[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 12/19] Add ACL checks into the libxl driver



From: "Daniel P. Berrange" <berrange redhat com>

Insert calls to the ACL checking APIs in all libxl driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange redhat com>
---
 src/Makefile.am          |   8 +-
 src/libxl/libxl_driver.c | 187 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 189 insertions(+), 6 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index b3aed10..fd99ee2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1045,9 +1045,11 @@ noinst_LTLIBRARIES += libvirt_driver_libxl.la
 #libvirt_la_BUILT_LIBADD += libvirt_driver_libxl.la
 endif
 
-libvirt_driver_libxl_impl_la_CFLAGS = $(LIBXL_CFLAGS)		\
-		-I$(top_srcdir)/src/conf			\
-		-I$(top_srcdir)/src/xenxs			\
+libvirt_driver_libxl_impl_la_CFLAGS = 		\
+		$(LIBXL_CFLAGS)			\
+		-I$(top_srcdir)/src/access	\
+		-I$(top_srcdir)/src/conf	\
+		-I$(top_srcdir)/src/xenxs	\
 		$(AM_CFLAGS)
 libvirt_driver_libxl_impl_la_LDFLAGS = $(AM_LDFLAGS)
 libvirt_driver_libxl_impl_la_LIBADD = $(LIBXL_LIBS) libvirt_xenxs.la
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 9a7cb20..687d8cd 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -45,6 +45,7 @@
 #include "virtypedparam.h"
 #include "viruri.h"
 #include "virstring.h"
+#include "viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_LIBXL
 
@@ -1405,6 +1406,9 @@ libxlConnectOpen(virConnectPtr conn,
         }
     }
 
+    if (virConnectOpenEnsureACL(conn) < 0)
+        return VIR_DRV_OPEN_ERROR;
+
     conn->privateData = libxl_driver;
 
     return VIR_DRV_OPEN_SUCCESS;
@@ -1418,8 +1422,11 @@ libxlConnectClose(virConnectPtr conn ATTRIBUTE_UNUSED)
 }
 
 static const char *
-libxlConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED)
+libxlConnectGetType(virConnectPtr conn)
 {
+    if (virConnectGetTypeEnsureACL(conn) < 0)
+        return NULL;
+
     return "Xen";
 }
 
@@ -1428,6 +1435,9 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version)
 {
     libxlDriverPrivatePtr driver = conn->privateData;
 
+    if (virConnectGetVersionEnsureACL(conn) < 0)
+        return 0;
+
     libxlDriverLock(driver);
     *version = driver->version;
     libxlDriverUnlock(driver);
@@ -1435,8 +1445,11 @@ libxlConnectGetVersion(virConnectPtr conn, unsigned long *version)
 }
 
 
-static char *libxlConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *libxlConnectGetHostname(virConnectPtr conn)
 {
+    if (virConnectGetHostnameEnsureACL(conn) < 0)
+        return NULL;
+
     return virGetHostname();
 }
 
@@ -1447,6 +1460,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED)
     int ret;
     libxlDriverPrivatePtr driver = conn->privateData;
 
+    if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
+        return -1;
+
     ret = libxl_get_max_cpus(driver->ctx);
     /* libxl_get_max_cpus() will return 0 if there were any failures,
        e.g. xc_physinfo() failing */
@@ -1459,6 +1475,9 @@ libxlConnectGetMaxVcpus(virConnectPtr conn, const char *type ATTRIBUTE_UNUSED)
 static int
 libxlNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info)
 {
+    if (virNodeGetInfoEnsureACL(conn) < 0)
+        return -1;
+
     return libxlDoNodeGetInfo(conn->privateData, info);
 }
 
@@ -1468,6 +1487,9 @@ libxlConnectGetCapabilities(virConnectPtr conn)
     libxlDriverPrivatePtr driver = conn->privateData;
     char *xml;
 
+    if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+        return NULL;
+
     libxlDriverLock(driver);
     if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
         virReportOOMError();
@@ -1482,6 +1504,9 @@ libxlConnectListDomains(virConnectPtr conn, int *ids, int nids)
     libxlDriverPrivatePtr driver = conn->privateData;
     int n;
 
