From 20d8e1f1d7075cb93dadac87b35223490785350c Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Tue, 23 Apr 2013 11:56:22 +0100 Subject: [PATCH] Add ACL checks into the node device driver Insert calls to the ACL checking APIs in all node device driver entrypoints. Signed-off-by: Daniel P. Berrange --- src/Makefile.am | 4 +++- src/node_device/node_device_driver.c | 36 ++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/src/Makefile.am b/src/Makefile.am index d6451e9964..0a1bfbc10f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1357,7 +1357,9 @@ endif libvirt_driver_nodedev_la_SOURCES = $(NODE_DEVICE_DRIVER_SOURCES) libvirt_driver_nodedev_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_nodedev_la_LIBADD = diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c index 52586b898a..67e90a1207 100644 --- a/src/node_device/node_device_driver.c +++ b/src/node_device/node_device_driver.c @@ -38,6 +38,8 @@ #include "node_device_conf.h" #include "node_device_hal.h" #include "node_device_driver.h" +#include "virutil.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_NODEDEV @@ -126,6 +128,9 @@ nodeNumOfDevices(virConnectPtr conn, int ndevs = 0; unsigned int i; + if (virNodeNumOfDevicesEnsureACL(conn) < 0) + return -1; + virCheckFlags(0, -1); nodeDeviceLock(driver); @@ -151,6 +156,9 @@ nodeListDevices(virConnectPtr conn, int ndevs = 0; unsigned int i; + if (virNodeListDevicesEnsureACL(conn) < 0) + return -1; + virCheckFlags(0, -1); nodeDeviceLock(driver); @@ -187,6 +195,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1); + if (virConnectListAllNodeDevicesEnsureACL(conn) < 0) + return -1; + nodeDeviceLock(driver); ret = virNodeDeviceList(conn, driver->devs, devices, flags); nodeDeviceUnlock(driver); @@ -209,6 +220,9 @@ nodeDeviceLookupByName(virConnectPtr conn, const char *name) goto cleanup; } + if (virNodeDeviceLookupByNameEnsureACL(conn, obj->def) < 0) + goto cleanup; + ret = virGetNodeDevice(conn, name); cleanup: @@ -247,6 +261,10 @@ nodeDeviceLookupSCSIHostByWWN(virConnectPtr conn, VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) { if (STREQ(cap->data.scsi_host.wwnn, wwnn) && STREQ(cap->data.scsi_host.wwpn, wwpn)) { + + if (virNodeDeviceLookupSCSIHostByWWNEnsureACL(conn, obj->def) < 0) + goto out; + dev = virGetNodeDevice(conn, obj->def->name); virNodeDeviceObjUnlock(obj); goto out; @@ -286,6 +304,9 @@ nodeDeviceGetXMLDesc(virNodeDevicePtr dev, goto cleanup; } + if (virNodeDeviceGetXMLDescEnsureACL(dev->conn, obj->def) < 0) + goto cleanup; + update_driver_name(obj); update_caps(obj); @@ -316,6 +337,9 @@ nodeDeviceGetParent(virNodeDevicePtr dev) goto cleanup; } + if (virNodeDeviceGetParentEnsureACL(dev->conn, obj->def) < 0) + goto cleanup; + if (obj->def->parent) { if (VIR_STRDUP(ret, obj->def->parent) < 0) goto cleanup; @@ -351,6 +375,9 @@ nodeDeviceNumOfCaps(virNodeDevicePtr dev) goto cleanup; } + if (virNodeDeviceNumOfCapsEnsureACL(dev->conn, obj->def) < 0) + goto cleanup; + for (caps = obj->def->caps; caps; caps = caps->next) ++ncaps; ret = ncaps; @@ -382,6 +409,9 @@ nodeDeviceListCaps(virNodeDevicePtr dev, char **const names, int maxnames) goto cleanup; } + if (virNodeDeviceListCapsEnsureACL(dev->conn, obj->def) < 0) + goto cleanup; + for (caps = obj->def->caps; caps && ncaps < maxnames; caps = caps->next) { if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 0) goto cleanup; @@ -489,6 +519,9 @@ nodeDeviceCreateXML(virConnectPtr conn, goto cleanup; } + if (virNodeDeviceCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) { goto cleanup; } @@ -542,6 +575,9 @@ nodeDeviceDestroy(virNodeDevicePtr dev) goto out; } + if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0) + goto out; + if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) { goto out; } -- GitLab