Commit 6771795d authored by Mac Newbold's avatar Mac Newbold

Small changes to image access permissions checks. Root can get any image it...

Small changes to image access permissions checks. Root can get any image it wants, and frisbeelauncher only requires READINFO permissions, so that users can os_load shared images still. Also, have os_load pass its debug flag to frisbeelauncher if set.
parent 484cf6bf
......@@ -286,6 +286,11 @@ sub TB_OSID_MIN() { TB_OSID_READINFO; }
sub TB_OSID_MAX() { TB_OSID_DESTROY; }
# ImageIDs
#
# Clarification:
# READINFO is read-only access to the image and its contents
# (This is what people get for shared images)
# ACCESS means complete power over the image and its [meta]data
sub TB_IMAGEID_READINFO() { 1; }
sub TB_IMAGEID_MODIFYINFO() { 2; }
sub TB_IMAGEID_CREATE() { 3; }
......@@ -760,9 +765,9 @@ sub TBImageIDAccessCheck($$$)
}
#
# Admins do whatever they want!
# Admins and root do whatever they want!
#
if (TBAdmin($uid)) {
if (TBAdmin($uid) || !$UID || $UID eq "root" || $uid eq "root") {
return 1;
}
$uid = MapNumericUID($uid);
......
......@@ -60,7 +60,7 @@ my $filename = &get_filename($imageid);
# Make sure that the user has sufficient permissions, and read the image file
# or bomb out right now.
#
if (!TBImageIDAccessCheck($UID,$imageid,TB_IMAGEID_ACCESS)) {
if (!TBImageIDAccessCheck($UID,$imageid,TB_IMAGEID_READINFO)) {
die("*** You do not have pemssion to load $imageid on nodes\n");
}
......
......@@ -541,7 +541,7 @@ sub SetupReload($)
"next_pxe_boot_path='$FRISBEEPATH'" .
"where node_id='$node'");
system "$FRISBEELAUNCHER $imageid" and
system "$FRISBEELAUNCHER ".($dbg? "-d ":"")."$imageid" and
die "*** Unable to launch frisbee daemon\n";
}
elsif ($type eq TB_RELOADTYPE_NETDISK) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment