[libvirt] [PATCH] * src/virterror.c (virErrorMsg): Correct indentation.
by Jim Meyering
Just correct bogus indentation.
>From dca64d37d946f73275fc5e8300e8cd29f34afd06 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 26 Jan 2009 14:44:22 +0100
Subject: [PATCH] * src/virterror.c (virErrorMsg): Correct indentation.
---
src/virterror.c | 84 +++++++++++++++++++++++++++---------------------------
1 files changed, 42 insertions(+), 42 deletions(-)
diff --git a/src/virterror.c b/src/virterror.c
index 9732eb4..0c66781 100644
--- a/src/virterror.c
+++ b/src/virterror.c
@@ -902,66 +902,66 @@ virErrorMsg(virErrorNumber error, const char *info)
else
errmsg = _("Network not found: %s");
break;
- case VIR_ERR_INVALID_MAC:
+ case VIR_ERR_INVALID_MAC:
if (info == NULL)
errmsg = _("invalid MAC address");
else
errmsg = _("invalid MAC address: %s");
break;
- case VIR_ERR_AUTH_FAILED:
+ case VIR_ERR_AUTH_FAILED:
if (info == NULL)
errmsg = _("authentication failed");
else
errmsg = _("authentication failed: %s");
break;
case VIR_ERR_NO_STORAGE_POOL:
- if (info == NULL)
- errmsg = _("Storage pool not found");
- else
- errmsg = _("Storage pool not found: %s");
- break;
+ if (info == NULL)
+ errmsg = _("Storage pool not found");
+ else
+ errmsg = _("Storage pool not found: %s");
+ break;
case VIR_ERR_NO_STORAGE_VOL:
- if (info == NULL)
- errmsg = _("Storage volume not found");
- else
- errmsg = _("Storage volume not found: %s");
- break;
+ if (info == NULL)
+ errmsg = _("Storage volume not found");
+ else
+ errmsg = _("Storage volume not found: %s");
+ break;
case VIR_ERR_INVALID_STORAGE_POOL:
- if (info == NULL)
- errmsg = _("invalid storage pool pointer in");
- else
- errmsg = _("invalid storage pool pointer in %s");
- break;
+ if (info == NULL)
+ errmsg = _("invalid storage pool pointer in");
+ else
+ errmsg = _("invalid storage pool pointer in %s");
+ break;
case VIR_ERR_INVALID_STORAGE_VOL:
- if (info == NULL)
- errmsg = _("invalid storage volume pointer in");
- else
- errmsg = _("invalid storage volume pointer in %s");
- break;
+ if (info == NULL)
+ errmsg = _("invalid storage volume pointer in");
+ else
+ errmsg = _("invalid storage volume pointer in %s");
+ break;
case VIR_WAR_NO_STORAGE:
- if (info == NULL)
- errmsg = _("Failed to find a storage driver");
- else
- errmsg = _("Failed to find a storage driver: %s");
- break;
+ if (info == NULL)
+ errmsg = _("Failed to find a storage driver");
+ else
+ errmsg = _("Failed to find a storage driver: %s");
+ break;
case VIR_WAR_NO_NODE:
- if (info == NULL)
- errmsg = _("Failed to find a node driver");
- else
- errmsg = _("Failed to find a node driver: %s");
- break;
+ if (info == NULL)
+ errmsg = _("Failed to find a node driver");
+ else
+ errmsg = _("Failed to find a node driver: %s");
+ break;
case VIR_ERR_INVALID_NODE_DEVICE:
- if (info == NULL)
- errmsg = _("invalid node device pointer");
- else
- errmsg = _("invalid node device pointer in %s");
- break;
+ if (info == NULL)
+ errmsg = _("invalid node device pointer");
+ else
+ errmsg = _("invalid node device pointer in %s");
+ break;
case VIR_ERR_NO_NODE_DEVICE:
- if (info == NULL)
- errmsg = _("Node device not found");
- else
- errmsg = _("Node device not found: %s");
- break;
+ if (info == NULL)
+ errmsg = _("Node device not found");
+ else
+ errmsg = _("Node device not found: %s");
+ break;
}
return (errmsg);
}
--
1.6.1.1.347.g3f81d
15 years, 10 months
- 2
- 1
[libvirt] [PATCH] xm_internal.c: fix locking bug: s/Unlock/Lock/
by Jim Meyering
Merge error?
I'll commit this in an hour or so.
>From e660e3353b468cb219208a1aba9f8eca456467dd Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Thu, 22 Jan 2009 20:08:55 +0100
Subject: [PATCH] xm_internal.c: fix locking bug: s/Unlock/Lock/
* src/xm_internal.c (xenXMDomainDefineXML): Release lock, (don't
try to acquire it) upon failure, just before returning.
---
src/xm_internal.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/xm_internal.c b/src/xm_internal.c
index 31f56b7..b420e80 100644
--- a/src/xm_internal.c
+++ b/src/xm_internal.c
@@ -2357,7 +2357,7 @@ virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml) {
if (!(def = virDomainDefParseString(conn, priv->caps, xml,
VIR_DOMAIN_XML_INACTIVE))) {
- xenUnifiedLock(priv);
+ xenUnifiedUnlock(priv);
return (NULL);
}
--
1.6.1.399.g0d272
15 years, 10 months
- 3
- 5
[libvirt] [PATCH] Quieten virsh schedinfo for shutoff domain
by john.levon@sun.com
# HG changeset patch
# User john.levon(a)sun.com
# Date 1232675291 28800
# Node ID 3ef027308b88b47b2f3ca721bf88f2e606d8e3bc
# Parent 903a29e99c80a35ce7f4754a3bcc3ab34bf32d8a
Quieten virsh schedinfo for shutoff domain
Quietly return failure for a shutoff domain in the sched params driver
routines.
Signed-off-by: John Levon <john.levon(a)sun.com>
diff --git a/src/xen_internal.c b/src/xen_internal.c
--- a/src/xen_internal.c
+++ b/src/xen_internal.c
@@ -1069,11 +1069,17 @@ xenHypervisorGetSchedulerType(virDomainP
}
priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
- if (priv->handle < 0 || domain->id < 0) {
+ if (priv->handle < 0) {
virXenErrorFunc(domain->conn, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
- "priv->handle or domain->id invalid", 0);
+ "priv->handle invalid", 0);
return NULL;
}
+
+ /*
+ * If it's not running, we can't help.
+ */
+ if (domain->id < 0)
+ return NULL;
/*
* Support only dom_interface_version >=5
@@ -1144,11 +1150,17 @@ xenHypervisorGetSchedulerParameters(virD
}
priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
- if (priv->handle < 0 || domain->id < 0) {
+ if (priv->handle < 0) {
virXenErrorFunc(domain->conn, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
- "priv->handle or domain->id invalid", 0);
+ "priv->handle invalid", 0);
return -1;
}
+
+ /*
+ * If it's not running, we can't help.
+ */
+ if (domain->id < 0)
+ return -1;
/*
* Support only dom_interface_version >=5
@@ -1242,11 +1254,17 @@ xenHypervisorSetSchedulerParameters(virD
}
priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
- if (priv->handle < 0 || domain->id < 0) {
+ if (priv->handle < 0) {
virXenErrorFunc (domain->conn, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
- "priv->handle or domain->id invalid", 0);
+ "priv->handle invalid", 0);
return -1;
}
+
+ /*
+ * If it's not running, we can't help.
+ */
+ if (domain->id < 0)
+ return -1;
/*
* Support only dom_interface_version >=5
15 years, 10 months
- 3
- 2
[libvirt] [PATCH] gnulib/tests: allow test-getaddrinfo to pass when offline
by Mark McLoughlin
Sometimes - yes, even in the latter part of the first decade
of the twenty first century - one doesn't have access to the
Internet while one is hacking.
Signed-off-by: Mark McLoughlin <markmc(a)redhat.com>
---
gnulib/tests/test-getaddrinfo.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/gnulib/tests/test-getaddrinfo.c b/gnulib/tests/test-getaddrinfo.c
index a887cb1..246021a 100644
--- a/gnulib/tests/test-getaddrinfo.c
+++ b/gnulib/tests/test-getaddrinfo.c
@@ -64,6 +64,11 @@ int simple (char *host, char *service)
if (res != 0)
{
+ /* EAI_AGAIN is returned if no network is available. Don't fail
+ the test merely because someone is down the country on their
+ in-law's farm. */
+ if (res == EAI_AGAIN)
+ return 0;
/* IRIX reports EAI_NONAME for "https". Don't fail the test
merely because of this. */
if (res == EAI_NONAME)
--
1.6.0.6
15 years, 10 months
- 3
- 2
[libvirt] libvirt-0.5.1: problems connecting qemu:///system
by Nikola Ciprich
Hello,
After upgrading to libvirt-0.5.1, I'm unable to connect to it.
virsh (as well as my own python code) always ends up with:
virsh -c qemu:///system
libvir: error : could not connect to qemu:///system
error: failed to connect to the hypervisor
I'm using 0.5.1 libvirt compiled with qemu support, on latest CentOS 5
I have
auth_unix_ro = "none"
auth_unix_rw = "none"
in config file.
