mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-11 05:17:41 +03:00
Feature #1742: Add a set of group IDs to Users
This commit is contained in:
parent
990092271c
commit
7bfb930292
@ -58,13 +58,13 @@ public:
|
||||
* authorizes the operation.
|
||||
*
|
||||
* @param uid The user ID requesting to be authorized
|
||||
* @param gid Group ID of the user
|
||||
* @param user_groups Set of group IDs that the user is part of
|
||||
* @param obj_perms The object's permission attributes
|
||||
* @param op The operation to be authorized
|
||||
* @return true if the authorization is granted by any rule
|
||||
*/
|
||||
const bool authorize(int uid,
|
||||
int gid,
|
||||
const set<int>& user_groups,
|
||||
const PoolObjectAuth& obj_perms,
|
||||
AuthRequest::Operation op);
|
||||
|
||||
|
@ -18,6 +18,7 @@
|
||||
#define AUTH_REQUEST_H_
|
||||
|
||||
#include <time.h>
|
||||
#include <set>
|
||||
|
||||
#include "ActionManager.h"
|
||||
#include "PoolObjectAuth.h"
|
||||
@ -36,7 +37,7 @@ using namespace std;
|
||||
class AuthRequest : public SyncRequest
|
||||
{
|
||||
public:
|
||||
AuthRequest(int _uid, int _gid): uid(_uid),gid(_gid),self_authorize(true){};
|
||||
AuthRequest(int _uid, set<int> _gids): uid(_uid),gids(_gids),self_authorize(true){};
|
||||
|
||||
~AuthRequest(){};
|
||||
|
||||
@ -158,9 +159,9 @@ private:
|
||||
int uid;
|
||||
|
||||
/**
|
||||
* The user group ID
|
||||
* The user groups ID set
|
||||
*/
|
||||
int gid;
|
||||
set<int> gids;
|
||||
|
||||
/**
|
||||
* Username to authenticate the user
|
||||
|
@ -73,6 +73,8 @@ protected:
|
||||
string uname; /**< name of the user */
|
||||
string gname; /**< name of the user's group */
|
||||
|
||||
set<int> group_ids; /**< set of user's group ids */
|
||||
|
||||
string session; /**< Session from ONE XML-RPC API */
|
||||
int req_id; /**< Request ID for log messages */
|
||||
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include "PoolSQL.h"
|
||||
#include "UserTemplate.h"
|
||||
#include "Quotas.h"
|
||||
#include "ObjectCollection.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
@ -29,7 +30,7 @@ using namespace std;
|
||||
/**
|
||||
* The User class.
|
||||
*/
|
||||
class User : public PoolObjectSQL
|
||||
class User : public PoolObjectSQL, public ObjectCollection
|
||||
{
|
||||
public:
|
||||
|
||||
@ -180,6 +181,47 @@ public:
|
||||
*/
|
||||
int get_umask() const;
|
||||
|
||||
/**
|
||||
* Returns a copy of the groups for the user
|
||||
*/
|
||||
set<int> get_groups()
|
||||
{
|
||||
return get_collection_copy();
|
||||
};
|
||||
|
||||
// *************************************************************************
|
||||
// Group IDs set Management
|
||||
// *************************************************************************
|
||||
|
||||
/**
|
||||
* Adds a group ID to the groups set.
|
||||
*
|
||||
* @param id The new id
|
||||
* @return 0 on success, -1 if the ID was already in the set
|
||||
*/
|
||||
int add_group(int group_id)
|
||||
{
|
||||
return add_collection_id(group_id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes a group ID from the groups set.
|
||||
*
|
||||
* @param id The id
|
||||
* @return 0 on success,
|
||||
* -1 if the ID was not in the set,
|
||||
* -2 if the group to delete is the main group
|
||||
*/
|
||||
int del_group(int group_id)
|
||||
{
|
||||
if( group_id == gid )
|
||||
{
|
||||
return -2;
|
||||
}
|
||||
|
||||
return del_collection_id(group_id);
|
||||
}
|
||||
|
||||
private:
|
||||
// -------------------------------------------------------------------------
|
||||
// Friends
|
||||
@ -310,6 +352,7 @@ protected:
|
||||
const string& _auth_driver,
|
||||
bool _enabled):
|
||||
PoolObjectSQL(id,USER,_uname,-1,_gid,"",_gname,table),
|
||||
ObjectCollection("GROUPS"),
|
||||
quota("/USER/DATASTORE_QUOTA",
|
||||
"/USER/NETWORK_QUOTA",
|
||||
"/USER/IMAGE_QUOTA",
|
||||
|
@ -124,6 +124,7 @@ public:
|
||||
* @param gid of the user if authN succeeded -1 otherwise
|
||||
* @param uname of the user if authN succeeded "" otherwise
|
||||
* @param gname of the group if authN succeeded "" otherwise
|
||||
* @param group_ids the user groups if authN succeeded, is empty otherwise
|
||||
*
|
||||
* @return false if authn failed, true otherwise
|
||||
*/
|
||||
@ -131,7 +132,8 @@ public:
|
||||
int& uid,
|
||||
int& gid,
|
||||
string& uname,
|
||||
string& gname);
|
||||
string& gname,
|
||||
set<int>& group_ids);
|
||||
/**
|
||||
* Returns whether the operations described in a authorization request are
|
||||
* authorized ot not.
|
||||
@ -217,7 +219,8 @@ private:
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname);
|
||||
string& gname,
|
||||
set<int>& group_ids);
|
||||
|
||||
/**
|
||||
* Function to authenticate internal users using a server driver
|
||||
@ -227,18 +230,20 @@ private:
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname);
|
||||
string& gname,
|
||||
set<int>& group_ids);
|
||||
|
||||
|
||||
/**
|
||||
* Function to authenticate external (not known) users
|
||||
*/
|
||||
bool authenticate_external(const string& username,
|
||||
const string& token,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname);
|
||||
bool authenticate_external(const string& username,
|
||||
const string& token,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname,
|
||||
set<int>& group_ids);
|
||||
/**
|
||||
* Factory method to produce User objects
|
||||
* @return a pointer to the new User
|
||||
|
@ -132,7 +132,7 @@ AclManager::~AclManager()
|
||||
|
||||
const bool AclManager::authorize(
|
||||
int uid,
|
||||
int gid,
|
||||
const set<int>& user_groups,
|
||||
const PoolObjectAuth& obj_perms,
|
||||
AuthRequest::Operation op)
|
||||
{
|
||||
@ -280,23 +280,28 @@ const bool AclManager::authorize(
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------
|
||||
// Look for rules that apply to the user's group
|
||||
// Look for rules that apply to each one of the user's groups
|
||||
// ----------------------------------------------------------
|
||||
|
||||
user_req = AclRule::GROUP_ID | gid;
|
||||
auth = match_rules_wrapper(user_req,
|
||||
resource_oid_req,
|
||||
resource_gid_req,
|
||||
resource_cid_req,
|
||||
resource_all_req,
|
||||
rights_req,
|
||||
resource_oid_mask,
|
||||
resource_gid_mask,
|
||||
resource_cid_mask,
|
||||
tmp_rules);
|
||||
if ( auth == true )
|
||||
set<int>::iterator g_it;
|
||||
|
||||
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
|
||||
{
|
||||
return true;
|
||||
user_req = AclRule::GROUP_ID | *g_it;
|
||||
auth = match_rules_wrapper(user_req,
|
||||
resource_oid_req,
|
||||
resource_gid_req,
|
||||
resource_cid_req,
|
||||
resource_all_req,
|
||||
rights_req,
|
||||
resource_oid_mask,
|
||||
resource_gid_mask,
|
||||
resource_cid_mask,
|
||||
tmp_rules);
|
||||
if ( auth == true )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
oss.str("No more rules, permission not granted ");
|
||||
|
@ -67,7 +67,7 @@ void AuthRequest::add_auth(Operation op,
|
||||
|
||||
// Default conditions that grants permission :
|
||||
// User is oneadmin, or is in the oneadmin group
|
||||
if ( uid == 0 || gid == GroupPool::ONEADMIN_ID )
|
||||
if ( uid == 0 || gids.count( GroupPool::ONEADMIN_ID ) == 1 )
|
||||
{
|
||||
auth = true;
|
||||
}
|
||||
@ -76,7 +76,7 @@ void AuthRequest::add_auth(Operation op,
|
||||
Nebula& nd = Nebula::instance();
|
||||
AclManager* aclm = nd.get_aclm();
|
||||
|
||||
auth = aclm->authorize(uid, gid, ob_perms, op);
|
||||
auth = aclm->authorize(uid, gids, ob_perms, op);
|
||||
}
|
||||
|
||||
oss << auth; // Store the ACL authorization result in the request
|
||||
|
@ -40,7 +40,8 @@ void Request::execute(
|
||||
att.uid,
|
||||
att.gid,
|
||||
att.uname,
|
||||
att.gname);
|
||||
att.gname,
|
||||
att.group_ids);
|
||||
|
||||
log_method_invoked(att, _paramList);
|
||||
|
||||
@ -240,7 +241,7 @@ bool Request::basic_authorization(int oid,
|
||||
perms.obj_type = auth_object;
|
||||
}
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(op, perms);
|
||||
|
||||
|
@ -34,7 +34,7 @@ bool RequestManagerAllocate::allocate_authorization(
|
||||
|
||||
string tmpl_str = "";
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
if ( tmpl != 0 )
|
||||
{
|
||||
@ -73,7 +73,7 @@ bool VirtualMachineAllocate::allocate_authorization(
|
||||
return true;
|
||||
}
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
string t64;
|
||||
string aname;
|
||||
|
||||
@ -459,7 +459,7 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params,
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
string tmpl_str;
|
||||
string aname;
|
||||
|
||||
|
@ -108,7 +108,7 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
}
|
||||
}
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(op, perms);
|
||||
|
||||
|
@ -213,7 +213,7 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
rc = get_info(pool, oid, auth_object, att, operms, oname);
|
||||
|
||||
@ -363,7 +363,7 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(auth_op, uperms); // MANAGE USER
|
||||
ar.add_auth(AuthRequest::USE, ngperms); // USE GROUP
|
||||
@ -399,6 +399,9 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
|
||||
user->set_group(ngid,ngname);
|
||||
|
||||
user->add_group(ngid);
|
||||
user->del_group(old_gid);
|
||||
|
||||
upool->update(user);
|
||||
|
||||
user->unlock();
|
||||
|
@ -79,7 +79,7 @@ void RequestManagerClone::request_execute(
|
||||
{
|
||||
string tmpl_str = "";
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(auth_op, perms); //USE OBJECT
|
||||
|
||||
|
@ -70,7 +70,7 @@ void RequestManagerCluster::add_generic(
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
if ( cluster_id != ClusterPool::NONE_CLUSTER_ID )
|
||||
{
|
||||
|
@ -47,7 +47,7 @@ bool RequestManagerDelete::delete_authorization(
|
||||
|
||||
object->unlock();
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(auth_op, perms); // <MANAGE|ADMIN> OBJECT
|
||||
|
||||
|
@ -357,7 +357,7 @@ void ImageClone::request_execute(
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
string tmpl_str;
|
||||
|
||||
// ------------------ Check permissions and ACLs ----------------------
|
||||
|
@ -53,7 +53,7 @@ void RequestManagerRename::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(auth_op, operms); // MANAGE OBJECT
|
||||
|
||||
|
@ -177,7 +177,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
|
||||
|
||||
if ( att.uid != 0 )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(auth_op, perms); //USE TEMPLATE
|
||||
|
||||
|
@ -55,7 +55,7 @@ bool RequestManagerVirtualMachine::vm_authorization(
|
||||
|
||||
object->unlock();
|
||||
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(op, vm_perms);
|
||||
|
||||
|
@ -431,8 +431,14 @@ void Scheduler::match()
|
||||
host_perms.oid = host->get_hid();
|
||||
host_perms.obj_type = PoolObjectSQL::HOST;
|
||||
|
||||
// Even if the owner is in several groups, this request only
|
||||
// uses the VM group ID
|
||||
|
||||
set<int> gids;
|
||||
gids.insert(gid);
|
||||
|
||||
matched = acls->authorize(uid,
|
||||
gid,
|
||||
gids,
|
||||
host_perms,
|
||||
AuthRequest::MANAGE);
|
||||
}
|
||||
|
@ -156,6 +156,9 @@ string& User::to_xml_extended(string& xml, bool extended) const
|
||||
|
||||
string template_xml;
|
||||
string quota_xml;
|
||||
string collection_xml;
|
||||
|
||||
ObjectCollection::to_xml(collection_xml);
|
||||
|
||||
int enabled_int = enabled?1:0;
|
||||
|
||||
@ -163,6 +166,7 @@ string& User::to_xml_extended(string& xml, bool extended) const
|
||||
"<USER>"
|
||||
"<ID>" << oid <<"</ID>" <<
|
||||
"<GID>" << gid <<"</GID>" <<
|
||||
collection_xml <<
|
||||
"<GNAME>" << gname <<"</GNAME>" <<
|
||||
"<NAME>" << name <<"</NAME>" <<
|
||||
"<PASSWORD>" << password <<"</PASSWORD>" <<
|
||||
@ -220,7 +224,22 @@ int User::from_xml(const string& xml)
|
||||
rc += obj_template->from_xml_node(content[0]);
|
||||
|
||||
ObjectXML::free_nodes(content);
|
||||
content.clear();
|
||||
|
||||
ObjectXML::get_nodes("/USER/GROUPS", content);
|
||||
|
||||
if (content.empty())
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
// Set of IDs
|
||||
rc += ObjectCollection::from_xml_node(content[0]);
|
||||
|
||||
ObjectXML::free_nodes(content);
|
||||
content.clear();
|
||||
|
||||
// Quotas
|
||||
rc += quota.from_xml(this);
|
||||
|
||||
if (rc != 0)
|
||||
|
@ -293,6 +293,9 @@ int UserPool::allocate (
|
||||
// Build a new User object
|
||||
user = new User(-1, gid, uname, gname, upass, auth_driver, enabled);
|
||||
|
||||
// Add the primary group to the collection
|
||||
user->add_collection_id(gid);
|
||||
|
||||
// Set a password for the OneGate tokens
|
||||
user->add_template_attribute("TOKEN_PASSWORD", one_util::random_password());
|
||||
|
||||
@ -348,7 +351,8 @@ bool UserPool::authenticate_internal(User * user,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname)
|
||||
string& gname,
|
||||
set<int>& group_ids)
|
||||
{
|
||||
bool result = false;
|
||||
|
||||
@ -367,6 +371,8 @@ bool UserPool::authenticate_internal(User * user,
|
||||
user_id = user->oid;
|
||||
group_id = user->gid;
|
||||
|
||||
group_ids = user->get_groups();
|
||||
|
||||
uname = user->name;
|
||||
gname = user->gname;
|
||||
|
||||
@ -381,7 +387,7 @@ bool UserPool::authenticate_internal(User * user,
|
||||
return true;
|
||||
}
|
||||
|
||||
AuthRequest ar(user_id, group_id);
|
||||
AuthRequest ar(user_id, group_ids);
|
||||
|
||||
if ( auth_driver == UserPool::CORE_AUTH )
|
||||
{
|
||||
@ -459,7 +465,8 @@ bool UserPool::authenticate_server(User * user,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname)
|
||||
string& gname,
|
||||
set<int>& group_ids)
|
||||
{
|
||||
bool result = false;
|
||||
|
||||
@ -480,7 +487,7 @@ bool UserPool::authenticate_server(User * user,
|
||||
|
||||
auth_driver = user->auth_driver;
|
||||
|
||||
AuthRequest ar(user->oid, user->gid);
|
||||
AuthRequest ar(user->oid, user->get_groups());
|
||||
|
||||
user->unlock();
|
||||
|
||||
@ -502,6 +509,8 @@ bool UserPool::authenticate_server(User * user,
|
||||
user_id = user->oid;
|
||||
group_id = user->gid;
|
||||
|
||||
group_ids = user->get_groups();
|
||||
|
||||
uname = user->name;
|
||||
gname = user->gname;
|
||||
|
||||
@ -580,12 +589,13 @@ auth_failure:
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool UserPool::authenticate_external(const string& username,
|
||||
const string& token,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname)
|
||||
bool UserPool::authenticate_external(const string& username,
|
||||
const string& token,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname,
|
||||
set<int>& group_ids)
|
||||
{
|
||||
ostringstream oss;
|
||||
istringstream is;
|
||||
@ -598,7 +608,9 @@ bool UserPool::authenticate_external(const string& username,
|
||||
Nebula& nd = Nebula::instance();
|
||||
AuthManager * authm = nd.get_authm();
|
||||
|
||||
AuthRequest ar(-1,-1);
|
||||
set<int> empty_set;
|
||||
|
||||
AuthRequest ar(-1,empty_set);
|
||||
|
||||
if (authm == 0)
|
||||
{
|
||||
@ -653,6 +665,7 @@ bool UserPool::authenticate_external(const string& username,
|
||||
}
|
||||
|
||||
group_id = GroupPool::USERS_ID;
|
||||
group_ids.insert( GroupPool::USERS_ID );
|
||||
|
||||
uname = mad_name;
|
||||
gname = GroupPool::USERS_NAME;
|
||||
@ -694,7 +707,8 @@ bool UserPool::authenticate(const string& session,
|
||||
int& user_id,
|
||||
int& group_id,
|
||||
string& uname,
|
||||
string& gname)
|
||||
string& gname,
|
||||
set<int>& group_ids)
|
||||
{
|
||||
User * user = 0;
|
||||
string username;
|
||||
@ -718,16 +732,16 @@ bool UserPool::authenticate(const string& session,
|
||||
|
||||
if ( fnmatch(UserPool::SERVER_AUTH, driver.c_str(), 0) == 0 )
|
||||
{
|
||||
ar = authenticate_server(user,token,user_id,group_id,uname,gname);
