shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-22 18:50:08 +03:00
Code Releases Wiki Activity

Merge branch 'master' into feature-1712

Browse Source 
Conflicts:
	src/xml/expr_arith.cc
	src/xml/expr_bool.cc
	src/xml/expr_bool.h
This commit is contained in:
Ruben S. Montero 2013-08-30 17:08:48 +02:00
commit 28d5bedc91
91 changed files with 2312 additions and 1983 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/AclManager.h
View File

@ -58,13 +58,13 @@ public:
* authorizes the operation.
*
* @param uid The user ID requesting to be authorized
* @param gid Group ID of the user
* @param user_groups Set of group IDs that the user is part of
* @param obj_perms The object's permission attributes
* @param op The operation to be authorized
* @return true if the authorization is granted by any rule
*/
const bool authorize(int uid,
int gid,
const set<int>& user_groups,
const PoolObjectAuth& obj_perms,
AuthRequest::Operation op);
@ -128,7 +128,7 @@ public:
* the given user to perform the operation.
*
* @param uid The user ID
* @param gid Group ID of the user
* @param user_groups Set of group IDs that the user is part of
* @param obj_type The object over which the search will be performed
* @param op The operation to be searched
* @param all True if the user can perform the operation over any object
@ -137,7 +137,7 @@ public:
* @param cids Set of object cluster IDs over which the user can operate
*/
void reverse_search(int uid,
int gid,
const set<int>& user_groups,
PoolObjectSQL::ObjectType obj_type,
AuthRequest::Operation op,
bool& all,

7
include/AuthRequest.h
View File

@ -18,6 +18,7 @@
#define AUTH_REQUEST_H_
#include <time.h>
#include <set>
#include "ActionManager.h"
#include "PoolObjectAuth.h"
@ -36,7 +37,7 @@ using namespace std;
class AuthRequest : public SyncRequest
{
public:
AuthRequest(int _uid, int _gid): uid(_uid),gid(_gid),self_authorize(true){};
AuthRequest(int _uid, set<int> _gids): uid(_uid),gids(_gids),self_authorize(true){};
~AuthRequest(){};
@ -158,9 +159,9 @@ private:
int uid;
/**
* The user group ID
* The user groups ID set
*/
int gid;
set<int> gids;
/**
* Username to authenticate the user

17
include/PoolObjectSQL.h
View File

@ -337,7 +337,7 @@ public:
}
/**
* Gets an removes a string based attribute (single)
* Gets and removes a string based attribute (single)
* @param name of the attribute
* @param value of the attribute (a string), will be "" if not defined or
* not a single attribute
@ -351,6 +351,21 @@ public:
return obj_template->erase(name);
}
/**
* Gets and removes a float based attribute (single)
* @param name of the attribute
* @param value of the attribute (a float), will be 0 if not defined or
* not a single attribute
* @return the number of attributes erased
*/
int erase_template_attribute(
const char * name,
float& value)
{
obj_template->get(name,value);
return obj_template->erase(name);
}
/**
* Gets an int based attribute (single)
* @param name of the attribute

20
include/PoolSQL.h
View File

@ -20,6 +20,7 @@
#include <map>
#include <string>
#include <queue>
#include <set>
#include "SqlDB.h"
#include "PoolObjectSQL.h"
@ -180,30 +181,31 @@ public:
* Creates a filter for those objects (oids) or objects owned by a given
* group that an user can access based on the ACL rules
* @param uid the user id
* @param gid the group id
* @param user_groups Set of group IDs that the user is part of
* @param auth_object object type
* @param all returns if the user can access all objects
* @param filter the resulting filter string
*/
static void acl_filter(int uid,
int gid,
const set<int>& user_groups,
PoolObjectSQL::ObjectType auth_object,
bool& all,
string& filter);
/**
* Creates a filter for the objects owned by a given user/group
* @param uid the user id
* @param gid the group id
* @param user_groups Set of group IDs that the user is part of
* @param filter_flag query type (ALL, MINE, GROUP)
* @param all user can access all objects
* @param filter the resulting filter string
*/
static void usr_filter(int uid,
int gid,
int filter_flag,
bool all,
const string& acl_str,
string& filter);
static void usr_filter(int uid,
const set<int>& user_groups,
int filter_flag,
bool all,
const string& acl_str,
string& filter);
/**
* Creates a filter for a given set of objects based on their id
* @param start_id first id

2
include/Request.h
View File

@ -73,6 +73,8 @@ protected:
string uname; /**< name of the user */
string gname; /**< name of the user's group */
set<int> group_ids; /**< set of user's group ids */
string session; /**< Session from ONE XML-RPC API */
int req_id; /**< Request ID for log messages */

88
include/RequestManagerUser.h
View File

@ -45,8 +45,9 @@ protected:
/* -------------------------------------------------------------------- */
void request_execute(xmlrpc_c::paramList const& _paramList,
RequestAttributes& att);
void request_execute(
xmlrpc_c::paramList const& _paramList,
RequestAttributes& att);
virtual int user_action(int user_id,
xmlrpc_c::paramList const& _paramList,
@ -72,7 +73,7 @@ public:
~UserChangePassword(){};
int user_action(int user_id,
xmlrpc_c::paramList const& _paramList,
xmlrpc_c::paramList const& _paramList,
string& err);
void log_xmlrpc_param(
@ -124,10 +125,89 @@ public:
~UserSetQuota(){};
int user_action(int user_id,
xmlrpc_c::paramList const& _paramList,
xmlrpc_c::paramList const& _paramList,
string& err);
};
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
class UserEditGroup : public Request
{
public:
UserEditGroup(
const string& method_name,
const string& help,
const string& params):
Request(method_name,params,help)
{
auth_object = PoolObjectSQL::USER;
auth_op = AuthRequest::MANAGE;
Nebula& nd = Nebula::instance();
gpool = nd.get_gpool();
upool = nd.get_upool();
};
~UserEditGroup(){};
void request_execute(
xmlrpc_c::paramList const& _paramList,
RequestAttributes& att);
protected:
virtual int secondary_group_action(
int user_id,
int group_id,
xmlrpc_c::paramList const& _paramList,
string& error_str) = 0;
GroupPool * gpool;
UserPool * upool;
};
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
class UserAddGroup : public UserEditGroup
{
public:
UserAddGroup():
UserEditGroup("UserAddGroup",
"Adds the user to a secondary group",
"A:sii"){};
~UserAddGroup(){};
int secondary_group_action(
int user_id,
int group_id,
xmlrpc_c::paramList const& _paramList,
string& error_str);
};
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
class UserDelGroup : public UserEditGroup
{
public:
UserDelGroup():
UserEditGroup("UserDelGroup",
"Deletes the user from a secondary group",
"A:sii"){};
~UserDelGroup(){};
int secondary_group_action(
int user_id,
int group_id,
xmlrpc_c::paramList const& _paramList,
string& error_str);
};
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

45
include/User.h
View File

@ -20,6 +20,7 @@
#include "PoolSQL.h"
#include "UserTemplate.h"
#include "Quotas.h"
#include "ObjectCollection.h"
using namespace std;
@ -29,7 +30,7 @@ using namespace std;
/**
* The User class.
*/
class User : public PoolObjectSQL
class User : public PoolObjectSQL, public ObjectCollection
{
public:
@ -180,6 +181,47 @@ public:
*/
int get_umask() const;
/**
* Returns a copy of the groups for the user
*/
set<int> get_groups()
{
return get_collection_copy();
};
// *************************************************************************
// Group IDs set Management
// *************************************************************************
/**
* Adds a group ID to the groups set.
*
* @param id The new id
* @return 0 on success, -1 if the ID was already in the set
*/
int add_group(int group_id)
{
return add_collection_id(group_id);
}
/**
* Deletes a group ID from the groups set.
*
* @param id The id
* @return 0 on success,
* -1 if the ID was not in the set,
* -2 if the group to delete is the main group
*/
int del_group(int group_id)
{
if( group_id == gid )
{
return -2;
}
return del_collection_id(group_id);
}
private:
// -------------------------------------------------------------------------
// Friends
@ -310,6 +352,7 @@ protected:
const string& _auth_driver,
bool _enabled):
PoolObjectSQL(id,USER,_uname,-1,_gid,"",_gname,table),
ObjectCollection("GROUPS"),
quota("/USER/DATASTORE_QUOTA",
"/USER/NETWORK_QUOTA",
"/USER/IMAGE_QUOTA",

23
include/UserPool.h
View File

@ -124,6 +124,7 @@ public:
* @param gid of the user if authN succeeded -1 otherwise
* @param uname of the user if authN succeeded "" otherwise
* @param gname of the group if authN succeeded "" otherwise
* @param group_ids the user groups if authN succeeded, is empty otherwise
*
* @return false if authn failed, true otherwise
*/
@ -131,7 +132,8 @@ public:
int& uid,
int& gid,
string& uname,
string& gname);
string& gname,
set<int>& group_ids);
/**
* Returns whether the operations described in a authorization request are
* authorized ot not.
@ -217,7 +219,8 @@ private:
int& user_id,
int& group_id,
string& uname,
string& gname);
string& gname,
set<int>& group_ids);
/**
* Function to authenticate internal users using a server driver
@ -227,18 +230,20 @@ private:
int& user_id,
int& group_id,
string& uname,
string& gname);
string& gname,
set<int>& group_ids);
/**
* Function to authenticate external (not known) users
*/
bool authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname);
bool authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname,
set<int>& group_ids);
/**
* Factory method to produce User objects
* @return a pointer to the new User

1
install.sh
View File

@ -1132,6 +1132,7 @@ ONEDB_MIGRATOR_FILES="src/onedb/2.0_to_2.9.80.rb \
src/onedb/4.0.0_to_4.0.1.rb \
src/onedb/4.0.1_to_4.1.80.rb \
src/onedb/4.1.80_to_4.2.0.rb \
src/onedb/4.2.0_to_4.3.80.rb \
src/onedb/fsck.rb \
src/onedb/onedb.rb \
src/onedb/onedb_backend.rb"

7
share/doc/xsd/user.xsd
View File

@ -6,6 +6,13 @@
<xs:sequence>
<xs:element name="ID" type="xs:integer"/>
<xs:element name="GID" type="xs:integer"/>
<xs:element name="GROUPS">
<xs:complexType>
<xs:sequence>
<xs:element name="ID" type="xs:integer" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="GNAME" type="xs:string"/>
<xs:element name="NAME" type="xs:string"/>
<xs:element name="PASSWORD" type="xs:string"/>

7
share/doc/xsd/user_pool.xsd
View File

@ -10,6 +10,13 @@
<xs:sequence>
<xs:element name="ID" type="xs:integer"/>
<xs:element name="GID" type="xs:integer"/>
<xs:element name="GROUPS">
<xs:complexType>
<xs:sequence>
<xs:element name="ID" type="xs:integer" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="GNAME" type="xs:string"/>
<xs:element name="NAME" type="xs:string"/>
<xs:element name="PASSWORD" type="xs:string"/>

12
share/pkgs/CentOS/opennebula.sudoers Normal file
View File

@ -0,0 +1,12 @@
Defaults !requiretty
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Cmnd_Alias ONE_MISC = /bin/dd, /sbin/mkfs, /bin/sync
Cmnd_Alias ONE_NET = /usr/sbin/brctl, /sbin/ebtables, /sbin/iptables, /sbin/ip, /sbin/vconfig
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay
Cmnd_Alias ONE_ISCSI = /sbin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm
oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN

11
share/pkgs/Debian/opennebula.sudoers Normal file
View File

@ -0,0 +1,11 @@
Defaults !requiretty
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Cmnd_Alias ONE_MISC = /bin/dd, /sbin/mkfs, /bin/sync
Cmnd_Alias ONE_NET = /sbin/brctl, /sbin/ebtables, /sbin/iptables, /sbin/ip, /sbin/vconfig
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay
Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm
oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN

11
share/pkgs/Ubuntu/opennebula.sudoers Normal file
View File

@ -0,0 +1,11 @@
Defaults !requiretty
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Cmnd_Alias ONE_MISC = /bin/dd, /sbin/mkfs, /bin/sync
Cmnd_Alias ONE_NET = /sbin/brctl, /sbin/ebtables, /sbin/iptables, /sbin/ip, /sbin/vconfig
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay
Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm
oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN

11
share/pkgs/openSUSE/opennebula.sudoers Normal file
View File

@ -0,0 +1,11 @@
Defaults !requiretty
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Cmnd_Alias ONE_MISC = /usr/bin/dd, /sbin/mkfs, /usr/bin/sync
Cmnd_Alias ONE_NET = /sbin/brctl, /usr/sbin/ebtables, /usr/sbin/iptables, /sbin/ip, /sbin/vconfig
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay
Cmnd_Alias ONE_ISCSI = /sbin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm
oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN

1
share/scripts/context-packages/base_deb/etc/one-context.d/00-network
View File

@ -151,6 +151,7 @@ EOT
GATEWAY=$(get_gateway)
IPV6=$(get_iface_var "IPV6")
[[ -z $IPV6 ]] && IPV6=$(get_iface_var "IP6")
GATEWAY6=$(get_iface_var "GATEWAY6")
CONTEXT_FORCE_IPV4=$(get_iface_var "CONTEXT_FORCE_IPV4")

1
share/scripts/context-packages/base_rpm/etc/one-context.d/00-network
View File

@ -142,6 +142,7 @@ gen_network_configuration()
GATEWAY=$(get_gateway)
IPV6=$(get_iface_var "IPV6")
[[ -z $IPV6 ]] && IPV6=$(get_iface_var "IP6")
GATEWAY6=$(get_iface_var "GATEWAY6")
CONTEXT_FORCE_IPV4=$(get_iface_var "CONTEXT_FORCE_IPV4")

71
share/sudoers/sudo_commands.rb Normal file
View File

@ -0,0 +1,71 @@
#!/usr/bin/env ruby
# -------------------------------------------------------------------------- #
# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
require "erb"
KEYS = [:MISC , :NET , :LVM , :ISCSI , :OVS , :XEN]
CMDS = {
:MISC => %w(dd mkfs sync),
:NET => %w(brctl ebtables iptables ip vconfig),
:LVM => %w(lvcreate lvremove lvrename lvs vgdisplay),
:ISCSI => %w(iscsiadm tgt-admin tgtadm),
:OVS => %w(ovs-ofctl ovs-vsctl),
:XEN => %w(xentop xl xm)
}
abs_cmds = {}
not_found_cmds = []
KEYS.each do |label|
cmds = CMDS[label]
_abs_cmds = []
cmds.each do |cmd|
abs_cmd = `which #{cmd} 2>/dev/null`
if !abs_cmd.empty?
_abs_cmds << abs_cmd.strip
else
not_found_cmds << cmd
end
end
abs_cmds["ONE_#{label}"] = _abs_cmds
end
abs_cmds.reject!{|k,v| v.empty?}
puts ERB.new(DATA.read,nil, "<>").result(binding)
if !not_found_cmds.empty?
STDERR.puts "\n---\n\nNot found:"
not_found_cmds.each{|cmd| STDERR.puts("- #{cmd}")}
end
__END__
Defaults !requiretty
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
<% KEYS.each do |k|; l = "ONE_#{k}"; v = abs_cmds[l] %>
<% if !v.nil? %>
Cmnd_Alias <%= l %> = <%= v.join(", ") %>
<% end %>
<% end %>
oneadmin ALL=(ALL) NOPASSWD: <%= KEYS.select{|k| !abs_cmds["ONE_#{k}"].nil?}.collect{|k| "ONE_#{k}"}.join(", ") %>

63
src/acl/AclManager.cc
View File

@ -132,7 +132,7 @@ AclManager::~AclManager()
const bool AclManager::authorize(
int uid,
int gid,
const set<int>& user_groups,
const PoolObjectAuth& obj_perms,
AuthRequest::Operation op)
{
@ -280,23 +280,28 @@ const bool AclManager::authorize(
}
// ----------------------------------------------------------
// Look for rules that apply to the user's group
// Look for rules that apply to each one of the user's groups
// ----------------------------------------------------------
user_req = AclRule::GROUP_ID | gid;
auth = match_rules_wrapper(user_req,
resource_oid_req,
resource_gid_req,
resource_cid_req,
resource_all_req,
rights_req,
resource_oid_mask,
resource_gid_mask,
resource_cid_mask,
tmp_rules);
if ( auth == true )
set<int>::iterator g_it;
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
{
return true;
user_req = AclRule::GROUP_ID | *g_it;
auth = match_rules_wrapper(user_req,
resource_oid_req,
resource_gid_req,
resource_cid_req,
resource_all_req,
rights_req,
resource_oid_mask,
resource_gid_mask,
resource_cid_mask,
tmp_rules);
if ( auth == true )
{
return true;
}
}
oss.str("No more rules, permission not granted ");
@ -716,7 +721,7 @@ void AclManager::del_resource_matching_rules(long long resource_req,
/* -------------------------------------------------------------------------- */
void AclManager::reverse_search(int uid,
int gid,
const set<int>& user_groups,
PoolObjectSQL::ObjectType obj_type,
AuthRequest::Operation op,
bool& all,
@ -764,22 +769,30 @@ void AclManager::reverse_search(int uid,
// Look for the rules that match
// ---------------------------------------------------
long long user_reqs[] =
vector<long long> user_reqs;
vector<long long>::iterator reqs_it;
set<int>::iterator g_it;
// rules that apply to everyone
user_reqs.push_back(AclRule::ALL_ID);
// rules that apply to the individual user id
user_reqs.push_back(AclRule::INDIVIDUAL_ID | uid);
// rules that apply to each one of the user's groups
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
{
AclRule::ALL_ID, // rules that apply to everyone
AclRule::INDIVIDUAL_ID | uid, // rules that apply to the individual user id
AclRule::GROUP_ID | gid // rules that apply to the user's groups
};
user_reqs.push_back(AclRule::GROUP_ID | *g_it);
}
all = false;
for ( int i=0; i<3; i++ )
for (reqs_it = user_reqs.begin(); reqs_it != user_reqs.end(); reqs_it++)
{
long long user_req = user_reqs[i];
lock();
index = acl_rules.equal_range( user_req );
index = acl_rules.equal_range( *reqs_it );
for ( it = index.first; it != index.second; it++)
{

4
src/authm/AuthManager.cc
View File

@ -67,7 +67,7 @@ void AuthRequest::add_auth(Operation op,
// Default conditions that grants permission :
// User is oneadmin, or is in the oneadmin group
if ( uid == 0 || gid == GroupPool::ONEADMIN_ID )
if ( uid == 0 || gids.count( GroupPool::ONEADMIN_ID ) == 1 )
{
auth = true;
}
@ -76,7 +76,7 @@ void AuthRequest::add_auth(Operation op,
Nebula& nd = Nebula::instance();
AclManager* aclm = nd.get_aclm();
auth = aclm->authorize(uid, gid, ob_perms, op);
auth = aclm->authorize(uid, gids, ob_perms, op);
}
oss << auth; // Store the ACL authorization result in the request

47
src/cli/one_helper.rb
View File

@ -186,6 +186,37 @@ EOT
:large => '--vnc',
:description => 'Add VNC server to the VM'
},
{
:name => 'vnc_password',
:large => '--vnc-password password',
:format => String,
:description => 'VNC password'
},
{
:name => 'vnc_listen',
:large => '--vnc-listen ip',
:format => String,
:description => 'VNC IP where to listen for connections. '<<
'By default is 0.0.0.0 (all interfaces).'
},
{
:name => 'spice',
:large => '--spice',
:description => 'Add spice server to the VM'
},
{
:name => 'spice_password',
:large => '--spice-password password',
:format => String,
:description => 'spice password'
},
{
:name => 'spice_listen',
:large => '--spice-listen ip',
:format => String,
:description => 'spice IP where to listen for connections. '<<
'By default is 0.0.0.0 (all interfaces).'
},
{
:name => 'ssh',
:large => '--ssh [file]',
@ -813,7 +844,21 @@ EOT
end
if options[:vnc]
template<<'GRAPHICS=[ TYPE="vnc", LISTEN="0.0.0.0" ]'<<"\n"
vnc_listen=options[:vnc_listen] || "0.0.0.0"
template<<"GRAPHICS=[ TYPE=\"vnc\", LISTEN=\"#{vnc_listen}\""
if options[:vnc_password]
template << ", PASSWD=\"#{options[:vnc_password]}\""
end
template<<' ]'<<"\n"
end
if options[:spice]
spice_listen=options[:spice_listen] || "0.0.0.0"
template<<"GRAPHICS=[ TYPE=\"spice\", LISTEN=\"#{spice_listen}\""
if options[:spice_password]
template << ", PASSWD=\"#{options[:spice_password]}\""
end
template<<' ]'<<"\n"
end
context=create_context(options)

4
src/cli/one_helper/oneuser_helper.rb
View File

@ -245,13 +245,15 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
def format_resource(user, options = {})
system = System.new(@client)
str="%-15s: %-20s"
str="%-16s: %-20s"
str_h1="%-80s"
CLIHelper.print_header(str_h1 % "USER #{user['ID']} INFORMATION")
puts str % ["ID", user.id.to_s]
puts str % ["NAME", user.name]
puts str % ["GROUP", user['GNAME']]
groups = user.retrieve_elements("GROUPS/ID")
puts str % ["SECONDARY GROUPS", groups.join(',') ] if groups.size > 1
puts str % ["PASSWORD", user['PASSWORD']]
puts str % ["AUTH_DRIVER", user['AUTH_DRIVER']]

