[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 16/19] Add ACL checks into the node device driver



From: "Daniel P. Berrange" <berrange redhat com>

Insert calls to the ACL checking APIs in all node device
driver entrypoints.

Signed-off-by: Daniel P. Berrange <berrange redhat com>
---
 src/Makefile.am                      |  4 +++-
 src/node_device/node_device_driver.c | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 8e60612..c899001 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1360,7 +1360,9 @@ endif
 libvirt_driver_nodedev_la_SOURCES = $(NODE_DEVICE_DRIVER_SOURCES)
 
 libvirt_driver_nodedev_la_CFLAGS = \
-		-I$(top_srcdir)/src/conf $(AM_CFLAGS)
+		-I$(top_srcdir)/src/access \
+		-I$(top_srcdir)/src/conf \
+		$(AM_CFLAGS)
 libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS)
 libvirt_driver_nodedev_la_LIBADD =
 
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index 52586b8..67e90a1 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -38,6 +38,8 @@
 #include "node_device_conf.h"
 #include "node_device_hal.h"
 #include "node_device_driver.h"
+#include "virutil.h"
+#include "viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_NODEDEV
 
@@ -126,6 +128,9 @@ nodeNumOfDevices(virConnectPtr conn,
     int ndevs = 0;
     unsigned int i;
 
+    if (virNodeNumOfDevicesEnsureACL(conn) < 0)
+        return -1;
+
     virCheckFlags(0, -1);
 
     nodeDeviceLock(driver);
@@ -151,6 +156,9 @@ nodeListDevices(virConnectPtr conn,
     int ndevs = 0;
     unsigned int i;
 
+    if (virNodeListDevicesEnsureACL(conn) < 0)
+        return -1;
+
     virCheckFlags(0, -1);
 
     nodeDeviceLock(driver);
@@ -187,6 +195,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
 
     virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1);
 
+    if (virConnectListAllNodeDevicesEnsureACL(conn) < 0)
+        return -1;
+
     nodeDeviceLock(driver);
     ret = virNodeDeviceList(conn, driver->devs, devices, flags);
     nodeDeviceUnlock(driver);
@@ -209,6 +220,9 @@ nodeDeviceLookupByName(virConnectPtr conn, const char *name)
         goto cleanup;
     }
 
+    if (virNodeDeviceLookupByNameEnsureACL(conn, obj->def) < 0)
+        goto cleanup;
+
     ret = virGetNodeDevice(conn, name);
 
 cleanup:
@@ -247,6 +261,10 @@ nodeDeviceLookupSCSIHostByWWN(virConnectPtr conn,
                     VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
                     if (STREQ(cap->data.scsi_host.wwnn, wwnn) &&
                         STREQ(cap->data.scsi_host.wwpn, wwpn)) {
+
+                        if (virNodeDeviceLookupSCSIHostByWWNEnsureACL(conn, obj->def) < 0)
+                            goto out;
+
                         dev = virGetNodeDevice(conn, obj->def->name);
                         virNodeDeviceObjUnlock(obj);
                         goto out;
@@ -286,6 +304,9 @@ nodeDeviceGetXMLDesc(virNodeDevicePtr dev,
         goto cleanup;
     }
 
+    if (virNodeDeviceGetXMLDescEnsureACL(dev->conn, obj->def) < 0)
+        goto cleanup;
+
     update_driver_name(obj);
     update_caps(obj);
 
@@ -316,6 +337,9 @@ nodeDeviceGetParent(virNodeDevicePtr dev)
         goto cleanup;
     }
 
+    if (virNodeDeviceGetParentEnsureACL(dev->conn, obj->def) < 0)
+        goto cleanup;
+
     if (obj->def->parent) {
         if (VIR_STRDUP(ret, obj->def->parent) < 0)
             goto cleanup;
@@ -351,6 +375,9 @@ nodeDeviceNumOfCaps(virNodeDevicePtr dev)
         goto cleanup;
     }
 
+    if (virNodeDeviceNumOfCapsEnsureACL(dev->conn, obj->def) < 0)
+        goto cleanup;
+
     for (caps = obj->def->caps; caps; caps = caps->next)
         ++ncaps;
     ret = ncaps;
@@ -382,6 +409,9 @@ nodeDeviceListCaps(virNodeDevicePtr dev, char **const names, int maxnames)
         goto cleanup;
     }
 
+    if (virNodeDeviceListCapsEnsureACL(dev->conn, obj->def) < 0)
+        goto cleanup;
+
     for (caps = obj->def->caps; caps && ncaps < maxnames; caps = caps->next) {
         if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 0)
             goto cleanup;
@@ -489,6 +519,9 @@ nodeDeviceCreateXML(virConnectPtr conn,
         goto cleanup;
     }
 
+    if (virNodeDeviceCreateXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) {
         goto cleanup;
     }
@@ -542,6 +575,9 @@ nodeDeviceDestroy(virNodeDevicePtr dev)
         goto out;
     }
 
+    if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0)
+        goto out;
+
     if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) {
         goto out;
     }
-- 
1.8.1.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]