::allocate(img); - if ( *oid == -1 ) - { - return -1; - } - // --------------------------------------------------------------------- // Add the image name to the map of image_names // --------------------------------------------------------------------- - - image_names.insert(make_pair(name, *oid)); + if ( *oid != -1 ) + { + image_names.insert(make_pair(name, *oid)); + } return *oid; } diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 6d4bb4289d..c9fd655bcd 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -70,7 +70,6 @@ void RequestManager::VirtualMachineAllocate::execute( //-------------------------------------------------------------------------- // Authorize this request //-------------------------------------------------------------------------- - vm_template = new VirtualMachineTemplate; rc = vm_template->parse(str_template,&error_msg); @@ -129,7 +128,6 @@ void RequestManager::VirtualMachineAllocate::execute( //-------------------------------------------------------------------------- // Allocate the VirtualMAchine //-------------------------------------------------------------------------- - rc = vmpool->allocate(uid,vm_template,&vid,false); if ( rc < 0 ) diff --git a/src/rm/RequestManagerImageAllocate.cc b/src/rm/RequestManagerImageAllocate.cc index 21d88698a1..30f11a105d 100644 --- a/src/rm/RequestManagerImageAllocate.cc +++ b/src/rm/RequestManagerImageAllocate.cc @@ -29,11 +29,14 @@ void RequestManager::ImageAllocate::execute( xmlrpc_c::value * const retval) { string session; - string image_template; + string str_template; + + ImageTemplate * img_template; int iid; int uid; int rc; + char * error_msg = 0; ostringstream oss; @@ -42,15 +45,15 @@ void RequestManager::ImageAllocate::execute( vector arrayData; xmlrpc_c::value_array * arrayresult; - NebulaLog::log("ReM",Log::DEBUG,"ImageAllocate invoked"); - session = xmlrpc_c::value_string(paramList.getString(0)); - image_template = xmlrpc_c::value_string(paramList.getString(1)); - image_template += "\n"; + session = xmlrpc_c::value_string(paramList.getString(0)); + str_template = xmlrpc_c::value_string(paramList.getString(1)); + str_template += "\n"; - - // First, we need to authenticate the user + //-------------------------------------------------------------------------- + // Authorize this request + //-------------------------------------------------------------------------- uid = ImageAllocate::upool->authenticate(session); if ( uid == -1 ) @@ -58,7 +61,39 @@ void RequestManager::ImageAllocate::execute( goto error_authenticate; } - rc = ImageAllocate::ipool->allocate(uid,image_template,&iid); + //-------------------------------------------------------------------------- + // Authorize this request + //-------------------------------------------------------------------------- + img_template = new ImageTemplate; + + rc = img_template->parse(str_template,&error_msg); + + if ( rc != 0 ) + { + goto error_parse; + } + + if ( uid != 0 ) + { + AuthRequest ar(uid); + string t64; + + ar.add_auth(AuthRequest::IMAGE, + img_template->to_xml(t64), + AuthRequest::CREATE, + uid, + false); + + if (UserPool::authorize(ar) == -1) + { + goto error_authorize; + } + } + + //-------------------------------------------------------------------------- + // Allocate the Image + //-------------------------------------------------------------------------- + rc = ImageAllocate::ipool->allocate(uid,img_template,&iid); if ( rc < 0 ) { @@ -81,6 +116,22 @@ error_authenticate: oss.str(authenticate_error(method_name)); goto error_common; +error_authorize: + oss.str(authorization_error(method_name, "CREATE", "IMAGE", uid, -1)); + delete img_template; + goto error_common; + +error_parse: + oss.str(action_error(method_name, "PARSE", "IMAGE TEMPLATE",-2,rc)); + if (error_msg != 0) + { + oss << "Reason: " << error_msg; + free(error_msg); + } + + delete img_template; + goto error_common; + error_allocate: oss.str(action_error(method_name, "CREATE", "IMAGE", -2, rc)); goto error_common; diff --git a/src/rm/RequestManagerVirtualNetworkAllocate.cc b/src/rm/RequestManagerVirtualNetworkAllocate.cc index ddc1e880d8..0592098cdb 100644 --- a/src/rm/RequestManagerVirtualNetworkAllocate.cc +++ b/src/rm/RequestManagerVirtualNetworkAllocate.cc @@ -27,19 +27,18 @@ void RequestManager::VirtualNetworkAllocate::execute( xmlrpc_c::value * const retval) { string session; - string username; - string password; string name; - string stemplate; + string str_template; + + VirtualNetworkTemplate * vn_template; int nid; int uid; int rc; - - User * user; + char * error_msg = 0; ostringstream oss; - + const string method_name = "VirtualNetworkAllocate"; /* -- RPC specific vars -- */ @@ -49,27 +48,52 @@ void RequestManager::VirtualNetworkAllocate::execute( NebulaLog::log("ReM",Log::DEBUG,"VirtualNetworkAllocate method invoked"); // Get the parameters & host - session = xmlrpc_c::value_string(paramList.getString(0)); - stemplate = xmlrpc_c::value_string(paramList.getString(1)); + session = xmlrpc_c::value_string(paramList.getString(0)); + str_template = xmlrpc_c::value_string(paramList.getString(1)); - if ( User::split_secret(session,username,password) != 0 ) + //-------------------------------------------------------------------------- + // Authorize this request + //-------------------------------------------------------------------------- + uid = VirtualNetworkAllocate::upool->authenticate(session); + + if ( uid == -1 ) { goto error_authenticate; } - // Now let's get the user - user = VirtualNetworkAllocate::upool->get(username,true); + //-------------------------------------------------------------------------- + // Authorize this request + //-------------------------------------------------------------------------- + vn_template = new VirtualNetworkTemplate; - if ( user == 0 ) + rc = vn_template->parse(str_template,&error_msg); + + if ( rc != 0 ) { - goto error_get_user; + goto error_parse; } - uid = user->get_uid(); + if ( uid != 0 ) + { + AuthRequest ar(uid); + string t64; - user->unlock(); - - rc = vnpool->allocate(uid,stemplate,&nid); + ar.add_auth(AuthRequest::NET, + vn_template->to_xml(t64), + AuthRequest::CREATE, + uid, + false); + + if (UserPool::authorize(ar) == -1) + { + goto error_authorize; + } + } + + //-------------------------------------------------------------------------- + // Allocate the Virtual Network + //-------------------------------------------------------------------------- + rc = vnpool->allocate(uid,vn_template,&nid); if ( rc < 0 ) { @@ -92,10 +116,22 @@ error_authenticate: oss.str(authenticate_error(method_name)); goto error_common; -error_get_user: - oss.str(get_error(method_name, "USER", -1)); +error_authorize: + oss.str(authorization_error(method_name, "CREATE", "VNET", uid, -1)); + delete vn_template; goto error_common; - + +error_parse: + oss.str(action_error(method_name, "PARSE", "VNET TEMPLATE",-2,rc)); + if (error_msg != 0) + { + oss << "Reason: " << error_msg; + free(error_msg); + } + + delete vn_template; + goto error_common; + error_vn_allocate: oss.str(action_error(method_name, "CREATE", "NET", -2, rc)); goto error_common; diff --git a/src/vnm/VirtualNetwork.cc b/src/vnm/VirtualNetwork.cc index 5020b3fb5b..c7a04e1670 100644 --- a/src/vnm/VirtualNetwork.cc +++ b/src/vnm/VirtualNetwork.cc @@ -29,13 +29,23 @@ /* Virtual Network :: Constructor/Destructor */ /* ************************************************************************** */ -VirtualNetwork::VirtualNetwork(): +VirtualNetwork::VirtualNetwork(VirtualNetworkTemplate *_vn_template): PoolObjectSQL(-1), name(""), uid(-1), bridge(""), type(UNINITIALIZED), - leases(0){}; + leases(0) +{ + if (_vn_template != 0) + { + vn_template = _vn_template; + } + else + { + vn_template = new VirtualNetworkTemplate; + } +}; /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ @@ -46,6 +56,11 @@ VirtualNetwork::~VirtualNetwork() { delete leases; } + + if (vn_template != 0) + { + delete vn_template; + } } /* ************************************************************************** */ @@ -89,7 +104,7 @@ int VirtualNetwork::select_cb(void * nil, int num, char **values, char **names) public_vnet = atoi(values[PUBLIC]); // Virtual Network template ID is the Network ID - vn_template.id = oid; + vn_template->id = oid; return 0; } @@ -128,7 +143,7 @@ int VirtualNetwork::select(SqlDB * db) } //Get the template - rc = vn_template.select(db); + rc = vn_template->select(db); if (rc != 0) { @@ -315,16 +330,16 @@ int VirtualNetwork::insert(SqlDB * db) public_vnet = (pub == "YES"); - vn_template.erase("PUBLIC"); + vn_template->erase("PUBLIC"); // ------------ INSERT THE TEMPLATE -------------------- - if ( vn_template.id == -1 ) + if ( vn_template->id == -1 ) { - vn_template.id = oid; + vn_template->id = oid; } - rc = vn_template.insert(db); + rc = vn_template->insert(db); if ( rc != 0 ) { @@ -425,7 +440,7 @@ error_template: error_update: ose << "Can not update Virtual Network id " << oid; - vn_template.drop(db); + vn_template->drop(db); goto error_common; error_addr: @@ -506,7 +521,7 @@ int VirtualNetwork::vn_drop(SqlDB * db) ostringstream oss; int rc; - vn_template.drop(db); + vn_template->drop(db); if ( leases != 0 ) { @@ -558,7 +573,7 @@ string& VirtualNetwork::to_xml(string& xml) const "" << type << "" << "" << bridge << "" << "" << public_vnet << "" << - vn_template.to_xml(template_xml); + vn_template->to_xml(template_xml); if (leases) { os << leases->to_xml(leases_xml); @@ -596,7 +611,8 @@ string& VirtualNetwork::to_str(string& str) const os << "Bridge : " << bridge << endl; os << "Public : " << public_vnet << endl << endl; - os << "....: Template :...." << vn_template.to_str(template_str) << endl << endl; + os << "....: Template :...." << vn_template->to_str(template_str) << endl << +endl; if (leases) { diff --git a/src/vnm/VirtualNetworkPool.cc b/src/vnm/VirtualNetworkPool.cc index a6e38ee46a..2e6d755e11 100644 --- a/src/vnm/VirtualNetworkPool.cc +++ b/src/vnm/VirtualNetworkPool.cc @@ -71,35 +71,15 @@ VirtualNetworkPool::VirtualNetworkPool(SqlDB * db, int VirtualNetworkPool::allocate ( int uid, - const string& stemplate, + VirtualNetworkTemplate * vn_template, int * oid) { VirtualNetwork * vn; - char * error_msg; - int rc; - // Build a new Virtual Network object - vn = new VirtualNetwork(); + vn = new VirtualNetwork(vn_template); vn->uid = uid; - rc = vn->vn_template.parse(stemplate,&error_msg); - - if ( rc != 0 ) - { - ostringstream oss; - - oss << error_msg; - NebulaLog::log("VNM", Log::ERROR, oss); - free(error_msg); - - delete vn; - - return -1; - } - - // Insert the VN in the pool so we have a valid OID - *oid = PoolSQL::allocate(vn); return *oid;