diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 8b9f97f6592..948a84dc537 100644 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -947,7 +947,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public boolean archiveEvents(ArchiveEventsCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); List ids = cmd.getIds(); boolean result = true; List permittedAccountIds = new ArrayList(); @@ -974,7 +974,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public boolean deleteEvents(DeleteEventsCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); List ids = cmd.getIds(); boolean result = true; List permittedAccountIds = new ArrayList(); @@ -1098,8 +1098,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public Ternary, Integer>, List, Map> listHostsForMigrationOfVM(Long vmId, Long startIndex, Long pageSize) { - // access check - only root admin can migrate VM - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); if (!_accountMgr.isRootAdmin(caller.getId())) { if (s_logger.isDebugEnabled()) { s_logger.debug("Caller is not a root admin, permission denied to migrate the VM"); @@ -1276,8 +1275,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public Pair, List> listStoragePoolsForMigrationOfVolume(Long volumeId) { - // Access check - only root administrator can migrate volumes. - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); if (!_accountMgr.isRootAdmin(caller.getId())) { if (s_logger.isDebugEnabled()) { s_logger.debug("Caller is not a root admin, permission denied to migrate the volume"); @@ -1766,7 +1764,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe List permittedAccounts = new ArrayList(); ListProjectResourcesCriteria listProjectResourcesCriteria = null; if (isAllocated) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); Ternary domainIdRecursiveListProject = new Ternary( cmd.getDomainId(), cmd.isRecursive(), null); @@ -2259,8 +2257,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe throw new InvalidParameterValueException("ROOT domain can not be edited with a new name"); } - // check permissions - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); _accountMgr.checkAccess(caller, domain); // domain name is unique under the parent domain @@ -3311,7 +3308,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public ArrayList getCloudIdentifierResponse(long userId) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); // verify that user exists User user = _accountMgr.getUserIncludingRemoved(userId); @@ -3351,7 +3348,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe public Map listCapabilities(ListCapabilitiesCmd cmd) { Map capabilities = new HashMap(); - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); boolean securityGroupsEnabled = false; boolean elasticLoadBalancerEnabled = false; boolean KVMSnapshotEnabled = false; @@ -3417,7 +3414,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public InstanceGroupVO updateVmGroup(UpdateVMGroupCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); Long groupId = cmd.getId(); String groupName = cmd.getGroupName(); @@ -3535,7 +3532,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public SSHKeyPair createSSHKeyPair(CreateSSHKeyPairCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); Long projectId = cmd.getProjectId(); @@ -3559,7 +3556,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public boolean deleteSSHKeyPair(DeleteSSHKeyPairCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); Long projectId = cmd.getProjectId(); @@ -3587,7 +3584,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe String name = cmd.getName(); String fingerPrint = cmd.getFingerprint(); - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); List permittedAccounts = new ArrayList(); Ternary domainIdRecursiveListProject = new Ternary( @@ -3619,35 +3616,87 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override @ActionEvent(eventType = EventTypes.EVENT_REGISTER_SSH_KEYPAIR, eventDescription = "registering ssh keypair", async = true) public SSHKeyPair registerSSHKeyPair(RegisterSSHKeyPairCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); - - Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); - - SSHKeyPairVO existingPair = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName()); - if (existingPair != null) { - throw new InvalidParameterValueException("A key pair with name '" + cmd.getName() + "' already exists for this account."); - } - - existingPair = _sshKeyPairDao.findByPublicKey(owner.getAccountId(), owner.getDomainId(), cmd.getPublicKey()); - if (existingPair != null) { - throw new InvalidParameterValueException("A key pair with name '" + cmd.getPublicKey() + "' already exists for this account."); - } + Account owner = getOwner(cmd); + checkForKeyByName(cmd, owner); + checkForKeyByPublicKey(cmd, owner); String name = cmd.getName(); String key = cmd.getPublicKey(); try { key = URLDecoder.decode(key, "UTF-8"); } catch (UnsupportedEncodingException e) { + s_logger.warn("key decoding tried invain: " + e.getLocalizedMessage()); } + String publicKey = getPublicKeyFromKeyKeyMaterial(key); + String fingerprint = getFingerprint(publicKey); + + return createAndSaveSSHKeyPair(name, fingerprint, publicKey, null, owner); + } + + /** + * @param cmd + * @param owner + * @throws InvalidParameterValueException + */ + private void checkForKeyByPublicKey(RegisterSSHKeyPairCmd cmd, Account owner) throws InvalidParameterValueException { + SSHKeyPairVO existingPair = _sshKeyPairDao.findByPublicKey(owner.getAccountId(), owner.getDomainId(), cmd.getPublicKey()); + if (existingPair != null) { + throw new InvalidParameterValueException("A key pair with name '" + cmd.getPublicKey() + "' already exists for this account."); + } + } + + /** + * @param cmd + * @param owner + * @throws InvalidParameterValueException + */ + private void checkForKeyByName(RegisterSSHKeyPairCmd cmd, Account owner) throws InvalidParameterValueException { + SSHKeyPairVO existingPair = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName()); + if (existingPair != null) { + throw new InvalidParameterValueException("A key pair with name '" + cmd.getName() + "' already exists for this account."); + } + } + + /** + * @param publicKey + * @return + */ + private String getFingerprint(String publicKey) { + String fingerprint = SSHKeysHelper.getPublicKeyFingerprint(publicKey); + return fingerprint; + } + + /** + * @param key + * @return + * @throws InvalidParameterValueException + */ + private String getPublicKeyFromKeyKeyMaterial(String key) throws InvalidParameterValueException { String publicKey = SSHKeysHelper.getPublicKeyFromKeyMaterial(key); if (publicKey == null) { throw new InvalidParameterValueException("Public key is invalid"); } + return publicKey; + } - String fingerprint = SSHKeysHelper.getPublicKeyFingerprint(publicKey); + /** + * @param cmd + * @return + */ + private Account getOwner(RegisterSSHKeyPairCmd cmd) { + Account caller = getCaller(); - return createAndSaveSSHKeyPair(name, fingerprint, publicKey, null, owner); + Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); + return owner; + } + + /** + * @return + */ + private Account getCaller() { + Account caller = CallContext.current().getCallingAccount(); + return caller; } private SSHKeyPair createAndSaveSSHKeyPair(String name, String fingerprint, String publicKey, String privateKey, Account owner) { @@ -3667,7 +3716,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Override public String getVMPassword(GetVMPasswordCmd cmd) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); UserVmVO vm = _userVmDao.findById(cmd.getId()); if (vm == null) { @@ -3843,7 +3892,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe } private VirtualMachine upgradeStoppedSystemVm(Long systemVmId, Long serviceOfferingId, Map customparameters) { - Account caller = CallContext.current().getCallingAccount(); + Account caller = getCaller(); VMInstanceVO systemVm = _vmInstanceDao.findByIdTypes(systemVmId, VirtualMachine.Type.ConsoleProxy, VirtualMachine.Type.SecondaryStorageVm); if (systemVm == null) {