etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2134 updated acl checks for aquiring nic secondary ip

This commit is contained in:
Jayapal 2013-04-25 12:56:38 +05:30 committed by Edison Su
parent fd354dbd7c
commit 56e8da7890
1 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
server/src/com/cloud/network/NetworkServiceImpl.java
View File

@ -610,18 +610,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Invalid network id is given");
}
Network network = _networksDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException("Invalid network id is given");
}
accountId = network.getAccountId();
domainId = network.getDomainId();
// Validate network offering
NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId());
// verify permissions
_accountMgr.checkAccess(ipOwner, null, true, network);
Account caller = UserContext.current().getCaller();
//check whether the nic belongs to user vm.
NicVO nicVO = _nicDao.findById(nicId);
@ -633,6 +622,25 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("The nic is not belongs to user vm");
}
Nic nic = _nicDao.findById(nicId);
VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId());
if (vm == null) {
throw new InvalidParameterValueException("There is no vm with the nic");
}
// verify permissions
_accountMgr.checkAccess(ipOwner, null, true, vm);
Network network = _networksDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException("Invalid network id is given");
}
accountId = network.getAccountId();
domainId = network.getDomainId();
// Validate network offering
NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId());
DataCenter dc = _dcDao.findById(network.getDataCenterId());
Long id = nicVO.getInstanceId();
@ -649,14 +657,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Allocating guest ip for nic failed");
}
} else if (dc.getNetworkType() == NetworkType.Basic || ntwkOff.getGuestType() == Network.GuestType.Shared) {
Account caller = UserContext.current().getCaller();
long callerUserId = UserContext.current().getCallerUserId();
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseNetwork, false, network);
//handle the basic networks here
VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId());
if (vm == null) {
throw new InvalidParameterValueException("There is no vm with the nic");
}
VMInstanceVO vmi = (VMInstanceVO)vm;
Long podId = vmi.getPodIdToDeployIn();
if (podId == null) {
@ -718,6 +719,13 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Unable to find ip address by id");
}
VirtualMachine vm = _userVmDao.findById(secIpVO.getVmId());
if (vm == null) {
throw new InvalidParameterValueException("There is no vm with the nic");
}
// verify permissions
_accountMgr.checkAccess(caller, null, true, vm);
Network network = _networksDao.findById(secIpVO.getNetworkId());
if (network == null) {
@ -727,9 +735,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
// Validate network offering
NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId());
// verify permissions
_accountMgr.checkAccess(caller, null, true, network);
Long nicId = secIpVO.getNicId();
s_logger.debug("ip id = " + ipAddressId + " nic id = " + nicId);
//check is this the last secondary ip for NIC