From 02d4434572fcfeea988932780ce534fac4a122b0 Mon Sep 17 00:00:00 2001 From: Danilo Del Busso Date: Thu, 28 Oct 2021 12:36:10 +0100 Subject: [PATCH] CA-359709: Add RBAC check to `BugToolWizard.cs` Signed-off-by: Danilo Del Busso --- .../BugToolWizardFiles/BugToolWizard.cs | 44 ++++++++++++++++++- .../Actions/Host/SingleHostStatusAction.cs | 10 +++++ 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs b/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs index 07399c667..93df7d750 100644 --- a/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs +++ b/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs @@ -30,6 +30,7 @@ */ +using System; using System.Collections.Generic; using System.Linq; using System.Windows.Forms; @@ -39,6 +40,8 @@ using XenAPI; using XenAdmin.Wizards.BugToolWizardFiles; using XenAdmin.Dialogs; using XenAdmin.Actions; +using XenAdmin.Network; +using XenAdmin.Wizards.GenericPages; namespace XenAdmin.Wizards { @@ -48,6 +51,7 @@ namespace XenAdmin.Wizards private readonly GenericSelectHostsPage bugToolPageSelectHosts1; private readonly BugToolPageSelectCapabilities bugToolPageSelectCapabilities1; + private readonly RBACWarningPage rbacWarningPage; private readonly BugToolPageRetrieveData bugToolPageRetrieveData; private readonly BugToolPageDestination bugToolPageDestination1; @@ -63,6 +67,7 @@ namespace XenAdmin.Wizards bugToolPageSelectHosts1 = new GenericSelectHostsPage(); bugToolPageSelectCapabilities1 = new BugToolPageSelectCapabilities(); + rbacWarningPage = new RBACWarningPage(); bugToolPageRetrieveData = new BugToolPageRetrieveData(); bugToolPageDestination1 = new BugToolPageDestination(); @@ -133,14 +138,51 @@ namespace XenAdmin.Wizards protected override void UpdateWizardContent(XenTabPage senderPage) { var prevPageType = senderPage.GetType(); - if (prevPageType == typeof(GenericSelectHostsPage)) { bugToolPageRetrieveData.SelectedHosts = bugToolPageSelectHosts1.SelectedHosts; + + var selectedHostsConnections = bugToolPageSelectHosts1.SelectedHosts.Select(host => host.Connection).ToList(); + + if (selectedHostsConnections.Any(ConnectionRequiresRBAC)) + { + ConfigureRbacPage(selectedHostsConnections, SingleHostStatusAction.StaticRBACDependencies, Messages.RBAC_CROSS_POOL_MIGRATE_VM_BLOCKED); + AddAfterPage(bugToolPageSelectHosts1, rbacWarningPage); + } } else if (prevPageType == typeof(BugToolPageSelectCapabilities)) { bugToolPageRetrieveData.CapabilityList = bugToolPageSelectCapabilities1.Capabilities; + + } + } + + private static bool ConnectionRequiresRBAC(IXenConnection connection) + { + if (connection == null) + throw new NullReferenceException("RBAC check was given a null connection"); + + if (connection.Session.IsLocalSuperuser) + return false; + + return Helpers.GetCoordinator(connection).external_auth_type != Auth.AUTH_TYPE_NONE; + } + + private void ConfigureRbacPage(IEnumerable connectionsToCheck, RbacMethodList apiMethodsToCheck, string pageMessage) + { + rbacWarningPage.ClearPermissionChecks(); + var permissionCheck = new RBACWarningPage.WizardPermissionCheck(pageMessage) { Blocking = true }; + permissionCheck.AddApiCheckRange(apiMethodsToCheck); + + var connectionsAdded = new List(); + + foreach (var connection in connectionsToCheck) + { + if (!connectionsAdded.Contains(connection)) + { + rbacWarningPage.AddPermissionChecks(connection, permissionCheck); + connectionsAdded.Add(connection); + } } } diff --git a/XenModel/Actions/Host/SingleHostStatusAction.cs b/XenModel/Actions/Host/SingleHostStatusAction.cs index 5640f602f..4acd78f2c 100644 --- a/XenModel/Actions/Host/SingleHostStatusAction.cs +++ b/XenModel/Actions/Host/SingleHostStatusAction.cs @@ -58,6 +58,16 @@ namespace XenAdmin.Actions public long DataTransferred; + public static RbacMethodList StaticRBACDependencies + { + get + { + var list = new RbacMethodList("HTTP/get_system_status"); + list.AddRange(Role.CommonSessionApiList); + list.AddRange(Role.CommonTaskApiList); + return list; + } + } protected override void Run() { Description = string.Format(Messages.ACTION_SYSTEM_STATUS_COMPILING, Helpers.GetName(host));