shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-22 18:50:08 +03:00
Code Releases Wiki Activity

feature #203: Image use AuthManager

Browse Source
This commit is contained in:
Tino Vázquez 2010-07-09 19:29:41 +02:00
parent 1953d814f6
commit 0efe68bff1
6 changed files with 125 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/rm/RequestManagerImageDelete.cc
View File

@ -15,10 +15,12 @@
/* -------------------------------------------------------------------------- */
#include "RequestManager.h"
#include "NebulaLog.h"
#include "NebulaLog.h"
#include "Nebula.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -55,6 +57,19 @@ void RequestManager::ImageDelete::execute(
}
uid = rc;
//Authorize the operation
if ( uid != 0 ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(AuthRequest::IMAGE,iid,AuthRequest::DELETE,0,false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Get image from the ImagePool
image = ImageDelete::ipool->get(iid,true);
@ -64,11 +79,6 @@ void RequestManager::ImageDelete::execute(
goto error_image_get;
}
if ( uid != 0 && uid != image->get_uid() )
{
goto error_authorization;
}
rc = ImageDelete::ipool->drop(image);
if ( rc < 0 )
@ -98,9 +108,8 @@ error_image_get:
oss << "Error getting image with ID = " << iid;
goto error_common;
error_authorization:
error_authorize:
oss << "User not authorized to delete image, aborting ImageDelete call.";
image->unlock();
goto error_common;
error_delete:

25
src/rm/RequestManagerImageEnable.cc
View File

@ -15,10 +15,12 @@
/* -------------------------------------------------------------------------- */
#include "RequestManager.h"
#include "NebulaLog.h"
#include "NebulaLog.h"
#include "Nebula.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -57,6 +59,19 @@ void RequestManager::ImageEnable::execute(
uid = rc;
//Authorize the operation
if ( uid != 0 ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(AuthRequest::IMAGE,iid,AuthRequest::MANAGE,0,false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Get image from the ImagePool
image = ImageEnable::ipool->get(iid,true);
@ -65,11 +80,6 @@ void RequestManager::ImageEnable::execute(
goto error_image_get;
}
if ( uid != 0 && uid != image->get_uid() )
{
goto error_authorization;
}
rc = image->enable(enable_flag);
if ( rc < 0 )
@ -101,10 +111,9 @@ error_image_get:
oss << "[ImageEnable] Error getting image with ID = " << iid;
goto error_common;
error_authorization:
error_authorize:
oss << "[ImageEnable] User not authorized to enable/disable image" <<
" attributes, aborting call.";
image->unlock();
goto error_common;
error_enable:

33
src/rm/RequestManagerImageInfo.cc
View File

@ -17,6 +17,8 @@
#include "RequestManager.h"
#include "NebulaLog.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -27,8 +29,8 @@ void RequestManager::ImageInfo::execute(
string session;
int iid;
int uid;
int rc;
int uid; // Image owner user id
int rc; // Requesting user id
Image * image;
ostringstream oss;
@ -56,10 +58,27 @@ void RequestManager::ImageInfo::execute(
// Check if it is a valid user
rc = ImageInfo::upool->authenticate(session);
if ( rc != 0 && rc != uid && !image->isPublic())
if ( rc == -1 )
{
goto error_authenticate;
}
//Authorize the operation
if ( rc != 0 ) // rc == 0 means oneadmin
{
AuthRequest ar(rc);
ar.add_auth(AuthRequest::IMAGE,
iid,
AuthRequest::USE,
0,
image->isPublic());
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
oss << *image;
@ -82,13 +101,17 @@ error_image_get:
goto error_common;
error_authenticate:
oss << "User doesn't exist, or not authorized to use image with " <<
oss << "Cannot authenticate user, aborting ImageInfo call.";
image->unlock();
goto error_common;
error_authorize:
oss << "User not authorized to use image with " <<
"ID = " << iid << " , ImageInfo call aborted.";
image->unlock();
goto error_common;
error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE
arrayData.push_back(xmlrpc_c::value_string(oss.str()));

