diff --git a/include/Datastore.h b/include/Datastore.h index a4b8d4243d..99b4f06130 100644 --- a/include/Datastore.h +++ b/include/Datastore.h @@ -195,6 +195,7 @@ private: int gid, const string& uname, const string& gname, + int umask, DatastoreTemplate* ds_template, int cluster_id, const string& cluster_name); diff --git a/include/DatastorePool.h b/include/DatastorePool.h index 07d607a749..3ad5cac976 100644 --- a/include/DatastorePool.h +++ b/include/DatastorePool.h @@ -75,6 +75,7 @@ public: * @param gid the id of the group this object is assigned to * @param uname name of the user * @param gname name of the group + * @param umask permissions umask * @param ds_template Datastore definition template * @param oid the id assigned to the Datastore * @param cluster_id the id of the cluster this Datastore will belong to @@ -88,6 +89,7 @@ public: int gid, const string& uname, const string& gname, + int umask, DatastoreTemplate * ds_template, int * oid, int cluster_id, @@ -182,7 +184,7 @@ private: */ PoolObjectSQL * create() { - return new Datastore(-1,-1,"","", 0, -1, ""); + return new Datastore(-1,-1,"","", 0, 0, -1, ""); }; }; diff --git a/include/Document.h b/include/Document.h index fa3ec1fbc1..e545665ffd 100644 --- a/include/Document.h +++ b/include/Document.h @@ -127,6 +127,7 @@ protected: int gid, const string& uname, const string& gname, + int umask, int type, Template * _template_contents); diff --git a/include/DocumentPool.h b/include/DocumentPool.h index 47b5b96f7f..8a20348f93 100644 --- a/include/DocumentPool.h +++ b/include/DocumentPool.h @@ -38,6 +38,7 @@ public: * @param gid the id of the group this object is assigned to * @param uname name of the owner user * @param gname name of the group + * @param umask permissions umask * @param type for the new Document * @param template_contents a Template object * @param oid the id assigned to the Document @@ -49,13 +50,14 @@ public: int gid, const string& uname, const string& gname, + int umask, int type, Template * template_contents, int * oid, string& error_str) { *oid = PoolSQL::allocate( - new Document(-1, uid, gid, uname, gname, type, template_contents), + new Document(-1, uid, gid, uname, gname, umask, type, template_contents), error_str); return *oid; @@ -115,7 +117,7 @@ private: */ PoolObjectSQL * create() { - return new Document(-1,-1,-1,"","",0,0); + return new Document(-1,-1,-1,"","",0,0,0); }; }; diff --git a/include/Image.h b/include/Image.h index d23530fadc..11f2b5b950 100644 --- a/include/Image.h +++ b/include/Image.h @@ -615,6 +615,7 @@ protected: int gid, const string& uname, const string& gname, + int umask, ImageTemplate* img_template); virtual ~Image(); diff --git a/include/ImagePool.h b/include/ImagePool.h index a2ef77a4e1..8d8247b179 100644 --- a/include/ImagePool.h +++ b/include/ImagePool.h @@ -54,6 +54,7 @@ public: * @param gid the id of the group this object is assigned to * @param uname name of the user * @param gname name of the group + * @param umask permissions umask * @param img_template template associated with the image * @param ds_id the id of the datastore * @param ds_name the name of the datastore @@ -73,6 +74,7 @@ public: int gid, const string& uname, const string& gname, + int umask, ImageTemplate * img_template, int ds_id, const string& ds_name, @@ -219,7 +221,7 @@ private: */ PoolObjectSQL * create() { - return new Image(-1,-1,"","",0); + return new Image(-1,-1,"","",0,0); }; }; diff --git a/include/PoolObjectSQL.h b/include/PoolObjectSQL.h index 46f927b58b..b6165a2e2f 100644 --- a/include/PoolObjectSQL.h +++ b/include/PoolObjectSQL.h @@ -518,6 +518,14 @@ protected: } }; + /** + * Initializes the object's permissions, according to the provided umask. + * + * @param umask Permission mask, similar to unix umask. + * For example a umask of 137 will set the permissions "um- u-- ---" + */ + void set_umask(int umask); + /** * The object's unique ID */ diff --git a/include/RequestManagerAllocate.h b/include/RequestManagerAllocate.h index 5ea9a69efc..a6a90e5fca 100644 --- a/include/RequestManagerAllocate.h +++ b/include/RequestManagerAllocate.h @@ -65,7 +65,8 @@ protected: Template * tmpl, int& id, string& error_str, - RequestAttributes& att) + RequestAttributes& att, + int umask) { return -1; }; @@ -76,9 +77,10 @@ protected: string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name) + const string& cluster_name, + int umask) { - return pool_allocate(_paramList, tmpl, id, error_str, att); + return pool_allocate(_paramList, tmpl, id, error_str, att, umask); }; virtual int get_cluster_id(xmlrpc_c::paramList const& paramList) @@ -139,7 +141,8 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att); + RequestAttributes& att, + int umask); bool allocate_authorization(Template * obj_template, RequestAttributes& att, @@ -178,7 +181,8 @@ public: string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name); + const string& cluster_name, + int umask); int get_cluster_id(xmlrpc_c::paramList const& paramList) { @@ -250,7 +254,8 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att); + RequestAttributes& att, + int umask); }; /* ------------------------------------------------------------------------- */ @@ -280,7 +285,8 @@ public: string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name); + const string& cluster_name, + int umask); int get_cluster_id(xmlrpc_c::paramList const& paramList) { @@ -320,7 +326,8 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att); + RequestAttributes& att, + int umask); void log_xmlrpc_param( const xmlrpc_c::value& v, @@ -351,7 +358,8 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att); + RequestAttributes& att, + int umask); }; /* ------------------------------------------------------------------------- */ @@ -386,7 +394,8 @@ public: string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name); + const string& cluster_name, + int umask); int get_cluster_id(xmlrpc_c::paramList const& paramList) { @@ -440,7 +449,8 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att); + RequestAttributes& att, + int umask); }; /* ------------------------------------------------------------------------- */ @@ -473,7 +483,8 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att); + RequestAttributes& att, + int umask); }; /* -------------------------------------------------------------------------- */ diff --git a/include/RequestManagerClone.h b/include/RequestManagerClone.h index 37d1428e30..068538d501 100644 --- a/include/RequestManagerClone.h +++ b/include/RequestManagerClone.h @@ -49,7 +49,8 @@ protected: Template * tmpl, int& id, string& error_str, - RequestAttributes& att) = 0; + RequestAttributes& att, + int umask) = 0; }; /* ------------------------------------------------------------------------- */ @@ -83,15 +84,16 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att) + RequestAttributes& att, + int umask) { VMTemplatePool * tpool = static_cast(pool); VirtualMachineTemplate * ttmpl = static_cast(tmpl); - return tpool->allocate(att.uid, att.gid, att.uname, att.gname, ttmpl, - &id, error_str); + return tpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, + ttmpl, &id, error_str); }; }; @@ -127,12 +129,13 @@ public: Template * tmpl, int& id, string& error_str, - RequestAttributes& att) + RequestAttributes& att, + int umask) { DocumentPool * docpool = static_cast(pool); Document * doc = docpool->get(source_id, true); - return docpool->allocate(att.uid, att.gid, att.uname, att.gname, + return docpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, doc->get_document_type(), tmpl, &id, error_str); }; }; diff --git a/include/User.h b/include/User.h index f8aa724fcc..1acd24737c 100644 --- a/include/User.h +++ b/include/User.h @@ -173,6 +173,14 @@ public: */ Quotas quota; + /** + * Returns the UMASK template attribute (read as an octal number), or the + * default UMASK from oned.conf if it does not exist + * + * @return the UMASK to create new objects + */ + int get_umask() const; + private: // ------------------------------------------------------------------------- // Friends diff --git a/include/VMTemplate.h b/include/VMTemplate.h index b48f7ddb75..edf7616ebe 100644 --- a/include/VMTemplate.h +++ b/include/VMTemplate.h @@ -117,6 +117,7 @@ protected: int gid, const string& uname, const string& gname, + int umask, VirtualMachineTemplate * _template_contents); ~VMTemplate(); diff --git a/include/VMTemplatePool.h b/include/VMTemplatePool.h index 71c7d7bf73..4df888aaa6 100644 --- a/include/VMTemplatePool.h +++ b/include/VMTemplatePool.h @@ -36,6 +36,9 @@ public: * allocated for the object. * @param uid user id (the owner of the Template) * @param gid the id of the group this object is assigned to + * @param uname user name + * @param gname group name + * @param umask permissions umask * @param template_contents a VM Template object * @param oid the id assigned to the Template * @param error_str Returns the error reason, if any @@ -46,6 +49,7 @@ public: int gid, const string& uname, const string& gname, + int umask, VirtualMachineTemplate * template_contents, int * oid, string& error_str); @@ -118,7 +122,7 @@ private: */ PoolObjectSQL * create() { - return new VMTemplate(-1,-1,-1,"","",0); + return new VMTemplate(-1,-1,-1,"","",0,0); }; }; diff --git a/include/VirtualMachine.h b/include/VirtualMachine.h index 01c8da097f..08b02cf5ac 100644 --- a/include/VirtualMachine.h +++ b/include/VirtualMachine.h @@ -1220,6 +1220,7 @@ protected: int gid, const string& uname, const string& gname, + int umask, VirtualMachineTemplate * _vm_template); virtual ~VirtualMachine(); diff --git a/include/VirtualMachinePool.h b/include/VirtualMachinePool.h index ea808432d5..d75e4103ef 100644 --- a/include/VirtualMachinePool.h +++ b/include/VirtualMachinePool.h @@ -46,10 +46,14 @@ public: * Function to allocate a new VM object * @param uid user id (the owner of the VM) * @param gid the id of the group this object is assigned to + * @param uname user name + * @param gname group name + * @param umask permissions umask * @param vm_template a VM Template object describing the VM * @param oid the id assigned to the VM (output) * @param error_str Returns the error reason, if any * @param on_hold flag to submit on hold + * * @return oid on success, -1 error inserting in DB or -2 error parsing * the template */ @@ -58,6 +62,7 @@ public: int gid, const string& uname, const string& gname, + int umask, VirtualMachineTemplate * vm_template, int * oid, string& error_str, @@ -249,7 +254,7 @@ private: */ PoolObjectSQL * create() { - return new VirtualMachine(-1,-1,-1,"","",0); + return new VirtualMachine(-1,-1,-1,"","",0,0); }; /** diff --git a/include/VirtualNetwork.h b/include/VirtualNetwork.h index a70063059c..146d6874c3 100644 --- a/include/VirtualNetwork.h +++ b/include/VirtualNetwork.h @@ -299,6 +299,7 @@ private: int gid, const string& _uname, const string& _gname, + int _umask, int _cluster_id, const string& _cluster_name, VirtualNetworkTemplate * _vn_template = 0); diff --git a/include/VirtualNetworkPool.h b/include/VirtualNetworkPool.h index c7ed6e842d..1636718a38 100644 --- a/include/VirtualNetworkPool.h +++ b/include/VirtualNetworkPool.h @@ -45,6 +45,9 @@ public: * Function to allocate a new VNET object * @param uid user identifier * @param gid the id of the group this object is assigned to + * @param uname user name + * @param gname group name + * @param umask permissions umask * @param vn_template a VirtualNetworkTemplate describing the VNET * @param oid the id assigned to the VM (output) * @param cluster_id the id of the cluster this VNET will belong to @@ -57,6 +60,7 @@ public: int gid, const string& uname, const string& gname, + int umask, VirtualNetworkTemplate * vn_template, int * oid, int cluster_id, @@ -169,7 +173,7 @@ private: */ PoolObjectSQL * create() { - return new VirtualNetwork(-1,-1,"","",-1,"",0); + return new VirtualNetwork(-1,-1,"","",0,-1,"",0); }; /** diff --git a/share/etc/oned.conf b/share/etc/oned.conf index de90413f55..f32a3254f0 100644 --- a/share/etc/oned.conf +++ b/share/etc/oned.conf @@ -465,6 +465,10 @@ HM_MAD = [ # ENABLE_OTHER_PERMISSIONS: Whether or not users can set the permissions for # 'other', so publishing or sharing resources with others. Users in the oneadmin # group will still be able to change these permissions. Values: YES or NO. +# +# DEFAULT_UMASK: Similar to Unix umask, sets the default resources permissions. +# Its format must be 3 octal digits. For example a umask of 137 will set +# the new object's permissions to 640 "um- u-- ---" #******************************************************************************* AUTH_MAD = [ @@ -476,6 +480,8 @@ SESSION_EXPIRATION_TIME = 900 #ENABLE_OTHER_PERMISSIONS = "YES" +DEFAULT_UMASK = 177 + #******************************************************************************* # Restricted Attributes Configuration #******************************************************************************* diff --git a/src/cli/oneuser b/src/cli/oneuser index 357cfa4887..28157f0f52 100755 --- a/src/cli/oneuser +++ b/src/cli/oneuser @@ -270,6 +270,39 @@ cmd=CommandParser::CmdParser.new(ARGV) do exit 0 end + umask_desc = <<-EOT.unindent + Changes the umask used to create the default permissions. In a similar + way to the Unix umask command, the expected value is a three-digit + base-8 number. Each digit is a mask that disables permissions for the + owner, group and other, respectively. + + If mask is not given, or if it is an empty string, the umask will + be unset + EOT + + command :umask, umask_desc, [:range, :userid_list], [:mask, nil] do + helper.perform_actions(args[0],options, + "umask changed") do |user| + + rc = user.info + + if OpenNebula.is_error?(rc) + puts rc.message + exit -1 + end + + user.delete_element('/USER/TEMPLATE/UMASK') + + tmp_str = user.template_str + + if !args[1].nil? && args[1] != "" + tmp_str << "\nUMASK = #{args[1]}" + end + + user.update(tmp_str) + end + end + login_desc = <<-EOT.unindent Creates the Login token for authentication Examples: diff --git a/src/datastore/Datastore.cc b/src/datastore/Datastore.cc index d908048e74..62b63f5da5 100644 --- a/src/datastore/Datastore.cc +++ b/src/datastore/Datastore.cc @@ -41,6 +41,7 @@ Datastore::Datastore( int gid, const string& uname, const string& gname, + int umask, DatastoreTemplate* ds_template, int cluster_id, const string& cluster_name): @@ -52,8 +53,6 @@ Datastore::Datastore( base_path(""), type(IMAGE_DS) { - group_u = 1; - if (ds_template != 0) { obj_template = ds_template; @@ -62,6 +61,10 @@ Datastore::Datastore( { obj_template = new DatastoreTemplate; } + + set_umask(umask); + + group_u = 1; } /* ------------------------------------------------------------------------ */ diff --git a/src/datastore/DatastorePool.cc b/src/datastore/DatastorePool.cc index 676e894357..4da33fefe6 100644 --- a/src/datastore/DatastorePool.cc +++ b/src/datastore/DatastorePool.cc @@ -47,7 +47,6 @@ DatastorePool::DatastorePool(SqlDB * db): if (get_lastOID() == -1) //lastOID is set in PoolSQL::init_cb { DatastoreTemplate * ds_tmpl; - Datastore * ds; int rc; @@ -71,6 +70,7 @@ DatastorePool::DatastorePool(SqlDB * db): GroupPool::ONEADMIN_ID, UserPool::oneadmin_name, GroupPool::ONEADMIN_NAME, + 0137, ds_tmpl, &rc, ClusterPool::NONE_CLUSTER_ID, @@ -104,6 +104,7 @@ DatastorePool::DatastorePool(SqlDB * db): GroupPool::ONEADMIN_ID, UserPool::oneadmin_name, GroupPool::ONEADMIN_NAME, + 0133, ds_tmpl, &rc, ClusterPool::NONE_CLUSTER_ID, @@ -115,18 +116,6 @@ DatastorePool::DatastorePool(SqlDB * db): goto error_bootstrap; } - ds = get(rc, true); - - ds->set_permissions( - -1,-1,-1, - -1,-1,-1, - 1,-1,-1, - error_str); - - update(ds); - - ds->unlock(); - // --------------------------------------------------------------------- // Create the default file datastore // --------------------------------------------------------------------- @@ -149,6 +138,7 @@ DatastorePool::DatastorePool(SqlDB * db): GroupPool::ONEADMIN_ID, UserPool::oneadmin_name, GroupPool::ONEADMIN_NAME, + 0133, ds_tmpl, &rc, ClusterPool::NONE_CLUSTER_ID, @@ -160,18 +150,6 @@ DatastorePool::DatastorePool(SqlDB * db): goto error_bootstrap; } - ds = get(rc, true); - - ds->set_permissions( - -1,-1,-1, - -1,-1,-1, - 1,-1,-1, - error_str); - - update(ds); - - ds->unlock(); - // User created datastores will start from ID 100 set_update_lastOID(99); } @@ -194,6 +172,7 @@ int DatastorePool::allocate( int gid, const string& uname, const string& gname, + int umask, DatastoreTemplate * ds_template, int * oid, int cluster_id, @@ -205,7 +184,7 @@ int DatastorePool::allocate( string name; ostringstream oss; - ds = new Datastore(uid, gid, uname, gname, + ds = new Datastore(uid, gid, uname, gname, umask, ds_template, cluster_id, cluster_name); // ------------------------------------------------------------------------- diff --git a/src/document/Document.cc b/src/document/Document.cc index ea6e630007..89d5eac7c8 100644 --- a/src/document/Document.cc +++ b/src/document/Document.cc @@ -25,6 +25,7 @@ Document::Document( int id, int _gid, const string& _uname, const string& _gname, + int _umask, int _type, Template * _template_contents): PoolObjectSQL(id,DOCUMENT,"",_uid,_gid,_uname,_gname,table), type(_type) @@ -37,6 +38,8 @@ Document::Document( int id, { obj_template = new Template; } + + set_umask(_umask); } /* ------------------------------------------------------------------------ */ diff --git a/src/image/Image.cc b/src/image/Image.cc index 6512204312..02a75643a5 100644 --- a/src/image/Image.cc +++ b/src/image/Image.cc @@ -38,6 +38,7 @@ Image::Image(int _uid, int _gid, const string& _uname, const string& _gname, + int _umask, ImageTemplate * _image_template): PoolObjectSQL(-1,IMAGE,"",_uid,_gid,_uname,_gname,table), type(OS), @@ -64,6 +65,8 @@ Image::Image(int _uid, { obj_template = new ImageTemplate; } + + set_umask(_umask); } Image::~Image() diff --git a/src/image/ImagePool.cc b/src/image/ImagePool.cc index 5473b188d2..04e17bda56 100644 --- a/src/image/ImagePool.cc +++ b/src/image/ImagePool.cc @@ -67,6 +67,7 @@ int ImagePool::allocate ( int gid, const string& uname, const string& gname, + int umask, ImageTemplate * img_template, int ds_id, const string& ds_name, @@ -86,7 +87,7 @@ int ImagePool::allocate ( string type; ostringstream oss; - img = new Image(uid, gid, uname, gname, img_template); + img = new Image(uid, gid, uname, gname, umask, img_template); // ------------------------------------------------------------------------- // Check name & duplicates diff --git a/src/nebula/NebulaTemplate.cc b/src/nebula/NebulaTemplate.cc index 578d359167..70252f528b 100644 --- a/src/nebula/NebulaTemplate.cc +++ b/src/nebula/NebulaTemplate.cc @@ -225,6 +225,7 @@ void OpenNebulaTemplate::set_conf_default() #******************************************************************************* # SESSION_EXPIRATION_TIME # ENABLE_OTHER_PERMISSIONS +# DEFAULT_UMASK #******************************************************************************* */ // SESSION_EXPIRATION_TIME @@ -238,5 +239,11 @@ void OpenNebulaTemplate::set_conf_default() attribute = new SingleAttribute("ENABLE_OTHER_PERMISSIONS",value); conf_default.insert(make_pair(attribute->name(),attribute)); + + // DEFAULT_UMASK + value = "177"; + + attribute = new SingleAttribute("DEFAULT_UMASK",value); + conf_default.insert(make_pair(attribute->name(),attribute)); } diff --git a/src/pool/PoolObjectSQL.cc b/src/pool/PoolObjectSQL.cc index e871058835..3f2e3df65d 100644 --- a/src/pool/PoolObjectSQL.cc +++ b/src/pool/PoolObjectSQL.cc @@ -17,6 +17,7 @@ #include "PoolObjectSQL.h" #include "PoolObjectAuth.h" #include "SSLTools.h" +#include "Nebula.h" /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ @@ -305,3 +306,41 @@ error_value: /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ + +void PoolObjectSQL::set_umask(int umask) +{ + int perms; + bool enable_other; + + Nebula::instance().get_configuration_attribute( + "ENABLE_OTHER_PERMISSIONS", enable_other); + + if (uid == 0 || gid == 0) + { + perms = 0777; + } + else if (enable_other) + { + perms = 0666; + } + else + { + perms = 0660; + } + + perms = perms & ~umask; + + owner_u = ( (perms & 0400) != 0 ) ? 1 : 0; + owner_m = ( (perms & 0200) != 0 ) ? 1 : 0; + owner_a = ( (perms & 0100) != 0 ) ? 1 : 0; + group_u = ( (perms & 0040) != 0 ) ? 1 : 0; + group_m = ( (perms & 0020) != 0 ) ? 1 : 0; + group_a = ( (perms & 0010) != 0 ) ? 1 : 0; + other_u = ( (perms & 0004) != 0 ) ? 1 : 0; + other_m = ( (perms & 0002) != 0 ) ? 1 : 0; + other_a = ( (perms & 0001) != 0 ) ? 1 : 0; + +} + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc index 8363e26c6c..9eda566185 100644 --- a/src/rm/RequestManagerAllocate.cc +++ b/src/rm/RequestManagerAllocate.cc @@ -131,13 +131,31 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params, Template * tmpl = 0; string error_str; - int rc, id; + int rc, id, umask; Cluster * cluster = 0; int cluster_id = ClusterPool::NONE_CLUSTER_ID; string cluster_name = ClusterPool::NONE_CLUSTER_NAME; PoolObjectAuth cluster_perms; + User * user; + UserPool * upool = Nebula::instance().get_upool(); + + user = upool->get(att.uid, true); + + if ( user == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(PoolObjectSQL::USER), att.uid), + att); + + return; + } + + umask = user->get_umask(); + + user->unlock(); + if ( do_template == true ) { string str_tmpl = xmlrpc_c::value_string(params.getString(1)); @@ -179,7 +197,7 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params, return; } - rc = pool_allocate(params, tmpl, id, error_str, att, cluster_id, cluster_name); + rc = pool_allocate(params, tmpl, id, error_str, att, cluster_id, cluster_name, umask); if ( rc < 0 ) { @@ -234,11 +252,13 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params, /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int VirtualMachineAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, - Template * tmpl, - int& id, - string& error_str, - RequestAttributes& att) +int VirtualMachineAllocate::pool_allocate( + xmlrpc_c::paramList const& paramList, + Template * tmpl, + int& id, + string& error_str, + RequestAttributes& att, + int umask) { bool on_hold = false; @@ -252,8 +272,8 @@ int VirtualMachineAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, Template tmpl_back(*tmpl); - int rc = vmpool->allocate(att.uid, att.gid, att.uname, att.gname, ttmpl, &id, - error_str, on_hold); + int rc = vmpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, + ttmpl, &id, error_str, on_hold); if ( rc < 0 ) { @@ -274,13 +294,14 @@ int VirtualNetworkAllocate::pool_allocate( string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name) + const string& cluster_name, + int umask) { VirtualNetworkPool * vpool = static_cast(pool); VirtualNetworkTemplate * vtmpl=static_cast(tmpl); - return vpool->allocate(att.uid, att.gid, att.uname, att.gname, vtmpl, &id, - cluster_id, cluster_name, error_str); + return vpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, + vtmpl, &id, cluster_id, cluster_name, error_str); } /* -------------------------------------------------------------------------- */ @@ -309,18 +330,41 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params, Nebula& nd = Nebula::instance(); + UserPool * upool = nd.get_upool(); DatastorePool * dspool = nd.get_dspool(); ImagePool * ipool = static_cast(pool); ImageManager * imagem = nd.get_imagem(); - ImageTemplate * tmpl = new ImageTemplate; + ImageTemplate * tmpl; Template img_usage; + User * user; Datastore * ds; Image::DiskType ds_disk_type; + int umask; + + // ------------------------- Get user's umask ------------------------------ + + user = upool->get(att.uid, true); + + if ( user == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(PoolObjectSQL::USER), att.uid), + att); + + return; + } + + umask = user->get_umask(); + + user->unlock(); + // ------------------------- Parse image template -------------------------- + tmpl = new ImageTemplate; + rc = tmpl->parse_str_or_xml(str_tmpl, error_str); if ( rc != 0 ) @@ -456,6 +500,7 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params, att.gid, att.uname, att.gname, + umask, tmpl, ds_id, ds_name, @@ -490,18 +535,20 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params, /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int TemplateAllocate::pool_allocate(xmlrpc_c::paramList const& _paramList, - Template * tmpl, - int& id, - string& error_str, - RequestAttributes& att) +int TemplateAllocate::pool_allocate( + xmlrpc_c::paramList const& paramList, + Template * tmpl, + int& id, + string& error_str, + RequestAttributes& att, + int umask) { VMTemplatePool * tpool = static_cast(pool); VirtualMachineTemplate * ttmpl=static_cast(tmpl); - return tpool->allocate(att.uid, att.gid, att.uname, att.gname, ttmpl, &id, - error_str); + return tpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, ttmpl, + &id, error_str); } /* -------------------------------------------------------------------------- */ @@ -514,7 +561,8 @@ int HostAllocate::pool_allocate( string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name) + const string& cluster_name, + int umask) { string host = xmlrpc_c::value_string(paramList.getString(1)); string im_mad = xmlrpc_c::value_string(paramList.getString(2)); @@ -531,11 +579,13 @@ int HostAllocate::pool_allocate( /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int UserAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, - Template * tmpl, - int& id, - string& error_str, - RequestAttributes& att) +int UserAllocate::pool_allocate( + xmlrpc_c::paramList const& paramList, + Template * tmpl, + int& id, + string& error_str, + RequestAttributes& att, + int umask) { string uname = xmlrpc_c::value_string(paramList.getString(1)); string passwd = xmlrpc_c::value_string(paramList.getString(2)); @@ -580,11 +630,13 @@ void UserAllocate::log_xmlrpc_param( /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int GroupAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, - Template * tmpl, - int& id, - string& error_str, - RequestAttributes& att) +int GroupAllocate::pool_allocate( + xmlrpc_c::paramList const& paramList, + Template * tmpl, + int& id, + string& error_str, + RequestAttributes& att, + int umask) { string gname = xmlrpc_c::value_string(paramList.getString(1)); @@ -603,24 +655,27 @@ int DatastoreAllocate::pool_allocate( string& error_str, RequestAttributes& att, int cluster_id, - const string& cluster_name) + const string& cluster_name, + int umask) { DatastorePool * dspool = static_cast(pool); DatastoreTemplate * ds_tmpl = static_cast(tmpl); - return dspool->allocate(att.uid, att.gid, att.uname, att.gname, + return dspool->allocate(att.uid, att.gid, att.uname, att.gname, umask, ds_tmpl, &id, cluster_id, cluster_name, error_str); } /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int ClusterAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, - Template * tmpl, - int& id, - string& error_str, - RequestAttributes& att) +int ClusterAllocate::pool_allocate( + xmlrpc_c::paramList const& paramList, + Template * tmpl, + int& id, + string& error_str, + RequestAttributes& att, + int umask) { string name = xmlrpc_c::value_string(paramList.getString(1)); @@ -632,16 +687,18 @@ int ClusterAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int DocumentAllocate::pool_allocate(xmlrpc_c::paramList const& paramList, - Template * tmpl, - int& id, - string& error_str, - RequestAttributes& att) +int DocumentAllocate::pool_allocate( + xmlrpc_c::paramList const& paramList, + Template * tmpl, + int& id, + string& error_str, + RequestAttributes& att, + int umask) { int type = xmlrpc_c::value_int(paramList.getInt(2)); DocumentPool * docpool = static_cast(pool); - return docpool->allocate(att.uid, att.gid, att.uname, att.gname, type, - tmpl, &id, error_str); + return docpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, + type, tmpl, &id, error_str); } diff --git a/src/rm/RequestManagerClone.cc b/src/rm/RequestManagerClone.cc index 12eeebabcb..5a11869bfd 100644 --- a/src/rm/RequestManagerClone.cc +++ b/src/rm/RequestManagerClone.cc @@ -28,15 +28,33 @@ void RequestManagerClone::request_execute( int source_id = xmlrpc_c::value_int(paramList.getInt(1)); string name = xmlrpc_c::value_string(paramList.getString(2)); - int rc, new_id; + int rc, new_id, umask; PoolObjectAuth perms; Template * tmpl; PoolObjectSQL * source_obj; + User * user; + + UserPool * upool = Nebula::instance().get_upool(); string error_str; + user = upool->get(att.uid, true); + + if ( user == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(PoolObjectSQL::USER), att.uid), + att); + + return; + } + + umask = user->get_umask(); + + user->unlock(); + source_obj = pool->get(source_id, true); if ( source_obj == 0 ) @@ -80,7 +98,7 @@ void RequestManagerClone::request_execute( } } - rc = pool_allocate(source_id, tmpl, new_id, error_str, att); + rc = pool_allocate(source_id, tmpl, new_id, error_str, att, umask); if ( rc < 0 ) { diff --git a/src/rm/RequestManagerImage.cc b/src/rm/RequestManagerImage.cc index 6b0722c0c1..08cedce7e4 100644 --- a/src/rm/RequestManagerImage.cc +++ b/src/rm/RequestManagerImage.cc @@ -229,7 +229,7 @@ void ImageClone::request_execute( int clone_id = xmlrpc_c::value_int(paramList.getInt(1)); string name = xmlrpc_c::value_string(paramList.getString(2)); - int rc, new_id, ds_id, size; + int rc, new_id, ds_id, size, umask; string error_str, ds_name, ds_data; Image::DiskType disk_type; @@ -239,11 +239,30 @@ void ImageClone::request_execute( Template img_usage; Image * img; Datastore * ds; + User * user; Nebula& nd = Nebula::instance(); DatastorePool * dspool = nd.get_dspool(); ImagePool * ipool = static_cast(pool); + UserPool * upool = nd.get_upool(); + + // ------------------------- Get user's umask ------------------------------ + + user = upool->get(att.uid, true); + + if ( user == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(PoolObjectSQL::USER), att.uid), + att); + + return; + } + + umask = user->get_umask(); + + user->unlock(); // ------------------------- Get source Image info ------------------------- @@ -360,6 +379,7 @@ void ImageClone::request_execute( att.gid, att.uname, att.gname, + umask, tmpl, ds_id, ds_name, diff --git a/src/rm/RequestManagerVMTemplate.cc b/src/rm/RequestManagerVMTemplate.cc index 9ec757125d..f9db6cf281 100644 --- a/src/rm/RequestManagerVMTemplate.cc +++ b/src/rm/RequestManagerVMTemplate.cc @@ -30,6 +30,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList int rc; int vid; + int umask; ostringstream sid; @@ -37,11 +38,13 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList Nebula& nd = Nebula::instance(); - VirtualMachinePool* vmpool = nd.get_vmpool(); - VMTemplatePool * tpool = static_cast(pool); + VirtualMachinePool* vmpool = nd.get_vmpool(); + VMTemplatePool * tpool = static_cast(pool); + UserPool * upool = nd.get_upool(); VirtualMachineTemplate * tmpl; VMTemplate * rtmpl; + User * user; string error_str; string aname; @@ -53,6 +56,25 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList on_hold = xmlrpc_c::value_boolean(paramList.getBoolean(3)); } + /* ---------------------------------------------------------------------- */ + /* Get user's umask */ + /* ---------------------------------------------------------------------- */ + + user = upool->get(att.uid, true); + + if ( user == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(PoolObjectSQL::USER), att.uid), + att); + + return; + } + + umask = user->get_umask(); + + user->unlock(); + /* ---------------------------------------------------------------------- */ /* Get, check and clone the template */ /* ---------------------------------------------------------------------- */ @@ -138,8 +160,8 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList Template tmpl_back(*tmpl); - rc = vmpool->allocate(att.uid, att.gid, att.uname, att.gname, tmpl, &vid, - error_str, on_hold); + rc = vmpool->allocate(att.uid, att.gid, att.uname, att.gname, umask, + tmpl, &vid, error_str, on_hold); if ( rc < 0 ) { diff --git a/src/rm/RequestManagerVirtualMachine.cc b/src/rm/RequestManagerVirtualMachine.cc index babe60d527..055ab79c11 100644 --- a/src/rm/RequestManagerVirtualMachine.cc +++ b/src/rm/RequestManagerVirtualMachine.cc @@ -681,8 +681,9 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis { Nebula& nd = Nebula::instance(); - ImagePool * ipool = nd.get_ipool(); - DatastorePool * dspool = nd.get_dspool(); + ImagePool * ipool = nd.get_ipool(); + DatastorePool * dspool = nd.get_dspool(); + UserPool * upool = nd.get_upool(); int id = xmlrpc_c::value_int(paramList.getInt(1)); int disk_id = xmlrpc_c::value_int(paramList.getInt(2)); @@ -695,8 +696,10 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis Image * img; Datastore * ds; + User * user; Image::DiskType ds_disk_type; + int umask; int rc; string error_str; @@ -730,6 +733,25 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis return; } + // ------------------------------------------------------------------------- + // Get user's umask + // ------------------------------------------------------------------------- + + user = upool->get(att.uid, true); + + if ( user == 0 ) + { + failure_response(NO_EXISTS, + get_error(object_name(PoolObjectSQL::USER), att.uid), + att); + + return; + } + + umask = user->get_umask(); + + user->unlock(); + // ------------------------------------------------------------------------- // Get the data of the Image to be saved // ------------------------------------------------------------------------- @@ -859,6 +881,7 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis att.gid, att.uname, att.gname, + umask, itemplate, ds_id, ds_name, diff --git a/src/um/User.cc b/src/um/User.cc index 0dfc86cc8f..91e7033d35 100644 --- a/src/um/User.cc +++ b/src/um/User.cc @@ -197,8 +197,8 @@ int User::from_xml(const string& xml) rc += obj_template->from_xml_node(content[0]); ObjectXML::free_nodes(content); - - rc += quota.from_xml(this); + + rc += quota.from_xml(this); if (rc != 0) { @@ -283,6 +283,30 @@ bool User::pass_is_valid(const string& pass, string& error_str) return true; } + /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ +int User::get_umask() const +{ + string umask_st; + int umask; + + istringstream iss; + + get_template_attribute("UMASK", umask_st); + + if(umask_st.empty()) + { + Nebula::instance().get_configuration_attribute("DEFAULT_UMASK",umask_st); + } + + iss.str(umask_st); + + iss >> oct >> umask; + + return (umask & 0777); +} + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ diff --git a/src/vm/VirtualMachine.cc b/src/vm/VirtualMachine.cc index d405df16c3..b7fc048f3c 100644 --- a/src/vm/VirtualMachine.cc +++ b/src/vm/VirtualMachine.cc @@ -43,6 +43,7 @@ VirtualMachine::VirtualMachine(int id, int _gid, const string& _uname, const string& _gname, + int umask, VirtualMachineTemplate * _vm_template): PoolObjectSQL(id,VM,"",_uid,_gid,_uname,_gname,table), last_poll(0), @@ -70,6 +71,8 @@ VirtualMachine::VirtualMachine(int id, } user_obj_template = new Template(false,'=',"USER_TEMPLATE"); + + set_umask(umask); } VirtualMachine::~VirtualMachine() diff --git a/src/vm/VirtualMachinePool.cc b/src/vm/VirtualMachinePool.cc index 1408dc22b0..d6087b22d5 100644 --- a/src/vm/VirtualMachinePool.cc +++ b/src/vm/VirtualMachinePool.cc @@ -210,6 +210,7 @@ int VirtualMachinePool::allocate ( int gid, const string& uname, const string& gname, + int umask, VirtualMachineTemplate * vm_template, int * oid, string& error_str, @@ -220,7 +221,7 @@ int VirtualMachinePool::allocate ( // ------------------------------------------------------------------------ // Build a new Virtual Machine object // ------------------------------------------------------------------------ - vm = new VirtualMachine(-1, uid, gid, uname, gname, vm_template); + vm = new VirtualMachine(-1, uid, gid, uname, gname, umask, vm_template); if ( _submit_on_hold == true || on_hold ) { diff --git a/src/vm_template/VMTemplate.cc b/src/vm_template/VMTemplate.cc index 0b20667399..36799f03c1 100644 --- a/src/vm_template/VMTemplate.cc +++ b/src/vm_template/VMTemplate.cc @@ -28,6 +28,7 @@ VMTemplate::VMTemplate(int id, int _gid, const string& _uname, const string& _gname, + int umask, VirtualMachineTemplate * _template_contents): PoolObjectSQL(id,TEMPLATE,"",_uid,_gid,_uname,_gname,table), regtime(time(0)) @@ -40,6 +41,8 @@ VMTemplate::VMTemplate(int id, { obj_template = new VirtualMachineTemplate; } + + set_umask(umask); } /* ------------------------------------------------------------------------ */ diff --git a/src/vm_template/VMTemplatePool.cc b/src/vm_template/VMTemplatePool.cc index b88f3aec40..50bd3638db 100644 --- a/src/vm_template/VMTemplatePool.cc +++ b/src/vm_template/VMTemplatePool.cc @@ -28,6 +28,7 @@ int VMTemplatePool::allocate ( int gid, const string& uname, const string& gname, + int umask, VirtualMachineTemplate * template_contents, int * oid, string& error_str) @@ -40,7 +41,7 @@ int VMTemplatePool::allocate ( // ------------------------------------------------------------------------ // Build a new VMTemplate object // ------------------------------------------------------------------------ - vm_template = new VMTemplate(-1, uid, gid, uname, gname,template_contents); + vm_template = new VMTemplate(-1, uid, gid, uname, gname, umask, template_contents); // Check name vm_template->get_template_attribute("NAME", name); diff --git a/src/vnm/VirtualNetwork.cc b/src/vnm/VirtualNetwork.cc index ae6282be7f..17d2dbe848 100644 --- a/src/vnm/VirtualNetwork.cc +++ b/src/vnm/VirtualNetwork.cc @@ -36,6 +36,7 @@ VirtualNetwork::VirtualNetwork(int _uid, int _gid, const string& _uname, const string& _gname, + int _umask, int _cluster_id, const string& _cluster_name, VirtualNetworkTemplate * _vn_template): @@ -53,6 +54,8 @@ VirtualNetwork::VirtualNetwork(int _uid, { obj_template = new VirtualNetworkTemplate; } + + set_umask(_umask); }; /* -------------------------------------------------------------------------- */ diff --git a/src/vnm/VirtualNetworkPool.cc b/src/vnm/VirtualNetworkPool.cc index 416713e77d..26f441ae05 100644 --- a/src/vnm/VirtualNetworkPool.cc +++ b/src/vnm/VirtualNetworkPool.cc @@ -81,6 +81,7 @@ int VirtualNetworkPool::allocate ( int gid, const string& uname, const string& gname, + int umask, VirtualNetworkTemplate * vn_template, int * oid, int cluster_id, @@ -92,7 +93,7 @@ int VirtualNetworkPool::allocate ( string name; ostringstream oss; - vn = new VirtualNetwork(uid, gid, uname, gname, + vn = new VirtualNetwork(uid, gid, uname, gname, umask, cluster_id, cluster_name, vn_template); // Check name