1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-11 05:17:41 +03:00

Feature #1742: Add a set of group IDs to Users

This commit is contained in:
Carlos Martín 2013-08-23 12:39:14 +02:00
parent 990092271c
commit 7bfb930292
24 changed files with 358 additions and 297 deletions

View File

@ -58,13 +58,13 @@ public:
* authorizes the operation.
*
* @param uid The user ID requesting to be authorized
* @param gid Group ID of the user
* @param user_groups Set of group IDs that the user is part of
* @param obj_perms The object's permission attributes
* @param op The operation to be authorized
* @return true if the authorization is granted by any rule
*/
const bool authorize(int uid,
int gid,
const set<int>& user_groups,
const PoolObjectAuth& obj_perms,
AuthRequest::Operation op);

View File

@ -18,6 +18,7 @@
#define AUTH_REQUEST_H_
#include <time.h>
#include <set>
#include "ActionManager.h"
#include "PoolObjectAuth.h"
@ -36,7 +37,7 @@ using namespace std;
class AuthRequest : public SyncRequest
{
public:
AuthRequest(int _uid, int _gid): uid(_uid),gid(_gid),self_authorize(true){};
AuthRequest(int _uid, set<int> _gids): uid(_uid),gids(_gids),self_authorize(true){};
~AuthRequest(){};
@ -158,9 +159,9 @@ private:
int uid;
/**
* The user group ID
* The user groups ID set
*/
int gid;
set<int> gids;
/**
* Username to authenticate the user

View File

@ -73,6 +73,8 @@ protected:
string uname; /**< name of the user */
string gname; /**< name of the user's group */
set<int> group_ids; /**< set of user's group ids */
string session; /**< Session from ONE XML-RPC API */
int req_id; /**< Request ID for log messages */

View File

@ -20,6 +20,7 @@
#include "PoolSQL.h"
#include "UserTemplate.h"
#include "Quotas.h"
#include "ObjectCollection.h"
using namespace std;
@ -29,7 +30,7 @@ using namespace std;
/**
* The User class.
*/
class User : public PoolObjectSQL
class User : public PoolObjectSQL, public ObjectCollection
{
public:
@ -180,6 +181,47 @@ public:
*/
int get_umask() const;
/**
* Returns a copy of the groups for the user
*/
set<int> get_groups()
{
return get_collection_copy();
};
// *************************************************************************
// Group IDs set Management
// *************************************************************************
/**
* Adds a group ID to the groups set.
*
* @param id The new id
* @return 0 on success, -1 if the ID was already in the set
*/
int add_group(int group_id)
{
return add_collection_id(group_id);
}
/**
* Deletes a group ID from the groups set.
*
* @param id The id
* @return 0 on success,
* -1 if the ID was not in the set,
* -2 if the group to delete is the main group
*/
int del_group(int group_id)
{
if( group_id == gid )
{
return -2;
}
return del_collection_id(group_id);
}
private:
// -------------------------------------------------------------------------
// Friends
@ -310,6 +352,7 @@ protected:
const string& _auth_driver,
bool _enabled):
PoolObjectSQL(id,USER,_uname,-1,_gid,"",_gname,table),
ObjectCollection("GROUPS"),
quota("/USER/DATASTORE_QUOTA",
"/USER/NETWORK_QUOTA",
"/USER/IMAGE_QUOTA",

View File

@ -124,6 +124,7 @@ public:
* @param gid of the user if authN succeeded -1 otherwise
* @param uname of the user if authN succeeded "" otherwise
* @param gname of the group if authN succeeded "" otherwise
* @param group_ids the user groups if authN succeeded, is empty otherwise
*
* @return false if authn failed, true otherwise
*/
@ -131,7 +132,8 @@ public:
int& uid,
int& gid,
string& uname,
string& gname);
string& gname,
set<int>& group_ids);
/**
* Returns whether the operations described in a authorization request are
* authorized ot not.
@ -217,7 +219,8 @@ private:
int& user_id,
int& group_id,
string& uname,
string& gname);
string& gname,
set<int>& group_ids);
/**
* Function to authenticate internal users using a server driver
@ -227,18 +230,20 @@ private:
int& user_id,
int& group_id,
string& uname,
string& gname);
string& gname,
set<int>& group_ids);
/**
* Function to authenticate external (not known) users
*/
bool authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname);
bool authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname,
set<int>& group_ids);
/**
* Factory method to produce User objects
* @return a pointer to the new User

