External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 19:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add access control filtering of node device objects

Browse Source 
Ensure that all APIs which list node device objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-06-26 17:50:54 +01:00
parent bbaa4e1cba
commit b1f3029afd
4 changed files with 33 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/conf/node_device_conf.c
View File

@ -1594,10 +1594,11 @@ virNodeDeviceMatch(virNodeDeviceObjPtr devobj,
#undef MATCH
int
virNodeDeviceList(virConnectPtr conn,
virNodeDeviceObjList devobjs,
virNodeDevicePtr **devices,
unsigned int flags)
virNodeDeviceObjListExport(virConnectPtr conn,
virNodeDeviceObjList devobjs,
virNodeDevicePtr **devices,
virNodeDeviceObjListFilter filter,
unsigned int flags)
{
virNodeDevicePtr *tmp_devices = NULL;
virNodeDevicePtr device = NULL;
@ -1615,7 +1616,8 @@ virNodeDeviceList(virConnectPtr conn,
for (i = 0; i < devobjs.count; i++) {
virNodeDeviceObjPtr devobj = devobjs.objs[i];
virNodeDeviceObjLock(devobj);
if (virNodeDeviceMatch(devobj, flags)) {
if ((!filter || filter(conn, devobj->def)) &&
virNodeDeviceMatch(devobj, flags)) {
if (devices) {
if (!(device = virGetNodeDevice(conn,
devobj->def->name))) {

12
src/conf/node_device_conf.h
View File

@ -280,9 +280,13 @@ void virNodeDeviceObjUnlock(virNodeDeviceObjPtr obj);
VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPORTS | \
VIR_CONNECT_LIST_NODE_DEVICES_CAP_SCSI_GENERIC)
int virNodeDeviceList(virConnectPtr conn,
virNodeDeviceObjList devobjs,
virNodeDevicePtr **devices,
unsigned int flags);
typedef bool (*virNodeDeviceObjListFilter)(virConnectPtr conn,
virNodeDeviceDefPtr def);
int virNodeDeviceObjListExport(virConnectPtr conn,
virNodeDeviceObjList devobjs,
virNodeDevicePtr **devices,
virNodeDeviceObjListFilter filter,
unsigned int flags);
#endif /* __VIR_NODE_DEVICE_CONF_H__ */

2
src/libvirt_private.syms
View File

@ -532,7 +532,7 @@ virNodeDeviceFindBySysfsPath;
virNodeDeviceGetParentHost;
virNodeDeviceGetWWNs;
virNodeDeviceHasCap;
virNodeDeviceList;
virNodeDeviceObjListExport;
virNodeDeviceObjListFree;
virNodeDeviceObjLock;
virNodeDeviceObjRemove;

28
src/node_device/node_device_driver.c
View File

@ -140,11 +140,13 @@ nodeNumOfDevices(virConnectPtr conn,
nodeDeviceLock(driver);
for (i = 0; i < driver->devs.count; i++) {
virNodeDeviceObjLock(driver->devs.objs[i]);
if ((cap == NULL) ||
virNodeDeviceHasCap(driver->devs.objs[i], cap))
virNodeDeviceObjPtr obj = driver->devs.objs[i];
virNodeDeviceObjLock(obj);
if (virNodeNumOfDevicesCheckACL(conn, obj->def) &&
((cap == NULL) ||
virNodeDeviceHasCap(obj, cap)))
++ndevs;
virNodeDeviceObjUnlock(driver->devs.objs[i]);
virNodeDeviceObjUnlock(obj);
}
nodeDeviceUnlock(driver);
@ -168,15 +170,17 @@ nodeListDevices(virConnectPtr conn,
nodeDeviceLock(driver);
for (i = 0; i < driver->devs.count && ndevs < maxnames; i++) {
virNodeDeviceObjLock(driver->devs.objs[i]);
if (cap == NULL ||
virNodeDeviceHasCap(driver->devs.objs[i], cap)) {
if (VIR_STRDUP(names[ndevs++], driver->devs.objs[i]->def->name) < 0) {
virNodeDeviceObjUnlock(driver->devs.objs[i]);
virNodeDeviceObjPtr obj = driver->devs.objs[i];
virNodeDeviceObjLock(obj);
if (virNodeListDevicesCheckACL(conn, obj->def) &&
(cap == NULL ||
virNodeDeviceHasCap(obj, cap))) {
if (VIR_STRDUP(names[ndevs++], obj->def->name) < 0) {
virNodeDeviceObjUnlock(obj);
goto failure;
}
}
virNodeDeviceObjUnlock(driver->devs.objs[i]);
virNodeDeviceObjUnlock(obj);
}
nodeDeviceUnlock(driver);
@ -204,7 +208,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
return -1;
nodeDeviceLock(driver);
ret = virNodeDeviceList(conn, driver->devs, devices, flags);
ret = virNodeDeviceObjListExport(conn, driver->devs, devices,
virConnectListAllNodeDevicesCheckACL,
flags);
nodeDeviceUnlock(driver);
return ret;
}