Add ACL checks into the libxl driver

Insert calls to the ACL checking APIs in all libxl driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-04-23 11:56:22 +01:00
parent cffe870c24
commit f5e007c353
2 changed files with 192 additions and 6 deletions

View File

@ -1042,9 +1042,11 @@ noinst_LTLIBRARIES += libvirt_driver_libxl.la
#libvirt_la_BUILT_LIBADD += libvirt_driver_libxl.la #libvirt_la_BUILT_LIBADD += libvirt_driver_libxl.la
endif endif
libvirt_driver_libxl_impl_la_CFLAGS = $(LIBXL_CFLAGS) \ libvirt_driver_libxl_impl_la_CFLAGS = \
-I$(top_srcdir)/src/conf \ $(LIBXL_CFLAGS) \
-I$(top_srcdir)/src/xenxs \ -I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \
-I$(top_srcdir)/src/xenxs \
$(AM_CFLAGS) $(AM_CFLAGS)
libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenxs.la libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenxs.la

View File

@ -47,6 +47,7 @@
#include "viruri.h" #include "viruri.h"
#include "virstring.h" #include "virstring.h"
#include "virsysinfo.h" #include "virsysinfo.h"
#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_LIBXL #define VIR_FROM_THIS VIR_FROM_LIBXL
@ -1446,6 +1447,9 @@ libxlConnectOpen(virConnectPtr conn,
} }
} }
if (virConnectOpenEnsureACL(conn) < 0)
return VIR_DRV_OPEN_ERROR;
conn->privateData = libxl_driver; conn->privateData = libxl_driver;
return VIR_DRV_OPEN_SUCCESS; return VIR_DRV_OPEN_SUCCESS;
@ -1459,8 +1463,11 @@ libxlConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED)
} }
static const char * static const char *
libxlConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) libxlConnectGetType(virConnectPtr conn)
{ {
if (virConnectGetTypeEnsureACL(conn) < 0)
return NULL;
return "Xen"; return "Xen";
} }
@ -1469,6 +1476,9 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version)
{ {
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
if (virConnectGetVersionEnsureACL(conn) < 0)
return 0;
libxlDriverLock(driver); libxlDriverLock(driver);
*version = driver->version; *version = driver->version;
libxlDriverUnlock(driver); libxlDriverUnlock(driver);
@ -1476,8 +1486,11 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version)
} }
static char *libxlConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) static char *libxlConnectGetHostname(virConnectPtr conn)
{ {
if (virConnectGetHostnameEnsureACL(conn) < 0)
return NULL;
return virGetHostname(); return virGetHostname();
} }
@ -1489,6 +1502,9 @@ libxlConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
virCheckFlags(0, NULL); virCheckFlags(0, NULL);
if (virConnectGetSysinfoEnsureACL(conn) < 0)
return NULL;
if (!driver->hostsysinfo) { if (!driver->hostsysinfo) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Host SMBIOS information is not available")); _("Host SMBIOS information is not available"));
@ -1510,6 +1526,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED)
int ret; int ret;
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
return -1;
ret = libxl_get_max_cpus(driver->ctx); ret = libxl_get_max_cpus(driver->ctx);
/* libxl_get_max_cpus() will return 0 if there were any failures, /* libxl_get_max_cpus() will return 0 if there were any failures,
e.g. xc_physinfo() failing */ e.g. xc_physinfo() failing */
@ -1522,6 +1541,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED)
static int static int
libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info) libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
{ {
if (virNodeGetInfoEnsureACL(conn) < 0)
return -1;
return libxlDoNodeGetInfo(conn->privateData, info); return libxlDoNodeGetInfo(conn->privateData, info);
} }
@ -1531,6 +1553,9 @@ libxlConnectGetCapabilities(virConnectPtr conn)
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
char *xml; char *xml;
if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
return NULL;
libxlDriverLock(driver); libxlDriverLock(driver);
if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL) if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
virReportOOMError(); virReportOOMError();
@ -1545,6 +1570,9 @@ libxlConnectListDomains(virConnectPtr conn, int *ids, int nids)
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int n; int n;
if (virConnectListDomainsEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
n = virDomainObjListGetActiveIDs(driver->domains, ids, nids); n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
libxlDriverUnlock(driver); libxlDriverUnlock(driver);
@ -1558,6 +1586,9 @@ libxlConnectNumOfDomains(virConnectPtr conn)
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int n; int n;
if (virConnectNumOfDomainsEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
n = virDomainObjListNumOfDomains(driver->domains, 1); n = virDomainObjListNumOfDomains(driver->domains, 1);
libxlDriverUnlock(driver); libxlDriverUnlock(driver);
@ -1582,6 +1613,9 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml,