View File

@ -132,7 +132,7 @@ AclManager::~AclManager()
const bool AclManager::authorize(
int uid,
int gid,
const set<int>& user_groups,
const PoolObjectAuth& obj_perms,
AuthRequest::Operation op)
{
@ -280,23 +280,28 @@ const bool AclManager::authorize(
}
// ----------------------------------------------------------
// Look for rules that apply to the user's group
// Look for rules that apply to each one of the user's groups
// ----------------------------------------------------------
user_req = AclRule::GROUP_ID | gid;
auth = match_rules_wrapper(user_req,
resource_oid_req,
resource_gid_req,
resource_cid_req,
resource_all_req,
rights_req,
resource_oid_mask,
resource_gid_mask,
resource_cid_mask,
tmp_rules);
if ( auth == true )
set<int>::iterator g_it;
for (g_it = user_groups.begin(); g_it != user_groups.end(); g_it++)
{
return true;
user_req = AclRule::GROUP_ID | *g_it;
auth = match_rules_wrapper(user_req,
resource_oid_req,
resource_gid_req,
resource_cid_req,
resource_all_req,
rights_req,
resource_oid_mask,
resource_gid_mask,
resource_cid_mask,
tmp_rules);
if ( auth == true )
{
return true;
}
}
oss.str("No more rules, permission not granted ");

View File

@ -67,7 +67,7 @@ void AuthRequest::add_auth(Operation op,
// Default conditions that grants permission :
// User is oneadmin, or is in the oneadmin group
if ( uid == 0 || gid == GroupPool::ONEADMIN_ID )
if ( uid == 0 || gids.count( GroupPool::ONEADMIN_ID ) == 1 )
{
auth = true;
}
@ -76,7 +76,7 @@ void AuthRequest::add_auth(Operation op,
Nebula& nd = Nebula::instance();
AclManager* aclm = nd.get_aclm();
auth = aclm->authorize(uid, gid, ob_perms, op);
auth = aclm->authorize(uid, gids, ob_perms, op);
}
oss << auth; // Store the ACL authorization result in the request

View File

@ -40,7 +40,8 @@ void Request::execute(
att.uid,
att.gid,
att.uname,
att.gname);
att.gname,
att.group_ids);
log_method_invoked(att, _paramList);
@ -240,7 +241,7 @@ bool Request::basic_authorization(int oid,
perms.obj_type = auth_object;
}
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(op, perms);

View File

@ -34,7 +34,7 @@ bool RequestManagerAllocate::allocate_authorization(
string tmpl_str = "";
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
if ( tmpl != 0 )
{
@ -73,7 +73,7 @@ bool VirtualMachineAllocate::allocate_authorization(
return true;
}
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
string t64;
string aname;
@ -459,7 +459,7 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
string tmpl_str;
string aname;

View File

@ -108,7 +108,7 @@ void RequestManagerChmod::request_execute(xmlrpc_c::paramList const& paramList,
}
}
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(op, perms);

View File

@ -213,7 +213,7 @@ void RequestManagerChown::request_execute(xmlrpc_c::paramList const& paramList,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
rc = get_info(pool, oid, auth_object, att, operms, oname);
@ -363,7 +363,7 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, uperms); // MANAGE USER
ar.add_auth(AuthRequest::USE, ngperms); // USE GROUP
@ -399,6 +399,9 @@ void UserChown::request_execute(xmlrpc_c::paramList const& paramList,
user->set_group(ngid,ngname);
user->add_group(ngid);
user->del_group(old_gid);
upool->update(user);
user->unlock();

View File

@ -79,7 +79,7 @@ void RequestManagerClone::request_execute(
{
string tmpl_str = "";
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, perms); //USE OBJECT

View File

@ -70,7 +70,7 @@ void RequestManagerCluster::add_generic(
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
if ( cluster_id != ClusterPool::NONE_CLUSTER_ID )
{

View File

@ -47,7 +47,7 @@ bool RequestManagerDelete::delete_authorization(
object->unlock();
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, perms); // <MANAGE|ADMIN> OBJECT

View File

@ -357,7 +357,7 @@ void ImageClone::request_execute(
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
string tmpl_str;
// ------------------ Check permissions and ACLs ----------------------

View File

@ -53,7 +53,7 @@ void RequestManagerRename::request_execute(xmlrpc_c::paramList const& paramList,
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, operms); // MANAGE OBJECT

View File

@ -177,7 +177,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
if ( att.uid != 0 )
{
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(auth_op, perms); //USE TEMPLATE

