B #3610: Fix failure response for disk-attach (#1352)

2025-01-11 05:17:41 +03:00 · 2021-07-13 09:28:18 +02:00 · 2021-07-13 09:28:18 +02:00 · d4f5a8bdf6
commit d4f5a8bdf6
parent 5b234cb98a
2 changed files with 41 additions and 48 deletions
--- a/include/RequestManagerVirtualMachine.h
+++ b/include/RequestManagerVirtualMachine.h
@ -47,6 +47,7 @@ protected:
    virtual void request_execute(xmlrpc_c::paramList const& _paramList,
            RequestAttributes& att) = 0;

+    // Authorize the request, set failure_response message
    bool vm_authorization(int id,
                          ImageTemplate *         tmpl,
                          VirtualMachineTemplate* vtmpl,
@ -55,16 +56,12 @@ protected:
                          PoolObjectAuth *        ds_perm,
                          PoolObjectAuth *        img_perm);

+    // Check user and group quotas. Do not set failure_response on failure
    bool quota_resize_authorization(
            Template *          deltas,
            RequestAttributes&  att,
            PoolObjectAuth&     vm_perms);

-    bool quota_resize_authorization(
-            int                 oid,
-            Template *          deltas,
-            RequestAttributes&  att);
-
    int get_host_information(
        int                hid,
        std::string&       name,
--- a/src/rm/RequestManagerVirtualMachine.cc
+++ b/src/rm/RequestManagerVirtualMachine.cc
@ -100,32 +100,6 @@ bool RequestManagerVirtualMachine::vm_authorization(
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

-bool RequestManagerVirtualMachine::quota_resize_authorization(
-        int                 oid,
-        Template *          deltas,
-        RequestAttributes&  att)
-{
-    PoolObjectAuth      vm_perms;
-    auto vmpool = Nebula::instance().get_vmpool();
-
-    if (auto vm = vmpool->get_ro(oid))
-    {
-        vm->get_permissions(vm_perms);
-    }
-    else
-    {
-        att.resp_obj = PoolObjectSQL::VM;
-        att.resp_id  = oid;
-        failure_response(NO_EXISTS, att);
-        return false;
-    }
-
-    return quota_resize_authorization(deltas, att, vm_perms);
-}
-
-/* -------------------------------------------------------------------------- */
-/* -------------------------------------------------------------------------- */
-
 bool RequestManagerVirtualMachine::quota_resize_authorization(
        Template *          deltas,
        RequestAttributes&  att,
@ -155,8 +129,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization(

                att.resp_msg = oss.str();

-                failure_response(AUTHORIZATION, att);
-
                return false;
            }

@ -180,8 +152,6 @@ bool RequestManagerVirtualMachine::quota_resize_authorization(

                att.resp_msg = oss.str();

-                failure_response(AUTHORIZATION, att);
-
                group.reset();

                quota_rollback(deltas, Quotas::VM, att_tmp);
@ -1742,7 +1712,7 @@ void VirtualMachineAttach::request_execute(
    // -------------------------------------------------------------------------
    // Check if the VM is a Virtual Router
    // -------------------------------------------------------------------------
-    if ( auto vm = get_vm(id, att) )
+    if ( auto vm = pool->get_ro<VirtualMachine>(id) )
    {
        if ( !vm->hasHistory() )
        {
@ -1762,6 +1732,11 @@ void VirtualMachineAttach::request_execute(
    }
    else
    {
+        att.resp_id = id;
+        att.resp_obj = PoolObjectSQL::VM;
+
+        failure_response(NO_EXISTS, att);
+
        return;
    }

@ -1789,6 +1764,7 @@ void VirtualMachineAttach::request_execute(
    {
        failure_response(ec, att);
    }
+
 }

 /* -------------------------------------------------------------------------- */
@ -1799,17 +1775,35 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id,
 {
    Nebula&           nd = Nebula::instance();
    DispatchManager * dm = nd.get_dm();
+    VirtualMachinePool * vmpool = nd.get_vmpool();

