mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
feture-754: OpenNebula core sends information about the ACL authZ result to the driver. Improved formating of auth strings. Check trivial authZ requests.
This commit is contained in:
parent
22574704e4
commit
65606e7faf
@ -385,17 +385,26 @@ public:
|
||||
|
||||
/**
|
||||
* Gets the authorization requests in a single string
|
||||
* @return a space separated list of auth requests.
|
||||
* @return a space separated list of auth requests, or an empty string if
|
||||
* no auth requests were added
|
||||
*/
|
||||
string get_auths()
|
||||
{
|
||||
ostringstream oss;
|
||||
unsigned int i;
|
||||
|
||||
for (unsigned int i=0; i<auths.size(); i++)
|
||||
if ( auths.empty() )
|
||||
{
|
||||
return string();
|
||||
}
|
||||
|
||||
for (i=0; i<auths.size()-1; i++)
|
||||
{
|
||||
oss << auths[i] << " ";
|
||||
}
|
||||
|
||||
oss << auths[i];
|
||||
|
||||
return oss.str();
|
||||
};
|
||||
|
||||
|
@ -71,9 +71,11 @@ private:
|
||||
* "AUTHORIZE OPERATION_ID USER_ID REQUEST1 REQUEST2..."
|
||||
* @param oid an id to identify the request.
|
||||
* @param uid the user id.
|
||||
* @param requests space separated list of requests in the form OP:OBJ:ID
|
||||
* @param requests space separated list of requests in the form OP:OB:ID
|
||||
* @param acl is the authorization result using the ACL engine for
|
||||
* this request
|
||||
*/
|
||||
void authorize(int oid, int uid, const string& requests) const;
|
||||
void authorize(int oid, int uid, const string& requests, bool acl) const;
|
||||
|
||||
/**
|
||||
* Sends an authorization request to the MAD:
|
||||
|
@ -285,7 +285,8 @@ void AuthManager::authorize_action(AuthRequest * ar)
|
||||
|
||||
if (authm_md == 0)
|
||||
{
|
||||
goto error_driver;
|
||||
ar->message = "Could not find Authorization driver";
|
||||
goto error;
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
@ -300,15 +301,23 @@ void AuthManager::authorize_action(AuthRequest * ar)
|
||||
|
||||
auths = ar->get_auths();
|
||||
|
||||
authm_md->authorize(ar->id, ar->uid, auths);
|
||||
if ( auths.empty() )
|
||||
{
|
||||
ar->message = "Empty authorization string";
|
||||
goto error;
|
||||
}
|
||||
|
||||
authm_md->authorize(ar->id, ar->uid, auths, ar->self_authorize);
|
||||
|
||||
return;
|
||||
|
||||
error_driver:
|
||||
ar->result = false;
|
||||
ar->message = "Could not find Authorization driver";
|
||||
error:
|
||||
ar->result = false;
|
||||
ar->notify();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
|
@ -25,11 +25,14 @@
|
||||
/* Driver ASCII Protocol Implementation */
|
||||
/* ************************************************************************** */
|
||||
|
||||
void AuthManagerDriver::authorize(int oid, int uid, const string& reqs) const
|
||||
void AuthManagerDriver::authorize(int oid,
|
||||
int uid,
|
||||
const string& reqs,
|
||||
bool acl) const
|
||||
{
|
||||
ostringstream os;
|
||||
|
||||
os << "AUTHORIZE " << oid << " " << uid << " " << reqs << endl;
|
||||
os << "AUTHORIZE " << oid << " " << uid << " " << reqs << " " << acl <<endl;
|
||||
|
||||
write(os);
|
||||
}
|
||||
|
@ -182,7 +182,7 @@ public:
|
||||
string astr = "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 "
|
||||
"IMAGE:2:USE:3:0:0 "
|
||||
"NET:4:DELETE:5:1:0 "
|
||||
"HOST:6:MANAGE:7:1:0";
|
||||
"HOST:6:MANAGE:7:1:0 0";
|
||||
|
||||
ar.add_auth(AuthRequest::VM,
|
||||
"This is a template\n",
|
||||
@ -214,7 +214,6 @@ public:
|
||||
|
||||
am->trigger(AuthManager::AUTHORIZE,&ar);
|
||||
ar.wait();
|
||||
|
||||
/*
|
||||
if ( ar.result != false )
|
||||
{
|
||||
@ -229,6 +228,56 @@ public:
|
||||
//*/
|
||||
CPPUNIT_ASSERT(ar.result==false);
|
||||
CPPUNIT_ASSERT(ar.message==astr);
|
||||
|
||||
AuthRequest ar1(2, 2);
|
||||
|
||||
string astr1= "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 0";
|
||||
|
||||
ar1.add_auth(AuthRequest::VM,
|
||||
"This is a template\n",
|
||||
0,
|
||||
AuthRequest::CREATE,
|
||||
-1,
|
||||
false);
|
||||
|
||||
am->trigger(AuthManager::AUTHORIZE,&ar1);
|
||||
ar1.wait();
|
||||
/*
|
||||
if ( ar1.result != false )
|
||||
{
|
||||
cout << endl << "ar.result: " << ar1.result << endl;
|
||||
}
|
||||
|
||||
if ( ar1.message != astr1 )
|
||||
{
|
||||
cout << endl << "ar.message: " << ar1.message;
|
||||
cout << endl << "expected: " << astr1 << endl;
|
||||
}
|
||||
//*/
|
||||
CPPUNIT_ASSERT(ar1.result==false);
|
||||
CPPUNIT_ASSERT(ar1.message==astr1);
|
||||
|
||||
AuthRequest ar2(2, 2);
|
||||
|
||||
string astr2= "Empty authorization string";
|
||||
|
||||
|
||||
am->trigger(AuthManager::AUTHORIZE,&ar2);
|
||||
ar2.wait();
|
||||
/*
|
||||
if ( ar1.result != false )
|
||||
{
|
||||
cout << endl << "ar.result: " << ar1.result << endl;
|
||||
}
|
||||
|
||||
if ( ar1.message != astr1 )
|
||||
{
|
||||
cout << endl << "ar.message: " << ar1.message;
|
||||
cout << endl << "expected: " << astr1 << endl;
|
||||
}
|
||||
//*/
|
||||
CPPUNIT_ASSERT(ar2.result==false);
|
||||
CPPUNIT_ASSERT(ar2.message==astr2);
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user