|
||||
ar = authenticate_server(user,token,user_id,group_id,uname,gname,group_ids);
|
||||
}
|
||||
else
|
||||
{
|
||||
ar = authenticate_internal(user,token,user_id,group_id,uname,gname);
|
||||
ar = authenticate_internal(user,token,user_id,group_id,uname,gname,group_ids);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ar = authenticate_external(username,token,user_id,group_id,uname,gname);
|
||||
ar = authenticate_external(username,token,user_id,group_id,uname,gname,group_ids);
|
||||
}
|
||||
|
||||
return ar;
|
||||
|
@ -1,8 +1,8 @@
|
||||
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
|
||||
/* A Bison parser, made by GNU Bison 2.5. */
|
||||
|
||||
/* Bison implementation for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
|
||||
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -44,7 +44,7 @@
|
||||
#define YYBISON 1
|
||||
|
||||
/* Bison version. */
|
||||
#define YYBISON_VERSION "2.7.12-4996"
|
||||
#define YYBISON_VERSION "2.5"
|
||||
|
||||
/* Skeleton name. */
|
||||
#define YYSKELETON_NAME "yacc.c"
|
||||
@ -58,6 +58,8 @@
|
||||
/* Pull parsers. */
|
||||
#define YYPULL 1
|
||||
|
||||
/* Using locations. */
|
||||
#define YYLSP_NEEDED 1
|
||||
|
||||
/* Substitute the variable and function names. */
|
||||
#define yyparse vm_file_var__parse
|
||||
@ -70,7 +72,8 @@
|
||||
#define yylloc vm_file_var__lloc
|
||||
|
||||
/* Copy the first part of user declarations. */
|
||||
/* Line 371 of yacc.c */
|
||||
|
||||
/* Line 268 of yacc.c */
|
||||
#line 17 "vm_file_var_syntax.y"
|
||||
|
||||
#include <iostream>
|
||||
@ -145,7 +148,9 @@ int get_image_path(VirtualMachine * vm,
|
||||
Nebula& nd = Nebula::instance();
|
||||
|
||||
ImagePool * ipool = nd.get_ipool();
|
||||
UserPool * upool = nd.get_upool();
|
||||
Image * img = 0;
|
||||
User * user = 0;
|
||||
int iid = -1;
|
||||
|
||||
PoolObjectAuth perm;
|
||||
@ -218,7 +223,17 @@ int get_image_path(VirtualMachine * vm,
|
||||
|
||||
img->unlock();
|
||||
|
||||
AuthRequest ar(vm->get_uid(), vm->get_gid());
|
||||
set<int> gids;
|
||||
|
||||
user = upool->get(vm->get_uid(), true);
|
||||
|
||||
if (user != 0)
|
||||
{
|
||||
gids = user->get_groups();
|
||||
user->unlock();
|
||||
}
|
||||
|
||||
AuthRequest ar(vm->get_uid(), gids);
|
||||
|
||||
ar.add_auth(AuthRequest::USE, perm);
|
||||
|
||||
@ -237,16 +252,14 @@ int get_image_path(VirtualMachine * vm,
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
|
||||
/* Line 371 of yacc.c */
|
||||
#line 242 "vm_file_var_syntax.cc"
|
||||
|
||||
# ifndef YY_NULL
|
||||
# if defined __cplusplus && 201103L <= __cplusplus
|
||||
# define YY_NULL nullptr
|
||||
# else
|
||||
# define YY_NULL 0
|
||||
# endif
|
||||
# endif
|
||||
/* Line 268 of yacc.c */
|
||||
#line 258 "vm_file_var_syntax.cc"
|
||||
|
||||
/* Enabling traces. */
|
||||
#ifndef YYDEBUG
|
||||
# define YYDEBUG 0
|
||||
#endif
|
||||
|
||||
/* Enabling verbose error messages. */
|
||||
#ifdef YYERROR_VERBOSE
|
||||
@ -256,18 +269,12 @@ int get_image_path(VirtualMachine * vm,
|
||||
# define YYERROR_VERBOSE 0
|
||||
#endif
|
||||
|
||||
/* In a future release of Bison, this section will be replaced
|
||||
by #include "vm_file_var_syntax.hh". */
|
||||
#ifndef YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
|
||||
# define YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
|
||||
/* Enabling traces. */
|
||||
#ifndef YYDEBUG
|
||||
# define YYDEBUG 0
|
||||
#endif
|
||||
#if YYDEBUG
|
||||
extern int vm_file_var__debug;
|
||||
/* Enabling the token table. */
|
||||
#ifndef YYTOKEN_TABLE
|
||||
# define YYTOKEN_TABLE 0
|
||||
#endif
|
||||
|
||||
|
||||
/* Tokens. */
|
||||
#ifndef YYTOKENTYPE
|
||||
# define YYTOKENTYPE
|
||||
@ -287,19 +294,22 @@ extern int vm_file_var__debug;
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
typedef union YYSTYPE
|
||||
{
|
||||
/* Line 387 of yacc.c */
|
||||
#line 190 "vm_file_var_syntax.y"
|
||||
|
||||
/* Line 293 of yacc.c */
|
||||
#line 202 "vm_file_var_syntax.y"
|
||||
|
||||
char * val_str;
|
||||
int val_int;
|
||||
char val_char;
|
||||
|
||||
|
||||
/* Line 387 of yacc.c */
|
||||
#line 303 "vm_file_var_syntax.cc"
|
||||
|
||||
/* Line 293 of yacc.c */
|
||||
#line 313 "vm_file_var_syntax.cc"
|
||||
} YYSTYPE;
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
@ -320,26 +330,11 @@ typedef struct YYLTYPE
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef YYPARSE_PARAM
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int vm_file_var__parse (void *YYPARSE_PARAM);
|
||||
#else
|
||||
int vm_file_var__parse ();
|
||||
#endif
|
||||
#else /* ! YYPARSE_PARAM */
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int vm_file_var__parse (mem_collector * mc, VirtualMachine * vm, vector<int> * img_ids, char ** errmsg);
|
||||
#else
|
||||
int vm_file_var__parse ();
|
||||
#endif
|
||||
#endif /* ! YYPARSE_PARAM */
|
||||
|
||||
#endif /* !YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED */
|
||||
|
||||
/* Copy the second part of user declarations. */
|
||||
|
||||
/* Line 390 of yacc.c */
|
||||
#line 343 "vm_file_var_syntax.cc"
|
||||
|
||||
/* Line 343 of yacc.c */
|
||||
#line 338 "vm_file_var_syntax.cc"
|
||||
|
||||
#ifdef short
|
||||
# undef short
|
||||
@ -392,33 +387,24 @@ typedef short int yytype_int16;
|
||||
# if defined YYENABLE_NLS && YYENABLE_NLS
|
||||
# if ENABLE_NLS
|
||||
# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
|
||||
# define YY_(Msgid) dgettext ("bison-runtime", Msgid)
|
||||
# define YY_(msgid) dgettext ("bison-runtime", msgid)
|
||||
# endif
|
||||
# endif
|
||||
