External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

Add ACL checks into the Xen driver

Browse Source 
Insert calls to the ACL checking APIs in all Xen driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-04-23 11:56:22 +01:00
parent d78277f934
commit cffe870c24
2 changed files with 213 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.am
View File

@ -961,6 +961,7 @@ endif
libvirt_driver_xen_impl_la_CFLAGS = \ libvirt_driver_xen_impl_la_CFLAGS = \
$(XEN_CFLAGS) \ $(XEN_CFLAGS) \
-I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \ -I$(top_srcdir)/src/conf \
-I$(top_srcdir)/src/xenxs \ -I$(top_srcdir)/src/xenxs \
$(AM_CFLAGS) $(AM_CFLAGS)

220
src/xen/xen_driver.c
View File

@ -66,6 +66,7 @@
#include "nodeinfo.h" #include "nodeinfo.h"
#include "configmake.h" #include "configmake.h"
#include "virstring.h" #include "virstring.h"
#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_XEN #define VIR_FROM_THIS VIR_FROM_XEN
#define XEN_SAVE_DIR LOCALSTATEDIR "/lib/libvirt/xen/save" #define XEN_SAVE_DIR LOCALSTATEDIR "/lib/libvirt/xen/save"
@ -410,6 +411,9 @@ xenUnifiedConnectOpen(virConnectPtr conn, virConnectAuthPtr auth, unsigned int f
/* We now know the URI is definitely for this driver, so beyond /* We now know the URI is definitely for this driver, so beyond
* here, don't return DECLINED, always use ERROR */ * here, don't return DECLINED, always use ERROR */
if (virConnectOpenEnsureACL(conn) < 0)
return VIR_DRV_OPEN_ERROR;
/* Allocate per-connection private data. */ /* Allocate per-connection private data. */
if (VIR_ALLOC(priv) < 0) { if (VIR_ALLOC(priv) < 0) {
virReportOOMError(); virReportOOMError();
@ -554,15 +558,21 @@ unsigned long xenUnifiedVersion(void)
static const char * static const char *
xenUnifiedConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) xenUnifiedConnectGetType(virConnectPtr conn)
{ {
if (virConnectGetTypeEnsureACL(conn) < 0)
return NULL;
return "Xen"; return "Xen";
} }
/* Which features are supported by this driver? */ /* Which features are supported by this driver? */
static int static int
xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature) xenUnifiedConnectSupportsFeature(virConnectPtr conn, int feature)
{ {
if (virConnectSupportsFeatureEnsureACL(conn) < 0)
return -1;
switch (feature) { switch (feature) {
case VIR_DRV_FEATURE_MIGRATION_V1: case VIR_DRV_FEATURE_MIGRATION_V1:
case VIR_DRV_FEATURE_MIGRATION_DIRECT: case VIR_DRV_FEATURE_MIGRATION_DIRECT:
@ -575,12 +585,18 @@ xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int featur
static int static int
xenUnifiedConnectGetVersion(virConnectPtr conn, unsigned long *hvVer) xenUnifiedConnectGetVersion(virConnectPtr conn, unsigned long *hvVer)
{ {
if (virConnectGetVersionEnsureACL(conn) < 0)
return -1;
return xenHypervisorGetVersion(conn, hvVer); return xenHypervisorGetVersion(conn, hvVer);
} }
static char *xenUnifiedConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) static char *xenUnifiedConnectGetHostname(virConnectPtr conn)
{ {
if (virConnectGetHostnameEnsureACL(conn) < 0)
return NULL;
return virGetHostname(); return virGetHostname();
} }
@ -592,6 +608,9 @@ xenUnifiedConnectGetSysinfo(virConnectPtr conn ATTRIBUTE_UNUSED,
virCheckFlags(0, NULL); virCheckFlags(0, NULL);
if (virConnectGetSysinfoEnsureACL(conn) < 0)
return NULL;
if (!hostsysinfo) { if (!hostsysinfo) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Host SMBIOS information is not available")); _("Host SMBIOS information is not available"));
@ -637,6 +656,9 @@ xenUnifiedConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED)
int int
xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type) xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type)
{ {
if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
return -1;
if (type && STRCASENEQ(type, "Xen")) { if (type && STRCASENEQ(type, "Xen")) {
