Commit cfc9612a authored by Leigh B Stoller's avatar Leigh B Stoller

More work on image permissions; allow specification of pid/osname in

NS files. Tweak permission check in Geni CM to also allow this,
although at this time only global images from any project are allowed.
The virt_nodes table has been changed to accommodate pid/osname
syntax:

	tb-set-node-os $nodeA somepid/someos

Note: we are really exporting permission to use images, not entries in
the os_info table (OSIDs) which is what the NS parser and protogeni CM
are using. But in fact, an image is both an image descriptor and an OS
descriptor linked together, so if you export an image or make it
global, you are implicitly doing the same for the OS descriptor. As
mentioned many times in the past, OSIDs suck.
parent 64b3c003
......@@ -912,28 +912,29 @@ sub GetTicketAuxAux($$$$$$$$$)
"Malformed image URN: $dname");
goto bad;
}
#
# For now, the project has to be emulab-ops or the
# the current project.
#
if (! ($ospid eq TBOPSPID() ||
$ospid eq $slice_experiment->pid())) {
my $osinfo = OSinfo->Lookup($ospid, $os);
if (!defined($osinfo)) {
$response =
GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
"Illegal project name in URN: $dname");
"Unknown image URN: $dname");
goto bad;
}
my $osinfo = OSinfo->Lookup($ospid, $os);
if (!defined($osinfo)) {
#
# The OS must be in the current project, or it must
# be global (okay, shared).
#
if (! ($osinfo->shared() ||
$osinfo->pid() eq $slice_experiment->pid())) {
$response =
GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
"Unknown image URN: $dname");
"Insufficient permission to use $osinfo");
goto bad;
}
#
# This is only going to be used in raw mode.
#
$osname = $os;
$osname = "$ospid/$os";
}
}
......
......@@ -4389,9 +4389,9 @@ CREATE TABLE `virt_nodes` (
`eid` varchar(32) NOT NULL default '',
`exptidx` int(11) NOT NULL default '0',
`ips` text,
`osname` varchar(20) default NULL,
`osname` varchar(128) default NULL,
`loadlist` text,
`parent_osname` varchar(20) default NULL,
`parent_osname` varchar(128) default NULL,
`cmd_line` text,
`rpms` text,
`deltas` text,
......
......@@ -844,7 +844,6 @@ REPLACE INTO table_regex VALUES ('virt_node_desires','weight','int','redirect','
REPLACE INTO table_regex VALUES ('virt_nodes','pid','text','redirect','projects:pid',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','eid','text','redirect','experiments:eid',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','ips','text','regex','^(\\d{1,2}:\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} {0,1})*$',0,2048,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','osname','text','redirect','os_info:osname',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','cmd_line','text','redirect','default:tinytext',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','rpms','text','regex','^([-\\w\\.\\/\\+:~]+;{0,1})*$',0,4096,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','deltas','text','regex','^([-\\w\\.\\/\\+]+:{0,1})*$',0,1024,NULL);
......@@ -856,7 +855,8 @@ REPLACE INTO table_regex VALUES ('virt_nodes','failureaction','text','regex','^(
REPLACE INTO table_regex VALUES ('virt_nodes','routertype','text','regex','^(none|ospf|static|manual|static-ddijk|static-old)$',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','fixed','text','redirect','default:tinytext',0,128,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','sharing_mode','text','regex','^[-\\w]+$',1,32,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','parent_osname','text','redirect','os_info:osname',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','osname','text','regex','^([-\\w]+\\/{0,1})[-\\w\\.+]+$',2,128,NULL);
REPLACE INTO table_regex VALUES ('virt_nodes','parent_osname','text','regex','^([-\\w]+\\/{0,1})[-\\w\\.+]+$',2,128,NULL);
REPLACE INTO table_regex VALUES ('virt_programs','pid','text','redirect','projects:pid',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_programs','eid','text','redirect','experiments:eid',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_programs','vnode','text','redirect','virt_nodes:vname',0,0,NULL);
......
#
# Allow pid/osname in virt_nodes.
#
use strict;
use libdb;
my $impotent = 0;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
my $type = DBSlotType("virt_nodes", "osname");
if (! ($type =~ /128/)) {
DBQueryFatal("alter table virt_nodes modify ".
" `osname` varchar(128) default NULL");
}
$type = DBSlotType("virt_nodes", "parent_osname");
if (! ($type =~ /128/)) {
DBQueryFatal("alter table virt_nodes modify ".
" `parent_osname` varchar(128) default NULL");
}
DBQueryFatal("REPLACE INTO table_regex VALUES ".
" ('virt_nodes','osname','text','regex',".
" '^([-\\\\w]+\\\\/{0,1})[-\\\\w\\\\.+]+\$',2,128,NULL)");
DBQueryFatal("REPLACE INTO table_regex VALUES ".
" ('virt_nodes','parent_osname','text','regex',".
" '^([-\\\\w]+\\\\/{0,1})[-\\\\w\\\\.+]+\$',2,128,NULL)");
return 0;
}
......@@ -1226,7 +1226,13 @@ sub LoadVirtNodes($)
# use the default for the type of phys node that assign picks.
#
if (defined($osname) && $osname ne "") {
my $osinfo = OSinfo->Lookup("$pid,$osname");
my $ospid = $pid;
if ($osname =~ /^(.*)\/(.*)$/) {
$ospid = $1;
$osname = $2;
}
my $osinfo = OSinfo->Lookup("$ospid,$osname");
if (!defined($osinfo)) {
$osinfo = OSinfo->LookupByName($osname);
......@@ -1234,7 +1240,7 @@ sub LoadVirtNodes($)
tberror({cause => 'user', type => 'primary',
severity => SEV_ERROR,
error => ['invalid_os', undef, $osname, $pid]},
"Invalid OS $osname in project $pid!");
"Invalid OS $osname in project $ospid!");
return -1;
}
}
......@@ -1257,7 +1263,13 @@ sub LoadVirtNodes($)
# Map the parent_osname to an OSID now.
#
if (defined($parent_osname) && $parent_osname ne "") {
my $osinfo = OSinfo->Lookup("$pid,$parent_osname");
my $ospid = $pid;
if ($parent_osname =~ /^(.*)\/(.*)$/) {
$ospid = $1;
$osname = $2;
}
my $osinfo = OSinfo->Lookup("$ospid,$parent_osname");
if (!defined($osinfo)) {
$osinfo = OSinfo->LookupByName($parent_osname);
......@@ -1265,7 +1277,7 @@ sub LoadVirtNodes($)
tberror({cause => 'user', type => 'primary',
severity => SEV_ERROR,
error => ['invalid_os', undef, $parent_osname, $pid]},
"Invalid parent OS $parent_osname in project $pid!");
"Invalid parent OS $parent_osname in project $ospid!");
return -1;
}
}
......
......@@ -644,14 +644,35 @@ sub GenDefsFile($)
if (defined($pid)) {
print TCL "# OSIDs\n";
$query_result =
DBQueryFatal("select osname from os_info ".
DBQueryFatal("select pid,osname from os_info ".
"where shared=1 or pid='$pid'");
while (my ($osname) = $query_result->fetchrow_array()) {
while (my ($pid,$osname) = $query_result->fetchrow_array()) {
print TCL "set osids($osname) 1\n";
print TCL "set osids($pid/$osname) 1\n";
}
print TCL "\n";
print TCL "# External OSIDs\n";
if (defined($this_user)) {
my $uid_idx = $this_user->uid_idx();
$query_result =
DBQueryFatal("select distinct o.pid,o.osname from os_info as o ".
"left join image_permissions as p1 on ".
" p1.imageid=o.osid and p1.permission_type='group' ".
"left join image_permissions as p2 on ".
" p2.imageid=o.osid and p2.permission_type='user' ".
"left join group_membership as g on ".
" g.gid_idx=p1.permission_idx ".
"where o.ezid!=0 and ".
" (g.uid_idx='$uid_idx' or ".
" p2.permission_idx='$uid_idx')");
while (my ($pid,$osname) = $query_result->fetchrow_array()) {
print TCL "set osids($pid/$osname) 1\n";
}
print TCL "\n";
}
print TCL "# subOSIDs and parent OSIDs (default parent first element)\n";
$query_result =
DBQueryFatal("select oi.osname,oi3.osname," .
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment