diff --git a/src/rm/RequestManagerAction.cc b/src/rm/RequestManagerAction.cc index a9be238951..27a24b798e 100644 --- a/src/rm/RequestManagerAction.cc +++ b/src/rm/RequestManagerAction.cc @@ -127,7 +127,6 @@ void RequestManager::VirtualMachineAction::execute( if (rc != 0) { goto error_operation; - } arrayData.push_back(xmlrpc_c::value_boolean(true)); @@ -160,8 +159,7 @@ error_authenticate: goto error_common; error_authorize: - oss << "User not authorized to perform operation upon VirtualMachine [" - << vid << "]"; + oss << "User not authorized to perform VM operation"; goto error_common; error_common: diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 59375783c1..84f5556838 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -75,7 +75,7 @@ void RequestManager::VirtualMachineAllocate::execute( return; error_authenticate: - oss << "User not authenticated, aborting RequestManagerAllocate call."; + oss << "Error in user authentication"; goto error_common; error_allocate: diff --git a/src/rm/RequestManagerCancel.cc b/src/rm/RequestManagerCancel.cc index 2175ee720f..91178be808 100644 --- a/src/rm/RequestManagerCancel.cc +++ b/src/rm/RequestManagerCancel.cc @@ -23,21 +23,21 @@ void RequestManager::VirtualMachineCancel::execute( xmlrpc_c::paramList const& paramList, xmlrpc_c::value * const retval) -{ +{ string session; // of the vid to retrieve the information for - int vid; + int vid; int uid; VirtualMachine * vm; - + ostringstream oss; /* -- RPC specific vars -- */ vector arrayData; xmlrpc_c::value_array * arrayresult; - + Nebula& nd = Nebula::instance(); DispatchManager * dm = nd.get_dm(); @@ -47,62 +47,75 @@ void RequestManager::VirtualMachineCancel::execute( session = xmlrpc_c::value_string(paramList.getString(0)); vid = xmlrpc_c::value_int (paramList.getInt(1)); - - // Retrieve the VM from the vmpool + // Retrieve the VM from the vmpool vm = VirtualMachineCancel::vmpool->get(vid,true); - - if ( vm == 0 ) - { - goto error_vm_get; + + if ( vm == 0 ) + { + goto error_vm_get; } - + uid = vm->get_uid(); vm->unlock(); - // Only oneadmin or the VM owner can perform operations upon the VM + //Authenticate the user rc = VirtualMachineCancel::upool->authenticate(session); - - if ( rc != 0 && rc != uid) - { - goto error_authenticate; + + if ( rc == -1 ) + { + goto error_authenticate; } - + + //Authorize the operation + if ( rc != 0 ) // rc == 0 means oneadmin + { + AuthRequest ar(rc); + + ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false); + + if (UserPool::authorize(ar) == -1) + { + goto error_authorize; + } + } + //Cancel the VM - dm->cancel(vid); - + // Send results to client - arrayData.push_back(xmlrpc_c::value_boolean(true)); - + arrayresult = new xmlrpc_c::value_array(arrayData); - + *retval = *arrayresult; - + delete arrayresult; - + return; error_authenticate: - oss << "User not authorized to cancel VM"; + oss << "Error in user authentication"; + goto error_common; + +error_authorize: + oss << "User not authorized to canel VM"; goto error_common; error_vm_get: - oss << "Error getting vm for cancelling with VID = " << vid; + oss << "Error getting vm for cancelling with VID = " << vid; goto error_common; error_common: - arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE arrayData.push_back(xmlrpc_c::value_string(oss.str())); - - Nebula::log("ReM",Log::ERROR,oss); - + + Nebula::log("ReM",Log::ERROR,oss); + xmlrpc_c::value_array arrayresult_error(arrayData); *retval = arrayresult_error; - + return; } diff --git a/src/rm/RequestManagerDeploy.cc b/src/rm/RequestManagerDeploy.cc index 8b49d42ed7..d31a5d9460 100644 --- a/src/rm/RequestManagerDeploy.cc +++ b/src/rm/RequestManagerDeploy.cc @@ -56,10 +56,7 @@ void RequestManager::VirtualMachineDeploy::execute( vid = xmlrpc_c::value_int(paramList.getInt(1)); hid = xmlrpc_c::value_int(paramList.getInt(2)); - //We also need the hsid - //Get host info to deploy the VM - host = VirtualMachineDeploy::hpool->get(hid,true); if ( host == 0 ) @@ -76,7 +73,6 @@ void RequestManager::VirtualMachineDeploy::execute( host->unlock(); //Get the VM - vm = VirtualMachineDeploy::vmpool->get(vid,true); if ( vm == 0 ) @@ -86,21 +82,34 @@ void RequestManager::VirtualMachineDeploy::execute( uid = vm->get_uid(); - // Only oneadmin or the VM owner can perform operations upon the VM - rc = VirtualMachineDeploy::upool->authenticate(session); - - if ( rc != 0 && rc != uid) - { - goto error_authenticate; - } - if ( vm->get_state() != VirtualMachine::PENDING ) { goto error_state; } - //Update host info and share usage (cpu,mem....) + //Authenticate the user + rc = VirtualMachineDeploy::upool->authenticate(session); + if ( rc == -1 ) + { + goto error_authenticate; + } + + //Authorize the operation + if ( rc != 0 ) // rc == 0 means oneadmin + { + AuthRequest ar(rc); + + ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false); + ar.add_auth(AuthRequest::HOST,hid,AuthRequest::USE,0,false); + + if (UserPool::authorize(ar) == -1) + { + goto error_authorize; + } + } + + //Update host info and share usage (cpu,mem....) vm->add_history(hid,hostname,vmdir,vmm_mad,tm_mad); rc = VirtualMachineDeploy::vmpool->update_history(vm); @@ -113,13 +122,11 @@ void RequestManager::VirtualMachineDeploy::execute( vmpool->update(vm); //Insert last_seq in the DB //Deploy the VM - dm->deploy(vm); vm->unlock(); // Send results to client - arrayData.push_back(xmlrpc_c::value_boolean(true)); arrayresult = new xmlrpc_c::value_array(arrayData); @@ -130,11 +137,6 @@ void RequestManager::VirtualMachineDeploy::execute( return; -error_authenticate: - vm->unlock(); - oss << "User not authorized to perform the deploy"; - goto error_common; - error_host_get: oss << "The host " << hid << " does not exists"; goto error_common; @@ -143,20 +145,26 @@ error_vm_get: oss << "The virtual machine " << vid << " does not exists"; goto error_common; -error_history: - vm->unlock(); - - oss << "Can not deploy VM " << vid << ", can not insert history"; - goto error_common; - error_state: - vm->unlock(); + oss << "Can not deploy VM, wrong state"; + goto error_common_lock; - oss << "Can not deploy VM " << vid << ", wrong state"; - goto error_common; +error_authenticate: + oss << "Error in user authentication"; + goto error_common_lock; + +error_authorize: + oss << "User not authorized to deploy VM on host"; + goto error_common_lock; + +error_history: + oss << "Can not insert history to deploy VM"; + goto error_common_lock; + +error_common_lock: + vm->unlock(); error_common: - arrayData.push_back(xmlrpc_c::value_boolean(false)); arrayData.push_back(xmlrpc_c::value_string(oss.str())); diff --git a/src/rm/RequestManagerInfo.cc b/src/rm/RequestManagerInfo.cc index 35574ad663..d53624efe8 100644 --- a/src/rm/RequestManagerInfo.cc +++ b/src/rm/RequestManagerInfo.cc @@ -23,10 +23,10 @@ void RequestManager::VirtualMachineInfo::execute( xmlrpc_c::paramList const& paramList, xmlrpc_c::value * const retval) -{ +{ string session; - int vid; + int vid, rc; VirtualMachine * vm; ostringstream oss; @@ -41,19 +41,27 @@ void RequestManager::VirtualMachineInfo::execute( session = xmlrpc_c::value_string(paramList.getString(0)); vid = xmlrpc_c::value_int (paramList.getInt(1)); - // Get the details of the virtual machine + // Check if it is a valid user + rc = VirtualMachineInfo::upool->authenticate(session); + + if ( rc == -1 ) + { + goto error_authenticate; + } + + // Get the details of the virtual machine vm = VirtualMachineInfo::vmpool->get(vid,true); - if ( vm == 0 ) - { - goto error_vm_get; + if ( vm == 0 ) + { + goto error_vm_get; } - + oss << *vm; - + vm->unlock(); - - // All nice, return the vm info to the client + + // All nice, return the vm info to the client arrayData.push_back(xmlrpc_c::value_boolean(true)); // SUCCESS arrayData.push_back(xmlrpc_c::value_string(oss.str())); @@ -65,21 +73,24 @@ void RequestManager::VirtualMachineInfo::execute( return; +error_authenticate: + oss << "Error in user authentication"; + goto error_common; + error_vm_get: - oss << "Error getting vm with VID = " << vid; + oss << "Error getting VM " << vid; goto error_common; error_common: - arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE arrayData.push_back(xmlrpc_c::value_string(oss.str())); - - NebulaLog::log("ReM",Log::ERROR,oss); - + + NebulaLog::log("ReM",Log::ERROR,oss); + xmlrpc_c::value_array arrayresult_error(arrayData); *retval = arrayresult_error; - + return; } diff --git a/src/rm/RequestManagerMigrate.cc b/src/rm/RequestManagerMigrate.cc index 5b60552dcd..11088a6ddd 100644 --- a/src/rm/RequestManagerMigrate.cc +++ b/src/rm/RequestManagerMigrate.cc @@ -52,14 +52,12 @@ void RequestManager::VirtualMachineMigrate::execute( NebulaLog::log("ReM",Log::DEBUG,"VirtualMachineMigrate invoked"); //Parse Arguments - session = xmlrpc_c::value_string(paramList.getString(0)); vid = xmlrpc_c::value_int(paramList.getInt(1)); hid = xmlrpc_c::value_int(paramList.getInt(2)); live = xmlrpc_c::value_boolean(paramList.getBoolean(3)); - //Get host info to deploy the VM - + //Get host info to migrate the VM host = VirtualMachineMigrate::hpool->get(hid,true); if ( host == 0 ) @@ -76,7 +74,6 @@ void RequestManager::VirtualMachineMigrate::execute( host->unlock(); //Get the VM and migrate it - vm = VirtualMachineMigrate::vmpool->get(vid,true); if ( vm == 0 ) @@ -89,11 +86,25 @@ void RequestManager::VirtualMachineMigrate::execute( // Only oneadmin or the VM owner can perform operations upon the VM rc = VirtualMachineMigrate::upool->authenticate(session); - if ( rc != 0 && rc != uid) + if ( rc == -1) { goto error_authenticate; } + //Authorize the operation + if ( rc != 0 ) // rc == 0 means oneadmin + { + AuthRequest ar(rc); + + ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false); + ar.add_auth(AuthRequest::HOST,hid,AuthRequest::USE,0,false); + + if (UserPool::authorize(ar) == -1) + { + goto error_authorize; + } + } + if ((vm->get_state() != VirtualMachine::ACTIVE) || (vm->get_lcm_state() != VirtualMachine::RUNNING)) { @@ -123,7 +134,6 @@ void RequestManager::VirtualMachineMigrate::execute( vm->unlock(); // Send results to client - arrayData.push_back(xmlrpc_c::value_boolean(true)); arrayresult = new xmlrpc_c::value_array(arrayData); @@ -134,10 +144,6 @@ void RequestManager::VirtualMachineMigrate::execute( return; -error_authenticate: - vm->unlock(); - oss << "User not