Revision 1b6e38da src/acl/AclManager.cc

View differences:

src/acl/AclManager.cc
168 168
        resource_gid_req = AclRule::NONE_ID;
169 169
    }
170 170

  
171
    long long resource_cid_req;
172

  
173
    if ( obj_perms.cid >= 0 )
174
    {
175
        resource_cid_req = obj_perms.obj_type |
176
                           AclRule::CLUSTER_ID |
177
                           obj_perms.cid;
178
    }
179
    else
180
    {
181
        resource_cid_req = AclRule::NONE_ID;
182
    }
183

  
171 184
    long long resource_all_req  = obj_perms.obj_type | AclRule::ALL_ID;
172 185
    long long rights_req        = op;
173 186

  
......
179 192
                                  AclRule::GROUP_ID |
180 193
                                  0x00000000FFFFFFFFLL;
181 194

  
195
    long long resource_cid_mask = obj_perms.obj_type |
196
                                  AclRule::CLUSTER_ID |
197
                                  0x00000000FFFFFFFFLL;
198

  
182 199
    // Create a temporal rule, to log the request
183 200
    long long log_resource;
184 201

  
......
190 207
    {
191 208
        log_resource = resource_gid_req;
192 209
    }
210
    else if ( obj_perms.cid >= 0 )
211
    {
212
        log_resource = resource_cid_req;
213
    }
193 214
    else
194 215
    {
195 216
        log_resource = resource_all_req;
......
226 247
    auth     = match_rules_wrapper(user_req,
227 248
                                   resource_oid_req,
228 249
                                   resource_gid_req,
250
                                   resource_cid_req,
229 251
                                   resource_all_req,
230 252
                                   rights_req,
231 253
                                   resource_oid_mask,
232 254
                                   resource_gid_mask,
255
                                   resource_cid_mask,
233 256
                                   tmp_rules);
234 257
    if ( auth == true )
235 258
    {
......
244 267
    auth     = match_rules_wrapper(user_req,
245 268
                                   resource_oid_req,
246 269
                                   resource_gid_req,
270
                                   resource_cid_req,
247 271
                                   resource_all_req,
248 272
                                   rights_req,
249 273
                                   resource_oid_mask,
250 274
                                   resource_gid_mask,
275
                                   resource_cid_mask,
251 276
                                   tmp_rules);
252 277
    if ( auth == true )
253 278
    {
......
262 287
    auth     = match_rules_wrapper(user_req,
263 288
                                   resource_oid_req,
264 289
                                   resource_gid_req,
290
                                   resource_cid_req,
265 291
                                   resource_all_req,
266 292
                                   rights_req,
267 293
                                   resource_oid_mask,
268 294
                                   resource_gid_mask,
295
                                   resource_cid_mask,
269 296
                                   tmp_rules);
270 297
    if ( auth == true )
271 298
    {
......
285 312
        long long user_req,
286 313
        long long resource_oid_req,
287 314
        long long resource_gid_req,
315
        long long resource_cid_req,
288 316
        long long resource_all_req,
289 317
        long long rights_req,
290 318
        long long individual_obj_type,
291 319
        long long group_obj_type,
320
        long long cluster_obj_type,
292 321
        multimap<long long, AclRule*> &tmp_rules)
293 322
{
294 323
    bool auth = false;
......
298 327
            user_req,
299 328
            resource_oid_req,
300 329
            resource_gid_req,
330
            resource_cid_req,
301 331
            resource_all_req,
302 332
            rights_req,
303 333
            individual_obj_type,
304 334
            group_obj_type,
335
            cluster_obj_type,
305 336
            tmp_rules);
306 337

  
307 338
    if ( auth == true )
......
316 347
            user_req,
317 348
            resource_oid_req,
318 349
            resource_gid_req,
350
            resource_cid_req,
319 351
            resource_all_req,
320 352
            rights_req,
321 353
            individual_obj_type,
322 354
            group_obj_type,
355
            cluster_obj_type,
323 356
            acl_rules);
324 357

  
325 358
    unlock();
......
334 367
        long long user_req,
335 368
        long long resource_oid_req,
336 369
        long long resource_gid_req,
370
        long long resource_cid_req,
337 371
        long long resource_all_req,
338 372
        long long rights_req,
339 373
        long long resource_oid_mask,
340 374
        long long resource_gid_mask,
375
        long long resource_cid_mask,
341 376
        multimap<long long, AclRule*> &rules)
342 377

  
343 378
{
......
370 405
            ||
371 406
            // Or rule's object type and individual object ID match
372 407
            ( ( it->second->resource & resource_oid_mask ) == resource_oid_req )
408
            ||
409
            // Or rule's object type and cluster object ID match
410
            ( ( it->second->resource & resource_cid_mask ) == resource_cid_req )
373 411
          );
374 412

  
375 413
        if ( auth == true )

Also available in: Unified diff