Fix unlock operations for admin users. Fix bug with recursive template

clones, imges persistent attribute is set in clone operation
2025-03-28 14:50:08 +03:00 · 2018-05-24 11:43:27 +02:00 · 2018-05-24 11:43:27 +02:00 · 7bbc01f60f
commit 7bbc01f60f
parent e8b8e2021e
8 changed files with 56 additions and 41 deletions
--- a/include/PoolObjectSQL.h
+++ b/include/PoolObjectSQL.h
@ -559,15 +559,16 @@ public:
     *
     * @return 0 if the lock was granted, -1 if the object is already locked
     */
-    int lock_db(const int owner,const int req_id, const int level);
+    int lock_db(const int owner, const int req_id, const int level);

    /**
     * Unlocks the DB lock for external applications. The object must be locked
     * (internal memory mutex) before this method is called
     *
-     * @param owner String to identify who requested the lock
+     * @param owner String to identify who requested the lock. -1 to bypass check
+     * @return 0 if object was unlocked -1 otherwise (owner != lock_owner)
     */
-    void unlock_db(const int owner, const int req_id);
+    int unlock_db(const int owner, const int req_id);

    /**
     * Unlocks the DB lock for external applications. The object must be locked
--- a/include/RequestManagerImage.h
+++ b/include/RequestManagerImage.h
@ -121,7 +121,7 @@ public:
    ~ImageClone(){};

    ErrorCode request_execute(int clone_id, const string &name, int ds_id,
-        int &new_id, RequestAttributes& att);
+        bool persistent, int &new_id, RequestAttributes& att);

 protected:

--- a/include/RequestManagerLock.h
+++ b/include/RequestManagerLock.h
@ -69,9 +69,9 @@ protected:
    void request_execute(xmlrpc_c::paramList const& _paramList,
                         RequestAttributes& att);

-    void unlock_db(PoolObjectSQL * object, const int owner, const int req_id)
+    int unlock_db(PoolObjectSQL * object, const int owner, const int req_id)
    {
-        object->unlock_db(owner, req_id);
+        return object->unlock_db(owner, req_id);
    };
 };

--- a/src/pool/PoolObjectSQL.cc
+++ b/src/pool/PoolObjectSQL.cc
@ -592,10 +592,10 @@ bool PoolObjectSQL::name_is_valid(const string& obj_name,

 int PoolObjectSQL::lock_db(const int owner, const int req_id, const int level)
 {
-    locked       = static_cast<LockStates>(level);
-    lock_time = time(0);
-    lock_owner   = owner;
-    lock_req_id  = req_id;
+    locked      = static_cast<LockStates>(level);
+    lock_time   = time(0);
+    lock_owner  = owner;
+    lock_req_id = req_id;

    return 0;
 }
@ -603,15 +603,21 @@ int PoolObjectSQL::lock_db(const int owner, const int req_id, const int level)
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

-void PoolObjectSQL::unlock_db(const int owner, const int req_id)
+int PoolObjectSQL::unlock_db(const int owner, const int req_id)
 {
-    if ( owner == lock_owner )
+    int rc = -1;
+
+    if ( owner == -1 || owner == lock_owner )
    {
-        locked       = LockStates::ST_NONE;
-        lock_time = time(0);
-        lock_owner   = -1;
-        lock_req_id  = -1;
+        locked      = LockStates::ST_NONE;
+        lock_time   = time(0);
+        lock_owner  = -1;
+        lock_req_id = -1;
+
+        rc = 0;
    }
+
+    return rc;
 }

 /* -------------------------------------------------------------------------- */
--- a/src/rm/RequestManagerClone.cc
+++ b/src/rm/RequestManagerClone.cc
@ -184,7 +184,8 @@ Request::ErrorCode VMTemplateClone::clone(int source_id, const string &name,

            oss << name << "-disk-" << ndisk;

-            ec = img_clone.request_execute(img_id,oss.str(),-1, new_img_id,img_att);
+            ec = img_clone.request_execute(img_id, oss.str(), -1,
+                    (*disk)->is_managed(), new_img_id, img_att);

            if ( ec != SUCCESS)
            {
@ -195,22 +196,6 @@ Request::ErrorCode VMTemplateClone::clone(int source_id, const string &name,
                goto error_images;
            }

