mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-15 18:50:09 +03:00
Feature #862: Add configuration option in oned.conf to enable/disable the management of the permissions for 'other'
This commit is contained in:
parent
d88fc7fc9b
commit
1ad6aca0ef
@ -457,6 +457,10 @@ HM_MAD = [
|
||||
# SESSION_EXPIRATION_TIME: Time in seconds to keep an authenticated token as
|
||||
# valid. During this time, the driver is not used. Use 0 to disable session
|
||||
# caching
|
||||
#
|
||||
# ENABLE_OTHER_PERMISSIONS: Whether or not to enable the permissions for
|
||||
# 'other'. Users in the oneadmin group will still be able to change
|
||||
# these permissions. Values: YES or NO
|
||||
#*******************************************************************************
|
||||
|
||||
AUTH_MAD = [
|
||||
@ -467,3 +471,4 @@ AUTH_MAD = [
|
||||
|
||||
SESSION_EXPIRATION_TIME = 900
|
||||
|
||||
ENABLE_OTHER_PERMISSIONS = "NO"
|
@ -42,7 +42,7 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
PoolObjectSQL * object;
|
||||
string error_str;
|
||||
|
||||
if ( att.uid != 0 )
|
||||
if ( att.uid != 0 && att.gid != 0)
|
||||
{
|
||||
AuthRequest::Operation op = AuthRequest::MANAGE;
|
||||
PoolObjectAuth perms;
|
||||
@ -71,6 +71,16 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
group_a = -1;
|
||||
}
|
||||
|
||||
if ( other_u == perms.other_u )
|
||||
{
|
||||
other_u = -1;
|
||||
}
|
||||
|
||||
if ( other_m == perms.other_m )
|
||||
{
|
||||
other_m = -1;
|
||||
}
|
||||
|
||||
if ( other_a == perms.other_a )
|
||||
{
|
||||
other_a = -1;
|
||||
@ -81,6 +91,23 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
op = AuthRequest::ADMIN;
|
||||
}
|
||||
|
||||
if ( other_u != -1 || other_m != -1 || other_a != -1 )
|
||||
{
|
||||
string enable_other;
|
||||
|
||||
Nebula::instance().get_configuration_attribute(
|
||||
"ENABLE_OTHER_PERMISSIONS", enable_other);
|
||||
|
||||
if ( enable_other != "YES" )
|
||||
{
|
||||
failure_response(AUTHORIZATION,
|
||||
"Management of 'other' permissions is disabled in oned.conf",
|
||||
att);
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
|
||||
ar.add_auth(op, perms);
|
||||
|
Loading…
x
Reference in New Issue
Block a user