When I run libvirtd -f /etc/libvirt/libvirtd.conf -v -l
and try to connect, I get:
EVENT: Poll got 1 event
EVENT: Dispatch 1 6 1 0x1efa5d0
EVENT: Add handle 12 13 0x40b9a0 0x1efa5d0
EVENT: Calculate expiry of 0 timers
EVENT: Timeout at 0 due in -1 ms
EVENT: Poll on 6 handles 0x1f358d0 timeout -1
EVENT: Poll got 1 event
EVENT: Dispatch 5 12 1 0x1efa5d0
EVENT: Remove handle 5
EVENT: mark delete 5 12
EVENT: Add handle 12 13 0x40b9a0 0x1efa5d0
EVENT: Remove handle 6
EVENT: mark delete 6 12
EVENT: Add handle 12 14 0x40b9a0 0x1efa5d0
EVENT: Calculate expiry of 0 timers
EVENT: Timeout at 0 due in -1 ms
EVENT: Poll on 6 handles 0x1f358d0 timeout -1
EVENT: Poll got 1 event
EVENT: Dispatch 7 12 4 0x1efa5d0
EVENT: Remove handle 7
EVENT: mark delete 5 12
EVENT: Add handle 12 13 0x40b9a0 0x1efa5d0
EVENT: Calculate expiry of 0 timers
EVENT: Timeout at 0 due in -1 ms
EVENT: Poll on 6 handles 0x1f358d0 timeout -1
EVENT: Poll got 1 event
EVENT: Dispatch 8 12 1 0x1efa5d0
EVENT: Remove handle 8
EVENT: mark delete 5 12
EVENT: Add handle 12 13 0x40b9a0 0x1efa5d0
libvir: error : could not connect to qemu:///system
EVENT: Remove handle 9
EVENT: mark delete 6 12
EVENT: Add handle 12 14 0x40b9a0 0x1efa5d0
EVENT: Calculate expiry of 0 timers
EVENT: Timeout at 0 due in -1 ms
EVENT: Poll on 6 handles 0x1f358d0 timeout -1
EVENT: Poll got 1 event
EVENT: Dispatch 10 12 4 0x1efa5d0
EVENT: Remove handle 10
EVENT: mark delete 5 12
EVENT: Add handle 12 13 0x40b9a0 0x1efa5d0
EVENT: Calculate expiry of 0 timers
EVENT: Timeout at 0 due in -1 ms
EVENT: Poll on 6 handles 0x1f358d0 timeout -1
EVENT: Poll got 1 event
EVENT: Dispatch 11 12 17 0x1efa5d0
EVENT: Remove handle 11
EVENT: mark delete 5 12
EVENT: Calculate expiry of 0 timers
EVENT: Timeout at 0 due in -1 ms
EVENT: Poll on 5 handles 0x1f3aa20 timeout -1
Could somebody give me a hint on what I'm doing wrong?
Thanks a lot in advance!
with best regards
nik
--
-------------------------------------
Nikola CIPRICH
LinuxBox.cz, s.r.o.
28. rijna 168, 709 01 Ostrava
tel.: +420 596 603 142
fax: +420 596 621 273
mobil: +420 777 093 799
www.linuxbox.cz
mobil servis: +420 737 238 656
email servis: servis(a)linuxbox.cz
-------------------------------------
15 years, 10 months
- 2
- 1
[libvirt] [PATCH] qemud: don't dereference NULL on failed virGetUserDirectory
by Jim Meyering
I spotted this while merging my unix_sock_dir changes:
>From 04373207bc838c31bd07596df3c676476e73c983 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Fri, 23 Jan 2009 13:59:28 +0100
Subject: [PATCH] qemud: don't dereference NULL on failed virGetUserDirectory
* qemud/qemud.c (qemudInitPaths): Check for OOM.
---
qemud/qemud.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/qemud/qemud.c b/qemud/qemud.c
index 55f31d5..84034f3 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -719,6 +719,10 @@ static int qemudInitPaths(struct qemud_server *server,
goto snprintf_error;
} else {
char *userdir = virGetUserDirectory(NULL, uid);
+ if (userdir == NULL) {
+ /* give no diagnostic here; virGetUserDirectory reports OOM */
+ return -1;
+ }
if (snprintf(sockname, maxlen, "@%s/.libvirt/libvirt-sock", userdir) >= maxlen) {
VIR_FREE(userdir);
--
1.6.1.354.gd9e51
15 years, 10 months
- 3
- 3
[libvirt] [Patch][RFC] Example policy files (3/3)
by Syunsuke HAYASHI
The policy checker employs two files. Role_definition.xml defines what
and how VMs a role is allowed to operate. User_definition.xml defines
what roles are available to a user. Operations are currently
represented by numbers. They are defined in src/xr_internal.h in
libvirt part, though it is hardly readable.
15 years, 10 months
- 1
- 0
[libvirt] [Patch][RFC] Access control library (2/3)
by Syunsuke HAYASHI
Policy checker and loader.
Some of the variables, functions, macros, and files have "xen" in their
names but they are never dedicated to Xen. Sorry for confusion. It is
just because our most important target was Xen in the early stage.
diff -r a4c4b2407117 -r d864c312eae4 domname_list.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/domname_list.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,119 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <stdlib.h>
+#include <string.h>
+#include "role_list.h"
+#include "domname_list.h"
+#include "xr_log.h"
+
+static void
+init_domname(domname *dn)
+{
+ strcpy(dn->value, "\n");
+ dn->next = NULL;
+}
+
+domname*
+new_domname(void)
+{
+ domname *dn;
+
+ DMSG(FUNC, "start\n");
+
+ dn = (domname *) malloc(sizeof(struct _domname));
+ if (!dn) {
+ EMSG("out of memory for domname\n");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate domname: %p\n", dn);
+
+ dn->value = (char *) malloc(XR_MAX_LENGTH_OF_DOMNAME * sizeof(char));
+ if (!dn->value) {
+ free(dn);
+ EMSG("out of memory for value of domname\n");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate value of domname: %p\n", dn->value);
+
+ init_domname(dn);
+ return dn;
+}
+
+static void
+free_domname(domname *dn)
+{
+ DMSG(FUNC, "start\n");
+
+ if (!dn)
+ return;
+
+ if (dn->value) {
+ DMSG(FUNC, "free value of domname: %p\n", dn->value);
+ free(dn->value);
+ }
+
+ DMSG(FUNC, "free domname: %p\n", dn);
+ free(dn);
+}
+
+void
+free_domname_list(role *r)
+{
+ domname *dn = r->managementVMList;
+ domname *dn_next = NULL;
+
+ DMSG(FUNC, "start\n");
+
+ while (dn) {
+ dn_next = dn;
+ free_domname(dn);
+ dn = dn_next;
+ }
+}
+
+void
+append_domname(role *r, domname *dn)
+{
+ DMSG(FUNC, "start\n");
+
+ dn->next = r->managementVMList;
+ r->managementVMList = dn;
+
+ r->domname_c++;
+}
+
+void
+show_domname_list(role *r)
+{
+ domname *dn = r->managementVMList;
+
+ while (dn) {
+ DMSG(" domname : %p\n", dn);
+ DMSG(" value : %s\n", dn->value);
+ DMSG(" next : %p\n", dn->next);
+ dn = dn->next;
+ }
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 domname_list.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/domname_list.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,42 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __DOMNAME_LIST_H__
+#define __DOMNAME_LIST_H__
+#define XR_MAX_LENGTH_OF_DOMNAME 100
+
+typedef struct _domname domname;
+struct _domname {
+ char *value;
+ struct _domname *next;
+};
+struct _role;
+
+domname *new_domname(void);
+void free_domname_list(struct _role *r);
