External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-11 15:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add access control filtering of storage objects

Browse Source 
Ensure that all APIs which list storage objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-06-26 18:47:48 +01:00
parent b1f3029afd
commit 323049a089
5 changed files with 58 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/conf/storage_conf.c
View File

@ -2203,10 +2203,11 @@ virStoragePoolMatch(virStoragePoolObjPtr poolobj,
#undef MATCH #undef MATCH
int int
virStoragePoolList(virConnectPtr conn, virStoragePoolObjListExport(virConnectPtr conn,
virStoragePoolObjList poolobjs, virStoragePoolObjList poolobjs,
virStoragePoolPtr **pools, virStoragePoolPtr **pools,
unsigned int flags) virStoragePoolObjListFilter filter,
unsigned int flags)
{ {
virStoragePoolPtr *tmp_pools = NULL; virStoragePoolPtr *tmp_pools = NULL;
virStoragePoolPtr pool = NULL; virStoragePoolPtr pool = NULL;
@ -2224,7 +2225,8 @@ virStoragePoolList(virConnectPtr conn,
for (i = 0; i < poolobjs.count; i++) { for (i = 0; i < poolobjs.count; i++) {
virStoragePoolObjPtr poolobj = poolobjs.objs[i]; virStoragePoolObjPtr poolobj = poolobjs.objs[i];
virStoragePoolObjLock(poolobj); virStoragePoolObjLock(poolobj);
if (virStoragePoolMatch(poolobj, flags)) { if ((!filter || filter(conn, poolobj->def)) &&
virStoragePoolMatch(poolobj, flags)) {
if (pools) { if (pools) {
if (!(pool = virGetStoragePool(conn, if (!(pool = virGetStoragePool(conn,
poolobj->def->name, poolobj->def->name,

11
src/conf/storage_conf.h
View File

@ -357,6 +357,8 @@ struct _virStoragePoolSourceList {
virStoragePoolSourcePtr sources; virStoragePoolSourcePtr sources;
}; };
typedef bool (*virStoragePoolObjListFilter)(virConnectPtr conn,
virStoragePoolDefPtr def);
static inline int static inline int
virStoragePoolObjIsActive(virStoragePoolObjPtr pool) virStoragePoolObjIsActive(virStoragePoolObjPtr pool)
@ -570,9 +572,10 @@ VIR_ENUM_DECL(virStoragePartedFsType)
VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_AUTOSTART | \ VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_AUTOSTART | \
VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE) VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE)
int virStoragePoolList(virConnectPtr conn, int virStoragePoolObjListExport(virConnectPtr conn,
virStoragePoolObjList poolobjs, virStoragePoolObjList poolobjs,
virStoragePoolPtr **pools, virStoragePoolPtr **pools,
unsigned int flags); virStoragePoolObjListFilter filter,
unsigned int flags);
#endif /* __VIR_STORAGE_CONF_H__ */ #endif /* __VIR_STORAGE_CONF_H__ */

2
src/libvirt_private.syms
View File

@ -650,7 +650,6 @@ virStoragePoolDefParseString;
virStoragePoolFormatDiskTypeToString; virStoragePoolFormatDiskTypeToString;
virStoragePoolFormatFileSystemNetTypeToString; virStoragePoolFormatFileSystemNetTypeToString;
virStoragePoolFormatFileSystemTypeToString; virStoragePoolFormatFileSystemTypeToString;
virStoragePoolList;
virStoragePoolLoadAllConfigs; virStoragePoolLoadAllConfigs;
virStoragePoolObjAssignDef; virStoragePoolObjAssignDef;
virStoragePoolObjClearVols; virStoragePoolObjClearVols;
@ -658,6 +657,7 @@ virStoragePoolObjDeleteDef;
virStoragePoolObjFindByName; virStoragePoolObjFindByName;
virStoragePoolObjFindByUUID; virStoragePoolObjFindByUUID;
virStoragePoolObjIsDuplicate; virStoragePoolObjIsDuplicate;
virStoragePoolObjListExport;
virStoragePoolObjListFree; virStoragePoolObjListFree;
virStoragePoolObjLock; virStoragePoolObjLock;
virStoragePoolObjRemove; virStoragePoolObjRemove;

62
src/storage/storage_driver.c
View File

@ -348,10 +348,12 @@ storageConnectNumOfStoragePools(virConnectPtr conn) {
storageDriverLock(driver); storageDriverLock(driver);
for (i = 0; i < driver->pools.count; i++) { for (i = 0; i < driver->pools.count; i++) {
virStoragePoolObjLock(driver->pools.objs[i]); virStoragePoolObjPtr obj = driver->pools.objs[i];
if (virStoragePoolObjIsActive(driver->pools.objs[i])) virStoragePoolObjLock(obj);
if (virConnectNumOfStoragePoolsCheckACL(conn, obj->def) &&
virStoragePoolObjIsActive(obj))
nactive++; nactive++;
virStoragePoolObjUnlock(driver->pools.objs[i]); virStoragePoolObjUnlock(obj);
} }
storageDriverUnlock(driver); storageDriverUnlock(driver);
@ -370,15 +372,17 @@ storageConnectListStoragePools(virConnectPtr conn,
storageDriverLock(driver); storageDriverLock(driver);
for (i = 0; i < driver->pools.count && got < nnames; i++) { for (i = 0; i < driver->pools.count && got < nnames; i++) {
virStoragePoolObjLock(driver->pools.objs[i]); virStoragePoolObjPtr obj = driver->pools.objs[i];
if (virStoragePoolObjIsActive(driver->pools.objs[i])) { virStoragePoolObjLock(obj);
if (VIR_STRDUP(names[got], driver->pools.objs[i]->def->name) < 0) { if (virConnectListStoragePoolsCheckACL(conn, obj->def) &&
virStoragePoolObjUnlock(driver->pools.objs[i]); virStoragePoolObjIsActive(obj)) {
if (VIR_STRDUP(names[got], obj->def->name) < 0) {
virStoragePoolObjUnlock(obj);
goto cleanup; goto cleanup;
} }
got++; got++;
} }
virStoragePoolObjUnlock(driver->pools.objs[i]); virStoragePoolObjUnlock(obj);
} }
storageDriverUnlock(driver); storageDriverUnlock(driver);
return got; return got;
@ -401,10 +405,12 @@ storageConnectNumOfDefinedStoragePools(virConnectPtr conn) {
storageDriverLock(driver); storageDriverLock(driver);
for (i = 0; i < driver->pools.count; i++) { for (i = 0; i < driver->pools.count; i++) {
virStoragePoolObjLock(driver->pools.objs[i]); virStoragePoolObjPtr obj = driver->pools.objs[i];
if (!virStoragePoolObjIsActive(driver->pools.objs[i])) virStoragePoolObjLock(obj);
if (virConnectNumOfDefinedStoragePoolsCheckACL(conn, obj->def) &&
!virStoragePoolObjIsActive(obj))
nactive++; nactive++;
virStoragePoolObjUnlock(driver->pools.objs[i]); virStoragePoolObjUnlock(obj);
} }
storageDriverUnlock(driver); storageDriverUnlock(driver);
@ -423,15 +429,17 @@ storageConnectListDefinedStoragePools(virConnectPtr conn,
storageDriverLock(driver); storageDriverLock(driver);
for (i = 0; i < driver->pools.count && got < nnames; i++) { for (i = 0; i < driver->pools.count && got < nnames; i++) {
virStoragePoolObjLock(driver->pools.objs[i]); virStoragePoolObjPtr obj = driver->pools.objs[i];
if (!virStoragePoolObjIsActive(driver->pools.objs[i])) { virStoragePoolObjLock(obj);
if (VIR_STRDUP(names[got], driver->pools.objs[i]->def->name) < 0) { if (virConnectListDefinedStoragePoolsCheckACL(conn, obj->def) &&
virStoragePoolObjUnlock(driver->pools.objs[i]); !virStoragePoolObjIsActive(obj)) {
if (VIR_STRDUP(names[got], obj->def->name) < 0) {
virStoragePoolObjUnlock(obj);
goto cleanup; goto cleanup;
} }
got++; got++;
} }
