From 6d3d8a881cf4028d633e5a0f30b2204289e27445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tino=20V=C3=A1zquez?= Date: Fri, 3 Sep 2010 18:17:46 +0200 Subject: [PATCH] Fix for VirtualNetwork authentication bug --- src/rm/RequestManagerVirtualNetworkDelete.cc | 81 ++++++++++++------- src/rm/RequestManagerVirtualNetworkPublish.cc | 46 +++++++---- 2 files changed, 82 insertions(+), 45 deletions(-) diff --git a/src/rm/RequestManagerVirtualNetworkDelete.cc b/src/rm/RequestManagerVirtualNetworkDelete.cc index d365f36ca3..4a44d445c2 100644 --- a/src/rm/RequestManagerVirtualNetworkDelete.cc +++ b/src/rm/RequestManagerVirtualNetworkDelete.cc @@ -25,7 +25,7 @@ void RequestManager::VirtualNetworkDelete::execute( xmlrpc_c::paramList const& paramList, xmlrpc_c::value * const retval) -{ +{ string session; string name; @@ -33,10 +33,13 @@ void RequestManager::VirtualNetworkDelete::execute( int uid; VirtualNetwork * vn; - - int rc; + + int network_owner; + bool is_public; + + int rc; ostringstream oss; - + const string method_name = "VirtualNetworkDelete"; /* -- RPC specific vars -- */ @@ -48,57 +51,75 @@ void RequestManager::VirtualNetworkDelete::execute( // Get the parameters & host session = xmlrpc_c::value_string(paramList.getString(0)); nid = xmlrpc_c::value_int (paramList.getInt (1)); - - // Only oneadmin or the VN owner can perform operations upon the VN + + // First, we need to authenticate the user rc = VirtualNetworkDelete::upool->authenticate(session); - - if ( rc == -1 ) - { - goto error_authenticate; + + if ( rc == -1 ) + { + goto error_authenticate; } - + + // Retrieve VN from the pool + vn = vnpool->get(nid,true); + + if ( vn == 0 ) + { + goto error_vn_get; + } + + network_owner = vn->get_uid(); + is_public = vn->isPublic(); + + vn->unlock(); + + //Authorize the operation if ( rc != 0 ) // rc == 0 means oneadmin { AuthRequest ar(rc); - ar.add_auth(AuthRequest::NET,nid,AuthRequest::DELETE,0,false); + ar.add_auth(AuthRequest::NET, + nid, + AuthRequest::DELETE, + network_owner, + is_public); if (UserPool::authorize(ar) == -1) { goto error_authorize; } } - - // Retrieve VN from the pool - vn = vnpool->get(nid,true); - - if ( vn == 0 ) - { - goto error_vn_get; + + // Retrieve VN from the pool + vn = vnpool->get(nid,true); + + if ( vn == 0 ) + { + goto error_vn_get; } uid = vn->get_uid(); - + rc = vnpool->drop(vn); vn->unlock(); - - // All nice, return the host info to the client + + // All nice, return the host info to the client arrayData.push_back(xmlrpc_c::value_boolean( rc == 0 )); // SUCCESS arrayresult = new xmlrpc_c::value_array(arrayData); - + // Copy arrayresult into retval mem space *retval = *arrayresult; // and get rid of the original delete arrayresult; - + return; error_authenticate: oss.str(authenticate_error(method_name)); goto error_common; - + error_authorize: oss.str(authorization_error(method_name, "DELETE", "NET", rc, nid)); goto error_common; @@ -106,17 +127,17 @@ error_authorize: error_vn_get: oss.str(get_error(method_name, "NET", nid)); goto error_common; - + error_common: NebulaLog::log ("ReM",Log::ERROR,oss); - + arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE arrayData.push_back(xmlrpc_c::value_string(oss.str())); - + xmlrpc_c::value_array arrayresult_error(arrayData); - + *retval = arrayresult_error; - + return; } diff --git a/src/rm/RequestManagerVirtualNetworkPublish.cc b/src/rm/RequestManagerVirtualNetworkPublish.cc index c8d0befb6e..8c3011f959 100644 --- a/src/rm/RequestManagerVirtualNetworkPublish.cc +++ b/src/rm/RequestManagerVirtualNetworkPublish.cc @@ -31,11 +31,14 @@ void RequestManager::VirtualNetworkPublish::execute( string session; int nid; - bool publish_flag; + bool publish_flag; int uid; - + VirtualNetwork * vn; + int network_owner; + bool is_public; + ostringstream oss; const string method_name = "VirtualNetworkPublish"; @@ -57,15 +60,20 @@ void RequestManager::VirtualNetworkPublish::execute( { goto error_authenticate; } - + // Get virtual network from the VirtualNetworkPool - vn = VirtualNetworkPublish::vnpool->get(nid,true); - - if ( vn == 0 ) - { - goto error_vn_get; + vn = VirtualNetworkPublish::vnpool->get(nid,true); + + if ( vn == 0 ) + { + goto error_vn_get; } - + + network_owner = vn->get_uid(); + is_public = vn->isPublic(); + + vn->unlock(); + //Authorize the operation if ( uid != 0 ) // uid == 0 means oneadmin { @@ -74,8 +82,8 @@ void RequestManager::VirtualNetworkPublish::execute( ar.add_auth(AuthRequest::NET, nid, AuthRequest::MANAGE, - 0, - vn->isPublic()); + network_owner, + is_public); if (UserPool::authorize(ar) == -1) { @@ -83,10 +91,18 @@ void RequestManager::VirtualNetworkPublish::execute( } } + // Get virtual network from the VirtualNetworkPool + vn = VirtualNetworkPublish::vnpool->get(nid,true); + + if ( vn == 0 ) + { + goto error_vn_get; + } + vn->publish(publish_flag); - + VirtualNetworkPublish::vnpool->update(vn); - + vn->unlock(); arrayData.push_back(xmlrpc_c::value_boolean(true)); @@ -103,11 +119,11 @@ void RequestManager::VirtualNetworkPublish::execute( error_authenticate: oss.str(authenticate_error(method_name)); goto error_common; - + error_vn_get: oss.str(get_error(method_name, "NET", nid)); goto error_common; - + error_authorize: oss.str(authorization_error(method_name, "MANAGE", "NET", uid, nid)); vn->unlock();