From 11f20e43f1388d5f8f8c0bfac8c9cda6160a106b Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Tue, 28 Jan 2014 14:50:02 -0700 Subject: [PATCH] event: move event filtering to daemon (regression fix) https://bugzilla.redhat.com/show_bug.cgi?id=1058839 Commit f9f56340 for CVE-2014-0028 almost had the right idea - we need to check the ACL rules to filter which events to send. But it overlooked one thing: the event dispatch queue is running in the main loop thread, and therefore does not normally have a current virIdentityPtr. But filter checks can be based on current identity, so when libvirtd.conf contains access_drivers=["polkit"], we ended up rejecting access for EVERY event due to failure to look up the current identity, even if it should have been allowed. Furthermore, even for events that are triggered by API calls, it is important to remember that the point of events is that they can be copied across multiple connections, which may have separate identities and permissions. So even if events were dispatched from a context where we have an identity, we must change to the correct identity of the connection that will be receiving the event, rather than basing a decision on the context that triggered the event, when deciding whether to filter an event to a particular connection. If there were an easy way to get from virConnectPtr to the appropriate virIdentityPtr, then object_event.c could adjust the identity prior to checking whether to dispatch an event. But setting up that back-reference is a bit invasive. Instead, it is easier to delay the filtering check until lower down the stack, at the point where we have direct access to the RPC client object that owns an identity. As such, this patch ends up reverting a large portion of the framework of commit f9f56340. We also have to teach 'make check' to special-case the fact that the event registration filtering is done at the point of dispatch, rather than the point of registration. Note that even though we don't actually use virConnectDomainEventRegisterCheckACL (because the RegisterAny variant is sufficient), we still generate the function for the purposes of documenting that the filtering takes place. Also note that I did not entirely delete the notion of a filter from object_event.c; I still plan on using that for my upcoming patch series for qemu monitor events in libvirt-qemu.so. In other words, while this patch changes ACL filtering to live in remote.c and therefore we have no current client of the filtering in object_event.c, the notion of filtering in object_event.c is still useful down the road. * src/check-aclrules.pl: Exempt event registration from having to pass checkACL filter down call stack. * daemon/remote.c (remoteRelayDomainEventCheckACL) (remoteRelayNetworkEventCheckACL): New functions. (remoteRelay*Event*): Use new functions. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Drop unused parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/domain_event.c (virDomainEventFilter): Delete unused function. * src/conf/network_event.c (virNetworkEventFilter): Likewise. * src/libxl/libxl_driver.c: Adjust caller. * src/lxc/lxc_driver.c: Likewise. * src/network/bridge_driver.c: Likewise. * src/qemu/qemu_driver.c: Likewise. * src/remote/remote_driver.c: Likewise. * src/test/test_driver.c: Likewise. * src/uml/uml_driver.c: Likewise. * src/vbox/vbox_tmpl.c: Likewise. * src/xen/xen_driver.c: Likewise. Signed-off-by: Eric Blake --- daemon/remote.c | 257 +++++++++++++++++++++++------------- src/check-aclrules.pl | 7 +- src/conf/domain_event.c | 35 +---- src/conf/domain_event.h | 8 +- src/conf/network_event.c | 31 +---- src/conf/network_event.h | 6 +- src/libxl/libxl_driver.c | 2 - src/lxc/lxc_driver.c | 2 - src/network/bridge_driver.c | 1 - src/qemu/qemu_driver.c | 2 - src/remote/remote_driver.c | 4 +- src/test/test_driver.c | 6 +- src/uml/uml_driver.c | 2 - src/vbox/vbox_tmpl.c | 4 +- src/xen/xen_driver.c | 2 - 15 files changed, 188 insertions(+), 181 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index d2aafbe055..5baf0b6b3b 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -50,6 +50,9 @@ #include "lxc_protocol.h" #include "virstring.h" #include "object_event.h" +#include "domain_conf.h" +#include "network_conf.