# ifndef YY_
|
||||
# define YY_(Msgid) Msgid
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef __attribute__
|
||||
/* This feature is available in gcc versions 2.5 and later. */
|
||||
# if (! defined __GNUC__ || __GNUC__ < 2 \
|
||||
|| (__GNUC__ == 2 && __GNUC_MINOR__ < 5))
|
||||
# define __attribute__(Spec) /* empty */
|
||||
# define YY_(msgid) msgid
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* Suppress unused-variable warnings by "using" E. */
|
||||
#if ! defined lint || defined __GNUC__
|
||||
# define YYUSE(E) ((void) (E))
|
||||
# define YYUSE(e) ((void) (e))
|
||||
#else
|
||||
# define YYUSE(E) /* empty */
|
||||
# define YYUSE(e) /* empty */
|
||||
#endif
|
||||
|
||||
|
||||
/* Identity function, used to suppress warnings about constant conditions. */
|
||||
#ifndef lint
|
||||
# define YYID(N) (N)
|
||||
# define YYID(n) (n)
|
||||
#else
|
||||
#if (defined __STDC__ || defined __C99__FUNC__ \
|
||||
|| defined __cplusplus || defined _MSC_VER)
|
||||
@ -454,7 +440,6 @@ YYID (yyi)
|
||||
# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
|
||||
|| defined __cplusplus || defined _MSC_VER)
|
||||
# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
|
||||
/* Use EXIT_SUCCESS as a witness for stdlib.h. */
|
||||
# ifndef EXIT_SUCCESS
|
||||
# define EXIT_SUCCESS 0
|
||||
# endif
|
||||
@ -548,20 +533,20 @@ union yyalloc
|
||||
#endif
|
||||
|
||||
#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
|
||||
/* Copy COUNT objects from SRC to DST. The source and destination do
|
||||
/* Copy COUNT objects from FROM to TO. The source and destination do
|
||||
not overlap. */
|
||||
# ifndef YYCOPY
|
||||
# if defined __GNUC__ && 1 < __GNUC__
|
||||
# define YYCOPY(Dst, Src, Count) \
|
||||
__builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
|
||||
# define YYCOPY(To, From, Count) \
|
||||
__builtin_memcpy (To, From, (Count) * sizeof (*(From)))
|
||||
# else
|
||||
# define YYCOPY(Dst, Src, Count) \
|
||||
do \
|
||||
{ \
|
||||
YYSIZE_T yyi; \
|
||||
for (yyi = 0; yyi < (Count); yyi++) \
|
||||
(Dst)[yyi] = (Src)[yyi]; \
|
||||
} \
|
||||
# define YYCOPY(To, From, Count) \
|
||||
do \
|
||||
{ \
|
||||
YYSIZE_T yyi; \
|
||||
for (yyi = 0; yyi < (Count); yyi++) \
|
||||
(To)[yyi] = (From)[yyi]; \
|
||||
} \
|
||||
while (YYID (0))
|
||||
# endif
|
||||
# endif
|
||||
@ -639,18 +624,18 @@ static const yytype_int8 yyrhs[] =
|
||||
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
|
||||
static const yytype_uint8 yyrline[] =
|
||||
{
|
||||
0, 214, 214, 215, 219, 237
|
||||
0, 226, 226, 227, 231, 249
|
||||
};
|
||||
#endif
|
||||
|
||||
#if YYDEBUG || YYERROR_VERBOSE || 0
|
||||
#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
|
||||
/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
|
||||
First, the terminals, then, starting at YYNTOKENS, nonterminals. */
|
||||
static const char *const yytname[] =
|
||||
{
|
||||
"$end", "error", "$undefined", "EQUAL", "COMMA", "OBRACKET", "CBRACKET",
|
||||
"EOA", "STRING", "VARIABLE", "RSTRING", "INTEGER", "$accept",
|
||||
"vm_string", "vm_variable", YY_NULL
|
||||
"vm_string", "vm_variable", 0
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -716,10 +701,10 @@ static const yytype_uint8 yytable[] =
|
||||
9, 14, 15, 16, 6, 0, 17
|
||||
};
|
||||
|
||||
#define yypact_value_is_default(Yystate) \
|
||||
(!!((Yystate) == (-8)))
|
||||
#define yypact_value_is_default(yystate) \
|
||||
((yystate) == (-8))
|
||||
|
||||
#define yytable_value_is_error(Yytable_value) \
|
||||
#define yytable_value_is_error(yytable_value) \
|
||||
YYID (0)
|
||||
|
||||
static const yytype_int8 yycheck[] =
|
||||
@ -763,24 +748,23 @@ static const yytype_uint8 yystos[] =
|
||||
|
||||
#define YYRECOVERING() (!!yyerrstatus)
|
||||
|
||||
#define YYBACKUP(Token, Value) \
|
||||
do \
|
||||
if (yychar == YYEMPTY) \
|
||||
{ \
|
||||
yychar = (Token); \
|
||||
yylval = (Value); \
|
||||
YYPOPSTACK (yylen); \
|
||||
yystate = *yyssp; \
|
||||
goto yybackup; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
#define YYBACKUP(Token, Value) \
|
||||
do \
|
||||
if (yychar == YYEMPTY && yylen == 1) \
|
||||
{ \
|
||||
yychar = (Token); \
|
||||
yylval = (Value); \
|
||||
YYPOPSTACK (1); \
|
||||
goto yybackup; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
yyerror (&yylloc, mc, vm, img_ids, errmsg, YY_("syntax error: cannot back up")); \
|
||||
YYERROR; \
|
||||
} \
|
||||
while (YYID (0))
|
||||
|
||||
/* Error token number */
|
||||
|
||||
#define YYTERROR 1
|
||||
#define YYERRCODE 256
|
||||
|
||||
@ -789,28 +773,27 @@ while (YYID (0))
|
||||
If N is 0, then set CURRENT to the empty location which ends
|
||||
the previous symbol: RHS[0] (always defined). */
|
||||
|
||||
#define YYRHSLOC(Rhs, K) ((Rhs)[K])
|
||||
#ifndef YYLLOC_DEFAULT
|
||||
# define YYLLOC_DEFAULT(Current, Rhs, N) \
|
||||
do \
|
||||
if (YYID (N)) \
|
||||
{ \
|
||||
(Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
|
||||
(Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
|
||||
(Current).last_line = YYRHSLOC (Rhs, N).last_line; \
|
||||
(Current).last_column = YYRHSLOC (Rhs, N).last_column; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
(Current).first_line = (Current).last_line = \
|
||||
YYRHSLOC (Rhs, 0).last_line; \
|
||||
(Current).first_column = (Current).last_column = \
|
||||
YYRHSLOC (Rhs, 0).last_column; \
|
||||
} \
|
||||
# define YYLLOC_DEFAULT(Current, Rhs, N) \
|
||||
do \
|
||||
if (YYID (N)) \
|
||||
{ \
|
||||
(Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
|
||||
(Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
