From 8d21189859fed7db1f86f8fac15d529bd9b3ebaa Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Fri, 22 Apr 2016 11:55:19 +0200 Subject: [PATCH] development: Add access check to original image when clonning it --- src/rm/RequestManagerImage.cc | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/rm/RequestManagerImage.cc b/src/rm/RequestManagerImage.cc index 651bb1c232..59835c07d6 100644 --- a/src/rm/RequestManagerImage.cc +++ b/src/rm/RequestManagerImage.cc @@ -333,7 +333,6 @@ Request::ErrorCode ImageClone::request_execute( DatastorePool * dspool = nd.get_dspool(); ImagePool * ipool = nd.get_ipool(); - // ------------------------- Get source Image info ------------------------- img = ipool->get(clone_id, true); @@ -475,16 +474,22 @@ Request::ErrorCode ImageClone::request_execute( string tmpl_str; // ------------------ Check permissions and ACLs ---------------------- - + // Create image + // Use original image + // Use target datastore + // Use original datastore, if different + // --------------------------------------------------------------------- tmpl->to_xml(tmpl_str); - ar.add_create_auth(att.uid, att.gid, PoolObjectSQL::IMAGE, tmpl_str); // CREATE IMAGE + ar.add_create_auth(att.uid, att.gid, PoolObjectSQL::IMAGE, tmpl_str); - ar.add_auth(AuthRequest::USE, ds_perms); // USE DATASTORE + ar.add_auth(AuthRequest::USE, perms); - if (ds_id != ds_id_orig) // USE (original) DATASTORE + ar.add_auth(AuthRequest::USE, ds_perms); + + if (ds_id != ds_id_orig) { - ar.add_auth(AuthRequest::USE, ds_perms_orig); // USE DATASTORE + ar.add_auth(AuthRequest::USE, ds_perms_orig); } if (UserPool::authorize(ar) == -1)