+void append_domname(struct _role *r, domname *dn);
+void show_domname_list(struct _role *r);
+
+#endif /* __DOMNAME_LIST_H */
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 opeid_list.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/opeid_list.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,105 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <stdlib.h>
+#include "role_list.h"
+#include "opeid_list.h"
+#include "xr_log.h"
+
+static void
+init_opeid_data(opeid_data *op)
+{
+ op->value = 0;
+ op->next = NULL;
+}
+
+opeid_data*
+new_opeid_data(void)
+{
+ opeid_data *op;
+
+ DMSG(FUNC, "start\n");
+
+ op = (opeid_data *) malloc(sizeof(struct _opeid_data));
+ if (!op) {
+ EMSG("out of memory for opeid_data");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate opeid_data: %p\n", op);
+
+ init_opeid_data(op);
+ return op;
+}
+
+static void
+free_opeid_data(opeid_data *op)
+{
+ DMSG(FUNC, "start\n");
+
+ if (!op)
+ return;
+
+ DMSG(FUNC, "free opeid_data: %p\n", op);
+ free(op);
+}
+
+void
+free_opeid_data_list(role *r)
+{
+ opeid_data *op = r->acceptOperationList;
+ opeid_data *op_next;
+
+ DMSG(FUNC, "start\n");
+
+ while (op) {
+ op_next = op->next;
+ free_opeid_data(op);
+ op = op_next;
+ }
+}
+
+void
+append_opeid_data(role *r, opeid_data *op)
+{
+ DMSG(FUNC, "start\n");
+
+ op->next = r->acceptOperationList;
+ r->acceptOperationList = op;
+
+ r->opeid_c++;
+}
+
+void
+show_opeid_data_list(role *r)
+{
+ opeid_data *op = r->acceptOperationList;
+
+ while (op) {
+ DMSG(" opeid_data : %p\n", op);
+ DMSG(" value : %d\n", op->value);
+ DMSG(" next : %p\n", op->next);
+ op = op->next;
+ }
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 opeid_list.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/opeid_list.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,41 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __OPEID_LIST_H__
+#define __OPEID_LIST_H__
+
+typedef struct _opeid_data opeid_data;
+struct _opeid_data {
+ int value;
+ struct _opeid_data *next;
+};
+struct _role;
+
+opeid_data *new_opeid_data(void);
+void free_opeid_data_list(struct _role *r);
+void append_opeid_data(struct _role *r, opeid_data *op);
+void show_opeid_data_list(struct _role *r);
+
+#endif /* __OPEID_LIST_H */
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 python/xen/lowlevel/xr/xr.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/python/xen/lowlevel/xr/xr.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,99 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <Python.h>
+#include "xenrbac.h"
+
+#define PKG "xen.lowlevel.xr"
+static PyObject *xr_error_obj;
+
+static PyObject*
+pyxr_error_to_exception(int result)
+{
+ PyObject *pyerr;
+
+ if (result == XR_ACCEPT){
+ Py_DECREF(xr_error_obj);
+ return NULL;
+ }
+
+ pyerr = Py_BuildValue("s",strerror(result));
+ PyErr_SetObject(xr_error_obj,pyerr);
+ Py_DECREF(pyerr);
+
+ return NULL;
+}
+
+static PyObject*
+pyxr_judge(PyObject* self, PyObject* args)
+{
+ int result = XR_ACCEPT;
+ static char formats[] = "zizi";
+ PyObject *username, *opeid, *domainname, *all_flag;
+
+ if (!PyArg_ParseTuple(args, formats,
+ &username, &opeid, &domainname, &all_flag))
+ goto error;
+
+ if ((result = xr_judge( (char *)username , (int)opeid,
+ (char *)domainname, (int)all_flag)))
+ goto error;
+
+ return Py_BuildValue("i",result);
+
+ error:
+
+ return pyxr_error_to_exception(result);
+
+}
+
+static PyMethodDef xr_funcs[] = {
+ {"xr_judge",
+ (PyCFunction)pyxr_judge,
+ METH_VARARGS,
+ "xr_judge() does the access judgement.\n"
+ "user name [str]\n"
+ "operation number [int]\n"
+ "domain name [str]\n"
+ "all flag [int]\n"
+ "Returns [int]:judged result. \n"},
+
+ {NULL, NULL, 0, NULL}
+};
+
+void
+initxr(void)
+{
+ PyObject *m;
+
+ if (!(m = Py_InitModule("xr",xr_funcs)))
+ return;
+
+ xr_error_obj = PyErr_NewException(PKG".Libxenrbac_Error",
+ PyExc_RuntimeError, NULL);
+ Py_INCREF(xr_error_obj);
+ PyModule_AddObject(m,"Libxenrbac_Error",xr_error_obj);
+
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 rolePolicyDefinition.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rolePolicyDefinition.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,506 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <string.h>
+#include <errno.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include "userinfo.h"
+#include "role_list.h"
+#include "rolePolicyDefinition.h"
+#include "xr.h"
+#include "xr_log.h"
+
+static xmlNodePtr getXPathNode(const char *xpath, xmlXPathContextPtr ctxt);
+static int searchRole(userInfo *ui, xmlNodePtr node);
+static int searchPolicyID(role *r, xmlNodePtr node);
+static int searchManageVM(role *r, xmlNodePtr node);
+static int searchVM(role *r, xmlNodePtr node);
+static int makeStructDomname(role *r, xmlChar *attr);
+static int searchControlOperation(role *r, xmlNodePtr node);
+static int searchAccept(role *r, xmlNodePtr node);
+static int searchOperation(role *r, xmlNodePtr node);
+static int makeStructOpeid(role *r, int opeid);
+
+#define EMSG_XML(_a...) \
+ do { \
+ EMSG("%s parsing failed. (%s)\n", ROLE_POLICY_FILENAME, _a); \
+ } while (0)
+
+int
+readRolePolicyDefinition(userInfo *ui)
+{
+ xmlDoc *doc = NULL;
+ xmlXPathContextPtr ctxt = NULL;
+ xmlNodePtr r_node = NULL;
+
+ int rc = 0;
+ char fileName[strlen(XENRBAC_POLICY_PATHNAME) + strlen(ROLE_POLICY_FILENAME) + 1];
+
+ strcpy(fileName, XENRBAC_POLICY_PATHNAME);
+ strcat(fileName, ROLE_POLICY_FILENAME);
+
+ doc = xmlReadFile(fileName, NULL, XML_PARSE_NOBLANKS);
+ if (!doc) {
+ EMSG("%s reading or parsing failed(%m)\n",
+ ROLE_POLICY_FILENAME);
+ rc = errno;
+ goto error;
+ }
+
+ ctxt = xmlXPathNewContext(doc);
+ if (!ctxt) {
+ EMSG_XML("ctxt is NULL");
+ rc = EINVAL;
+ goto error;
+ }
+
+ r_node = getXPathNode("/RolePolicyDefinition/RoleDefinition/Role", ctxt);
+ if (!r_node) {
+ EMSG_XML("/RolePolicyDefinition/RoleDefinition/Role is not defined");
+ rc = EINVAL;
+ goto error;
+ }
+
+ if (!(rc = searchRole(ui, r_node)))
+ goto cleanup;
+
+error:
+ DMSG(FUNC, "error in readRolePolicyDefinition\n");
+
+cleanup:
+ DMSG(FUNC, "cleanup in readRolePolicyDefinition\n");
+ //free the document
+ /*
+ *Free the global variables that may
+ *have been allocated by the parser.
