import struct
import threading
import xmlrpclib
+import sys
import accounts
import database
import sliver_vs
import ticket
import tools
-
+from api_calls import *
+try:
+ sys.path.append("/etc/planetlab")
+ from plc_config import *
+except:
+ logger.log("api: Warning: Configuration file /etc/planetlab/plc_config.py not found", 2)
+ PLC_SLICE_PREFIX="pl"
+ logger.log("api: Warning: admin slice prefix set to %s" %(PLC_SLICE_PREFIX), 2)
API_SERVER_PORT = 812
UNIX_ADDR = '/tmp/sliver_mgr.api'
-deliver_ticket = None # set in sm.py:start()
-
-from api_calls import *
-
class APIRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
# overriding _dispatch to achieve this effect is officially deprecated,
# but I can't figure out how to get access to .request without
ucred = self.request.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, sizeof_struct_ucred)
xid = struct.unpack('3i', ucred)[2]
caller_name = pwd.getpwuid(xid)[0]
- if method_name not in ('ReCreate', 'Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'):
+ # Special case the genicw
+ if method_name == "AdminTicket":
+ if caller_name == PLC_SLICE_PREFIX+"_genicw":
+ try: result = method(*args)
+ except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err)
+ else:
+ raise xmlrpclib.Fault(108, '%s: Permission denied.' % caller_name)
+ # Anyone can call these functions
+ elif method_name not in ('Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'):
+ # Authenticate the caller if not in the above fncts.
target_name = args[0]
+ # Gather target slice's object.
target_rec = database.db.get(target_name)
+ # only work on slivers. Sannity check.
if not (target_rec and target_rec['type'].startswith('sliver.')):
raise xmlrpclib.Fault(102, \
'Invalid argument: the first argument must be a sliver name.')
- if not caller_name in (target_name, target_rec['delegations']):
- raise xmlrpclib.Fault(108, 'Permission denied.')
- try: result = method(target_rec, *args[1:])
+ # only manipulate slivers who delegate you authority
+ if caller_name in (target_name, target_rec['delegations']):
+ try: result = method(target_rec, *args[1:])
+ except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err)
+ else:
+ raise xmlrpclib.Fault(108, '%s: Permission denied.' % caller_name)
+ else: # Execute anonymous call.
+ try: result = method(*args)
except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err)
- else: result = method(*args)
if result == None: result = 1
return result