[Kimchi-devel] [PATCHv2 6/7] Move validation to user and host

lvroyce0210 at gmail.com lvroyce0210 at gmail.com
Tue Oct 28 13:37:44 UTC 2014


From: Royce Lv <lvroyce at linux.vnet.ibm.com>

Put validation in user and group class instead of validate
in metadata update, so that different type of authorization
can use their own authentication to validate input value.

Signed-off-by: Royce Lv <lvroyce at linux.vnet.ibm.com>
---
 src/kimchi/model/host.py | 30 ++++++++++++++++++++++++++++++
 src/kimchi/model/vms.py  | 16 ++++++++--------
 2 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/src/kimchi/model/host.py b/src/kimchi/model/host.py
index a2f0941..cd47118 100644
--- a/src/kimchi/model/host.py
+++ b/src/kimchi/model/host.py
@@ -470,6 +470,9 @@ class UsersModel(object):
     def get_list(self, **args):
         return self.user._get_list(**args)
 
+    def validate(self, user):
+        return self.user.validate(user)
+
 
 class PAMUsersModel(UsersModel):
     auth_type = 'pam'
@@ -480,6 +483,13 @@ class PAMUsersModel(UsersModel):
         return [user.pw_name for user in pwd.getpwall()
                 if user.pw_shell.rsplit("/")[-1] not in ["nologin", "false"]]
 
+    def validate(self, user):
+        try:
+            user = pwd.getpwnam(user)
+            return user.pw_shell.rsplit("/")[-1] not in ["nologin", "false"]
+        except:
+            return False
+
 
 class LDAPUsersModel(UsersModel):
     auth_type = 'ldap'
@@ -489,6 +499,13 @@ class LDAPUsersModel(UsersModel):
     def _get_list(self, _user_id=''):
         return self._get_user(_user_id)
 
+    def validate(self, user):
+        try:
+            self._get_user(user)
+            return True
+        except NotFoundError:
+            return False
+
     def _get_user(self, _user_id):
         ldap_server = config.get("authentication", "ldap_server").strip('"')
         ldap_search_base = config.get(
@@ -522,6 +539,9 @@ class GroupsModel(object):
         else:
             return list()
 
+    def validate(self, gid):
+        return self.grp.validate(gid)
+
 
 class PAMGroupsModel(GroupsModel):
     auth_type = 'pam'
@@ -531,8 +551,18 @@ class PAMGroupsModel(GroupsModel):
     def _get_list(self):
         return [group.gr_name for group in grp.getgrall()]
 
+    def validate(self, gid):
+        try:
+            grp.getgrnam(gid)
+        except KeyError:
+            return False
+        return True
+
 
 class LDAPGroupsModel(GroupsModel):
     auth_type = 'ldap'
     def __init__(self, **kargs):
         pass
+
+    def validate(self, gid):
+        return False
diff --git a/src/kimchi/model/vms.py b/src/kimchi/model/vms.py
index 58686cd..777930d 100644
--- a/src/kimchi/model/vms.py
+++ b/src/kimchi/model/vms.py
@@ -266,16 +266,16 @@ class VMModel(object):
         users = groups = None
         if "users" in params:
             users = params["users"]
-            invalid_users = set(users) - set(self.users.get_list())
-            if len(invalid_users) != 0:
-                raise InvalidParameter("KCHVM0027E",
-                                       {'users': ", ".join(invalid_users)})
+            for user in users:
+                if not self.users.validate(user):
+                    raise InvalidParameter("KCHVM0027E",
+                                           {'users': user})
         if "groups" in params:
             groups = params["groups"]
-            invalid_groups = set(groups) - set(self.groups.get_list())
-            if len(invalid_groups) != 0:
-                raise InvalidParameter("KCHVM0028E",
-                                       {'groups': ", ".join(invalid_groups)})
+            for group in groups:
+                if not self.groups.validate(group):
+                    raise InvalidParameter("KCHVM0028E",
+                                           {'groups': group})
 
         if users is None and groups is None:
             return
-- 
1.8.3.2




More information about the Kimchi-devel mailing list