virReportError(VIR_ERR_INVALID_ARG, __FUNCTION__); virReportError(VIR_ERR_INVALID_ARG, __FUNCTION__);
return -1; return -1;
@ -648,6 +670,9 @@ xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type)
static int static int
xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info) xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
{ {
if (virNodeGetInfoEnsureACL(conn) < 0)
return -1;
return xenDaemonNodeGetInfo(conn, info); return xenDaemonNodeGetInfo(conn, info);
} }
@ -657,6 +682,9 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn)
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
char *xml; char *xml;
if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
return NULL;
if (!(xml = virCapabilitiesFormatXML(priv->caps))) { if (!(xml = virCapabilitiesFormatXML(priv->caps))) {
virReportOOMError(); virReportOOMError();
return NULL; return NULL;
@ -668,12 +696,18 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn)
static int static int
xenUnifiedConnectListDomains(virConnectPtr conn, int *ids, int maxids) xenUnifiedConnectListDomains(virConnectPtr conn, int *ids, int maxids)
{ {
if (virConnectListDomainsEnsureACL(conn) < 0)
return -1;
return xenStoreListDomains(conn, ids, maxids); return xenStoreListDomains(conn, ids, maxids);
} }
static int static int
xenUnifiedConnectNumOfDomains(virConnectPtr conn) xenUnifiedConnectNumOfDomains(virConnectPtr conn)
{ {
if (virConnectNumOfDomainsEnsureACL(conn) < 0)
return -1;
return xenStoreNumOfDomains(conn); return xenStoreNumOfDomains(conn);
} }
@ -693,6 +727,9 @@ xenUnifiedDomainCreateXML(virConnectPtr conn,
VIR_DOMAIN_XML_INACTIVE))) VIR_DOMAIN_XML_INACTIVE)))
goto cleanup; goto cleanup;
if (virDomainCreateXMLEnsureACL(conn, def) < 0)
goto cleanup;
if (xenDaemonCreateXML(conn, def) < 0) if (xenDaemonCreateXML(conn, def) < 0)
goto cleanup; goto cleanup;
@ -714,6 +751,9 @@ xenUnifiedDomainLookupByID(virConnectPtr conn, int id)
if (!(def = xenGetDomainDefForID(conn, id))) if (!(def = xenGetDomainDefForID(conn, id)))
goto cleanup; goto cleanup;
if (virDomainLookupByIDEnsureACL(conn, def) < 0)
goto cleanup;
if (!(ret = virGetDomain(conn, def->name, def->uuid))) if (!(ret = virGetDomain(conn, def->name, def->uuid)))
goto cleanup; goto cleanup;
@ -734,6 +774,9 @@ xenUnifiedDomainLookupByUUID(virConnectPtr conn,
if (!(def = xenGetDomainDefForUUID(conn, uuid))) if (!(def = xenGetDomainDefForUUID(conn, uuid)))
goto cleanup; goto cleanup;
if (virDomainLookupByUUIDEnsureACL(conn, def) < 0)
goto cleanup;
if (!(ret = virGetDomain(conn, def->name, def->uuid))) if (!(ret = virGetDomain(conn, def->name, def->uuid)))
goto cleanup; goto cleanup;
@ -754,6 +797,9 @@ xenUnifiedDomainLookupByName(virConnectPtr conn,
if (!(def = xenGetDomainDefForName(conn, name))) if (!(def = xenGetDomainDefForName(conn, name)))
goto cleanup; goto cleanup;
if (virDomainLookupByNameEnsureACL(conn, def) < 0)
goto cleanup;
if (!(ret = virGetDomain(conn, def->name, def->uuid))) if (!(ret = virGetDomain(conn, def->name, def->uuid)))
goto cleanup; goto cleanup;
@ -843,6 +889,9 @@ xenUnifiedDomainSuspend(virDomainPtr dom)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSuspendEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainSuspend(dom->conn, def); ret = xenDaemonDomainSuspend(dom->conn, def);
cleanup: cleanup:
@ -859,6 +908,9 @@ xenUnifiedDomainResume(virDomainPtr dom)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainResumeEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainResume(dom->conn, def); ret = xenDaemonDomainResume(dom->conn, def);
cleanup: cleanup:
@ -878,6 +930,9 @@ xenUnifiedDomainShutdownFlags(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainShutdownFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainShutdown(dom->conn, def); ret = xenDaemonDomainShutdown(dom->conn, def);
cleanup: cleanup:
@ -902,6 +957,9 @@ xenUnifiedDomainReboot(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainRebootEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainReboot(dom->conn, def); ret = xenDaemonDomainReboot(dom->conn, def);
cleanup: cleanup:
@ -921,6 +979,9 @@ xenUnifiedDomainDestroyFlags(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainDestroyFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainDestroy(dom->conn, def); ret = xenDaemonDomainDestroy(dom->conn, def);
cleanup: cleanup:
@ -944,6 +1005,9 @@ xenUnifiedDomainGetOSType(virDomainPtr dom)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetOSTypeEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (def->id < 0) { if (def->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -972,6 +1036,9 @@ xenUnifiedDomainGetMaxMemory(virDomainPtr dom)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetMaxMemoryEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (def->id < 0) { if (def->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainGetMaxMemory(dom->conn, def); ret = xenXMDomainGetMaxMemory(dom->conn, def);
@ -996,6 +1063,9 @@ xenUnifiedDomainSetMaxMemory(virDomainPtr dom, unsigned long memory)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSetMaxMemoryEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (def->id < 0) { if (def->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainSetMaxMemory(dom->conn, def, memory); ret = xenXMDomainSetMaxMemory(dom->conn, def, memory);
@ -1020,6 +1090,9 @@ xenUnifiedDomainSetMemory(virDomainPtr dom, unsigned long memory)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSetMemoryEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (def->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (def->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainSetMemory(dom->conn, def, memory); ret = xenXMDomainSetMemory(dom->conn, def, memory);
else else
@ -1040,6 +1113,9 @@ xenUnifiedDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetInfoEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (def->id < 0) { if (def->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainGetInfo(dom->conn, def, info); ret = xenXMDomainGetInfo(dom->conn, def, info);
@ -1069,6 +1145,9 @@ xenUnifiedDomainGetState(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetStateEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (def->id < 0) { if (def->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainGetState(dom->conn, def, state, reason); ret = xenXMDomainGetState(dom->conn, def, state, reason);
@ -1101,6 +1180,9 @@ xenUnifiedDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSaveFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainSave(dom->conn, def, to); ret = xenDaemonDomainSave(dom->conn, def, to);
cleanup: cleanup:
@ -1142,6 +1224,9 @@ xenUnifiedDomainManagedSave(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainManagedSaveEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
goto cleanup; goto cleanup;
@ -1166,6 +1251,9 @@ xenUnifiedDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainHasManagedSaveImageEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
goto cleanup; goto cleanup;
@ -1190,6 +1278,9 @@ xenUnifiedDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainManagedSaveRemoveEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
goto cleanup; goto cleanup;
@ -1231,6 +1322,9 @@ xenUnifiedDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainCoreDumpEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainCoreDump(dom->conn, def, to, flags); ret = xenDaemonDomainCoreDump(dom->conn, def, to, flags);
cleanup: cleanup:
@ -1268,6 +1362,9 @@ xenUnifiedDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSetVcpusFlagsEnsureACL(dom->conn, def, flags) < 0)
goto cleanup;
/* Try non-hypervisor methods first, then hypervisor direct method /* Try non-hypervisor methods first, then hypervisor direct method
* as a last resort. * as a last resort.
