mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-23 22:50:09 +03:00
Merge branch 'feature-407rm' of git.opennebula.org:one into feature-407rm
Conflicts: src/rm/RequestManager.cc src/rm/SConstruct
This commit is contained in:
Carlos Martín
commit
16aa776f7e
@ -283,7 +283,8 @@ public:
|
||||
INFO, /** Authorization to view an object */
|
||||
INFO_POOL, /** Authorization to view any object in the pool */
|
||||
INFO_POOL_MINE, /** Authorization to view user and/or group objects */
|
||||
INSTANTIATE /** Authorization to instantiate a VM from a TEMPLATE */
|
||||
INSTANTIATE, /** Authorization to instantiate a VM from a TEMPLATE */
|
||||
CHOWN /** Authorization to change ownership of an object */
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
@ -64,11 +64,6 @@ public:
|
||||
return name;
|
||||
};
|
||||
|
||||
int get_uid()
|
||||
{
|
||||
return uid;
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns true if the image is public
|
||||
* @return true if the image is public
|
||||
@ -78,15 +73,14 @@ public:
|
||||
return (public_obj == 1);
|
||||
};
|
||||
|
||||
virtual int set_uid(int _uid)
|
||||
int get_uid()
|
||||
{
|
||||
if( uid == -1 )
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
return uid;
|
||||
};
|
||||
|
||||
void set_uid(int _uid)
|
||||
{
|
||||
uid = _uid;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int get_gid()
|
||||
@ -94,15 +88,9 @@ public:
|
||||
return gid;
|
||||
};
|
||||
|
||||
virtual int set_gid(int _gid)
|
||||
void set_gid(int _gid)
|
||||
{
|
||||
if( gid == -1 )
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
gid = _gid;
|
||||
return 0;
|
||||
};
|
||||
|
||||
/* --------------------------------------------------------------------- */
|
||||
|
||||
@ -102,6 +102,10 @@ void AuthRequest::add_auth(Object ob,
|
||||
case INSTANTIATE:
|
||||
oss << "INSTANTIATE:" ;
|
||||
break;
|
||||
|
||||
case CHOWN:
|
||||
oss << "CHOWN:" ;
|
||||
break;
|
||||
}
|
||||
|
||||
oss << owner << ":" << pub;
|
||||
@ -182,6 +186,8 @@ void AuthRequest::add_auth(Object ob,
|
||||
case INFO_POOL_MINE:
|
||||
auth = true;
|
||||
break;
|
||||
case CHOWN: //true only for oneadmin
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -25,13 +25,14 @@
|
||||
#include "RequestManagerPublish.h"
|
||||
#include "RequestManagerAllocate.h"
|
||||
#include "RequestManagerUpdateTemplate.h"
|
||||
#include "RequestManagerUser.h"
|
||||
#include "RequestManagerChown.h"
|
||||
|
||||
#include "RequestManagerVirtualNetwork.h"
|
||||
#include "RequestManagerVirtualMachine.h"
|
||||
#include "RequestManagerVMTemplate.h"
|
||||
#include "RequestManagerHost.h"
|
||||
#include "RequestManagerImage.h"
|
||||
#include "RequestManagerUser.h"
|
||||
|
||||
#include <sys/signal.h>
|
||||
#include <sys/socket.h>
|
||||
@ -302,47 +303,32 @@ void RequestManager::register_xml_methods()
|
||||
xmlrpc_c::methodPtr image_persistent(new ImagePersistent());
|
||||
xmlrpc_c::methodPtr image_enable(new ImageEnable());
|
||||
|
||||
/*
|
||||
xmlrpc_c::methodPtr vm_chown(new
|
||||
RequestManager::GenericChown(this,AuthRequest::VM));
|
||||
