etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs 

Description:

	Missed throwing exceptions at few places when making
	changes previously. Commit includes whitespace corrections.
This commit is contained in:
Vijayendra Bhamidipati 2012-08-03 13:24:18 -07:00
parent 17001a6cad
commit 6dc833c771
7 changed files with 4155 additions and 4165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/com/cloud/baremetal/BareMetalPingServiceImpl.java
View File

@ -63,7 +63,7 @@ public class BareMetalPingServiceImpl extends BareMetalPxeServiceBase implements
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy("pod", podId, "podId"));
idList.add(new IdentityProxy(zone, zoneId, "zoneId"));
InvalidParameterValueException ex = new InvalidParameterValueException("Already had a PXE server in Pod with specified podId and zone with specified zoneId", idList);
throw new InvalidParameterValueException("Already had a PXE server in Pod with specified podId and zone with specified zoneId", idList);
}

3096
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
View File

File diff suppressed because it is too large Load Diff

68
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -207,8 +207,8 @@ public class VpcManagerImpl implements VpcManager, Manager{
String maxNtwks = configs.get(Config.VpcMaxNetworks.key());
_maxNetworks = NumbersUtil.parseInt(maxNtwks, 3); // max=3 is default
IpAddressSearch = _ipAddressDao.createSearchBuilder();
IpAddressSearch.and("accountId", IpAddressSearch.entity().getAllocatedToAccountId(), Op.EQ);
IpAddressSearch.and("dataCenterId", IpAddressSearch.entity().getDataCenterId(), Op.EQ);
@ -218,7 +218,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
virtualNetworkVlanSB.and("vlanType", virtualNetworkVlanSB.entity().getVlanType(), Op.EQ);
IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER);
IpAddressSearch.done();
return true;
}
@ -517,7 +517,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
//Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
//check resource limit
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.vpc);
@ -647,16 +647,16 @@ public class VpcManagerImpl implements VpcManager, Manager{
s_logger.debug("Updating VPC " + vpc + " with state " + Vpc.State.Inactive + " as a part of vpc delete");
VpcVO vpcVO = _vpcDao.findById(vpc.getId());
vpcVO.setState(Vpc.State.Inactive);
Transaction txn = Transaction.currentTxn();
txn.start();
_vpcDao.update(vpc.getId(), vpcVO);
//decrement resource count
_resourceLimitMgr.decrementResourceCount(vpc.getAccountId(), ResourceType.vpc);
txn.commit();
}
//shutdown VPC
if (!shutdownVpc(vpc.getId())) {
s_logger.warn("Failed to shutdown vpc " + vpc + " as a part of vpc destroy process");
@ -839,7 +839,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
}
}
protected List<Service> getSupportedServices() {
List<Service> services = new ArrayList<Service>();
services.add(Network.Service.Dhcp);
@ -865,9 +865,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
//check if vpc exists
Vpc vpc = getActiveVpc(vpcId);
if (vpc == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC by id specified", null);
ex.addProxyObject("vpc", vpcId, "VPC");
throw ex;
throw new InvalidParameterValueException("Unable to find Enabled VPC", null);
}
//permission check
@ -944,7 +942,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
@DB
public void validateNtkwOffForVpc(long ntwkOffId, String cidr, String networkDomain,
Account networkOwner, Vpc vpc, Long networkId, String gateway) {
NetworkOffering guestNtwkOff = _configMgr.getNetworkOffering(ntwkOffId);
if (networkId == null) {
@ -1007,7 +1005,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
@DB
protected void validateNewVpcGuestNetwork(String cidr, String gateway, Account networkOwner, Vpc vpc, String networkDomain) {
Transaction txn = Transaction.currentTxn();
txn.start();
Vpc locked = _vpcDao.acquireInLockTable(vpc.getId());
@ -1154,7 +1152,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
// Verify input parameters
Vpc vpc = getActiveVpc(vpcId);
if (vpc == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC by id", null);
throw new InvalidParameterValueException("Unable to find Enabled VPC", null);
}
