shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-23 22:50:09 +03:00
Code Releases Wiki Activity

Merge branch 'master' of git.opennebula.org:one

Browse Source
This commit is contained in:
Daniel Molina 2012-01-23 17:24:02 +01:00
commit ad3be3ca6e
13 changed files with 143 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/ImagePool.h
View File

@ -40,7 +40,8 @@ public:
ImagePool(SqlDB * db,
const string& _default_type,
const string& _default_dev_prefix);
const string& _default_dev_prefix,
vector<const Attribute *> restricted_attrs);
~ImagePool(){};

11
include/ImageTemplate.h
View File

@ -38,12 +38,15 @@ public:
*/
bool check(string& rs_attr)
{
vector<string> restricted_attributes;
restricted_attributes.push_back("SOURCE");
return Template::check(rs_attr, restricted_attributes);
};
private:
friend class ImagePool;
static vector<string> restricted_attributes;
static void add_restricted_attribute(string& attr);
};
/* -------------------------------------------------------------------------- */

3
include/VirtualMachinePool.h
View File

@ -35,7 +35,8 @@ public:
VirtualMachinePool(SqlDB * db,
vector<const Attribute *> hook_mads,
const string& hook_location,
const string& remotes_location);
const string& remotes_location,
vector<const Attribute *> restricted_attrs);
~VirtualMachinePool(){};

16
include/VirtualMachineTemplate.h
View File

@ -43,18 +43,16 @@ public:
*/
bool check(string& rs_attr)
{
vector<string> restricted_attributes;
restricted_attributes.push_back("CONTEXT/FILES");
restricted_attributes.push_back("DISK/SOURCE");
restricted_attributes.push_back("NIC/MAC");
restricted_attributes.push_back("NIC/VLAN_ID");
restricted_attributes.push_back("RANK");
return Template::check(rs_attr, restricted_attributes);
};
friend class VirtualMachine;
private:
friend class VirtualMachinePool;
static vector<string> restricted_attributes;
static void add_restricted_attribute(string& attr);
};
/* -------------------------------------------------------------------------- */

17
share/etc/oned.conf
View File

@ -471,4 +471,19 @@ AUTH_MAD = [
SESSION_EXPIRATION_TIME = 900
#ENABLE_OTHER_PERMISSIONS = "YES"
#ENABLE_OTHER_PERMISSIONS = "YES"
#*******************************************************************************
# Restricted Attributes Configuration
#*******************************************************************************
# The following attributes are restricted to users outside the oneadmin group
#*******************************************************************************
VM_RESTRICTED_ATTR = "CONTEXT/FILES"
VM_RESTRICTED_ATTR = "DISK/SOURCE"
VM_RESTRICTED_ATTR = "NIC/MAC"
VM_RESTRICTED_ATTR = "NIC/VLAN_ID"
VM_RESTRICTED_ATTR = "RANK"
IMAGE_RESTRICTED_ATTR = "SOURCE"

15
src/image/ImagePool.cc
View File

@ -33,10 +33,12 @@ string ImagePool::_default_dev_prefix;
ImagePool::ImagePool(SqlDB * db,
const string& __default_type,
const string& __default_dev_prefix):
const string& __default_dev_prefix,
vector<const Attribute *> restricted_attrs):
PoolSQL(db,Image::table)
{
ostringstream sql;
const SingleAttribute * sattr;
// Init static defaults
_default_type = __default_type;
@ -50,6 +52,17 @@ ImagePool::ImagePool(SqlDB * db,
NebulaLog::log("IMG", Log::ERROR, "Bad default for type, setting OS");
_default_type = "OS";
}
// Set restricted attributes
for (unsigned int i = 0 ; i < restricted_attrs.size() ; i++ )
{
sattr = static_cast<const SingleAttribute *>(restricted_attrs[i]);
string attr = sattr->value();
transform (attr.begin(),attr.end(),attr.begin(),(int(*)(int))toupper);
ImageTemplate::add_restricted_attribute(attr);
}
}
/* -------------------------------------------------------------------------- */