// Chown Methods
|
||||
xmlrpc_c::methodPtr vm_chown(new VirtualMachineChown());
|
||||
xmlrpc_c::methodPtr template_chown(new TemplateChown());
|
||||
xmlrpc_c::methodPtr vn_chown(new VirtualNetworkChown());
|
||||
xmlrpc_c::methodPtr image_chown(new ImageChown());
|
||||
xmlrpc_c::methodPtr host_chown(new HostChown());
|
||||
|
||||
xmlrpc_c::methodPtr template_chown(new
|
||||
RequestManager::GenericChown(this,AuthRequest::TEMPLATE));
|
||||
|
||||
xmlrpc_c::methodPtr vn_chown(new
|
||||
RequestManager::GenericChown(this,AuthRequest::NET));
|
||||
|
||||
xmlrpc_c::methodPtr user_chown(new
|
||||
RequestManager::GenericChown(this,USER));
|
||||
|
||||
xmlrpc_c::methodPtr image_chown(new
|
||||
RequestManager::GenericChown(this,IMAGE));
|
||||
*/
|
||||
/* VM related methods */
|
||||
/*
|
||||
|
||||
RequestManagerRegistry.addMethod("one.vm.chown", vm_chown);
|
||||
*/
|
||||
RequestManagerRegistry.addMethod("one.vm.deploy", vm_deploy);
|
||||
RequestManagerRegistry.addMethod("one.vm.action", vm_action);
|
||||
RequestManagerRegistry.addMethod("one.vm.migrate", vm_migrate);
|
||||
RequestManagerRegistry.addMethod("one.vm.savedisk", vm_savedisk);
|
||||
RequestManagerRegistry.addMethod("one.vm.allocate", vm_allocate);
|
||||
RequestManagerRegistry.addMethod("one.vm.info", vm_info);
|
||||
RequestManagerRegistry.addMethod("one.vm.chown", vm_chown);
|
||||
|
||||
RequestManagerRegistry.addMethod("one.vmpool.info", vm_pool_info);
|
||||
|
||||
/* VM Template related methods*/
|
||||
/*
|
||||
RequestManagerRegistry.addMethod("one.template.chown", template_chown);
|
||||
*/
|
||||
|
||||
RequestManagerRegistry.addMethod("one.template.update", template_update);
|
||||
RequestManagerRegistry.addMethod("one.template.instantiate",template_instantiate);
|
||||
RequestManagerRegistry.addMethod("one.template.allocate",template_allocate);
|
||||
RequestManagerRegistry.addMethod("one.template.publish", template_publish);
|
||||
RequestManagerRegistry.addMethod("one.template.delete", template_delete);
|
||||
RequestManagerRegistry.addMethod("one.template.info", template_info);
|
||||
RequestManagerRegistry.addMethod("one.template.chown", template_chown);
|
||||
|
||||
RequestManagerRegistry.addMethod("one.templatepool.info",template_pool_info);
|
||||
|
||||
@ -353,11 +339,11 @@ void RequestManager::register_xml_methods()
|
||||
RequestManagerRegistry.addMethod("one.host.allocate", host_allocate);
|
||||
RequestManagerRegistry.addMethod("one.host.delete", host_delete);
|
||||
RequestManagerRegistry.addMethod("one.host.info", host_info);
|
||||
RequestManagerRegistry.addMethod("one.host.chown", host_chown);
|
||||
|
||||
RequestManagerRegistry.addMethod("one.hostpool.info", hostpool_info);
|
||||
|
||||
/* Group related methods */
|
||||
// RequestManagerRegistry.addMethod("one.group.chown", group_chown);
|
||||
RequestManagerRegistry.addMethod("one.group.allocate", group_allocate);
|
||||
RequestManagerRegistry.addMethod("one.group.delete", group_delete);
|
||||
RequestManagerRegistry.addMethod("one.group.info", group_info);
|
||||
@ -365,22 +351,19 @@ void RequestManager::register_xml_methods()