View File

@ -55,7 +55,7 @@ bool RequestManagerVirtualMachine::vm_authorization(
object->unlock();
AuthRequest ar(att.uid, att.gid);
AuthRequest ar(att.uid, att.group_ids);
ar.add_auth(op, vm_perms);

View File

@ -431,8 +431,14 @@ void Scheduler::match()
host_perms.oid = host->get_hid();
host_perms.obj_type = PoolObjectSQL::HOST;
// Even if the owner is in several groups, this request only
// uses the VM group ID
set<int> gids;
gids.insert(gid);
matched = acls->authorize(uid,
gid,
gids,
host_perms,
AuthRequest::MANAGE);
}

View File

@ -156,6 +156,9 @@ string& User::to_xml_extended(string& xml, bool extended) const
string template_xml;
string quota_xml;
string collection_xml;
ObjectCollection::to_xml(collection_xml);
int enabled_int = enabled?1:0;
@ -163,6 +166,7 @@ string& User::to_xml_extended(string& xml, bool extended) const
"<USER>"
"<ID>" << oid <<"</ID>" <<
"<GID>" << gid <<"</GID>" <<
collection_xml <<
"<GNAME>" << gname <<"</GNAME>" <<
"<NAME>" << name <<"</NAME>" <<
"<PASSWORD>" << password <<"</PASSWORD>" <<
@ -220,7 +224,22 @@ int User::from_xml(const string& xml)
rc += obj_template->from_xml_node(content[0]);
ObjectXML::free_nodes(content);
content.clear();
ObjectXML::get_nodes("/USER/GROUPS", content);
if (content.empty())
{
return -1;
}
// Set of IDs
rc += ObjectCollection::from_xml_node(content[0]);
ObjectXML::free_nodes(content);
content.clear();
// Quotas
rc += quota.from_xml(this);
if (rc != 0)

View File

@ -293,6 +293,9 @@ int UserPool::allocate (
// Build a new User object
user = new User(-1, gid, uname, gname, upass, auth_driver, enabled);
// Add the primary group to the collection
user->add_collection_id(gid);
// Set a password for the OneGate tokens
user->add_template_attribute("TOKEN_PASSWORD", one_util::random_password());
@ -348,7 +351,8 @@ bool UserPool::authenticate_internal(User * user,
int& user_id,
int& group_id,
string& uname,
string& gname)
string& gname,
set<int>& group_ids)
{
bool result = false;
@ -367,6 +371,8 @@ bool UserPool::authenticate_internal(User * user,
user_id = user->oid;
group_id = user->gid;
group_ids = user->get_groups();
uname = user->name;
gname = user->gname;
@ -381,7 +387,7 @@ bool UserPool::authenticate_internal(User * user,
return true;
}
AuthRequest ar(user_id, group_id);
AuthRequest ar(user_id, group_ids);
if ( auth_driver == UserPool::CORE_AUTH )
{
@ -459,7 +465,8 @@ bool UserPool::authenticate_server(User * user,
int& user_id,
int& group_id,
string& uname,
string& gname)
string& gname,
set<int>& group_ids)
{
bool result = false;
@ -480,7 +487,7 @@ bool UserPool::authenticate_server(User * user,
auth_driver = user->auth_driver;
AuthRequest ar(user->oid, user->gid);
AuthRequest ar(user->oid, user->get_groups());
user->unlock();
@ -502,6 +509,8 @@ bool UserPool::authenticate_server(User * user,
user_id = user->oid;
group_id = user->gid;
group_ids = user->get_groups();
uname = user->name;
gname = user->gname;
@ -580,12 +589,13 @@ auth_failure:
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool UserPool::authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname)
bool UserPool::authenticate_external(const string& username,
const string& token,
int& user_id,
int& group_id,
string& uname,
string& gname,
set<int>& group_ids)
{
ostringstream oss;
istringstream is;
@ -598,7 +608,9 @@ bool UserPool::authenticate_external(const string& username,
Nebula& nd = Nebula::instance();
AuthManager * authm = nd.get_authm();
AuthRequest ar(-1,-1);
set<int> empty_set;
AuthRequest ar(-1,empty_set);
if (authm == 0)
{
@ -653,6 +665,7 @@ bool UserPool::authenticate_external(const string& username,
}
group_id = GroupPool::USERS_ID;
group_ids.insert( GroupPool::USERS_ID );
uname = mad_name;
gname = GroupPool::USERS_NAME;
@ -694,7 +707,8 @@ bool UserPool::authenticate(const string& session,
int& user_id,
int& group_id,
string& uname,
string& gname)
string& gname,
set<int>& group_ids)
{
User * user = 0;
string username;
@ -718,16 +732,16 @@ bool UserPool::authenticate(const string& session,
if ( fnmatch(UserPool::SERVER_AUTH, driver.c_str(), 0) == 0 )
{
ar = authenticate_server(user,token,user_id,group_id,uname,gname);
ar = authenticate_server(user,token,user_id,group_id,uname,gname,group_ids);
}
else
{
ar = authenticate_internal(user,token,user_id,group_id,uname,gname);
ar = authenticate_internal(user,token,user_id,group_id,uname,gname,group_ids);
}
}
else
{
ar = authenticate_external(username,token,user_id,group_id,uname,gname);
ar = authenticate_external(username,token,user_id,group_id,uname,gname,group_ids);
}
return ar;

