diff --git a/ChangeLog b/ChangeLog index 7ee70d7f6b..772d35fbaa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Wed Aug 16 17:24:59 CEST 2006 Daniel Veillard + + * include/libvirt/virterror.h src/libvirt.c src/virterror.c: enforce + blocking operations with side effect on read-only connections. Adds + a new error code and message. + Tue Aug 15 11:55:15 EDT 2006 Daniel Berrange * src/xml.c, src/xend_internal.c: Added a block diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index 8aeddb1984..f5cc2b13cf 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -105,7 +105,8 @@ typedef enum { VIR_ERR_DRIVER_FULL, /* too many drivers registered */ VIR_ERR_CALL_FAILED, /* not supported by the drivers */ VIR_ERR_XML_ERROR, /* an XML description is not well formed or broken */ - VIR_ERR_DOM_EXIST /* the domain already exist */ + VIR_ERR_DOM_EXIST,/* the domain already exist */ + VIR_ERR_OPERATION_DENIED /* operation forbidden on read-only connections */ } virErrorNumber; /** diff --git a/src/libvirt.c b/src/libvirt.c index 4c4a997afd..677fefe703 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -533,6 +533,10 @@ virDomainCreateLinux(virConnectPtr conn, const char *xmlDesc, virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__); return (NULL); } + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (NULL); + } for (i = 0;i < conn->nb_drivers;i++) { if ((conn->drivers[i] != NULL) && @@ -729,10 +733,10 @@ virDomainDestroy(virDomainPtr domain) } conn = domain->conn; -#if PEDANTIC - if (domain->conn->flags & VIR_CONNECT_RO) - return (-1); -#endif + if (conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } /* * Go though the driver registered entry points but use the @@ -802,6 +806,10 @@ virDomainSuspend(virDomainPtr domain) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } conn = domain->conn; #if PEDANTIC @@ -854,6 +862,10 @@ virDomainResume(virDomainPtr domain) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } conn = domain->conn; #if PEDANTIC @@ -909,6 +921,10 @@ virDomainSave(virDomainPtr domain, const char *to) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } conn = domain->conn; if (to == NULL) { virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); @@ -967,6 +983,10 @@ virDomainRestore(virConnectPtr conn, const char *from) virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__); return (-1); } + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } if (from == NULL) { virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__); return (-1); @@ -1027,6 +1047,10 @@ virDomainShutdown(virDomainPtr domain) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } conn = domain->conn; #if PEDANTIC @@ -1072,6 +1096,10 @@ virDomainReboot(virDomainPtr domain, unsigned int flags) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } conn = domain->conn; #if PEDANTIC @@ -1296,10 +1324,6 @@ virDomainSetMaxMemory(virDomainPtr domain, unsigned long memory) int ret = -1 , i; virConnectPtr conn; - if (memory < 4096) { - virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); - return (-1); - } if (domain == NULL) { TODO return (-1); @@ -1308,6 +1332,14 @@ virDomainSetMaxMemory(virDomainPtr domain, unsigned long memory) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } + if (memory < 4096) { + virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); + return (-1); + } conn = domain->conn; if (domain->conn->flags & VIR_CONNECT_RO) return (-1); @@ -1348,10 +1380,6 @@ virDomainSetMemory(virDomainPtr domain, unsigned long memory) int ret = -1 , i; virConnectPtr conn; - if (memory < 4096) { - virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); - return (-1); - } if (domain == NULL) { TODO return (-1); @@ -1360,9 +1388,16 @@ virDomainSetMemory(virDomainPtr domain, unsigned long memory) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } - conn = domain->conn; - if (domain->conn->flags & VIR_CONNECT_RO) + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } + if (memory < 4096) { + virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); return (-1); + } + + conn = domain->conn; /* * in that case instead of trying only though one method try all availble. @@ -1525,6 +1560,10 @@ virDomainDefineXML(virConnectPtr conn, const char *xml) { virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__); return (NULL); } + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (NULL); + } if (xml == NULL) { virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__); return (NULL); @@ -1615,6 +1654,11 @@ virDomainUndefine(virDomainPtr domain) { virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } + /* TODO shall we keep a list of defined domains there ? */ ret = virFreeDomain(domain->conn, domain); @@ -1652,6 +1696,14 @@ virConnectListDefinedDomains(virConnectPtr conn, const char **names, int virDomainCreate(virDomainPtr domain) { + if (!VIR_IS_CONNECTED_DOMAIN(domain)) { + virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); + return (-1); + } + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } return(-1); } @@ -1682,8 +1734,10 @@ virDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus) virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } - if (domain->conn->flags & VIR_CONNECT_RO) - return (-1); + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } if (nvcpus < 1) { virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); return (-1); @@ -1748,8 +1802,10 @@ virDomainPinVcpu(virDomainPtr domain, unsigned int vcpu, virLibDomainError(domain, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); return (-1); } - if (domain->conn->flags & VIR_CONNECT_RO) - return (-1); + if (domain->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); + return (-1); + } if ((vcpu > 32000) || (cpumap == NULL) || (maplen < 1)) { virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__); return (-1); diff --git a/src/virterror.c b/src/virterror.c index 6d356928d5..c6452b31f2 100644 --- a/src/virterror.c +++ b/src/virterror.c @@ -533,6 +533,12 @@ __virErrorMsg(virErrorNumber error, const char *info) else errmsg = "domain %s exists already"; break; + case VIR_ERR_OPERATION_DENIED: + if (info == NULL) + errmsg = "operation forbidden for read only access"; + else + errmsg = "operation %s forbidden for read only access"; + break; } return (errmsg); }