Revision dafbc5d3
| include/AclManager.h | ||
|---|---|---|
| 127 | 127 |
* @param all True if the user can perform the operation over any object |
| 128 | 128 |
* @param oids Set of object IDs over which the user can operate |
| 129 | 129 |
* @param gids Set of object group IDs over which the user can operate |
| 130 |
* @param cids Set of object cluster IDs over which the user can operate |
|
| 130 | 131 |
*/ |
| 131 | 132 |
void reverse_search(int uid, |
| 132 | 133 |
int gid, |
| ... | ... | |
| 134 | 135 |
AuthRequest::Operation op, |
| 135 | 136 |
bool& all, |
| 136 | 137 |
vector<int>& oids, |
| 137 |
vector<int>& gids); |
|
| 138 |
vector<int>& gids, |
|
| 139 |
vector<int>& cids); |
|
| 138 | 140 |
|
| 139 | 141 |
/* ---------------------------------------------------------------------- */ |
| 140 | 142 |
/* DB management */ |
| src/acl/AclManager.cc | ||
|---|---|---|
| 707 | 707 |
AuthRequest::Operation op, |
| 708 | 708 |
bool& all, |
| 709 | 709 |
vector<int>& oids, |
| 710 |
vector<int>& gids) |
|
| 710 |
vector<int>& gids, |
|
| 711 |
vector<int>& cids) |
|
| 711 | 712 |
{
|
| 712 | 713 |
ostringstream oss; |
| 713 | 714 |
|
| ... | ... | |
| 719 | 720 |
long long resource_oid_req = obj_type | AclRule::INDIVIDUAL_ID; |
| 720 | 721 |
long long resource_gid_req = obj_type | AclRule::GROUP_ID; |
| 721 | 722 |
long long resource_all_req = obj_type | AclRule::ALL_ID; |
| 723 |
long long resource_cid_req = obj_type | AclRule::CLUSTER_ID; |
|
| 722 | 724 |
long long rights_req = op; |
| 723 | 725 |
|
| 724 | 726 |
long long resource_oid_mask = |
| ... | ... | |
| 727 | 729 |
long long resource_gid_mask = |
| 728 | 730 |
( obj_type | AclRule::GROUP_ID ); |
| 729 | 731 |
|
| 732 |
long long resource_cid_mask = |
|
| 733 |
( obj_type | AclRule::CLUSTER_ID ); |
|
| 734 |
|
|
| 730 | 735 |
|
| 731 | 736 |
// Create a temporal rule, to log the request |
| 732 | 737 |
long long log_resource; |
| ... | ... | |
| 789 | 794 |
{
|
| 790 | 795 |
oids.push_back(it->second->resource_id()); |
| 791 | 796 |
} |
| 797 |
|
|
| 798 |
// Rule grants permission for all objects of a cluster |
|
| 799 |
if ( ( it->second->resource & resource_cid_mask ) == resource_cid_req ) |
|
| 800 |
{
|
|
| 801 |
cids.push_back(it->second->resource_id()); |
|
| 802 |
} |
|
| 803 |
|
|
| 792 | 804 |
} |
| 793 | 805 |
} |
| 794 | 806 |
|
| ... | ... | |
| 798 | 810 |
{
|
| 799 | 811 |
oids.clear(); |
| 800 | 812 |
gids.clear(); |
| 813 |
cids.clear(); |
|
| 801 | 814 |
} |
| 802 | 815 |
} |
| 803 | 816 |
} |
| src/datastore/Datastore.cc | ||
|---|---|---|
| 24 | 24 |
const char * Datastore::table = "datastore_pool"; |
| 25 | 25 |
|
| 26 | 26 |
const char * Datastore::db_names = |
| 27 |
"oid, name, body, uid, gid, owner_u, group_u, other_u"; |
|
| 27 |
"oid, name, body, uid, gid, owner_u, group_u, other_u, cid";
|
|
| 28 | 28 |
|
| 29 | 29 |
const char * Datastore::db_bootstrap = |
| 30 | 30 |
"CREATE TABLE IF NOT EXISTS datastore_pool ("
|
| 31 | 31 |
"oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, " |
| 32 | 32 |
"gid INTEGER, owner_u INTEGER, group_u INTEGER, other_u INTEGER, " |
| 33 |
"UNIQUE(name))"; |
|
| 33 |
"cid INTEGER, UNIQUE(name))";
|
|
| 34 | 34 |
|
| 35 | 35 |
/* ************************************************************************ */ |
| 36 | 36 |
/* Datastore :: Constructor/Destructor */ |
| ... | ... | |
| 265 | 265 |
<< gid << "," |
| 266 | 266 |
<< owner_u << "," |