|
||||
RequestManagerRegistry.addMethod("one.grouppool.info", grouppool_info);
|
||||
|
||||
/* Network related methods*/
|
||||
/*
|
||||
RequestManagerRegistry.addMethod("one.vn.chown", vn_chown);
|
||||
*/
|
||||
RequestManagerRegistry.addMethod("one.vn.addleases", vn_addleases);
|
||||
RequestManagerRegistry.addMethod("one.vn.rmleases", vn_rmleases);
|
||||
RequestManagerRegistry.addMethod("one.vn.allocate", vn_allocate);
|
||||
RequestManagerRegistry.addMethod("one.vn.publish", vn_publish);
|
||||
RequestManagerRegistry.addMethod("one.vn.delete", vn_delete);
|
||||
RequestManagerRegistry.addMethod("one.vn.info", vn_info);
|
||||
RequestManagerRegistry.addMethod("one.vn.chown", vn_chown);
|
||||
|
||||
RequestManagerRegistry.addMethod("one.vnpool.info", vnpool_info);
|
||||
|
||||
|
||||
/* User related methods*/
|
||||
/*
|
||||
RequestManagerRegistry.addMethod("one.user.chown", user_chown);
|
||||
*/
|
||||
RequestManagerRegistry.addMethod("one.user.allocate", user_allocate);
|
||||
RequestManagerRegistry.addMethod("one.user.delete", user_delete);
|
||||
@ -395,14 +378,12 @@ void RequestManager::register_xml_methods()
|
||||
|
||||
RequestManagerRegistry.addMethod("one.image.persistent", image_persistent);
|
||||
RequestManagerRegistry.addMethod("one.image.enable", image_enable);
|
||||
/*
|
||||
RequestManagerRegistry.addMethod("one.image.chown", image_chown);
|
||||
*/
|
||||
RequestManagerRegistry.addMethod("one.image.update", image_update);
|
||||
RequestManagerRegistry.addMethod("one.image.allocate", image_allocate);
|
||||
RequestManagerRegistry.addMethod("one.image.publish", image_publish);
|
||||
RequestManagerRegistry.addMethod("one.image.delete", image_delete);
|
||||
RequestManagerRegistry.addMethod("one.image.info", image_info);
|
||||
RequestManagerRegistry.addMethod("one.image.chown", image_chown);
|
||||
|
||||
RequestManagerRegistry.addMethod("one.imagepool.info", imagepool_info);
|
||||
};
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
/* limitations under the License. */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
#include "RequestManager.h"
|
||||
#include "RequestManagerChown.h"
|
||||
|
||||
#include "NebulaLog.h"
|
||||
#include "Nebula.h"
|
||||
@ -22,233 +22,69 @@
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
void RequestManager::GenericChown::execute(
|
||||
xmlrpc_c::paramList const& paramList,
|
||||
xmlrpc_c::value * const retval)
|
||||
void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList)
|
||||
{
|
||||
string session;
|
||||
int oid = xmlrpc_c::value_int(paramList.getInt(1));
|
||||
int noid = xmlrpc_c::value_int(paramList.getInt(2));
|
||||
int ngid = xmlrpc_c::value_int(paramList.getInt(3));
|
||||
|
||||
int uid, obj_owner, group_owner;
|
||||
int oid, ownid, gid;
|
||||
int rc;
|
||||
PoolObjectSQL * object;
|
||||
string str;
|
||||
|
||||
PoolObjectSQL * obj = 0;
|
||||
User * user = 0;
|
||||
Group * group = 0;
|
||||
Nebula& nd = Nebula::instance();
|
||||
GroupPool * gpool = nd.get_gpool();
|
||||
UserPool * upool = nd.get_upool();
|
||||
|
||||
vector<xmlrpc_c::value> arrayData;
|
||||
xmlrpc_c::value_array * arrayresult;
|
||||
|
||||
ostringstream oss;
|
||||
|
||||
PoolSQL * pool = rm->get_pool(ob);
|
||||
string method_name = rm->get_method_prefix(ob) + "Chown";
|
||||
string obj_name = rm->get_object_name(ob);
|
||||
|
||||
|
||||
oss << method_name << " invoked";
|
||||
|
||||
NebulaLog::log("ReM",Log::DEBUG,oss);
|
||||
oss.str("");
|
||||
|
||||
session = xmlrpc_c::value_string (paramList.getString(0));
|
||||
oid = xmlrpc_c::value_int (paramList.getInt(1));
|
||||
ownid = xmlrpc_c::value_int (paramList.getInt(2));
|
||||
gid = xmlrpc_c::value_int (paramList.getInt(3));
|
||||
|
||||
// First, we need to authenticate the user
|
||||
uid = rm->upool->authenticate(session);
|
||||
|
||||
if ( uid == -1 )
|
||||
if ( basic_authorization(oid) == false )
|
||||
{
|
||||
goto error_authenticate;
|
||||
return;
|
||||
}
|
||||
|
||||
// Get object from the pool
|
||||
obj = pool->get(oid,true);
|
||||
// ------------- Check new user and group id's ---------------------
|
||||
|
||||
if ( obj == 0 )
|
||||
if ( noid < 0 )
|
||||
{
|
||||
goto error_get;
|
||||
failure_response(XML_RPC_API,"Wrong User ID"); //TODO
|
||||
return;
|
||||
}
|
||||
else if ( upool->get(noid,false) == 0 )
|
||||
{
|
||||
failure_response(NO_EXISTS,
|
||||
get_error(object_name(AuthRequest::USER),noid));
|
||||
return;
|
||||
}
|
||||
|
||||
obj_owner = obj->get_uid();
|
||||
|
||||
obj->unlock();
|
||||
obj = 0;
|
||||
|
||||
// Get destination group
|
||||
if( gid > -1 )
|
||||
if ( ngid < 0 )
|
||||
{
|
||||
group = rm->gpool->get(gid, true);
|
||||
if( group == 0 )
|
||||
{
|
||||
goto error_group_get;
|
||||
}
|
||||
|
||||
group_owner = group->get_uid();
|
||||
|
||||
group->unlock();
|
||||
group = 0;
|
||||
failure_response(XML_RPC_API,"Wrong Group ID");
|
||||
return;
|
||||
}
|
||||
else if ( gpool->get(ngid,false) == 0 )
|
||||
{
|
||||
failure_response(NO_EXISTS,
|
||||
get_error(object_name(AuthRequest::GROUP),ngid));
|
||||
return;
|
||||
}
|
||||
|
||||
// ------------- Update the object ---------------------
|
||||
|
||||
if ( uid != 0 ) // uid == 0 means oneadmin
|
||||
{
|
||||
AuthRequest ar(uid);
|
||||
object = pool->get(oid,true);
|
||||
|
||||
ar.add_auth(ob, // Object
|
||||
oid, // Object id
|
||||
AuthRequest::MANAGE, // Action
|
||||
obj_owner, // Owner
|
||||
false); // Public
|
||||
if ( object == 0 )
|
||||
{
|
||||
failure_response(NO_EXISTS, get_error(object_name(auth_object),oid));
|
||||
return;
|
||||
}
|
||||
|
||||
if( ownid > -1 )
|
||||
{
|
||||
ar.add_auth(AuthRequest::USER, // Object
|
||||
ownid, // Object id
|
||||
AuthRequest::MANAGE, // Action
|
||||
ownid, // Owner
|
||||
false); // Public
|
||||
}
|
||||
object->set_uid(noid);
|
||||
object->set_gid(ngid);
|
||||
|
||||
if( gid > -1 )
|
||||
{
|
||||
ar.add_auth(AuthRequest::GROUP, // Object
|
||||
gid, // Object id
|
||||
AuthRequest::MANAGE, // Action
|
||||
group_owner, // Owner
|
||||
false); // Public
|
||||
}
|
||||
pool->update(object);
|
||||
|
||||
if (UserPool::authorize(ar) == -1)
|
||||
{
|
||||
goto error_authorize;
|
||||
}
|
||||
}
|
||||
object->unlock();
|
||||
|
||||
// Check destination user exists
|
||||
if( ownid > -1 )
|
||||
{
|
||||
user = rm->upool->get(ownid, true);
|
||||
if( user == 0 )
|
||||
{
|
||||
goto error_user_get;
|
||||
}
|
||||
|
||||
user->unlock();
|
||||
}
|
||||
|
||||
// Get the object locked again
|
||||
obj = pool->get(oid,true);
|
||||
|
||||
if ( obj == 0 )
|
||||
{
|
||||
goto error_get;
|
||||
}
|
||||
|
||||
if( ownid > -1 )
|
||||
{
|
||||
rc = obj->set_uid(ownid);
|
||||
|
||||
if( rc != 0 )
|
||||
{
|
||||
goto error_set_uid;
|
||||
}
|
||||
}
|
||||
if( gid > -1 )
|
||||
{
|
||||
rc = obj->set_gid(gid);
|
||||
|
||||
if( rc != 0 )
|
||||
{
|
||||
goto error_set_gid;
|
||||
}
|
||||
}
|
||||
|
||||
pool->update(obj);
|
||||
|
||||
obj->unlock();
|
||||
|
||||
arrayData.push_back(xmlrpc_c::value_boolean(true));
|
||||
|
||||
// Copy arrayresult into retval mem space
|
||||
arrayresult = new xmlrpc_c::value_array(arrayData);
|
||||
*retval = *arrayresult;
|
||||
|
||||
delete arrayresult; // and get rid of the original
|
||||
|
||||
return;
|
||||
|
||||
error_authenticate:
|
||||
oss.str(authenticate_error(method_name));
|
||||
goto error_common;
|
||||
|
||||
error_get:
|
||||
oss.str(get_error(method_name, obj_name, oid));
|
||||
goto error_common;
|
||||
|
||||
error_authorize:
|
||||
// TODO: get real error from UserPool::authorize
|
||||
oss.str(authorization_error(method_name, "MANAGE", obj_name, uid, oid));
|
||||
goto error_common;
|
||||
|
||||
error_user_get:
|
||||
oss.str(get_error(method_name,
|
||||
rm->get_object_name(AuthRequest::USER),
|
||||
ownid));
|
||||
|
||||
goto error_common;
|
||||
|
||||
error_group_get:
|
||||
oss.str(get_error(method_name,
|
||||
rm->get_object_name(AuthRequest::GROUP),
|
||||
gid));
|
||||
|
||||
goto error_common;
|
||||
|
||||
error_set_uid:
|
||||
oss.str(action_error(method_name, "SET_UID", obj_name, oid, rc));
|
||||
|
||||
goto error_common;
|
||||
|
||||
error_set_gid:
|
||||
oss.str(action_error(method_name, "SET_GID", obj_name, oid, rc));
|
||||
|
||||
if( ownid > -1 ) // restore owner user
|
||||
{
|
||||
obj->set_uid(obj_owner);
|
||||
}
|
||||
|
||||
goto error_common;
|
||||
|
||||
error_common:
|
||||
if( obj != 0 )
|
||||
{
|
||||
obj->unlock();
|
||||
}
|
||||
|
||||
if( group != 0 )
|
||||
{
|
||||
group->unlock();
|
||||
}
|
||||
|
||||
if( user != 0 )
|
||||
{
|
||||
user->unlock();
|
||||
}
|
||||
|
||||
arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE
|
||||
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
|
||||
|
||||
NebulaLog::log("ReM",Log::ERROR,oss);
|
||||
|
||||
xmlrpc_c::value_array arrayresult_error(arrayData);
|
||||
|
||||
*retval = arrayresult_error;
|
||||
success_response(oid);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
@ -37,6 +37,7 @@ source_files=[
|
||||
'RequestManagerUser.cc',
|
||||
'RequestManagerHost.cc',
|
||||
'RequestManagerImage.cc',
|
||||
'RequestManagerChown.cc',
|
||||
|
||||
# 'RequestManagerAction.cc',
|
||||
# 'RequestManagerAllocate.cc',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user