_accountMgr.checkAccess(caller, null, false, vpc);
@ -1220,7 +1218,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
//Validate parameters
Vpc vpc = getActiveVpc(vpcId);
if (vpc == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC by id", null);
throw new InvalidParameterValueException("Unable to find Enabled VPC", null);
}
//allow only one private gateway per vpc
@ -1300,7 +1298,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
@ActionEvent(eventType = EventTypes.EVENT_PRIVATE_GATEWAY_DELETE, eventDescription = "deleting private gateway")
@DB
public boolean deleteVpcPrivateGateway(long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException {
Transaction txn = Transaction.currentTxn();
txn.start();
VpcGatewayVO gatewayVO = _vpcGatewayDao.acquireInLockTable(gatewayId);
@ -1315,11 +1313,11 @@ public class VpcManagerImpl implements VpcManager, Manager{
throw new CloudRuntimeException("Can't delete private gateway " + gatewayVO + " as it has " + routeCount +
" static routes applied. Remove the routes first");
}
gatewayVO.setState(VpcGateway.State.Deleting);
_vpcGatewayDao.update(gatewayVO.getId(), gatewayVO);
s_logger.debug("Marked gateway " + gatewayVO + " with state " + VpcGateway.State.Deleting);
txn.commit();
//1) delete the gateway on the backend
@ -1734,7 +1732,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
public VpcGateway getPrivateGatewayForVpc(long vpcId) {
return _vpcGatewayDao.getPrivateGatewayForVpc(vpcId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_IP_ASSIGN, eventDescription = "associating Ip", async = true)
@ -1783,8 +1781,8 @@ public class VpcManagerImpl implements VpcManager, Manager{
return _ipAddressDao.findById(ipId);
}
@Override
public void unassignIPFromVpcNetwork(long ipId, long networkId) {
IPAddressVO ip = _ipAddressDao.findById(ipId);
@ -1818,13 +1816,13 @@ public class VpcManagerImpl implements VpcManager, Manager{
}
s_logger.debug("Successfully released VPC ip address " + ip + " back to VPC pool ");
}
@Override
public boolean ipUsedInVpc(IpAddress ip) {
return (ip != null && ip.getVpcId() != null &&
(ip.isOneToOneNat() || !_firewallDao.listByIp(ip.getId()).isEmpty()));
}
@DB
@Override
public Network createVpcGuestNetwork(long ntwkOffId, String name, String displayText, String gateway,
@ -1835,20 +1833,18 @@ public class VpcManagerImpl implements VpcManager, Manager{
Vpc vpc = getActiveVpc(vpcId);
if (vpc == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC ", null);
ex.addProxyObject("vpc", vpcId, "VPC");
throw ex;
throw new InvalidParameterValueException("Unable to find Enabled VPC ", null);
}
_accountMgr.checkAccess(caller, null, false, vpc);
if (networkDomain == null) {
networkDomain = vpc.getNetworkDomain();
}
if (vpc.getZoneId() != zoneId) {
throw new InvalidParameterValueException("New network doesn't belong to vpc zone", null);
}
//1) Validate if network can be created for VPC
validateNtkwOffForVpc(ntwkOffId, cidr, networkDomain, owner, vpc, null, gateway);
@ -1858,12 +1854,12 @@ public class VpcManagerImpl implements VpcManager, Manager{
return guestNetwork;
}
protected IPAddressVO getExistingSourceNatInVpc(long ownerId, long vpcId) {
List<IPAddressVO> addrs = listPublicIpsAssignedToVpc(ownerId, true, vpcId);
IPAddressVO sourceNatIp = null;
if (addrs.isEmpty()) {
return null;
@ -1882,7 +1878,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
return sourceNatIp;
}
protected List<IPAddressVO> listPublicIpsAssignedToVpc(long accountId, Boolean sourceNat, long vpcId) {
SearchCriteria<IPAddressVO> sc = IpAddressSearch.create();
sc.setParameters("accountId", accountId);
@ -1895,8 +1891,8 @@ public class VpcManagerImpl implements VpcManager, Manager{
return _ipAddressDao.search(sc, null);
}
@Override
public PublicIp assignSourceNatIpAddressToVpc(Account owner, Vpc vpc) throws InsufficientAddressCapacityException, ConcurrentOperationException {
long dcId = vpc.getZoneId();
@ -1928,7 +1924,7 @@ public class VpcManagerImpl implements VpcManager, Manager{
Vpc vpc = getVpc(network.getVpcId());
validateNtkwOffForVpc(ntwkOffId, null, null, null, vpc, networkId, null);
}
return _ntwkMgr.updateGuestNetwork(networkId, name, displayText, callerAccount, callerUser, domainSuffix,
ntwkOffId, changeCidr);
}

2
server/src/com/cloud/resource/ResourceManagerImpl.java
View File

@ -611,7 +611,7 @@ public class ResourceManagerImpl implements ResourceManager, ResourceService, Ma
if (clusterId != null) {
ClusterVO cluster = _clusterDao.findById(clusterId);
if (cluster == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("can not find cluster by Id", null);
throw new InvalidParameterValueException("can not find cluster", null);
} else {
if (cluster.getGuid() == null) {
List<HostVO> hosts = listAllHostsInCluster(clusterId);

6
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -1303,9 +1303,9 @@ public class ManagementServerImpl implements ManagementServer {
}// If ISO requested then it should be ISO.
if (isIso && template.getFormat() != ImageFormat.ISO) {
s_logger.error("Template Id " + templateId + " is not an ISO");
InvalidParameterValueException ex = new InvalidParameterValueException("Specified Template Id is not an ISO", null);
ex.addProxyObject(template, templateId, "templateId");
throw ex;
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(template, templateId, "templateId"));
throw new InvalidParameterValueException("Specified Template Id is not an ISO", idList);
}// If ISO not requested then it shouldn't be an ISO.
if (!isIso && template.getFormat() == ImageFormat.ISO) {
s_logger.error("Incorrect format of the template id " + templateId);

26
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -525,7 +525,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
return maxDataVolumesSupported.intValue();
}
@Override
@ActionEvent(eventType = EventTypes.EVENT_VOLUME_ATTACH, eventDescription = "attaching volume", async = true)
public Volume attachVolumeToVM(AttachVolumeCmd command) {
@ -2928,9 +2928,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
// Verify input parameters
UserVmVO vm = _vmDao.findById(vmId);
if (vm == null || vm.getRemoved() != null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find a virtual machine with specified vmId", null);
ex.addProxyObject(vm, vmId, "vmId");
throw ex;
throw new InvalidParameterValueException("Unable to find a virtual machine with specified vmId", null);
}
if (vm.getState() == State.Destroyed || vm.getState() == State.Expunging) {
@ -3138,11 +3136,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (id != null) {
sc.setParameters("id", id);
}
if (templateId != null) {
sc.setParameters("templateId", templateId);
}
if (isoId != null) {
sc.setParameters("isoId", isoId);
}
@ -3314,9 +3312,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (s_logger.isDebugEnabled()) {
s_logger.debug("VM is not Running, unable to migrate the vm " + vm);
}
InvalidParameterValueException ex = new InvalidParameterValueException("VM is not Running, unable to migrate the vm with specified id", null);
ex.addProxyObject(vm, vmId, "vmId");
throw ex;
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(vm, vmId, "vmId"));
throw new InvalidParameterValueException("VM is not Running, unable to migrate the vm with specified id", idList);
}
if (!vm.getHypervisorType().equals(HypervisorType.XenServer) && !vm.getHypervisorType().equals(HypervisorType.VMware) && !vm.getHypervisorType().equals(HypervisorType.KVM) && !vm.getHypervisorType().equals(HypervisorType.Ovm)) {
if (s_logger.isDebugEnabled()) {
@ -3396,9 +3394,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
}
//don't allow to move the vm from the project
if (oldAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) {
InvalidParameterValueException ex = new InvalidParameterValueException("Specified Vm id belongs to the project and can't be moved", null);
ex.addProxyObject(vm, cmd.getVmId(), "vmId");
throw ex;
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(vm, cmd.getVmId(), "vmId"));
throw new InvalidParameterValueException("Specified Vm id belongs to the project and can't be moved", idList);
}
Account newAccount = _accountService.getActiveAccountByName(cmd.getAccountName(), cmd.getDomainId());
if (newAccount == null || newAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) {
@ -3680,9 +3678,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
long vmId = cmd.getVmId();
UserVmVO vm = _vmDao.findById(vmId);
if (vm == null) {
InvalidParameterValueException ex = new InvalidParameterValueException("Cann not find VM by ID ", null);
ex.addProxyObject(vm, vmId, "vmId");
throw ex;
throw new InvalidParameterValueException("Cann not find VM", null);
}
Account owner = _accountDao.findById(vm.getAccountId());

5120
server/src/com/cloud/vm/VirtualMachineManagerImpl.java
View File

File diff suppressed because it is too large Load Diff