From cced97c5fbe5699e06437c7d8730d3da5998616c Mon Sep 17 00:00:00 2001
From: alena <alena@cloud.com>
Date: Thu, 24 Mar 2011 11:24:24 -0700
Subject: [PATCH] ipAssoc - verify that ip owner is the same as the owner of
 the network we are assigning ip to

---
 .../com/cloud/network/NetworkManagerImpl.java   | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 0184cbec094..d009babb230 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -486,12 +486,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         Account caller = UserContext.current().getCaller();
         long userId = UserContext.current().getCallerUserId();
 
-        Account owner = _accountMgr.getActiveAccount(accountName, domainId);
-        if (owner == null) {
+        Account ipOwner = _accountMgr.getActiveAccount(accountName, domainId);
+        if (ipOwner == null) {
             throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", permission denied");
         }
 
-        _accountMgr.checkAccess(caller, owner);
+        _accountMgr.checkAccess(caller, ipOwner);
         
         if(zoneId != null){
 	        DataCenterVO zone = _dcDao.findById(zoneId);
@@ -504,7 +504,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 				throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: "+ zoneId );
 			}
         }
-        long ownerId = owner.getId();
+        long ownerId = ipOwner.getId();
         Long networkId = cmd.getNetworkId();
         Network network = null;
         if (networkId != null) {
@@ -513,6 +513,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 throw new InvalidParameterValueException("Network id is invalid: " + networkId);
             }
         }
+        
+        //Check that network belongs to IP owner
+        if (network.getAccountId() != ipOwner.getId()) {
+            throw new InvalidParameterValueException("The owner of the network is not the same as owner of the IP");
+        }
 
         PublicIp ip = null;
 
@@ -541,7 +546,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             }
 
             txn.start();
-            ip = fetchNewPublicIp(zoneId, null, null, owner, VlanType.VirtualNetwork, network.getId(), false, false);
+            ip = fetchNewPublicIp(zoneId, null, null, ipOwner, VlanType.VirtualNetwork, network.getId(), false, false);
 
             if (ip == null) {
                 throw new InsufficientAddressCapacityException("Unable to find available public IP addresses", DataCenter.class, zoneId);
@@ -549,7 +554,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             UserContext.current().setEventDetails("Ip Id: "+ip.getId());
             Ip ipAddress = ip.getAddress();
 
-            s_logger.debug("Got " + ipAddress + " to assign for account " + owner.getId() + " in zone " + network.getDataCenterId());
+            s_logger.debug("Got " + ipAddress + " to assign for account " + ipOwner.getId() + " in zone " + network.getDataCenterId());
 
             txn.commit();
         } finally {