X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=api.py;h=c0e360f02346ce35cd02f4d4e17eaab4f7eacc2c;hb=refs%2Fheads%2F1.8;hp=0e51ba3cfe698617c5e74b4a883e99e9fd6b0e32;hpb=85c55d2994fa59ee82327edb57bfae01227464bd;p=nodemanager.git diff --git a/api.py b/api.py index 0e51ba3..c0e360f 100644 --- a/api.py +++ b/api.py @@ -62,25 +62,28 @@ class APIRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): SO_PEERCRED = 17 sizeof_struct_ucred = 12 ucred = self.request.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, sizeof_struct_ucred) - xid = struct.unpack('3i', ucred)[2] + xid = struct.unpack('3i', ucred)[1] caller_name = pwd.getpwuid(xid)[0] # Special case the genicw - if method_name == "AdminTicket": - if caller_name == PLC_SLICE_PREFIX+"_genicw": - try: result = method(*args) - except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err) - else: - raise xmlrpclib.Fault(108, '%s: Permission denied.' % caller_name) + if caller_name == PLC_SLICE_PREFIX+"_sfacm": + try: result = method(*args) + except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err) # Anyone can call these functions elif method_name not in ('Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'): # Authenticate the caller if not in the above fncts. - target_name = args[0] + if method_name == "GetRecord": + target_name = caller_name + else: + target_name = args[0] + # Gather target slice's object. target_rec = database.db.get(target_name) - # only work on slivers. Sannity check. + + # only work on slivers or self. Sannity check. if not (target_rec and target_rec['type'].startswith('sliver.')): raise xmlrpclib.Fault(102, \ 'Invalid argument: the first argument must be a sliver name.') + # only manipulate slivers who delegate you authority if caller_name in (target_name, target_rec['delegations']): try: result = method(target_rec, *args[1:])