View File

@ -1,8 +1,8 @@
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* A Bison parser, made by GNU Bison 2.5. */
/* Bison implementation for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -44,7 +44,7 @@
#define YYBISON 1
/* Bison version. */
#define YYBISON_VERSION "2.7.12-4996"
#define YYBISON_VERSION "2.5"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@ -58,6 +58,8 @@
/* Pull parsers. */
#define YYPULL 1
/* Using locations. */
#define YYLSP_NEEDED 1
/* Substitute the variable and function names. */
#define yyparse vm_file_var__parse
@ -70,7 +72,8 @@
#define yylloc vm_file_var__lloc
/* Copy the first part of user declarations. */
/* Line 371 of yacc.c */
/* Line 268 of yacc.c */
#line 17 "vm_file_var_syntax.y"
#include <iostream>
@ -145,7 +148,9 @@ int get_image_path(VirtualMachine * vm,
Nebula& nd = Nebula::instance();
ImagePool * ipool = nd.get_ipool();
UserPool * upool = nd.get_upool();
Image * img = 0;
User * user = 0;
int iid = -1;
PoolObjectAuth perm;
@ -218,7 +223,17 @@ int get_image_path(VirtualMachine * vm,
img->unlock();
AuthRequest ar(vm->get_uid(), vm->get_gid());
set<int> gids;
user = upool->get(vm->get_uid(), true);
if (user != 0)
{
gids = user->get_groups();
user->unlock();
}
AuthRequest ar(vm->get_uid(), gids);
ar.add_auth(AuthRequest::USE, perm);
@ -237,16 +252,14 @@ int get_image_path(VirtualMachine * vm,
/* -------------------------------------------------------------------------- */
/* Line 371 of yacc.c */
#line 242 "vm_file_var_syntax.cc"
# ifndef YY_NULL
# if defined __cplusplus && 201103L <= __cplusplus
# define YY_NULL nullptr
# else
# define YY_NULL 0
# endif
# endif
/* Line 268 of yacc.c */
#line 258 "vm_file_var_syntax.cc"
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
/* Enabling verbose error messages. */
#ifdef YYERROR_VERBOSE
@ -256,18 +269,12 @@ int get_image_path(VirtualMachine * vm,
# define YYERROR_VERBOSE 0
#endif
/* In a future release of Bison, this section will be replaced
by #include "vm_file_var_syntax.hh". */
#ifndef YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
# define YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
#if YYDEBUG
extern int vm_file_var__debug;
/* Enabling the token table. */
#ifndef YYTOKEN_TABLE
# define YYTOKEN_TABLE 0
#endif
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
@ -287,19 +294,22 @@ extern int vm_file_var__debug;
#endif
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 387 of yacc.c */
#line 190 "vm_file_var_syntax.y"
/* Line 293 of yacc.c */
#line 202 "vm_file_var_syntax.y"
char * val_str;
int val_int;
char val_char;
/* Line 387 of yacc.c */
#line 303 "vm_file_var_syntax.cc"
/* Line 293 of yacc.c */
#line 313 "vm_file_var_syntax.cc"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
@ -320,26 +330,11 @@ typedef struct YYLTYPE
#endif
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int vm_file_var__parse (void *YYPARSE_PARAM);
#else
int vm_file_var__parse ();
#endif
#else /* ! YYPARSE_PARAM */
#if defined __STDC__ || defined __cplusplus
int vm_file_var__parse (mem_collector * mc, VirtualMachine * vm, vector<int> * img_ids, char ** errmsg);
#else
int vm_file_var__parse ();
#endif
#endif /* ! YYPARSE_PARAM */
#endif /* !YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED */
/* Copy the second part of user declarations. */
/* Line 390 of yacc.c */
#line 343 "vm_file_var_syntax.cc"
/* Line 343 of yacc.c */
#line 338 "vm_file_var_syntax.cc"
#ifdef short
# undef short
@ -392,33 +387,24 @@ typedef short int yytype_int16;
# if defined YYENABLE_NLS && YYENABLE_NLS
# if ENABLE_NLS
# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
# define YY_(Msgid) dgettext ("bison-runtime", Msgid)
# define YY_(msgid) dgettext ("bison-runtime", msgid)
# endif
# endif
# ifndef YY_
# define YY_(Msgid) Msgid
# endif
#endif
#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later. */
# if (! defined __GNUC__ || __GNUC__ < 2 \
|| (__GNUC__ == 2 && __GNUC_MINOR__ < 5))
# define __attribute__(Spec) /* empty */
# define YY_(msgid) msgid
# endif
#endif
/* Suppress unused-variable warnings by "using" E. */
#if ! defined lint || defined __GNUC__
# define YYUSE(E) ((void) (E))
# define YYUSE(e) ((void) (e))
#else