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_RPC @@ -127,16 +130,72 @@ remoteEventCallbackFree(void *opaque) VIR_FREE(opaque); } -static int remoteRelayDomainEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - int event, - int detail, - void *opaque) + +static bool +remoteRelayDomainEventCheckACL(virNetServerClientPtr client, + virConnectPtr conn, virDomainPtr dom) +{ + virDomainDef def; + virIdentityPtr identity = NULL; + bool ret = false; + + /* For now, we just create a virDomainDef with enough contents to + * satisfy what viraccessdriverpolkit.c references. This is a bit + * fragile, but I don't know of anything better. */ + def.name = dom->name; + memcpy(def.uuid, dom->uuid, VIR_UUID_BUFLEN); + + if (!(identity = virNetServerClientGetIdentity(client))) + goto cleanup; + if (virIdentitySetCurrent(identity) < 0) + goto cleanup; + ret = virConnectDomainEventRegisterAnyCheckACL(conn, &def); + +cleanup: + ignore_value(virIdentitySetCurrent(NULL)); + virObjectUnref(identity); + return ret; +} + + +static bool +remoteRelayNetworkEventCheckACL(virNetServerClientPtr client, + virConnectPtr conn, virNetworkPtr net) +{ + virNetworkDef def; + virIdentityPtr identity = NULL; + bool ret = false; + + /* For now, we just create a virNetworkDef with enough contents to + * satisfy what viraccessdriverpolkit.c references. This is a bit + * fragile, but I don't know of anything better. */ + def.name = net->name; + memcpy(def.uuid, net->uuid, VIR_UUID_BUFLEN); + + if (!(identity = virNetServerClientGetIdentity(client))) + goto cleanup; + if (virIdentitySetCurrent(identity) < 0) + goto cleanup; + ret = virConnectNetworkEventRegisterAnyCheckACL(conn, &def); + +cleanup: + ignore_value(virIdentitySetCurrent(NULL)); + virObjectUnref(identity); + return ret; +} + + +static int +remoteRelayDomainEventLifecycle(virConnectPtr conn, + virDomainPtr dom, + int event, + int detail, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_lifecycle_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain lifecycle event %d %d", event, detail); @@ -154,14 +213,15 @@ static int remoteRelayDomainEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED, return 0; } -static int remoteRelayDomainEventReboot(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - void *opaque) +static int +remoteRelayDomainEventReboot(virConnectPtr conn, + virDomainPtr dom, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_reboot_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain reboot event %s %d", dom->name, dom->id); @@ -178,15 +238,16 @@ static int remoteRelayDomainEventReboot(virConnectPtr conn ATTRIBUTE_UNUSED, } -static int remoteRelayDomainEventRTCChange(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - long long offset, - void *opaque) +static int +remoteRelayDomainEventRTCChange(virConnectPtr conn, + virDomainPtr dom, + long long offset, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_rtc_change_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain rtc change event %s %d %lld", dom->name, dom->id, offset); @@ -204,15 +265,16 @@ static int remoteRelayDomainEventRTCChange(virConnectPtr conn ATTRIBUTE_UNUSED, } -static int remoteRelayDomainEventWatchdog(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - int action, - void *opaque) +static int +remoteRelayDomainEventWatchdog(virConnectPtr conn, + virDomainPtr dom, + int action, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_watchdog_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain watchdog event %s %d %d", dom->name, dom->id, action); @@ -230,17 +292,18 @@ static int remoteRelayDomainEventWatchdog(virConnectPtr conn ATTRIBUTE_UNUSED, } -static int remoteRelayDomainEventIOError(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - const char *srcPath, - const char *devAlias, - int action, - void *opaque) +static int +remoteRelayDomainEventIOError(virConnectPtr conn, + virDomainPtr dom, + const char *srcPath, + const char *devAlias, + int action, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_io_error_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain io error %s %d %s %s %d", dom->name, dom->id, srcPath, devAlias, action); @@ -265,18 +328,19 @@ error: } -static int remoteRelayDomainEventIOErrorReason(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - const char *srcPath, - const char *devAlias, - int action, - const char *reason, - void *opaque) +static int +remoteRelayDomainEventIOErrorReason(virConnectPtr conn, + virDomainPtr dom, + const char *srcPath, + const char *devAlias, + int action, + const char *reason, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_io_error_reason_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain io error %s %d %s %s %d %s", @@ -306,20 +370,21 @@ error: } -static int remoteRelayDomainEventGraphics(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - int phase, - virDomainEventGraphicsAddressPtr local, - virDomainEventGraphicsAddressPtr remote, - const char *authScheme, - virDomainEventGraphicsSubjectPtr subject, - void *opaque) +static int +remoteRelayDomainEventGraphics(virConnectPtr conn, + virDomainPtr dom, + int phase, + virDomainEventGraphicsAddressPtr local, + virDomainEventGraphicsAddressPtr remote, + const char *authScheme, + virDomainEventGraphicsSubjectPtr subject, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_graphics_msg data; size_t i; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain graphics event %s %d %d - %d %s %s - %d %s %s - %s", dom->name, dom->id, phase, @@ -377,17 +442,18 @@ error: return -1; } -static int remoteRelayDomainEventBlockJob(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - const char *path, - int type, - int status, - void *opaque) +static int +remoteRelayDomainEventBlockJob(virConnectPtr conn, + virDomainPtr dom, + const char *path, + int type, + int status, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_block_job_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain block job event %s %d %s %i, %i", @@ -412,14 +478,15 @@ error: } -static int remoteRelayDomainEventControlError(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - void *opaque) +static int +remoteRelayDomainEventControlError(virConnectPtr conn, + virDomainPtr dom, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_control_error_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain control error %s %d", dom->name, dom->id); @@ -436,19 +503,20 @@ static int remoteRelayDomainEventControlError(virConnectPtr conn ATTRIBUTE_UNUSE } -static int remoteRelayDomainEventDiskChange(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - const char *oldSrcPath, - const char *newSrcPath, - const char *devAlias, - int reason, - void *opaque) +static int +remoteRelayDomainEventDiskChange(virConnectPtr conn, + virDomainPtr dom, + const char *oldSrcPath, + const char *newSrcPath, + const char *devAlias, + int reason, + void *opaque) { virNetServerClientPtr client = opaque; remote_domain_event_disk_change_msg data; char **oldSrcPath_p = NULL, **newSrcPath_p = NULL; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain %s %d disk change %s %s %s %d", @@ -487,15 +555,17 @@ error: } -static int remoteRelayDomainEventTrayChange(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - const char *devAlias, - int reason, - void *opaque) { +static int +remoteRelayDomainEventTrayChange(virConnectPtr conn, + virDomainPtr dom, + const char *devAlias, + int reason, + void *opaque) +{ virNetServerClientPtr client = opaque; remote_domain_event_tray_change_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain %s %d tray change devAlias: %s reason: %d", @@ -517,14 +587,16 @@ static int remoteRelayDomainEventTrayChange(virConnectPtr conn ATTRIBUTE_UNUSED, return 0; } -static int remoteRelayDomainEventPMWakeup(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - int reason ATTRIBUTE_UNUSED, - void *opaque) { +static int +remoteRelayDomainEventPMWakeup(virConnectPtr conn, + virDomainPtr dom, + int reason ATTRIBUTE_UNUSED, + void *opaque) +{ virNetServerClientPtr client = opaque; remote_domain_event_pmwakeup_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain %s %d system pmwakeup", dom->name, dom->id); @@ -540,14 +612,16 @@ static int remoteRelayDomainEventPMWakeup(virConnectPtr conn ATTRIBUTE_UNUSED, return 0; } -static int remoteRelayDomainEventPMSuspend(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - int reason ATTRIBUTE_UNUSED, - void *opaque) { +static int +remoteRelayDomainEventPMSuspend(virConnectPtr conn, + virDomainPtr dom, + int reason ATTRIBUTE_UNUSED, + void *opaque) +{ virNetServerClientPtr client = opaque; remote_domain_event_pmsuspend_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain %s %d system pmsuspend", dom->name, dom->id); @@ -564,7 +638,7 @@ static int remoteRelayDomainEventPMSuspend(virConnectPtr conn ATTRIBUTE_UNUSED, } static int -remoteRelayDomainEventBalloonChange(virConnectPtr conn ATTRIBUTE_UNUSED, +remoteRelayDomainEventBalloonChange(virConnectPtr conn, virDomainPtr dom, unsigned long long actual, void *opaque) @@ -572,7 +646,7 @@ remoteRelayDomainEventBalloonChange(virConnectPtr conn ATTRIBUTE_UNUSED, virNetServerClientPtr client = opaque; remote_domain_event_balloon_change_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain balloon change event %s %d %lld", dom->name, dom->id, actual); @@ -590,14 +664,16 @@ remoteRelayDomainEventBalloonChange(virConnectPtr conn ATTRIBUTE_UNUSED, } -static int remoteRelayDomainEventPMSuspendDisk(virConnectPtr conn ATTRIBUTE_UNUSED, - virDomainPtr dom, - int reason ATTRIBUTE_UNUSED, - void *opaque) { +static int +remoteRelayDomainEventPMSuspendDisk(virConnectPtr conn, + virDomainPtr dom, + int reason ATTRIBUTE_UNUSED, + void *opaque) +{ virNetServerClientPtr client = opaque; remote_domain_event_pmsuspend_disk_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain %s %d system pmsuspend-disk", dom->name, dom->id); @@ -614,7 +690,7 @@ static int remoteRelayDomainEventPMSuspendDisk(virConnectPtr conn ATTRIBUTE_UNUS } static int -remoteRelayDomainEventDeviceRemoved(virConnectPtr conn ATTRIBUTE_UNUSED, +remoteRelayDomainEventDeviceRemoved(virConnectPtr conn, virDomainPtr dom, const char *devAlias, void *opaque) @@ -622,7 +698,7 @@ remoteRelayDomainEventDeviceRemoved(virConnectPtr conn ATTRIBUTE_UNUSED, virNetServerClientPtr client = opaque; remote_domain_event_device_removed_msg data; - if (!client) + if (!client || !remoteRelayDomainEventCheckACL(client, conn, dom)) return -1; VIR_DEBUG("Relaying domain device removed event %s %d %s", @@ -667,7 +743,7 @@ static virConnectDomainEventGenericCallback domainEventCallbacks[] = { verify(ARRAY_CARDINALITY(domainEventCallbacks) == VIR_DOMAIN_EVENT_ID_LAST); static int -remoteRelayNetworkEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED, +remoteRelayNetworkEventLifecycle(virConnectPtr conn, virNetworkPtr net, int event, int detail, @@ -676,7 +752,8 @@ remoteRelayNetworkEventLifecycle(virConnectPtr conn ATTRIBUTE_UNUSED, daemonClientEventCallbackPtr callback = opaque; remote_network_event_lifecycle_msg data; - if (callback->callbackID < 0) + if (callback->callbackID < 0 || + !remoteRelayNetworkEventCheckACL(callback->client, conn, net)) return -1; VIR_DEBUG("Relaying network lifecycle event %d, detail %d, callback %d", diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl index 057517e521..f54b934225 100755 --- a/src/check-aclrules.pl +++ b/src/check-aclrules.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# Copyright (C) 2013 Red Hat, Inc. +# Copyright (C) 2013-2014 Red Hat, Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -140,7 +140,10 @@ while () { } elsif ($filtered && m,REMOTE_PROC_(.