Skip to content

Commit 091c65b

Browse files
YarsinCitrixlindig
YarsinCitrix
authored and
lindig
committed
CA-273239: Template-xxx CLI commands are allowed on non-template VMs (xapi-project#3337)
* CA-273239: Template-xxx CLI commands are allowed on non-template VMs In this change, restriction is added to xe command template-export and template-uninstall to ensure the uuid referred is VM template rather than real VM. Signed-off-by: Yarsin He <[email protected]>
1 parent 2b33cf7 commit 091c65b

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

ocaml/xapi/cli_operations.ml

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2640,9 +2640,15 @@ let vm_uninstall fd printer rpc session_id params =
26402640
let snapshots = List.flatten (List.map (fun vm -> Client.VM.get_snapshots rpc session_id vm) vms) in
26412641
vm_uninstall_common fd printer rpc session_id params (vms @ snapshots)
26422642

2643+
let get_templateVM_by_uuid rpc session_id template_uuid =
2644+
let template_ref = Client.VM.get_by_uuid rpc session_id template_uuid in
2645+
if not (Client.VM.get_is_a_template rpc session_id template_ref) then
2646+
failwith (Printf.sprintf "This operation can only be performed on a VM template. %s is not a VM template." template_uuid);
2647+
template_ref
2648+
26432649
let template_uninstall fd printer rpc session_id params =
26442650
let uuid = List.assoc "template-uuid" params in
2645-
let vm = Client.VM.get_by_uuid rpc session_id uuid in
2651+
let vm = get_templateVM_by_uuid rpc session_id uuid in
26462652
vm_uninstall_common fd printer rpc session_id params [ vm ]
26472653

26482654
let vm_clone_aux clone_op cloned_string printer include_template_vms rpc session_id params =
@@ -3827,8 +3833,9 @@ let vm_export_aux obj_type fd printer rpc session_id params =
38273833
let num = ref 1 in
38283834
let uuid = List.assoc (obj_type ^ "-uuid") params in
38293835
let ref = Client.VM.get_by_uuid rpc session_id uuid in
3830-
if obj_type = "snapshot" then
3831-
if not (Client.VM.get_is_a_snapshot rpc session_id ref) then
3836+
if obj_type = "template" && not (Client.VM.get_is_a_template rpc session_id ref) then
3837+
failwith (Printf.sprintf "This operation can only be performed on a VM template. %s is not a VM template." uuid);
3838+
if obj_type = "snapshot" && not (Client.VM.get_is_a_snapshot rpc session_id ref) then
38323839
failwith (Printf.sprintf "This operation can only be performed on a VM snapshot. %s is not a VM snapshot." uuid);
38333840
export_common fd printer rpc session_id params filename num use_compression preserve_power_state (vm_record rpc session_id ref)
38343841

0 commit comments

Comments
 (0)