+ */
+ xmlCleanupParser();
+
+ if (ctxt)
+ xmlXPathFreeContext(ctxt);
+ if (doc)
+ xmlFreeDoc(doc);
+
+ return rc;
+}
+
+static xmlNodePtr
+getXPathNode(const char *xpath, xmlXPathContextPtr ctxt)
+{
+ xmlXPathObjectPtr obj = NULL;
+ xmlNodePtr ret = NULL;
+
+ if ((ctxt == NULL) || (xpath == NULL))
+ return NULL;
+
+ obj = xmlXPathEval(BAD_CAST xpath, ctxt);
+ if ((obj == NULL) ||
+ (obj->type != XPATH_NODESET) ||
+ (obj->nodesetval == NULL) ||
+ (obj->nodesetval->nodeNr <= 0) ||
+ (obj->nodesetval->nodeTab == NULL)) {
+ xmlXPathFreeObject(obj);
+ return NULL;
+ }
+
+ ret = obj->nodesetval->nodeTab[0];
+ xmlXPathFreeObject(obj);
+
+ return ret;
+}
+
+static int
+searchRole(userInfo *ui, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ int rc;
+ size_t len;
+ role *r;
+
+ DMSG("%S(%d) %S\n",__func__,__LINE__,"searchRole start\n");
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "Role", sizeof("Role")))
+ continue;
+
+ attr = xmlGetProp(c_node, "name");
+ if (!attr) {
+ EMSG_XML("name in /RolePolicyDefinition/Role is not defined");
+ return EINVAL;
+ }
+
+ len = strlen(attr);
+ if (len >= XR_MAX_LENGTH_OF_ROLENAME) {
+ EMSG_XML("name in /RolePolicyDefinition/Role is long");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ for (r = ui->roleList; r; r = r->next) {
+ if (strcmp(r->roleName, (char *) attr))
+ continue;
+
+ if (r->parsed_Role) {
+ EMSG_XML("multiple roles with same name are defined");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ if ((rc = searchPolicyID(r, c_node->children))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ if ((rc = searchManageVM(r, c_node->children))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ if ((rc = searchControlOperation(r, c_node->children))) {
+ xmlFree(attr);
+ return rc;
+
+ r->parsed_Role = 1;
+
+ break;
+ }
+ }
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+searchPolicyID(role *r, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ size_t len;
+ int rc;
+
+ DMSG("%S(%d) %S\n",__func__,__LINE__,"searchPolidyID start\n");
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "PolicyID", sizeof("PolicyID")))
+ continue;
+
+ if (r->parsed_PolicyID) {
+ EMSG_XML("multiple /RolePolicyDefinition/Role/PolicyID is defined for the role");
+ return EINVAL;
+ }
+
+ attr = xmlGetProp(c_node, "id");
+
+ if (!attr) {
+ EMSG_XML("type in /RolePolicyDefinition/Role/PolicyID is not defined");
+ return EINVAL;
+ }
+
+ len = strlen(attr);
+ if (len >= XR_MAX_LENGTH_OF_PolicyID) {
+ EMSG_XML("name in /RolePolicyDefinition/PolidyID is long");
+ xmlFree(attr);
+ return EINVAL;
+ }
+ r->parsed_PolicyID = 1;
+
+ strcpy(r->policyID, (char *) attr);
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+searchManageVM(role *r, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ int rc;
+
+ DMSG("%S(%d) %S\n",__func__,__LINE__,"searchManagerVM start\n");
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "ManageVM", sizeof("ManageVM")))
+ continue;
+
+ if (r->parsed_ManageVM) {
+ EMSG_XML("multiple /RolePolicyDefinition/Role/ManageVMs are defined for the role");
+ return EINVAL;
+ }
+
+ attr = xmlGetProp(c_node, "type");
+
+ if (!attr) {
+ EMSG_XML("type in /RolePolicyDefinition/Role/ManageVM is not defined");
+ return EINVAL;
+ }
+
+ if (!strncmp(attr, "individual", sizeof("individual"))) {
+
+ r->managementVMType = XR_VMTYPE_INDIVIDUAL;
+
+ if ((rc = searchVM(r, c_node->children))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ } else if (!strncmp(attr, "whole", sizeof("whole"))) {
+
+ r->managementVMType = XR_VMTYPE_WHOLE;
+
+ } else {
+
+ EMSG_XML("type in /RolePolicyDefinition/Role/ManageVM is wrong");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ r->parsed_ManageVM = 1;
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+searchVM(role *r, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ int rc;
+ size_t len;
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "VM", sizeof("VM")))
+ continue;
+
+ attr = xmlGetProp(c_node, "name");
+ if (!attr) {
+ EMSG_XML("name in /RolePolicyDefinition/Role/ManageVM/VM is not defined");
+ return EINVAL;
+ }
+
+ len = strlen(attr);
+ if (len >= XR_MAX_LENGTH_OF_DOMNAME) {
+ EMSG_XML("name in /RolePolicyDefinition/Role/ManageVM/VM is long");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ if ((rc = makeStructDomname(r, attr))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+makeStructDomname(role *r, xmlChar *attr)
+{
+ domname *dn;
+
+ DMSG(FUNC, "management domain name = %s\n", attr);
+
+ for (dn = r->managementVMList; dn; dn = dn->next) {
+ if (!strcmp(dn->value, (char *) attr)) {
+ EMSG_XML("same domain name is defined for the role");
+ return EINVAL;
+ }
+ }
+
+ if (r->domname_c >= XR_NR_DOMNAME_LISTS) {
+ EMSG_XML("too many /RolePolicyDefinition/Role/ManageVM/VM");
+ return EINVAL;
+ }
+
+ if (!(dn = new_domname()))
+ return ENOMEM;
+
+ strcpy(dn->value, (char *) attr);
+ append_domname(r, dn);
+
+ return 0;
+}
+
+static int
+searchControlOperation(role *r, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+
+ int rc;
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "ControlOperation", sizeof("ControlOperation")))
+ continue;
+
+ if (r->parsed_ControlOpe) {
+ EMSG_XML("multiple /RolePolicyDefinition/Role/ControlOperations are defined for the role");
+ return EINVAL;
+ }
+
+ if ((rc = searchAccept(r, c_node->children)))
+ return rc;
+
+ r->parsed_ControlOpe = 1;
+ }
+
+ return 0;
+}
+
+static int
+searchAccept(role* r, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+
+ int rc;
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "Accept", sizeof("Accept")))
+ continue;
+
+ if (r->parsed_Accept) {
+ EMSG_XML("multiple /RolePolicyDefinition/Role/ControlOperation/Accepts are defined for the role");
+ return EINVAL;
+ }
+
+ if ((rc = searchOperation(r, c_node->children)))
+ return rc;
+
+ r->parsed_Accept = 1;
+ }
+
+ return 0;
+}
+
+static int
+searchOperation(role* r, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ int rc;
+ long int long_id;
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "operation", sizeof("operation")))
+ continue;
+
+ attr = xmlGetProp(c_node, "id");
+ if (!attr) {
+ EMSG_XML("id in /RolePolicyDefinition/Role/ControlOperation/Accept/operation is not defined");
+ return EINVAL;
+ }
+
+ errno = 0;
+ long_id = strtol((char *) attr, NULL, 10);
+ if (errno) {
+ EMSG_XML("id in /RolePolicyDefinition/Role/ControlOperation/Accept/operation is invalid");
+ xmlFree(attr);
+ return errno;
+ }
+
+ if (long_id < 0 ||
+ long_id > XR_MAX_OPEID) {
+ EMSG_XML("id in /RolePolicyDefinition/Role/ControlOperation/Accept/operation is invalid");
+ xmlFree(attr);
+ return errno;
+ }
+
+ if ((rc = makeStructOpeid(r, (int) long_id))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+makeStructOpeid(role *r, int opeid)
+{
+ opeid_data *opd;
+
+ DMSG(FUNC, "id = %d\n", opeid);
+ /*
+ for (opd = r->acceptOperationList; opd; opd = opd->next) {
+ if (opd->value == opeid) {
+ EMSG_XML("same operation id is defined for the role");
+ return EINVAL;
+ }
+ }
+ */
+
+ if (r->opeid_c >= XR_NR_OPEID_LISTS) {
+ EMSG_XML("too many /RolePolicyDefinition/Role/ControlOperation/Accept/operation");
+ return EINVAL;
+ }
+
+ if (!(opd = new_opeid_data()))
+ return ENOMEM;
+
+ opd->value = opeid;
+ append_opeid_data(r, opd);
+
+ return 0;
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 rolePolicyDefinition.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rolePolicyDefinition.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,27 @@
+/*
+ Copyright (C) 200 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __ROLE_POLICY_DEFINITION_H__
+#define __ROLE_POLICY_DEFINITION_H__
+
+#include "userinfo.h"
+
+int readRolePolicyDefinition(userInfo *ui);
+
+#endif /*__ROLE_POLICY_DEFINITION_H__ */
diff -r a4c4b2407117 -r d864c312eae4 role_list.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/role_list.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,152 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*
+/
+#include <stdlib.h>
+#include <string.h>
+#include "userinfo.h"
+#include "role_list.h"
+#include "xr_log.h"
+
+static void
+init_role(role *r)
+{
+ strcpy(r->roleName, "");
+ r->managementVMType = XR_VMTYPE_UNKNOWN;
+ r->acceptOperationList = NULL;
+ r->opeid_c = 0;
+ strcpy(r->policyID, "");
+ r->managementVMList = NULL;
+ r->domname_c = 0;
+ r->next = NULL;
+ r->parsed_Role = 0;
+ r->parsed_PolicyID = 0;
+ r->parsed_ManageVM = 0;
+ r->parsed_ControlOpe = 0;
+ r->parsed_Accept = 0;
+}
+
+role*
+new_role(void)
+{
+ role *r;
+
+ DMSG(FUNC, "start\n");
+
+ r = (role *) malloc(sizeof(struct _role));
+ if (!r) {
+ EMSG("out of memory for role\n");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate role: %p\n", r);
+
+ r->roleName = (char *) malloc(XR_MAX_LENGTH_OF_ROLENAME * sizeof(char));
+ if (!r->roleName) {
+ free(r);
+ EMSG("out of memory for roleName\n");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate roleName: %p\n", r->roleName);
+
+ r->policyID = (char *) malloc(XR_MAX_LENGTH_OF_PolicyID * sizeof(char));
+ if (!r->policyID) {
+ free(r);
+ EMSG("out of memory for policyID\n");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate policyID: %p\n", r->policyID);
+
+ init_role(r);
+ return r;
+}
+
+static void
+free_role(role *r)
+{
+ DMSG(FUNC, "start\n");
+
+ if (!r)
+ return;
+
+ if (r->roleName) {
+ DMSG(FUNC, "free roleName: %p\n", r->roleName);
+ free(r->roleName);
+ }
+ if (r->policyID) {
+ DMSG(FUNC, "free policyID: %p\n", r->policyID);
+ free(r->policyID);
+ }
+ if (r->acceptOperationList)
+ free_opeid_data_list(r);
+ if (r->managementVMList)
+ free_domname_list(r);
+
+ DMSG(FUNC, "free role: %p\n", r);
+ free(r);
+}
+
+void
+free_role_list(userInfo *ui)
+{
+ role *r = ui->roleList;
+ role *r_next;
+
+ DMSG(FUNC, "start\n");
+
+ while (r) {
+ r_next = r->next;
+ free_role(r);
+ r = r_next;
+ }
+}
+
+void
+append_role(userInfo *ui, role *r)
+{
+ DMSG(FUNC, "start\n");
+
+ r->next = ui->roleList;
+ ui->roleList = r;
+
+ ui->role_c++;
+}
+
+void
+show_role_list(userInfo *ui)
+{
+ role *r = ui->roleList;
+
+ while (r) {
+ DMSG(" role : %p\n", r);
+ DMSG(" roleName : %s\n", r->roleName);
+ DMSG(" policyID : %s\n", r->policyID);
+ DMSG(" managementVMType : %d\n", r->managementVMType);
+ DMSG(" next : %p\n", r->next);
+ DMSG(" opeid_c : %d\n", r->opeid_c);
+ show_opeid_data_list(r);
+ DMSG(" domname_c : %d\n", r->domname_c);
+ show_domname_list(r);
+ r = r->next;
+ }
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 role_list.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/role_list.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,68 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+#ifndef __ROLE_LIST_H__
+#define __ROLE_LIST_H__
+
+#include "opeid_list.h"
+#include "domname_list.h"
+
+#define XR_NR_DOMNAME_LISTS 1000
+#define XR_NR_OPEID_LISTS 1000
+
+#define XR_MAX_LENGTH_OF_ROLENAME 100
+#define XR_MAX_LENGTH_OF_PolicyID 37
+
+enum manageVMType {
+ XR_VMTYPE_UNKNOWN = 0,
+ XR_VMTYPE_WHOLE = 1,
+ XR_VMTYPE_INDIVIDUAL = 2
+};
+
+typedef struct _role role;
+struct _role {
+ char *roleName;
+ char *policyID;
+ enum manageVMType managementVMType;
+ opeid_data *acceptOperationList;
+ int opeid_c;
+ domname *managementVMList;
+ int domname_c;
+ struct _role *next;
+ int parsed_Role;
+ int parsed_PolicyID;
+ int parsed_ManageVM;
+ int parsed_ControlOpe;
+ int parsed_Accept;
+};
+struct _userInfo;
+
+role *new_role(void);
+void free_role_list(struct _userInfo *ui);
+void append_role(struct _userInfo *ui, role *r);
+void show_role_list(struct _userInfo *ui);
+
+#endif /* __ROLE_LIST_H */
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 rsyslog.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rsyslog.conf Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,47 @@
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.* /dev/console
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+
+*.info;mail.none;authpriv.none;cron.none /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.* /var/log/secure
+
+# Log all the mail messages in one place.