*)\s+=\s*\d+,) { my $api = name_to_ProcName($1); - $filtered{$api} = 1; + # Event filtering is handled in daemon/remote.c instead of drivers + if (! m,_EVENT_REGISTER,) { + $filtered{$api} = 1; + } $incomment = 0; } } diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c index f56aed37b9..8639a014d6 100644 --- a/src/conf/domain_event.c +++ b/src/conf/domain_event.c @@ -360,30 +360,6 @@ virDomainEventDeviceRemovedDispose(void *obj) } -/** - * virDomainEventFilter: - * @conn: pointer to the connection - * @event: the event to check - * @opaque: opaque data holding ACL filter to use - * - * Internal function to run ACL filtering before dispatching an event - */ -static bool -virDomainEventFilter(virConnectPtr conn, virObjectEventPtr event, void *opaque) -{ - virDomainDef dom; - virDomainObjListFilter filter = opaque; - - /* For now, we just create a virDomainDef with enough contents to - * satisfy what viraccessdriverpolkit.c references. This is a bit - * fragile, but I don't know of anything better. */ - dom.name = event->meta.name; - memcpy(dom.uuid, event->meta.uuid, VIR_UUID_BUFLEN); - - return (filter)(conn, &dom); -} - - static void * virDomainEventNew(virClassPtr klass, int eventID, @@ -1289,7 +1265,6 @@ cleanup: * virDomainEventStateRegister: * @conn: connection to associate with callback * @state: object event state - * @filter: optional ACL filter to limit which events can be sent * @callback: the callback to add * @opaque: data blob to pass to @callback * @freecb: callback to free @opaque @@ -1302,7 +1277,6 @@ cleanup: int virDomainEventStateRegister(virConnectPtr conn, virObjectEventStatePtr state, - virDomainObjListFilter filter, virConnectDomainEventCallback callback, void *opaque, virFreeCallback freecb) @@ -1311,8 +1285,7 @@ virDomainEventStateRegister(virConnectPtr conn, return -1; return virObjectEventStateRegisterID(conn, state, NULL, - filter ? virDomainEventFilter : NULL, - filter, virDomainEventClass, + NULL, NULL, virDomainEventClass, VIR_DOMAIN_EVENT_ID_LIFECYCLE, VIR_OBJECT_EVENT_CALLBACK(callback), opaque, freecb, NULL, false); @@ -1323,7 +1296,6 @@ virDomainEventStateRegister(virConnectPtr conn, * virDomainEventStateRegisterID: * @conn: connection to associate with callback * @state: object event state - * @filter: optional ACL filter to limit which events can be sent * @dom: optional domain for filtering the event * @eventID: ID of the event type to register for * @cb: function to invoke when event fires @@ -1340,7 +1312,6 @@ virDomainEventStateRegister(virConnectPtr conn, int virDomainEventStateRegisterID(virConnectPtr conn, virObjectEventStatePtr state, - virDomainObjListFilter filter, virDomainPtr dom, int eventID, virConnectDomainEventGenericCallback cb, @@ -1352,8 +1323,8 @@ virDomainEventStateRegisterID(virConnectPtr conn, return -1; return virObjectEventStateRegisterID(conn, state, dom ? dom->uuid : NULL, - filter ? virDomainEventFilter : NULL, - filter, virDomainEventClass, eventID, + NULL, NULL, + virDomainEventClass, eventID, VIR_OBJECT_EVENT_CALLBACK(cb), opaque, freecb, callbackID, false); } diff --git a/src/conf/domain_event.h b/src/conf/domain_event.h index b39d5cda34..b033b23fda 100644 --- a/src/conf/domain_event.h +++ b/src/conf/domain_event.h @@ -177,24 +177,20 @@ virDomainEventDeviceRemovedNewFromDom(virDomainPtr dom, int virDomainEventStateRegister(virConnectPtr conn, virObjectEventStatePtr state, - virDomainObjListFilter filter, virConnectDomainEventCallback callback, void *opaque, virFreeCallback freecb) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4); - + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); int virDomainEventStateRegisterID(virConnectPtr conn, virObjectEventStatePtr state, - virDomainObjListFilter filter, virDomainPtr dom, int eventID, virConnectDomainEventGenericCallback cb, void *opaque, virFreeCallback freecb, int *callbackID) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6); - + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5); int virDomainEventStateDeregister(virConnectPtr conn, virObjectEventStatePtr state, diff --git a/src/conf/network_event.c b/src/conf/network_event.c index f27b7e9e98..4c59356664 100644 --- a/src/conf/network_event.c +++ b/src/conf/network_event.c @@ -121,36 +121,10 @@ cleanup: } -/** - * virNetworkEventFilter: - * @conn: pointer to the connection - * @event: the event to check - * @opaque: opaque data holding ACL filter to use - * - * Internal function to run ACL filtering before dispatching an event - */ -static bool -virNetworkEventFilter(virConnectPtr conn, virObjectEventPtr event, - void *opaque) -{ - virNetworkDef net; - virNetworkObjListFilter filter = opaque; - - /* For now, we just create a virNetworkDef with enough contents to - * satisfy what viraccessdriverpolkit.c references. This is a bit - * fragile, but I don't know of anything better. */ - net.name = event->meta.name; - memcpy(net.uuid, event->meta.uuid, VIR_UUID_BUFLEN); - - return (filter)(conn, &net); -} - - /** * virNetworkEventStateRegisterID: * @conn: connection to associate with callback * @state: object event state - * @filter: optional ACL filter to limit which events can be sent * @net: network to filter on or NULL for all networks * @eventID: ID of the event type to register for * @cb: function to invoke when event occurs @@ -167,7 +141,6 @@ virNetworkEventFilter(virConnectPtr conn, virObjectEventPtr event, int virNetworkEventStateRegisterID(virConnectPtr conn, virObjectEventStatePtr state, - virNetworkObjListFilter filter, virNetworkPtr net, int eventID, virConnectNetworkEventGenericCallback cb, @@ -179,8 +152,8 @@ virNetworkEventStateRegisterID(virConnectPtr conn, return -1; return virObjectEventStateRegisterID(conn, state, net ? net->uuid : NULL, - filter ? virNetworkEventFilter : NULL, - filter, virNetworkEventClass, eventID, + NULL, NULL, + virNetworkEventClass, eventID, VIR_OBJECT_EVENT_CALLBACK(cb), opaque, freecb, callbackID, false); } diff --git a/src/conf/network_event.h b/src/conf/network_event.h index 0812752e6d..51bd949bee 100644 --- a/src/conf/network_event.h +++ b/src/conf/network_event.h @@ -24,7 +24,6 @@ #include "internal.h" #include "object_event.h" #include "object_event_private.h" -#include "network_conf.h" #ifndef __NETWORK_EVENT_H__ # define __NETWORK_EVENT_H__ @@ -32,15 +31,14 @@ int virNetworkEventStateRegisterID(virConnectPtr conn, virObjectEventStatePtr state, - virNetworkObjListFilter filter, virNetworkPtr net, int eventID, virConnectNetworkEventGenericCallback cb, void *opaque, virFreeCallback freecb, int *callbackID) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) - ATTRIBUTE_NONNULL(9); + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5) + ATTRIBUTE_NONNULL(8); int virNetworkEventStateRegisterClient(virConnectPtr conn, diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index cb3deeccc2..68a4ea39cb 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -3654,7 +3654,6 @@ libxlConnectDomainEventRegister(virConnectPtr conn, if (virDomainEventStateRegister(conn, driver->domainEventState, - virConnectDomainEventRegisterCheckACL, callback, opaque, freecb) < 0) return -1; @@ -4257,7 +4256,6 @@ libxlConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eve if (virDomainEventStateRegisterID(conn, driver->domainEventState, - virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 138c706196..687046ea95 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1294,7 +1294,6 @@ lxcConnectDomainEventRegister(virConnectPtr conn, if (virDomainEventStateRegister(conn, driver->domainEventState, - virConnectDomainEventRegisterCheckACL, callback, opaque, freecb) < 0) return -1; @@ -1336,7 +1335,6 @@ lxcConnectDomainEventRegisterAny(virConnectPtr conn, if (virDomainEventStateRegisterID(conn, driver->domainEventState, - virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 6796ee8730..141bb8338b 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -2307,7 +2307,6 @@ networkConnectNetworkEventRegisterAny(virConnectPtr conn, goto cleanup; if (virNetworkEventStateRegisterID(conn, driver->networkEventState, - virConnectNetworkEventRegisterAnyCheckACL, net, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0128356db5..38a48db35f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -10346,7 +10346,6 @@ qemuConnectDomainEventRegister(virConnectPtr conn, if (virDomainEventStateRegister(conn, driver->domainEventState, - virConnectDomainEventRegisterCheckACL, callback, opaque, freecb) < 0) goto cleanup; @@ -10395,7 +10394,6 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn, if (virDomainEventStateRegisterID(conn, driver->domainEventState, - virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index ca86e3c029..18eb454f58 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -4427,7 +4427,7 @@ remoteConnectDomainEventRegister(virConnectPtr conn, remoteDriverLock(priv); - if ((count = virDomainEventStateRegister(conn, priv->eventState, NULL, + if ((count = virDomainEventStateRegister(conn, priv->eventState, callback, opaque, freecb)) < 0) goto done; @@ -5245,7 +5245,7 @@ remoteConnectDomainEventRegisterAny(virConnectPtr conn, remoteDriverLock(priv); - if ((count = virDomainEventStateRegisterID(conn, priv->eventState, NULL, + if ((count = virDomainEventStateRegisterID(conn, priv->eventState, dom, eventID, callback, opaque, freecb, &callbackID)) < 0) diff --git a/src/test/test_driver.c b/src/test/test_driver.c index 4c277bdd3a..b724f82b05 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -6145,7 +6145,7 @@ testConnectDomainEventRegister(virConnectPtr conn, int ret = 0; testDriverLock(driver); - if (virDomainEventStateRegister(conn, driver->eventState, NULL, + if (virDomainEventStateRegister(conn, driver->eventState, callback, opaque, freecb) < 0) ret = -1; testDriverUnlock(driver); @@ -6183,7 +6183,7 @@ testConnectDomainEventRegisterAny(virConnectPtr conn, int ret; testDriverLock(driver); - if (virDomainEventStateRegisterID(conn, driver->eventState, NULL, + if (virDomainEventStateRegisterID(conn, driver->eventState, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; @@ -6221,7 +6221,7 @@ testConnectNetworkEventRegisterAny(virConnectPtr conn, int ret; testDriverLock(driver); - if (virNetworkEventStateRegisterID(conn, driver->eventState, NULL, + if (virNetworkEventStateRegisterID(conn, driver->eventState, net, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c index 309c10e95a..3496e52e56 100644 --- a/src/uml/uml_driver.c +++ b/src/uml/uml_driver.c @@ -2621,7 +2621,6 @@ umlConnectDomainEventRegister(virConnectPtr conn, umlDriverLock(driver); if (virDomainEventStateRegister(conn, driver->domainEventState, - virConnectDomainEventRegisterCheckACL, callback, opaque, freecb) < 0) ret = -1; umlDriverUnlock(driver); @@ -2666,7 +2665,6 @@ umlConnectDomainEventRegisterAny(virConnectPtr conn, umlDriverLock(driver); if (virDomainEventStateRegisterID(conn, driver->domainEventState, - virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c index 1be4dc42bf..382d7b4ee6 100644 --- a/src/vbox/vbox_tmpl.c +++ b/src/vbox/vbox_tmpl.c @@ -7332,7 +7332,7 @@ vboxConnectDomainEventRegister(virConnectPtr conn, * later you can iterate over them */ - ret = virDomainEventStateRegister(conn, data->domainEvents, NULL, + ret = virDomainEventStateRegister(conn, data->domainEvents, callback, opaque, freecb); VIR_DEBUG("virObjectEventStateRegister (ret = %d) (conn: %p, " "callback: %p, opaque: %p, " @@ -7429,7 +7429,7 @@ static int vboxConnectDomainEventRegisterAny(virConnectPtr conn, * later you can iterate over them */ - if (virDomainEventStateRegisterID(conn, data->domainEvents, NULL, + if (virDomainEventStateRegisterID(conn, data->domainEvents, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c index c45d980ef8..7506e8cc04 100644 --- a/src/xen/xen_driver.c +++ b/src/xen/xen_driver.c @@ -2323,7 +2323,6 @@ xenUnifiedConnectDomainEventRegister(virConnectPtr conn, } if (virDomainEventStateRegister(conn, priv->domainEvents, - virConnectDomainEventRegisterCheckACL, callback, opaque, freefunc) < 0) ret = -1; @@ -2383,7 +2382,6 @@ xenUnifiedConnectDomainEventRegisterAny(virConnectPtr conn, } if (virDomainEventStateRegisterID(conn, priv->domainEvents, - virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freefunc, &ret) < 0) ret = -1;