1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00

feture-754: OpenNebula core sends information about the ACL authZ result to the driver. Improved formating of auth strings. Check trivial authZ requests.

This commit is contained in:
Ruben S. Montero 2011-07-27 11:27:16 +02:00
parent 22574704e4
commit 65606e7faf
5 changed files with 85 additions and 13 deletions

View File

@ -385,17 +385,26 @@ public:
/**
* Gets the authorization requests in a single string
* @return a space separated list of auth requests.
* @return a space separated list of auth requests, or an empty string if
* no auth requests were added
*/
string get_auths()
{
ostringstream oss;
unsigned int i;
for (unsigned int i=0; i<auths.size(); i++)
if ( auths.empty() )
{
return string();
}
for (i=0; i<auths.size()-1; i++)
{
oss << auths[i] << " ";
}
oss << auths[i];
return oss.str();
};

View File

@ -71,9 +71,11 @@ private:
* "AUTHORIZE OPERATION_ID USER_ID REQUEST1 REQUEST2..."
* @param oid an id to identify the request.
* @param uid the user id.
* @param requests space separated list of requests in the form OP:OBJ:ID
* @param requests space separated list of requests in the form OP:OB:ID
* @param acl is the authorization result using the ACL engine for
* this request
*/
void authorize(int oid, int uid, const string& requests) const;
void authorize(int oid, int uid, const string& requests, bool acl) const;
/**
* Sends an authorization request to the MAD:

View File

@ -285,7 +285,8 @@ void AuthManager::authorize_action(AuthRequest * ar)
if (authm_md == 0)
{
goto error_driver;
ar->message = "Could not find Authorization driver";
goto error;
}
// ------------------------------------------------------------------------
@ -300,15 +301,23 @@ void AuthManager::authorize_action(AuthRequest * ar)
auths = ar->get_auths();
authm_md->authorize(ar->id, ar->uid, auths);
if ( auths.empty() )
{
ar->message = "Empty authorization string";
goto error;
}
authm_md->authorize(ar->id, ar->uid, auths, ar->self_authorize);
return;
error_driver:
ar->result = false;
ar->message = "Could not find Authorization driver";
error:
ar->result = false;
ar->notify();
return;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

View File

@ -25,11 +25,14 @@
/* Driver ASCII Protocol Implementation */
/* ************************************************************************** */
void AuthManagerDriver::authorize(int oid, int uid, const string& reqs) const
void AuthManagerDriver::authorize(int oid,
int uid,
const string& reqs,
bool acl) const
{
ostringstream os;
os << "AUTHORIZE " << oid << " " << uid << " " << reqs << endl;
os << "AUTHORIZE " << oid << " " << uid << " " << reqs << " " << acl <<endl;
write(os);
}

View File

@ -182,7 +182,7 @@ public:
string astr = "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 "
"IMAGE:2:USE:3:0:0 "
"NET:4:DELETE:5:1:0 "
"HOST:6:MANAGE:7:1:0";
"HOST:6:MANAGE:7:1:0 0";
ar.add_auth(AuthRequest::VM,
"This is a template\n",
@ -214,7 +214,6 @@ public:
am->trigger(AuthManager::AUTHORIZE,&ar);
ar.wait();
/*
if ( ar.result != false )
{
@ -229,6 +228,56 @@ public:
//*/
CPPUNIT_ASSERT(ar.result==false);
CPPUNIT_ASSERT(ar.message==astr);
AuthRequest ar1(2, 2);
string astr1= "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 0";
ar1.add_auth(AuthRequest::VM,
"This is a template\n",
0,
AuthRequest::CREATE,
-1,
false);
am->trigger(AuthManager::AUTHORIZE,&ar1);
ar1.wait();
/*
if ( ar1.result != false )
{
cout << endl << "ar.result: " << ar1.result << endl;
}
if ( ar1.message != astr1 )
{
cout << endl << "ar.message: " << ar1.message;
cout << endl << "expected: " << astr1 << endl;
}
//*/
CPPUNIT_ASSERT(ar1.result==false);
CPPUNIT_ASSERT(ar1.message==astr1);
AuthRequest ar2(2, 2);
string astr2= "Empty authorization string";
am->trigger(AuthManager::AUTHORIZE,&ar2);
ar2.wait();
/*
if ( ar1.result != false )
{
cout << endl << "ar.result: " << ar1.result << endl;
}
if ( ar1.message != astr1 )
{
cout << endl << "ar.message: " << ar1.message;
cout << endl << "expected: " << astr1 << endl;
}
//*/
CPPUNIT_ASSERT(ar2.result==false);
CPPUNIT_ASSERT(ar2.message==astr2);
}