+mail.* -/var/log/maillog
+
+# Log cron stuff
+cron.* /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg *
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.* /var/log/boot.log
+
+#################################################
+# For Xen-RBAC 2008/06/27
+#################################################
+$umask 0000
+$CreateDirs on
+$RepeatedMsgReduction off
+
+$template templateXenRBAC,"%msg%\n"
+$template fileNameXenRBAC, "/var/log/xen-audit/audit-xen-rbac.log"
+
+$DirOwner root
+$DirGroup log-admin
+$DirCreateMode 0750
+
+$FileOwner root
+$FileGroup log-admin
+$FileCreateMode 0640
+
+:syslogtag,isequal,"xenrbac"
+auth.info ?fileNameXenRBAC;templateXenRBAC
diff -r a4c4b2407117 -r d864c312eae4 userConfiguration.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/userConfiguration.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,248 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <string.h>
+#include <errno.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include "userinfo.h"
+#include "role_list.h"
+#include "xr.h"
+#include "xr_log.h"
+
+static int searchUser(userInfo *ui, xmlNodePtr node);
+static int searchUserRole(userInfo *ui, xmlNodePtr node);
+static int makeStructRole(userInfo *ui, xmlChar *attr);
+static xmlNodePtr getXPathNode(const char *xpath, xmlXPathContextPtr ctxt);
+
+#define EMSG_XML(_a...) \
+ do { \
+ EMSG("%s parsing failed. (%s)\n", USER_CONFIG_FILENAME, _a); \
+ } while (0)
+
+int
+readUserConfiguration(userInfo *ui)
+{
+ xmlDoc *doc = NULL;
+ xmlXPathContextPtr ctxt = NULL;
+ xmlNodePtr node = NULL;
+
+ int rc = 0;
+ char fileName[strlen(XENRBAC_POLICY_PATHNAME) + strlen(USER_CONFIG_FILENAME) + 1];
+
+ strcpy(fileName, XENRBAC_POLICY_PATHNAME);
+ strcat(fileName, USER_CONFIG_FILENAME);
+
+ doc = xmlReadFile(fileName, NULL, XML_PARSE_NOBLANKS);
+ if (!doc) {
+ EMSG("%s reading or parsing failed (%m)\n",
+ USER_CONFIG_FILENAME);
+ rc = errno;
+ goto error;
+ }
+
+ ctxt = xmlXPathNewContext(doc);
+ if (!ctxt) {
+ EMSG_XML("ctxt is NULL");
+ rc = EINVAL;
+ goto error;
+ }
+
+ node = getXPathNode("/UserConfiguration/User", ctxt);
+ if (!node) {
+ EMSG_XML("/UserConfiguration/User is not defined");
+ rc = EINVAL;
+ goto error;
+ }
+
+ if (!(rc = searchUser(ui, node)))
+ goto cleanup;
+
+error:
+ DMSG(FUNC, "error in readUserConfiguration\n");
+
+cleanup:
+ DMSG(FUNC, "cleanup in readUserConfiguration\n");
+ //free the document
+ /*
+ *Free the global variables that may
+ *have been allocated by the parser.
+ */
+ xmlCleanupParser();
+
+ if (ctxt)
+ xmlXPathFreeContext(ctxt);
+ if (doc)
+ xmlFreeDoc(doc);
+
+ return rc;
+}
+
+static xmlNodePtr
+getXPathNode(const char *xpath, xmlXPathContextPtr ctxt)
+{
+ xmlXPathObjectPtr obj = NULL;
+ xmlNodePtr ret = NULL;
+
+ if ((ctxt == NULL) || (xpath == NULL))
+ return NULL;
+
+ obj = xmlXPathEval(BAD_CAST xpath, ctxt);
+ if ((obj == NULL) ||
+ (obj->type != XPATH_NODESET) ||
+ (obj->nodesetval == NULL) ||
+ (obj->nodesetval->nodeNr <= 0) ||
+ (obj->nodesetval->nodeTab == NULL)) {
+ xmlXPathFreeObject(obj);
+ return NULL;
+ }
+
+ ret = obj->nodesetval->nodeTab[0];
+ xmlXPathFreeObject(obj);
+
+ return ret;
+}
+
+static int
+searchUser(userInfo *ui, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ int rc;
+ size_t len;
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "User", sizeof("User")))
+ continue;
+
+ attr = xmlGetProp(c_node, "name");
+ if (!attr) {
+ EMSG_XML("name in /UserConfiguration/User is not defined");
+ return EINVAL;
+ }
+
+ len = strlen((char *) attr);
+ if (len >= XR_MAX_LENGTH_OF_USERNAME) {
+ EMSG_XML("name in /UserConfiguration/User is long");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ if (strncmp((char *) attr, ui->userName, XR_MAX_LENGTH_OF_USERNAME)) {
+ xmlFree(attr);
+ continue;
+ }
+
+ if (ui->parsed_User) {
+ EMSG("multiple /UserConfiguration/Users are defined for the user");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ if ((rc = searchUserRole(ui, c_node->children))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ ui->parsed_User = 1;
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+searchUserRole(userInfo *ui, xmlNodePtr node)
+{
+ xmlNodePtr c_node;
+ xmlChar *attr;
+
+ int rc;
+ size_t len;
+
+ for (c_node = node; c_node; c_node = c_node->next) {
+ if (c_node->type != XML_ELEMENT_NODE)
+ continue;
+
+ if (strncmp(c_node->name, "UserRole", sizeof("UserRole")))
+ continue;
+
+ attr = xmlGetProp(c_node, "role");
+ if (!attr) {
+ EMSG_XML("role in /UserConfiguration/User/UserRole is not defined");
+ return EINVAL;
+ }
+
+ len = strlen((char *) attr);
+ if (len >= XR_MAX_LENGTH_OF_ROLENAME) {
+ EMSG_XML("role in /UserConfiguration/User/UserRole is long");
+ xmlFree(attr);
+ return EINVAL;
+ }
+
+ if ((rc = makeStructRole(ui, attr))) {
+ xmlFree(attr);
+ return rc;
+ }
+
+ xmlFree(attr);
+ }
+
+ return 0;
+}
+
+static int
+makeStructRole(userInfo *ui, xmlChar *attr)
+{
+ role *r;
+
+ DMSG(FUNC, "role = %s\n", (char *) attr);
+
+ for (r = ui->roleList; r; r = r->next) {
+ if (!strcmp(r->roleName, (char *) attr)) {
+ EMSG_XML("same role is defined for the user");
+ return EINVAL;
+ }
+ }
+
+ if (ui->role_c >= XR_NR_ROLE_LISTS) {
+ EMSG_XML("too many /UserConfiguration/User/UserRole for the user");
+ return EINVAL;
+ }
+
+ if (!(r = new_role()))
+ return ENOMEM;
+
+ strcpy(r->roleName, (char *) attr);
+ append_role(ui, r);
+
+ return 0;
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 userConfiguration.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/userConfiguration.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,33 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __USER_CONFIGULATION_H_
+#define __USER_CONFIGULATION_H_
+
+#include "userinfo.h"
+
+int readUserConfiguration(userInfo *userInfo);
+
+#endif
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 userinfo.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/userinfo.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,79 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <stdlib.h>
+#include <string.h>
+#include "userinfo.h"
+#include "xr_log.h"
+
+static void
+init_UserInfo(userInfo* ui)
+{
+ strcpy(ui->userName, "\n");
+ ui->roleList = NULL;
+ ui->role_c = 0;
+ ui->parsed_User = 0;
+}
+
+userInfo*
+new_UserInfo(void)
+{
+ userInfo *ui;
+
+ DMSG(FUNC, "start\n");
+
+ ui = (userInfo *) malloc(sizeof(struct _userInfo));
+ if (!ui) {
+ EMSG("out of memory for userInfo\n");
+ return NULL;
+ }
+ DMSG(FUNC, "allocate userInfo: %p\n", ui);
+
+ init_UserInfo(ui);
