(Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems) is an infrastructure for implementing "cloud computing" on clusters (compatible with Amazon’s EC2 interface, but designed to support multiple client-side interfaces).
| AclUtils.java (eucalyptus-4.4.1) | : | AclUtils.java (eucalyptus-4.4.2) |
|---|
| | |
| skipping to change at line 106 | | skipping to change at line 106 |
|---|
| } catch (IllegalArgumentException e) { | | } catch (IllegalArgumentException e) { |
| LOG.warn("Unknown group id requested for membership check: " + groupId); | | LOG.warn("Unknown group id requested for membership check: " + groupId); |
| return false; | | return false; |
| } | | } |
| } | | } |
| | |
| /** | | /** |
| * Just checks the basic S3 groups for membership of the userId. Caller must e
nsure that the userId is a valid ID in the system. That is outside the | | * Just checks the basic S3 groups for membership of the userId. Caller must e
nsure that the userId is a valid ID in the system. That is outside the |
| * scope of this method. | | * scope of this method. |
| * | | * |
|
| * @param userId | | * @param userId The s3 user id, i.e. the accounts canonical identifier |
| * @param group | | * @param group The group to check membership of |
| * @return | | * @return true if a member |
| */ | | */ |
| public static boolean isUserMember(String userId, ObjectStorageProperties.S3_G
ROUP group) { | | public static boolean isUserMember(String userId, ObjectStorageProperties.S3_G
ROUP group) { |
|
| if (group == null) { | | if ( group == null || Strings.isNullOrEmpty( userId ) ) { |
| return false; | | return false; |
| } | | } |
| | |
| if (ObjectStorageProperties.S3_GROUP.ALL_USERS_GROUP.equals(group)) { | | if (ObjectStorageProperties.S3_GROUP.ALL_USERS_GROUP.equals(group)) { |
| return true; | | return true; |
| } | | } |
| | |
|
| if (ObjectStorageProperties.S3_GROUP.AUTHENTICATED_USERS_GROUP.equals(group) | | if (ObjectStorageProperties.S3_GROUP.AUTHENTICATED_USERS_GROUP.equals(group) |
| && !Strings.isNullOrEmpty(userId) | | && |
| && !userId.equals(Principals.nobodyUser().getUserId())) { | | !Principals.nobodyUser( ).getCanonicalId( ).equals( userId ) ) { |
| return true; | | return true; |
| } | | } |
| | |
|
| boolean isSystemAdmin = false; | | if (ObjectStorageProperties.S3_GROUP.AWS_EXEC_READ.equals(group)) { |
| try { | | try { |
| isSystemAdmin = (Principals.systemUser().getUserId().equals(userId) || Acc | | return Accounts.lookupSystemAccountByAlias( AccountIdentifiers.AWS_EXEC_ |
| ounts.lookupSystemAdmin().getUserId().equals(userId)); | | READ_SYSTEM_ACCOUNT ).getCanonicalId( ) |
| } catch (AuthException e) { | | .equals( userId ); |
| // Fall through | | } catch (AuthException e) { |
| LOG.debug("Got auth exception trying to lookup system admin user for group | | // Fall through |
| membership check in ec2-bundle-read", e); | | LOG.debug("Got auth exception trying to lookup aws-exec-read admin user |
| } | | for group membership check in ec2-bundle-read", e); |
| | | } |
| boolean isAWSExecReadUser = false; | | } |
| try { | | |
| isAWSExecReadUser = Accounts.lookupSystemAccountByAlias( AccountIdentifier | | // System or euca/admin only in logging and ec2-bundle-read groups |
| s.AWS_EXEC_READ_SYSTEM_ACCOUNT ).getUserId( ).equals( userId ); | | if (ObjectStorageProperties.S3_GROUP.EC2_BUNDLE_READ.equals(group) || |
| } catch (AuthException e) { | | ObjectStorageProperties.S3_GROUP.LOGGING_GROUP.equals(group)) { |
| // Fall through | | try { |
| LOG.debug("Got auth exception trying to lookup aws-exec-read admin user fo | | return |
| r group membership check in ec2-bundle-read", e); | | Principals.systemUser( ).getCanonicalId( ).equals(userId) || |
| } | | Accounts.lookupSystemAdmin( ).getCanonicalId( ).equals(userId); |
| | | } catch (AuthException e) { |
| if (ObjectStorageProperties.S3_GROUP.AWS_EXEC_READ.equals(group) && isAWSExe | | // Fall through |
| cReadUser) { | | LOG.debug("Got auth exception trying to lookup system admin user for gro |
| return true; | | up membership check in ec2-bundle-read", e); |
| } | | } |
| | |
| // System only (or euca/admin) in the ec2-bundle-read group | | |
| if (ObjectStorageProperties.S3_GROUP.EC2_BUNDLE_READ.equals(group) && isSyst | | |
| emAdmin) { | | |
| return true; | | |
| } | | |
| | |
| // System or euca/admin only in logging | | |
| if (ObjectStorageProperties.S3_GROUP.LOGGING_GROUP.equals(group) && isSystem | | |
| Admin) { | | |
| return true; | | |
| } | | } |
| | |
| return false; | | return false; |
| } | | } |
| | |
| /** | | /** |
| * Utility class for passing pairs of canonicalIds around without using someth
ing ambiguous like an String-array. | | * Utility class for passing pairs of canonicalIds around without using someth
ing ambiguous like an String-array. |
| * | | * |
| * @author zhill | | * @author zhill |
| */ | | */ |
| | | |
| End of changes. 4 change blocks. |
|---|
| 42 lines changed or deleted | | 31 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 