|
||||
(Current).last_line = YYRHSLOC (Rhs, N).last_line; \
|
||||
(Current).last_column = YYRHSLOC (Rhs, N).last_column; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
(Current).first_line = (Current).last_line = \
|
||||
YYRHSLOC (Rhs, 0).last_line; \
|
||||
(Current).first_column = (Current).last_column = \
|
||||
YYRHSLOC (Rhs, 0).last_column; \
|
||||
} \
|
||||
while (YYID (0))
|
||||
#endif
|
||||
|
||||
#define YYRHSLOC(Rhs, K) ((Rhs)[K])
|
||||
|
||||
|
||||
/* YY_LOCATION_PRINT -- Print the location on the stream.
|
||||
This macro was not mandated originally: define only if we know
|
||||
@ -818,46 +801,10 @@ while (YYID (0))
|
||||
|
||||
#ifndef YY_LOCATION_PRINT
|
||||
# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
|
||||
|
||||
/* Print *YYLOCP on YYO. Private, do not rely on its existence. */
|
||||
|
||||
__attribute__((__unused__))
|
||||
#if (defined __STDC__ || defined __C99__FUNC__ \
|
||||
|| defined __cplusplus || defined _MSC_VER)
|
||||
static unsigned
|
||||
yy_location_print_ (FILE *yyo, YYLTYPE const * const yylocp)
|
||||
#else
|
||||
static unsigned
|
||||
yy_location_print_ (yyo, yylocp)
|
||||
FILE *yyo;
|
||||
YYLTYPE const * const yylocp;
|
||||
#endif
|
||||
{
|
||||
unsigned res = 0;
|
||||
int end_col = 0 != yylocp->last_column ? yylocp->last_column - 1 : 0;
|
||||
if (0 <= yylocp->first_line)
|
||||
{
|
||||
res += fprintf (yyo, "%d", yylocp->first_line);
|
||||
if (0 <= yylocp->first_column)
|
||||
res += fprintf (yyo, ".%d", yylocp->first_column);
|
||||
}
|
||||
if (0 <= yylocp->last_line)
|
||||
{
|
||||
if (yylocp->first_line < yylocp->last_line)
|
||||
{
|
||||
res += fprintf (yyo, "-%d", yylocp->last_line);
|
||||
if (0 <= end_col)
|
||||
res += fprintf (yyo, ".%d", end_col);
|
||||
}
|
||||
else if (0 <= end_col && yylocp->first_column < end_col)
|
||||
res += fprintf (yyo, "-%d", end_col);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
# define YY_LOCATION_PRINT(File, Loc) \
|
||||
yy_location_print_ (File, &(Loc))
|
||||
|
||||
# define YY_LOCATION_PRINT(File, Loc) \
|
||||
fprintf (File, "%d.%d-%d.%d", \
|
||||
(Loc).first_line, (Loc).first_column, \
|
||||
(Loc).last_line, (Loc).last_column)
|
||||
# else
|
||||
# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
|
||||
# endif
|
||||
@ -865,6 +812,7 @@ yy_location_print_ (yyo, yylocp)
|
||||
|
||||
|
||||
/* YYLEX -- calling `yylex' with the right arguments. */
|
||||
|
||||
#ifdef YYLEX_PARAM
|
||||
# define YYLEX yylex (&yylval, &yylloc, YYLEX_PARAM)
|
||||
#else
|
||||
@ -919,8 +867,6 @@ yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp, mc, vm, img_ids,
|
||||
char ** errmsg;
|
||||
#endif
|
||||
{
|
||||
FILE *yyo = yyoutput;
|
||||
YYUSE (yyo);
|
||||
if (!yyvaluep)
|
||||
return;
|
||||
YYUSE (yylocationp);
|
||||
@ -934,7 +880,11 @@ yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp, mc, vm, img_ids,
|
||||
# else
|
||||
YYUSE (yyoutput);
|
||||
# endif
|
||||
YYUSE (yytype);
|
||||
switch (yytype)
|
||||
{
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1185,11 +1135,12 @@ static int
|
||||
yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
|
||||
yytype_int16 *yyssp, int yytoken)
|
||||
{
|
||||
YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
|
||||
YYSIZE_T yysize0 = yytnamerr (0, yytname[yytoken]);
|
||||
YYSIZE_T yysize = yysize0;
|
||||
YYSIZE_T yysize1;
|
||||
enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
|
||||
/* Internationalized format string. */
|
||||
const char *yyformat = YY_NULL;
|
||||
const char *yyformat = 0;
|
||||
/* Arguments of yyformat. */
|
||||
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
|
||||
/* Number of reported tokens (one for the "unexpected", one per
|
||||
@ -1249,13 +1200,11 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
|
||||
break;
|
||||
}
|
||||
yyarg[yycount++] = yytname[yyx];
|
||||
{
|
||||
YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
|
||||
if (! (yysize <= yysize1
|
||||
&& yysize1 <= YYSTACK_ALLOC_MAXIMUM))
|
||||
return 2;
|
||||
yysize = yysize1;
|
||||
}
|
||||
yysize1 = yysize + yytnamerr (0, yytname[yyx]);
|
||||
if (! (yysize <= yysize1
|
||||
&& yysize1 <= YYSTACK_ALLOC_MAXIMUM))
|
||||
return 2;
|
||||
yysize = yysize1;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1275,12 +1224,10 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
|
||||
# undef YYCASE_
|
||||
}
|
||||
|
||||
{
|
||||
YYSIZE_T yysize1 = yysize + yystrlen (yyformat);
|
||||
if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
|
||||
return 2;
|
||||
yysize = yysize1;
|
||||
}
|
||||
yysize1 = yysize + yystrlen (yyformat);
|
||||
if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
|
||||
return 2;
|
||||
yysize = yysize1;
|
||||
|
||||
if (*yymsg_alloc < yysize)
|
||||
{
|
||||
@ -1346,10 +1293,29 @@ yydestruct (yymsg, yytype, yyvaluep, yylocationp, mc, vm, img_ids, errmsg)
|
||||
yymsg = "Deleting";
|
||||
YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
|
||||
|
||||
YYUSE (yytype);
|
||||
switch (yytype)
|
||||
{
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Prevent warnings from -Wmissing-prototypes. */
|
||||
#ifdef YYPARSE_PARAM
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void *YYPARSE_PARAM);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#else /* ! YYPARSE_PARAM */
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (mem_collector * mc, VirtualMachine * vm, vector<int> * img_ids, char ** errmsg);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#endif /* ! YYPARSE_PARAM */
|
||||
|
||||
|
||||
/*----------.
