diff --git a/include/AuthManager.h b/include/AuthManager.h index a609519e09..106497d2ee 100644 --- a/include/AuthManager.h +++ b/include/AuthManager.h @@ -283,7 +283,8 @@ public: INFO, /** Authorization to view an object */ INFO_POOL, /** Authorization to view any object in the pool */ INFO_POOL_MINE, /** Authorization to view user and/or group objects */ - INSTANTIATE /** Authorization to instantiate a VM from a TEMPLATE */ + INSTANTIATE, /** Authorization to instantiate a VM from a TEMPLATE */ + CHOWN /** Authorization to change ownership of an object */ }; /** diff --git a/include/PoolObjectSQL.h b/include/PoolObjectSQL.h index 83dd4e80ba..f90dcdfdd9 100644 --- a/include/PoolObjectSQL.h +++ b/include/PoolObjectSQL.h @@ -64,11 +64,6 @@ public: return name; }; - int get_uid() - { - return uid; - }; - /** * Returns true if the image is public * @return true if the image is public @@ -78,15 +73,14 @@ public: return (public_obj == 1); }; - virtual int set_uid(int _uid) + int get_uid() { - if( uid == -1 ) - { - return -1; - } + return uid; + }; + void set_uid(int _uid) + { uid = _uid; - return 0; } int get_gid() @@ -94,15 +88,9 @@ public: return gid; }; - virtual int set_gid(int _gid) + void set_gid(int _gid) { - if( gid == -1 ) - { - return -1; - } - gid = _gid; - return 0; }; /* --------------------------------------------------------------------- */ diff --git a/src/authm/AuthManager.cc b/src/authm/AuthManager.cc index 22f35242ae..0753d69f85 100644 --- a/src/authm/AuthManager.cc +++ b/src/authm/AuthManager.cc @@ -102,6 +102,10 @@ void AuthRequest::add_auth(Object ob, case INSTANTIATE: oss << "INSTANTIATE:" ; break; + + case CHOWN: + oss << "CHOWN:" ; + break; } oss << owner << ":" << pub; @@ -182,6 +186,8 @@ void AuthRequest::add_auth(Object ob, case INFO_POOL_MINE: auth = true; break; + case CHOWN: //true only for oneadmin + break; } } diff --git a/src/rm/RequestManager.cc b/src/rm/RequestManager.cc index 6df23ba5b2..42b5f8d0e0 100644 --- a/src/rm/RequestManager.cc +++ b/src/rm/RequestManager.cc @@ -25,13 +25,14 @@ #include "RequestManagerPublish.h" #include "RequestManagerAllocate.h" #include "RequestManagerUpdateTemplate.h" -#include "RequestManagerUser.h" +#include "RequestManagerChown.h" #include "RequestManagerVirtualNetwork.h" #include "RequestManagerVirtualMachine.h" #include "RequestManagerVMTemplate.h" #include "RequestManagerHost.h" #include "RequestManagerImage.h" +#include "RequestManagerUser.h" #include #include @@ -302,47 +303,32 @@ void RequestManager::register_xml_methods() xmlrpc_c::methodPtr image_persistent(new ImagePersistent()); xmlrpc_c::methodPtr image_enable(new ImageEnable()); -/* - xmlrpc_c::methodPtr vm_chown(new - RequestManager::GenericChown(this,AuthRequest::VM)); + // Chown Methods + xmlrpc_c::methodPtr vm_chown(new VirtualMachineChown()); + xmlrpc_c::methodPtr template_chown(new TemplateChown()); + xmlrpc_c::methodPtr vn_chown(new VirtualNetworkChown()); + xmlrpc_c::methodPtr image_chown(new ImageChown()); + xmlrpc_c::methodPtr host_chown(new HostChown()); - xmlrpc_c::methodPtr template_chown(new - RequestManager::GenericChown(this,AuthRequest::TEMPLATE)); - - xmlrpc_c::methodPtr vn_chown(new - RequestManager::GenericChown(this,AuthRequest::NET)); - - xmlrpc_c::methodPtr user_chown(new - RequestManager::GenericChown(this,USER)); - - xmlrpc_c::methodPtr image_chown(new - RequestManager::GenericChown(this,IMAGE)); -*/ /* VM related methods */ -/* - - RequestManagerRegistry.addMethod("one.vm.chown", vm_chown); -*/ RequestManagerRegistry.addMethod("one.vm.deploy", vm_deploy); RequestManagerRegistry.addMethod("one.vm.action", vm_action); RequestManagerRegistry.addMethod("one.vm.migrate", vm_migrate); RequestManagerRegistry.addMethod("one.vm.savedisk", vm_savedisk); RequestManagerRegistry.addMethod("one.vm.allocate", vm_allocate); RequestManagerRegistry.addMethod("one.vm.info", vm_info); + RequestManagerRegistry.addMethod("one.vm.chown", vm_chown); RequestManagerRegistry.addMethod("one.vmpool.info", vm_pool_info); /* VM Template related methods*/ -/* - RequestManagerRegistry.addMethod("one.template.chown", template_chown); -*/ - RequestManagerRegistry.addMethod("one.template.update", template_update); RequestManagerRegistry.addMethod("one.template.instantiate",template_instantiate); RequestManagerRegistry.addMethod("one.template.allocate",template_allocate); RequestManagerRegistry.addMethod("one.template.publish", template_publish); RequestManagerRegistry.addMethod("one.template.delete", template_delete); RequestManagerRegistry.addMethod("one.template.info", template_info); + RequestManagerRegistry.addMethod("one.template.chown", template_chown); RequestManagerRegistry.addMethod("one.templatepool.info",template_pool_info); @@ -353,11 +339,11 @@ void RequestManager::register_xml_methods() RequestManagerRegistry.addMethod("one.host.allocate", host_allocate); RequestManagerRegistry.addMethod("one.host.delete", host_delete); RequestManagerRegistry.addMethod("one.host.info", host_info); + RequestManagerRegistry.addMethod("one.host.chown", host_chown); RequestManagerRegistry.addMethod("one.hostpool.info", hostpool_info); /* Group related methods */ -// RequestManagerRegistry.addMethod("one.group.chown", group_chown); RequestManagerRegistry.addMethod("one.group.allocate", group_allocate); RequestManagerRegistry.addMethod("one.group.delete", group_delete); RequestManagerRegistry.addMethod("one.group.info", group_info); @@ -365,22 +351,19 @@ void RequestManager::register_xml_methods() RequestManagerRegistry.addMethod("one.grouppool.info", grouppool_info); /* Network related methods*/ -/* - RequestManagerRegistry.addMethod("one.vn.chown", vn_chown); -*/ RequestManagerRegistry.addMethod("one.vn.addleases", vn_addleases); RequestManagerRegistry.addMethod("one.vn.rmleases", vn_rmleases); RequestManagerRegistry.addMethod("one.vn.allocate", vn_allocate); RequestManagerRegistry.addMethod("one.vn.publish", vn_publish); RequestManagerRegistry.addMethod("one.vn.delete", vn_delete); RequestManagerRegistry.addMethod("one.vn.info", vn_info); + RequestManagerRegistry.addMethod("one.vn.chown", vn_chown); RequestManagerRegistry.addMethod("one.vnpool.info", vnpool_info); /* User related methods*/ /* - RequestManagerRegistry.addMethod("one.user.chown", user_chown); */ RequestManagerRegistry.addMethod("one.user.allocate", user_allocate); RequestManagerRegistry.addMethod("one.user.delete", user_delete); @@ -395,14 +378,12 @@ void RequestManager::register_xml_methods() RequestManagerRegistry.addMethod("one.image.persistent", image_persistent); RequestManagerRegistry.addMethod("one.image.enable", image_enable); -/* - RequestManagerRegistry.addMethod("one.image.chown", image_chown); -*/ RequestManagerRegistry.addMethod("one.image.update", image_update); RequestManagerRegistry.addMethod("one.image.allocate", image_allocate); RequestManagerRegistry.addMethod("one.image.publish", image_publish); RequestManagerRegistry.addMethod("one.image.delete", image_delete); RequestManagerRegistry.addMethod("one.image.info", image_info); + RequestManagerRegistry.addMethod("one.image.chown", image_chown); RequestManagerRegistry.addMethod("one.imagepool.info", imagepool_info); }; diff --git a/src/rm/RequestManagerChown.cc b/src/rm/RequestManagerChown.cc index c303b48f5d..d92c3afd89 100644 --- a/src/rm/RequestManagerChown.cc +++ b/src/rm/RequestManagerChown.cc @@ -14,7 +14,7 @@ /* limitations under the License. */ /* -------------------------------------------------------------------------- */ -#include "RequestManager.h" +#include "RequestManagerChown.h" #include "NebulaLog.h" #include "Nebula.h" @@ -22,233 +22,69 @@ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -void RequestManager::GenericChown::execute( - xmlrpc_c::paramList const& paramList, - xmlrpc_c::value * const retval) +void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList) { - string session; + int oid = xmlrpc_c::value_int(paramList.getInt(1)); + int noid = xmlrpc_c::value_int(paramList.getInt(2)); + int ngid = xmlrpc_c::value_int(paramList.getInt(3)); - int uid, obj_owner, group_owner; - int oid, ownid, gid; - int rc; + PoolObjectSQL * object; + string str; - PoolObjectSQL * obj = 0; - User * user = 0; - Group * group = 0; + Nebula& nd = Nebula::instance(); + GroupPool * gpool = nd.get_gpool(); + UserPool * upool = nd.get_upool(); - vector arrayData; - xmlrpc_c::value_array * arrayresult; - - ostringstream oss; - - PoolSQL * pool = rm->get_pool(ob); - string method_name = rm->get_method_prefix(ob) + "Chown"; - string obj_name = rm->get_object_name(ob); - - - oss << method_name << " invoked"; - - NebulaLog::log("ReM",Log::DEBUG,oss); - oss.str(""); - - session = xmlrpc_c::value_string (paramList.getString(0)); - oid = xmlrpc_c::value_int (paramList.getInt(1)); - ownid = xmlrpc_c::value_int (paramList.getInt(2)); - gid = xmlrpc_c::value_int (paramList.getInt(3)); - - // First, we need to authenticate the user - uid = rm->upool->authenticate(session); - - if ( uid == -1 ) + if ( basic_authorization(oid) == false ) { - goto error_authenticate; + return; } - // Get object from the pool - obj = pool->get(oid,true); + // ------------- Check new user and group id's --------------------- - if ( obj == 0 ) + if ( noid < 0 ) { - goto error_get; + failure_response(XML_RPC_API,"Wrong User ID"); //TODO + return; + } + else if ( upool->get(noid,false) == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(AuthRequest::USER),noid)); + return; } - obj_owner = obj->get_uid(); - - obj->unlock(); - obj = 0; - - // Get destination group - if( gid > -1 ) + if ( ngid < 0 ) { - group = rm->gpool->get(gid, true); - if( group == 0 ) - { - goto error_group_get; - } - - group_owner = group->get_uid(); - - group->unlock(); - group = 0; + failure_response(XML_RPC_API,"Wrong Group ID"); + return; + } + else if ( gpool->get(ngid,false) == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(AuthRequest::GROUP),ngid)); + return; } + // ------------- Update the object --------------------- - if ( uid != 0 ) // uid == 0 means oneadmin - { - AuthRequest ar(uid); + object = pool->get(oid,true); - ar.add_auth(ob, // Object - oid, // Object id - AuthRequest::MANAGE, // Action - obj_owner, // Owner - false); // Public + if ( object == 0 ) + { + failure_response(NO_EXISTS, get_error(object_name(auth_object),oid)); + return; + } - if( ownid > -1 ) - { - ar.add_auth(AuthRequest::USER, // Object - ownid, // Object id - AuthRequest::MANAGE, // Action - ownid, // Owner - false); // Public - } + object->set_uid(noid); + object->set_gid(ngid); - if( gid > -1 ) - { - ar.add_auth(AuthRequest::GROUP, // Object - gid, // Object id - AuthRequest::MANAGE, // Action - group_owner, // Owner - false); // Public - } + pool->update(object); - if (UserPool::authorize(ar) == -1) - { - goto error_authorize; - } - } + object->unlock(); - // Check destination user exists - if( ownid > -1 ) - { - user = rm->upool->get(ownid, true); - if( user == 0 ) - { - goto error_user_get; - } - - user->unlock(); - } - - // Get the object locked again - obj = pool->get(oid,true); - - if ( obj == 0 ) - { - goto error_get; - } - - if( ownid > -1 ) - { - rc = obj->set_uid(ownid); - - if( rc != 0 ) - { - goto error_set_uid; - } - } - if( gid > -1 ) - { - rc = obj->set_gid(gid); - - if( rc != 0 ) - { - goto error_set_gid; - } - } - - pool->update(obj); - - obj->unlock(); - - arrayData.push_back(xmlrpc_c::value_boolean(true)); - - // Copy arrayresult into retval mem space - arrayresult = new xmlrpc_c::value_array(arrayData); - *retval = *arrayresult; - - delete arrayresult; // and get rid of the original - - return; - -error_authenticate: - oss.str(authenticate_error(method_name)); - goto error_common; - -error_get: - oss.str(get_error(method_name, obj_name, oid)); - goto error_common; - -error_authorize: - // TODO: get real error from UserPool::authorize - oss.str(authorization_error(method_name, "MANAGE", obj_name, uid, oid)); - goto error_common; - -error_user_get: - oss.str(get_error(method_name, - rm->get_object_name(AuthRequest::USER), - ownid)); - - goto error_common; - -error_group_get: - oss.str(get_error(method_name, - rm->get_object_name(AuthRequest::GROUP), - gid)); - - goto error_common; - -error_set_uid: - oss.str(action_error(method_name, "SET_UID", obj_name, oid, rc)); - - goto error_common; - -error_set_gid: - oss.str(action_error(method_name, "SET_GID", obj_name, oid, rc)); - - if( ownid > -1 ) // restore owner user - { - obj->set_uid(obj_owner); - } - - goto error_common; - -error_common: - if( obj != 0 ) - { - obj->unlock(); - } - - if( group != 0 ) - { - group->unlock(); - } - - if( user != 0 ) - { - user->unlock(); - } - - arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE - arrayData.push_back(xmlrpc_c::value_string(oss.str())); - - NebulaLog::log("ReM",Log::ERROR,oss); - - xmlrpc_c::value_array arrayresult_error(arrayData); - - *retval = arrayresult_error; + success_response(oid); return; } -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ diff --git a/src/rm/SConstruct b/src/rm/SConstruct index 502a9fe373..a025765a41 100644 --- a/src/rm/SConstruct +++ b/src/rm/SConstruct @@ -37,6 +37,7 @@ source_files=[ 'RequestManagerUser.cc', 'RequestManagerHost.cc', 'RequestManagerImage.cc', + 'RequestManagerChown.cc', # 'RequestManagerAction.cc', # 'RequestManagerAllocate.cc',