    PoolObjectAuth         vm_perms;

-    int    rc;
    bool   volatile_disk;

    // -------------------------------------------------------------------------
    // Authorize the operation & check quotas
    // -------------------------------------------------------------------------
-    if (vm_authorization(id, 0, &tmpl, att, 0, 0, 0) == false)
+    if (auto vm = vmpool->get_ro(id))
    {
+        vm->get_permissions(vm_perms);
+    }
+    else
+    {
+        att.resp_id  = id;
+        att.resp_obj = PoolObjectSQL::VM;
+        return NO_EXISTS;
+    }
+
+    AuthRequest ar(att.uid, att.group_ids);
+
+    ar.add_auth(AuthRequest::MANAGE, vm_perms);
+
+    VirtualMachine::set_auth_request(att.uid, ar, &tmpl, true);
+
+    if (UserPool::authorize(ar) == -1)
+    {
+        att.resp_msg = ar.message;
        return AUTHORIZATION;
    }

@ -1824,14 +1818,14 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id,
        }
    }

-    if ( auto vm = get_vm(id, att) )
+    if ( auto vm = vmpool->get(id) )
    {
-        vm->get_permissions(vm_perms);
-
        volatile_disk = set_volatile_disk_info(vm.get(), vm->get_ds_id(), tmpl);
    }
    else
    {
+        att.resp_id  = id;
+        att.resp_obj = PoolObjectSQL::VM;
        return NO_EXISTS;
    }

@ -1842,23 +1836,22 @@ Request::ErrorCode VirtualMachineAttach::request_execute(int id,

    deltas.add("VMS", 0);

-    if (quota_resize_authorization(id, &deltas, att_quota) == false)
+    if (quota_resize_authorization(&deltas, att_quota, vm_perms) == false)
    {
+        att.resp_msg = std::move(att_quota.resp_msg);
        return AUTHORIZATION;
    }

    if (volatile_disk == false)
    {
-        if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota) == false )
+        if ( quota_authorization(&tmpl, Quotas::IMAGE, att_quota, att.resp_msg) == false )
        {
            quota_rollback(&deltas, Quotas::VM, att_quota);
            return AUTHORIZATION;
        }
    }

-    rc = dm->attach(id, &tmpl, att, att.resp_msg);
-
-    if ( rc != 0 )
+    if ( dm->attach(id, &tmpl, att, att.resp_msg) != 0 )
    {
        quota_rollback(&deltas, Quotas::VM, att_quota);

@ -2110,6 +2103,7 @@ void VirtualMachineResize::request_execute(xmlrpc_c::paramList const& paramList,

    if (quota_resize_authorization(&deltas, att, vm_perms) == false)
    {
+        failure_response(AUTHORIZATION, att);
        return;
    }

@ -2803,7 +2797,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute(

    if ( !vm_deltas.empty() )
    {
-        if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota))
+        if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms))
        {
            if ( img_ds_quota )
            {
@ -2815,6 +2809,7 @@ void VirtualMachineDiskSnapshotCreate::request_execute(
                quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota);
            }

+            failure_response(AUTHORIZATION, vm_att_quota);
            return;
        }
    }
@ -3286,7 +3281,7 @@ void VirtualMachineDiskResize::request_execute(

    if ( !vm_deltas.empty() )
    {
-        if (!quota_resize_authorization(id, &vm_deltas, vm_att_quota))
+        if (!quota_resize_authorization(&vm_deltas, vm_att_quota, vm_perms))
        {
            if ( img_ds_quota )
            {
@ -3298,6 +3293,7 @@ void VirtualMachineDiskResize::request_execute(
                quota_rollback(&ds_deltas, Quotas::DATASTORE, vm_att_quota);
            }

+            failure_response(AUTHORIZATION, vm_att_quota);
            return;
        }
    }