From 51b7327d093b91e6e2ac50e8b78d256e4385b2f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= Date: Wed, 29 Jan 2014 18:15:06 +0100 Subject: [PATCH] Bug #1804, #2618: Create auth request uses the new object's target group --- include/AuthRequest.h | 17 ++++++++++------- src/rm/RequestManagerAllocate.cc | 6 +++--- src/rm/RequestManagerClone.cc | 2 +- src/rm/RequestManagerImage.cc | 2 +- src/rm/RequestManagerVMTemplate.cc | 3 ++- src/rm/RequestManagerVirtualMachine.cc | 2 +- 6 files changed, 18 insertions(+), 14 deletions(-) diff --git a/include/AuthRequest.h b/include/AuthRequest.h index 0185234208..8f5e542d19 100644 --- a/include/AuthRequest.h +++ b/include/AuthRequest.h @@ -85,18 +85,21 @@ public: * * OBJECT:<-1|OBJECT_TMPL_XML64>:CREATE:UID:AUTH * + * @param uid of the object owner + * @param gid of the object group * @param type of the object to be created * @param txml template of the new object */ - void add_create_auth(PoolObjectSQL::ObjectType type, const string& txml) - { - PoolObjectAuth perms; //oid & gid set to -1 + void add_create_auth(int uid, int gid, PoolObjectSQL::ObjectType type, const string& txml) + { + PoolObjectAuth perms; //oid & gid set to -1 - perms.uid = uid; - perms.obj_type = type; + perms.uid = uid; + perms.gid = gid; + perms.obj_type = type; - add_auth(AuthRequest::CREATE, perms, txml); - } + add_auth(AuthRequest::CREATE, perms, txml); + } /** * Adds a new authorization item to this request diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 2500be1ce0..cda816fbd2 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -41,7 +41,7 @@ bool RequestManagerAllocate::allocate_authorization( tmpl->to_xml(tmpl_str); } - ar.add_create_auth(auth_object, tmpl_str); + ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str); if ( cluster_perms->oid != ClusterPool::NONE_CLUSTER_ID ) { @@ -99,7 +99,7 @@ bool VirtualMachineAllocate::allocate_authorization( // ------------------ Authorize VM create operation ------------------------ - ar.add_create_auth(auth_object, tmpl->to_xml(t64)); + ar.add_create_auth(att.uid, att.gid, auth_object, tmpl->to_xml(t64)); VirtualMachine::set_auth_request(att.uid, ar, ttmpl); @@ -485,7 +485,7 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params, // ------------------ Check permissions and ACLs ---------------------- tmpl->to_xml(tmpl_str); - ar.add_create_auth(auth_object, tmpl_str); // CREATE IMAGE + ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str); // CREATE IMAGE ar.add_auth(AuthRequest::USE, ds_perms); // USE DATASTORE diff --git a/src/rm/RequestManagerClone.cc b/src/rm/RequestManagerClone.cc index 53603d3805..20d1ea6747 100644 --- a/src/rm/RequestManagerClone.cc +++ b/src/rm/RequestManagerClone.cc @@ -85,7 +85,7 @@ void RequestManagerClone::request_execute( tmpl->to_xml(tmpl_str); - ar.add_create_auth(auth_object, tmpl_str); + ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str); if (UserPool::authorize(ar) == -1) { diff --git a/src/rm/RequestManagerImage.cc b/src/rm/RequestManagerImage.cc index 39a50ccf58..69467d987f 100644 --- a/src/rm/RequestManagerImage.cc +++ b/src/rm/RequestManagerImage.cc @@ -364,7 +364,7 @@ void ImageClone::request_execute( tmpl->to_xml(tmpl_str); - ar.add_create_auth(auth_object, tmpl_str); // CREATE IMAGE + ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str); // CREATE IMAGE ar.add_auth(AuthRequest::USE, ds_perms); // USE DATASTORE diff --git a/src/rm/RequestManagerVMTemplate.cc b/src/rm/RequestManagerVMTemplate.cc index 3a24af050d..ce22fbebcc 100644 --- a/src/rm/RequestManagerVMTemplate.cc +++ b/src/rm/RequestManagerVMTemplate.cc @@ -187,7 +187,8 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList tmpl->to_xml(tmpl_str); - ar.add_create_auth(auth_object, tmpl_str); // CREATE TEMPLATE + // CREATE TEMPLATE + ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str); } VirtualMachine::set_auth_request(att.uid, ar, tmpl); diff --git a/src/rm/RequestManagerVirtualMachine.cc b/src/rm/RequestManagerVirtualMachine.cc index 53909ee225..1fa890768c 100644 --- a/src/rm/RequestManagerVirtualMachine.cc +++ b/src/rm/RequestManagerVirtualMachine.cc @@ -68,7 +68,7 @@ bool RequestManagerVirtualMachine::vm_authorization( { string t_xml; - ar.add_create_auth(PoolObjectSQL::IMAGE, tmpl->to_xml(t_xml)); + ar.add_create_auth(att.uid, att.gid, PoolObjectSQL::IMAGE, tmpl->to_xml(t_xml)); } if ( vtmpl != 0 )