+ return ui;
+}
+
+void
+free_UserInfo(userInfo *ui)
+{
+ DMSG(FUNC, "start\n");
+
+ if (!ui) {
+ if (!ui->roleList)
+ free_role_list(ui);
+
+ DMSG(FUNC, "free userInfo: %p\n", ui);
+ free(ui);
+ }
+}
+
+void
+show_UserInfo(userInfo *ui)
+{
+ DMSG("userInfo : %p", ui);
+ DMSG(" user : %s", ui->userName);
+ DMSG(" role_c : %d", ui->role_c);
+ show_role_list(ui);
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 userinfo.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/userinfo.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,46 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __USERINFO_H__
+#define __USERINFO_H__
+
+#include "role_list.h"
+
+#define XR_MAX_LENGTH_OF_USERNAME 32
+#define XR_NR_ROLE_LISTS 1000
+
+typedef struct _userInfo userInfo;
+struct _userInfo {
+ char userName[XR_MAX_LENGTH_OF_USERNAME];
+ struct _role *roleList;
+ int role_c;
+ int parsed_User;
+};
+
+userInfo *new_UserInfo(void);
+void free_UserInfo(userInfo *ui);
+void show_UserInfo(userInfo *ui);
+
+#endif /*__USERINFO_H__*/
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 xenrbac.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xenrbac.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,325 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+#include "userinfo.h"
+#include "role_list.h"
+#include "domname_list.h"
+#include "opeid_list.h"
+#include "rolePolicyDefinition.h"
+#include "userConfiguration.h"
+#include "xenrbac.h"
+#include "xr.h"
+#include "xr_log.h"
+
+static void
+getTime(char *outstr, int size){
+
+ time_t t;
+ struct tm *tmp;
+ char *format = "%FT%T%z";
+
+ t = time(NULL);
+ tmp = localtime(&t);
+ if (tmp == NULL) {
+ perror("localtime\n");
+ outstr = NULL; }
+
+ if (strftime(outstr, size, format, tmp) == 0) {
+ fprintf(stderr, "strftime returned 0\n");
+ outstr = NULL; }
+}
+
+static void
+outputlog(char *user, char *arguments, char *judgedMsg, char *policyID, char *message){
+
+ char time[40];
+ char *host = getenv("HOSTNAME");
+ char *compo = "xen-rbac";
+ char *action = "Execute";
+
+ if (!host)
+ host = "";
+ getTime(time, sizeof(time));
+
+ if (!message) {
+ AUDITMSG("\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"\n",
+ time,
+ user,
+ host,
+ arguments,
+ action,
+ judgedMsg,
+ policyID,
+ compo
+ );
+ } else {
+ AUDITMSG("\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"\n",
+ time,
+ user,
+ host,
+ arguments,
+ action,
+ judgedMsg,
+ policyID,
+ compo,
+ message
+ );
+
+ }
+}
+
+static int
+searchOperationID(int opeid, role *r)
+{
+ opeid_data *opd;
+
+ for (opd = r->acceptOperationList; opd; opd = opd->next) {
+ if (opd->value == opeid)
+ return XR_ACCEPT;
+ }
+
+ return XR_DENY;
+}
+
+static int
+searchManagementVM(char *domainname, role *r)
+{
+ domname *dn = NULL;
+
+ for (dn = r->managementVMList; dn; dn = dn->next)
+ if (domainname &&
+ !strcmp(dn->value, domainname))
+ return XR_ACCEPT;
+
+ return XR_DENY;
+}
+
+int
+check_args_username(char *un)
+{
+ size_t len_un;
+
+ if (!un) {
+ EMSG("username is NULL\n");
+ return EINVAL;
+ }
+
+ len_un = strlen(un);
+ if (len_un == 0) {
+ EMSG("username is none\n");
+ return EINVAL;
+ }
+ if (len_un >= XR_MAX_LENGTH_OF_USERNAME) {
+ EMSG("username is long\n");
+ return EINVAL;
+ }
+
+ return 0;
+}
+
+int
+check_args_opeid(int op)
+{
+ if (op < XR_MIN_OPEID) {
+ EMSG("opeid is out of range\n");
+ return EINVAL;
+ }
+
+ return 0;
+}
+
+int
+check_args_domainname(char *dn)
+{
+ size_t len_dn;
+
+ if (!dn)
+ return 0;
+
+ len_dn = strlen(dn);
+ /*
+ if (len_dn == 0) {
+ EMSG("domainname is none\n");
+ return EINVAL;
+ }*/
+ if (len_dn >= XR_MAX_LENGTH_OF_DOMNAME) {
+ EMSG("domainname is long\n");
+ return EINVAL;
+ }
+
+ return 0;
+}
+
+int
+check_args_flag_all(int f)
+{
+ if (f != XR_ALL &&
+ f != XR_ANY) {
+ EMSG("flag_all is invalid\n");
+ return EINVAL;
+ }
+
+ return 0;
+}
+
+int
+check_args(char *username, int opeid, char *domainname, int flag_all)
+{
+ int rc;
+
+ if ((rc = check_args_username(username)))
+ return rc;
+ if ((rc = check_args_opeid(opeid)))
+ return rc;
+ if ((rc = check_args_domainname(domainname)))
+ return rc;
+ if ((rc = check_args_flag_all(flag_all)))
+ return rc;
+
+ return 0;
+}
+
+int
+xr_judge(char *username, int opeid, char *domainname, int flag_all)
+{
+ int rc = XR_ACCEPT;
+
+ userInfo *ui = NULL;
+ role *r = NULL;
+ char arg[100];
+ char message[100];
+
+ init_xenrbac_log();
+
+ if ((rc = check_args(username, opeid, domainname, flag_all)))
+ goto error;
+
+ if (domainname)
+ sprintf(arg, "OperationID:%d;Flag:%d;VMName:%s", opeid, flag_all, domainname);
+ else
+ sprintf(arg, "OperationID:%d;Flag:%d;VMName:%s", opeid, flag_all, "");
+
+ if (!(ui = new_UserInfo())) {
+ rc = ENOMEM;
+ goto error;
+ }
+ strncpy(ui->userName, username, XR_MAX_LENGTH_OF_USERNAME);
+
+ if ((rc = readUserConfiguration(ui)))
+ goto error;
+ show_UserInfo(ui);
+
+ if ((rc = readRolePolicyDefinition(ui)))
+ goto error;
+ show_UserInfo(ui);
+
+ //When user don't have role
+ if (!(r = ui->roleList)) {
+ outputlog(username, arg, "deny", "", "role is none");
+ goto access_deny;
+ }
+
+ if (flag_all) {
+ for (r = ui->roleList; r ; r = r->next) {
+ if (r->managementVMType != XR_VMTYPE_WHOLE) {
+ sprintf(message, "ManagementVMType:whole is not found in role");
+ outputlog(username, arg, "deny", r->policyID, message);
+ continue;
+ }
+ if (searchOperationID(opeid, r) == XR_ACCEPT) {
+ goto access_accept;
+ } else {
+ sprintf(message, "OperationID:%d is not found in role", opeid);
+ outputlog(username, arg, "deny", r->policyID, message);
+ }
+ }
+
+ goto access_deny;
+ }
+
+ for (r = ui->roleList; r ; r = r->next) {
+ if (r->managementVMType == XR_VMTYPE_INDIVIDUAL) {
+ if(searchManagementVM(domainname, r) == XR_DENY) {
+ sprintf(message, "ManagementVM:%s is not found in role", domainname);
+ outputlog(username, arg, "deny", r->policyID, message);
+ continue;
+ }
+ if (searchOperationID(opeid, r) == XR_ACCEPT) {
+ goto access_accept;
+ } else {
+ sprintf(message, "OperationID:%d is not found in role", opeid);
+ outputlog(username, arg, "deny", r->policyID, message);
+ continue;
+ }
+ } else if (r->managementVMType == XR_VMTYPE_WHOLE) {
+ if (searchOperationID(opeid, r) == XR_ACCEPT) {
+ goto access_accept;
+ } else {
+ sprintf(message, "OperationID:%d is not found in role", opeid);
+ outputlog(username, arg, "deny", r->policyID, message);
+ continue;
+ }
+ }
+ }
+
+ goto access_deny;
+
+error:
+ DMSG("error error_no = %d\n", rc);
+
+ if (rc == XR_ACCEPT) {
+ EMSG("return code is not set");