VIR_DOMAIN_XML_INACTIVE))) VIR_DOMAIN_XML_INACTIVE)))
goto cleanup; goto cleanup;
if (virDomainCreateXMLEnsureACL(conn, def) < 0)
goto cleanup;
if (!(vm = virDomainObjListAdd(driver->domains, def, if (!(vm = virDomainObjListAdd(driver->domains, def,
driver->xmlopt, driver->xmlopt,
VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE, VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
@ -1624,6 +1658,9 @@ libxlDomainLookupByID(virConnectPtr conn, int id)
goto cleanup; goto cleanup;
} }
if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
goto cleanup;
dom = virGetDomain(conn, vm->def->name, vm->def->uuid); dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) if (dom)
dom->id = vm->def->id; dom->id = vm->def->id;
@ -1650,6 +1687,9 @@ libxlDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
goto cleanup; goto cleanup;
} }
if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
goto cleanup;
dom = virGetDomain(conn, vm->def->name, vm->def->uuid); dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) if (dom)
dom->id = vm->def->id; dom->id = vm->def->id;
@ -1676,6 +1716,9 @@ libxlDomainLookupByName(virConnectPtr conn, const char *name)
goto cleanup; goto cleanup;
} }
if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
goto cleanup;
dom = virGetDomain(conn, vm->def->name, vm->def->uuid); dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) if (dom)
dom->id = vm->def->id; dom->id = vm->def->id;
@ -1706,6 +1749,10 @@ libxlDomainSuspend(virDomainPtr dom)
_("No domain with matching uuid '%s'"), uuidstr); _("No domain with matching uuid '%s'"), uuidstr);
goto cleanup; goto cleanup;
} }
if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -1765,6 +1812,9 @@ libxlDomainResume(virDomainPtr dom)
goto cleanup; goto cleanup;
} }
if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -1823,6 +1873,9 @@ libxlDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running")); "%s", _("Domain is not running"));
@ -1876,6 +1929,9 @@ libxlDomainReboot(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running")); "%s", _("Domain is not running"));
@ -1919,6 +1975,9 @@ libxlDomainDestroyFlags(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is not running")); "%s", _("Domain is not running"));
@ -1974,7 +2033,11 @@ libxlDomainGetOSType(virDomainPtr dom)
goto cleanup; goto cleanup;
} }
ignore_value(VIR_STRDUP(type, vm->def->os.type)); if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (VIR_STRDUP(type, vm->def->os.type) < 0)
goto cleanup;
cleanup: cleanup:
if (vm) if (vm)
@ -1997,6 +2060,10 @@ libxlDomainGetMaxMemory(virDomainPtr dom)
virReportError(VIR_ERR_NO_DOMAIN, "%s", _("no domain with matching uuid")); virReportError(VIR_ERR_NO_DOMAIN, "%s", _("no domain with matching uuid"));
goto cleanup; goto cleanup;
} }
if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
ret = vm->def->mem.max_balloon; ret = vm->def->mem.max_balloon;
cleanup: cleanup:
@ -2029,6 +2096,9 @@ libxlDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
goto cleanup; goto cleanup;
} }
if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
isActive = virDomainObjIsActive(vm); isActive = virDomainObjIsActive(vm);
if (flags == VIR_DOMAIN_MEM_CURRENT) { if (flags == VIR_DOMAIN_MEM_CURRENT) {
@ -2151,6 +2221,9 @@ libxlDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info)
goto cleanup; goto cleanup;
} }
if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
info->cpuTime = 0; info->cpuTime = 0;
info->memory = vm->def->mem.cur_balloon; info->memory = vm->def->mem.cur_balloon;
@ -2198,6 +2271,9 @@ libxlDomainGetState(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
*state = virDomainObjGetState(vm, reason); *state = virDomainObjGetState(vm, reason);
ret = 0; ret = 0;
@ -2310,6 +2386,9 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
goto cleanup; goto cleanup;
} }
if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -2362,6 +2441,9 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char *from,
if (fd < 0) if (fd < 0)
goto cleanup; goto cleanup;
if (virDomainRestoreFlagsEnsureACL(conn, def) < 0)
goto cleanup;
if (!(vm = virDomainObjListAdd(driver->domains, def, if (!(vm = virDomainObjListAdd(driver->domains, def,
driver->xmlopt, driver->xmlopt,
VIR_DOMAIN_OBJ_LIST_ADD_LIVE | VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
@ -2417,6 +2499,9 @@ libxlDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainCoreDumpEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -2507,6 +2592,9 @@ libxlDomainManagedSave(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainManagedSaveEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -2582,6 +2670,9 @@ libxlDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainHasManagedSaveImageEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
ret = vm->hasManagedSave; ret = vm->hasManagedSave;
cleanup: cleanup:
@ -2611,6 +2702,9 @@ libxlDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainManagedSaveRemoveEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
name = libxlDomainManagedSavePath(driver, vm); name = libxlDomainManagedSavePath(driver, vm);
if (name == NULL) if (name == NULL)
goto cleanup; goto cleanup;
@ -2669,6 +2763,9 @@ libxlDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
goto cleanup; goto cleanup;
} }
if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) { if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("cannot set vcpus on an inactive domain")); _("cannot set vcpus on an inactive domain"));
@ -2788,6 +2885,9 @@ libxlDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainGetVcpusFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
active = virDomainObjIsActive(vm); active = virDomainObjIsActive(vm);
if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) { if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) {
@ -2845,6 +2945,9 @@ libxlDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, unsigned char *cpumap,
goto cleanup; goto cleanup;
} }
if (virDomainPinVcpuEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("cannot pin vcpus on an inactive domain")); _("cannot pin vcpus on an inactive domain"));
@ -2912,6 +3015,9 @@ libxlDomainGetVcpus(virDomainPtr dom, virVcpuInfoPtr info, int maxinfo,
goto cleanup; goto cleanup;
} }
if (virDomainGetVcpusEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -2976,6 +3082,9 @@ libxlDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
ret = virDomainDefFormat(vm->def, flags); ret = virDomainDefFormat(vm->def, flags);
cleanup: cleanup:
@ -2997,6 +3106,9 @@ libxlConnectDomainXMLFromNative(virConnectPtr conn, const char * nativeFormat,
virCheckFlags(0, NULL); virCheckFlags(0, NULL);
if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
goto cleanup;
if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) { if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
virReportError(VIR_ERR_INVALID_ARG, virReportError(VIR_ERR_INVALID_ARG,
_("unsupported config type %s"), nativeFormat); _("unsupported config type %s"), nativeFormat);
@ -3040,6 +3152,9 @@ libxlConnectDomainXMLToNative(virConnectPtr conn, const char * nativeFormat,
virCheckFlags(0, NULL); virCheckFlags(0, NULL);
if (virConnectDomainXMLToNativeEnsureACL(conn) < 0)
goto cleanup;
if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) { if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
virReportError(VIR_ERR_INVALID_ARG, virReportError(VIR_ERR_INVALID_ARG,
_("unsupported config type %s"), nativeFormat); _("unsupported config type %s"), nativeFormat);
@ -3083,6 +3198,9 @@ libxlConnectListDefinedDomains(virConnectPtr conn,
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int n; int n;
if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
n = virDomainObjListGetInactiveNames(driver->domains, names, nnames); n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
libxlDriverUnlock(driver); libxlDriverUnlock(driver);
@ -3095,6 +3213,9 @@ libxlConnectNumOfDefinedDomains(virConnectPtr conn)
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int n; int n;
if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
n = virDomainObjListNumOfDomains(driver->domains, 0); n = virDomainObjListNumOfDomains(driver->domains, 0);
libxlDriverUnlock(driver); libxlDriverUnlock(driver);
@ -3122,6 +3243,9 @@ libxlDomainCreateWithFlags(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (virDomainObjIsActive(vm)) { if (virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("Domain is already running")); "%s", _("Domain is already running"));
@ -3159,6 +3283,9 @@ libxlDomainDefineXML(virConnectPtr conn, const char *xml)
VIR_DOMAIN_XML_INACTIVE))) VIR_DOMAIN_XML_INACTIVE)))
goto cleanup; goto cleanup;
if (virDomainDefineXMLEnsureACL(conn, def) < 0)
goto cleanup;
if (!(vm = virDomainObjListAdd(driver->domains, def, if (!(vm = virDomainObjListAdd(driver->domains, def,
driver->xmlopt, driver->xmlopt,
0, 0,
@ -3218,6 +3345,9 @@ libxlDomainUndefineFlags(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!vm->persistent) { if (!vm->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cannot undefine transient domain")); "%s", _("cannot undefine transient domain"));
@ -3647,6 +3777,9 @@ libxlDomainAttachDeviceFlags(virDomainPtr dom, const char *xml,
goto cleanup; goto cleanup;
} }
if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
if (virDomainObjIsActive(vm)) { if (virDomainObjIsActive(vm)) {
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT) if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE; flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
@ -3752,6 +3885,9 @@ libxlDomainDetachDeviceFlags(virDomainPtr dom, const char *xml,
goto cleanup; goto cleanup;
} }
if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
if (virDomainObjIsActive(vm)) { if (virDomainObjIsActive(vm)) {
