From 1d27e541f9f93736dcd13e31d0cd0629630c25ff Mon Sep 17 00:00:00 2001 From: alena Date: Tue, 24 May 2011 18:37:49 -0700 Subject: [PATCH] Fixed security issue in api - regular user can operate only with his own resources (except for the template - when the template is public, it's available for everyone) --- api/src/com/cloud/acl/SecurityChecker.java | 4 ++-- server/src/com/cloud/acl/DomainChecker.java | 16 +++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/api/src/com/cloud/acl/SecurityChecker.java b/api/src/com/cloud/acl/SecurityChecker.java index 237a1b03bad..aeeb2c0e041 100644 --- a/api/src/com/cloud/acl/SecurityChecker.java +++ b/api/src/com/cloud/acl/SecurityChecker.java @@ -40,12 +40,12 @@ public interface SecurityChecker extends Adapter { /** * Checks if the account can access the object. * - * @param account account to check against. + * @param caller account to check against. * @param entity object that the account is trying to access. * @return true if access allowed. false if this adapter cannot provide permission. * @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed. */ - boolean checkAccess(Account account, ControlledEntity entity) throws PermissionDeniedException; + boolean checkAccess(Account caller, ControlledEntity entity) throws PermissionDeniedException; /** * Checks if the user belongs to an account that can access the object. diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java index ee98e80b3ce..89555469e38 100755 --- a/server/src/com/cloud/acl/DomainChecker.java +++ b/server/src/com/cloud/acl/DomainChecker.java @@ -74,7 +74,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { } @Override - public boolean checkAccess(Account account, ControlledEntity entity) throws PermissionDeniedException { + public boolean checkAccess(Account caller, ControlledEntity entity) throws PermissionDeniedException { if (entity instanceof VirtualMachineTemplate) { VirtualMachineTemplate template = (VirtualMachineTemplate)entity; @@ -82,22 +82,28 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { // validate that the template is usable by the account if (!template.isPublicTemplate()) { Account owner = _accountDao.findById(template.getAccountId()); - if (BaseCmd.isAdmin(owner.getType()) || (owner.getId() == account.getId())) { + if (BaseCmd.isAdmin(owner.getType()) || (owner.getId() == caller.getId())) { return true; } // since the current account is not the owner of the template, check the launch permissions table to see if the // account can launch a VM from this template - LaunchPermissionVO permission = _launchPermissionDao.findByTemplateAndAccount(template.getId(), account.getId()); + LaunchPermissionVO permission = _launchPermissionDao.findByTemplateAndAccount(template.getId(), caller.getId()); if (permission == null) { - throw new PermissionDeniedException(account + " does not have permission to launch instances from " + template); + throw new PermissionDeniedException(caller + " does not have permission to launch instances from " + template); } } return true; } else { - return true; + if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { + if (caller.getId() != entity.getAccountId()) { + throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity); + } + } } + + return true; } @Override