26
src/cli/oneuser
View File

@ -380,7 +380,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
end
chgrp_desc = <<-EOT.unindent
Changes the User's main group
Changes the User's primary group
EOT
command :chgrp, chgrp_desc, [:range, :userid_list], :groupid do
@ -389,6 +389,30 @@ cmd=CommandParser::CmdParser.new(ARGV) do
end
end
addgroup_desc = <<-EOT.unindent
Adds the User to a secondary group
EOT
command :addgroup, addgroup_desc, [:range, :userid_list], :groupid do
gid = args[1]
helper.perform_actions(args[0],options,"group added") do |user|
user.addgroup( gid )
end
end
delgroup_desc = <<-EOT.unindent
Removes the User from a secondary group
EOT
command :delgroup, delgroup_desc, [:range, :userid_list], :groupid do
gid = args[1]
helper.perform_actions(args[0],options,"group deleted") do |user|
user.delgroup( gid )
end
end
chauth_desc = <<-EOT.unindent
Changes the User's auth driver and its password (optional)
Examples:

3
src/datastore_mad/remotes/ceph/ceph.conf
View File

@ -17,9 +17,6 @@
# Default POOL_NAME
POOL_NAME=one
# Default Ceph server host. Storage operations will be performed in this host.
HOST=localhost
# Staging directory
# A directory in the Ceph server host where image will be transferred to
# temporarily during the create/mkfs processes. This directoy MUST exist,

7
src/datastore_mad/remotes/ceph/clone
View File

@ -53,11 +53,16 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
unset i
BASE_PATH="${XPATH_ELEMENTS[i++]}"
DST_HOST="${XPATH_ELEMENTS[i++]:-$HOST}"
DST_HOST="${XPATH_ELEMENTS[i++]}"
POOL_NAME="${XPATH_ELEMENTS[i++]:-$POOL_NAME}"
SRC="${XPATH_ELEMENTS[i++]}"
SIZE="${XPATH_ELEMENTS[i++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
SAFE_DIRS=""
IMAGE_NAME="one-${ID}"

9
src/datastore_mad/remotes/ceph/cp
View File

@ -66,7 +66,7 @@ unset i
BASE_PATH="${XPATH_ELEMENTS[i++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[i++]}"
SAFE_DIRS="${XPATH_ELEMENTS[i++]}"
DST_HOST="${XPATH_ELEMENTS[i++]:-$HOST}"
DST_HOST="${XPATH_ELEMENTS[i++]}"
POOL_NAME="${XPATH_ELEMENTS[i++]:-$POOL_NAME}"
STAGING_DIR="${XPATH_ELEMENTS[i++]:-$STAGING_DIR}"
SRC="${XPATH_ELEMENTS[i++]}"
@ -76,6 +76,11 @@ SHA1="${XPATH_ELEMENTS[i++]}"
NO_DECOMPRESS="${XPATH_ELEMENTS[i++]}"
LIMIT_TRANSFER_BW="${XPATH_ELEMENTS[i++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
set_up_datastore "$BASE_PATH" "$RESTRICTED_DIRS" "$SAFE_DIRS"
IMAGE_HASH=`generate_image_hash`
@ -115,7 +120,7 @@ REGISTER_CMD=$(cat <<EOF
set -e
# create rbd
$QEMU_IMG convert -O rbd $TMP_DST rbd:$RBD_SOURCE
$QEMU_IMG convert $TMP_DST rbd:$RBD_SOURCE
# remove original
$RM -f $TMP_DST

9
src/datastore_mad/remotes/ceph/mkfs
View File

@ -60,12 +60,17 @@ unset i
BASE_PATH="${XPATH_ELEMENTS[i++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[i++]}"
SAFE_DIRS="${XPATH_ELEMENTS[i++]}"
DST_HOST="${XPATH_ELEMENTS[i++]:-$HOST}"
DST_HOST="${XPATH_ELEMENTS[i++]}"
POOL_NAME="${XPATH_ELEMENTS[i++]:-$POOL_NAME}"
STAGING_DIR="${XPATH_ELEMENTS[i++]:-$STAGING_DIR}"
FSTYPE="${XPATH_ELEMENTS[i++]}"
SIZE="${XPATH_ELEMENTS[i++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
set_up_datastore "$BASE_PATH" "$RESTRICTED_DIRS" "$SAFE_DIRS"
IMAGE_HASH=`generate_image_hash`
@ -93,7 +98,7 @@ REGISTER_CMD=$(cat <<EOF
$MKFS_CMD
# create rbd
$QEMU_IMG convert -O rbd $TMP_DST rbd:$RBD_SOURCE
$QEMU_IMG convert $TMP_DST rbd:$RBD_SOURCE
# remove original
$RM -f $TMP_DST

13
src/datastore_mad/remotes/ceph/monitor
View File

@ -41,20 +41,25 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/HOST \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/POOL_NAME)
HOST="${XPATH_ELEMENTS[0]:-$HOST}"
POOL_NAME="${XPATH_ELEMENTS[1]:-$POOL_NAME}"
HOST="${XPATH_ELEMENTS[j++]}"
POOL_NAME="${XPATH_ELEMENTS[j++]:-$POOL_NAME}"
if [ -z "$HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
# ------------ Compute datastore usage -------------
MONITOR_SCRIPT=$(cat <<EOF
$SUDO $RADOS df | $AWK '{
$RADOS df | $AWK '{
if (\$1 == "total") {
space = int(\$3/1024)

7
src/datastore_mad/remotes/ceph/rm
View File

@ -50,7 +50,12 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/IMAGE/SOURCE \
unset i
SRC="${XPATH_ELEMENTS[i++]}"
DST_HOST="${XPATH_ELEMENTS[i++]:-$HOST}"
DST_HOST="${XPATH_ELEMENTS[i++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
log "Removing $SRC from the rbd image repository in $DST_HOST"

23
src/datastore_mad/remotes/iscsi/clone
View File

@ -40,7 +40,7 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -53,14 +53,19 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
/DS_DRIVER_ACTION_DATA/IMAGE/PATH \
/DS_DRIVER_ACTION_DATA/IMAGE/SIZE)
BASE_PATH="${XPATH_ELEMENTS[0]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[1]}"
SAFE_DIRS="${XPATH_ELEMENTS[2]}"
DST_HOST="${XPATH_ELEMENTS[3]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[4]:-$VG_NAME}"
BASE_IQN="${XPATH_ELEMENTS[5]:-$BASE_IQN}"
SRC="${XPATH_ELEMENTS[6]}"
SIZE="${XPATH_ELEMENTS[7]}"
BASE_PATH="${XPATH_ELEMENTS[j++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[j++]}"
SAFE_DIRS="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
BASE_IQN="${XPATH_ELEMENTS[j++]:-$BASE_IQN}"
SRC="${XPATH_ELEMENTS[j++]}"
SIZE="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
# Check if 'TGTSETUPLUN' is installed
tgt_setup_lun_install "$DST_HOST" "$BASE_PATH"

31
src/datastore_mad/remotes/iscsi/cp
View File

@ -44,7 +44,7 @@ UTILS_PATH="${DRIVER_PATH}/.."
XPATH="$UTILS_PATH/xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -61,18 +61,23 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/NO_DECOMPRESS \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/LIMIT_TRANSFER_BW)
BASE_PATH="${XPATH_ELEMENTS[0]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[1]}"
SAFE_DIRS="${XPATH_ELEMENTS[2]}"
DST_HOST="${XPATH_ELEMENTS[3]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[4]:-$VG_NAME}"
BASE_IQN="${XPATH_ELEMENTS[5]:-$BASE_IQN}"
SRC="${XPATH_ELEMENTS[6]}"
SIZE="${XPATH_ELEMENTS[7]}"
MD5="${XPATH_ELEMENTS[8]}"
SHA1="${XPATH_ELEMENTS[9]}"
NO_DECOMPRESS="${XPATH_ELEMENTS[10]}"
LIMIT_TRANSFER_BW="${XPATH_ELEMENTS[11]}"
BASE_PATH="${XPATH_ELEMENTS[j++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[j++]}"
SAFE_DIRS="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
BASE_IQN="${XPATH_ELEMENTS[j++]:-$BASE_IQN}"
SRC="${XPATH_ELEMENTS[j++]}"
SIZE="${XPATH_ELEMENTS[j++]}"
MD5="${XPATH_ELEMENTS[j++]}"
SHA1="${XPATH_ELEMENTS[j++]}"
NO_DECOMPRESS="${XPATH_ELEMENTS[j++]}"
LIMIT_TRANSFER_BW="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
# Check if 'TGTSETUPLUN' is installed
tgt_setup_lun_install "$DST_HOST" "$BASE_PATH"

3
src/datastore_mad/remotes/iscsi/iscsi.conf
View File

@ -14,9 +14,6 @@
# limitations under the License. #
#--------------------------------------------------------------------------- #
# Default iSCSI target host
HOST=localhost
# Default IQN path
BASE_IQN=iqn.2012-02.org.opennebula

23
src/datastore_mad/remotes/iscsi/mkfs
View File

@ -42,7 +42,7 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -55,14 +55,19 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
/DS_DRIVER_ACTION_DATA/IMAGE/FSTYPE \
/DS_DRIVER_ACTION_DATA/IMAGE/SIZE)
BASE_PATH="${XPATH_ELEMENTS[0]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[1]}"
SAFE_DIRS="${XPATH_ELEMENTS[2]}"
DST_HOST="${XPATH_ELEMENTS[3]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[4]:-$VG_NAME}"
BASE_IQN="${XPATH_ELEMENTS[5]:-$BASE_IQN}"
FSTYPE="${XPATH_ELEMENTS[6]}"
SIZE="${XPATH_ELEMENTS[7]:-0}"
BASE_PATH="${XPATH_ELEMENTS[j++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[j++]}"
SAFE_DIRS="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
BASE_IQN="${XPATH_ELEMENTS[j++]:-$BASE_IQN}"
FSTYPE="${XPATH_ELEMENTS[j++]}"
SIZE="${XPATH_ELEMENTS[j++]:-0}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
# Check if 'TGTSETUPLUN' is installed
tgt_setup_lun_install "$DST_HOST" "$BASE_PATH"

19
src/datastore_mad/remotes/iscsi/monitor
View File

@ -41,24 +41,31 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/HOST \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/VG_NAME)
HOST="${XPATH_ELEMENTS[0]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[1]-$VG_NAME}"
HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
if [ -z "$HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
# ------------ Compute datastore usage -------------
MONITOR_SCRIPT=$(cat <<EOF
set -e
VG_OPTS="--units M -C --noheadings --nosuffix $VG_NAME"
TOTAL_MB=\$(sudo vgdisplay -o vg_size \$VG_OPTS | tr -d ' ')
FREE_MB=\$(sudo vgdisplay -o vg_free \$VG_OPTS | tr -d ' ')
USED_MB=\$(awk "BEGIN {print \$TOTAL_MB - \$FREE_MB}")
TOTAL_MB=\$($SUDO $VGDISPLAY -o vg_size \$VG_OPTS | $TR -d ' ')
FREE_MB=\$($SUDO $VGDISPLAY -o vg_free \$VG_OPTS | $TR -d ' ')
USED_MB=\$($AWK "BEGIN {print \$TOTAL_MB - \$FREE_MB}")
echo "USED_MB=\$USED_MB"
echo "TOTAL_MB=\$TOTAL_MB"

