[libvirt] [PATCH 16/19] Add ACL checks into the node device driver
Daniel P. Berrange
berrange at redhat.com
Wed Jun 19 17:00:57 UTC 2013
From: "Daniel P. Berrange" <berrange at redhat.com>
Insert calls to the ACL checking APIs in all node device
driver entrypoints.
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
src/Makefile.am | 4 +++-
src/node_device/node_device_driver.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 8e60612..c899001 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1360,7 +1360,9 @@ endif
libvirt_driver_nodedev_la_SOURCES = $(NODE_DEVICE_DRIVER_SOURCES)
libvirt_driver_nodedev_la_CFLAGS = \
- -I$(top_srcdir)/src/conf $(AM_CFLAGS)
+ -I$(top_srcdir)/src/access \
+ -I$(top_srcdir)/src/conf \
+ $(AM_CFLAGS)
libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_driver_nodedev_la_LIBADD =
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index 52586b8..67e90a1 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -38,6 +38,8 @@
#include "node_device_conf.h"
#include "node_device_hal.h"
#include "node_device_driver.h"
+#include "virutil.h"
+#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_NODEDEV
@@ -126,6 +128,9 @@ nodeNumOfDevices(virConnectPtr conn,
int ndevs = 0;
unsigned int i;
+ if (virNodeNumOfDevicesEnsureACL(conn) < 0)
+ return -1;
+
virCheckFlags(0, -1);
nodeDeviceLock(driver);
@@ -151,6 +156,9 @@ nodeListDevices(virConnectPtr conn,
int ndevs = 0;
unsigned int i;
+ if (virNodeListDevicesEnsureACL(conn) < 0)
+ return -1;
+
virCheckFlags(0, -1);
nodeDeviceLock(driver);
@@ -187,6 +195,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1);
+ if (virConnectListAllNodeDevicesEnsureACL(conn) < 0)
+ return -1;
+
nodeDeviceLock(driver);
ret = virNodeDeviceList(conn, driver->devs, devices, flags);
nodeDeviceUnlock(driver);
@@ -209,6 +220,9 @@ nodeDeviceLookupByName(virConnectPtr conn, const char *name)
goto cleanup;
}
+ if (virNodeDeviceLookupByNameEnsureACL(conn, obj->def) < 0)
+ goto cleanup;
+
ret = virGetNodeDevice(conn, name);
cleanup:
@@ -247,6 +261,10 @@ nodeDeviceLookupSCSIHostByWWN(virConnectPtr conn,
VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
if (STREQ(cap->data.scsi_host.wwnn, wwnn) &&
STREQ(cap->data.scsi_host.wwpn, wwpn)) {
+
+ if (virNodeDeviceLookupSCSIHostByWWNEnsureACL(conn, obj->def) < 0)
+ goto out;
+
dev = virGetNodeDevice(conn, obj->def->name);
virNodeDeviceObjUnlock(obj);
goto out;
@@ -286,6 +304,9 @@ nodeDeviceGetXMLDesc(virNodeDevicePtr dev,
goto cleanup;
}
+ if (virNodeDeviceGetXMLDescEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
update_driver_name(obj);
update_caps(obj);
@@ -316,6 +337,9 @@ nodeDeviceGetParent(virNodeDevicePtr dev)
goto cleanup;
}
+ if (virNodeDeviceGetParentEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
if (obj->def->parent) {
if (VIR_STRDUP(ret, obj->def->parent) < 0)
goto cleanup;
@@ -351,6 +375,9 @@ nodeDeviceNumOfCaps(virNodeDevicePtr dev)
goto cleanup;
}
+ if (virNodeDeviceNumOfCapsEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
for (caps = obj->def->caps; caps; caps = caps->next)
++ncaps;
ret = ncaps;
@@ -382,6 +409,9 @@ nodeDeviceListCaps(virNodeDevicePtr dev, char **const names, int maxnames)
goto cleanup;
}
+ if (virNodeDeviceListCapsEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
for (caps = obj->def->caps; caps && ncaps < maxnames; caps = caps->next) {
if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 0)
goto cleanup;
@@ -489,6 +519,9 @@ nodeDeviceCreateXML(virConnectPtr conn,
goto cleanup;
}
+ if (virNodeDeviceCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) {
goto cleanup;
}
@@ -542,6 +575,9 @@ nodeDeviceDestroy(virNodeDevicePtr dev)
goto out;
}
+ if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0)
+ goto out;
+
if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) {
goto out;
}
--
1.8.1.4
More information about the libvir-list
mailing list