mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-22 13:33:52 +03:00
Feature #940: Add restricted attributes for Images
This commit is contained in:
parent
cfb7ed5691
commit
5bd2e8fa54
@ -30,6 +30,20 @@ public:
|
||||
ImageTemplate() : Template(true,'=',"TEMPLATE"){};
|
||||
|
||||
~ImageTemplate(){};
|
||||
|
||||
/**
|
||||
* Checks the template for RESTRICTED ATTRIBUTES
|
||||
* @param rs_attr the first restricted attribute found if any
|
||||
* @return true if a restricted attribute is found in the template
|
||||
*/
|
||||
bool check(string& rs_attr)
|
||||
{
|
||||
vector<string> restricted_attributes;
|
||||
|
||||
restricted_attributes.push_back("SOURCE");
|
||||
|
||||
return Template::check(rs_attr, restricted_attributes);
|
||||
};
|
||||
};
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
@ -221,6 +221,13 @@ protected:
|
||||
*/
|
||||
Attribute* vector_xml_att(const xmlNode * node);
|
||||
|
||||
/**
|
||||
* Checks the template for RESTRICTED ATTRIBUTES
|
||||
* @param rs_attr the first restricted attribute found if any
|
||||
* @return true if a restricted attribute is found in the template
|
||||
*/
|
||||
bool check(string& rs_attr, const vector<string> &restricted_attributes);
|
||||
|
||||
private:
|
||||
|
||||
bool replace_mode;
|
||||
|
@ -41,20 +41,18 @@ public:
|
||||
* @param rs_attr the first restricted attribute found if any
|
||||
* @return true if a restricted attribute is found in the template
|
||||
*/
|
||||
bool check(string& rs_attr);
|
||||
bool check(string& rs_attr)
|
||||
{
|
||||
vector<string> restricted_attributes;
|
||||
|
||||
private:
|
||||
/**
|
||||
* Number of restricted attributes
|
||||
*/
|
||||
const static int RS_ATTRS_LENGTH;
|
||||
restricted_attributes.push_back("CONTEXT/FILES");
|
||||
restricted_attributes.push_back("DISK/SOURCE");
|
||||
restricted_attributes.push_back("NIC/MAC");
|
||||
restricted_attributes.push_back("NIC/VLAN_ID");
|
||||
restricted_attributes.push_back("RANK");
|
||||
|
||||
/**
|
||||
* Restricted template attributes in the form
|
||||
* 'SINGLE' or 'VECTOR/ATTR'. Restricted attributes are only
|
||||
* allowed for ONE_ADMIN Group.
|
||||
*/
|
||||
const static string RESTRICTED_ATTRIBUTES[];
|
||||
return Template::check(rs_attr, restricted_attributes);
|
||||
};
|
||||
|
||||
friend class VirtualMachine;
|
||||
};
|
||||
|
@ -93,6 +93,23 @@ int Image::insert(SqlDB *db, string& error_str)
|
||||
string persistent_attr;
|
||||
string dev_prefix;
|
||||
string source_attr;
|
||||
string aname;
|
||||
|
||||
ostringstream oss;
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
// Check template for restricted attributes
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if ( uid != 0 && gid != GroupPool::ONEADMIN_ID )
|
||||
{
|
||||
ImageTemplate *img_template = static_cast<ImageTemplate *>(obj_template);
|
||||
|
||||
if (img_template->check(aname))
|
||||
{
|
||||
goto error_restricted;
|
||||
}
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------
|
||||
// Check default image attributes
|
||||
@ -204,6 +221,11 @@ error_path_and_source:
|
||||
error_str = "Template malformed, PATH and SOURCE are mutually exclusive.";
|
||||
goto error_common;
|
||||
|
||||
error_restricted:
|
||||
oss << "Template includes a restricted attribute " << aname << ".";
|
||||
error_str = oss.str();
|
||||
goto error_common;
|
||||
|
||||
error_common:
|
||||
NebulaLog::log("IMG", Log::ERROR, error_str);
|
||||
return -1;
|
||||
|
@ -533,3 +533,57 @@ void Template::rebuild_attributes(const xmlNode * root_element)
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool Template::check(string& rs_attr, const vector<string> &restricted_attributes)