13
src/datastore_mad/remotes/iscsi/rm
View File

@ -40,15 +40,20 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
done < <($XPATH /DS_DRIVER_ACTION_DATA/IMAGE/SOURCE \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/HOST)
SRC="${XPATH_ELEMENTS[0]}"
DST_HOST="${XPATH_ELEMENTS[1]:-$HOST}"
SRC="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
BASE_IQN=`echo $SRC|$CUT -d: -f1`
TARGET=`echo $SRC|$CUT -d: -f2`
@ -59,6 +64,8 @@ DEV="/dev/$VG_NAME/$LV_NAME"
IQN="$BASE_IQN:$DST_HOST.$VG_NAME.$LV_NAME"
RM_COMMAND=$(cat <<EOF
set -e
TID=\$($SUDO $(tgtadm_get_tid_for_iqn "$IQN"))
$SUDO $(tgtadm_target_delete "\$TID")

17
src/datastore_mad/remotes/lvm/clone
View File

@ -40,7 +40,7 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -50,11 +50,16 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
/DS_DRIVER_ACTION_DATA/IMAGE/PATH \
/DS_DRIVER_ACTION_DATA/IMAGE/SIZE)
BASE_PATH="${XPATH_ELEMENTS[0]}"
DST_HOST="${XPATH_ELEMENTS[1]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[2]:-$VG_NAME}"
SRC="${XPATH_ELEMENTS[3]}"
SIZE="${XPATH_ELEMENTS[4]}"
BASE_PATH="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
SRC="${XPATH_ELEMENTS[j++]}"
SIZE="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
SAFE_DIRS=""

29
src/datastore_mad/remotes/lvm/cp
View File

@ -44,7 +44,7 @@ UTILS_PATH="${DRIVER_PATH}/.."
XPATH="$UTILS_PATH/xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -60,17 +60,22 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/NO_DECOMPRESS \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/LIMIT_TRANSFER_BW)
BASE_PATH="${XPATH_ELEMENTS[0]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[1]}"
SAFE_DIRS="${XPATH_ELEMENTS[2]}"
DST_HOST="${XPATH_ELEMENTS[3]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[4]:-$VG_NAME}"
SRC="${XPATH_ELEMENTS[5]}"
SIZE="${XPATH_ELEMENTS[6]}"
MD5="${XPATH_ELEMENTS[7]}"
SHA1="${XPATH_ELEMENTS[8]}"
NO_DECOMPRESS="${XPATH_ELEMENTS[9]}"
LIMIT_TRANSFER_BW="${XPATH_ELEMENTS[10]}"
BASE_PATH="${XPATH_ELEMENTS[j++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[j++]}"
SAFE_DIRS="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
SRC="${XPATH_ELEMENTS[j++]}"
SIZE="${XPATH_ELEMENTS[j++]}"
MD5="${XPATH_ELEMENTS[j++]}"
SHA1="${XPATH_ELEMENTS[j++]}"
NO_DECOMPRESS="${XPATH_ELEMENTS[j++]}"
LIMIT_TRANSFER_BW="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
set_up_datastore "$BASE_PATH" "$RESTRICTED_DIRS" "$SAFE_DIRS"

3
src/datastore_mad/remotes/lvm/lvm.conf
View File

@ -17,8 +17,5 @@
# Default volume group
VG_NAME=vg-one
# Default LVM server host
HOST=localhost
# Default LV snapshot SIZE
DEFAULT_SIZE=512

21
src/datastore_mad/remotes/lvm/mkfs
View File

@ -42,7 +42,7 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -54,13 +54,18 @@ done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/BASE_PATH \
/DS_DRIVER_ACTION_DATA/IMAGE/FSTYPE \
/DS_DRIVER_ACTION_DATA/IMAGE/SIZE)
BASE_PATH="${XPATH_ELEMENTS[0]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[1]}"
SAFE_DIRS="${XPATH_ELEMENTS[2]}"
DST_HOST="${XPATH_ELEMENTS[3]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[4]:-$VG_NAME}"
FSTYPE="${XPATH_ELEMENTS[5]}"
SIZE="${XPATH_ELEMENTS[6]}"
BASE_PATH="${XPATH_ELEMENTS[j++]}"
RESTRICTED_DIRS="${XPATH_ELEMENTS[j++]}"
SAFE_DIRS="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
FSTYPE="${XPATH_ELEMENTS[j++]}"
SIZE="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
set_up_datastore "$BASE_PATH" "$RESTRICTED_DIRS" "$SAFE_DIRS"

18
src/datastore_mad/remotes/lvm/monitor
View File

@ -41,24 +41,30 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
done < <($XPATH /DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/HOST \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/VG_NAME)
HOST="${XPATH_ELEMENTS[0]:-$HOST}"
VG_NAME="${XPATH_ELEMENTS[1]-$VG_NAME}"
HOST="${XPATH_ELEMENTS[j++]}"
VG_NAME="${XPATH_ELEMENTS[j++]:-$VG_NAME}"
if [ -z "$HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
# ------------ Compute datastore usage -------------
MONITOR_SCRIPT=$(cat <<EOF
set -e
VG_OPTS="--units M -C --noheadings --nosuffix $VG_NAME"
TOTAL_MB=\$(sudo vgdisplay -o vg_size \$VG_OPTS | tr -d ' ')
FREE_MB=\$(sudo vgdisplay -o vg_free \$VG_OPTS | tr -d ' ')
USED_MB=\$(awk "BEGIN {print \$TOTAL_MB - \$FREE_MB}")
TOTAL_MB=\$($SUDO $VGDISPLAY -o vg_size \$VG_OPTS | $TR -d ' ')
FREE_MB=\$($SUDO $VGDISPLAY -o vg_free \$VG_OPTS | $TR -d ' ')
USED_MB=\$($AWK "BEGIN {print \$TOTAL_MB - \$FREE_MB}")
echo "USED_MB=\$USED_MB"
echo "TOTAL_MB=\$TOTAL_MB"

17
src/datastore_mad/remotes/lvm/rm
View File

@ -40,25 +40,26 @@ ID=$2
XPATH="${DRIVER_PATH}/../xpath.rb -b $DRV_ACTION"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
done < <($XPATH /DS_DRIVER_ACTION_DATA/IMAGE/SOURCE \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/HOST \
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/BASE_TID)
/DS_DRIVER_ACTION_DATA/DATASTORE/TEMPLATE/HOST)
SRC="${XPATH_ELEMENTS[0]}"
DST_HOST="${XPATH_ELEMENTS[1]:-$HOST}"
BASE_TID="${XPATH_ELEMENTS[2]:-$BASE_TID}"
SRC="${XPATH_ELEMENTS[j++]}"
DST_HOST="${XPATH_ELEMENTS[j++]}"
if [ -z "$DST_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
TARGET=`echo $SRC|$CUT -d: -f2`
LV_NAME=`echo $TARGET|$AWK -F. '{print $(NF)}'`
VG_NAME=`echo $TARGET|$AWK -F. '{print $(NF-1)}'`
DEV="/dev/$VG_NAME/$LV_NAME"
let TID=ID+BASE_TID
RM_COMMAND=$(cat <<EOF
$SUDO $LVREMOVE -f $VG_NAME/$LV_NAME
EOF

10
src/datastore_mad/remotes/vmfs/monitor
View File

@ -55,12 +55,14 @@ HOST=`get_destination_host $ID`
# ------------ Compute datastore usage -------------
MONITOR_SCRIPT=$(cat <<EOF
USED_MB=\$(du -sLm ${BASE_PATH%/} 2>/dev/null | cut -f1)
set -e
DF_STR=\$(df -m | grep ${BASE_PATH%/} | sed 's/ \+/:/g')
USED_MB=\$($DU -sLm ${BASE_PATH%/} 2>/dev/null | $CUT -f1)
TOTAL_MB=\$(echo \$DF_STR | cut -d':' -f 2)
FREE_MB=\$(echo \$DF_STR | cut -d':' -f 4)
DF_STR=\$($DF -m | grep ${BASE_PATH%/} | $SED 's/ \+/:/g')
TOTAL_MB=\$(echo \$DF_STR | $CUT -d':' -f 2)
FREE_MB=\$(echo \$DF_STR | $CUT -d':' -f 4)
echo "USED_MB=\$USED_MB"
echo "TOTAL_MB=\$TOTAL_MB"

2
src/flow/lib/grammar.rb
View File

@ -931,7 +931,7 @@ module ElasticityGrammar
val = nil
st = "#{att}[--]"
else
val = (total / n_nodes).round(2)
val = ((total / n_nodes)*100).round/100.0
st = "#{att}[#{val.to_s}]"
end

12
src/host/Host.cc
View File

@ -231,19 +231,19 @@ int Host::update_info(string &parse_str,
if (isEnabled())
{
get_template_attribute("TOTALCPU", fv);
erase_template_attribute("TOTALCPU", fv);
host_share.max_cpu = static_cast<int>(fv);
get_template_attribute("TOTALMEMORY", fv);
erase_template_attribute("TOTALMEMORY", fv);
host_share.max_mem = static_cast<int>(fv);
get_template_attribute("FREECPU", fv);
erase_template_attribute("FREECPU", fv);
host_share.free_cpu = static_cast<int>(fv);
get_template_attribute("FREEMEMORY", fv);
erase_template_attribute("FREEMEMORY", fv);
host_share.free_mem = static_cast<int>(fv);
get_template_attribute("USEDCPU", fv);
erase_template_attribute("USEDCPU", fv);
host_share.used_cpu = static_cast<int>(fv);
get_template_attribute("USEDMEMORY", fv);
erase_template_attribute("USEDMEMORY", fv);
host_share.used_mem = static_cast<int>(fv);
}

2
src/im_mad/remotes/xen.d/poll3.sh
View File

@ -16,5 +16,5 @@
# limitations under the License. #
#--------------------------------------------------------------------------- #
../../vmm/xen4/poll --xen -t
../../vmm/xen3/poll --xen -t

5
src/image/ImageManagerDriver.cc
View File

@ -622,8 +622,6 @@ static void monitor_action(istringstream& is,
char* error_msg;
int rc = monitor_data.parse(*dsinfo, &error_msg);
delete dsinfo;
if ( rc != 0 )
{
oss << "Error parsing datastore information: " << error_msg
@ -631,11 +629,14 @@ static void monitor_action(istringstream& is,
NebulaLog::log("ImM", Log::ERROR, oss);
delete dsinfo;
free(error_msg);
return;
}
delete dsinfo;
float total, free, used;
string ds_name;

7
src/mad/sh/scripts_common.sh
View File

@ -23,6 +23,7 @@ BASH=bash
CUT=cut
DATE=date
DD=dd
DF=df
DU=du
GREP=grep
ISCSIADM=iscsiadm
@ -49,6 +50,8 @@ TAR=tar
TGTADM=tgtadm
TGTADMIN=tgt-admin
TGTSETUPLUN=tgt-setup-lun-one
TR=tr
VGDISPLAY=vgdisplay
VMKFSTOOLS=vmkfstools
WGET=wget
@ -308,6 +311,8 @@ function mkfs_command {
function ssh_exec_and_log
{
SSH_EXEC_ERR=`$SSH $1 sh -s 2>&1 1>/dev/null <<EOF
export LANG=C
export LC_ALL=C
$2
EOF`
SSH_EXEC_RC=$?
@ -329,6 +334,8 @@ EOF`
function ssh_monitor_and_log
{
SSH_EXEC_OUT=`$SSH $1 sh -s 2>/dev/null <<EOF
export LANG=C
export LC_ALL=C
$2
EOF`
SSH_EXEC_RC=$?