virStoragePoolObjUnlock(driver->pools.objs[i]); virStoragePoolObjUnlock(obj);
} }
storageDriverUnlock(driver); storageDriverUnlock(driver);
return got; return got;
@ -1152,7 +1160,7 @@ static int
storagePoolNumOfVolumes(virStoragePoolPtr obj) { storagePoolNumOfVolumes(virStoragePoolPtr obj) {
virStorageDriverStatePtr driver = obj->conn->storagePrivateData; virStorageDriverStatePtr driver = obj->conn->storagePrivateData;
virStoragePoolObjPtr pool; virStoragePoolObjPtr pool;
int ret = -1; int ret = -1, i;
storageDriverLock(driver); storageDriverLock(driver);
pool = virStoragePoolObjFindByUUID(&driver->pools, obj->uuid); pool = virStoragePoolObjFindByUUID(&driver->pools, obj->uuid);
@ -1172,7 +1180,12 @@ storagePoolNumOfVolumes(virStoragePoolPtr obj) {
_("storage pool '%s' is not active"), pool->def->name); _("storage pool '%s' is not active"), pool->def->name);
goto cleanup; goto cleanup;
} }
ret = pool->volumes.count; ret = 0;
for (i = 0; i < pool->volumes.count; i++) {
if (virStoragePoolNumOfVolumesCheckACL(obj->conn, pool->def,
pool->volumes.objs[i]))
ret++;
}
cleanup: cleanup:
if (pool) if (pool)
@ -1210,6 +1223,9 @@ storagePoolListVolumes(virStoragePoolPtr obj,
} }
for (i = 0; i < pool->volumes.count && n < maxnames; i++) { for (i = 0; i < pool->volumes.count && n < maxnames; i++) {
if (!virStoragePoolListVolumesCheckACL(obj->conn, pool->def,
pool->volumes.objs[i]))
continue;
if (VIR_STRDUP(names[n++], pool->volumes.objs[i]->name) < 0) if (VIR_STRDUP(names[n++], pool->volumes.objs[i]->name) < 0)
goto cleanup; goto cleanup;
} }
@ -1268,11 +1284,14 @@ storagePoolListAllVolumes(virStoragePoolPtr pool,
} }
if (VIR_ALLOC_N(tmp_vols, obj->volumes.count + 1) < 0) { if (VIR_ALLOC_N(tmp_vols, obj->volumes.count + 1) < 0) {
virReportOOMError(); virReportOOMError();
goto cleanup; goto cleanup;
} }
for (i = 0; i < obj->volumes.count; i++) { for (i = 0; i < obj->volumes.count; i++) {
if (!virStoragePoolListAllVolumesCheckACL(pool->conn, obj->def,
obj->volumes.objs[i]))
continue;
if (!(vol = virGetStorageVol(pool->conn, obj->def->name, if (!(vol = virGetStorageVol(pool->conn, obj->def->name,
obj->volumes.objs[i]->name, obj->volumes.objs[i]->name,
obj->volumes.objs[i]->key, obj->volumes.objs[i]->key,
@ -2511,7 +2530,8 @@ storageConnectListAllStoragePools(virConnectPtr conn,
goto cleanup; goto cleanup;
storageDriverLock(driver); storageDriverLock(driver);
ret = virStoragePoolList(conn, driver->pools, pools, flags); ret = virStoragePoolObjListExport(conn, driver->pools, pools,
virConnectListAllStoragePoolsCheckACL, flags);
storageDriverUnlock(driver); storageDriverUnlock(driver);
cleanup: cleanup:

3
src/test/test_driver.c
View File

@ -4052,7 +4052,8 @@ testConnectListAllStoragePools(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ALL, -1); virCheckFlags(VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ALL, -1);
testDriverLock(privconn); testDriverLock(privconn);
ret = virStoragePoolList(conn, privconn->pools, pools, flags); ret = virStoragePoolObjListExport(conn, privconn->pools, pools,
NULL, flags);
testDriverUnlock(privconn); testDriverUnlock(privconn);
return ret; return ret;