Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt
提交 b1f3029a 编写于 作者: D Daniel P. Berrange
浏览文件
操作

Add access control filtering of node device objects 

Ensure that all APIs which list node device objects filter
them against the access control system.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 bbaa4e1c
显示空白变更内容
内联 并排
Showing with 33 addition and 21 deletion
src/conf/node_device_conf.c
浏览文件 @ b1f3029a
...@@ -1594,9 +1594,10 @@ virNodeDeviceMatch(virNodeDeviceObjPtr devobj, ...@@ -1594,9 +1594,10 @@ virNodeDeviceMatch(virNodeDeviceObjPtr devobj,
#undef MATCH #undef MATCH
int int
virNodeDeviceList(virConnectPtr conn, virNodeDeviceObjListExport(virConnectPtr conn,
virNodeDeviceObjList devobjs, virNodeDeviceObjList devobjs,
virNodeDevicePtr **devices, virNodeDevicePtr **devices,
virNodeDeviceObjListFilter filter,
unsigned int flags) unsigned int flags)
{ {
virNodeDevicePtr *tmp_devices = NULL; virNodeDevicePtr *tmp_devices = NULL;
...@@ -1615,7 +1616,8 @@ virNodeDeviceList(virConnectPtr conn, ...@@ -1615,7 +1616,8 @@ virNodeDeviceList(virConnectPtr conn,
for (i = 0; i < devobjs.count; i++) { for (i = 0; i < devobjs.count; i++) {
virNodeDeviceObjPtr devobj = devobjs.objs[i]; virNodeDeviceObjPtr devobj = devobjs.objs[i];
virNodeDeviceObjLock(devobj); virNodeDeviceObjLock(devobj);
if (virNodeDeviceMatch(devobj, flags)) { if ((!filter || filter(conn, devobj->def)) &&
virNodeDeviceMatch(devobj, flags)) {
if (devices) { if (devices) {
if (!(device = virGetNodeDevice(conn, if (!(device = virGetNodeDevice(conn,
devobj->def->name))) { devobj->def->name))) {
......
src/conf/node_device_conf.h
浏览文件 @ b1f3029a
...@@ -280,9 +280,13 @@ void virNodeDeviceObjUnlock(virNodeDeviceObjPtr obj); ...@@ -280,9 +280,13 @@ void virNodeDeviceObjUnlock(virNodeDeviceObjPtr obj);
VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPORTS | \ VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPORTS | \
VIR_CONNECT_LIST_NODE_DEVICES_CAP_SCSI_GENERIC) VIR_CONNECT_LIST_NODE_DEVICES_CAP_SCSI_GENERIC)
int virNodeDeviceList(virConnectPtr conn, typedef bool (*virNodeDeviceObjListFilter)(virConnectPtr conn,
virNodeDeviceDefPtr def);
int virNodeDeviceObjListExport(virConnectPtr conn,
virNodeDeviceObjList devobjs, virNodeDeviceObjList devobjs,
virNodeDevicePtr **devices, virNodeDevicePtr **devices,
virNodeDeviceObjListFilter filter,
unsigned int flags); unsigned int flags);
#endif /* __VIR_NODE_DEVICE_CONF_H__ */ #endif /* __VIR_NODE_DEVICE_CONF_H__ */
src/libvirt_private.syms
浏览文件 @ b1f3029a
...@@ -532,7 +532,7 @@ virNodeDeviceFindBySysfsPath; ...@@ -532,7 +532,7 @@ virNodeDeviceFindBySysfsPath;
virNodeDeviceGetParentHost; virNodeDeviceGetParentHost;
virNodeDeviceGetWWNs; virNodeDeviceGetWWNs;
virNodeDeviceHasCap; virNodeDeviceHasCap;
virNodeDeviceList; virNodeDeviceObjListExport;
virNodeDeviceObjListFree; virNodeDeviceObjListFree;
virNodeDeviceObjLock; virNodeDeviceObjLock;
virNodeDeviceObjRemove; virNodeDeviceObjRemove;
......
src/node_device/node_device_driver.c
浏览文件 @ b1f3029a
...@@ -140,11 +140,13 @@ nodeNumOfDevices(virConnectPtr conn, ...@@ -140,11 +140,13 @@ nodeNumOfDevices(virConnectPtr conn,
nodeDeviceLock(driver); nodeDeviceLock(driver);
for (i = 0; i < driver->devs.count; i++) { for (i = 0; i < driver->devs.count; i++) {
virNodeDeviceObjLock(driver->devs.objs[i]); virNodeDeviceObjPtr obj = driver->devs.objs[i];
if ((cap == NULL) || virNodeDeviceObjLock(obj);
virNodeDeviceHasCap(driver->devs.objs[i], cap)) if (virNodeNumOfDevicesCheckACL(conn, obj->def) &&
((cap == NULL) ||
virNodeDeviceHasCap(obj, cap)))
++ndevs; ++ndevs;
virNodeDeviceObjUnlock(driver->devs.objs[i]); virNodeDeviceObjUnlock(obj);
} }
nodeDeviceUnlock(driver); nodeDeviceUnlock(driver);
...@@ -168,15 +170,17 @@ nodeListDevices(virConnectPtr conn, ...@@ -168,15 +170,17 @@ nodeListDevices(virConnectPtr conn,
nodeDeviceLock(driver); nodeDeviceLock(driver);
for (i = 0; i < driver->devs.count && ndevs < maxnames; i++) { for (i = 0; i < driver->devs.count && ndevs < maxnames; i++) {
virNodeDeviceObjLock(driver->devs.objs[i]); virNodeDeviceObjPtr obj = driver->devs.objs[i];
if (cap == NULL || virNodeDeviceObjLock(obj);
virNodeDeviceHasCap(driver->devs.objs[i], cap)) { if (virNodeListDevicesCheckACL(conn, obj->def) &&
if (VIR_STRDUP(names[ndevs++], driver->devs.objs[i]->def->name) < 0) { (cap == NULL ||
virNodeDeviceObjUnlock(driver->devs.objs[i]); virNodeDeviceHasCap(obj, cap))) {
if (VIR_STRDUP(names[ndevs++], obj->def->name) < 0) {
virNodeDeviceObjUnlock(obj);
goto failure; goto failure;
} }
} }
virNodeDeviceObjUnlock(driver->devs.objs[i]); virNodeDeviceObjUnlock(obj);
} }
nodeDeviceUnlock(driver); nodeDeviceUnlock(driver);
...@@ -204,7 +208,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn, ...@@ -204,7 +208,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
return -1; return -1;
nodeDeviceLock(driver); nodeDeviceLock(driver);
ret = virNodeDeviceList(conn, driver->devs, devices, flags); ret = virNodeDeviceObjListExport(conn, driver->devs, devices,
virConnectListAllNodeDevicesCheckACL,
flags);
nodeDeviceUnlock(driver); nodeDeviceUnlock(driver);
return ret; return ret;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册