| 267 | 267 |
<< group_u << "," |
| 268 |
<< other_u << ")"; |
|
| 268 |
<< other_u << "," |
|
| 269 |
<< cluster_id << ")"; |
|
| 269 | 270 |
|
| 270 | 271 |
|
| 271 | 272 |
rc = db->exec(oss); |
| src/host/Host.cc | ||
|---|---|---|
| 62 | 62 |
const char * Host::table = "host_pool"; |
| 63 | 63 |
|
| 64 | 64 |
const char * Host::db_names = |
| 65 |
"oid, name, body, state, last_mon_time, uid, gid, owner_u, group_u, other_u"; |
|
| 65 |
"oid, name, body, state, last_mon_time, uid, gid, owner_u, group_u, other_u, cid";
|
|
| 66 | 66 |
|
| 67 | 67 |
const char * Host::db_bootstrap = "CREATE TABLE IF NOT EXISTS host_pool ("
|
| 68 | 68 |
"oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, state INTEGER, " |
| 69 | 69 |
"last_mon_time INTEGER, uid INTEGER, gid INTEGER, owner_u INTEGER, " |
| 70 |
"group_u INTEGER, other_u INTEGER, UNIQUE(name))"; |
|
| 70 |
"group_u INTEGER, other_u INTEGER, cid INTEGER, UNIQUE(name))";
|
|
| 71 | 71 |
|
| 72 | 72 |
|
| 73 | 73 |
const char * Host::monit_table = "host_monitoring"; |
| ... | ... | |
| 136 | 136 |
<< gid << "," |
| 137 | 137 |
<< owner_u << "," |
| 138 | 138 |
<< group_u << "," |
| 139 |
<< other_u << ")"; |
|
| 139 |
<< other_u << "," |
|
| 140 |
<< cluster_id << ")"; |
|
| 140 | 141 |
|
| 141 | 142 |
rc = db->exec(oss); |
| 142 | 143 |
|
| src/pool/PoolSQL.cc | ||
|---|---|---|
| 593 | 593 |
|
| 594 | 594 |
vector<int> oids; |
| 595 | 595 |
vector<int> gids; |
| 596 |
vector<int> cids; |
|
| 596 | 597 |
|
| 597 | 598 |
aclm->reverse_search(uid, |
| 598 | 599 |
gid, |
| ... | ... | |
| 600 | 601 |
AuthRequest::USE, |
| 601 | 602 |
all, |
| 602 | 603 |
oids, |
| 603 |
gids); |
|
| 604 |
gids, |
|
| 605 |
cids); |
|
| 604 | 606 |
|
| 605 | 607 |
for ( it = oids.begin(); it < oids.end(); it++ ) |
| 606 | 608 |
{
|
| ... | ... | |
| 612 | 614 |
acl_filter << " OR gid = " << *it; |
| 613 | 615 |
} |
| 614 | 616 |
|
| 617 |
for ( it = cids.begin(); it < cids.end(); it++ ) |
|
| 618 |
{
|
|
| 619 |
acl_filter << " OR cid = " << *it; |
|
| 620 |
} |
|
| 621 |
|
|
| 615 | 622 |
filter = acl_filter.str(); |
| 616 | 623 |
} |
| 617 | 624 |
|
| src/vnm/VirtualNetwork.cc | ||
|---|---|---|
| 78 | 78 |
const char * VirtualNetwork::table = "network_pool"; |
| 79 | 79 |
|
| 80 | 80 |
const char * VirtualNetwork::db_names = |
| 81 |
"oid, name, body, uid, gid, owner_u, group_u, other_u"; |
|
| 81 |
"oid, name, body, uid, gid, owner_u, group_u, other_u, cid";
|
|
| 82 | 82 |
|
| 83 | 83 |
const char * VirtualNetwork::db_bootstrap = "CREATE TABLE IF NOT EXISTS" |
| 84 | 84 |
" network_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128)," |
| 85 |
" body TEXT, uid INTEGER, gid INTEGER, " |
|
| 86 |
"owner_u INTEGER, group_u INTEGER, other_u INTEGER, UNIQUE(name,uid))"; |
|
| 85 |
" body TEXT, uid INTEGER, gid INTEGER," |
|
| 86 |
" owner_u INTEGER, group_u INTEGER, other_u INTEGER," |
|
| 87 |
" cid INTEGER, UNIQUE(name,uid))"; |
|
| 87 | 88 |
|
| 88 | 89 |
/* -------------------------------------------------------------------------- */ |
| 89 | 90 |
/* -------------------------------------------------------------------------- */ |
| ... | ... | |
| 393 | 394 |
<< gid << "," |
| 394 | 395 |
<< owner_u << "," |
| 395 | 396 |
<< group_u << "," |
| 396 |
<< other_u << ")"; |
|
| 397 |
<< other_u << "," |
|
| 398 |
<< cluster_id << ")"; |
|
| 397 | 399 |
|
| 398 | 400 |
rc = db->exec(oss); |
| 399 | 401 |
|
Also available in: Unified diff