shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00
Code Releases Wiki Activity

Feature #940: Add restricted attributes for Images

Browse Source
This commit is contained in:
Carlos Martín 2012-01-20 17:45:14 +01:00
parent cfb7ed5691
commit 5bd2e8fa54
7 changed files with 108 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/ImageTemplate.h
View File

@ -30,6 +30,20 @@ public:
ImageTemplate() : Template(true,'=',"TEMPLATE"){}; ImageTemplate() : Template(true,'=',"TEMPLATE"){};
~ImageTemplate(){}; ~ImageTemplate(){};
/**
* Checks the template for RESTRICTED ATTRIBUTES
* @param rs_attr the first restricted attribute found if any
* @return true if a restricted attribute is found in the template
*/
bool check(string& rs_attr)
{
vector<string> restricted_attributes;
restricted_attributes.push_back("SOURCE");
return Template::check(rs_attr, restricted_attributes);
};
}; };
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

7
include/Template.h
View File

@ -221,6 +221,13 @@ protected:
*/ */
Attribute* vector_xml_att(const xmlNode * node); Attribute* vector_xml_att(const xmlNode * node);
/**
* Checks the template for RESTRICTED ATTRIBUTES
* @param rs_attr the first restricted attribute found if any
* @return true if a restricted attribute is found in the template
*/
bool check(string& rs_attr, const vector<string> &restricted_attributes);
private: private:
bool replace_mode; bool replace_mode;

22
include/VirtualMachineTemplate.h
View File

@ -41,20 +41,18 @@ public:
* @param rs_attr the first restricted attribute found if any * @param rs_attr the first restricted attribute found if any
* @return true if a restricted attribute is found in the template * @return true if a restricted attribute is found in the template
*/ */
bool check(string& rs_attr); bool check(string& rs_attr)
{
vector<string> restricted_attributes;
private: restricted_attributes.push_back("CONTEXT/FILES");
/** restricted_attributes.push_back("DISK/SOURCE");
* Number of restricted attributes restricted_attributes.push_back("NIC/MAC");
*/ restricted_attributes.push_back("NIC/VLAN_ID");
const static int RS_ATTRS_LENGTH; restricted_attributes.push_back("RANK");
/** return Template::check(rs_attr, restricted_attributes);
* Restricted template attributes in the form };
* 'SINGLE' or 'VECTOR/ATTR'. Restricted attributes are only
* allowed for ONE_ADMIN Group.
*/
const static string RESTRICTED_ATTRIBUTES[];
friend class VirtualMachine; friend class VirtualMachine;
}; };

22
src/image/Image.cc
View File

@ -93,6 +93,23 @@ int Image::insert(SqlDB *db, string& error_str)
string persistent_attr; string persistent_attr;
string dev_prefix; string dev_prefix;
string source_attr; string source_attr;
string aname;
ostringstream oss;
// ------------------------------------------------------------------------
// Check template for restricted attributes
// ------------------------------------------------------------------------
if ( uid != 0 && gid != GroupPool::ONEADMIN_ID )
{
ImageTemplate *img_template = static_cast<ImageTemplate *>(obj_template);
if (img_template->check(aname))
{
goto error_restricted;
}
}
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
// Check default image attributes // Check default image attributes
@ -204,6 +221,11 @@ error_path_and_source:
error_str = "Template malformed, PATH and SOURCE are mutually exclusive."; error_str = "Template malformed, PATH and SOURCE are mutually exclusive.";
goto error_common; goto error_common;
error_restricted:
oss << "Template includes a restricted attribute " << aname << ".";
error_str = oss.str();
goto error_common;
error_common: error_common:
NebulaLog::log("IMG", Log::ERROR, error_str); NebulaLog::log("IMG", Log::ERROR, error_str);
return -1; return -1;

54
src/template/Template.cc
View File

@ -533,3 +533,57 @@ void Template::rebuild_attributes(const xmlNode * root_element)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
bool Template::check(string& rs_attr, const vector<string> &restricted_attributes)
{
size_t pos;
string avector, vattr;
vector<const Attribute *> values;
for (uint i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
const VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<const VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
rs_attr = restricted_attributes[i];
return true;
}
}
}
}
else //Single Attribute
{
if (get(avector,values) > 0 )
{
rs_attr = restricted_attributes[i];
return true;
}
}
}
return false;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

3
src/vm/SConstruct
View File

@ -40,8 +40,7 @@ source_files=[
'vm_var_parser.c', 'vm_var_parser.c',
'vm_var_syntax.cc', 'vm_var_syntax.cc',
'VirtualMachinePool.cc', 'VirtualMachinePool.cc',
'VirtualMachineHook.cc', 'VirtualMachineHook.cc'
'VirtualMachineTemplate.cc'
] ]
# Build library # Build library

86
src/vm/VirtualMachineTemplate.cc
View File

@ -1,86 +0,0 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include "VirtualMachineTemplate.h"
#include <vector>
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
const string VirtualMachineTemplate::RESTRICTED_ATTRIBUTES[] = {
"CONTEXT/FILES",
"DISK/SOURCE",
"NIC/MAC",
"NIC/VLAN_ID",
"RANK"
};
const int VirtualMachineTemplate::RS_ATTRS_LENGTH = 3;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool VirtualMachineTemplate::check(string& rs_attr)
{
size_t pos;
string avector, vattr;
vector<const Attribute *> values;
for (int i=0; i < RS_ATTRS_LENGTH ;i++)
{
pos = RESTRICTED_ATTRIBUTES[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = RESTRICTED_ATTRIBUTES[i].substr(0,pos);
vattr = RESTRICTED_ATTRIBUTES[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
const VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<const VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
rs_attr = RESTRICTED_ATTRIBUTES[i];
return true;
}
}
}
}
else //Single Attribute
{
if (get(avector,values) > 0 )
{
rs_attr = RESTRICTED_ATTRIBUTES[i];
return true;
}
}
}
return false;
}