|
||||
{
|
||||
size_t pos;
|
||||
string avector, vattr;
|
||||
vector<const Attribute *> values;
|
||||
|
||||
for (uint i=0; i < restricted_attributes.size(); i++)
|
||||
{
|
||||
pos = restricted_attributes[i].find("/");
|
||||
|
||||
if (pos != string::npos) //Vector Attribute
|
||||
{
|
||||
int num;
|
||||
|
||||
avector = restricted_attributes[i].substr(0,pos);
|
||||
vattr = restricted_attributes[i].substr(pos+1);
|
||||
|
||||
if ((num = get(avector,values)) > 0 ) //Template contains the attr
|
||||
{
|
||||
const VectorAttribute * attr;
|
||||
|
||||
for (int j=0; j<num ; j++ )
|
||||
{
|
||||
attr = dynamic_cast<const VectorAttribute *>(values[j]);
|
||||
|
||||
if (attr == 0)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if ( !attr->vector_value(vattr.c_str()).empty() )
|
||||
{
|
||||
rs_attr = restricted_attributes[i];
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else //Single Attribute
|
||||
{
|
||||
if (get(avector,values) > 0 )
|
||||
{
|
||||
rs_attr = restricted_attributes[i];
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
|
@ -40,8 +40,7 @@ source_files=[
|
||||
'vm_var_parser.c',
|
||||
'vm_var_syntax.cc',
|
||||
'VirtualMachinePool.cc',
|
||||
'VirtualMachineHook.cc',
|
||||
'VirtualMachineTemplate.cc'
|
||||
'VirtualMachineHook.cc'
|
||||
]
|
||||
|
||||
# Build library
|
||||
|
@ -1,86 +0,0 @@
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) */
|
||||
/* */
|
||||
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
|
||||
/* not use this file except in compliance with the License. You may obtain */
|
||||
/* a copy of the License at */
|
||||
/* */
|
||||
/* http://www.apache.org/licenses/LICENSE-2.0 */
|
||||
/* */
|
||||
/* Unless required by applicable law or agreed to in writing, software */
|
||||
/* distributed under the License is distributed on an "AS IS" BASIS, */
|
||||
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
|
||||
/* See the License for the specific language governing permissions and */
|
||||
/* limitations under the License. */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
#include "VirtualMachineTemplate.h"
|
||||
#include <vector>
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
const string VirtualMachineTemplate::RESTRICTED_ATTRIBUTES[] = {
|
||||
"CONTEXT/FILES",
|
||||
"DISK/SOURCE",
|
||||
"NIC/MAC",
|
||||
"NIC/VLAN_ID",
|
||||
"RANK"
|
||||
};
|
||||
|
||||
const int VirtualMachineTemplate::RS_ATTRS_LENGTH = 3;
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool VirtualMachineTemplate::check(string& rs_attr)
|
||||
{
|
||||
size_t pos;
|
||||
string avector, vattr;
|
||||
vector<const Attribute *> values;
|
||||
|
||||
for (int i=0; i < RS_ATTRS_LENGTH ;i++)
|
||||
{
|
||||
pos = RESTRICTED_ATTRIBUTES[i].find("/");
|
||||
|
||||
if (pos != string::npos) //Vector Attribute
|
||||
{
|
||||
int num;
|
||||
|
||||
avector = RESTRICTED_ATTRIBUTES[i].substr(0,pos);
|
||||
vattr = RESTRICTED_ATTRIBUTES[i].substr(pos+1);
|
||||
|
||||
if ((num = get(avector,values)) > 0 ) //Template contains the attr
|
||||
{
|
||||
const VectorAttribute * attr;
|
||||
|
||||
for (int j=0; j<num ; j++ )
|
||||
{
|
||||
attr = dynamic_cast<const VectorAttribute *>(values[j]);
|
||||
|
||||
if (attr == 0)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if ( !attr->vector_value(vattr.c_str()).empty() )
|
||||
{
|
||||
rs_attr = RESTRICTED_ATTRIBUTES[i];
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
else //Single Attribute
|
||||
{
|
||||
if (get(avector,values) > 0 )
|
||||
{
|
||||
rs_attr = RESTRICTED_ATTRIBUTES[i];
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
Loading…
Reference in New Issue
Block a user