# define YYUSE(E) /* empty */
# define YYUSE(e) /* empty */
#endif
/* Identity function, used to suppress warnings about constant conditions. */
#ifndef lint
# define YYID(N) (N)
# define YYID(n) (n)
#else
#if (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
@ -454,7 +440,6 @@ YYID (yyi)
# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
/* Use EXIT_SUCCESS as a witness for stdlib.h. */
# ifndef EXIT_SUCCESS
# define EXIT_SUCCESS 0
# endif
@ -548,20 +533,20 @@ union yyalloc
#endif
#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
/* Copy COUNT objects from SRC to DST. The source and destination do
/* Copy COUNT objects from FROM to TO. The source and destination do
not overlap. */
# ifndef YYCOPY
# if defined __GNUC__ && 1 < __GNUC__
# define YYCOPY(Dst, Src, Count) \
__builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
# define YYCOPY(To, From, Count) \
__builtin_memcpy (To, From, (Count) * sizeof (*(From)))
# else
# define YYCOPY(Dst, Src, Count) \
do \
{ \
YYSIZE_T yyi; \
for (yyi = 0; yyi < (Count); yyi++) \
(Dst)[yyi] = (Src)[yyi]; \
} \
# define YYCOPY(To, From, Count) \
do \
{ \
YYSIZE_T yyi; \
for (yyi = 0; yyi < (Count); yyi++) \
(To)[yyi] = (From)[yyi]; \
} \
while (YYID (0))
# endif
# endif
@ -639,18 +624,18 @@ static const yytype_int8 yyrhs[] =
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
static const yytype_uint8 yyrline[] =
{
0, 214, 214, 215, 219, 237
0, 226, 226, 227, 231, 249
};
#endif
#if YYDEBUG || YYERROR_VERBOSE || 0
#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
First, the terminals, then, starting at YYNTOKENS, nonterminals. */
static const char *const yytname[] =
{
"$end", "error", "$undefined", "EQUAL", "COMMA", "OBRACKET", "CBRACKET",
"EOA", "STRING", "VARIABLE", "RSTRING", "INTEGER", "$accept",
"vm_string", "vm_variable", YY_NULL
"vm_string", "vm_variable", 0
};
#endif
@ -716,10 +701,10 @@ static const yytype_uint8 yytable[] =
9, 14, 15, 16, 6, 0, 17
};
#define yypact_value_is_default(Yystate) \
(!!((Yystate) == (-8)))
#define yypact_value_is_default(yystate) \
((yystate) == (-8))
#define yytable_value_is_error(Yytable_value) \
#define yytable_value_is_error(yytable_value) \
YYID (0)
static const yytype_int8 yycheck[] =
@ -763,24 +748,23 @@ static const yytype_uint8 yystos[] =
#define YYRECOVERING() (!!yyerrstatus)
#define YYBACKUP(Token, Value) \
do \
if (yychar == YYEMPTY) \
{ \
yychar = (Token); \
yylval = (Value); \
YYPOPSTACK (yylen); \
yystate = *yyssp; \
goto yybackup; \
} \
else \
{ \
#define YYBACKUP(Token, Value) \
do \
if (yychar == YYEMPTY && yylen == 1) \
{ \
yychar = (Token); \
yylval = (Value); \
YYPOPSTACK (1); \
goto yybackup; \
} \
else \
{ \
yyerror (&yylloc, mc, vm, img_ids, errmsg, YY_("syntax error: cannot back up")); \
YYERROR; \
} \
while (YYID (0))
/* Error token number */
#define YYTERROR 1
#define YYERRCODE 256
@ -789,28 +773,27 @@ while (YYID (0))
If N is 0, then set CURRENT to the empty location which ends
the previous symbol: RHS[0] (always defined). */
#define YYRHSLOC(Rhs, K) ((Rhs)[K])
#ifndef YYLLOC_DEFAULT
# define YYLLOC_DEFAULT(Current, Rhs, N) \
do \
if (YYID (N)) \
{ \
(Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
(Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
(Current).last_line = YYRHSLOC (Rhs, N).last_line; \
(Current).last_column = YYRHSLOC (Rhs, N).last_column; \
} \
else \
{ \
(Current).first_line = (Current).last_line = \
YYRHSLOC (Rhs, 0).last_line; \
(Current).first_column = (Current).last_column = \
YYRHSLOC (Rhs, 0).last_column; \
} \
# define YYLLOC_DEFAULT(Current, Rhs, N) \
do \
if (YYID (N)) \
{ \
(Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
(Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
(Current).last_line = YYRHSLOC (Rhs, N).last_line; \
(Current).last_column = YYRHSLOC (Rhs, N).last_column; \
} \
else \
{ \
(Current).first_line = (Current).last_line = \
YYRHSLOC (Rhs, 0).last_line; \
(Current).first_column = (Current).last_column = \
YYRHSLOC (Rhs, 0).last_column; \
} \
while (YYID (0))
#endif
#define YYRHSLOC(Rhs, K) ((Rhs)[K])
/* YY_LOCATION_PRINT -- Print the location on the stream.
This macro was not mandated originally: define only if we know
@ -818,46 +801,10 @@ while (YYID (0))
#ifndef YY_LOCATION_PRINT
# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
/* Print *YYLOCP on YYO. Private, do not rely on its existence. */
__attribute__((__unused__))
#if (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
static unsigned
yy_location_print_ (FILE *yyo, YYLTYPE const * const yylocp)
#else
static unsigned
yy_location_print_ (yyo, yylocp)
FILE *yyo;
YYLTYPE const * const yylocp;
#endif
{
unsigned res = 0;
int end_col = 0 != yylocp->last_column ? yylocp->last_column - 1 : 0;
if (0 <= yylocp->first_line)
{
res += fprintf (yyo, "%d", yylocp->first_line);
if (0 <= yylocp->first_column)
res += fprintf (yyo, ".%d", yylocp->first_column);
}
if (0 <= yylocp->last_line)
{
if (yylocp->first_line < yylocp->last_line)
{
res += fprintf (yyo, "-%d", yylocp->last_line);
if (0 <= end_col)
res += fprintf (yyo, ".%d", end_col);
}
else if (0 <= end_col && yylocp->first_column < end_col)
res += fprintf (yyo, "-%d", end_col);
}
return res;
}
# define YY_LOCATION_PRINT(File, Loc) \
yy_location_print_ (File, &(Loc))
# define YY_LOCATION_PRINT(File, Loc) \
fprintf (File, "%d.%d-%d.%d", \
(Loc).first_line, (Loc).first_column, \
(Loc).last_line, (Loc).last_column)
# else
# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
# endif
@ -865,6 +812,7 @@ yy_location_print_ (yyo, yylocp)
/* YYLEX -- calling `yylex' with the right arguments. */
#ifdef YYLEX_PARAM
# define YYLEX yylex (&yylval, &yylloc, YYLEX_PARAM)
#else
@ -919,8 +867,6 @@ yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp, mc, vm, img_ids,
char ** errmsg;
#endif
{
FILE *yyo = yyoutput;
YYUSE (yyo);
if (!yyvaluep)
return;
YYUSE (yylocationp);
@ -934,7 +880,11 @@ yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp, mc, vm, img_ids,
# else
YYUSE (yyoutput);
# endif
YYUSE (yytype);
switch (yytype)
{
default:
break;
}
}
@ -1185,11 +1135,12 @@ static int
yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
yytype_int16 *yyssp, int yytoken)
{
YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
YYSIZE_T yysize0 = yytnamerr (0, yytname[yytoken]);
YYSIZE_T yysize = yysize0;
YYSIZE_T yysize1;
enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
/* Internationalized format string. */
const char *yyformat = YY_NULL;
const char *yyformat = 0;
/* Arguments of yyformat. */
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
/* Number of reported tokens (one for the "unexpected", one per
@ -1249,13 +1200,11 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
break;
}
yyarg[yycount++] = yytname[yyx];
{
YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
if (! (yysize <= yysize1
&& yysize1 <= YYSTACK_ALLOC_MAXIMUM))
return 2;
yysize = yysize1;
}
yysize1 = yysize + yytnamerr (0, yytname[yyx]);
if (! (yysize <= yysize1
&& yysize1 <= YYSTACK_ALLOC_MAXIMUM))
return 2;
yysize = yysize1;
}
}
}
@ -1275,12 +1224,10 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
# undef YYCASE_
}
{
YYSIZE_T yysize1 = yysize + yystrlen (yyformat);
if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
return 2;
yysize = yysize1;
}
yysize1 = yysize + yystrlen (yyformat);
if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
return 2;
yysize = yysize1;
if (*yymsg_alloc < yysize)
{
@ -1346,10 +1293,29 @@ yydestruct (yymsg, yytype, yyvaluep, yylocationp, mc, vm, img_ids, errmsg)
yymsg = "Deleting";
YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
YYUSE (yytype);
switch (yytype)
{
default:
break;
}
}
/* Prevent warnings from -Wmissing-prototypes. */
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int yyparse (void *YYPARSE_PARAM);
#else
int yyparse ();
#endif
#else /* ! YYPARSE_PARAM */
#if defined __STDC__ || defined __cplusplus
int yyparse (mem_collector * mc, VirtualMachine * vm, vector<int> * img_ids, char ** errmsg);
#else
int yyparse ();
#endif
#endif /* ! YYPARSE_PARAM */
/*----------.
@ -1384,40 +1350,11 @@ yyparse (mc, vm, img_ids, errmsg)
/* The lookahead symbol. */
int yychar;
#if defined __GNUC__ && 407 <= __GNUC__ * 100 + __GNUC_MINOR__
/* Suppress an incorrect diagnostic about yylval being uninitialized. */
# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \
_Pragma ("GCC diagnostic push") \
_Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")\
_Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
# define YY_IGNORE_MAYBE_UNINITIALIZED_END \
_Pragma ("GCC diagnostic pop")
#else
/* Default value used for initialization, for pacifying older GCCs
or non-GCC compilers. */
static YYSTYPE yyval_default;
# define YY_INITIAL_VALUE(Value) = Value
#endif
static YYLTYPE yyloc_default
# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
= { 1, 1, 1, 1 }
# endif
;
#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
# define YY_IGNORE_MAYBE_UNINITIALIZED_END
#endif
#ifndef YY_INITIAL_VALUE
# define YY_INITIAL_VALUE(Value) /* Nothing. */
#endif
/* The semantic value of the lookahead symbol. */
YYSTYPE yylval YY_INITIAL_VALUE(yyval_default);
YYSTYPE yylval;
/* Location data for the lookahead symbol. */
YYLTYPE yylloc = yyloc_default;
YYLTYPE yylloc;
/* Number of syntax errors so far. */
int yynerrs;
@ -1431,7 +1368,7 @@ YYLTYPE yylloc = yyloc_default;
`yyvs': related to semantic values.
`yyls': related to locations.
Refer to the stacks through separate pointers, to allow yyoverflow
Refer to the stacks thru separate pointers, to allow yyoverflow
to reallocate them elsewhere. */
/* The state stack. */
@ -1457,7 +1394,7 @@ YYLTYPE yylloc = yyloc_default;
int yyn;
int yyresult;
/* Lookahead token as an internal (translated) token number. */
int yytoken = 0;
int yytoken;
/* The variables used to return semantic value and location from the
action routines. */
YYSTYPE yyval;
@ -1476,9 +1413,10 @@ YYLTYPE yylloc = yyloc_default;
Keep to zero when no symbol should be popped. */
int yylen = 0;
yyssp = yyss = yyssa;
yyvsp = yyvs = yyvsa;
yylsp = yyls = yylsa;
yytoken = 0;
yyss = yyssa;
yyvs = yyvsa;
yyls = yylsa;
yystacksize = YYINITDEPTH;
YYDPRINTF ((stderr, "Starting parse\n"));
@ -1487,7 +1425,21 @@ YYLTYPE yylloc = yyloc_default;
yyerrstatus = 0;
yynerrs = 0;
yychar = YYEMPTY; /* Cause a token to be read. */
yylsp[0] = yylloc;
/* Initialize stack pointers.
Waste one element of value and location stack
so that they stay on the same level as the state stack.
The wasted elements are never initialized. */
yyssp = yyss;
yyvsp = yyvs;
yylsp = yyls;
#if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
/* Initialize the default location before parsing starts. */
yylloc.first_line = yylloc.last_line = 1;
yylloc.first_column = yylloc.last_column = 1;
#endif
goto yysetstate;
/*------------------------------------------------------------.
@ -1633,9 +1585,7 @@ yybackup:
yychar = YYEMPTY;
yystate = yyn;
YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
*++yyvsp = yylval;
YY_IGNORE_MAYBE_UNINITIALIZED_END
*++yylsp = yylloc;
goto yynewstate;
@ -1673,8 +1623,9 @@ yyreduce:
switch (yyn)
{
case 4:
/* Line 1787 of yacc.c */
#line 220 "vm_file_var_syntax.y"
/* Line 1806 of yacc.c */
#line 232 "vm_file_var_syntax.y"
{
string file((yyvsp[(1) - (7)].val_str));
string var1((yyvsp[(3) - (7)].val_str));
@ -1695,8 +1646,9 @@ yyreduce:
break;
case 5:
/* Line 1787 of yacc.c */
#line 238 "vm_file_var_syntax.y"
/* Line 1806 of yacc.c */
#line 250 "vm_file_var_syntax.y"
{
string file((yyvsp[(1) - (11)].val_str));
string var1((yyvsp[(3) - (11)].val_str));
@ -1720,8 +1672,9 @@ yyreduce:
break;
/* Line 1787 of yacc.c */
#line 1725 "vm_file_var_syntax.cc"
/* Line 1806 of yacc.c */
#line 1678 "vm_file_var_syntax.cc"
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
@ -1886,9 +1839,7 @@ yyerrlab1:
YY_STACK_PRINT (yyss, yyssp);
}
YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
*++yyvsp = yylval;
YY_IGNORE_MAYBE_UNINITIALIZED_END
yyerror_range[2] = yylloc;
/* Using YYLLOC is tempting, but would change the location of
@ -1917,7 +1868,7 @@ yyabortlab:
yyresult = 1;
goto yyreturn;
#if !defined yyoverflow || YYERROR_VERBOSE
#if !defined(yyoverflow) || YYERROR_VERBOSE
/*-------------------------------------------------.
| yyexhaustedlab -- memory exhaustion comes here. |
`-------------------------------------------------*/
@ -1959,8 +1910,9 @@ yyreturn:
}
/* Line 2050 of yacc.c */
#line 259 "vm_file_var_syntax.y"
/* Line 2067 of yacc.c */
#line 271 "vm_file_var_syntax.y"
extern "C" void vm_file_var__error(
@ -1988,3 +1940,4 @@ extern "C" void vm_file_var__error(
llocp->last_column);
}
}

View File

@ -1,8 +1,8 @@
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* A Bison parser, made by GNU Bison 2.5. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -30,15 +30,6 @@
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
# define YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
#if YYDEBUG
extern int vm_file_var__debug;
#endif
/* Tokens. */
#ifndef YYTOKENTYPE
@ -59,25 +50,30 @@ extern int vm_file_var__debug;
#endif
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 2053 of yacc.c */
#line 190 "vm_file_var_syntax.y"
/* Line 2068 of yacc.c */
#line 202 "vm_file_var_syntax.y"
char * val_str;
int val_int;
char val_char;
/* Line 2053 of yacc.c */
#line 75 "vm_file_var_syntax.hh"
/* Line 2068 of yacc.c */
#line 69 "vm_file_var_syntax.hh"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
typedef struct YYLTYPE
{
@ -91,4 +87,5 @@ typedef struct YYLTYPE
# define YYLTYPE_IS_TRIVIAL 1
#endif
#endif /* !YY_VM_FILE_VAR_VM_FILE_VAR_SYNTAX_HH_INCLUDED */

View File

@ -87,7 +87,9 @@ int get_image_path(VirtualMachine * vm,
Nebula& nd = Nebula::instance();
ImagePool * ipool = nd.get_ipool();
UserPool * upool = nd.get_upool();
Image * img = 0;
User * user = 0;
int iid = -1;
PoolObjectAuth perm;
@ -160,7 +162,17 @@ int get_image_path(VirtualMachine * vm,
img->unlock();
AuthRequest ar(vm->get_uid(), vm->get_gid());
set<int> gids;
user = upool->get(vm->get_uid(), true);
if (user != 0)
{
gids = user->get_groups();
user->unlock();
}
AuthRequest ar(vm->get_uid(), gids);
ar.add_auth(AuthRequest::USE, perm);