diff --git a/src/Makefile.am b/src/Makefile.am index cdfed19e9f..b1d2963e0a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1042,9 +1042,11 @@ noinst_LTLIBRARIES += libvirt_driver_libxl.la #libvirt_la_BUILT_LIBADD += libvirt_driver_libxl.la endif -libvirt_driver_libxl_impl_la_CFLAGS = $(LIBXL_CFLAGS) \ - -I$(top_srcdir)/src/conf \ - -I$(top_srcdir)/src/xenxs \ +libvirt_driver_libxl_impl_la_CFLAGS = \ + $(LIBXL_CFLAGS) \ + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + -I$(top_srcdir)/src/xenxs \ $(AM_CFLAGS) libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenxs.la diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index a5dffc178f..0438d3e3ca 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -47,6 +47,7 @@ #include "viruri.h" #include "virstring.h" #include "virsysinfo.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_LIBXL @@ -1446,6 +1447,9 @@ libxlConnectOpen(virConnectPtr conn, } } + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + conn->privateData = libxl_driver; return VIR_DRV_OPEN_SUCCESS; @@ -1459,8 +1463,11 @@ libxlConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED) } static const char * -libxlConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) +libxlConnectGetType(virConnectPtr conn) { + if (virConnectGetTypeEnsureACL(conn) < 0) + return NULL; + return "Xen"; } @@ -1469,6 +1476,9 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version) { libxlDriverPrivatePtr driver = conn->privateData; + if (virConnectGetVersionEnsureACL(conn) < 0) + return 0; + libxlDriverLock(driver); *version = driver->version; libxlDriverUnlock(driver); @@ -1476,8 +1486,11 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version) } -static char *libxlConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) +static char *libxlConnectGetHostname(virConnectPtr conn) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); } @@ -1489,6 +1502,9 @@ libxlConnectGetSysinfo(virConnectPtr conn, unsigned int flags) virCheckFlags(0, NULL); + if (virConnectGetSysinfoEnsureACL(conn) < 0) + return NULL; + if (!driver->hostsysinfo) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Host SMBIOS information is not available")); @@ -1510,6 +1526,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED) int ret; libxlDriverPrivatePtr driver = conn->privateData; + if (virConnectGetMaxVcpusEnsureACL(conn) < 0) + return -1; + ret = libxl_get_max_cpus(driver->ctx); /* libxl_get_max_cpus() will return 0 if there were any failures, e.g. xc_physinfo() failing */ @@ -1522,6 +1541,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED) static int libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info) { + if (virNodeGetInfoEnsureACL(conn) < 0) + return -1; + return libxlDoNodeGetInfo(conn->privateData, info); } @@ -1531,6 +1553,9 @@ libxlConnectGetCapabilities(virConnectPtr conn) libxlDriverPrivatePtr driver = conn->privateData; char *xml; + if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + libxlDriverLock(driver); if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL) virReportOOMError(); @@ -1545,6 +1570,9 @@ libxlConnectListDomains(virConnectPtr conn, int *ids, int nids) libxlDriverPrivatePtr driver = conn->privateData; int n; + if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); n = virDomainObjListGetActiveIDs(driver->domains, ids, nids); libxlDriverUnlock(driver); @@ -1558,6 +1586,9 @@ libxlConnectNumOfDomains(virConnectPtr conn) libxlDriverPrivatePtr driver = conn->privateData; int n; + if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); n = virDomainObjListNumOfDomains(driver->domains, 1); libxlDriverUnlock(driver); @@ -1582,6 +1613,9 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml, VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (!(vm = virDomainObjListAdd(driver->domains, def, driver->xmlopt, VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE, @@ -1624,6 +1658,9 @@ libxlDomainLookupByID(virConnectPtr conn, int id) goto cleanup; } + if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -1650,6 +1687,9 @@ libxlDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid) goto cleanup; } + if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -1676,6 +1716,9 @@ libxlDomainLookupByName(virConnectPtr conn, const char *name) goto cleanup; } + if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -1706,6 +1749,10 @@ libxlDomainSuspend(virDomainPtr dom) _("No domain with matching uuid '%s'"), uuidstr); goto cleanup; } + + if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -1765,6 +1812,9 @@ libxlDomainResume(virDomainPtr dom) goto cleanup; } + if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -1823,6 +1873,9 @@ libxlDomainShutdownFlags(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -1876,6 +1929,9 @@ libxlDomainReboot(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -1919,6 +1975,9 @@ libxlDomainDestroyFlags(virDomainPtr dom, goto cleanup; } + if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -1974,7 +2033,11 @@ libxlDomainGetOSType(virDomainPtr dom) goto cleanup; } - ignore_value(VIR_STRDUP(type, vm->def->os.type)); + if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + + if (VIR_STRDUP(type, vm->def->os.type) < 0) + goto cleanup; cleanup: if (vm) @@ -1997,6 +2060,10 @@ libxlDomainGetMaxMemory(virDomainPtr dom) virReportError(VIR_ERR_NO_DOMAIN, "%s", _("no domain with matching uuid")); goto cleanup; } + + if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + ret = vm->def->mem.max_balloon; cleanup: @@ -2029,6 +2096,9 @@ libxlDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem, goto cleanup; } + if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + isActive = virDomainObjIsActive(vm); if (flags == VIR_DOMAIN_MEM_CURRENT) { @@ -2151,6 +2221,9 @@ libxlDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info) goto cleanup; } + if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { info->cpuTime = 0; info->memory = vm->def->mem.cur_balloon; @@ -2198,6 +2271,9 @@ libxlDomainGetState(virDomainPtr dom, goto cleanup; } + if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + *state = virDomainObjGetState(vm, reason); ret = 0; @@ -2310,6 +2386,9 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml, goto cleanup; } + if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -2362,6 +2441,9 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char *from, if (fd < 0) goto cleanup; + if (virDomainRestoreFlagsEnsureACL(conn, def) < 0) + goto cleanup; + if (!(vm = virDomainObjListAdd(driver->domains, def, driver->xmlopt, VIR_DOMAIN_OBJ_LIST_ADD_LIVE | @@ -2417,6 +2499,9 @@ libxlDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags) goto cleanup; } + if (virDomainCoreDumpEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -2507,6 +2592,9 @@ libxlDomainManagedSave(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainManagedSaveEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -2582,6 +2670,9 @@ libxlDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainHasManagedSaveImageEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + ret = vm->hasManagedSave; cleanup: @@ -2611,6 +2702,9 @@ libxlDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainManagedSaveRemoveEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + name = libxlDomainManagedSavePath(driver, vm); if (name == NULL) goto cleanup; @@ -2669,6 +2763,9 @@ libxlDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, goto cleanup; } + if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cannot set vcpus on an inactive domain")); @@ -2788,6 +2885,9 @@ libxlDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainGetVcpusFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + active = virDomainObjIsActive(vm); if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) { @@ -2845,6 +2945,9 @@ libxlDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, unsigned char *cpumap, goto cleanup; } + if (virDomainPinVcpuEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cannot pin vcpus on an inactive domain")); @@ -2912,6 +3015,9 @@ libxlDomainGetVcpus(virDomainPtr dom, virVcpuInfoPtr info, int maxinfo, goto cleanup; } + if (virDomainGetVcpusEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -2976,6 +3082,9 @@ libxlDomainGetXMLDesc(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + ret = virDomainDefFormat(vm->def, flags); cleanup: @@ -2997,6 +3106,9 @@ libxlConnectDomainXMLFromNative(virConnectPtr conn, const char * nativeFormat, virCheckFlags(0, NULL); + if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0) + goto cleanup; + if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) { virReportError(VIR_ERR_INVALID_ARG, _("unsupported config type %s"), nativeFormat); @@ -3040,6 +3152,9 @@ libxlConnectDomainXMLToNative(virConnectPtr conn, const char * nativeFormat, virCheckFlags(0, NULL); + if (virConnectDomainXMLToNativeEnsureACL(conn) < 0) + goto cleanup; + if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) { virReportError(VIR_ERR_INVALID_ARG, _("unsupported config type %s"), nativeFormat); @@ -3083,6 +3198,9 @@ libxlConnectListDefinedDomains(virConnectPtr conn, libxlDriverPrivatePtr driver = conn->privateData; int n; + if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); n = virDomainObjListGetInactiveNames(driver->domains, names, nnames); libxlDriverUnlock(driver); @@ -3095,6 +3213,9 @@ libxlConnectNumOfDefinedDomains(virConnectPtr conn) libxlDriverPrivatePtr driver = conn->privateData; int n; + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); n = virDomainObjListNumOfDomains(driver->domains, 0); libxlDriverUnlock(driver); @@ -3122,6 +3243,9 @@ libxlDomainCreateWithFlags(virDomainPtr dom, goto cleanup; } + if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is already running")); @@ -3159,6 +3283,9 @@ libxlDomainDefineXML(virConnectPtr conn, const char *xml) VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (!(vm = virDomainObjListAdd(driver->domains, def, driver->xmlopt, 0, @@ -3218,6 +3345,9 @@ libxlDomainUndefineFlags(virDomainPtr dom, goto cleanup; } + if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!vm->persistent) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cannot undefine transient domain")); @@ -3647,6 +3777,9 @@ libxlDomainAttachDeviceFlags(virDomainPtr dom, const char *xml, goto cleanup; } + if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT) flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE; @@ -3752,6 +3885,9 @@ libxlDomainDetachDeviceFlags(virDomainPtr dom, const char *xml, goto cleanup; } + if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT) flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE; @@ -3857,6 +3993,9 @@ libxlDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml, goto cleanup; } + if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT) flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE; @@ -3940,6 +4079,9 @@ libxlNodeGetFreeMemory(virConnectPtr conn) const libxl_version_info* ver_info; libxlDriverPrivatePtr driver = conn->privateData; + if (virNodeGetFreeMemoryEnsureACL(conn) < 0) + return 0; + if (libxl_get_physinfo(driver->ctx, &phy_info)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("libxl_get_physinfo_info failed")); @@ -3963,6 +4105,9 @@ libxlConnectDomainEventRegister(virConnectPtr conn, libxlDriverPrivatePtr driver = conn->privateData; int ret; + if (virConnectDomainEventRegisterEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); ret = virDomainEventStateRegister(conn, driver->domainEventState, @@ -3980,6 +4125,9 @@ libxlConnectDomainEventDeregister(virConnectPtr conn, libxlDriverPrivatePtr driver = conn->privateData; int ret; + if (virConnectDomainEventDeregisterEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); ret = virDomainEventStateDeregister(conn, driver->domainEventState, @@ -4008,6 +4156,9 @@ libxlDomainGetAutostart(virDomainPtr dom, int *autostart) goto cleanup; } + if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + *autostart = vm->autostart; ret = 0; @@ -4036,6 +4187,9 @@ libxlDomainSetAutostart(virDomainPtr dom, int autostart) goto cleanup; } + if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!vm->persistent) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cannot set autostart for transient domain")); @@ -4105,6 +4259,9 @@ libxlDomainGetSchedulerType(virDomainPtr dom, int *nparams) goto cleanup; } + if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -4170,6 +4327,9 @@ libxlDomainGetSchedulerParametersFlags(virDomainPtr dom, goto cleanup; } + if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -4252,6 +4412,9 @@ libxlDomainSetSchedulerParametersFlags(virDomainPtr dom, goto cleanup; } + if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); goto cleanup; @@ -4320,6 +4483,10 @@ libxlDomainIsActive(virDomainPtr dom) virReportError(VIR_ERR_NO_DOMAIN, NULL); goto cleanup; } + + if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0) + goto cleanup; + ret = virDomainObjIsActive(obj); cleanup: @@ -4342,6 +4509,10 @@ libxlDomainIsPersistent(virDomainPtr dom) virReportError(VIR_ERR_NO_DOMAIN, NULL); goto cleanup; } + + if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0) + goto cleanup; + ret = obj->persistent; cleanup: @@ -4364,6 +4535,10 @@ libxlDomainIsUpdated(virDomainPtr dom) virReportError(VIR_ERR_NO_DOMAIN, NULL); goto cleanup; } + + if (virDomainIsUpdatedEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + ret = vm->updated; cleanup: @@ -4380,6 +4555,9 @@ libxlConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eve libxlDriverPrivatePtr driver = conn->privateData; int ret; + if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); if (virDomainEventStateRegisterID(conn, driver->domainEventState, @@ -4398,6 +4576,9 @@ libxlConnectDomainEventDeregisterAny(virConnectPtr conn, int callbackID) libxlDriverPrivatePtr driver = conn->privateData; int ret; + if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); ret = virDomainEventStateDeregisterID(conn, driver->domainEventState, @@ -4424,6 +4605,9 @@ libxlConnectListAllDomains(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); + if (virConnectListAllDomainsEnsureACL(conn) < 0) + return -1; + libxlDriverLock(driver); ret = virDomainObjListExport(driver->domains, conn, domains, flags); libxlDriverUnlock(driver);