X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=api.py;h=350cb25903e1997c0874c0c356e4b9be1656d84c;hb=c390a184ea29186aaab8f9fbd462757609983ff5;hp=0eac3e055b4eeb5bc17646206c504897582007a1;hpb=fac3b5e83cd67c043ef6e25a9411e9e0b76b69e1;p=nodemanager.git diff --git a/api.py b/api.py index 0eac3e0..350cb25 100644 --- a/api.py +++ b/api.py @@ -62,25 +62,31 @@ class APIRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): SO_PEERCRED = 17 sizeof_struct_ucred = 12 ucred = self.request.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, sizeof_struct_ucred) - xid = struct.unpack('3i', ucred)[2] + xid = struct.unpack('3i', ucred)[1] caller_name = pwd.getpwuid(xid)[0] # Special case the genicw if method_name == "AdminTicket": - if caller_name == 'PLC_SLICE_PREFIX'+"_genicw": + if caller_name == PLC_SLICE_PREFIX+"_genicw": try: result = method(*args) except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err) else: raise xmlrpclib.Fault(108, '%s: Permission denied.' % caller_name) # Anyone can call these functions - elif method_name not in ('ReCreate', 'Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'): + elif method_name not in ('Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'): # Authenticate the caller if not in the above fncts. - target_name = args[0] + if method_name == "GetRecord": + target_name = caller_name + else: + target_name = args[0] + # Gather target slice's object. target_rec = database.db.get(target_name) - # only work on slivers. Sannity check. + + # only work on slivers or self. Sannity check. if not (target_rec and target_rec['type'].startswith('sliver.')): raise xmlrpclib.Fault(102, \ 'Invalid argument: the first argument must be a sliver name.') + # only manipulate slivers who delegate you authority if caller_name in (target_name, target_rec['delegations']): try: result = method(target_rec, *args[1:])