diff --git a/include/AclManager.h b/include/AclManager.h index 3a12d72b24..e096d7de69 100644 --- a/include/AclManager.h +++ b/include/AclManager.h @@ -54,7 +54,7 @@ public: * authorizes the operation. * * @param uid The user ID requesting to be authorized - * @param user_groups Set of group IDs that the user is part of + * @param gid Group ID of the user * @param obj_type The object over which the operation will be performed * @param obj_id The object ID * @param obj_gid The object's group ID @@ -62,7 +62,7 @@ public: * @return true if the authorization is granted by any rule */ const bool authorize(int uid, - const set& user_groups, + int gid, AuthRequest::Object obj_type, int obj_id, int obj_gid, diff --git a/include/AuthManager.h b/include/AuthManager.h index d86d984f22..e2331d7cb9 100644 --- a/include/AuthManager.h +++ b/include/AuthManager.h @@ -18,7 +18,6 @@ #define AUTH_MANAGER_H_ #include -#include #include "MadManager.h" #include "ActionManager.h" @@ -260,11 +259,11 @@ private: class AuthRequest : public ActionListener { public: - AuthRequest(int _uid, set _gids): + AuthRequest(int _uid, int _gid): result(false), timeout(false), uid(_uid), - gids(_gids), + gid(_gid), time_out(0), self_authorize(true) { @@ -463,9 +462,9 @@ private: int uid; /** - * The user groups ID set + * The user group ID */ - set gids; + int gid; /** * Timeout for this request diff --git a/include/Request.h b/include/Request.h index b8f8ed8f78..6c737a5f94 100644 --- a/include/Request.h +++ b/include/Request.h @@ -57,29 +57,27 @@ public: protected: - /* ------------------- Attributes of the Request ---------------------- */ + /* ---------------------------------------------------------------------*/ + /* Attributes of the Request */ + /* ---------------------------------------------------------------------*/ + + /* -------- Dynamic (specific for a request of the same method) -------- */ struct RequestAttributes { - int uid; /**< id of the user */ - int gid; /**< id of the user's group */ + int uid; /**< id of the user */ + int gid; /**< id of the user's group */ - string uname; /**< name of the user */ - string gname; /**< name of the user's group */ + string uname; /**< name of the user */ + string gname; /**< name of the user's group */ - set group_ids; /**< set of user's group ids */ + string session; /**< Session from ONE XML-RPC API */ - /** - * Session token from the OpenNebula XML-RPC API - */ - string session; - - /** - * Return value of the request from libxmlrpc-c - */ - xmlrpc_c::value * retval; + xmlrpc_c::value * retval; /**< Return value from libxmlrpc-c */ }; + /* -------- Static (shared among request of the same method) -------- */ + PoolSQL * pool; /**< Pool of objects */ string method_name; /**< The name of the XML-RPC method */ diff --git a/include/RequestManagerDelete.h b/include/RequestManagerDelete.h index bf665bfc48..84aaf81223 100644 --- a/include/RequestManagerDelete.h +++ b/include/RequestManagerDelete.h @@ -166,10 +166,6 @@ public: }; ~UserDelete(){}; - - /* -------------------------------------------------------------------- */ - - int drop(int oid, PoolObjectSQL * object, string& error_msg); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerUser.h b/include/RequestManagerUser.h index 386189f6c5..507bc38c60 100644 --- a/include/RequestManagerUser.h +++ b/include/RequestManagerUser.h @@ -72,41 +72,6 @@ public: string& err); }; -/* ------------------------------------------------------------------------- */ -/* ------------------------------------------------------------------------- */ - -class UserAddGroup : public RequestManagerUser -{ -public: - UserAddGroup(): - RequestManagerUser("UserAddGroup", - "Adds a new group to the user", - "A:sii"){}; - ~UserAddGroup(){}; - - int user_action(User * user, - xmlrpc_c::paramList const& _paramList, - string& err); -}; - - -/* ------------------------------------------------------------------------- */ -/* ------------------------------------------------------------------------- */ - -class UserDelGroup : public RequestManagerUser -{ -public: - UserDelGroup(): - RequestManagerUser("UserDelGroup", - "Deletes a new group to the user", - "A:sii"){}; - ~UserDelGroup(){}; - - int user_action(User * user, - xmlrpc_c::paramList const& _paramList, - string& err); -}; - /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ diff --git a/include/User.h b/include/User.h index b7b94775ee..5e3ab15a4a 100644 --- a/include/User.h +++ b/include/User.h @@ -18,7 +18,6 @@ #define USER_H_ #include "PoolSQL.h" -#include "ObjectCollection.h" using namespace std; @@ -28,7 +27,7 @@ using namespace std; /** * The User class. */ -class User : public PoolObjectSQL, public ObjectCollection +class User : public PoolObjectSQL { public: @@ -90,47 +89,6 @@ public: **/ static int split_secret(const string secret, string& user, string& pass); - /** - * Returns a copy of the groups for the user - */ - set get_groups() - { - return get_collection_copy(); - }; - - // ************************************************************************* - // Group IDs set Management - // ************************************************************************* - - /** - * Adds a group ID to the groups set. - * - * @param id The new id - * @return 0 on success, -1 if the ID was already in the set - */ - int add_group(int group_id) - { - return add_collection_id(group_id); - } - - /** - * Deletes a group ID from the groups set. - * - * @param id The id - * @return 0 on success, - * -1 if the ID was not in the set, - * -2 if the group to delete is the main group - */ - int del_group(int group_id) - { - if( group_id == gid ) - { - return -2; - } - - return del_collection_id(group_id); - } - private: // ------------------------------------------------------------------------- // Friends @@ -196,7 +154,6 @@ protected: const string& _password, bool _enabled): PoolObjectSQL(id,_uname,-1,_gid,"",_gname,table), - ObjectCollection("GROUPS"), password(_password), enabled(_enabled){}; diff --git a/include/UserPool.h b/include/UserPool.h index e543e65cde..d077f3906c 100644 --- a/include/UserPool.h +++ b/include/UserPool.h @@ -105,15 +105,14 @@ public: * @param gid of the user if authN succeeded -1 otherwise * @param uname of the user if authN succeeded "" otherwise * @param gname of the group if authN succeeded "" otherwise - * @param group_ids the user groups if authN succeeded, is empty otherwise + * * @return false if authn failed, true otherwise */ bool authenticate(const string& session, int& uid, int& gid, string& uname, - string& gname, - set& group_ids); + string& gname); /** * Returns whether there is a user with given username/password or not * @param ar, an Authorization Request diff --git a/src/acl/AclManager.cc b/src/acl/AclManager.cc index cb35403267..61b9a0832f 100644 --- a/src/acl/AclManager.cc +++ b/src/acl/AclManager.cc @@ -103,7 +103,7 @@ AclManager::~AclManager() const bool AclManager::authorize( int uid, - const set& user_groups, + int gid, AuthRequest::Object obj_type, int obj_id, int obj_gid, @@ -213,24 +213,17 @@ const bool AclManager::authorize( // Look for rules that apply to each one of the user's groups // ---------------------------------------------------------- - set::iterator g_it; - - for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++) + user_req = AclRule::GROUP_ID | gid; + auth = match_rules(user_req, + resource_oid_req, + resource_gid_req, + resource_all_req, + rights_req, + resource_oid_mask, + resource_gid_mask); + if ( auth == true ) { - user_req = AclRule::GROUP_ID | *g_it; - - auth = match_rules(user_req, - resource_oid_req, - resource_gid_req, - resource_all_req, - rights_req, - resource_oid_mask, - resource_gid_mask); - - if ( auth == true ) - { - return true; - } + return true; } oss.str("No more rules, permission not granted "); diff --git a/src/authm/AuthManager.cc b/src/authm/AuthManager.cc index b2512f401a..7880a5be53 100644 --- a/src/authm/AuthManager.cc +++ b/src/authm/AuthManager.cc @@ -79,7 +79,7 @@ void AuthRequest::add_auth(Object ob, if ( // User is oneadmin, or is in the oneadmin group uid == 0 || - gids.count( GroupPool::ONEADMIN_ID ) == 1 || + gid == GroupPool::ONEADMIN_ID || // User is the owner of the object, for certain operations ( owner == uid && @@ -88,7 +88,7 @@ void AuthRequest::add_auth(Object ob, ) || // Object is public and user is in its group, for certain operations - ( pub && ( gids.count( ob_gid ) == 1 ) && + ( pub && ( gid == ob_gid ) && (op == USE || op == INSTANTIATE || op == INFO ) && (ob == NET || ob == IMAGE || ob == TEMPLATE) ) @@ -101,7 +101,7 @@ void AuthRequest::add_auth(Object ob, Nebula& nd = Nebula::instance(); AclManager* aclm = nd.get_aclm(); - auth = aclm->authorize(uid, gids, ob, ob_id_int, ob_gid, op); + auth = aclm->authorize(uid, gid, ob, ob_id_int, ob_gid, op); } oss << auth; // Store the ACL authorization result in the request diff --git a/src/authm/test/AuthManagerTest.cc b/src/authm/test/AuthManagerTest.cc index 8feaf66590..1d0473e76e 100644 --- a/src/authm/test/AuthManagerTest.cc +++ b/src/authm/test/AuthManagerTest.cc @@ -146,8 +146,7 @@ public: //This test needs a driver that takes more than 3 secs to AUTHENTICATE void timeout() { - set empty_set; - AuthRequest ar(2, empty_set); + AuthRequest ar(2, 2); ar.add_authenticate("timeout","the_pass","the_secret"); @@ -163,8 +162,7 @@ public: void authenticate() { - set empty_set; - AuthRequest ar(2, empty_set); + AuthRequest ar(2, 2); ar.add_authenticate("the_user","the_pass","the_secret"); @@ -177,8 +175,7 @@ public: void authorize() { - set empty_set; - AuthRequest ar(2, empty_set); + AuthRequest ar(2, 2); //OBJECT:OBJECT_ID:ACTION:OWNER:PUBLIC:CORE_RESULT @@ -238,16 +235,14 @@ public: void self_authorize() { // Make all users belong to the USERS (1) group - set gid_set; - gid_set.insert(1); - AuthRequest ar(2, gid_set); - AuthRequest ar1(2, gid_set); - AuthRequest ar2(3, gid_set); - AuthRequest ar3(4, gid_set); - AuthRequest ar4(2, gid_set); - AuthRequest ar5(0, gid_set); - AuthRequest ar6(0, gid_set); + AuthRequest ar(2, 1); + AuthRequest ar1(2, 1); + AuthRequest ar2(3, 1); + AuthRequest ar3(4, 1); + AuthRequest ar4(2, 1); + AuthRequest ar5(0, 1); + AuthRequest ar6(0, 1); ar.add_auth(AuthRequest::VM,"dGhpcy",-1,AuthRequest::CREATE,2,false); ar.add_auth(AuthRequest::NET,2,1,AuthRequest::USE,2,false); @@ -279,10 +274,8 @@ public: void self_authenticate() { - set empty_set; - - AuthRequest ar(2, empty_set); - AuthRequest ar1(2,empty_set); + AuthRequest ar(2, 2); + AuthRequest ar1(2,2); ar.add_authenticate("the_user","the_pass","the_secret"); CPPUNIT_ASSERT(ar.plain_authenticate() == false); diff --git a/src/cli/oneuser b/src/cli/oneuser index f91d6ef9d0..81d7639fc4 100755 --- a/src/cli/oneuser +++ b/src/cli/oneuser @@ -124,30 +124,6 @@ cmd=CommandParser::CmdParser.new(ARGV) do end end - addgroup_desc = <<-EOT.unindent - Adds the User to a secondary group - EOT - - command :addgroup, addgroup_desc, [:range, :userid_list], :groupid do - gid = args[1] - - helper.perform_actions(args[0],options,"group added") do |user| - user.addgroup( gid ) - end - end - - delgroup_desc = <<-EOT.unindent - Removes the User from a secondary group - EOT - - command :delgroup, delgroup_desc, [:range, :userid_list], :groupid do - gid = args[1] - - helper.perform_actions(args[0],options,"group deleted") do |user| - user.delgroup( gid ) - end - end - list_desc = <<-EOT.unindent Lists Users in the pool EOT diff --git a/src/oca/ruby/OpenNebula/User.rb b/src/oca/ruby/OpenNebula/User.rb index 6e7c5555b9..f87cdf4597 100644 --- a/src/oca/ruby/OpenNebula/User.rb +++ b/src/oca/ruby/OpenNebula/User.rb @@ -104,30 +104,6 @@ module OpenNebula return rc end - # Adds a secondary group - # gid:: _Integer_ the new group id. - # [return] nil in case of success or an Error object - def addgroup(gid) - return Error.new('ID not defined') if !@pe_id - - rc = @client.call(USER_METHODS[:addgroup], @pe_id, gid) - rc = nil if !OpenNebula.is_error?(rc) - - return rc - end - - # Deletes a secondary group. Fails if the group is the main one - # gid:: _Integer_ the group id. - # [return] nil in case of success or an Error object - def delgroup(gid) - return Error.new('ID not defined') if !@pe_id - - rc = @client.call(USER_METHODS[:delgroup], @pe_id, gid) - rc = nil if !OpenNebula.is_error?(rc) - - return rc - end - # --------------------------------------------------------------------- # Helpers to get User information # --------------------------------------------------------------------- diff --git a/src/rm/Request.cc b/src/rm/Request.cc index 27a86ba8ad..606d5d203d 100644 --- a/src/rm/Request.cc +++ b/src/rm/Request.cc @@ -39,8 +39,7 @@ void Request::execute( att.uid, att.gid, att.uname, - att.gname, - att.group_ids) == false ) + att.gname) == false ) { failure_response(AUTHENTICATION, authenticate_error(), att); } @@ -87,7 +86,7 @@ bool Request::basic_authorization(int oid, object->unlock(); } - AuthRequest ar(att.uid, att.group_ids); + AuthRequest ar(att.uid, att.gid); ar.add_auth(auth_object, oid, ogid, op, ouid, pub); diff --git a/src/rm/RequestManager.cc b/src/rm/RequestManager.cc index 9cbf9401cc..ba6aba6086 100644 --- a/src/rm/RequestManager.cc +++ b/src/rm/RequestManager.cc @@ -232,8 +232,6 @@ void RequestManager::register_xml_methods() { // User Methods xmlrpc_c::methodPtr user_change_password(new UserChangePassword()); - xmlrpc_c::methodPtr user_add_group(new UserAddGroup()); - xmlrpc_c::methodPtr user_del_group(new UserDelGroup()); // VMTemplate Methods xmlrpc_c::methodPtr template_instantiate(new VMTemplateInstantiate()); @@ -370,8 +368,6 @@ void RequestManager::register_xml_methods() RequestManagerRegistry.addMethod("one.user.allocate", user_allocate); RequestManagerRegistry.addMethod("one.user.delete", user_delete); RequestManagerRegistry.addMethod("one.user.info", user_info); - RequestManagerRegistry.addMethod("one.user.addgroup", user_add_group); - RequestManagerRegistry.addMethod("one.user.delgroup", user_del_group); RequestManagerRegistry.addMethod("one.user.passwd", user_change_password); RequestManagerRegistry.addMethod("one.user.chgrp", user_chown); diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 97047dda89..abaa83ff36 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -31,7 +31,7 @@ bool RequestManagerAllocate::allocate_authorization(Template * tmpl, return true; } - AuthRequest ar(att.uid, att.group_ids); + AuthRequest ar(att.uid, att.gid); if ( tmpl == 0 ) { @@ -67,7 +67,7 @@ bool VirtualMachineAllocate::allocate_authorization(Template * tmpl, return true; } - AuthRequest ar(att.uid, att.group_ids); + AuthRequest ar(att.uid, att.gid); string t64; diff --git a/src/rm/RequestManagerChown.cc b/src/rm/RequestManagerChown.cc index 711740a663..6f311dffb3 100644 --- a/src/rm/RequestManagerChown.cc +++ b/src/rm/RequestManagerChown.cc @@ -175,9 +175,6 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList, } user->set_group(ngid,ngname); - - user->add_group(ngid); - user->del_group(old_gid); upool->update(user); diff --git a/src/rm/RequestManagerDelete.cc b/src/rm/RequestManagerDelete.cc index 9518d300be..6ae29b82fe 100644 --- a/src/rm/RequestManagerDelete.cc +++ b/src/rm/RequestManagerDelete.cc @@ -70,43 +70,3 @@ int ImageDelete::drop(int oid, PoolObjectSQL * object, string& error_msg) return rc; } -/* ------------------------------------------------------------------------- */ - -int UserDelete::drop(int oid, PoolObjectSQL * object, string& error_msg) -{ - set group_set; - - User * user = static_cast(object); - group_set = user->get_groups(); - - int rc = pool->drop(object, error_msg); - - object->unlock(); - - if ( rc == 0 ) - { - Nebula& nd = Nebula::instance(); - GroupPool * gpool = nd.get_gpool(); - - Group * group; - - set::iterator it; - - for ( it = group_set.begin(); it != group_set.end(); it++ ) - { - group = gpool->get(*it, true); - - if( group == 0 ) - { - continue; - } - - group->del_user(oid); - gpool->update(group); - - group->unlock(); - } - } - - return rc; -} diff --git a/src/rm/RequestManagerPoolInfoFilter.cc b/src/rm/RequestManagerPoolInfoFilter.cc index 7df5dff565..0ceba5733c 100644 --- a/src/rm/RequestManagerPoolInfoFilter.cc +++ b/src/rm/RequestManagerPoolInfoFilter.cc @@ -88,12 +88,8 @@ void RequestManagerPoolInfoFilter::request_execute( case MINE_GROUP: - uid_filter << "uid = " << att.uid; - - for ( it = att.group_ids.begin() ; it != att.group_ids.end(); it++ ) - { - uid_filter << " OR gid = " << *it; - } + uid_filter << "uid = " << att.uid << " OR " + << "gid = " << att.gid; request_op = AuthRequest::INFO_POOL_MINE; break; diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc index 701c19e97c..1536f42c92 100644 --- a/src/rm/RequestManagerUser.cc +++ b/src/rm/RequestManagerUser.cc @@ -70,119 +70,6 @@ int UserChangePassword::user_action(User * user, return 0; } -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -int UserAddGroup::user_action(User * user, - xmlrpc_c::paramList const& paramList, - string& error_str) -{ - - int user_id = xmlrpc_c::value_int(paramList.getInt(1)); - int group_id = xmlrpc_c::value_int(paramList.getInt(2)); - int rc; - - rc = user->add_group(group_id); - - if ( rc != 0 ) - { - user->unlock(); - - error_str = "User is already in this group"; - return rc; - } - - pool->update(user); - - user->unlock(); - - Nebula& nd = Nebula::instance(); - GroupPool * gpool = nd.get_gpool(); - Group * group = gpool->get(group_id, true); - - if( group == 0 ) - { - User * user = static_cast(pool->get(user_id,true)); - - if ( user != 0 ) - { - user->del_group(group_id); - - pool->update(user); - - user->unlock(); - } - - error_str = "Group does not exist"; - return -1; - } - - group->add_user(user_id); - - gpool->update(group); - - group->unlock(); - - return 0; -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -int UserDelGroup::user_action(User * user, - xmlrpc_c::paramList const& paramList, - string& error_str) -{ - - int user_id = xmlrpc_c::value_int(paramList.getInt(1)); - int group_id = xmlrpc_c::value_int(paramList.getInt(2)); - int rc; - - rc = user->del_group(group_id); - - if ( rc != 0 ) - { - user->unlock(); - - if ( rc == -1 ) - { - error_str = "User is not part of this group"; - } - else if ( rc == -2 ) - { - error_str = "Can not remove main group from user"; - } - else - { - error_str = "Can not remove group from user"; - } - return rc; - } - - pool->update(user); - - user->unlock(); - - Nebula& nd = Nebula::instance(); - GroupPool * gpool = nd.get_gpool(); - Group * group = gpool->get(group_id, true); - - if( group == 0 ) - { - //Group does not exists, should never occur - error_str = "Can not remove user from group"; - return -1; - } - - group->del_user(user_id); - - gpool->update(group); - - group->unlock(); - - return 0; -} - /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerVMTemplate.cc b/src/rm/RequestManagerVMTemplate.cc index 9c2437c197..bf87b51847 100644 --- a/src/rm/RequestManagerVMTemplate.cc +++ b/src/rm/RequestManagerVMTemplate.cc @@ -59,7 +59,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList if ( att.uid != 0 ) { - AuthRequest ar(att.uid, att.group_ids); + AuthRequest ar(att.uid, att.gid); ar.add_auth(auth_object, id, ogid, auth_op, ouid, false); diff --git a/src/rm/RequestManagerVirtualMachine.cc b/src/rm/RequestManagerVirtualMachine.cc index 09034e2b09..f2344f6342 100644 --- a/src/rm/RequestManagerVirtualMachine.cc +++ b/src/rm/RequestManagerVirtualMachine.cc @@ -51,7 +51,7 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid, object->unlock(); - AuthRequest ar(att.uid, att.group_ids); + AuthRequest ar(att.uid, att.gid); ar.add_auth(auth_object, oid, ogid, auth_op, ouid, false); diff --git a/src/scheduler/include/Scheduler.h b/src/scheduler/include/Scheduler.h index 93e2ff7345..0ebc07024c 100644 --- a/src/scheduler/include/Scheduler.h +++ b/src/scheduler/include/Scheduler.h @@ -18,7 +18,6 @@ #define SCHEDULER_H_ #include "Log.h" -#include "UserPoolXML.h" #include "HostPoolXML.h" #include "VirtualMachinePoolXML.h" #include "SchedulerPolicy.h" @@ -50,7 +49,6 @@ protected: int _machines_limit, int _dispatch_limit, int _host_dispatch_limit): hpool(0), vmpool(0), - upool(0), acls(0), timer(_timer), url(_url), @@ -75,11 +73,6 @@ protected: delete vmpool; } - if ( upool != 0) - { - delete upool; - } - if ( acls != 0) { delete acls; @@ -97,7 +90,7 @@ protected: HostPoolXML * hpool; VirtualMachinePoolXML * vmpool; - UserPoolXML * upool; + AclXML * acls; // --------------------------------------------------------------- diff --git a/src/scheduler/include/UserPoolXML.h b/src/scheduler/include/UserPoolXML.h deleted file mode 100644 index 44d151c71c..0000000000 --- a/src/scheduler/include/UserPoolXML.h +++ /dev/null @@ -1,57 +0,0 @@ -/* -------------------------------------------------------------------------- */ -/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ -/* not use this file except in compliance with the License. You may obtain */ -/* a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ -/* See the License for the specific language governing permissions and */ -/* limitations under the License. */ -/* -------------------------------------------------------------------------- */ - - -#ifndef USER_POOL_XML_H_ -#define USER_POOL_XML_H_ - -#include "PoolXML.h" -#include "UserXML.h" - -using namespace std; - -class UserPoolXML : public PoolXML -{ -public: - - UserPoolXML(Client* client):PoolXML(client){}; - - int set_up(); - - /** - * Gets an object from the pool - * @param oid the object unique identifier - * - * @return a pointer to the object, 0 in case of failure - */ - UserXML * get(int oid) const - { - return static_cast(PoolXML::get(oid)); - }; - -protected: - - int get_suitable_nodes(vector& content) - { - return get_nodes("/USER_POOL/USER[ENABLED=1]", content); - }; - - void add_object(xmlNodePtr node); - - int load_info(xmlrpc_c::value &result); -}; - -#endif /* HOST_POOL_XML_H_ */ diff --git a/src/scheduler/include/UserXML.h b/src/scheduler/include/UserXML.h deleted file mode 100644 index ede214cd52..0000000000 --- a/src/scheduler/include/UserXML.h +++ /dev/null @@ -1,63 +0,0 @@ -/* -------------------------------------------------------------------------- */ -/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ -/* not use this file except in compliance with the License. You may obtain */ -/* a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ -/* See the License for the specific language governing permissions and */ -/* limitations under the License. */ -/* -------------------------------------------------------------------------- */ - - -#ifndef USER_XML_H_ -#define