52
src/oca/java/src/org/opennebula/client/user/User.java
View File

@ -36,6 +36,8 @@ public class User extends PoolElement{
private static final String CHAUTH = METHOD_PREFIX + "chauth";
private static final String UPDATE = METHOD_PREFIX + "update";
private static final String QUOTA = METHOD_PREFIX + "quota";
private static final String ADDGROUP = METHOD_PREFIX + "addgroup";
private static final String DELGROUP = METHOD_PREFIX + "delgroup";
/**
* Creates a new User representation.
@ -146,6 +148,33 @@ public class User extends PoolElement{
return client.call(CHGRP, id, gid);
}
/**
* Adds the User to a secondary group
*
* @param client XML-RPC Client.
* @param id The user id (uid) of the target user we want to modify.
* @param gid The new group ID.
* @return If an error occurs the error message contains the reason.
*/
public static OneResponse addgroup(Client client, int id, int gid)
{
return client.call(ADDGROUP, id, gid);
}
/**
* Removes the User from a secondary group. Fails if the
* group is the main one
*
* @param client XML-RPC Client.
* @param id The user id (uid) of the target user we want to modify.
* @param gid The group ID.
* @return If an error occurs the error message contains the reason.
*/
public static OneResponse delgroup(Client client, int id, int gid)
{
return client.call(DELGROUP, id, gid);
}
/**
* Changes the auth driver and the password of the given user
*
@ -242,6 +271,29 @@ public class User extends PoolElement{
return chgrp(client, id, gid);
}
/**
* Adds the User to a secondary group
*
* @param gid The new group ID.
* @return If an error occurs the error message contains the reason.
*/
public OneResponse addgroup(int gid)
{
return addgroup(client, id, gid);
}
/**
* Removes the User from a secondary group. Fails if the
* group is the main one
*
* @param gid The group ID.
* @return If an error occurs the error message contains the reason.
*/
public OneResponse delgroup(int gid)
{
return delgroup(client, id, gid);
}
/**
* Changes the auth driver and the password of the given user
*

21
src/oca/ruby/opennebula/user.rb
View File

@ -29,6 +29,8 @@ module OpenNebula
:delete => "user.delete",
:passwd => "user.passwd",
:chgrp => "user.chgrp",
:addgroup => "user.addgroup",
:delgroup => "user.delgroup",
:update => "user.update",
:chauth => "user.chauth",
:quota => "user.quota"
@ -124,7 +126,7 @@ module OpenNebula
return rc
end
# Changes the main group
# Changes the primary group
# gid:: _Integer_ the new group id. Set to -1 to leave the current one
# [return] nil in case of success or an Error object
def chgrp(gid)
@ -136,6 +138,23 @@ module OpenNebula
return rc
end
# Adds the User to a secondary group
# @param gid [Integer] the new group id.
# @return [nil, OpenNebula::Error] nil in case of success, Error
# otherwise
def addgroup(gid)
return call(USER_METHODS[:addgroup], @pe_id, gid)
end
# Removes the User from a secondary group. Fails if the
# group is the main one
# @param gid [Integer] the group id.
# @return [nil, OpenNebula::Error] nil in case of success, Error
# otherwise
def delgroup(gid)
return call(USER_METHODS[:delgroup], @pe_id, gid)
end
# Changes the auth driver and the password of the given User
#
# @param auth [String] the new auth driver

57
src/onedb/4.2.0_to_4.3.80.rb Normal file
View File

@ -0,0 +1,57 @@
# -------------------------------------------------------------------------- #
# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
require 'rexml/document'
module Migrator
def db_version
"4.3.80"
end
def one_version
"OpenNebula 4.3.80"
end
def up
########################################################################
# Feature #1742
########################################################################
@db.run "ALTER TABLE user_pool RENAME TO old_user_pool;"
@db.run "CREATE TABLE user_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128), body MEDIUMTEXT, uid INTEGER, gid INTEGER, owner_u INTEGER, group_u INTEGER, other_u INTEGER, UNIQUE(name));"
@db.fetch("SELECT * FROM old_user_pool") do |row|
doc = REXML::Document.new(row[:body])
doc.root.add_element("GROUPS").add_element("ID").text = row[:gid].to_s
@db[:user_pool].insert(
:oid => row[:oid],
:name => row[:name],
:body => doc.root.to_s,
:uid => row[:oid],
:gid => row[:gid],
:owner_u => row[:owner_u],
:group_u => row[:group_u],
:other_u => row[:other_u])
end
@db.run "DROP TABLE old_user_pool;"
return true
end
end

56
src/onedb/fsck.rb
View File

@ -177,9 +177,10 @@ module OneDBFsck
gid = doc.root.get_text('GID').to_s.to_i
user_gid = gid
user_gids = Set.new
if group[gid].nil?
log_error("User #{row[:oid]} is in group #{gid}, but it does not exist")
log_error("User #{row[:oid]} has primary group #{gid}, but it does not exist")
user_gid = 1
@ -191,9 +192,44 @@ module OneDBFsck
e.text = "users"
end
doc.root.each_element("GROUPS") { |e|
e.elements.delete("ID[.=#{gid}]")
e.add_element("ID").text = user_gid.to_s
}
users_fix[row[:oid]] = {:body => doc.to_s, :gid => user_gid}
end
doc.root.each_element("GROUPS/ID") { |e|
user_gids.add e.text.to_i
}
if !user_gids.include?(user_gid)
log_error("User #{row[:oid]} does not have his primary group #{user_gid} in the list of secondary groups")
doc.root.each_element("GROUPS") { |e|
e.add_element("ID").text = user_gid.to_s
}
user_gids.add user_gid.to_i
users_fix[row[:oid]] = {:body => doc.to_s, :gid => user_gid}
end
user_gids.each do |secondary_gid|
if group[secondary_gid].nil?
log_error("User #{row[:oid]} has secondary group #{secondary_gid}, but it does not exist")
doc.root.each_element("GROUPS") { |e|
e.elements.delete("ID[.=#{secondary_gid}]")
}
users_fix[row[:oid]] = {:body => doc.to_s, :gid => user_gid}
else
group[secondary_gid] << row[:oid]
end
end
if gid != row[:gid]
log_error(
"User #{row[:oid]} is in group #{gid}, but the DB "<<
@ -201,8 +237,6 @@ module OneDBFsck
users_fix[row[:oid]] = {:body => doc.to_s, :gid => user_gid}
end
group[user_gid] << row[:oid]
end
users_fix.each do |id, user|
@ -227,7 +261,7 @@ module OneDBFsck
id_elem = users_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("User #{id} is missing fom Group #{gid} users id list")
log_error("User #{id} is missing from Group #{gid} users id list")
end
users_new_elem.add_element("ID").text = id.to_s
@ -409,7 +443,7 @@ module OneDBFsck
id_elem = hosts_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("Host #{id} is missing fom Cluster #{cluster_id} host id list")
log_error("Host #{id} is missing from Cluster #{cluster_id} host id list")
end
hosts_new_elem.add_element("ID").text = id.to_s
@ -439,7 +473,7 @@ module OneDBFsck
id_elem = ds_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("Datastore #{id} is missing fom Cluster #{cluster_id} datastore id list")
log_error("Datastore #{id} is missing from Cluster #{cluster_id} datastore id list")
end
ds_new_elem.add_element("ID").text = id.to_s
@ -459,7 +493,7 @@ module OneDBFsck
id_elem = vnets_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("VNet #{id} is missing fom Cluster #{cluster_id} vnet id list")
log_error("VNet #{id} is missing from Cluster #{cluster_id} vnet id list")
end
vnets_new_elem.add_element("ID").text = id.to_s
@ -546,7 +580,7 @@ module OneDBFsck
id_elem = images_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("Image #{id} is missing fom Datastore #{ds_id} image id list")
log_error("Image #{id} is missing from Datastore #{ds_id} image id list")
end
images_new_elem.add_element("ID").text = id.to_s
@ -740,7 +774,7 @@ module OneDBFsck
id_elem = vms_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("VM #{id} is missing fom Host #{hid} VM id list")
log_error("VM #{id} is missing from Host #{hid} VM id list")
end
vms_new_elem.add_element("ID").text = id.to_s
@ -824,7 +858,7 @@ module OneDBFsck
id_elem = vms_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("VM #{id} is missing fom Image #{oid} VM id list")
log_error("VM #{id} is missing from Image #{oid} VM id list")
end
vms_new_elem.add_element("ID").text = id.to_s
@ -857,7 +891,7 @@ module OneDBFsck
id_elem = clones_elem.elements.delete("ID[.=#{id}]")
if id_elem.nil?
log_error("Image #{id} is missing fom Image #{oid} CLONES id list")
log_error("Image #{id} is missing from Image #{oid} CLONES id list")
end
clones_new_elem.add_element("ID").text = id.to_s

76
src/onedb/onedb_backend.rb
View File

@ -28,40 +28,42 @@ class OneDBBacKEnd
def read_db_version
connect_db
version = "2.0"
timestamp = 0
comment = ""
@db.fetch("SELECT version, timestamp, comment FROM db_versioning " +
"WHERE oid=(SELECT MAX(oid) FROM db_versioning)") do |row|
version = row[:version]
timestamp = row[:timestamp]
comment = row[:comment]
end
return [version, timestamp, comment]
rescue Exception => e
if e.class == Sequel::DatabaseConnectionError
raise e
elsif !db_exists?
# If the DB doesn't have db_version table, it means it is empty or a 2.x
raise "Database schema does not look to be created by " <<
"OpenNebula: table user_pool is missing or empty."
end
begin
# Table image_pool is present only in 2.X DBs
@db.fetch("SELECT * FROM image_pool") { |row| }
rescue
raise "Database schema looks to be created by OpenNebula 1.X." <<
"This tool only works with databases created by 2.X versions."
version = "2.0"
timestamp = 0
comment = ""
@db.fetch("SELECT version, timestamp, comment FROM db_versioning " +
"WHERE oid=(SELECT MAX(oid) FROM db_versioning)") do |row|
version = row[:version]
timestamp = row[:timestamp]
comment = row[:comment]
end
return [version, timestamp, comment]
rescue Exception => e
if e.class == Sequel::DatabaseConnectionError
raise e
elsif !db_exists?
# If the DB doesn't have db_version table, it means it is empty or a 2.x
raise "Database schema does not look to be created by " <<
"OpenNebula: table user_pool is missing or empty."
end
begin
# Table image_pool is present only in 2.X DBs
@db.fetch("SELECT * FROM image_pool") { |row| }
rescue
raise "Database schema looks to be created by OpenNebula 1.X." <<
"This tool only works with databases created by 2.X versions."
end
comment = "Could not read any previous db_versioning data, " <<
"assuming it is an OpenNebula 2.0 or 2.2 DB."
return [version, timestamp, comment]
end
comment = "Could not read any previous db_versioning data, " <<
"assuming it is an OpenNebula 2.0 or 2.2 DB."
return [version, timestamp, comment]
end
def history
@ -222,10 +224,6 @@ class BackEndSQLite < OneDBBacKEnd
def initialize(file)
@sqlite_file = file
if !File.exists?(@sqlite_file)
raise "File #{@sqlite_file} doesn't exist"
end
end
def bck_file
@ -239,7 +237,7 @@ class BackEndSQLite < OneDBBacKEnd
end
def restore(bck_file, force=nil)
if !force
if File.exists?(@sqlite_file) && !force
raise "File #{@sqlite_file} exists, use -f to overwrite."
end
@ -250,6 +248,10 @@ class BackEndSQLite < OneDBBacKEnd
private
def connect_db
if !File.exists?(@sqlite_file)
raise "File #{@sqlite_file} doesn't exist"
end
begin
@db = Sequel.sqlite(@sqlite_file)
rescue Exception => e

