1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-15 18:50:09 +03:00

Feature #862: Add configuration option in oned.conf to enable/disable the management of the permissions for 'other'

This commit is contained in:
Carlos Martín 2012-01-11 16:46:57 +01:00
parent d88fc7fc9b
commit 1ad6aca0ef
2 changed files with 33 additions and 1 deletions

View File

@ -457,6 +457,10 @@ HM_MAD = [
# SESSION_EXPIRATION_TIME: Time in seconds to keep an authenticated token as
# valid. During this time, the driver is not used. Use 0 to disable session
# caching
#
# ENABLE_OTHER_PERMISSIONS: Whether or not to enable the permissions for
# 'other'. Users in the oneadmin group will still be able to change
# these permissions. Values: YES or NO
#*******************************************************************************
AUTH_MAD = [
@ -467,3 +471,4 @@ AUTH_MAD = [
SESSION_EXPIRATION_TIME = 900
ENABLE_OTHER_PERMISSIONS = "NO"

View File

@ -42,7 +42,7 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
PoolObjectSQL * object;
string error_str;
if ( att.uid != 0 )
if ( att.uid != 0 && att.gid != 0)
{
AuthRequest::Operation op = AuthRequest::MANAGE;
PoolObjectAuth perms;
@ -71,6 +71,16 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
group_a = -1;
}
if ( other_u == perms.other_u )
{
other_u = -1;
}
if ( other_m == perms.other_m )
{
other_m = -1;
}
if ( other_a == perms.other_a )
{
other_a = -1;
@ -81,6 +91,23 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
op = AuthRequest::ADMIN;
}
if ( other_u != -1 || other_m != -1 || other_a != -1 )
{
string enable_other;
Nebula::instance().get_configuration_attribute(
"ENABLE_OTHER_PERMISSIONS", enable_other);
if ( enable_other != "YES" )
{
failure_response(AUTHORIZATION,
"Management of 'other' permissions is disabled in oned.conf",
att);
return;
}
}
AuthRequest ar(att.uid, att.gid);
ar.add_auth(op, perms);