|
||||
@ -1384,40 +1350,11 @@ yyparse (mc, vm, img_ids, errmsg)
|
||||
/* The lookahead symbol. */
|
||||
int yychar;
|
||||
|
||||
|
||||
#if defined __GNUC__ && 407 <= __GNUC__ * 100 + __GNUC_MINOR__
|
||||
/* Suppress an incorrect diagnostic about yylval being uninitialized. */
|
||||
# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \
|
||||
_Pragma ("GCC diagnostic push") \
|
||||
_Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")\
|
||||
_Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
|
||||
# define YY_IGNORE_MAYBE_UNINITIALIZED_END \
|
||||
_Pragma ("GCC diagnostic pop")
|
||||
#else
|
||||
/* Default value used for initialization, for pacifying older GCCs
|
||||
or non-GCC compilers. */
|
||||
static YYSTYPE yyval_default;
|
||||
# define YY_INITIAL_VALUE(Value) = Value
|
||||
#endif
|
||||
static YYLTYPE yyloc_default
|
||||
# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
|
||||
= { 1, 1, 1, 1 }
|
||||
# endif
|
||||
;
|
||||
#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
|
||||
# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
|
||||
# define YY_IGNORE_MAYBE_UNINITIALIZED_END
|
||||
#endif
|
||||
#ifndef YY_INITIAL_VALUE
|
||||
# define YY_INITIAL_VALUE(Value) /* Nothing. */
|
||||
#endif
|
||||
|
||||
/* The semantic value of the lookahead symbol. */
|
||||
YYSTYPE yylval YY_INITIAL_VALUE(yyval_default);
|
||||
YYSTYPE yylval;
|
||||
|
||||
/* Location data for the lookahead symbol. */
|
||||
YYLTYPE yylloc = yyloc_default;
|
||||
|
||||
YYLTYPE yylloc;
|
||||
|
||||
/* Number of syntax errors so far. */
|
||||
int yynerrs;
|
||||
@ -1431,7 +1368,7 @@ YYLTYPE yylloc = yyloc_default;
|
||||
`yyvs': related to semantic values.
|
||||
`yyls': related to locations.
|
||||
|
||||
Refer to the stacks through separate pointers, to allow yyoverflow
|
||||
Refer to the stacks thru separate pointers, to allow yyoverflow
|
||||
to reallocate them elsewhere. */
|
||||
|
||||
/* The state stack. */
|
||||
@ -1457,7 +1394,7 @@ YYLTYPE yylloc = yyloc_default;
|
||||
int yyn;
|
||||
int yyresult;
|
||||
/* Lookahead token as an internal (translated) token number. */
|
||||
int yytoken = 0;
|
||||
int yytoken;
|
||||
/* The variables used to return semantic value and location from the
|
||||
action routines. */
|
||||
YYSTYPE yyval;
|
||||
@ -1476,9 +1413,10 @@ YYLTYPE yylloc = yyloc_default;
|
||||
Keep to zero when no symbol should be popped. */
|
||||
int yylen = 0;
|
||||
|
||||
yyssp = yyss = yyssa;
|
||||
yyvsp = yyvs = yyvsa;
|
||||
yylsp = yyls = yylsa;
|
||||
yytoken = 0;
|
||||
yyss = yyssa;
|
||||
yyvs = yyvsa;
|
||||
yyls = yylsa;
|
||||
yystacksize = YYINITDEPTH;
|
||||
|
||||
YYDPRINTF ((stderr, "Starting parse\n"));
|
||||
@ -1487,7 +1425,21 @@ YYLTYPE yylloc = yyloc_default;
|
||||
yyerrstatus = 0;
|
||||
yynerrs = 0;
|
||||
yychar = YYEMPTY; /* Cause a token to be read. */
|
||||
yylsp[0] = yylloc;
|
||||
|
||||
/* Initialize stack pointers.
|
||||
Waste one element of value and location stack
|
||||
so that they stay on the same level as the state stack.
|
||||
The wasted elements are never initialized. */
|
||||
yyssp = yyss;
|
||||
yyvsp = yyvs;
|
||||
yylsp = yyls;
|
||||
|
||||
#if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
|
||||
/* Initialize the default location before parsing starts. */
|
||||
yylloc.first_line = yylloc.last_line = 1;
|
||||
yylloc.first_column = yylloc.last_column = 1;
|
||||
#endif
|
||||
|
||||
goto yysetstate;
|
||||
|
||||
/*------------------------------------------------------------.
