提交 018b4ae1 编写于 作者: N Nikolay Shirokovskiy 提交者: Maxim Nestratov

vz: add ACL checks to API calls

  vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to
move removing domain from domain list from perform to confirm
step. This would further imply adding a flag and check that migration
is in progress to prohibit mistakenly (maliciously) removing domains
on confirm step. vz version of p2p also need to be fixed to include confirm step.
One would also need to add means to cleanup pending migration
on client disconnect as now is has state across several API
calls.

  On the other hand current version of confirm step is totaly
harmless thus it is easier to whitelist it at the moment.
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: NMaxim Nestratov <mnestratov@virtuozzo.com>
上级 0adc9d26
......@@ -659,6 +659,7 @@ STATEFUL_DRIVER_SOURCE_FILES = \
$(STORAGE_DRIVER_SOURCES) \
$(UML_DRIVER_SOURCES) \
$(XEN_DRIVER_SOURCES) \
$(VZ_DRIVER_SOURCES) \
$(NULL)
......@@ -1524,7 +1525,9 @@ else ! WITH_DRIVER_MODULES
noinst_LTLIBRARIES += libvirt_driver_vz.la
endif ! WITH_DRIVER_MODULES
libvirt_driver_vz_impl_la_CFLAGS = \
-I$(srcdir)/conf $(AM_CFLAGS) \
-I$(srcdir)/conf \
-I$(srcdir)/access \
$(AM_CFLAGS) \
$(PARALLELS_SDK_CFLAGS) $(LIBNL_CFLAGS)
libvirt_driver_vz_impl_la_SOURCES = $(VZ_DRIVER_SOURCES)
libvirt_driver_vz_impl_la_LIBADD = $(PARALLELS_SDK_LIBS) $(LIBNL_LIBS)
......
......@@ -73,6 +73,7 @@ my %implwhitelist = (
"xenUnifiedDomainIsPersistent" => 1,
"xenUnifiedDomainIsUpdated" => 1,
"xenUnifiedDomainOpenConsole" => 1,
"vzDomainMigrateConfirm3Params" => 1,
);
my %filterimplwhitelist = (
"xenUnifiedConnectListDomains" => 1,
......
......@@ -5824,13 +5824,13 @@ enum remote_procedure {
/**
* @generate: none
* @acl: none
* @acl: connect:getattr
*/
REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK = 360,
/**
* @generate: none
* @acl: none
* @acl: connect:getattr
*/
REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK = 361,
......
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册