From c7584ad602de98affb223a56af0a2bc9f161b7db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= Date: Tue, 25 Oct 2011 18:48:24 +0200 Subject: [PATCH] Bug #847: Automatically create at bootstrap new user serveradmin with server_cipher driver. --- include/UserPool.h | 4 ++ src/onedb/3.0.0_to_3.1.0.rb | 86 +++++++++++++++++++++++++++++++++++++ src/um/UserPool.cc | 44 +++++++++++++------ 3 files changed, 122 insertions(+), 12 deletions(-) diff --git a/include/UserPool.h b/include/UserPool.h index 040aeea12e..5dd0f99edc 100644 --- a/include/UserPool.h +++ b/include/UserPool.h @@ -157,6 +157,10 @@ public: */ static const char * DEFAULT_AUTH; + /** + * Name for the default Sunstone server user + */ + static const char * SERVER_NAME; private: //-------------------------------------------------------------------------- diff --git a/src/onedb/3.0.0_to_3.1.0.rb b/src/onedb/3.0.0_to_3.1.0.rb index 0eac37f7b3..b909bcde80 100644 --- a/src/onedb/3.0.0_to_3.1.0.rb +++ b/src/onedb/3.0.0_to_3.1.0.rb @@ -26,6 +26,10 @@ module Migrator end def up + ######################################################################## + # Update table definitions + ######################################################################## + [ [:group_pool, "group"], [:host_pool, "host"], [:image_pool, "image"], @@ -45,6 +49,10 @@ module Migrator end } + ######################################################################## + # Add new attributes to images + ######################################################################## + @db.run "ALTER TABLE image_pool RENAME TO old_image_pool;" @db.run "CREATE TABLE image_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, gid INTEGER, public INTEGER, UNIQUE(name,uid) );" @@ -78,6 +86,9 @@ module Migrator @db.run "DROP TABLE old_image_pool;" + ######################################################################## + # Add new attributes to users + ######################################################################## @db.run "ALTER TABLE user_pool RENAME TO old_user_pool;" @db.run "CREATE TABLE user_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, UNIQUE(name));" @@ -100,6 +111,81 @@ module Migrator @db.run "DROP TABLE old_user_pool;" + ######################################################################## + # Create new serveradmin user + ######################################################################## + + username = "serveradmin" + found = false + oneadmin_row = nil + user_oid = nil + + @db.fetch("SELECT * FROM user_pool WHERE name='#{username}'") do |row| + found = true + end + + if ( found ) + puts " > Trying to create user '#{username}' "<< + "for Sunstone and public servers operation;\n"<< + " but a user with that name already exists. "<< + "You will need to create manually a new user, visit\n"<< + " http://opennebula.org/documentation:rel3.2:upgrade" + else + @db.fetch("SELECT * FROM user_pool WHERE oid=0") do |row| + oneadmin_row = row + end + + @db.fetch("SELECT last_oid FROM pool_control WHERE tablename='user_pool'") do |row| + user_oid = (row[:last_oid].to_i + 1) + end + + doc = Document.new(oneadmin_row[:body]) + + doc.root.each_element("ID") { |e| + e.text = (user_oid).to_s + } + + doc.root.each_element("GID") { |e| + e.text = "0" + } + + doc.root.each_element("NAME") { |e| + e.text = username + } + + doc.root.each_element("AUTH_DRIVER") { |e| + e.text = "server_cipher" + } + + # Insert new user + @db[:user_pool].insert( + :oid => user_oid, + :name => username, + :body => doc.root.to_s) + + # Update last oid in pool_control + @db.run("UPDATE pool_control SET last_oid=#{user_oid} WHERE tablename='user_pool';") + + # Insert new user ID in oneadmin group + + @db.fetch("SELECT body FROM group_pool WHERE oid=0") do |row| + doc = Document.new(row[:body]) + end + + doc.root.each_element("USERS"){ |e| + new_elem = e.add_element("ID") + new_elem.text = user_oid + } + + @db.run("UPDATE group_pool SET body='#{doc.root.to_s}' WHERE oid=0;") + + puts " > New user '#{username}' created "<< + "for Sunstone and public servers operation.\n"<< + " You will need to create some configuration files "<< + "before Sunstone, OCCI or EC2 are "<< + "started.\n Visit\n"<< + " http://opennebula.org/documentation:rel3.2:upgrade" + end return true end diff --git a/src/um/UserPool.cc b/src/um/UserPool.cc index 68a7aa822e..504d0bbac2 100644 --- a/src/um/UserPool.cc +++ b/src/um/UserPool.cc @@ -35,6 +35,8 @@ const char * UserPool::SERVER_AUTH = "server*"; const char * UserPool::PUBLIC_AUTH = "public"; const char * UserPool::DEFAULT_AUTH = "default"; +const char * UserPool::SERVER_NAME = "serveradmin"; + /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ @@ -47,7 +49,8 @@ UserPool::UserPool(SqlDB * db, time_t __session_expiration_time): PoolSQL(db,User::table) { - int one_uid = -1; + int one_uid = -1; + int server_uid = -1; ostringstream oss; string one_token; string one_name; @@ -100,16 +103,33 @@ UserPool::UserPool(SqlDB * db, { if (User::split_secret(one_token,one_name,one_pass) == 0) { - string error_str; + if ( one_name == SERVER_NAME ) + { + oss << "The name '" << SERVER_NAME << "' is reserved"; + } + else + { + string error_str; - allocate(&one_uid, - GroupPool::ONEADMIN_ID, - one_name, - GroupPool::ONEADMIN_NAME, - one_pass, - UserPool::CORE_AUTH, - true, - error_str); + allocate(&one_uid, + GroupPool::ONEADMIN_ID, + one_name, + GroupPool::ONEADMIN_NAME, + one_pass, + UserPool::CORE_AUTH, + true, + error_str); + + // Create the serveradmin user with the same password + allocate(&server_uid, + GroupPool::ONEADMIN_ID, + SERVER_NAME, + GroupPool::ONEADMIN_NAME, + SSLTools::sha1_digest(one_pass), + "server_cipher", + true, + error_str); + } } else { @@ -119,12 +139,12 @@ UserPool::UserPool(SqlDB * db, } else { - oss << "Cloud not open file: " << one_auth; + oss << "Could not open file: " << one_auth; } file.close(); - if (one_uid != 0) + if (one_uid != 0 || server_uid != 1) { NebulaLog::log("ONE",Log::ERROR,oss); throw;