shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-21 14:50:08 +03:00
Code Releases Wiki Activity

Check token scope when creating new tokens from it

Browse Source 
* Fix token creation handeling

* Update RequestManagerUser.cc
This commit is contained in:
Dušan Baran 2018-02-02 18:12:09 +01:00 committed by Ruben S. Montero
parent 7e80db3c8d
commit e504f4d028
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/rm/RequestManagerUser.cc
View File

@ -503,7 +503,7 @@ void UserLogin::request_execute(xmlrpc_c::paramList const& paramList,
}
else if (valid > 0 || valid == -1)
{
if ( egid != -1 && !user->is_in_group(egid) )
if ( egid != -1 && (!user->is_in_group(egid) || att.group_ids.count(egid) == 0) )
{
att.resp_msg = "EGID is not in user group list";
failure_response(XML_RPC_API, att);
@ -512,6 +512,15 @@ void UserLogin::request_execute(xmlrpc_c::paramList const& paramList,
return;
}
if ( egid == -1 && user->get_groups() != att.group_ids )
{
att.resp_msg = "Cannot request unscoped token from scoped token";
failure_response(XML_RPC_API, att);
user->unlock();
return;
}
if ( user->login_tokens.set(token, valid, egid) != 0 )
{
att.resp_msg = "Max number of tokens limit reached.";