33
src/image/ImageTemplate.cc Normal file
View File

@ -0,0 +1,33 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include "ImageTemplate.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
vector<string> ImageTemplate::restricted_attributes;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void ImageTemplate::add_restricted_attribute(string& attr)
{
restricted_attributes.push_back(attr);
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

3
src/image/SConstruct
View File

@ -26,7 +26,8 @@ source_files=[
'ImagePool.cc',
'ImageManagerDriver.cc',
'ImageManager.cc',
'ImageManagerActions.cc'
'ImageManagerActions.cc',
'ImageTemplate.cc'
]
# Build library

11
src/nebula/Nebula.cc
View File

@ -276,14 +276,20 @@ void Nebula::start()
vector<const Attribute *> vm_hooks;
vector<const Attribute *> host_hooks;
vector<const Attribute *> vm_restricted_attrs;
vector<const Attribute *> img_restricted_attrs;
nebula_configuration->get("VM_HOOK", vm_hooks);
nebula_configuration->get("HOST_HOOK", host_hooks);
nebula_configuration->get("VM_RESTRICTED_ATTR", vm_restricted_attrs);
nebula_configuration->get("IMAGE_RESTRICTED_ATTR", img_restricted_attrs);
vmpool = new VirtualMachinePool(db,
vm_hooks,
hook_location,
remotes_location);
remotes_location,
vm_restricted_attrs);
hpool = new HostPool(db, host_hooks, hook_location, remotes_location);
nebula_configuration->get("MAC_PREFIX", mac_prefix);
@ -301,7 +307,8 @@ void Nebula::start()
ipool = new ImagePool(db,
default_image_type,
default_device_prefix);
default_device_prefix,
img_restricted_attrs);
tpool = new VMTemplatePool(db);
}

4
src/template/Template.cc
View File

@ -539,7 +539,7 @@ bool Template::check(string& rs_attr, const vector<string> &restricted_attribute
string avector, vattr;
vector<const Attribute *> values;
for (uint i=0; i < restricted_attributes.size(); i++)
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
@ -573,7 +573,7 @@ bool Template::check(string& rs_attr, const vector<string> &restricted_attribute
}
else //Single Attribute
{
if (get(avector,values) > 0 )
if (get(restricted_attributes[i],values) > 0 )
{
rs_attr = restricted_attributes[i];
return true;

3
src/vm/SConstruct
View File

@ -40,7 +40,8 @@ source_files=[
'vm_var_parser.c',
'vm_var_syntax.cc',
'VirtualMachinePool.cc',
'VirtualMachineHook.cc'
'VirtualMachineHook.cc',
'VirtualMachineTemplate.cc'
]
# Build library

15
src/vm/VirtualMachinePool.cc
View File

@ -27,10 +27,12 @@
VirtualMachinePool::VirtualMachinePool(SqlDB * db,
vector<const Attribute *> hook_mads,
const string& hook_location,
const string& remotes_location)
const string& remotes_location,
vector<const Attribute *> restricted_attrs)
: PoolSQL(db,VirtualMachine::table)
{
const VectorAttribute * vattr;
const SingleAttribute * sattr;
string name;
string on;
@ -182,6 +184,17 @@ VirtualMachinePool::VirtualMachinePool(SqlDB * db,
add_hook(hook);
}
// Set restricted attributes
for (unsigned int i = 0 ; i < restricted_attrs.size() ; i++ )
{
sattr = static_cast<const SingleAttribute *>(restricted_attrs[i]);
string attr = sattr->value();
transform (attr.begin(),attr.end(),attr.begin(),(int(*)(int))toupper);
VirtualMachineTemplate::add_restricted_attribute(attr);
}
}
/* -------------------------------------------------------------------------- */

33
src/vm/VirtualMachineTemplate.cc Normal file
View File

@ -0,0 +1,33 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org) */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include "VirtualMachineTemplate.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
vector<string> VirtualMachineTemplate::restricted_attributes;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::add_restricted_attribute(string& attr)
{
restricted_attributes.push_back(attr);
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */