X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=api.py;h=c0e360f02346ce35cd02f4d4e17eaab4f7eacc2c;hb=refs%2Fheads%2F1.8;hp=0eac3e055b4eeb5bc17646206c504897582007a1;hpb=fac3b5e83cd67c043ef6e25a9411e9e0b76b69e1;p=nodemanager.git diff --git a/api.py b/api.py index 0eac3e0..c0e360f 100644 --- a/api.py +++ b/api.py @@ -62,25 +62,28 @@ class APIRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): SO_PEERCRED = 17 sizeof_struct_ucred = 12 ucred = self.request.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, sizeof_struct_ucred) - xid = struct.unpack('3i', ucred)[2] + xid = struct.unpack('3i', ucred)[1] caller_name = pwd.getpwuid(xid)[0] # Special case the genicw - if method_name == "AdminTicket": - if caller_name == 'PLC_SLICE_PREFIX'+"_genicw": - try: result = method(*args) - except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err) - else: - raise xmlrpclib.Fault(108, '%s: Permission denied.' % caller_name) + if caller_name == PLC_SLICE_PREFIX+"_sfacm": + try: result = method(*args) + except Exception, err: raise xmlrpclib.Fault(104, 'Error in call: %s' %err) # Anyone can call these functions - elif method_name not in ('ReCreate', 'Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'): + elif method_name not in ('Help', 'Ticket', 'GetXIDs', 'GetSSHKeys'): # Authenticate the caller if not in the above fncts. - target_name = args[0] + if method_name == "GetRecord": + target_name = caller_name + else: + target_name = args[0] + # Gather target slice's object. target_rec = database.db.get(target_name) - # only work on slivers. Sannity check. + + # only work on slivers or self. Sannity check. if not (target_rec and target_rec['type'].startswith('sliver.')): raise xmlrpclib.Fault(102, \ 'Invalid argument: the first argument must be a sliver name.') + # only manipulate slivers who delegate you authority if caller_name in (target_name, target_rec['delegations']): try: result = method(target_rec, *args[1:])