Revision 3f0a7fc0 src/scheduler/src/sched/Scheduler.cc

View differences:

src/scheduler/src/sched/Scheduler.cc
617 617
 *  @param vm the virtual machine
618 618
 *  @param vdisk vm requirement
619 619
 *  @param ds to evaluate vm assgiment
620
 *  @param n_auth number of ds authorized for the user, incremented if needed
620 621
 *  @param n_error number of requirement errors, incremented if needed
621 622
 *  @param n_matched number of system ds that fullfil VM sched_requirements
622 623
 *  @param n_fits number of system ds with capacity that fits the VM requirements
623 624
 *  @param error, string describing why the host is not valid
624 625
 *  @return true for a positive match
625 626
 */
626
static bool match_system_ds(VirtualMachineXML* vm, long long vdisk,
627
    DatastoreXML * ds, int& n_error, int& n_fits, int &n_matched, string &error)
627
static bool match_system_ds(AclXML * acls, VirtualMachineXML* vm, long long vdisk,
628
    DatastoreXML * ds, int& n_auth, int& n_error, int& n_fits, int &n_matched,
629
    string &error)
628 630
{
629 631
    // -------------------------------------------------------------------------
630 632
    // Check datastore capacity for shared systems DS (non-shared will be
......
639 641
    n_fits++;
640 642

  
641 643
    // -------------------------------------------------------------------------
644
    // Check if user is authorized
645
    // -------------------------------------------------------------------------
646
    if ( vm->get_uid() != 0 && vm->get_gid() != 0 )
647
    {
648
        PoolObjectAuth dsperms;
649

  
650
        dsperms.oid      = ds->get_oid();
651
        dsperms.cid      = ds->get_cid();
652
        dsperms.obj_type = PoolObjectSQL::DATASTORE;
653

  
654
        // Only include the VM group ID
655

  
656
        set<int> gids;
657
        gids.insert(vm->get_gid());
658

  
659
        if ( !acls->authorize(vm->get_uid(), gids, dsperms, AuthRequest::USE))
660
        {
661
            error = "Permission denied.";
662
            return false;
663
        }
664
    }
665

  
666
    n_auth++;
667

  
668
    // -------------------------------------------------------------------------
642 669
    // Evaluate VM requirements
643 670
    // -------------------------------------------------------------------------
644 671
    if (!vm->get_ds_requirements().empty())
......
840 867
        // ---------------------------------------------------------------------
841 868

  
842 869
        n_resources = 0;
870
        n_auth    = 0;
843 871
        n_matched = 0;
844 872
        n_error   = 0;
845 873
        n_fits    = 0;
......
848 876
        {
849 877
            ds = static_cast<DatastoreXML *>(h_it->second);
850 878

  
851
            if (match_system_ds(vm, vm_disk, ds, n_error, n_fits, n_matched, m_error))
879
            if (match_system_ds(acls, vm, vm_disk, ds, n_auth, n_error, n_fits,
880
                        n_matched, m_error))
852 881
            {
853 882
                vm->add_match_datastore(ds->get_oid());
854 883

  
......
890 919

  
891 920
                        vm->log(oss.str());
892 921
                    }
922
                    else if (n_auth == 0)
923
                    {
924
                        vm->log("User is not authorized to use any system datastore");
925
                    }
893 926
                    else if (n_fits == 0)
894 927
                    {
895 928
                        vm->log("No system datastore with enough capacity for the VM");

Also available in: Unified diff