2
src/ozones/Server/ozones-server.rb
View File

@ -140,7 +140,7 @@ ADMIN_PASS = @auth.password
begin
OZones::ProxyRules.new("apache", $config[:htaccess])
rescue Exception => e
logger {e.message}
logger.error {e.message}
exit -1
end

52
src/pool/PoolSQL.cc
View File

@ -579,14 +579,14 @@ int PoolSQL::search(
/* -------------------------------------------------------------------------- */
void PoolSQL::acl_filter(int uid,
int gid,
const set<int>& user_groups,
PoolObjectSQL::ObjectType auth_object,
bool& all,
string& filter)
{
filter.clear();
if ( uid == 0 || gid == 0 )
if ( uid == UserPool::ONEADMIN_ID || user_groups.count( GroupPool::ONEADMIN_ID ) == 1 )
{
all = true;
return;
@ -603,7 +603,7 @@ void PoolSQL::acl_filter(int uid,
vector<int> cids;
aclm->reverse_search(uid,
gid,
user_groups,
auth_object,
AuthRequest::USE,
all,
@ -631,32 +631,43 @@ void PoolSQL::acl_filter(int uid,
/* -------------------------------------------------------------------------- */
void PoolSQL::usr_filter(int uid,
int gid,
int filter_flag,
bool all,
const string& acl_str,
string& filter)
void PoolSQL::usr_filter(int uid,
const set<int>& user_groups,
int filter_flag,
bool all,
const string& acl_str,
string& filter)
{
ostringstream uid_filter;
set<int>::iterator g_it;
if ( filter_flag == RequestManagerPoolInfoFilter::MINE )
{
uid_filter << "uid = " << uid;
}
else if ( filter_flag == RequestManagerPoolInfoFilter::MINE_GROUP )
{
uid_filter << " uid = " << uid
<< " OR ( gid = " << gid << " AND group_u = 1 )";
uid_filter << " uid = " << uid;
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
{
uid_filter << " OR ( gid = " << *g_it << " AND group_u = 1 )";
}
}
else if ( filter_flag == RequestManagerPoolInfoFilter::ALL )
{
if (!all)
{
uid_filter << " uid = " << uid
<< " OR ( gid = " << gid << " AND group_u = 1 )"
<< " OR other_u = 1"
<< acl_str;
<< " OR other_u = 1";
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
{
uid_filter << " OR ( gid = " << *g_it << " AND group_u = 1 )";
}
uid_filter << acl_str;
}
}
else
@ -665,11 +676,14 @@ void PoolSQL::usr_filter(int uid,
if ( filter_flag != uid && !all )
{
uid_filter << " AND ("
<< " ( gid = " << gid << " AND group_u = 1)"
<< " OR other_u = 1"
<< acl_str
<< ")";
uid_filter << " AND ( other_u = 1";
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
{
uid_filter << " OR ( gid = " << *g_it << " AND group_u = 1 )";
}
uid_filter << acl_str << ")";
}
}

5
src/rm/Request.cc
View File

@ -40,7 +40,8 @@ void Request::execute(
att.uid,
att.gid,
att.uname,
att.gname);
att.gname,
att.group_ids);
log_method_invoked(att, _paramList);
@ -240,7 +241,7 @@ bool Request::basic_authorization(int oid,
perms.obj_type = auth_object;
}
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(op, perms);

4
src/rm/RequestManager.cc
View File

@ -254,6 +254,8 @@ void RequestManager::register_xml_methods()
xmlrpc_c::methodPtr user_change_password(new UserChangePassword());
xmlrpc_c::methodPtr user_change_auth(new UserChangeAuth());
xmlrpc_c::methodPtr user_set_quota(new UserSetQuota());
xmlrpc_c::methodPtr user_add_group(new UserAddGroup());
xmlrpc_c::methodPtr user_del_group(new UserDelGroup());
// Group Methods
xmlrpc_c::methodPtr group_set_quota(new GroupSetQuota());
@ -489,6 +491,8 @@ void RequestManager::register_xml_methods()
RequestManagerRegistry.addMethod("one.user.info", user_info);
RequestManagerRegistry.addMethod("one.user.passwd", user_change_password);
RequestManagerRegistry.addMethod("one.user.chgrp", user_chown);
RequestManagerRegistry.addMethod("one.user.addgroup", user_add_group);
RequestManagerRegistry.addMethod("one.user.delgroup", user_del_group);
RequestManagerRegistry.addMethod("one.user.chauth", user_change_auth);
RequestManagerRegistry.addMethod("one.user.quota", user_set_quota);

6
src/rm/RequestManagerAllocate.cc
View File

@ -34,7 +34,7 @@ bool RequestManagerAllocate::allocate_authorization(
string tmpl_str = "";
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
if ( tmpl != 0 )
{
@ -73,7 +73,7 @@ bool VirtualMachineAllocate::allocate_authorization(
return true;
}
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
string t64;
string aname;
@ -459,7 +459,7 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
string tmpl_str;
string aname;

2
src/rm/RequestManagerChmod.cc
View File

@ -108,7 +108,7 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
}
}
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(op, perms);

33
src/rm/RequestManagerChown.cc
View File

@ -213,7 +213,7 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
rc = get_info(pool, oid, auth_object, att, operms, oname);
@ -317,6 +317,8 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
int rc;
bool remove_old_group;
string ngname;
string uname;
@ -363,7 +365,7 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, uperms); // MANAGE USER
ar.add_auth(AuthRequest::USE, ngperms); // USE GROUP
@ -399,6 +401,18 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
user->set_group(ngid,ngname);
// The user is removed from the old group only if the new group is not a
// secondary one
rc = user->add_group(ngid);
remove_old_group = (rc == 0);
if (remove_old_group)
{
user->del_group(old_gid);
}
upool->update(user);
user->unlock();
@ -423,15 +437,18 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
// ------------- Updates old group removing the user ---------------------
group = gpool->get(old_gid, true);
if( group != 0 )
if (remove_old_group)
{
group->del_user(oid);
group = gpool->get(old_gid, true);
gpool->update(group);
if( group != 0 )
{
group->del_user(oid);
group->unlock();
gpool->update(group);
group->unlock();
}
}
success_response(oid, att);

2
src/rm/RequestManagerClone.cc
View File

@ -79,7 +79,7 @@ void RequestManagerClone::request_execute(
{
string tmpl_str = "";
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, perms); //USE OBJECT

2
src/rm/RequestManagerCluster.cc
View File

@ -70,7 +70,7 @@ void RequestManagerCluster::add_generic(
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
if ( cluster_id != ClusterPool::NONE_CLUSTER_ID )
{

20
src/rm/RequestManagerDelete.cc
View File

@ -47,7 +47,7 @@ bool RequestManagerDelete::delete_authorization(
object->unlock();
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, perms); // <MANAGE|ADMIN> OBJECT
@ -227,8 +227,11 @@ int ClusterDelete::drop(int oid, PoolObjectSQL * object, string& error_msg)
int UserDelete::drop(int oid, PoolObjectSQL * object, string& error_msg)
{
User * user = static_cast<User *>(object);
int group_id = user->get_gid();
set<int> group_set;
set<int>::iterator it;
User * user = static_cast<User *>(object);
group_set = user->get_groups();
if (oid == 0)
{
@ -244,10 +247,17 @@ int UserDelete::drop(int oid, PoolObjectSQL * object, string& error_msg)
if ( rc == 0 )
{
Group * group = gpool->get(group_id, true);
Group * group;
if( group != 0 )
for ( it = group_set.begin(); it != group_set.end(); it++ )
{
group = gpool->get(*it, true);
if( group == 0 )
{
continue;
}
group->del_user(oid);
gpool->update(group);

2
src/rm/RequestManagerImage.cc
View File

@ -357,7 +357,7 @@ void ImageClone::request_execute(
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
string tmpl_str;
// ------------------ Check permissions and ACLs ----------------------

4
src/rm/RequestManagerPoolInfoFilter.cc
View File

@ -279,9 +279,9 @@ void RequestManagerPoolInfoFilter::where_filter(
ostringstream filter;
PoolSQL::acl_filter(att.uid, att.gid, auth_object, all, acl_str);
PoolSQL::acl_filter(att.uid, att.group_ids, auth_object, all, acl_str);
PoolSQL::usr_filter(att.uid, att.gid, filter_flag, all, acl_str, uid_str);
PoolSQL::usr_filter(att.uid, att.group_ids, filter_flag, all, acl_str, uid_str);
PoolSQL::oid_filter(start_id, end_id, oid_str);

2
src/rm/RequestManagerRename.cc
View File

@ -53,7 +53,7 @@ void RequestManagerRename::request_execute(xmlrpc_c::paramList const& paramList,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, operms); // MANAGE OBJECT

