diff --git a/include/RequestManagerVirtualMachine.h b/include/RequestManagerVirtualMachine.h index 5fa189cac6..3a80d3a3e5 100644 --- a/include/RequestManagerVirtualMachine.h +++ b/include/RequestManagerVirtualMachine.h @@ -49,6 +49,7 @@ protected: virtual void request_execute(xmlrpc_c::paramList const& _paramList, RequestAttributes& att) = 0; + // Authorize the request, set failure_response message bool vm_authorization(int id, ImageTemplate * tmpl, VirtualMachineTemplate* vtmpl, @@ -57,16 +58,12 @@ protected: PoolObjectAuth * ds_perm, PoolObjectAuth * img_perm); + // Check user and group quotas. Do not set failure_response on failure bool quota_resize_authorization( Template * deltas, RequestAttributes& att, PoolObjectAuth& vm_perms); - bool quota_resize_authorization( - int oid, - Template * deltas, - RequestAttributes& att); - int get_host_information( int hid, string& name, diff --git a/src/rm/RequestManagerVirtualMachine.cc b/src/rm/RequestManagerVirtualMachine.cc index edf5db4efe..8a8135a064 100644 --- a/src/rm/RequestManagerVirtualMachine.cc +++ b/src/rm/RequestManagerVirtualMachine.cc @@ -99,32 +99,6 @@ bool RequestManagerVirtualMachine::vm_authorization( /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -bool RequestManagerVirtualMachine::quota_resize_authorization( - int oid, - Template * deltas, - RequestAttributes& att) -{ - PoolObjectAuth vm_perms; - VirtualMachine * vm = Nebula::instance().get_vmpool()->get_ro(oid); - - if (vm == nullptr) - { - att.resp_obj = PoolObjectSQL::VM; - att.resp_id = oid; - failure_response(NO_EXISTS, att); - return false; - } - - vm->get_permissions(vm_perms); - - vm->unlock(); - - return quota_resize_authorization(deltas, att, vm_perms); -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - bool RequestManagerVirtualMachine::quota_resize_authorization( Template * deltas, RequestAttributes& att, @@ -156,8 +130,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization( att.resp_msg = oss.str(); - failure_response(AUTHORIZATION, att); - user->unlock(); return false; @@ -187,8 +159,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization( att.resp_msg = oss.str(); - failure_response(AUTHORIZATION, att); - group->unlock(); quota_rollback(deltas, Quotas::VM, att_tmp); @@ -1904,6 +1874,7 @@ void VirtualMachineAttach::request_execute( { failure_response(ec, att); } + } /* -------------------------------------------------------------------------- */ @@ -1914,19 +1885,37 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id, { Nebula& nd = Nebula::instance(); DispatchManager * dm = nd.get_dm(); + VirtualMachinePool * vmpool = nd.get_vmpool(); PoolObjectAuth vm_perms; - VirtualMachine * vm; - - int rc; bool volatile_disk; // ------------------------------------------------------------------------- // Authorize the operation & check quotas // ------------------------------------------------------------------------- - if (vm_authorization(id, 0, &tmpl, att, 0, 0, 0) == false) + if (auto vm = vmpool->get_ro(id)) { + vm->get_permissions(vm_perms); + + vm->unlock(); + } + else + { + att.resp_id = id; + att.resp_obj = PoolObjectSQL::VM; + return NO_EXISTS; + } + + AuthRequest ar(att.uid, att.group_ids); + + ar.add_auth(AuthRequest::MANAGE, vm_perms); + + VirtualMachine::set_auth_request(att.uid, ar, &tmpl, true); + + if (UserPool::authorize(ar) == -1) + { + att.resp_msg = ar.message; return AUTHORIZATION; } @@ -1941,17 +1930,19 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id, } } - if ((vm = get_vm(id, att)) == nullptr) + if ( auto vm = vmpool->get(id) ) { + volatile_disk = set_volatile_disk_info(vm, vm->get_ds_id(), tmpl); + + vm->unlock(); + } + else + { + att.resp_id = id; + att.resp_obj = PoolObjectSQL::VM; return NO_EXISTS; } - vm->get_permissions(vm_perms); - - volatile_disk = set_volatile_disk_info(vm, vm->get_ds_id(), tmpl); - - vm->unlock(); - RequestAttributes att_quota(vm_perms.uid, vm_perms.gid, att); VirtualMachineTemplate deltas(tmpl); @@ -1959,23 +1950,22 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id, deltas.add("VMS", 0); - if (quota_resize_authorization(id, &deltas, att_quota) == false) + if (quota_resize_authorization(&deltas, att_quota, vm_perms) == false) { + att.resp_msg = std::move(att_quota.resp_msg); return AUTHORIZATION; } if (volatile_disk == false) { - if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota) == false ) + if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota, att.resp_msg) == false ) { quota_rollback(&deltas, Quotas::VM, att_quota); return AUTHORIZATION; } } - rc = dm->attach(id, &tmpl, att, att.resp_msg); - - if ( rc != 0 ) + if ( dm->attach(id, &tmpl, att, att.resp_msg) != 0 ) { quota_rollback(&deltas, Quotas::VM, att_quota); @@ -2232,6 +2222,7 @@ void VirtualMachineResize::request_execute(xmlrpc_c::paramList const& paramList, if (quota_resize_authorization(&deltas, att, vm_perms) == false) { + failure_response(AUTHORIZATION, att); return; } @@ -2896,7 +2887,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute( if ( !vm_deltas.empty() ) { - if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota)) + if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms)) { if ( img_ds_quota ) { @@ -2908,6 +2899,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute( quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota); } + failure_response(AUTHORIZATION, vm_att_quota); return; } } @@ -3408,7 +3400,7 @@ void VirtualMachineDiskResize::request_execute( if ( !vm_deltas.empty() ) { - if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota)) + if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms)) { if ( img_ds_quota ) { @@ -3420,6 +3412,7 @@ void VirtualMachineDiskResize::request_execute( quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota); } + failure_response(AUTHORIZATION, vm_att_quota); return; } }