Revision 621a1869 src/acl/AclManager.cc

View differences:

src/acl/AclManager.cc
241 241
        resource_gid_req = AclRule::NONE_ID;
242 242
    }
243 243

  
244
    long long resource_cid_req;
244
    set<long long> resource_cid_req;
245 245

  
246
    if ((obj_perms.cid >= 0) && (!obj_perms.disable_cluster_acl))
246
    if (!obj_perms.disable_cluster_acl)
247 247
    {
248
        resource_cid_req = obj_perms.obj_type |
249
                           AclRule::CLUSTER_ID |
250
                           obj_perms.cid;
251
    }
252
    else
253
    {
254
        resource_cid_req = AclRule::NONE_ID;
248
        set<int>::iterator i;
249

  
250
        for(i = obj_perms.cids.begin(); i != obj_perms.cids.end(); i++)
251
        {
252
            resource_cid_req.insert(    obj_perms.obj_type |
253
                                        AclRule::CLUSTER_ID |
254
                                        *i
255
                                    );
256
        }
255 257
    }
256 258

  
257 259
    long long resource_all_req ;
......
290 292
    {
291 293
        log_resource = resource_gid_req;
292 294
    }
293
    else if ( obj_perms.cid >= 0 )
294
    {
295
        log_resource = resource_cid_req;
296
    }
297 295
    else
298 296
    {
299 297
        log_resource = resource_all_req;
......
398 396
/* -------------------------------------------------------------------------- */
399 397

  
400 398
bool AclManager::match_rules_wrapper(
401
        long long user_req,
402
        long long resource_oid_req,
403
        long long resource_gid_req,
404
        long long resource_cid_req,
405
        long long resource_all_req,
406
        long long rights_req,
407
        long long individual_obj_type,
408
        long long group_obj_type,
409
        long long cluster_obj_type,
410
        multimap<long long, AclRule*> &tmp_rules)
399
        const long long                     &user_req,
400
        const long long                     &resource_oid_req,
401
        const long long                     &resource_gid_req,
402
        const set<long long>                &resource_cid_req,
403
        const long long                     &resource_all_req,
404
        const long long                     &rights_req,
405
        const long long                     &individual_obj_type,
406
        const long long                     &group_obj_type,
407
        const long long                     &cluster_obj_type,
408
        const multimap<long long, AclRule*> &tmp_rules)
411 409
{
412 410
    bool auth = false;
413 411

  
......
452 450
/* -------------------------------------------------------------------------- */
453 451
/* -------------------------------------------------------------------------- */
454 452

  
453
inline bool match_cluster_req(
454
        const set<long long>  &resource_cid_req,
455
        const long long       &resource_cid_mask,
456
        const long long       &rule_resource)
457
{
458
    set<long long>::iterator i;
459

  
460
    for(i = resource_cid_req.begin(); i != resource_cid_req.end(); i++)
461
    {
462
        // rule's object type and cluster object ID match
463
        if ( ( rule_resource & resource_cid_mask ) == *i )
464
        {
465
            return true;
466
        }
467
    }
468

  
469
    return false;
470
}
471

  
472
/* -------------------------------------------------------------------------- */
473

  
455 474
bool AclManager::match_rules(
456
        long long user_req,
457
        long long resource_oid_req,
458
        long long resource_gid_req,
459
        long long resource_cid_req,
460
        long long resource_all_req,
461
        long long rights_req,
462
        long long resource_oid_mask,
463
        long long resource_gid_mask,
464
        long long resource_cid_mask,
465
        multimap<long long, AclRule*> &rules)
475
        const long long                     &user_req,
476
        const long long                     &resource_oid_req,
477
        const long long                     &resource_gid_req,
478
        const set<long long>                &resource_cid_req,
479
        const long long                     &resource_all_req,
480
        const long long                     &rights_req,
481
        const long long                     &resource_oid_mask,
482
        const long long                     &resource_gid_mask,
483
        const long long                     &resource_cid_mask,
484
        const multimap<long long, AclRule*> &rules)
466 485

  
467 486
{
468 487
    bool auth = false;
469 488
    ostringstream oss;
470 489

  
471
    multimap<long long, AclRule *>::iterator        it;
490
    multimap<long long, AclRule *>::const_iterator        it;
472 491

  
473
    pair<multimap<long long, AclRule *>::iterator,
474
         multimap<long long, AclRule *>::iterator>  index;
492
    pair<multimap<long long, AclRule *>::const_iterator,
493
         multimap<long long, AclRule *>::const_iterator>  index;
475 494

  
476 495
    long long zone_oid_mask = AclRule::INDIVIDUAL_ID | 0x00000000FFFFFFFFLL;
477 496
    long long zone_req      = AclRule::INDIVIDUAL_ID | zone_id;
......
507 526
            // Or rule's object type and individual object ID match
508 527
            ( ( it->second->resource & resource_oid_mask ) == resource_oid_req )
509 528
            ||
510
            // Or rule's object type and cluster object ID match
511
            ( ( it->second->resource & resource_cid_mask ) == resource_cid_req )
529
            // Or rule's object type and one of the cluster object ID match
530
            match_cluster_req(resource_cid_req, resource_cid_mask, it->second->resource)
512 531
          );
513 532

  
514 533
        if ( auth == true )

Also available in: Unified diff