+    if (virConnectListDomainsEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     n = virDomainObjListGetActiveIDs(driver->domains, ids, nids);
     libxlDriverUnlock(driver);
@@ -1495,6 +1520,9 @@ libxlConnectNumOfDomains(virConnectPtr conn)
     libxlDriverPrivatePtr driver = conn->privateData;
     int n;
 
+    if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     n = virDomainObjListNumOfDomains(driver->domains, 1);
     libxlDriverUnlock(driver);
@@ -1519,6 +1547,9 @@ libxlDomainCreateXML(virConnectPtr conn, const char *xml,
                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 
+    if (virDomainCreateXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (!(vm = virDomainObjListAdd(driver->domains, def,
                                    driver->xmlopt,
                                    VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
@@ -1561,6 +1592,9 @@ libxlDomainLookupByID(virConnectPtr conn, int id)
         goto cleanup;
     }
 
+    if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0)
+        goto cleanup;
+
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom)
         dom->id = vm->def->id;
@@ -1587,6 +1621,9 @@ libxlDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
         goto cleanup;
     }
 
+    if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0)
+        goto cleanup;
+
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom)
         dom->id = vm->def->id;
@@ -1613,6 +1650,9 @@ libxlDomainLookupByName(virConnectPtr conn, const char *name)
         goto cleanup;
     }
 
+    if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0)
+        goto cleanup;
+
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom)
         dom->id = vm->def->id;
@@ -1643,6 +1683,10 @@ libxlDomainSuspend(virDomainPtr dom)
                        _("No domain with matching uuid '%s'"), uuidstr);
         goto cleanup;
     }
+
+    if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -1702,6 +1746,9 @@ libxlDomainResume(virDomainPtr dom)
         goto cleanup;
     }
 
+    if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -1760,6 +1807,9 @@ libxlDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("Domain is not running"));
@@ -1813,6 +1863,9 @@ libxlDomainReboot(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("Domain is not running"));
@@ -1856,6 +1909,9 @@ libxlDomainDestroyFlags(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("Domain is not running"));
@@ -1911,7 +1967,11 @@ libxlDomainGetOSType(virDomainPtr dom)
         goto cleanup;
     }
 
-    ignore_value(VIR_STRDUP(type, vm->def->os.type));
+    if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
+    if (VIR_STRDUP(type, vm->def->os.type) < 0)
+        goto cleanup;
 
 cleanup:
     if (vm)
@@ -1934,6 +1994,10 @@ libxlDomainGetMaxMemory(virDomainPtr dom)
         virReportError(VIR_ERR_NO_DOMAIN, "%s", _("no domain with matching uuid"));
         goto cleanup;
     }
+
+    if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     ret = vm->def->mem.max_balloon;
 
 cleanup:
@@ -1966,6 +2030,9 @@ libxlDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
         goto cleanup;
     }
 
+    if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     isActive = virDomainObjIsActive(vm);
 
     if (flags == VIR_DOMAIN_MEM_CURRENT) {
@@ -2088,6 +2155,9 @@ libxlDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info)
         goto cleanup;
     }
 
+    if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         info->cpuTime = 0;
         info->memory = vm->def->mem.cur_balloon;
@@ -2135,6 +2205,9 @@ libxlDomainGetState(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     *state = virDomainObjGetState(vm, reason);
     ret = 0;
 
@@ -2247,6 +2320,9 @@ libxlDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
         goto cleanup;
     }
 
+    if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -2299,6 +2375,9 @@ libxlDomainRestoreFlags(virConnectPtr conn, const char *from,
     if (fd < 0)
         goto cleanup;
 
+    if (virDomainRestoreFlagsEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (!(vm = virDomainObjListAdd(driver->domains, def,
                                    driver->xmlopt,
                                    VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
@@ -2354,6 +2433,9 @@ libxlDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainCoreDumpEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -2444,6 +2526,9 @@ libxlDomainManagedSave(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainManagedSaveEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -2519,6 +2604,9 @@ libxlDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainHasManagedSaveImageEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     ret = vm->hasManagedSave;
 
 cleanup:
@@ -2548,6 +2636,9 @@ libxlDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainManagedSaveRemoveEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     name = libxlDomainManagedSavePath(driver, vm);
     if (name == NULL)
         goto cleanup;
@@ -2606,6 +2697,9 @@ libxlDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
         goto cleanup;
     }
 
+    if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("cannot set vcpus on an inactive domain"));
@@ -2725,6 +2819,9 @@ libxlDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainGetVcpusFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     active = virDomainObjIsActive(vm);
 
     if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) {
@@ -2782,6 +2879,9 @@ libxlDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, unsigned char *cpumap,
         goto cleanup;
     }
 
+    if (virDomainPinVcpuEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("cannot pin vcpus on an inactive domain"));
@@ -2849,6 +2949,9 @@ libxlDomainGetVcpus(virDomainPtr dom, virVcpuInfoPtr info, int maxinfo,
         goto cleanup;
     }
 
+    if (virDomainGetVcpusEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -2913,6 +3016,9 @@ libxlDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
         goto cleanup;
     }
 
+    if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     ret = virDomainDefFormat(vm->def, flags);
 
   cleanup:
@@ -2934,6 +3040,9 @@ libxlConnectDomainXMLFromNative(virConnectPtr conn, const char * nativeFormat,
 
     virCheckFlags(0, NULL);
 
+    if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0)
+        goto cleanup;
+
     if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
         virReportError(VIR_ERR_INVALID_ARG,
                        _("unsupported config type %s"), nativeFormat);
@@ -2977,6 +3086,9 @@ libxlConnectDomainXMLToNative(virConnectPtr conn, const char * nativeFormat,
 
     virCheckFlags(0, NULL);
 
+    if (virConnectDomainXMLToNativeEnsureACL(conn) < 0)
+        goto cleanup;
+
     if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) {
         virReportError(VIR_ERR_INVALID_ARG,
                        _("unsupported config type %s"), nativeFormat);
@@ -3020,6 +3132,9 @@ libxlConnectListDefinedDomains(virConnectPtr conn,
     libxlDriverPrivatePtr driver = conn->privateData;
     int n;
 
+    if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     n = virDomainObjListGetInactiveNames(driver->domains, names, nnames);
     libxlDriverUnlock(driver);
@@ -3032,6 +3147,9 @@ libxlConnectNumOfDefinedDomains(virConnectPtr conn)
     libxlDriverPrivatePtr driver = conn->privateData;
     int n;
 
+    if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     n = virDomainObjListNumOfDomains(driver->domains, 0);
     libxlDriverUnlock(driver);
@@ -3059,6 +3177,9 @@ libxlDomainCreateWithFlags(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("Domain is already running"));
@@ -3096,6 +3217,9 @@ libxlDomainDefineXML(virConnectPtr conn, const char *xml)
                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 
+    if (virDomainDefineXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (!(vm = virDomainObjListAdd(driver->domains, def,
                                    driver->xmlopt,
                                    0,
@@ -3155,6 +3279,9 @@ libxlDomainUndefineFlags(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!vm->persistent) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("cannot undefine transient domain"));
@@ -3584,6 +3711,9 @@ libxlDomainAttachDeviceFlags(virDomainPtr dom, const char *xml,
         goto cleanup;
     }
 
+    if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (virDomainObjIsActive(vm)) {
         if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
             flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
@@ -3689,6 +3819,9 @@ libxlDomainDetachDeviceFlags(virDomainPtr dom, const char *xml,
         goto cleanup;
     }
 
+    if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (virDomainObjIsActive(vm)) {
         if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
             flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
@@ -3794,6 +3927,9 @@ libxlDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml,
         goto cleanup;
     }
 