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT) if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE; flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
@ -3857,6 +3993,9 @@ libxlDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml,
goto cleanup; goto cleanup;
} }
if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
if (virDomainObjIsActive(vm)) { if (virDomainObjIsActive(vm)) {
if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT) if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE; flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
@ -3940,6 +4079,9 @@ libxlNodeGetFreeMemory(virConnectPtr conn)
const libxl_version_info* ver_info; const libxl_version_info* ver_info;
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
return 0;
if (libxl_get_physinfo(driver->ctx, &phy_info)) { if (libxl_get_physinfo(driver->ctx, &phy_info)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("libxl_get_physinfo_info failed")); _("libxl_get_physinfo_info failed"));
@ -3963,6 +4105,9 @@ libxlConnectDomainEventRegister(virConnectPtr conn,
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int ret; int ret;
if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
ret = virDomainEventStateRegister(conn, ret = virDomainEventStateRegister(conn,
driver->domainEventState, driver->domainEventState,
@ -3980,6 +4125,9 @@ libxlConnectDomainEventDeregister(virConnectPtr conn,
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int ret; int ret;
if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
ret = virDomainEventStateDeregister(conn, ret = virDomainEventStateDeregister(conn,
driver->domainEventState, driver->domainEventState,
@ -4008,6 +4156,9 @@ libxlDomainGetAutostart(virDomainPtr dom, int *autostart)
goto cleanup; goto cleanup;
} }
if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
*autostart = vm->autostart; *autostart = vm->autostart;
ret = 0; ret = 0;
@ -4036,6 +4187,9 @@ libxlDomainSetAutostart(virDomainPtr dom, int autostart)
goto cleanup; goto cleanup;
} }
if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!vm->persistent) { if (!vm->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cannot set autostart for transient domain")); "%s", _("cannot set autostart for transient domain"));
@ -4105,6 +4259,9 @@ libxlDomainGetSchedulerType(virDomainPtr dom, int *nparams)
goto cleanup; goto cleanup;
} }
if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -4170,6 +4327,9 @@ libxlDomainGetSchedulerParametersFlags(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Domain is not running")); _("Domain is not running"));
@ -4252,6 +4412,9 @@ libxlDomainSetSchedulerParametersFlags(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
goto cleanup;
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
goto cleanup; goto cleanup;
@ -4320,6 +4483,10 @@ libxlDomainIsActive(virDomainPtr dom)
virReportError(VIR_ERR_NO_DOMAIN, NULL); virReportError(VIR_ERR_NO_DOMAIN, NULL);
goto cleanup; goto cleanup;
} }
if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
goto cleanup;
ret = virDomainObjIsActive(obj); ret = virDomainObjIsActive(obj);
cleanup: cleanup:
@ -4342,6 +4509,10 @@ libxlDomainIsPersistent(virDomainPtr dom)
virReportError(VIR_ERR_NO_DOMAIN, NULL); virReportError(VIR_ERR_NO_DOMAIN, NULL);
goto cleanup; goto cleanup;
} }
if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
goto cleanup;
ret = obj->persistent; ret = obj->persistent;
cleanup: cleanup:
@ -4364,6 +4535,10 @@ libxlDomainIsUpdated(virDomainPtr dom)
virReportError(VIR_ERR_NO_DOMAIN, NULL); virReportError(VIR_ERR_NO_DOMAIN, NULL);
goto cleanup; goto cleanup;
} }
if (virDomainIsUpdatedEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
ret = vm->updated; ret = vm->updated;
cleanup: cleanup:
@ -4380,6 +4555,9 @@ libxlConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eve
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int ret; int ret;
if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
if (virDomainEventStateRegisterID(conn, if (virDomainEventStateRegisterID(conn,
driver->domainEventState, driver->domainEventState,
@ -4398,6 +4576,9 @@ libxlConnectDomainEventDeregisterAny(virConnectPtr conn, int callbackID)
libxlDriverPrivatePtr driver = conn->privateData; libxlDriverPrivatePtr driver = conn->privateData;
int ret; int ret;
if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
ret = virDomainEventStateDeregisterID(conn, ret = virDomainEventStateDeregisterID(conn,
driver->domainEventState, driver->domainEventState,
@ -4424,6 +4605,9 @@ libxlConnectListAllDomains(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
if (virConnectListAllDomainsEnsureACL(conn) < 0)
return -1;
libxlDriverLock(driver); libxlDriverLock(driver);
ret = virDomainObjListExport(driver->domains, conn, domains, flags); ret = virDomainObjListExport(driver->domains, conn, domains, flags);
libxlDriverUnlock(driver); libxlDriverUnlock(driver);