authorized to perform migration upon this VM"; - goto error_common; error_host_get: oss << "The host " << hid << " does not exists"; @@ -147,20 +153,26 @@ error_vm_get: oss << "The virtual machine " << vid << " does not exists"; goto error_common; -error_history: - vm->unlock(); +error_authenticate: + oss << "Error in user authentication"; + goto error_common_lock; - oss << "Can not migrate VM " << vid << ", can not insert history"; - goto error_common; +error_authorize: + oss << "User not authorized to migrate VM on host"; + goto error_common_lock; + +error_history: + oss << "Can not insert history to migrate VM"; + goto error_common_lock; error_state: - vm->unlock(); + oss << "Can not migrate VM, wrong state"; + goto error_common_lock; - oss << "Can not migrate VM " << vid << ", wrong state"; - goto error_common; +error_common_lock: + vm->unlock(); error_common: - arrayData.push_back(xmlrpc_c::value_boolean(false)); arrayData.push_back(xmlrpc_c::value_string(oss.str())); diff --git a/src/rm/RequestManagerPoolInfo.cc b/src/rm/RequestManagerPoolInfo.cc index 7461ff9d39..6196da19c7 100644 --- a/src/rm/RequestManagerPoolInfo.cc +++ b/src/rm/RequestManagerPoolInfo.cc @@ -23,19 +23,17 @@ void RequestManager::VirtualMachinePoolInfo::execute( xmlrpc_c::paramList const& paramList, xmlrpc_c::value * const retval) -{ +{ string session; string username; string password; int filter_flag; int rc; - + ostringstream oss; ostringstream where_string; - User * user; - /* -- RPC specific vars -- */ vector arrayData; xmlrpc_c::value_array * arrayresult; @@ -54,43 +52,28 @@ void RequestManager::VirtualMachinePoolInfo::execute( goto error_authenticate; } - where_string.str(""); - - /** Filter flag meaning table + /* Filter flag meaning table * <=-2 :: ALL VMs * -1 :: User's VMs * >=0 :: UID User's VMs - **/ + */ if (filter_flag == -1) { - User::split_secret(session,username,password); - - // Now let's get the user - user = VirtualMachinePoolInfo::upool->get(username,true); - - if ( user == 0 ) - { - goto error_get_user; - } - - where_string << "UID=" << user->get_uid(); - - user->unlock(); + where_string << "UID=" << rc; } else if (filter_flag>=0) - { - where_string << "UID=" << filter_flag; - } + { + where_string << "UID=" << filter_flag; + } - // Perform the allocation in the vmpool rc = VirtualMachinePoolInfo::vmpool->dump(oss,where_string.str()); - + if ( rc != 0 ) - { + { goto error_dump; } - - // All nice, return the vm info to the client + + // All nice, return the vm info to the client arrayData.push_back(xmlrpc_c::value_boolean(true)); // SUCCESS arrayData.push_back(xmlrpc_c::value_string(oss.str())); @@ -103,11 +86,7 @@ void RequestManager::VirtualMachinePoolInfo::execute( return; error_authenticate: - oss << "User not authenticated, aborting RequestManagerPoolInfo call."; - goto error_common; - -error_get_user: - oss << "An error ocurred getting the user from the UserPool, aborting RequestManagerPoolInfo call"; + oss << "Error in user authentication"; goto error_common; error_dump: @@ -115,18 +94,17 @@ error_dump: goto error_common; error_common: - arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE arrayData.push_back(xmlrpc_c::value_string(oss.str())); - + NebulaLog::log("ReM",Log::ERROR,oss); - + xmlrpc_c::value_array arrayresult_error(arrayData); *retval = arrayresult_error; - + return; } /* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ \ No newline at end of file