183
src/rm/RequestManagerUser.cc
View File

@ -210,3 +210,186 @@ int UserSetQuota::user_action(int user_id,
return rc;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void UserEditGroup::
request_execute(xmlrpc_c::paramList const& paramList,
RequestAttributes& att)
{
int user_id = xmlrpc_c::value_int(paramList.getInt(1));
int group_id = xmlrpc_c::value_int(paramList.getInt(2));
int rc;
string error_str;
string gname;
string uname;
PoolObjectAuth uperms;
PoolObjectAuth gperms;
rc = get_info(upool, user_id, PoolObjectSQL::USER, att, uperms, uname);
if ( rc == -1 )
{
return;
}
rc = get_info(gpool, group_id, PoolObjectSQL::GROUP, att, gperms, gname);
if ( rc == -1 )
{
return;
}
if ( att.uid != UserPool::ONEADMIN_ID )
{
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(AuthRequest::MANAGE, uperms); // MANAGE USER
ar.add_auth(AuthRequest::MANAGE, gperms); // MANAGE GROUP
if (UserPool::authorize(ar) == -1)
{
failure_response(AUTHORIZATION,
authorization_error(ar.message, att),
att);
return;
}
}
if ( secondary_group_action(user_id, group_id, paramList, error_str) < 0 )
{
failure_response(ACTION, request_error(error_str,""), att);
return;
}
success_response(user_id, att);
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int UserAddGroup::secondary_group_action(
int user_id,
int group_id,
xmlrpc_c::paramList const& _paramList,
string& error_str)
{
User * user;
Group * group;
int rc;
user = upool->get(user_id,true);
if ( user == 0 )
{
return -1;
}
rc = user->add_group(group_id);
if ( rc != 0 )
{
user->unlock();
error_str = "User is already in this group";
return -1;
}
upool->update(user);
user->unlock();
group = gpool->get(group_id, true);
if( group == 0 )
{
user = upool->get(user_id,true);
if ( user != 0 )
{
user->del_group(group_id);
upool->update(user);
user->unlock();
}
error_str = "Group does not exist";
return -1;
}
group->add_user(user_id);
gpool->update(group);
group->unlock();
return 0;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int UserDelGroup::secondary_group_action(
int user_id,
int group_id,
xmlrpc_c::paramList const& _paramList,
string& error_str)
{
User * user;
Group * group;
int rc;
user = upool->get(user_id,true);
rc = user->del_group(group_id);
if ( rc != 0 )
{
user->unlock();
if ( rc == -1 )
{
error_str = "User is not part of this group";
}
else if ( rc == -2 )
{
error_str = "Cannot remove user from the primary group";
}
else
{
error_str = "Cannot remove user from group";
}
return rc;
}
upool->update(user);
user->unlock();
group = gpool->get(group_id, true);
if( group == 0 )
{
//Group does not exist, should never occur
error_str = "Cannot remove user from group";
return -1;
}
group->del_user(user_id);
gpool->update(group);
group->unlock();
return 0;
}

2
src/rm/RequestManagerVMTemplate.cc
View File

@ -177,7 +177,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, perms); //USE TEMPLATE

2
src/rm/RequestManagerVirtualMachine.cc
View File

@ -55,7 +55,7 @@ bool RequestManagerVirtualMachine::vm_authorization(
object->unlock();
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(op, vm_perms);

8
src/scheduler/src/sched/Scheduler.cc
View File

@ -450,8 +450,14 @@ void Scheduler::match_schedule()
host_perms.oid = host->get_hid();
host_perms.obj_type = PoolObjectSQL::HOST;
// Even if the owner is in several groups, this request only
// uses the VM group ID
set<int> gids;
gids.insert(gid);
matched = acls->authorize(uid,
gid,
gids,
host_perms,
AuthRequest::MANAGE);
}

22
src/sunstone/public/js/sunstone-util.js
View File

@ -208,13 +208,21 @@ function tableCheckboxesListener(dataTable, custom_context){
// Does a partial redraw, so the filter and pagination are kept
function updateView(item_list,dataTable){
var selected_row_id = $($('td.markrowselected',dataTable.fnGetNodes())[1]).html();
if (!selected_row_id) selected_row_id = $($('td.markrowselected',dataTable.fnGetNodes())[0]).html();
var checked_row_ids = new Array();
$.each($(dataTable.fnGetNodes()), function(){
if($('td.markrowchecked',this).length!=0)
{
checked_row_ids.push($($('td',$(this))[1]).html());
}
if($('td.markrowchecked',this).length!=0)
{
if (!isNaN($($('td',$(this))[1]).html()))
{
checked_row_ids.push($($('td',$(this))[1]).html());
}
else
{
checked_row_ids.push($($('td',$(this))[0]).html());
}
}
});
if (dataTable) {
@ -252,6 +260,12 @@ function updateView(item_list,dataTable){
{
$.each($(dataTable.fnGetNodes()),function(){
var current_id = $($('td',this)[1]).html();
if (isNaN(current_id))
{
current_id = $($('td',this)[0]).html();
}
if (current_id)
{
if(jQuery.inArray(current_id, checked_row_ids)!=-1)

5
src/tm_mad/ceph/clone
View File

@ -57,6 +57,11 @@ unset i
CEPH_HOST="${XPATH_ELEMENTS[i++]}"
if [ -z "$CEPH_HOST" ]; then
error_message "Datastore template missing 'HOST' attribute."
exit -1
fi
#-------------------------------------------------------------------------------
# Compute the destination image name
#-------------------------------------------------------------------------------

3
src/tm_mad/common/mkimage
View File

@ -53,8 +53,9 @@ ssh_make_path $DST_HOST $DST_DIR
CREATE_IMAGE="$DD if=/dev/zero of=$DST_PATH bs=1 count=1 seek=${SIZE}M"
MKFS_CMD=`mkfs_command $DST_PATH $FSTYPE $SIZE`
MKSCRIPT=$(cat <<EOF
set -e
export PATH=/usr/sbin:/sbin:\$PATH
$CREATE_IMAGE
$MKFS_CMD

8
src/tm_mad/iscsi/cpds
View File

@ -53,7 +53,7 @@ DISK_ID=$(echo $SRC|awk -F. '{print $NF}')
XPATH="${DRIVER_PATH}/../../datastore/xpath.rb --stdin"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -62,9 +62,9 @@ done < <(onevm show -x $VMID| $XPATH \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/SAVE_AS \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/PERSISTENT)
IQN="${XPATH_ELEMENTS[0]}"
SAVE_AS="${XPATH_ELEMENTS[1]}"
PERSISTENT="${XPATH_ELEMENTS[2]}"
IQN="${XPATH_ELEMENTS[j++]}"
SAVE_AS="${XPATH_ELEMENTS[j++]}"
PERSISTENT="${XPATH_ELEMENTS[j++]}"
if [ -z "$PERSISTENT" ]; then
IQN=$IQN-$VMID

6
src/tm_mad/iscsi/delete
View File

@ -54,7 +54,7 @@ DISK_ID=$(echo "$DST_PATH" | $AWK -F. '{print $NF}')
XPATH="${DRIVER_PATH}/../../datastore/xpath.rb --stdin"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -62,8 +62,8 @@ done < <(onevm show -x $VMID| $XPATH \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/SOURCE \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/PERSISTENT)
IQN="${XPATH_ELEMENTS[0]}"
PERSISTENT="${XPATH_ELEMENTS[1]}"
IQN="${XPATH_ELEMENTS[j++]}"
PERSISTENT="${XPATH_ELEMENTS[j++]}"
if [ -z "$PERSISTENT" ]; then
NEW_IQN=$IQN-$VMID

6
src/tm_mad/iscsi/mv
View File

@ -76,7 +76,7 @@ fi
XPATH="${DRIVER_PATH}/../../datastore/xpath.rb --stdin"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
DISK_ID=$(echo "$SRC_PATH" | $AWK -F. '{print $NF}')
@ -86,8 +86,8 @@ done < <(onevm show -x $VMID| $XPATH \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/SOURCE \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/PERSISTENT)
IQN="${XPATH_ELEMENTS[0]}"
PERSISTENT="${XPATH_ELEMENTS[1]}"
IQN="${XPATH_ELEMENTS[j++]}"
PERSISTENT="${XPATH_ELEMENTS[j++]}"
if [ -z "$PERSISTENT" ]; then
IQN=$IQN-$VMID

8
src/tm_mad/iscsi/mvds
View File

@ -53,7 +53,7 @@ DISK_ID=$(echo $SRC|awk -F. '{print $NF}')
XPATH="${DRIVER_PATH}/../../datastore/xpath.rb --stdin"
unset i XPATH_ELEMENTS
unset i j XPATH_ELEMENTS
while IFS= read -r -d '' element; do
XPATH_ELEMENTS[i++]="$element"
@ -62,9 +62,9 @@ done < <(onevm show -x $VMID| $XPATH \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/SAVE_AS \
/VM/TEMPLATE/DISK[DISK_ID=$DISK_ID]/PERSISTENT)
IQN="${XPATH_ELEMENTS[0]}"
SAVE_AS="${XPATH_ELEMENTS[1]}"
PERSISTENT="${XPATH_ELEMENTS[2]}"
IQN="${XPATH_ELEMENTS[j++]}"
SAVE_AS="${XPATH_ELEMENTS[j++]}"
PERSISTENT="${XPATH_ELEMENTS[j++]}"
if [ -z "$PERSISTENT" ]; then
IQN=$IQN-$VMID

2
src/tm_mad/lvm/cpds
View File

@ -53,6 +53,8 @@ LV_NAME=$(echo $DST_PATH|cut -d. -f2)
TARGET_DEV=/dev/$VG_NAME/$LV_NAME
DUMP_CMD=$(cat <<EOF
set -e
DEV=\$(readlink $SRC_PATH)
SIZE=\$($SUDO $LVS \$DEV --noheadings --nosuffix --units m -o lv_size \
| tr -d ' ')

19
src/um/User.cc
View File

@ -156,6 +156,9 @@ string& User::to_xml_extended(string& xml, bool extended) const
string template_xml;
string quota_xml;
string collection_xml;
ObjectCollection::to_xml(collection_xml);
int enabled_int = enabled?1:0;
@ -163,6 +166,7 @@ string& User::to_xml_extended(string& xml, bool extended) const
"<USER>"
"<ID>" << oid <<"</ID>" <<
"<GID>" << gid <<"</GID>" <<
collection_xml <<
"<GNAME>" << gname <<"</GNAME>" <<
"<NAME>" << name <<"</NAME>" <<
"<PASSWORD>" << password <<"</PASSWORD>" <<
@ -220,7 +224,22 @@ int User::from_xml(const string& xml)
rc += obj_template->from_xml_node(content[0]);
ObjectXML::free_nodes(content);
content.clear();
ObjectXML::get_nodes("/USER/GROUPS", content);
if (content.empty())
{
return -1;
}
// Set of IDs
rc += ObjectCollection::from_xml_node(content[0]);
ObjectXML::free_nodes(content);
content.clear();
// Quotas
rc += quota.from_xml(this);
if (rc != 0)

