shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-21 14:50:08 +03:00
Code Releases Wiki Activity

Merge branch 'feature-1112' of git.opennebula.org:one into feature-1112

Browse Source
This commit is contained in:
Tino Vazquez 2012-03-09 18:15:20 +01:00
commit 26215f300e
5 changed files with 80 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/RequestManagerAllocate.h
View File

@ -205,6 +205,10 @@ public:
void request_execute(xmlrpc_c::paramList const& _paramList,
RequestAttributes& att);
bool allocate_authorization(Template * obj_template,
RequestAttributes& att,
PoolObjectAuth * cluster_perms);
};
/* ------------------------------------------------------------------------- */

20
src/image/Image.cc
View File

@ -95,25 +95,10 @@ int Image::insert(SqlDB *db, string& error_str)
string persistent_attr;
string dev_prefix;
string source_attr;
string aname;
string saved_id;
ostringstream oss;
// ------------------------------------------------------------------------
// Check template for restricted attributes
// ------------------------------------------------------------------------
if ( uid != 0 && gid != GroupPool::ONEADMIN_ID )
{
ImageTemplate *img_template = static_cast<ImageTemplate *>(obj_template);
if (img_template->check(aname))
{
goto error_restricted;
}
}
// ---------------------------------------------------------------------
// Check default image attributes
// ---------------------------------------------------------------------
@ -242,11 +227,6 @@ error_path_and_source:
error_str = "Template malformed, PATH and SOURCE are mutually exclusive.";
goto error_common;
error_restricted:
oss << "Template includes a restricted attribute " << aname << ".";
error_str = oss.str();
goto error_common;
error_common:
NebulaLog::log("IMG", Log::ERROR, error_str);
return -1;

52
src/rm/RequestManagerAllocate.cc
View File

@ -76,9 +76,28 @@ bool VirtualMachineAllocate::allocate_authorization(
AuthRequest ar(att.uid, att.gid);
string t64;
string aname;
VirtualMachineTemplate * ttmpl = static_cast<VirtualMachineTemplate *>(tmpl);
// Check template for restricted attributes
if ( att.uid != 0 && att.gid != GroupPool::ONEADMIN_ID )
{
if (ttmpl->check(aname))
{
ostringstream oss;
oss << "VM Template includes a restricted attribute " << aname;
failure_response(AUTHORIZATION,
authorization_error(oss.str(), att),
att);
return false;
}
}
ar.add_create_auth(auth_object, tmpl->to_xml(t64));
VirtualMachine::set_auth_request(att.uid, ar, ttmpl);
@ -98,6 +117,39 @@ bool VirtualMachineAllocate::allocate_authorization(
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool ImageAllocate::allocate_authorization(
Template * tmpl,
RequestAttributes& att,
PoolObjectAuth * cluster_perms)
{
string aname;
ImageTemplate * itmpl = static_cast<ImageTemplate *>(tmpl);
// Check template for restricted attributes
if ( att.uid != 0 && att.gid != GroupPool::ONEADMIN_ID )
{
if (itmpl->check(aname))
{
ostringstream oss;
oss << "Template includes a restricted attribute " << aname;
failure_response(AUTHORIZATION,
authorization_error(oss.str(), att),
att);
return false;
}
}
return RequestManagerAllocate::allocate_authorization(tmpl, att, cluster_perms);
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params,
RequestAttributes& att)
{

21
src/rm/RequestManagerVMTemplate.cc
View File

@ -39,6 +39,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
VMTemplate * rtmpl;
string error_str;
string aname;
rtmpl = tpool->get(id,true);
@ -57,6 +58,26 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
rtmpl->unlock();
// Check template for restricted attributes, but only if the Template owner
// is not oneadmin
if ( perms.uid != 0 && perms.gid != GroupPool::ONEADMIN_ID )
{
if (tmpl->check(aname))
{
ostringstream oss;
oss << "VM Template includes a restricted attribute " << aname;
failure_response(AUTHORIZATION,
authorization_error(oss.str(), att),
att);
delete tmpl;
return;
}
}
tmpl->erase("NAME");
tmpl->set(new SingleAttribute("NAME",name));

28
src/vm/VirtualMachine.cc
View File

@ -198,26 +198,9 @@ int VirtualMachine::insert(SqlDB * db, string& error_str)
int rc;
string name;
SingleAttribute * attr;
string aname;
string value;
ostringstream oss;
// ------------------------------------------------------------------------
// Check template for restricted attributes
// ------------------------------------------------------------------------
if ( uid != 0 && gid != GroupPool::ONEADMIN_ID )
{
VirtualMachineTemplate *vt =
static_cast<VirtualMachineTemplate *>(obj_template);
if (vt->check(aname))
{
goto error_restricted;
}
}
SingleAttribute * attr;
string value;
ostringstream oss;
// ------------------------------------------------------------------------
// Set a name if the VM has not got one and VM_ID
@ -327,11 +310,6 @@ error_leases_rollback:
release_network_leases();
goto error_common;
error_restricted:
oss << "VM Template includes a restricted attribute " << aname << ".";
error_str = oss.str();
goto error_common;
error_name_length:
oss << "NAME is too long; max length is 128 chars.";
error_str = oss.str();