USER_XML_H_ - -#include "ObjectXML.h" -#include - -using namespace std; - -class UserXML : public ObjectXML -{ -public: - UserXML(const string &xml_doc):ObjectXML(xml_doc) - { - init_attributes(); - }; - - UserXML(const xmlNodePtr node):ObjectXML(node) - { - init_attributes(); - }; - - int get_uid() - { - return oid; - }; - - int get_gid() - { - return gid; - }; - - const set& get_groups() - { - return group_ids; - }; - -private: - int oid; - int gid; - - set group_ids; - - void init_attributes(); -}; - -#endif /* USER_XML_H_ */ diff --git a/src/scheduler/include/VirtualMachineXML.h b/src/scheduler/include/VirtualMachineXML.h index 5a6baec137..ed86ccf656 100644 --- a/src/scheduler/include/VirtualMachineXML.h +++ b/src/scheduler/include/VirtualMachineXML.h @@ -51,6 +51,11 @@ public: return uid; }; + int get_gid() const + { + return gid; + }; + /** * Adds a new share to the map of suitable shares to start this VM * @param hid of the selected host @@ -144,6 +149,7 @@ protected: int oid; int uid; + int gid; int memory; float cpu; diff --git a/src/scheduler/src/pool/SConstruct b/src/scheduler/src/pool/SConstruct index 428b17b01b..f772bad860 100644 --- a/src/scheduler/src/pool/SConstruct +++ b/src/scheduler/src/pool/SConstruct @@ -22,8 +22,6 @@ lib_name='scheduler_pool' source_files=[ 'AclXML.cc', - 'UserPoolXML.cc', - 'UserXML.cc', 'HostPoolXML.cc', 'HostXML.cc', 'VirtualMachinePoolXML.cc', diff --git a/src/scheduler/src/pool/UserPoolXML.cc b/src/scheduler/src/pool/UserPoolXML.cc deleted file mode 100644 index 04252e45cf..0000000000 --- a/src/scheduler/src/pool/UserPoolXML.cc +++ /dev/null @@ -1,90 +0,0 @@ -/* -------------------------------------------------------------------------- */ -/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ -/* not use this file except in compliance with the License. You may obtain */ -/* a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ -/* See the License for the specific language governing permissions and */ -/* limitations under the License. */ -/* -------------------------------------------------------------------------- */ - -#include "UserPoolXML.h" - - -int UserPoolXML::set_up() -{ - ostringstream oss; - int rc; - - rc = PoolXML::set_up(); - - if ( rc == 0 ) - { - oss.str(""); - oss << "Users (enabled):"; - - map::iterator it; - - for (it=objects.begin();it!=objects.end();it++) - { - oss << " " << it->first; - } - - NebulaLog::log("HOST",Log::DEBUG,oss); - } - - return rc; -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -void UserPoolXML::add_object(xmlNodePtr node) -{ - if ( node == 0 || node->children == 0 ) - { - NebulaLog::log("USER",Log::ERROR, - "XML Node does not represent a valid User"); - - return; - } - - UserXML* user = new UserXML(node); - - objects.insert(pair(user->get_uid(), user)); -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -int UserPoolXML::load_info(xmlrpc_c::value &result) -{ - try - { - client->call(client->get_endpoint(), // serverUrl - "one.userpool.info", // methodName - "s", // arguments format - &result, // resultP - client->get_oneauth().c_str()); // argument - return 0; - } - catch (exception const& e) - { - ostringstream oss; - oss << "Exception raised: " << e.what(); - - NebulaLog::log("USER", Log::ERROR, oss); - - return -1; - } -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - diff --git a/src/scheduler/src/pool/UserXML.cc b/src/scheduler/src/pool/UserXML.cc deleted file mode 100644 index 95cfb108d0..0000000000 --- a/src/scheduler/src/pool/UserXML.cc +++ /dev/null @@ -1,74 +0,0 @@ -/* -------------------------------------------------------------------------- */ -/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ -/* not use this file except in compliance with the License. You may obtain */ -/* a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ -/* See the License for the specific language governing permissions and */ -/* limitations under the License. */ -/* -------------------------------------------------------------------------- */ - -#include "UserXML.h" -#include - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -void UserXML::init_attributes() -{ - vector content; - - oid = atoi(((*this)["/USER/ID"] )[0].c_str() ); - gid = atoi(((*this)["/USER/GID"] )[0].c_str() ); - - get_nodes("/USER/GROUPS",content); - - if (!content.empty()) - { - xmlNodePtr cur_node = 0; - istringstream iss; - int id; - - for (cur_node = content[0]->children; - cur_node != 0; - cur_node = cur_node->next) - { - if ((cur_node->type == XML_ELEMENT_NODE) && - (cur_node->children != 0) && - ((cur_node->children->type == XML_TEXT_NODE ) || - (cur_node->children->type == XML_CDATA_SECTION_NODE))) - { - iss.clear(); - iss.str(reinterpret_cast(cur_node->children->content)); - iss >> dec >> id; - - if ( iss.fail() ) - { - //TODO Print a warning message - break; - } - else - { - group_ids.insert(id); - } - } - else - { - //TODO Print a warning message - break; - } - } - } - - free_nodes(content); -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - diff --git a/src/scheduler/src/pool/VirtualMachineXML.cc b/src/scheduler/src/pool/VirtualMachineXML.cc index ce0cdb4667..299139412d 100644 --- a/src/scheduler/src/pool/VirtualMachineXML.cc +++ b/src/scheduler/src/pool/VirtualMachineXML.cc @@ -24,6 +24,7 @@ void VirtualMachineXML::init_attributes() oid = atoi(((*this)["/VM/ID"] )[0].c_str()); uid = atoi(((*this)["/VM/UID"])[0].c_str()); + gid = atoi(((*this)["/VM/GID"])[0].c_str()); result = ((*this)["/VM/TEMPLATE/MEMORY"]); if (result.size() > 0) diff --git a/src/scheduler/src/pool/test/VirtualMachineXMLTest.cc b/src/scheduler/src/pool/test/VirtualMachineXMLTest.cc index 146cf9c090..d28823a547 100644 --- a/src/scheduler/src/pool/test/VirtualMachineXMLTest.cc +++ b/src/scheduler/src/pool/test/VirtualMachineXMLTest.cc @@ -313,15 +313,15 @@ int main(int argc, char ** argv) const string FriendVirtualMachinePool::xmls[] = { -" 0 0 vm-example 0 1 0 1274087556 1274087589 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 ", +" 0 0 2 vm-example 0 1 0 1274087556 1274087589 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 ", -" 1 0 vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 ", +" 1 0 2 vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 ", -" 2 0 vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087590 1274087589 1274087590 0 0 0 0 1 " +" 2 0 1 vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087590 1274087589 1274087590 0 0 0 0 1 " }; const string FriendVirtualMachinePool::vm_dump = -" 0 0 carlos vm-example 0 1 0 1274087556 1274087589 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 1 0 carlos vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 2 0 carlos vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087590 1274087589 1274087590 0 0 0 0 1 "; +" 0 0 0 carlos vm-example 0 1 0 1274087556 1274087589 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 1 0 0 carlos vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087589 1274087589 1274087589 0 0 0 0 1 2 0 1 carlos vm-example 0 1 0 1274087557 1274087590 0 0 0 0 0 host16 15 1274087589 1274087590 1274087589 1274087590 0 0 0 0 1 "; const string FriendHostPool::xmls[] = { diff --git a/src/scheduler/src/sched/Scheduler.cc b/src/scheduler/src/sched/Scheduler.cc index fe0f057841..65f44f9b16 100644 --- a/src/scheduler/src/sched/Scheduler.cc +++ b/src/scheduler/src/sched/Scheduler.cc @@ -121,7 +121,7 @@ void Scheduler::start() hpool = new HostPoolXML(client); vmpool = new VirtualMachinePoolXML(client, machines_limit); - upool = new UserPoolXML(client); + acls = new AclXML(client); // ----------------------------------------------------------- @@ -230,17 +230,6 @@ int Scheduler::set_up_pools() return rc; } - //-------------------------------------------------------------------------- - //Cleans the cache and get the users - //-------------------------------------------------------------------------- - - rc = upool->set_up(); - - if ( rc != 0 ) - { - return rc; - } - //-------------------------------------------------------------------------- //Cleans the cache and get the ACLs //-------------------------------------------------------------------------- @@ -267,11 +256,15 @@ int Scheduler::set_up_pools() void Scheduler::match() { VirtualMachineXML * vm; - int vm_memory; - int vm_cpu; - int vm_disk; - int uid; - string reqs; + + int vm_memory; + int vm_cpu; + int vm_disk; + + int uid; + int gid; + + string reqs; HostXML * host; int host_memory; @@ -279,9 +272,6 @@ void Scheduler::match() char * error; bool matched; - UserXML * user; - set gids; - int rc; map::const_iterator vm_it; @@ -296,7 +286,9 @@ void Scheduler::match() vm = static_cast(vm_it->second); reqs = vm->get_requirements(); + uid = vm->get_uid(); + gid = vm->get_gid(); for (h_it=hosts.begin(), matched=false; h_it != hosts.end(); h_it++) { @@ -343,30 +335,20 @@ void Scheduler::match() // Check if user is authorized // ----------------------------------------------------------------- - user = upool->get(uid); matched = false; - if ( user != 0 ) + if ( uid == 0 || gid == 0 ) { - const set groups = user->get_groups(); - - if ( uid == 0 || user->get_gid() == 0 ) - { - matched = true; - } - else - { - matched = acls->authorize(uid, - groups, - AuthRequest::HOST, - host->get_hid(), - -1, - AuthRequest::USE); - } + matched = true; } else { - continue; + matched = acls->authorize(uid, + gid, + AuthRequest::HOST, + host->get_hid(), + -1, + AuthRequest::USE); } if ( matched == false ) diff --git a/src/um/User.cc b/src/um/User.cc index 7250be3fb3..6a509b60b5 100644 --- a/src/um/User.cc +++ b/src/um/User.cc @@ -124,8 +124,6 @@ string& User::to_xml(string& xml) const int enabled_int = enabled?1:0; - ObjectCollection::to_xml(collection_xml); - oss << "" "" << oid <<"" << @@ -134,7 +132,6 @@ string& User::to_xml(string& xml) const "" << name <<"" << "" << password <<""<< "" << enabled_int <<"" << - collection_xml << ""; xml = oss.str(); @@ -163,19 +160,6 @@ int User::from_xml(const string& xml) enabled = int_enabled; - // Get associated classes - ObjectXML::get_nodes("/USER/GROUPS", content); - - if (content.empty()) - { - return -1; - } - - // Set of IDs - rc += ObjectCollection::from_xml_node(content[0]); - - ObjectXML::free_nodes(content); - if (rc != 0) { return -1; diff --git a/src/um/UserPool.cc b/src/um/UserPool.cc index 467263ab08..746e898346 100644 --- a/src/um/UserPool.cc +++ b/src/um/UserPool.cc @@ -151,8 +151,6 @@ int UserPool::allocate ( // Build a new User object user = new User(-1, gid, uname, gname, password, enabled); - user->add_collection_id(gid); //Adds the primary group to the collection - // Insert the Object in the pool *oid = PoolSQL::allocate(user, error_str); @@ -200,8 +198,7 @@ bool UserPool::authenticate(const string& session, int& user_id, int& group_id, string& uname, - string& gname, - set& group_ids) + string& gname) { map::iterator index; @@ -243,8 +240,6 @@ bool UserPool::authenticate(const string& session, tuname = user->name; tgname = user->gname; - group_ids = user->get_groups(); - user->unlock(); } else //External User @@ -254,7 +249,7 @@ bool UserPool::authenticate(const string& session, gid = -1; } - AuthRequest ar(uid, group_ids); + AuthRequest ar(uid, gid); ar.add_authenticate(username,u_pass,secret); @@ -336,7 +331,6 @@ bool UserPool::authenticate(const string& session, } else { - group_ids.insert( GroupPool::USERS_ID ); group_id = GroupPool::USERS_ID; uname = mad_name; diff --git a/src/um/test/UserPoolTest.cc b/src/um/test/UserPoolTest.cc index 344b9eb2f2..3e38e73ece 100644 --- a/src/um/test/UserPoolTest.cc +++ b/src/um/test/UserPoolTest.cc @@ -31,10 +31,10 @@ const string usernames[] = { "A user", "B user", "C user", "D user", "E user" }; const string passwords[] = { "A pass", "B pass", "C pass", "D pass", "E pass" }; const string dump_result = - "00oneadminone_user_test5baa61e4c9b93f3f0682250b6cf8331b7ee68fd81010oneadminap1020oneadmina namepass1030oneadmina_namepassword1040oneadminanother namesecret1050oneadminuser123410"; + "00oneadminone_user_test5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8110oneadminap120oneadmina namepass130oneadmina_namepassword140oneadminanother namesecret150oneadminuser12341"; const string dump_where_result = - "10oneadminap1020oneadmina namepass1030oneadmina_namepassword1040oneadminanother namesecret10"; + "10oneadminap120oneadmina namepass130oneadmina_namepassword140oneadminanother namesecret1"; #include "NebulaTest.h" @@ -187,14 +187,13 @@ public: bool rc; int oid, gid; - set groups; string uname, gname; // There is an initial user, created with the one_auth file: // one_user_test:password string session="one_user_test:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"; - rc = user_pool->authenticate( session, oid, gid, uname, gname, groups ); + rc = user_pool->authenticate( session, oid, gid, uname, gname); CPPUNIT_ASSERT( rc == true ); CPPUNIT_ASSERT( oid == 0 ); CPPUNIT_ASSERT( gid == 0 ); @@ -202,13 +201,13 @@ public: CPPUNIT_ASSERT( gname == "oneadmin" ); session = "one_user_test:wrong_password"; - rc = user_pool->authenticate( session, oid, gid , uname, gname, groups ); + rc = user_pool->authenticate( session, oid, gid , uname, gname); CPPUNIT_ASSERT( rc == false ); CPPUNIT_ASSERT( oid == -1 ); CPPUNIT_ASSERT( gid == -1 ); session = "unknown_user:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"; - rc = user_pool->authenticate( session, oid, gid, uname, gname, groups ); + rc = user_pool->authenticate( session, oid, gid, uname, gname); CPPUNIT_ASSERT( rc == false ); CPPUNIT_ASSERT( oid == -1 ); CPPUNIT_ASSERT( gid == -1 );