50
src/um/UserPool.cc
View File

@ -293,6 +293,9 @@ int UserPool::allocate (
// Build a new User object
user = new User(-1, gid, uname, gname, upass, auth_driver, enabled);
// Add the primary group to the collection
user->add_collection_id(gid);
// Set a password for the OneGate tokens
user->add_template_attribute("TOKEN_PASSWORD", one_util::random_password());
@ -348,7 +351,8 @@ bool UserPool::authenticate_internal(User * user,
int& user_id,
int& group_id,
string& uname,
string& gname)
string& gname,
set<int>& group_ids)
{
bool result = false;
@ -367,6 +371,8 @@ bool UserPool::authenticate_internal(User * user,
user_id = user->oid;
group_id = user->gid;
group_ids = user->get_groups();
uname = user->name;
gname = user->gname;
@ -381,7 +387,7 @@ bool UserPool::authenticate_internal(User * user,
return true;
}
AuthRequest ar(user_id, group_id);
AuthRequest ar(user_id, group_ids);
if ( auth_driver == UserPool::CORE_AUTH )
{
@ -445,6 +451,8 @@ auth_failure:
user_id = -1;
group_id = -1;
group_ids.clear();
uname = "";
gname = "";
@ -459,7 +467,8 @@ bool UserPool::authenticate_server(User * user,
int& user_id,
int& group_id,
string& uname,
string& gname)
string& gname,
set<int>& group_ids)
{
bool result = false;
@ -480,7 +489,7 @@ bool UserPool::authenticate_server(User * user,
auth_driver = user->auth_driver;
AuthRequest ar(user->oid, user->gid);
AuthRequest ar(user->oid, user->get_groups());
user->unlock();
@ -502,6 +511,8 @@ bool UserPool::authenticate_server(User * user,
user_id = user->oid;
group_id = user->gid;
group_ids = user->get_groups();
uname = user->name;
gname = user->gname;
@ -571,6 +582,8 @@ auth_failure:
user_id = -1;
group_id = -1;
group_ids.clear();
uname = "";
gname = "";
@ -580,12 +593,13 @@ auth_failure:
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool UserPool::authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname)
bool UserPool::authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname,
set<int>& group_ids)
{
ostringstream oss;
istringstream is;
@ -598,7 +612,9 @@ bool UserPool::authenticate_external(const string& username,
Nebula& nd = Nebula::instance();
AuthManager * authm = nd.get_authm();
AuthRequest ar(-1,-1);
set<int> empty_set;
AuthRequest ar(-1,empty_set);
if (authm == 0)
{
@ -653,6 +669,7 @@ bool UserPool::authenticate_external(const string& username,
}
group_id = GroupPool::USERS_ID;
group_ids.insert( GroupPool::USERS_ID );
uname = mad_name;
gname = GroupPool::USERS_NAME;
@ -681,6 +698,8 @@ auth_failure:
user_id = -1;
group_id = -1;
group_ids.clear();
uname = "";
gname = "";
@ -694,7 +713,8 @@ bool UserPool::authenticate(const string& session,
int& user_id,
int& group_id,
string& uname,
string& gname)
string& gname,
set<int>& group_ids)
{
User * user = 0;
string username;
@ -718,16 +738,16 @@ bool UserPool::authenticate(const string& session,
if ( fnmatch(UserPool::SERVER_AUTH, driver.c_str(), 0) == 0 )
{
ar = authenticate_server(user,token,user_id,group_id,uname,gname);
ar = authenticate_server(user,token,user_id,group_id,uname,gname,group_ids);
}
else
{
ar = authenticate_internal(user,token,user_id,group_id,uname,gname);
ar = authenticate_internal(user,token,user_id,group_id,uname,gname,group_ids);
}
}
else
{
ar = authenticate_external(username,token,user_id,group_id,uname,gname);
ar = authenticate_external(username,token,user_id,group_id,uname,gname,group_ids);
}
return ar;

827
src/vm/vm_file_var_syntax.cc
View File

File diff suppressed because it is too large Load Diff

65
src/vm/vm_file_var_syntax.h
View File

@ -1,19 +1,19 @@
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* A Bison parser, made by GNU Bison 3.0. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
@ -26,13 +26,13 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
# define YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
/* Enabling traces. */
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
@ -40,53 +40,50 @@
extern int vm_file_var__debug;
#endif
/* Tokens. */
/* Token type. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
EQUAL = 258,
COMMA = 259,
OBRACKET = 260,
CBRACKET = 261,
EOA = 262,
STRING = 263,
VARIABLE = 264,
RSTRING = 265,
INTEGER = 266
};
enum yytokentype
{
EQUAL = 258,
COMMA = 259,
OBRACKET = 260,
CBRACKET = 261,
EOA = 262,
STRING = 263,
VARIABLE = 264,
RSTRING = 265,
INTEGER = 266
};
#endif
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
typedef union YYSTYPE YYSTYPE;
union YYSTYPE
{
/* Line 2053 of yacc.c */
#line 190 "vm_file_var_syntax.y"
#line 206 "vm_file_var_syntax.y" /* yacc.c:1909 */
char * val_str;
int val_int;
char val_char;
/* Line 2053 of yacc.c */
#line 75 "vm_file_var_syntax.hh"
} YYSTYPE;
#line 72 "vm_file_var_syntax.hh" /* yacc.c:1909 */
};
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
/* Location type. */
#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
typedef struct YYLTYPE
typedef struct YYLTYPE YYLTYPE;
struct YYLTYPE
{
int first_line;
int first_column;
int last_line;
int last_column;
} YYLTYPE;
# define yyltype YYLTYPE /* obsolescent; will be withdrawn */
};
# define YYLTYPE_IS_DECLARED 1
# define YYLTYPE_IS_TRIVIAL 1
#endif

18
src/vm/vm_file_var_syntax.y
View File

@ -87,7 +87,9 @@ int get_image_path(VirtualMachine * vm,
Nebula& nd = Nebula::instance();
ImagePool * ipool = nd.get_ipool();
UserPool * upool = nd.get_upool();
Image * img = 0;
User * user = 0;
int iid = -1;
PoolObjectAuth perm;
@ -160,7 +162,21 @@ int get_image_path(VirtualMachine * vm,
img->unlock();
AuthRequest ar(vm->get_uid(), vm->get_gid());
set<int> gids;
user = upool->get(vm->get_uid(), true);
if (user != 0)
{
gids = user->get_groups();
user->unlock();
}
else
{
gids.insert(vm->get_gid());
}
AuthRequest ar(vm->get_uid(), gids);
ar.add_auth(AuthRequest::USE, perm);

2
src/vmm_mad/exec/vmm_exec_kvm.conf
View File

@ -35,4 +35,4 @@ FEATURES = [ PAE = "no", ACPI = "yes" ]
DISK = [ driver = "raw" , cache = "none"]
#NIC = [ filter = "clean-traffic", model="virtio" ]
#RAW = "<devices><serial type=\"pty\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></serial><console type=\"pty\" tty=\"/dev/pts/5\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></console></devices>"
#RAW = [ type = "kvm", data = "<devices><serial type=\"pty\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></serial><console type=\"pty\" tty=\"/dev/pts/5\"><source path=\"/dev/pts/5\"/><target port=\"0\"/></console></devices>" ]

2
src/vmm_mad/exec/vmm_exec_xen3.conf
View File

@ -30,4 +30,4 @@
CREDIT = 256
DISK = [ driver = "tap:aio:" ]
#RAW = "data=\"on_crash=destroy\""
#RAW = [ type = "xen", data = "on_crash=destroy" ]

2
src/vmm_mad/exec/vmm_exec_xen4.conf
View File

@ -30,4 +30,4 @@
CREDIT = 256
DISK = [ driver = "raw:" ]
#RAW = "data=\"on_crash=destroy\""
#RAW = [ type = "xen", data = "on_crash=destroy" ]

2
src/vmm_mad/remotes/kvm/restore
View File

@ -23,3 +23,5 @@ file=$1
exec_and_log "virsh --connect $LIBVIRT_URI restore $file" \
"Could not restore from $file"
rm "$file"

18
src/vnm_mad/remotes/OpenNebulaNetwork.rb
View File

@ -30,16 +30,16 @@ CONF = {
}
COMMANDS = {
:ebtables => "sudo /sbin/ebtables",
:iptables => "sudo /sbin/iptables",
:brctl => "sudo /sbin/brctl",
:ip => "sudo /sbin/ip",
:vconfig => "sudo /sbin/vconfig",
:ebtables => "sudo ebtables",
:iptables => "sudo iptables",
:brctl => "sudo brctl",
:ip => "sudo ip",
:vconfig => "sudo vconfig",
:virsh => "virsh -c qemu:///system",
:xm => "sudo /usr/sbin/xm",
:ovs_vsctl=> "sudo /usr/bin/ovs-vsctl",
:ovs_ofctl=> "sudo /usr/bin/ovs-ofctl",
:lsmod => "/sbin/lsmod"
:xm => "sudo xm",
:ovs_vsctl=> "sudo ovs-vsctl",
:ovs_ofctl=> "sudo ovs-ofctl",
:lsmod => "lsmod"
}
class VM

841
src/xml/expr_arith.cc
View File

File diff suppressed because it is too large Load Diff

53
src/xml/expr_arith.h
View File

@ -1,19 +1,19 @@
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* A Bison parser, made by GNU Bison 3.0. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
@ -26,13 +26,13 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_EXPR_ARITH_EXPR_ARITH_HH_INCLUDED
# define YY_EXPR_ARITH_EXPR_ARITH_HH_INCLUDED
/* Enabling traces. */
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
@ -40,47 +40,44 @@
extern int expr_arith__debug;
#endif
/* Tokens. */
/* Token type. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
INTEGER = 258,
STRING = 259,
FLOAT = 260
};
enum yytokentype
{
INTEGER = 258,
STRING = 259,
FLOAT = 260
};
#endif
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
typedef union YYSTYPE YYSTYPE;
union YYSTYPE
{
/* Line 2053 of yacc.c */
#line 78 "expr_arith.y"
#line 78 "expr_arith.y" /* yacc.c:1909 */
char * val_str;
int val_int;
float val_float;
/* Line 2053 of yacc.c */
#line 69 "expr_arith.hh"
} YYSTYPE;
#line 66 "expr_arith.hh" /* yacc.c:1909 */
};
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
/* Location type. */
#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
typedef struct YYLTYPE
typedef struct YYLTYPE YYLTYPE;
struct YYLTYPE
{
int first_line;
int first_column;
int last_line;
int last_column;
} YYLTYPE;
# define yyltype YYLTYPE /* obsolescent; will be withdrawn */
};
# define YYLTYPE_IS_DECLARED 1
# define YYLTYPE_IS_TRIVIAL 1
#endif

900
src/xml/expr_bool.cc
View File

File diff suppressed because it is too large Load Diff

53
src/xml/expr_bool.h
View File

@ -1,19 +1,19 @@
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* A Bison parser, made by GNU Bison 3.0. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
@ -26,13 +26,13 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_EXPR_BOOL_EXPR_BOOL_HH_INCLUDED
# define YY_EXPR_BOOL_EXPR_BOOL_HH_INCLUDED
/* Enabling traces. */
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
@ -40,47 +40,44 @@
extern int expr_bool__debug;
#endif
/* Tokens. */
/* Token type. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
INTEGER = 258,
STRING = 259,
FLOAT = 260
};
enum yytokentype
{
INTEGER = 258,
STRING = 259,
FLOAT = 260
};
#endif
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
typedef union YYSTYPE YYSTYPE;
union YYSTYPE
{
/* Line 2053 of yacc.c */
#line 77 "expr_bool.y"
#line 77 "expr_bool.y" /* yacc.c:1909 */
char * val_str;
int val_int;
float val_float;
/* Line 2053 of yacc.c */
#line 69 "expr_bool.hh"
} YYSTYPE;
#line 66 "expr_bool.hh" /* yacc.c:1909 */
};
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
/* Location type. */
#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
typedef struct YYLTYPE
typedef struct YYLTYPE YYLTYPE;
struct YYLTYPE
{
int first_line;
int first_column;
int last_line;
int last_column;
} YYLTYPE;
# define yyltype YYLTYPE /* obsolescent; will be withdrawn */
};
# define YYLTYPE_IS_DECLARED 1
# define YYLTYPE_IS_TRIVIAL 1
#endif