|
||||
@ -1633,9 +1585,7 @@ yybackup:
|
||||
yychar = YYEMPTY;
|
||||
|
||||
yystate = yyn;
|
||||
YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
|
||||
*++yyvsp = yylval;
|
||||
YY_IGNORE_MAYBE_UNINITIALIZED_END
|
||||
*++yylsp = yylloc;
|
||||
goto yynewstate;
|
||||
|
||||
@ -1673,8 +1623,9 @@ yyreduce:
|
||||
switch (yyn)
|
||||
{
|
||||
case 4:
|
||||
/* Line 1787 of yacc.c */
|
||||
#line 220 "vm_file_var_syntax.y"
|
||||
|
||||
/* Line 1806 of yacc.c */
|
||||
#line 232 "vm_file_var_syntax.y"
|
||||
{
|
||||
string file((yyvsp[(1) - (7)].val_str));
|
||||
string var1((yyvsp[(3) - (7)].val_str));
|
||||
@ -1695,8 +1646,9 @@ yyreduce:
|
||||
break;
|
||||
|
||||
case 5:
|
||||
/* Line 1787 of yacc.c */
|
||||
#line 238 "vm_file_var_syntax.y"
|
||||
|
||||
/* Line 1806 of yacc.c */
|
||||
#line 250 "vm_file_var_syntax.y"
|
||||
{
|
||||
string file((yyvsp[(1) - (11)].val_str));
|
||||
string var1((yyvsp[(3) - (11)].val_str));
|
||||
@ -1720,8 +1672,9 @@ yyreduce:
|
||||
break;
|
||||
|
||||
|
||||
/* Line 1787 of yacc.c */
|
||||
#line 1725 "vm_file_var_syntax.cc"
|
||||
|
||||
/* Line 1806 of yacc.c */
|
||||
#line 1678 "vm_file_var_syntax.cc"
|
||||
default: break;
|
||||
}
|
||||
/* User semantic actions sometimes alter yychar, and that requires
|
||||
@ -1886,9 +1839,7 @@ yyerrlab1:
|
||||
YY_STACK_PRINT (yyss, yyssp);
|
||||
}
|
||||
|
||||
YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
|
||||
*++yyvsp = yylval;
|
||||
YY_IGNORE_MAYBE_UNINITIALIZED_END
|
||||
|
||||
yyerror_range[2] = yylloc;
|
||||
/* Using YYLLOC is tempting, but would change the location of
|
||||
@ -1917,7 +1868,7 @@ yyabortlab:
|
||||
yyresult = 1;
|
||||
goto yyreturn;
|
||||
|
||||
#if !defined yyoverflow || YYERROR_VERBOSE
|
||||
#if !defined(yyoverflow) || YYERROR_VERBOSE
|
||||
/*-------------------------------------------------.
|
||||
| yyexhaustedlab -- memory exhaustion comes here. |
|
||||
`-------------------------------------------------*/
|
||||
@ -1959,8 +1910,9 @@ yyreturn:
|
||||
}
|
||||
|
||||
|
||||
/* Line 2050 of yacc.c */
|
||||
#line 259 "vm_file_var_syntax.y"
|
||||
|
||||
/* Line 2067 of yacc.c */
|
||||
#line 271 "vm_file_var_syntax.y"
|
||||
|
||||
|
||||
extern "C" void vm_file_var__error(
|
||||
@ -1988,3 +1940,4 @@ extern "C" void vm_file_var__error(
|
||||
llocp->last_column);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
|
||||
/* A Bison parser, made by GNU Bison 2.5. */
|
||||
|
||||
/* Bison interface for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
|
||||
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -30,15 +30,6 @@
|
||||
This special exception was added by the Free Software Foundation in
|
||||
version 2.2 of Bison. */
|
||||
|
||||
#ifndef YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
|
||||
# define YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
|
||||
/* Enabling traces. */
|
||||
#ifndef YYDEBUG
|
||||
# define YYDEBUG 0
|
||||
#endif
|
||||
#if YYDEBUG
|
||||
extern int vm_file_var__debug;
|
||||
#endif
|
||||
|
||||
/* Tokens. */
|
||||
#ifndef YYTOKENTYPE
|
||||
@ -59,25 +50,30 @@ extern int vm_file_var__debug;
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
typedef union YYSTYPE
|
||||
{
|
||||
/* Line 2053 of yacc.c */
|
||||
#line 190 "vm_file_var_syntax.y"
|
||||
|
||||
/* Line 2068 of yacc.c */
|
||||
#line 202 "vm_file_var_syntax.y"
|
||||
|
||||
char * val_str;
|
||||
int val_int;
|
||||
char val_char;
|
||||
|
||||
|
||||
/* Line 2053 of yacc.c */
|
||||
#line 75 "vm_file_var_syntax.hh"
|
||||
|
||||
/* Line 2068 of yacc.c */
|
||||
#line 69 "vm_file_var_syntax.hh"
|
||||
} YYSTYPE;
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
# define YYSTYPE_IS_DECLARED 1
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
|
||||
typedef struct YYLTYPE
|
||||
{
|
||||
@ -91,4 +87,5 @@ typedef struct YYLTYPE
|
||||
# define YYLTYPE_IS_TRIVIAL 1
|
||||
#endif
|
||||
|
||||
#endif /* !YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED */
|
||||
|
||||
|
||||
|
@ -87,7 +87,9 @@ int get_image_path(VirtualMachine * vm,
|
||||
Nebula& nd = Nebula::instance();
|
||||
|
||||
ImagePool * ipool = nd.get_ipool();
|
||||
UserPool * upool = nd.get_upool();
|
||||
Image * img = 0;
|
||||
User * user = 0;
|
||||
int iid = -1;
|
||||
|
||||
PoolObjectAuth perm;
|
||||
@ -160,7 +162,17 @@ int get_image_path(VirtualMachine * vm,
|
||||
|
||||
img->unlock();
|
||||
|
||||
AuthRequest ar(vm->get_uid(), vm->get_gid());
|
||||
set<int> gids;
|
||||
|
||||
user = upool->get(vm->get_uid(), true);
|
||||
|
||||
if (user != 0)
|
||||
{
|
||||
gids = user->get_groups();
|
||||
user->unlock();
|
||||
}
|
||||
|
||||
AuthRequest ar(vm->get_uid(), gids);
|
||||
|
||||
ar.add_auth(AuthRequest::USE, perm);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user