*/ */
@ -1307,6 +1404,9 @@ xenUnifiedDomainPinVcpu(virDomainPtr dom, unsigned int vcpu,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainPinVcpuEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0) { if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainPinVcpu(dom->conn, def, vcpu, cpumap, maplen); ret = xenXMDomainPinVcpu(dom->conn, def, vcpu, cpumap, maplen);
@ -1333,6 +1433,9 @@ xenUnifiedDomainGetVcpus(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0) { if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -1364,6 +1467,9 @@ xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0) { if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainGetVcpusFlags(dom->conn, def, flags); ret = xenXMDomainGetVcpusFlags(dom->conn, def, flags);
@ -1399,6 +1505,9 @@ xenUnifiedDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
if (!(minidef = xenGetDomainDefForDom(dom))) if (!(minidef = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetXMLDescEnsureACL(dom->conn, minidef, flags) < 0)
goto cleanup;
if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
def = xenXMDomainGetXMLDesc(dom->conn, minidef); def = xenXMDomainGetXMLDesc(dom->conn, minidef);
} else { } else {
@ -1436,6 +1545,9 @@ xenUnifiedConnectDomainXMLFromNative(virConnectPtr conn,
virCheckFlags(0, NULL); virCheckFlags(0, NULL);
if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
return NULL;
if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) && if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) &&
STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) { STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) {
virReportError(VIR_ERR_INVALID_ARG, virReportError(VIR_ERR_INVALID_ARG,
@ -1485,6 +1597,9 @@ xenUnifiedConnectDomainXMLToNative(virConnectPtr conn,
virCheckFlags(0, NULL); virCheckFlags(0, NULL);
if (virConnectDomainXMLToNativeEnsureACL(conn) < 0)
return NULL;
if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) && if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) &&
STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) { STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) {
virReportError(VIR_ERR_INVALID_ARG, virReportError(VIR_ERR_INVALID_ARG,
@ -1557,6 +1672,9 @@ xenUnifiedDomainMigratePerform(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainMigratePerformEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenDaemonDomainMigratePerform(dom->conn, def, ret = xenDaemonDomainMigratePerform(dom->conn, def,
cookie, cookielen, uri, cookie, cookielen, uri,
flags, dname, resource); flags, dname, resource);
@ -1584,6 +1702,9 @@ xenUnifiedDomainMigrateFinish(virConnectPtr dconn,
if (!(minidef = xenGetDomainDefForName(dconn, dname))) if (!(minidef = xenGetDomainDefForName(dconn, dname)))
goto cleanup; goto cleanup;
if (virDomainMigrateFinishEnsureACL(dconn, minidef) < 0)
goto cleanup;
if (flags & VIR_MIGRATE_PERSIST_DEST) { if (flags & VIR_MIGRATE_PERSIST_DEST) {
if (!(def = xenDaemonDomainGetXMLDesc(dconn, minidef, NULL))) if (!(def = xenDaemonDomainGetXMLDesc(dconn, minidef, NULL)))
goto cleanup; goto cleanup;
@ -1613,6 +1734,9 @@ xenUnifiedConnectListDefinedDomains(virConnectPtr conn, char **const names,
{ {
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
return -1;
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
return xenXMListDefinedDomains(conn, names, maxnames); return xenXMListDefinedDomains(conn, names, maxnames);
} else { } else {
@ -1625,6 +1749,9 @@ xenUnifiedConnectNumOfDefinedDomains(virConnectPtr conn)
{ {
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
return -1;
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
return xenXMNumOfDefinedDomains(conn); return xenXMNumOfDefinedDomains(conn);
} else { } else {
@ -1645,6 +1772,9 @@ xenUnifiedDomainCreateWithFlags(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainCreateWithFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) if (!(name = xenUnifiedDomainManagedSavePath(priv, def)))
goto cleanup; goto cleanup;
@ -1687,6 +1817,9 @@ xenUnifiedDomainDefineXML(virConnectPtr conn, const char *xml)
