1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00

feture-754: OpenNebula core sends information about the ACL authZ result to the driver. Improved formating of auth strings. Check trivial authZ requests.

This commit is contained in:
Ruben S. Montero 2011-07-27 11:27:16 +02:00
parent 22574704e4
commit 65606e7faf
5 changed files with 85 additions and 13 deletions

View File

@ -385,17 +385,26 @@ public:
/** /**
* Gets the authorization requests in a single string * Gets the authorization requests in a single string
* @return a space separated list of auth requests. * @return a space separated list of auth requests, or an empty string if
* no auth requests were added
*/ */
string get_auths() string get_auths()
{ {
ostringstream oss; ostringstream oss;
unsigned int i;
for (unsigned int i=0; i<auths.size(); i++) if ( auths.empty() )
{
return string();
}
for (i=0; i<auths.size()-1; i++)
{ {
oss << auths[i] << " "; oss << auths[i] << " ";
} }
oss << auths[i];
return oss.str(); return oss.str();
}; };

View File

@ -71,9 +71,11 @@ private:
* "AUTHORIZE OPERATION_ID USER_ID REQUEST1 REQUEST2..." * "AUTHORIZE OPERATION_ID USER_ID REQUEST1 REQUEST2..."
* @param oid an id to identify the request. * @param oid an id to identify the request.
* @param uid the user id. * @param uid the user id.
* @param requests space separated list of requests in the form OP:OBJ:ID * @param requests space separated list of requests in the form OP:OB:ID
* @param acl is the authorization result using the ACL engine for
* this request
*/ */
void authorize(int oid, int uid, const string& requests) const; void authorize(int oid, int uid, const string& requests, bool acl) const;
/** /**
* Sends an authorization request to the MAD: * Sends an authorization request to the MAD:

View File

@ -285,7 +285,8 @@ void AuthManager::authorize_action(AuthRequest * ar)
if (authm_md == 0) if (authm_md == 0)
{ {
goto error_driver; ar->message = "Could not find Authorization driver";
goto error;
} }
// ------------------------------------------------------------------------ // ------------------------------------------------------------------------
@ -300,15 +301,23 @@ void AuthManager::authorize_action(AuthRequest * ar)
auths = ar->get_auths(); auths = ar->get_auths();
authm_md->authorize(ar->id, ar->uid, auths); if ( auths.empty() )
{
ar->message = "Empty authorization string";
goto error;
}
authm_md->authorize(ar->id, ar->uid, auths, ar->self_authorize);
return; return;
error_driver: error:
ar->result = false; ar->result = false;
ar->message = "Could not find Authorization driver";
ar->notify(); ar->notify();
return;
} }
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

View File

@ -25,11 +25,14 @@
/* Driver ASCII Protocol Implementation */ /* Driver ASCII Protocol Implementation */
/* ************************************************************************** */ /* ************************************************************************** */
void AuthManagerDriver::authorize(int oid, int uid, const string& reqs) const void AuthManagerDriver::authorize(int oid,
int uid,
const string& reqs,
bool acl) const
{ {
ostringstream os; ostringstream os;
os << "AUTHORIZE " << oid << " " << uid << " " << reqs << endl; os << "AUTHORIZE " << oid << " " << uid << " " << reqs << " " << acl <<endl;
write(os); write(os);
} }

View File

@ -182,7 +182,7 @@ public:
string astr = "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 " string astr = "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 "
"IMAGE:2:USE:3:0:0 " "IMAGE:2:USE:3:0:0 "
"NET:4:DELETE:5:1:0 " "NET:4:DELETE:5:1:0 "
"HOST:6:MANAGE:7:1:0"; "HOST:6:MANAGE:7:1:0 0";
ar.add_auth(AuthRequest::VM, ar.add_auth(AuthRequest::VM,
"This is a template\n", "This is a template\n",
@ -214,7 +214,6 @@ public:
am->trigger(AuthManager::AUTHORIZE,&ar); am->trigger(AuthManager::AUTHORIZE,&ar);
ar.wait(); ar.wait();
/* /*
if ( ar.result != false ) if ( ar.result != false )
{ {
@ -229,6 +228,56 @@ public:
//*/ //*/
CPPUNIT_ASSERT(ar.result==false); CPPUNIT_ASSERT(ar.result==false);
CPPUNIT_ASSERT(ar.message==astr); CPPUNIT_ASSERT(ar.message==astr);
AuthRequest ar1(2, 2);
string astr1= "VM:VGhpcyBpcyBhIHRlbXBsYXRlCg==:CREATE:-1:0:0 0";
ar1.add_auth(AuthRequest::VM,
"This is a template\n",
0,
AuthRequest::CREATE,
-1,
false);
am->trigger(AuthManager::AUTHORIZE,&ar1);
ar1.wait();
/*
if ( ar1.result != false )
{
cout << endl << "ar.result: " << ar1.result << endl;
}
if ( ar1.message != astr1 )
{
cout << endl << "ar.message: " << ar1.message;
cout << endl << "expected: " << astr1 << endl;
}
//*/
CPPUNIT_ASSERT(ar1.result==false);
CPPUNIT_ASSERT(ar1.message==astr1);
AuthRequest ar2(2, 2);
string astr2= "Empty authorization string";
am->trigger(AuthManager::AUTHORIZE,&ar2);
ar2.wait();
/*
if ( ar1.result != false )
{
cout << endl << "ar.result: " << ar1.result << endl;
}
if ( ar1.message != astr1 )
{
cout << endl << "ar.message: " << ar1.message;
cout << endl << "expected: " << astr1 << endl;
}
//*/
CPPUNIT_ASSERT(ar2.result==false);
CPPUNIT_ASSERT(ar2.message==astr2);
} }