+    if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (virDomainObjIsActive(vm)) {
         if (flags == VIR_DOMAIN_DEVICE_MODIFY_CURRENT)
             flags |= VIR_DOMAIN_DEVICE_MODIFY_LIVE;
@@ -3877,6 +4013,9 @@ libxlNodeGetFreeMemory(virConnectPtr conn)
     const libxl_version_info* ver_info;
     libxlDriverPrivatePtr driver = conn->privateData;
 
+    if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
+        return 0;
+
     if (libxl_get_physinfo(driver->ctx, &phy_info)) {
         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                        _("libxl_get_physinfo_info failed"));
@@ -3900,6 +4039,9 @@ libxlConnectDomainEventRegister(virConnectPtr conn,
     libxlDriverPrivatePtr driver = conn->privateData;
     int ret;
 
+    if (virConnectDomainEventRegisterEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     ret = virDomainEventStateRegister(conn,
                                       driver->domainEventState,
@@ -3917,6 +4059,9 @@ libxlConnectDomainEventDeregister(virConnectPtr conn,
     libxlDriverPrivatePtr driver = conn->privateData;
     int ret;
 
+    if (virConnectDomainEventDeregisterEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     ret = virDomainEventStateDeregister(conn,
                                         driver->domainEventState,
@@ -3945,6 +4090,9 @@ libxlDomainGetAutostart(virDomainPtr dom, int *autostart)
         goto cleanup;
     }
 
+    if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     *autostart = vm->autostart;
     ret = 0;
 
@@ -3973,6 +4121,9 @@ libxlDomainSetAutostart(virDomainPtr dom, int autostart)
         goto cleanup;
     }
 
+    if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!vm->persistent) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s", _("cannot set autostart for transient domain"));
@@ -4042,6 +4193,9 @@ libxlDomainGetSchedulerType(virDomainPtr dom, int *nparams)
         goto cleanup;
     }
 
+    if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -4107,6 +4261,9 @@ libxlDomainGetSchedulerParametersFlags(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
                        _("Domain is not running"));
@@ -4189,6 +4346,9 @@ libxlDomainSetSchedulerParametersFlags(virDomainPtr dom,
         goto cleanup;
     }
 
+    if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+        goto cleanup;
+
     if (!virDomainObjIsActive(vm)) {
         virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running"));
         goto cleanup;
@@ -4257,6 +4417,10 @@ libxlDomainIsActive(virDomainPtr dom)
         virReportError(VIR_ERR_NO_DOMAIN, NULL);
         goto cleanup;
     }
+
+    if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0)
+        goto cleanup;
+
     ret = virDomainObjIsActive(obj);
 
   cleanup:
@@ -4279,6 +4443,10 @@ libxlDomainIsPersistent(virDomainPtr dom)
         virReportError(VIR_ERR_NO_DOMAIN, NULL);
         goto cleanup;
     }
+
+    if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0)
+        goto cleanup;
+
     ret = obj->persistent;
 
   cleanup:
@@ -4301,6 +4469,10 @@ libxlDomainIsUpdated(virDomainPtr dom)
         virReportError(VIR_ERR_NO_DOMAIN, NULL);
         goto cleanup;
     }
+
+    if (virDomainIsUpdatedEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
     ret = vm->updated;
 
 cleanup:
@@ -4317,6 +4489,9 @@ libxlConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eve
     libxlDriverPrivatePtr driver = conn->privateData;
     int ret;
 
+    if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     if (virDomainEventStateRegisterID(conn,
                                       driver->domainEventState,
@@ -4335,6 +4510,9 @@ libxlConnectDomainEventDeregisterAny(virConnectPtr conn, int callbackID)
     libxlDriverPrivatePtr driver = conn->privateData;
     int ret;
 
+    if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     ret = virDomainEventStateDeregisterID(conn,
                                           driver->domainEventState,
@@ -4361,6 +4539,9 @@ libxlConnectListAllDomains(virConnectPtr conn,
 
     virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
 
+    if (virConnectListAllDomainsEnsureACL(conn) < 0)
+        return -1;
+
     libxlDriverLock(driver);
     ret = virDomainObjListExport(driver->domains, conn, domains, flags);
     libxlDriverUnlock(driver);
-- 
1.8.1.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]