-            if ( (*disk)->is_managed() )
-            {
-                ec = img_persistent.request_execute(new_img_id, true, img_att);
-
-                if (ec != SUCCESS)
-                {
-                    NebulaLog::log("ReM",Log::ERROR,failure_message(ec,img_att));
-
-                    att.resp_msg = "Failed to clone images: " + img_att.resp_msg;
-
-                    img_delete.request_execute(new_img_id, img_att);
-
-                    goto error_images;
-                }
-            }
-
            (*disk)->remove("IMAGE");
            (*disk)->remove("IMAGE_UNAME");
            (*disk)->remove("IMAGE_UID");
--- a/src/rm/RequestManagerImage.cc
+++ b/src/rm/RequestManagerImage.cc
@ -302,7 +302,7 @@ void ImageClone::request_execute(
        ds_id = xmlrpc_c::value_int(paramList.getInt(3));
    }

-    ErrorCode ec = request_execute(clone_id, name, ds_id, new_id, att);
+    ErrorCode ec = request_execute(clone_id, name, ds_id, false, new_id, att);

    if ( ec == SUCCESS )
    {
@ -321,6 +321,7 @@ Request::ErrorCode ImageClone::request_execute(
        int             clone_id,
        const string&   name,
        int             ds_id,
+        bool            persistent,
        int             &new_id,
        RequestAttributes& att)
 {
@ -391,8 +392,17 @@ Request::ErrorCode ImageClone::request_execute(

    img->unlock();

-    //Update persistent attribute from base image if needed
-    Image::test_set_persistent(tmpl, att.uid, att.gid, false);
+    //--------------------------------------------------------------------------
+    // Set image persistent attribute
+    //--------------------------------------------------------------------------
+    if ( persistent )
+    {
+        tmpl->replace("PERSISTENT", persistent);
+    }
+    else //Update from base image
+    {
+        Image::test_set_persistent(tmpl, att.uid, att.gid, false);
+    }

    // ----------------------- Get target Datastore info -----------------------

--- a/src/rm/RequestManagerLock.cc
+++ b/src/rm/RequestManagerLock.cc
@ -24,9 +24,10 @@ using namespace std;
 void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
                                         RequestAttributes& att)
 {
-    int     oid     = xmlrpc_c::value_int(paramList.getInt(1));
-    int level   = xmlrpc_c::value_int(paramList.getInt(2));
+    int oid   = xmlrpc_c::value_int(paramList.getInt(1));
+    int level = xmlrpc_c::value_int(paramList.getInt(2));
    int owner = att.uid;
+
    PoolObjectSQL * object;
    string          error_str;
    int             rc;
@ -75,7 +76,8 @@ void RequestManagerUnlock::request_execute(xmlrpc_c::paramList const& paramList,

    PoolObjectSQL * object;
    string          error_str;
-    int owner = att.uid;
+
+    int owner  = att.uid;
    int req_id = att.req_id;

    if ( basic_authorization(oid, att) == false )
@ -92,7 +94,19 @@ void RequestManagerUnlock::request_execute(xmlrpc_c::paramList const& paramList,
        return;
    }

-    unlock_db(object, owner, req_id);
+    if ( att.is_admin() ) //admins can unlock even if nor owners of lock
+    {
+        owner = -1;
+    }
+
+    if ( unlock_db(object, owner, req_id) == -1 )
+    {
+        att.resp_msg = "Cannot unlock: Lock is owned by another user";
+        failure_response(ACTION, att);
+
+        object->unlock();
+        return;
+    }

    pool->update(object);

--- a/src/rm/RequestManagerVirtualMachine.cc
+++ b/src/rm/RequestManagerVirtualMachine.cc
@ -2293,7 +2293,6 @@ Request::ErrorCode VirtualMachineAttachNic::request_execute(int id,
        return AUTHORIZATION;
    }

-
    RequestAttributes att_quota(vm_perms.uid, vm_perms.gid, att);

    if (!att.is_admin())