+ rc = XR_DENY;
+ }
+ goto cleanup;
+
+access_deny:
+ DMSG("judged result is DENY\n");
+
+ rc = XR_DENY;
+ goto cleanup;
+
+access_accept:
+ DMSG("judged result is ACCEPT\n");
+ outputlog(username, arg, "allow", r->policyID, NULL);
+
+ rc = XR_ACCEPT;
+ goto cleanup;
+
+cleanup:
+ DMSG("%s(%d) : %s", __func__, __LINE__, "cleannup\n");
+
+ if (ui)
+ free_UserInfo(ui);
+
+ end_xenrbac_log();
+
+ return rc;
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 xenrbac.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xenrbac.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,39 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __XENRBAC_H__
+#define __XENRBAC_H__
+
+#include <errno.h>
+
+int xr_judge(char *username, int opeid, char *domainname, int flag_all);
+
+#define XR_ANY 0
+#define XR_ALL 1
+
+#define XR_ACCEPT 0
+#define XR_DENY EPERM
+
+#endif /*__XENRBAC_H__*/
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 xr.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xr.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,39 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __XR_H__
+#define __XR_H__
+
+#define XENRBAC_POLICY_PATHNAME "/etc/xen/role/"
+#define USER_CONFIG_FILENAME "user_define.xml"
+#define ROLE_POLICY_FILENAME "role_define.xml"
+
+#define XR_OPEID_COMMAND_INVALID -1
+#define XR_OPEID_COMMAND_XM 0
+#define XR_MIN_OPEID -1
+#define XR_MAX_OPEID 83
+#define XR_NR_OPEIDS 84
+
+#endif /*__XR_H__*/
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 xr_log.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xr_log.c Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,48 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#include <stdlib.h>
+#include <syslog.h>
+#include "xr.h"
+#include "xr_log.h"
+
+int XENRBAC_DEBUG = 0;
+
+void
+init_xenrbac_log(void)
+{
+ openlog("xenrbac", LOG_PID, LOG_AUTHPRIV);
+
+ if (getenv("XENRBAC_DEBUG")) {
+ XENRBAC_DEBUG = 1;
+ DMSG("start with debug mode\n");
+ }
+}
+
+void
+end_xenrbac_log(void)
+{
+ closelog();
+}
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r a4c4b2407117 -r d864c312eae4 xr_log.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xr_log.h Fri Jan 23 04:39:58 2009 +0900
@@ -0,0 +1,60 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __XR_LOG_H__
+#define __XR_LOG_H__
+
+#include <syslog.h>
+
+extern int XENRBAC_DEBUG;
+
+void init_xenrbac_log(void);
+void end_xenrbac_log(void);
+
+#define FUNC "%s: ", __func__
+#define LINE "%s: ", __LINE__
+
+#define AUDITMSG(_a...) \
+ do { \
+ syslog(LOG_AUTH|LOG_INFO, _a); \
+ } while (0)
+
+#define EMSG(_a...) \
+ do { \
+ syslog(LOG_AUTHPRIV|LOG_ERR, _a); \
+ } while (0)
+
+#define IMSG(_a...) \
+ do { \
+ syslog(LOG_AUTHPRIV|LOG_INFO, _a); \
+ } while (0)
+
+#define DMSG(_a...) \
+ do { \
+ if (XENRBAC_DEBUG) \
+ syslog(LOG_AUTHPRIV|LOG_INFO, _a); \
+ } while (0)
+
+#endif /*__XR_LOG_H__*/
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
15 years, 10 months
- 1
- 0
[libvirt] [Patch][RFC] Embedding hooks in libvirt (1/3)
by Syunsuke HAYASHI
This should be applied to libvirt-0.4.0. It is a bit old one, sorry, but
this patch is just hooking around. So I think I can merge it to latest
libvirt with a little effort.
Please note that uid is essential for access control and the uid is
available only in a local machine. For this reason, our access control
takes effect only in a local machine by virsh. This means that
remotely connecting to libvirtd is currently out of scope.
diff -r d5dbadfb6161 -r 62d2ebb8d23b configure
--- a/configure Wed Apr 02 13:13:06 2008 +0900
+++ b/configure Tue Jan 27 03:13:46 2009 +0900
@@ -35181,7 +35181,12 @@
sysconfdir='/etc'
fi
-
+# Check whether --with-rbac was given.
+if test "${with_rbac+set}" = set; then
+ withval=$with_rbac;
+else
+ with_rbac=no
+fi
# Check whether --with-xen was given.
if test "${with_xen+set}" = set; then
@@ -39753,6 +39758,9 @@
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
DEFS=-DHAVE_CONFIG_H
+if test "$with_rbac" = "yes" ; then
+ DEFS="$DEFS -DRBAC"
+fi
ac_libobjs=
ac_ltlibobjs=
@@ -41743,6 +41751,9 @@
{ echo "$as_me:$LINENO: polkit: no" >&5
echo "$as_me: polkit: no" >&6;}
fi
+{ echo "$as_me:$LINENO: RBAC: $with_rbac" >&5
+echo "$as_me: RBAC: $with_rbac" >&6;}
+
{ echo "$as_me:$LINENO: " >&5
echo "$as_me: " >&6;}
{ echo "$as_me:$LINENO: Miscellaneous" >&5
diff -r d5dbadfb6161 -r 62d2ebb8d23b include/libvirt/libvirt.h
--- a/include/libvirt/libvirt.h Wed Apr 02 13:13:06 2008 +0900
+++ b/include/libvirt/libvirt.h Tue Jan 27 03:13:46 2009 +0900
@@ -514,6 +514,11 @@
char * virDomainGetXMLDesc (virDomainPtr domain,
int flags);
+#ifdef RBAC
+char * virDomainGetXMLDesc_XRBAC (int op_id,
+ virDomainPtr domain,
+ int flags);
+#endif
int virDomainBlockStats (virDomainPtr dom,
const char *path,
virDomainBlockStatsPtr stats,
@@ -697,6 +702,11 @@
char **const names,
int maxnames);
+#ifdef RBAC
+int virConnectListNetworks_QEMUD (virConnectPtr conn,
+ char **const names,
+ int maxnames);
+#endif
/*
* List inactive networks
*/
@@ -705,6 +715,11 @@
char **const names,
int maxnames);
+#ifdef RBAC
+int virConnectListDefinedNetworks_QEMUD (virConnectPtr conn,
+ char **const names,
+ int maxnames);
+#endif
/*
* Lookup network by name or uuid
*/
@@ -721,26 +736,43 @@
virNetworkPtr virNetworkCreateXML (virConnectPtr conn,
const char *xmlDesc);
+#ifdef RBAC
+virNetworkPtr virNetworkCreateXML_QEMUD (virConnectPtr conn,
+ const char *xmlDesc);
+#endif
/*
* Define inactive persistent network
*/
virNetworkPtr virNetworkDefineXML (virConnectPtr conn,
const char *xmlDesc);
+#ifdef RBAC
+virNetworkPtr virNetworkDefineXML_QEMUD (virConnectPtr conn,
+ const char *xml);
+#endif
/*
* Delete persistent network
*/
int virNetworkUndefine (virNetworkPtr network);
+#ifdef RBAC
+int virNetworkUndefine_QEMUD (virNetworkPtr network);
+#endif
/*
* Activate persistent network
*/
int virNetworkCreate (virNetworkPtr network);
+#ifdef RBAC
+int virNetworkCreate_QEMUD (virNetworkPtr network);
+#endif
/*
* Network destroy/free
*/
int virNetworkDestroy (virNetworkPtr network);
+#ifdef RBAC
+int virNetworkDestroy_QEMUD (virNetworkPtr network);
+#endif
int virNetworkFree (virNetworkPtr network);
/*
@@ -753,12 +785,20 @@
char *buf);
char * virNetworkGetXMLDesc (virNetworkPtr network,
int flags);
+#ifdef RBAC
+char * virNetworkGetXMLDesc_QEMUD (virNetworkPtr network,
+ int flags);
+#endif
char * virNetworkGetBridgeName (virNetworkPtr network);
int virNetworkGetAutostart (virNetworkPtr network,
int *autostart);
