shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-11 05:17:41 +03:00
Code Releases Wiki Activity

Extend auth methods to set lock checks

Browse Source
This commit is contained in:
Ruben S. Montero 2018-05-31 12:50:02 +02:00
parent 6fa16070e8
commit d8e579d5a3
15 changed files with 48 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/VirtualMachine.h
View File

@ -1260,7 +1260,7 @@ public:
* @param tmpl the virtual machine template
*/
static void set_auth_request(int uid, AuthRequest& ar,
VirtualMachineTemplate *tmpl);
VirtualMachineTemplate *tmpl, bool check_lock);
// -------------------------------------------------------------------------
// Attach Disk Interface

2
include/VirtualMachineDisk.h
View File

@ -181,7 +181,7 @@ public:
* @param uid of user making the request
* @param ar auth request
*/
void authorize(int uid, AuthRequest* ar);
void authorize(int uid, AuthRequest* ar, bool check_lock);
/* ---------------------------------------------------------------------- */
/* Snapshots Interface */

11
include/VirtualMachineNic.h
View File

@ -77,14 +77,14 @@ public:
* @param uid of user making the request
* @param ar auth request
*/
void authorize(int uid, AuthRequest* ar)
void authorize(int uid, AuthRequest* ar, bool check_lock)
{
authorize(PoolObjectSQL::VM, uid, ar);
authorize(PoolObjectSQL::VM, uid, ar, check_lock);
}
void authorize_vrouter(int uid, AuthRequest* ar)
void authorize_vrouter(int uid, AuthRequest* ar, bool check_lock)
{
authorize(PoolObjectSQL::VROUTER, uid, ar);
authorize(PoolObjectSQL::VROUTER, uid, ar, check_lock);
}
/**
@ -102,7 +102,8 @@ private:
* @param uid of user making the request
* @param ar auth request
*/
void authorize(PoolObjectSQL::ObjectType ot, int uid, AuthRequest* ar);
void authorize(PoolObjectSQL::ObjectType ot, int uid, AuthRequest* ar,
bool check_lock);
};

3
include/VirtualNetworkPool.h
View File

@ -204,7 +204,8 @@ public:
VirtualMachineNic * nic,
int uid,
AuthRequest * ar,
set<int> & sgs);
set<int> & sgs,
bool check_lock);
//--------------------------------------------------------------------------
// VNET Reservation interface

3
include/VirtualRouter.h
View File

@ -156,7 +156,8 @@ public:
* @param ar the AuthRequest object
* @param tmpl the virtual router template
*/
static void set_auth_request(int uid, AuthRequest& ar, Template *tmpl);
static void set_auth_request(int uid, AuthRequest& ar, Template *tmpl,
bool check_lock);
/**
* Checks if the given action is supported for Virtual Router VMs

4
src/rm/RequestManagerAllocate.cc
View File

@ -90,7 +90,7 @@ bool VirtualMachineAllocate::allocate_authorization(
ar.add_create_auth(att.uid, att.gid, auth_object, tmpl->to_xml(t64));
VirtualMachine::set_auth_request(att.uid, ar, ttmpl);
VirtualMachine::set_auth_request(att.uid, ar, ttmpl, true);
if (UserPool::authorize(ar) == -1)
{
@ -1088,7 +1088,7 @@ bool VirtualRouterAllocate::allocate_authorization(
ar.add_create_auth(att.uid, att.gid, auth_object, tmpl->to_xml(tmpl_str));
VirtualRouter::set_auth_request(att.uid, ar, tmpl);
VirtualRouter::set_auth_request(att.uid, ar, tmpl, true);
if (UserPool::authorize(ar) == -1)
{

2
src/rm/RequestManagerInfo.cc
View File

@ -110,7 +110,7 @@ void TemplateInfo::request_execute(xmlrpc_c::paramList const& paramList,
if (extended)
{
VirtualMachine::set_auth_request(att.uid, ar, extended_tmpl);
VirtualMachine::set_auth_request(att.uid, ar, extended_tmpl, false);
VirtualMachineDisks::extended_info(att.uid, extended_tmpl);
}

2
src/rm/RequestManagerVMTemplate.cc
View File

@ -215,7 +215,7 @@ Request::ErrorCode VMTemplateInstantiate::request_execute(int id, string name,
tmpl_str);
}
VirtualMachine::set_auth_request(att.uid, ar, tmpl);
VirtualMachine::set_auth_request(att.uid, ar, tmpl, true);
if (UserPool::authorize(ar) == -1)
{

4
src/rm/RequestManagerVirtualMachine.cc
View File

@ -69,7 +69,7 @@ bool RequestManagerVirtualMachine::vm_authorization(
if ( vtmpl != 0 )
{
VirtualMachine::set_auth_request(att.uid, ar, vtmpl);
VirtualMachine::set_auth_request(att.uid, ar, vtmpl, true);
}
if ( ds_perm != 0 )
@ -2285,7 +2285,7 @@ Request::ErrorCode VirtualMachineAttachNic::request_execute(int id,
ar.add_auth(AuthRequest::MANAGE, vm_perms);
VirtualMachine::set_auth_request(att.uid, ar, &tmpl);
VirtualMachine::set_auth_request(att.uid, ar, &tmpl, true);
if (UserPool::authorize(ar) == -1)
{

2
src/rm/RequestManagerVirtualRouter.cc
View File

@ -224,7 +224,7 @@ void VirtualRouterAttachNic::request_execute(
ar.add_auth(AuthRequest::MANAGE, vr_perms); // MANAGE VROUTER
VirtualRouter::set_auth_request(att.uid, ar, &tmpl); // USE VNET
VirtualRouter::set_auth_request(att.uid, ar, &tmpl, true); // USE VNET
if (UserPool::authorize(ar) == -1)
{

7
src/vm/VirtualMachine.cc
View File

@ -1946,14 +1946,15 @@ bool VirtualMachine::is_vrouter()
void VirtualMachine::set_auth_request(int uid,
AuthRequest& ar,
VirtualMachineTemplate *tmpl)
VirtualMachineTemplate *tmpl,
bool check_lock)
{
VirtualMachineDisks::disk_iterator disk;
VirtualMachineDisks tdisks(tmpl, false);
for( disk = tdisks.begin(); disk != tdisks.end(); ++disk)
{
(*disk)->authorize(uid, &ar);
(*disk)->authorize(uid, &ar, check_lock);
}
VirtualMachineNics::nic_iterator nic;
@ -1961,7 +1962,7 @@ void VirtualMachine::set_auth_request(int uid,
for( nic = tnics.begin(); nic != tnics.end(); ++nic)
{
(*nic)->authorize(uid, &ar);
(*nic)->authorize(uid, &ar, check_lock);
}
const VectorAttribute * vmgroup = tmpl->get("VMGROUP");

4
src/vm/VirtualMachineDisk.cc
View File

@ -165,7 +165,7 @@ void VirtualMachineDisk::extended_info(int uid)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineDisk::authorize(int uid, AuthRequest* ar)
void VirtualMachineDisk::authorize(int uid, AuthRequest* ar, bool check_lock)
{
string source;
Image * img = 0;
@ -207,7 +207,7 @@ void VirtualMachineDisk::authorize(int uid, AuthRequest* ar)
img->unlock();
//cloning disks can be used with lock, lcm will track image state updates.
if (is_cloning())
if (is_cloning() || !check_lock)
{
ar->add_auth(AuthRequest::USE_NO_LCK, perm);
}

11
src/vm/VirtualMachineNic.cc
View File

@ -121,7 +121,7 @@ int VirtualMachineNic::get_uid(int _uid, string& error)
/* -------------------------------------------------------------------------- */
void VirtualMachineNic::authorize(PoolObjectSQL::ObjectType ot, int uid,
AuthRequest* ar)
AuthRequest* ar, bool check_lock)
{
Nebula& nd = Nebula::instance();
@ -132,7 +132,7 @@ void VirtualMachineNic::authorize(PoolObjectSQL::ObjectType ot, int uid,
get_security_groups(sgroups);
vnpool->authorize_nic(ot, this, uid, ar, sgroups);
vnpool->authorize_nic(ot, this, uid, ar, sgroups, check_lock);
for(set<int>::iterator it = sgroups.begin(); it != sgroups.end(); it++)
{
@ -146,8 +146,15 @@ void VirtualMachineNic::authorize(PoolObjectSQL::ObjectType ot, int uid,
sgroup->unlock();
if ( check_lock )
{
ar->add_auth(AuthRequest::USE, perm);
}
else
{
ar->add_auth(AuthRequest::USE_NO_LCK, perm);
}
}
}
}

10
src/vnm/VirtualNetworkPool.cc
View File

@ -303,7 +303,8 @@ void VirtualNetworkPool::authorize_nic(
VirtualMachineNic * nic,
int uid,
AuthRequest * ar,
set<int> & sgs)
set<int> & sgs,
bool check_lock)
{
string network;
VirtualNetwork * vnet = 0;
@ -339,7 +340,14 @@ void VirtualNetworkPool::authorize_nic(
vnet->unlock();
if ( check_lock )
{
ar->add_auth(AuthRequest::USE, perm);
}
else
{
ar->add_auth(AuthRequest::USE_NO_LCK, perm);
}
}
/* -------------------------------------------------------------------------- */

5
src/vrouter/VirtualRouter.cc
View File

@ -707,14 +707,15 @@ VectorAttribute* VirtualRouter::get_nic(int nic_id) const
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualRouter::set_auth_request(int uid, AuthRequest& ar, Template *tmpl)
void VirtualRouter::set_auth_request(int uid, AuthRequest& ar, Template *tmpl,
bool check_lock)
{
VirtualMachineNics::nic_iterator nic;
VirtualMachineNics tnics(tmpl);
for( nic = tnics.begin(); nic != tnics.end(); ++nic)
{
(*nic)->authorize_vrouter(uid, &ar);
(*nic)->authorize_vrouter(uid, &ar, check_lock);
}
}