VIR_DOMAIN_XML_INACTIVE))) VIR_DOMAIN_XML_INACTIVE)))
goto cleanup; goto cleanup;
if (virDomainDefineXMLEnsureACL(conn, def) < 0)
goto cleanup;
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
if (xenXMDomainDefineXML(conn, def) < 0) if (xenXMDomainDefineXML(conn, def) < 0)
goto cleanup; goto cleanup;
@ -1718,6 +1851,9 @@ xenUnifiedDomainUndefineFlags(virDomainPtr dom, unsigned int flags)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainUndefineFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainUndefine(dom->conn, def); ret = xenXMDomainUndefine(dom->conn, def);
else else
@ -1752,6 +1888,9 @@ xenUnifiedDomainAttachDevice(virDomainPtr dom, const char *xml)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainAttachDeviceEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags); ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags);
else else
@ -1773,6 +1912,9 @@ xenUnifiedDomainAttachDeviceFlags(virDomainPtr dom, const char *xml,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, def, flags) < 0)
goto cleanup;
if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags); ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags);
else else
@ -1802,6 +1944,9 @@ xenUnifiedDomainDetachDevice(virDomainPtr dom, const char *xml)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainDetachDeviceEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags); ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags);
else else
@ -1823,6 +1968,9 @@ xenUnifiedDomainDetachDeviceFlags(virDomainPtr dom, const char *xml,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, def, flags) < 0)
goto cleanup;
if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags); ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags);
else else
@ -1843,6 +1991,9 @@ xenUnifiedDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, def, flags) < 0)
goto cleanup;
ret = xenDaemonUpdateDeviceFlags(dom->conn, def, xml, flags); ret = xenDaemonUpdateDeviceFlags(dom->conn, def, xml, flags);
cleanup: cleanup:
@ -1860,6 +2011,9 @@ xenUnifiedDomainGetAutostart(virDomainPtr dom, int *autostart)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetAutostartEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainGetAutostart(def, autostart); ret = xenXMDomainGetAutostart(def, autostart);
else else
@ -1880,6 +2034,9 @@ xenUnifiedDomainSetAutostart(virDomainPtr dom, int autostart)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSetAutostartEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainSetAutostart(def, autostart); ret = xenXMDomainSetAutostart(def, autostart);
else else
@ -1900,6 +2057,9 @@ xenUnifiedDomainGetSchedulerType(virDomainPtr dom, int *nparams)
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetSchedulerTypeEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0) { if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -1931,6 +2091,9 @@ xenUnifiedDomainGetSchedulerParametersFlags(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0) { if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -1971,6 +2134,9 @@ xenUnifiedDomainSetSchedulerParametersFlags(virDomainPtr dom,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, def, flags) < 0)
goto cleanup;
if (dom->id < 0) { if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -2006,6 +2172,9 @@ xenUnifiedDomainBlockStats(virDomainPtr dom, const char *path,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainBlockStatsEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenHypervisorDomainBlockStats(dom->conn, def, path, stats); ret = xenHypervisorDomainBlockStats(dom->conn, def, path, stats);
cleanup: cleanup:
@ -2023,6 +2192,9 @@ xenUnifiedDomainInterfaceStats(virDomainPtr dom, const char *path,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainInterfaceStatsEnsureACL(dom->conn, def) < 0)
goto cleanup;
ret = xenHypervisorDomainInterfaceStats(def, path, stats); ret = xenHypervisorDomainInterfaceStats(def, path, stats);
cleanup: cleanup:
@ -2044,6 +2216,9 @@ xenUnifiedDomainBlockPeek(virDomainPtr dom, const char *path,
if (!(def = xenGetDomainDefForDom(dom))) if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup; goto cleanup;
if (virDomainBlockPeekEnsureACL(dom->conn, def) < 0)
goto cleanup;
if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainBlockPeek(dom->conn, def, path, offset, size, buffer); ret = xenXMDomainBlockPeek(dom->conn, def, path, offset, size, buffer);
else else
@ -2058,6 +2233,9 @@ static int
xenUnifiedNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, xenUnifiedNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems,
int startCell, int maxCells) int startCell, int maxCells)
{ {
if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0)
return 0;
return xenHypervisorNodeGetCellsFreeMemory(conn, freeMems, return xenHypervisorNodeGetCellsFreeMemory(conn, freeMems,
startCell, maxCells); startCell, maxCells);
} }
@ -2067,6 +2245,9 @@ xenUnifiedNodeGetFreeMemory(virConnectPtr conn)
{ {
unsigned long long freeMem = 0; unsigned long long freeMem = 0;
if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
return 0;
if (xenHypervisorNodeGetCellsFreeMemory(conn, &freeMem, -1, 1) < 0) if (xenHypervisorNodeGetCellsFreeMemory(conn, &freeMem, -1, 1) < 0)
return 0; return 0;
return freeMem; return freeMem;
@ -2080,8 +2261,11 @@ xenUnifiedConnectDomainEventRegister(virConnectPtr conn,
virFreeCallback freefunc) virFreeCallback freefunc)
{ {
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
int ret; int ret;
if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
return -1;
xenUnifiedLock(priv); xenUnifiedLock(priv);
if (priv->xsWatch == -1) { if (priv->xsWatch == -1) {
@ -2104,6 +2288,10 @@ xenUnifiedConnectDomainEventDeregister(virConnectPtr conn,
{ {
int ret; int ret;
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
return -1;
xenUnifiedLock(priv); xenUnifiedLock(priv);
if (priv->xsWatch == -1) { if (priv->xsWatch == -1) {
@ -2130,8 +2318,11 @@ xenUnifiedConnectDomainEventRegisterAny(virConnectPtr conn,
virFreeCallback freefunc) virFreeCallback freefunc)
{ {
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
int ret; int ret;
if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
return -1;
xenUnifiedLock(priv); xenUnifiedLock(priv);
if (priv->xsWatch == -1) { if (priv->xsWatch == -1) {
@ -2155,6 +2346,10 @@ xenUnifiedConnectDomainEventDeregisterAny(virConnectPtr conn,
{ {
int ret; int ret;
xenUnifiedPrivatePtr priv = conn->privateData; xenUnifiedPrivatePtr priv = conn->privateData;
if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
return -1;
xenUnifiedLock(priv); xenUnifiedLock(priv);
if (priv->xsWatch == -1) { if (priv->xsWatch == -1) {
@ -2430,31 +2625,40 @@ cleanup:
} }
static int static int
xenUnifiedNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, xenUnifiedNodeGetMemoryParameters(virConnectPtr conn,
virTypedParameterPtr params, virTypedParameterPtr params,
int *nparams, int *nparams,
unsigned int flags) unsigned int flags)
{ {
if (virNodeGetMemoryParametersEnsureACL(conn) < 0)
return -1;
return nodeGetMemoryParameters(params, nparams, flags); return nodeGetMemoryParameters(params, nparams, flags);
} }
static int static int
xenUnifiedNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, xenUnifiedNodeSetMemoryParameters(virConnectPtr conn,
virTypedParameterPtr params, virTypedParameterPtr params,
int nparams, int nparams,
unsigned int flags) unsigned int flags)
{ {
if (virNodeSetMemoryParametersEnsureACL(conn) < 0)
return -1;
return nodeSetMemoryParameters(params, nparams, flags); return nodeSetMemoryParameters(params, nparams, flags);
} }
static int static int
xenUnifiedNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED, xenUnifiedNodeSuspendForDuration(virConnectPtr conn,
unsigned int target, unsigned int target,
unsigned long long duration, unsigned long long duration,
unsigned int flags) unsigned int flags)
{ {
if (virNodeSuspendForDurationEnsureACL(conn) < 0)
return -1;
return nodeSuspendForDuration(target, duration, flags); return nodeSuspendForDuration(target, duration, flags);
} }