External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-29 12:01:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
f9ada9f3d0
libvirt/src/conf/network_event.h

64 lines
2.3 KiB
C
Raw Normal View History

Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
/*
* network_event.h: network event queue processing helpers
*
event: make network events easier to use without casts While comparing network and domain events, I noticed that the test driver had to do a cast in one place and not the other. For consistency, we should hide the necessary casting as low as possible in the stack, with everything else using saner types. * src/conf/network_event.h (virNetworkEventStateRegisterID): Alter type. * src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist cast here. * src/test/test_driver.c (testConnectNetworkEventRegisterAny): Simplify callers. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 22:12:34 +00:00
* Copyright (C) 2014 Red Hat, Inc.
Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
* Copyright (C) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Author: Cedric Bosdonnat
*/
#include "internal.h"
#include "object_event.h"
#include "object_event_private.h"
event: filter global events by domain:getattr ACL [CVE-2014-0028] Ever since ACL filtering was added in commit 7639736 (v1.1.1), a user could still use event registration to obtain access to a domain that they could not normally access via virDomainLookup* or virConnectListAllDomains and friends. We already have the framework in the RPC generator for creating the filter, and previous cleanup patches got us to the point that we can now wire the filter through the entire object event stack. Furthermore, whether or not domain:getattr is honored, use of global events is a form of obtaining a list of networks, which is covered by connect:search_domains added in a93cd08 (v1.1.0). Ideally, we'd have a way to enforce connect:search_domains when doing global registrations while omitting that check on a per-domain registration. But this patch just unconditionally requires connect:search_domains, even when no list could be obtained, based on the following observations: 1. Administrators are unlikely to grant domain:getattr for one or all domains while still denying connect:search_domains - a user that is able to manage domains will want to be able to manage them efficiently, but efficient management includes being able to list the domains they can access. The idea of denying connect:search_domains while still granting access to individual domains is therefore not adding any real security, but just serves as a layer of obscurity to annoy the end user. 2. In the current implementation, domain events are filtered on the client; the server has no idea if a domain filter was requested, and must therefore assume that all domain event requests are global. Even if we fix the RPC protocol to allow for server-side filtering for newer client/server combos, making the connect:serach_domains ACL check conditional on whether the domain argument was NULL won't benefit older clients. Therefore, we choose to document that connect:search_domains is a pre-requisite to any domain event management. Network events need the same treatment, with the obvious change of using connect:search_networks and network:getattr. * src/access/viraccessperm.h (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS) (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional effect of the permission. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Add new parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/object_event_private.h (virObjectEventStateRegisterID): Likewise. * src/conf/object_event.c (_virObjectEventCallback): Track a filter. (virObjectEventDispatchMatchCallback): Use filter. (virObjectEventCallbackListAddID): Register filter. * src/conf/domain_event.c (virDomainEventFilter): New function. (virDomainEventStateRegister, virDomainEventStateRegisterID): Adjust callers. * src/conf/network_event.c (virNetworkEventFilter): New function. (virNetworkEventStateRegisterID): Adjust caller. * src/remote/remote_protocol.x (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER) (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY) (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a filter, and require connect:search_domains instead of weaker connect:read. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventRegisterAny) (testConnectNetworkEventRegisterAny): Update callers. * src/remote/remote_driver.c (remoteConnectDomainEventRegister) (remoteConnectDomainEventRegisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventRegisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventRegisterAny): Likewise. * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister) (qemuConnectDomainEventRegisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventRegisterAny): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 20:34:48 +00:00
#include "network_conf.h"
Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
#ifndef __NETWORK_EVENT_H__
# define __NETWORK_EVENT_H__
int
virNetworkEventStateRegisterID(virConnectPtr conn,
virObjectEventStatePtr state,
event: filter global events by domain:getattr ACL [CVE-2014-0028] Ever since ACL filtering was added in commit 7639736 (v1.1.1), a user could still use event registration to obtain access to a domain that they could not normally access via virDomainLookup* or virConnectListAllDomains and friends. We already have the framework in the RPC generator for creating the filter, and previous cleanup patches got us to the point that we can now wire the filter through the entire object event stack. Furthermore, whether or not domain:getattr is honored, use of global events is a form of obtaining a list of networks, which is covered by connect:search_domains added in a93cd08 (v1.1.0). Ideally, we'd have a way to enforce connect:search_domains when doing global registrations while omitting that check on a per-domain registration. But this patch just unconditionally requires connect:search_domains, even when no list could be obtained, based on the following observations: 1. Administrators are unlikely to grant domain:getattr for one or all domains while still denying connect:search_domains - a user that is able to manage domains will want to be able to manage them efficiently, but efficient management includes being able to list the domains they can access. The idea of denying connect:search_domains while still granting access to individual domains is therefore not adding any real security, but just serves as a layer of obscurity to annoy the end user. 2. In the current implementation, domain events are filtered on the client; the server has no idea if a domain filter was requested, and must therefore assume that all domain event requests are global. Even if we fix the RPC protocol to allow for server-side filtering for newer client/server combos, making the connect:serach_domains ACL check conditional on whether the domain argument was NULL won't benefit older clients. Therefore, we choose to document that connect:search_domains is a pre-requisite to any domain event management. Network events need the same treatment, with the obvious change of using connect:search_networks and network:getattr. * src/access/viraccessperm.h (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS) (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional effect of the permission. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Add new parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/object_event_private.h (virObjectEventStateRegisterID): Likewise. * src/conf/object_event.c (_virObjectEventCallback): Track a filter. (virObjectEventDispatchMatchCallback): Use filter. (virObjectEventCallbackListAddID): Register filter. * src/conf/domain_event.c (virDomainEventFilter): New function. (virDomainEventStateRegister, virDomainEventStateRegisterID): Adjust callers. * src/conf/network_event.c (virNetworkEventFilter): New function. (virNetworkEventStateRegisterID): Adjust caller. * src/remote/remote_protocol.x (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER) (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY) (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a filter, and require connect:search_domains instead of weaker connect:read. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventRegisterAny) (testConnectNetworkEventRegisterAny): Update callers. * src/remote/remote_driver.c (remoteConnectDomainEventRegister) (remoteConnectDomainEventRegisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventRegisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventRegisterAny): Likewise. * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister) (qemuConnectDomainEventRegisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventRegisterAny): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 20:34:48 +00:00
virNetworkObjListFilter filter,
Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
virNetworkPtr net,
int eventID,
event: make network events easier to use without casts While comparing network and domain events, I noticed that the test driver had to do a cast in one place and not the other. For consistency, we should hide the necessary casting as low as possible in the stack, with everything else using saner types. * src/conf/network_event.h (virNetworkEventStateRegisterID): Alter type. * src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist cast here. * src/test/test_driver.c (testConnectNetworkEventRegisterAny): Simplify callers. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-04 22:12:34 +00:00
virConnectNetworkEventGenericCallback cb,
Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
void *opaque,
virFreeCallback freecb,
event: add notion of remoteID for filtering client network events In order to mirror a server with per-object filtering, the client needs to track which server callbackID is servicing the client callback. This patch introduces the notion of a serverID, as well as the plumbing to use it for network events, although the actual complexity of using per-object filtering in the remote driver is deferred to a later patch. * src/conf/object_event.h (virObjectEventStateEventID): Add parameter. (virObjectEventStateQueueRemote, virObjectEventStateSetRemote): New prototypes. (virObjectEventStateRegisterID): Move... * src/conf/object_event_private.h: ...here, and add parameter. (_virObjectEvent): Add field. * src/conf/network_event.h (virNetworkEventStateRegisterClient): New prototype. * src/conf/object_event.c (_virObjectEventCallback): Add field. (virObjectEventStateSetRemote): New function. (virObjectEventStateQueue): Make wrapper around... (virObjectEventStateQueueRemote): New function. (virObjectEventCallbackListCount): Tweak return count when remote id matching is used. (virObjectEventCallbackLookup, virObjectEventStateRegisterID): Tweak registration when remote id matching will be used. (virObjectEventNew): Default to no remote id. (virObjectEventCallbackListAddID): Likewise, but set remote id when one is available. (virObjectEventCallbackListRemoveID) (virObjectEventCallbackListMarkDeleteID): Adjust return value when remote id was set. (virObjectEventStateEventID): Query existing id. (virObjectEventDispatchMatchCallback): Require matching event id. (virObjectEventStateCallbackID): Adjust caller. * src/conf/network_event.c (virNetworkEventStateRegisterClient): New function. (virNetworkEventStateRegisterID): Update caller. * src/conf/domain_event.c (virDomainEventStateRegister) (virDomainEventStateRegisterID): Update callers. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny) (remoteConnectNetworkEventDeregisterAny) (remoteConnectDomainEventDeregisterAny): Likewise. (remoteEventQueue): Hoist earlier to avoid forward declaration, and add parameter. Adjust all callers. * src/libvirt_private.syms (conf/object_event.h): Drop function. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 12:32:55 +00:00
int *callbackID)
event: filter global events by domain:getattr ACL [CVE-2014-0028] Ever since ACL filtering was added in commit 7639736 (v1.1.1), a user could still use event registration to obtain access to a domain that they could not normally access via virDomainLookup* or virConnectListAllDomains and friends. We already have the framework in the RPC generator for creating the filter, and previous cleanup patches got us to the point that we can now wire the filter through the entire object event stack. Furthermore, whether or not domain:getattr is honored, use of global events is a form of obtaining a list of networks, which is covered by connect:search_domains added in a93cd08 (v1.1.0). Ideally, we'd have a way to enforce connect:search_domains when doing global registrations while omitting that check on a per-domain registration. But this patch just unconditionally requires connect:search_domains, even when no list could be obtained, based on the following observations: 1. Administrators are unlikely to grant domain:getattr for one or all domains while still denying connect:search_domains - a user that is able to manage domains will want to be able to manage them efficiently, but efficient management includes being able to list the domains they can access. The idea of denying connect:search_domains while still granting access to individual domains is therefore not adding any real security, but just serves as a layer of obscurity to annoy the end user. 2. In the current implementation, domain events are filtered on the client; the server has no idea if a domain filter was requested, and must therefore assume that all domain event requests are global. Even if we fix the RPC protocol to allow for server-side filtering for newer client/server combos, making the connect:serach_domains ACL check conditional on whether the domain argument was NULL won't benefit older clients. Therefore, we choose to document that connect:search_domains is a pre-requisite to any domain event management. Network events need the same treatment, with the obvious change of using connect:search_networks and network:getattr. * src/access/viraccessperm.h (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS) (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional effect of the permission. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Add new parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/object_event_private.h (virObjectEventStateRegisterID): Likewise. * src/conf/object_event.c (_virObjectEventCallback): Track a filter. (virObjectEventDispatchMatchCallback): Use filter. (virObjectEventCallbackListAddID): Register filter. * src/conf/domain_event.c (virDomainEventFilter): New function. (virDomainEventStateRegister, virDomainEventStateRegisterID): Adjust callers. * src/conf/network_event.c (virNetworkEventFilter): New function. (virNetworkEventStateRegisterID): Adjust caller. * src/remote/remote_protocol.x (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER) (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY) (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a filter, and require connect:search_domains instead of weaker connect:read. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventRegisterAny) (testConnectNetworkEventRegisterAny): Update callers. * src/remote/remote_driver.c (remoteConnectDomainEventRegister) (remoteConnectDomainEventRegisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventRegisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventRegisterAny): Likewise. * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister) (qemuConnectDomainEventRegisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventRegisterAny): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-08 20:34:48 +00:00
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6)
ATTRIBUTE_NONNULL(9);
event: add notion of remoteID for filtering client network events In order to mirror a server with per-object filtering, the client needs to track which server callbackID is servicing the client callback. This patch introduces the notion of a serverID, as well as the plumbing to use it for network events, although the actual complexity of using per-object filtering in the remote driver is deferred to a later patch. * src/conf/object_event.h (virObjectEventStateEventID): Add parameter. (virObjectEventStateQueueRemote, virObjectEventStateSetRemote): New prototypes. (virObjectEventStateRegisterID): Move... * src/conf/object_event_private.h: ...here, and add parameter. (_virObjectEvent): Add field. * src/conf/network_event.h (virNetworkEventStateRegisterClient): New prototype. * src/conf/object_event.c (_virObjectEventCallback): Add field. (virObjectEventStateSetRemote): New function. (virObjectEventStateQueue): Make wrapper around... (virObjectEventStateQueueRemote): New function. (virObjectEventCallbackListCount): Tweak return count when remote id matching is used. (virObjectEventCallbackLookup, virObjectEventStateRegisterID): Tweak registration when remote id matching will be used. (virObjectEventNew): Default to no remote id. (virObjectEventCallbackListAddID): Likewise, but set remote id when one is available. (virObjectEventCallbackListRemoveID) (virObjectEventCallbackListMarkDeleteID): Adjust return value when remote id was set. (virObjectEventStateEventID): Query existing id. (virObjectEventDispatchMatchCallback): Require matching event id. (virObjectEventStateCallbackID): Adjust caller. * src/conf/network_event.c (virNetworkEventStateRegisterClient): New function. (virNetworkEventStateRegisterID): Update caller. * src/conf/domain_event.c (virDomainEventStateRegister) (virDomainEventStateRegisterID): Update callers. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny) (remoteConnectNetworkEventDeregisterAny) (remoteConnectDomainEventDeregisterAny): Likewise. (remoteEventQueue): Hoist earlier to avoid forward declaration, and add parameter. Adjust all callers. * src/libvirt_private.syms (conf/object_event.h): Drop function. Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 12:32:55 +00:00
int
virNetworkEventStateRegisterClient(virConnectPtr conn,
virObjectEventStatePtr state,
virNetworkPtr net,
int eventID,
virConnectNetworkEventGenericCallback cb,
void *opaque,
virFreeCallback freecb,
int *callbackID)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5)
ATTRIBUTE_NONNULL(8);
Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
virObjectEventPtr
virNetworkEventLifecycleNew(const char *name,
const unsigned char *uuid,
Add 'detail' arg to network lifecycle event internals While the public API & wire protocol included the 'detail' arg for network lifecycle events, the internal event handling code did not process it. This meant that if a future libvirtd server starts sending non-0 'detail' args, the current libvirt client will not process them. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-11 13:40:41 +00:00
int type,
int detail);
Added Network events API and virNetworkEventLifecycle. Define the public API for (de-)registering network events and the callbacks for receiving lifecycle events. The lifecycle event includes a 'detail' parameter to match the domain lifecycle event data, but this is currently unused. The network events related code goes into its own set of internal files src/conf/network_event.[ch]
2013-12-11 10:37:58 +00:00
#endif
Reference in New Issue Copy Permalink