External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-26 22:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ACL checks into the node device driver

Browse Source 
Insert calls to the ACL checking APIs in all node device
driver entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-04-23 11:56:22 +01:00
parent a7147bc68e
commit 20d8e1f1d7
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Makefile.am
View File

@ -1357,7 +1357,9 @@ endif
libvirt_driver_nodedev_la_SOURCES = $(NODE_DEVICE_DRIVER_SOURCES) libvirt_driver_nodedev_la_SOURCES = $(NODE_DEVICE_DRIVER_SOURCES)
libvirt_driver_nodedev_la_CFLAGS = \ libvirt_driver_nodedev_la_CFLAGS = \
-I$(top_srcdir)/src/conf $(AM_CFLAGS) -I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \
$(AM_CFLAGS)
libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_driver_nodedev_la_LIBADD = libvirt_driver_nodedev_la_LIBADD =

36
src/node_device/node_device_driver.c
View File

@ -38,6 +38,8 @@
#include "node_device_conf.h" #include "node_device_conf.h"
#include "node_device_hal.h" #include "node_device_hal.h"
#include "node_device_driver.h" #include "node_device_driver.h"
#include "virutil.h"
#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_NODEDEV #define VIR_FROM_THIS VIR_FROM_NODEDEV
@ -126,6 +128,9 @@ nodeNumOfDevices(virConnectPtr conn,
int ndevs = 0; int ndevs = 0;
unsigned int i; unsigned int i;
if (virNodeNumOfDevicesEnsureACL(conn) < 0)
return -1;
virCheckFlags(0, -1); virCheckFlags(0, -1);
nodeDeviceLock(driver); nodeDeviceLock(driver);
@ -151,6 +156,9 @@ nodeListDevices(virConnectPtr conn,
int ndevs = 0; int ndevs = 0;
unsigned int i; unsigned int i;
if (virNodeListDevicesEnsureACL(conn) < 0)
return -1;
virCheckFlags(0, -1); virCheckFlags(0, -1);
nodeDeviceLock(driver); nodeDeviceLock(driver);
@ -187,6 +195,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1); virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1);
if (virConnectListAllNodeDevicesEnsureACL(conn) < 0)
return -1;
nodeDeviceLock(driver); nodeDeviceLock(driver);
ret = virNodeDeviceList(conn, driver->devs, devices, flags); ret = virNodeDeviceList(conn, driver->devs, devices, flags);
nodeDeviceUnlock(driver); nodeDeviceUnlock(driver);
@ -209,6 +220,9 @@ nodeDeviceLookupByName(virConnectPtr conn, const char *name)
goto cleanup; goto cleanup;
} }
if (virNodeDeviceLookupByNameEnsureACL(conn, obj->def) < 0)
goto cleanup;
ret = virGetNodeDevice(conn, name); ret = virGetNodeDevice(conn, name);
cleanup: cleanup:
@ -247,6 +261,10 @@ nodeDeviceLookupSCSIHostByWWN(virConnectPtr conn,
VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) { VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
if (STREQ(cap->data.scsi_host.wwnn, wwnn) && if (STREQ(cap->data.scsi_host.wwnn, wwnn) &&
STREQ(cap->data.scsi_host.wwpn, wwpn)) { STREQ(cap->data.scsi_host.wwpn, wwpn)) {
if (virNodeDeviceLookupSCSIHostByWWNEnsureACL(conn, obj->def) < 0)
goto out;
dev = virGetNodeDevice(conn, obj->def->name); dev = virGetNodeDevice(conn, obj->def->name);
virNodeDeviceObjUnlock(obj); virNodeDeviceObjUnlock(obj);
goto out; goto out;
@ -286,6 +304,9 @@ nodeDeviceGetXMLDesc(virNodeDevicePtr dev,
goto cleanup; goto cleanup;
} }
if (virNodeDeviceGetXMLDescEnsureACL(dev->conn, obj->def) < 0)
goto cleanup;
update_driver_name(obj); update_driver_name(obj);
update_caps(obj); update_caps(obj);
@ -316,6 +337,9 @@ nodeDeviceGetParent(virNodeDevicePtr dev)
goto cleanup; goto cleanup;
} }
if (virNodeDeviceGetParentEnsureACL(dev->conn, obj->def) < 0)
goto cleanup;
if (obj->def->parent) { if (obj->def->parent) {
if (VIR_STRDUP(ret, obj->def->parent) < 0) if (VIR_STRDUP(ret, obj->def->parent) < 0)
goto cleanup; goto cleanup;
@ -351,6 +375,9 @@ nodeDeviceNumOfCaps(virNodeDevicePtr dev)
goto cleanup; goto cleanup;
} }
if (virNodeDeviceNumOfCapsEnsureACL(dev->conn, obj->def) < 0)
goto cleanup;
for (caps = obj->def->caps; caps; caps = caps->next) for (caps = obj->def->caps; caps; caps = caps->next)
++ncaps; ++ncaps;
ret = ncaps; ret = ncaps;
@ -382,6 +409,9 @@ nodeDeviceListCaps(virNodeDevicePtr dev, char **const names, int maxnames)
goto cleanup; goto cleanup;
} }
if (virNodeDeviceListCapsEnsureACL(dev->conn, obj->def) < 0)
goto cleanup;
for (caps = obj->def->caps; caps && ncaps < maxnames; caps = caps->next) { for (caps = obj->def->caps; caps && ncaps < maxnames; caps = caps->next) {
if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 0) if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 0)
goto cleanup; goto cleanup;
@ -489,6 +519,9 @@ nodeDeviceCreateXML(virConnectPtr conn,
goto cleanup; goto cleanup;
} }
if (virNodeDeviceCreateXMLEnsureACL(conn, def) < 0)
goto cleanup;
if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) { if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) {
goto cleanup; goto cleanup;
} }
@ -542,6 +575,9 @@ nodeDeviceDestroy(virNodeDevicePtr dev)
goto out; goto out;
} }
if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0)
goto out;
if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) { if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) {
goto out; goto out;
} }