B #3610: Fix failure response for disk-attach (#1352) (#2127)

(cherry picked from commit d4f5a8bdf63f5168f6aa68f61313bb82bd9f5ba1)
2025-03-22 18:50:08 +03:00 · 2022-06-03 09:16:15 +02:00 · 2022-06-03 09:16:15 +02:00 · 46d6624599
commit 46d6624599
parent f3f1803d7a
2 changed files with 43 additions and 53 deletions
--- a/include/RequestManagerVirtualMachine.h
+++ b/include/RequestManagerVirtualMachine.h
@ -49,6 +49,7 @@ protected:
    virtual void request_execute(xmlrpc_c::paramList const& _paramList,
            RequestAttributes& att) = 0;

+    // Authorize the request, set failure_response message
    bool vm_authorization(int id,
                          ImageTemplate *         tmpl,
                          VirtualMachineTemplate* vtmpl,
@ -57,16 +58,12 @@ protected:
                          PoolObjectAuth *        ds_perm,
                          PoolObjectAuth *        img_perm);

+    // Check user and group quotas. Do not set failure_response on failure
    bool quota_resize_authorization(
            Template *          deltas,
            RequestAttributes&  att,
            PoolObjectAuth&     vm_perms);

-    bool quota_resize_authorization(
-            int                 oid,
-            Template *          deltas,
-            RequestAttributes&  att);
-
    int get_host_information(
        int     hid,
        string& name,
--- a/src/rm/RequestManagerVirtualMachine.cc
+++ b/src/rm/RequestManagerVirtualMachine.cc
@ -99,32 +99,6 @@ bool RequestManagerVirtualMachine::vm_authorization(
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

-bool RequestManagerVirtualMachine::quota_resize_authorization(
-        int                 oid,
-        Template *          deltas,
-        RequestAttributes&  att)
-{
-    PoolObjectAuth      vm_perms;
-    VirtualMachine *    vm = Nebula::instance().get_vmpool()->get_ro(oid);
-
-    if (vm == nullptr)
-    {
-        att.resp_obj = PoolObjectSQL::VM;
-        att.resp_id  = oid;
-        failure_response(NO_EXISTS, att);
-        return false;
-    }
-
-    vm->get_permissions(vm_perms);
-
-    vm->unlock();
-
-    return quota_resize_authorization(deltas, att, vm_perms);
-}
-
-/* -------------------------------------------------------------------------- */
-/* -------------------------------------------------------------------------- */
-
 bool RequestManagerVirtualMachine::quota_resize_authorization(
        Template *          deltas,
        RequestAttributes&  att,
@ -156,8 +130,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization(

                att.resp_msg = oss.str();

-                failure_response(AUTHORIZATION, att);
-
                user->unlock();

                return false;
@ -187,8 +159,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization(

                att.resp_msg = oss.str();

-                failure_response(AUTHORIZATION, att);
-
                group->unlock();

                quota_rollback(deltas, Quotas::VM, att_tmp);
@ -1904,6 +1874,7 @@ void VirtualMachineAttach::request_execute(
    {
        failure_response(ec, att);
    }
+
 }

 /* -------------------------------------------------------------------------- */
@ -1914,19 +1885,37 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id,
 {
    Nebula&           nd = Nebula::instance();
    DispatchManager * dm = nd.get_dm();
+    VirtualMachinePool * vmpool = nd.get_vmpool();

    PoolObjectAuth         vm_perms;

-    VirtualMachine *     vm;
-
-    int    rc;
    bool   volatile_disk;

    // -------------------------------------------------------------------------
    // Authorize the operation & check quotas
    // -------------------------------------------------------------------------
-    if (vm_authorization(id, 0, &tmpl, att, 0, 0, 0) == false)
+    if (auto vm = vmpool->get_ro(id))
    {
+        vm->get_permissions(vm_perms);
+
+        vm->unlock();
+    }
+    else
+    {
+        att.resp_id  = id;
+        att.resp_obj = PoolObjectSQL::VM;
+        return NO_EXISTS;
+    }
+
+    AuthRequest ar(att.uid, att.group_ids);
+
+    ar.add_auth(AuthRequest::MANAGE, vm_perms);
+
+    VirtualMachine::set_auth_request(att.uid, ar, &tmpl, true);
+
+    if (UserPool::authorize(ar) == -1)
+    {
+        att.resp_msg = ar.message;
        return AUTHORIZATION;
    }

@ -1941,17 +1930,19 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id,
        }
    }

-    if ((vm = get_vm(id, att)) == nullptr)
+    if ( auto vm = vmpool->get(id) )
    {
+        volatile_disk = set_volatile_disk_info(vm, vm->get_ds_id(), tmpl);
+
+        vm->unlock();
+    }
+    else
+    {
+        att.resp_id  = id;
+        att.resp_obj = PoolObjectSQL::VM;
        return NO_EXISTS;
    }

-    vm->get_permissions(vm_perms);
-
-    volatile_disk = set_volatile_disk_info(vm, vm->get_ds_id(), tmpl);
-
-    vm->unlock();
-
    RequestAttributes att_quota(vm_perms.uid, vm_perms.gid, att);

    VirtualMachineTemplate deltas(tmpl);
@ -1959,23 +1950,22 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id,

    deltas.add("VMS", 0);

-    if (quota_resize_authorization(id, &deltas, att_quota) == false)
+    if (quota_resize_authorization(&deltas, att_quota, vm_perms) == false)
    {
+        att.resp_msg = std::move(att_quota.resp_msg);
        return AUTHORIZATION;
    }

    if (volatile_disk == false)
    {
-        if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota) == false )
+        if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota, att.resp_msg) == false )
        {
            quota_rollback(&deltas, Quotas::VM, att_quota);
            return AUTHORIZATION;
        }
    }

-    rc = dm->attach(id, &tmpl, att, att.resp_msg);
-
-    if ( rc != 0 )
+    if ( dm->attach(id, &tmpl, att, att.resp_msg) != 0 )
    {
        quota_rollback(&deltas, Quotas::VM, att_quota);

@ -2232,6 +2222,7 @@ void VirtualMachineResize::request_execute(xmlrpc_c::paramList const& paramList,

    if (quota_resize_authorization(&deltas, att, vm_perms) == false)
    {
+        failure_response(AUTHORIZATION, att);
        return;
    }

@ -2896,7 +2887,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute(

    if ( !vm_deltas.empty() )
    {
-        if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota))
+        if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms))
        {
            if ( img_ds_quota )
            {
@ -2908,6 +2899,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute(
                quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota);
            }

+            failure_response(AUTHORIZATION, vm_att_quota);
            return;
        }
    }
@ -3408,7 +3400,7 @@ void VirtualMachineDiskResize::request_execute(

    if ( !vm_deltas.empty() )
    {
-        if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota))
+        if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms))
        {
            if ( img_ds_quota )
            {
@ -3420,6 +3412,7 @@ void VirtualMachineDiskResize::request_execute(
                quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota);
            }

+            failure_response(AUTHORIZATION, vm_att_quota);
            return;
        }
    }