29
src/rm/RequestManagerImagePublish.cc
View File

@ -15,10 +15,12 @@
/* -------------------------------------------------------------------------- */
#include "RequestManager.h"
#include "NebulaLog.h"
#include "NebulaLog.h"
#include "Nebula.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -57,6 +59,23 @@ void RequestManager::ImagePublish::execute(
uid = rc;
//Authorize the operation
if ( uid != 0 ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(AuthRequest::IMAGE,
iid,
AuthRequest::MANAGE,
0,
image->isPublic());
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Get image from the ImagePool
image = ImagePublish::ipool->get(iid,true);
@ -65,11 +84,6 @@ void RequestManager::ImagePublish::execute(
goto error_image_get;
}
if ( uid != 0 && uid != image->get_uid() )
{
goto error_authorization;
}
image->publish(publish_flag);
ImagePublish::ipool->update(image);
@ -95,10 +109,9 @@ error_image_get:
oss << "[ImagePublish] Error getting image with ID = " << iid;
goto error_common;
error_authorization:
error_authorize:
oss << "[ImagePublish] User not authorized to publish/unpublish image" <<
", aborting call.";
image->unlock();
goto error_common;
error_common:

30
src/rm/RequestManagerImageRemoveAttribute.cc
View File

@ -15,10 +15,12 @@
/* -------------------------------------------------------------------------- */
#include "RequestManager.h"
#include "NebulaLog.h"
#include "NebulaLog.h"
#include "Nebula.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -56,6 +58,23 @@ void RequestManager::ImageRemoveAttribute::execute(
}
uid = rc;
//Authorize the operation
if ( uid != 0 ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(AuthRequest::IMAGE,
iid,
AuthRequest::MANAGE,
0,
image->isPublic());
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Get image from the ImagePool
image = ImageRemoveAttribute::ipool->get(iid,true);
@ -65,12 +84,6 @@ void RequestManager::ImageRemoveAttribute::execute(
goto error_image_get;
}
if ( uid != 0 && uid != image->get_uid() )
{
goto error_authorization;
}
rc = ImageRemoveAttribute::ipool->remove_attribute(image, name);
if ( rc < 0 )
@ -99,10 +112,9 @@ error_image_get:
oss << "[ImageRemoveAttribute] Error getting image with ID = " << iid;
goto error_common;
error_authorization:
error_authorize:
oss << "[ImageRemoveAttribute] User not authorized to remove image" <<
" attributes aborting call.";
image->unlock();
goto error_common;
error_remove_attribute:

29
src/rm/RequestManagerImageUpdate.cc
View File

@ -15,10 +15,12 @@
/* -------------------------------------------------------------------------- */
#include "RequestManager.h"
#include "NebulaLog.h"
#include "NebulaLog.h"
#include "Nebula.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -58,6 +60,23 @@ void RequestManager::ImageUpdate::execute(
}
uid = rc;
//Authorize the operation
if ( uid != 0 ) // uid == 0 means oneadmin
{
AuthRequest ar(uid);
ar.add_auth(AuthRequest::IMAGE,
iid,
AuthRequest::MANAGE,
0,
image->isPublic());
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// Get image from the ImagePool
image = ImageUpdate::ipool->get(iid,true);
@ -67,11 +86,6 @@ void RequestManager::ImageUpdate::execute(
goto error_image_get;
}
if ( uid != 0 && uid != image->get_uid() )
{
goto error_authorization;
}
// This will perform the update on the DB as well,
// so no need to do it manually
rc = ImageUpdate::ipool->replace_attribute(image, name, value);
@ -102,10 +116,9 @@ error_image_get:
oss << "Error getting image with ID = " << iid;
goto error_common;
error_authorization:
error_authorize:
oss << "User not authorized to modify image attributes " <<
", aborting ImageUpdate call.";
image->unlock();
goto error_common;
error_update: