feature #4714: check group membership for EGID. Expose new interface

2025-03-29 18:50:08 +03:00 · 2016-08-31 15:48:05 +02:00 · 2016-08-31 15:48:05 +02:00 · 0f7c78da6a
commit 0f7c78da6a
parent 27c5a7ea48
2 changed files with 14 additions and 3 deletions
--- a/src/oca/ruby/opennebula/user.rb
+++ b/src/oca/ruby/opennebula/user.rb
@ -192,15 +192,17 @@ module OpenNebula

        # Sets the LOGIN_TOKEN for the user
        #
-        # @param username [String] of the user
+        # @param uname [String] of the user
        # @param token [String] the login token, if empty OpenNebula will
        #   generate one
        # @param expire [String] valid period of the token in secs. If <= 0
        #   the token will be reset
+        # @param egid [Integer] Effective GID to use with this token. To use
+        # the current GID and user groups set it to -1
        # @return [String, OpenNebula::Error] token in case of success, Error
        #   otherwise
-        def login(username, token, expire)
-            return @client.call(USER_METHODS[:login], username, token, expire)
+        def login(uname, token, expire, egid = -1)
+            return @client.call(USER_METHODS[:login], uname, token, expire, egi)
        end

        #######################################################################
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@ -504,6 +504,15 @@ void UserLogin::request_execute(xmlrpc_c::paramList const& paramList,
    }
    else if (valid > 0 || valid == -1)
    {
+        if ( egid != -1 && user->get_groups().count(egid) == 0 )
+        {
+            att.resp_msg = "EGID is not in user group list";
+            failure_response(XML_RPC_API,  att);
+
+            user->unlock();
+            return;
+        }
+
        if ( user->login_tokens.set(token, valid, egid) != 0 )
        {
            att.resp_msg = "Max number of tokens limit reached.";