@Override
  public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
    Map<String, String> configs = _configDao.getConfiguration(params);

    _userLimit = NumbersUtil.parseInt(configs.get(Config.RemoteAccessVpnUserLimit.key()), 8);

    _clientIpRange = configs.get(Config.RemoteAccessVpnClientIpRange.key());

    _pskLength = NumbersUtil.parseInt(configs.get(Config.RemoteAccessVpnPskLength.key()), 24);

    validateRemoteAccessVpnConfiguration();

    VpnSearch = _remoteAccessVpnDao.createSearchBuilder();
    VpnSearch.and("accountId", VpnSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
    SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
    domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
    VpnSearch.join(
        "domainSearch",
        domainSearch,
        VpnSearch.entity().getDomainId(),
        domainSearch.entity().getId(),
        JoinBuilder.JoinType.INNER);
    VpnSearch.done();

    return true;
  }
예제 #2
0
  private Long accountAndUserValidation(
      Account account, Long userId, UserVmVO vmInstanceCheck, VMTemplateVO template, String msg)
      throws PermissionDeniedException {

    if (account != null) {
      if (!isAdmin(account.getType())) {
        if ((vmInstanceCheck != null) && (account.getId() != vmInstanceCheck.getAccountId())) {
          throw new PermissionDeniedException(msg + ". Permission denied.");
        }

        if ((template != null)
            && (!template.isPublicTemplate()
                && (account.getId() != template.getAccountId())
                && (template.getTemplateType() != TemplateType.PERHOST))) {
          throw new PermissionDeniedException(msg + ". Permission denied.");
        }

      } else {
        if ((vmInstanceCheck != null)
            && !_domainDao.isChildDomain(account.getDomainId(), vmInstanceCheck.getDomainId())) {
          throw new PermissionDeniedException(msg + ". Permission denied.");
        }
        // FIXME: if template/ISO owner is null we probably need to
        // throw some kind of exception

        if (template != null) {
          Account templateOwner = _accountDao.findById(template.getAccountId());
          if ((templateOwner != null)
              && !_domainDao.isChildDomain(account.getDomainId(), templateOwner.getDomainId())) {
            throw new PermissionDeniedException(msg + ". Permission denied.");
          }
        }
      }
    }
    // If command is executed via 8096 port, set userId to the id of System
    // account (1)
    if (userId == null) {
      userId = new Long(1);
    }

    return userId;
  }
  @Override
  public List<SecurityGroupRulesVO> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd)
      throws PermissionDeniedException, InvalidParameterValueException {
    Account caller = UserContext.current().getCaller();
    Long domainId = cmd.getDomainId();
    String accountName = cmd.getAccountName();
    Long instanceId = cmd.getVirtualMachineId();
    String securityGroup = cmd.getSecurityGroupName();
    Long id = cmd.getId();
    Long accountId = null;

    if (instanceId != null) {
      UserVmVO userVM = _userVMDao.findById(instanceId);
      if (userVM == null) {
        throw new InvalidParameterValueException(
            "Unable to list network groups for virtual machine instance "
                + instanceId
                + "; instance not found.");
      }
      _accountMgr.checkAccess(caller, null, userVM);
      return listSecurityGroupRulesByVM(instanceId.longValue());
    }

    if (_accountMgr.isAdmin(caller.getType())) {
      if (domainId != null) {
        Domain domain = _domainMgr.getDomain(domainId);
        if (domain == null) {
          throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
        }
        _accountMgr.checkAccess(caller, domain);
        if (accountName != null) {
          Account account = _accountMgr.getActiveAccountByName(accountName, domainId);
          if (account == null) {
            throw new InvalidParameterValueException(
                "Unable to find account " + accountName + " in domain " + domainId);
          }
          _accountMgr.checkAccess(caller, null, account);
          accountId = account.getId();
        }
      }
    } else {
      // regular user can see only his own security groups
      accountId = caller.getId();
    }

    List<SecurityGroupRulesVO> securityRulesList = new ArrayList<SecurityGroupRulesVO>();
    Filter searchFilter =
        new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
    Object keyword = cmd.getKeyword();

    SearchBuilder<SecurityGroupVO> sb = _securityGroupDao.createSearchBuilder();
    sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
    sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
    sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
    sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);

    // only do a recursive domain search if the search is not limited by account or instance
    if ((accountId == null)
        && (instanceId == null)
        && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
      SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
      domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
      sb.join(
          "domainSearch",
          domainSearch,
          sb.entity().getDomainId(),
          domainSearch.entity().getId(),
          JoinBuilder.JoinType.INNER);
    }

    SearchCriteria<SecurityGroupVO> sc = sb.create();

    if (id != null) {
      sc.setParameters("id", id);
    }

    if (securityGroup != null) {
      sc.setParameters("name", securityGroup);
    }

    if (accountId != null) {
      sc.setParameters("accountId", accountId);
    }

    // only do a recursive domain search if the search is not limited by account or instance
    if ((accountId == null)
        && (instanceId == null)
        && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
      DomainVO domain = _domainDao.findById(caller.getDomainId());
      sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%");
    }

    if (keyword != null) {
      SearchCriteria<SecurityGroupRulesVO> ssc = _securityGroupRulesDao.createSearchCriteria();
      ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
      ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");
      sc.addAnd("name", SearchCriteria.Op.SC, ssc);
    }

    List<SecurityGroupVO> securityGroups = _securityGroupDao.search(sc, searchFilter);
    for (SecurityGroupVO group : securityGroups) {
      securityRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId()));
    }

    return securityRulesList;
  }
  @Override
  public Set<Pair<Long, Long>> searchTemplates(
      String name,
      String keyword,
      TemplateFilter templateFilter,
      boolean isIso,
      List<HypervisorType> hypers,
      Boolean bootable,
      DomainVO domain,
      Long pageSize,
      Long startIndex,
      Long zoneId,
      HypervisorType hyperType,
      boolean onlyReady,
      boolean showDomr,
      List<Account> permittedAccounts,
      Account caller,
      ListProjectResourcesCriteria listProjectResourcesCriteria) {
    StringBuilder builder = new StringBuilder();
    if (!permittedAccounts.isEmpty()) {
      for (Account permittedAccount : permittedAccounts) {
        builder.append(permittedAccount.getAccountId() + ",");
      }
    }

    String permittedAccountsStr = builder.toString();

    if (permittedAccountsStr.length() > 0) {
      // chop the "," off
      permittedAccountsStr = permittedAccountsStr.substring(0, permittedAccountsStr.length() - 1);
    }

    Transaction txn = Transaction.currentTxn();
    txn.start();

    /* Use LinkedHashSet here to guarantee iteration order */
    Set<Pair<Long, Long>> templateZonePairList = new LinkedHashSet<Pair<Long, Long>>();
    PreparedStatement pstmt = null;
    ResultSet rs = null;
    StringBuilder relatedDomainIds = new StringBuilder();
    String sql = SELECT_TEMPLATE_ZONE_REF;
    String groupByClause = "";
    try {
      // short accountType;
      // String accountId = null;
      String guestOSJoin = "";
      StringBuilder templateHostRefJoin = new StringBuilder();
      String dataCenterJoin = "";

      if (isIso && !hyperType.equals(HypervisorType.None)) {
        guestOSJoin =
            " INNER JOIN guest_os guestOS on (guestOS.id = t.guest_os_id) INNER JOIN guest_os_hypervisor goh on ( goh.guest_os_id = guestOS.id) ";
      }
      if (onlyReady) {
        templateHostRefJoin.append(
            " INNER JOIN  template_host_ref thr on (t.id = thr.template_id) INNER JOIN host h on (thr.host_id = h.id)");
        sql = SELECT_TEMPLATE_HOST_REF;
        groupByClause = " GROUP BY t.id, h.data_center_id ";
      }
      if ((templateFilter == TemplateFilter.featured)
          || (templateFilter == TemplateFilter.community)) {
        dataCenterJoin = " INNER JOIN data_center dc on (h.data_center_id = dc.id)";
      }

      sql += guestOSJoin + templateHostRefJoin + dataCenterJoin;
      String whereClause = "";

      // All joins have to be made before we start setting the condition settings
      if ((listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources
              || (!permittedAccounts.isEmpty()
                  && !(templateFilter == TemplateFilter.community
                      || templateFilter == TemplateFilter.featured)))
          && !(caller.getType() != Account.ACCOUNT_TYPE_NORMAL
              && templateFilter == TemplateFilter.all)) {
        whereClause += " INNER JOIN account a on (t.account_id = a.id)";
        if ((templateFilter == TemplateFilter.self
                || templateFilter == TemplateFilter.selfexecutable)
            && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN
                || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
          whereClause +=
              " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '"
                  + domain.getPath()
                  + "%'";
          if (listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources) {
            whereClause += " AND a.type != " + Account.ACCOUNT_TYPE_PROJECT;
          }
        } else if (listProjectResourcesCriteria
            == ListProjectResourcesCriteria.SkipProjectResources) {
          whereClause += " WHERE a.type != " + Account.ACCOUNT_TYPE_PROJECT;
        }
      }

      if (!permittedAccounts.isEmpty()) {
        for (Account account : permittedAccounts) {
          // accountType = account.getType();
          // accountId = Long.toString(account.getId());
          DomainVO accountDomain = _domainDao.findById(account.getDomainId());

          // get all parent domain ID's all the way till root domain
          DomainVO domainTreeNode = accountDomain;
          while (true) {
            relatedDomainIds.append(domainTreeNode.getId());
            relatedDomainIds.append(",");
            if (domainTreeNode.getParent() != null) {
              domainTreeNode = _domainDao.findById(domainTreeNode.getParent());
            } else {
              break;
            }
          }

          // get all child domain ID's
          if (isAdmin(account.getType())) {
            List<DomainVO> allChildDomains =
                _domainDao.findAllChildren(accountDomain.getPath(), accountDomain.getId());
            for (DomainVO childDomain : allChildDomains) {
              relatedDomainIds.append(childDomain.getId());
              relatedDomainIds.append(",");
            }
          }
          relatedDomainIds.setLength(relatedDomainIds.length() - 1);
        }
      }

      String attr = " AND ";
      if (whereClause.endsWith(" WHERE ")) {
        attr += " WHERE ";
      }

      if (!isIso) {
        if (hypers.isEmpty()) {
          return templateZonePairList;
        } else {
          StringBuilder relatedHypers = new StringBuilder();
          for (HypervisorType hyper : hypers) {
            relatedHypers.append("'");
            relatedHypers.append(hyper.toString());
            relatedHypers.append("'");
            relatedHypers.append(",");
          }
          relatedHypers.setLength(relatedHypers.length() - 1);
          whereClause += attr + " t.hypervisor_type IN (" + relatedHypers + ")";
        }
      }

      if (!permittedAccounts.isEmpty()
          && !(templateFilter == TemplateFilter.featured
              || templateFilter == TemplateFilter.community)
          && !isAdmin(caller.getType())) {
        whereClause += attr + "t.account_id IN (" + permittedAccountsStr + ")";
      }

      if (templateFilter == TemplateFilter.featured) {
        whereClause += attr + "t.public = 1 AND t.featured = 1";
        if (!permittedAccounts.isEmpty()) {
          whereClause +=
              attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
        }
      } else if (templateFilter == TemplateFilter.self
          || templateFilter == TemplateFilter.selfexecutable) {
        whereClause += " AND t.account_id IN (" + permittedAccountsStr + ")";
      } else if (templateFilter == TemplateFilter.sharedexecutable) {
        whereClause +=
            " LEFT JOIN launch_permission lp ON t.id = lp.template_id WHERE"
                + " (t.account_id IN ("
                + permittedAccountsStr
                + ") OR"
                + " lp.account_id IN ("
                + permittedAccountsStr
                + "))";
      } else if (templateFilter == TemplateFilter.executable && !permittedAccounts.isEmpty()) {
        whereClause += attr + "(t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))";
      } else if (templateFilter == TemplateFilter.community) {
        whereClause += attr + "t.public = 1 AND t.featured = 0";
        if (!permittedAccounts.isEmpty()) {
          whereClause +=
              attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
        }
      } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && !isIso) {
        return templateZonePairList;
      }

      if (whereClause.equals("")) {
        whereClause += " WHERE ";
      } else if (!whereClause.equals(" WHERE ")) {
        whereClause += " AND ";
      }

      sql +=
          whereClause
              + getExtrasWhere(
                  templateFilter,
                  name,
                  keyword,
                  isIso,
                  bootable,
                  hyperType,
                  zoneId,
                  onlyReady,
                  showDomr)
              + groupByClause
              + getOrderByLimit(pageSize, startIndex);

      pstmt = txn.prepareStatement(sql);
      rs = pstmt.executeQuery();
      while (rs.next()) {
        Pair<Long, Long> templateZonePair = new Pair<Long, Long>(rs.getLong(1), rs.getLong(2));
        templateZonePairList.add(templateZonePair);
      }

      // for now, defaulting pageSize to a large val if null; may need to revisit post 2.2RC2
      if (isIso
          && templateZonePairList.size() < (pageSize != null ? pageSize : 500)
          && templateFilter != TemplateFilter.community
          && !(templateFilter == TemplateFilter.self
              && !BaseCmd.isRootAdmin(
                  caller.getType()))) { // evaluates to true If root admin and filter=self
        List<VMTemplateVO> publicIsos = publicIsoSearch(bootable, false);
        for (int i = 0; i < publicIsos.size(); i++) {
          if (keyword != null && publicIsos.get(i).getName().contains(keyword)) {
            templateZonePairList.add(new Pair<Long, Long>(publicIsos.get(i).getId(), null));
            continue;
          } else if (name != null && publicIsos.get(i).getName().contains(name)) {
            templateZonePairList.add(new Pair<Long, Long>(publicIsos.get(i).getId(), null));
            continue;
          } else if (keyword == null && name == null) {
            templateZonePairList.add(new Pair<Long, Long>(publicIsos.get(i).getId(), null));
          }
        }
      }
    } catch (Exception e) {
      s_logger.warn("Error listing templates", e);
    } finally {
      try {
        if (rs != null) {
          rs.close();
        }
        if (pstmt != null) {
          pstmt.close();
        }
        txn.commit();
      } catch (SQLException sqle) {
        s_logger.warn("Error in cleaning up", sqle);
      }
    }

    return templateZonePairList;
  }
  @Override
  public List<LoadBalancerVO> searchForLoadBalancers(ListLoadBalancerRulesCmd cmd) {
    Account caller = UserContext.current().getCaller();
    Long ipId = cmd.getPublicIpId();
    Long zoneId = cmd.getZoneId();
    String path = null;

    Pair<String, Long> accountDomainPair =
        _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId());
    String accountName = accountDomainPair.first();
    Long domainId = accountDomainPair.second();

    if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN
        || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
      Domain domain = _domainMgr.getDomain(caller.getDomainId());
      path = domain.getPath();
    }

    Filter searchFilter =
        new Filter(LoadBalancerVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());

    Object id = cmd.getId();
    Object name = cmd.getLoadBalancerRuleName();
    Object keyword = cmd.getKeyword();
    Object instanceId = cmd.getVirtualMachineId();

    SearchBuilder<LoadBalancerVO> sb = _lbDao.createSearchBuilder();
    sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
    sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE);
    sb.and("sourceIpAddress", sb.entity().getSourceIpAddressId(), SearchCriteria.Op.EQ);
    sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
    sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);

    if (instanceId != null) {
      SearchBuilder<LoadBalancerVMMapVO> lbVMSearch = _lb2VmMapDao.createSearchBuilder();
      lbVMSearch.and("instanceId", lbVMSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
      sb.join(
          "lbVMSearch",
          lbVMSearch,
          sb.entity().getId(),
          lbVMSearch.entity().getLoadBalancerId(),
          JoinBuilder.JoinType.INNER);
    }

    if (path != null) {
      // for domain admin we should show only subdomains information
      SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
      domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
      sb.join(
          "domainSearch",
          domainSearch,
          sb.entity().getDomainId(),
          domainSearch.entity().getId(),
          JoinBuilder.JoinType.INNER);
    }

    if (zoneId != null) {
      SearchBuilder<IPAddressVO> ipSearch = _ipAddressDao.createSearchBuilder();
      ipSearch.and("zoneId", ipSearch.entity().getDataCenterId(), SearchCriteria.Op.EQ);
      sb.join(
          "ipSearch",
          ipSearch,
          sb.entity().getSourceIpAddressId(),
          ipSearch.entity().getId(),
          JoinBuilder.JoinType.INNER);
    }

    SearchCriteria<LoadBalancerVO> sc = sb.create();
    if (keyword != null) {
      SearchCriteria<LoadBalancerVO> ssc = _lbDao.createSearchCriteria();
      ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
      ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");

      sc.addAnd("name", SearchCriteria.Op.SC, ssc);
    }

    if (name != null) {
      sc.setParameters("name", "%" + name + "%");
    }

    if (id != null) {
      sc.setParameters("id", id);
    }

    if (ipId != null) {
      sc.setParameters("sourceIpAddress", ipId);
    }

    if (instanceId != null) {
      sc.setJoinParameters("lbVMSearch", "instanceId", instanceId);
    }

    if (domainId != null) {
      sc.setParameters("domainId", domainId);
      if (accountName != null) {
        Account account = _accountMgr.getActiveAccountByName(accountName, domainId);
        sc.setParameters("accountId", account.getId());
      }
    }

    if (path != null) {
      sc.setJoinParameters("domainSearch", "path", path + "%");
    }

    if (zoneId != null) {
      sc.setJoinParameters("ipSearch", "zoneId", zoneId);
    }

    return _lbDao.search(sc, searchFilter);
  }