int virNetworkSetAutostart (virNetworkPtr network,
int autostart);
+#ifdef RBAC
+int virNetworkSetAutostart_QEMUD (virNetworkPtr network,
+ int autostart);
+#endif
#ifdef __cplusplus
}
diff -r d5dbadfb6161 -r 62d2ebb8d23b include/libvirt/libvirt.h.in
--- a/include/libvirt/libvirt.h.in Wed Apr 02 13:13:06 2008 +0900
+++ b/include/libvirt/libvirt.h.in Tue Jan 27 03:13:46 2009 +0900
@@ -514,6 +514,11 @@
char * virDomainGetXMLDesc (virDomainPtr domain,
int flags);
+#ifdef RBAC
+char * virDomainGetXMLDesc_XRBAC (int op_id,
+ virDomainPtr domain,
+ int flags);
+#endif
int virDomainBlockStats (virDomainPtr dom,
const char *path,
virDomainBlockStatsPtr stats,
@@ -697,6 +702,11 @@
char **const names,
int maxnames);
+#ifdef RBAC
+int virConnectListNetworks_QEMUD (virConnectPtr conn,
+ char **const names,
+ int maxnames);
+#endif
/*
* List inactive networks
*/
@@ -705,6 +715,11 @@
char **const names,
int maxnames);
+#ifdef RBAC
+int virConnectListDefinedNetworks_QEMUD (virConnectPtr conn,
+ char **const names,
+ int maxnames);
+#endif
/*
* Lookup network by name or uuid
*/
@@ -721,26 +736,43 @@
virNetworkPtr virNetworkCreateXML (virConnectPtr conn,
const char *xmlDesc);
+#ifdef RBAC
+virNetworkPtr virNetworkCreateXML_QEMUD (virConnectPtr conn,
+ const char *xmlDesc);
+#endif
/*
* Define inactive persistent network
*/
virNetworkPtr virNetworkDefineXML (virConnectPtr conn,
const char *xmlDesc);
+#ifdef RBAC
+virNetworkPtr virNetworkDefineXML_QEMUD (virConnectPtr conn,
+ const char *xml);
+#endif
/*
* Delete persistent network
*/
int virNetworkUndefine (virNetworkPtr network);
+#ifdef RBAC
+int virNetworkUndefine_QEMUD (virNetworkPtr network);
+#endif
/*
* Activate persistent network
*/
int virNetworkCreate (virNetworkPtr network);
+#ifdef RBAC
+int virNetworkCreate_QEMUD (virNetworkPtr network);
+#endif
/*
* Network destroy/free
*/
int virNetworkDestroy (virNetworkPtr network);
+#ifdef RBAC
+int virNetworkDestroy_QEMUD (virNetworkPtr network);
+#endif
int virNetworkFree (virNetworkPtr network);
/*
@@ -753,12 +785,20 @@
char *buf);
char * virNetworkGetXMLDesc (virNetworkPtr network,
int flags);
+#ifdef RBAC
+char * virNetworkGetXMLDesc_QEMUD (virNetworkPtr network,
+ int flags);
+#endif
char * virNetworkGetBridgeName (virNetworkPtr network);
int virNetworkGetAutostart (virNetworkPtr network,
int *autostart);
int virNetworkSetAutostart (virNetworkPtr network,
int autostart);
+#ifdef RBAC
+int virNetworkSetAutostart_QEMUD (virNetworkPtr network,
+ int autostart);
+#endif
#ifdef __cplusplus
}
diff -r d5dbadfb6161 -r 62d2ebb8d23b include/libvirt/virterror.h
--- a/include/libvirt/virterror.h Wed Apr 02 13:13:06 2008 +0900
+++ b/include/libvirt/virterror.h Tue Jan 27 03:13:46 2009 +0900
@@ -54,6 +54,9 @@
VIR_FROM_OPENVZ, /* Error from OpenVZ driver */
VIR_FROM_XENXM, /* Error at Xen XM layer */
VIR_FROM_STATS_LINUX, /* Error in the Linux Stats code */
+#ifdef RBAC
+ VIR_FROM_XENRBAC, /* Error form Xen RBAC */
+#endif
} virErrorDomain;
@@ -132,6 +135,9 @@
VIR_ERR_NO_NETWORK, /* network not found */
VIR_ERR_INVALID_MAC, /* invalid MAC adress */
VIR_ERR_AUTH_FAILED, /* authentication failed */
+#ifdef RBAC
+ VIR_ERR_PERMISSION, /* operation not permitted */
+#endif
} virErrorNumber;
/**
diff -r d5dbadfb6161 -r 62d2ebb8d23b libvirt.pc
--- a/libvirt.pc Wed Apr 02 13:13:06 2008 +0900
+++ b/libvirt.pc Tue Jan 27 03:13:46 2009 +0900
@@ -1,4 +1,4 @@
-prefix=/usr
+prefix=/usr/local
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include
diff -r d5dbadfb6161 -r 62d2ebb8d23b libvirt.spec
--- a/libvirt.spec Wed Apr 02 13:13:06 2008 +0900
+++ b/libvirt.spec Tue Jan 27 03:13:46 2009 +0900
@@ -1,17 +1,14 @@
# -*- rpm-spec -*-
-%if "%{fedora}" >= "8"
-%define with_polkit 1
-%define with_proxy no
-%else
+# For Xen RBAC 20080910
%define with_polkit 0
%define with_proxy yes
-%endif
+%define with_rbac yes
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.4.0
-Release: 1
+Release: 1%{?dist}
License: LGPL
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
@@ -35,6 +32,7 @@
Requires: PolicyKit >= 0.6
%endif
BuildRequires: xen-devel
+BuildRequires: libxenrbac >= 2.0.0
BuildRequires: libxml2-devel
BuildRequires: readline-devel
BuildRequires: ncurses-devel
@@ -85,7 +83,8 @@
%configure --with-init-script=redhat \
--with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid \
--with-remote-file=%{_localstatedir}/run/libvirtd.pid \
- --with-xen-proxy=%{with_proxy}
+ --with-xen-proxy=%{with_proxy} \
+ --with-rbac=%{with_rbac}
make
%install
diff -r d5dbadfb6161 -r 62d2ebb8d23b libvirt.spec.in
--- a/libvirt.spec.in Wed Apr 02 13:13:06 2008 +0900
+++ b/libvirt.spec.in Tue Jan 27 03:13:46 2009 +0900
@@ -1,17 +1,14 @@
# -*- rpm-spec -*-
-%if "%{fedora}" >= "8"
-%define with_polkit 1
-%define with_proxy no
-%else
+# For Xen RBAC 20080910
%define with_polkit 0
%define with_proxy yes
-%endif
+%define with_rbac yes
Summary: Library providing a simple API virtualization
Name: libvirt
Version: @VERSION@
-Release: 1
+Release: 1%{?dist}
License: LGPL
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
@@ -35,6 +32,7 @@
Requires: PolicyKit >= 0.6
%endif
BuildRequires: xen-devel
+BuildRequires: libxenrbac >= 2.0.0
BuildRequires: libxml2-devel
BuildRequires: readline-devel
BuildRequires: ncurses-devel
@@ -85,7 +83,8 @@
%configure --with-init-script=redhat \
--with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid \
--with-remote-file=%{_localstatedir}/run/libvirtd.pid \
- --with-xen-proxy=%{with_proxy}
+ --with-xen-proxy=%{with_proxy} \
+ --with-rbac=%{with_rbac}
make
%install
diff -r d5dbadfb6161 -r 62d2ebb8d23b proxy/libvirt_proxy.c
--- a/proxy/libvirt_proxy.c Wed Apr 02 13:13:06 2008 +0900
+++ b/proxy/libvirt_proxy.c Tue Jan 27 03:13:46 2009 +0900
@@ -363,6 +363,9 @@
virProxyPacketPtr req = (virProxyPacketPtr) &request;
int ret;
char *xml, *ostype;
+#ifdef RBAC
+ char *sched_type;
+#endif /* RBAC */
retry:
ret = read(pollInfos[nr].fd, req, sizeof(virProxyPacket));
@@ -662,6 +665,28 @@
free(ostype);
}
break;
+#ifdef RBAC
+ case VIR_PROXY_GET_SCHEDTYPE:
+ if (req->len != sizeof(virProxyPacket))
+ goto comm_error;
+ sched_type = xenHypervisorGetSchedType(conn, &request.extra.arg[0]);
+ if (!sched_type) {
+ req->data.arg = -1;
+ req->len = sizeof (virProxyPacket);
+ } else {
+ int type_len = strlen(sched_type);
+ if (type_len > (int) sizeof (request.extra.str)) {
+ req->data.arg = -2;
+ req->len = sizeof (virProxyPacket);
+ } else {
+ req->data.arg = 0;
+ memmove (&request.extra.str[4], sched_type, type_len);
+ req->len = sizeof (virProxyPacket) + sizeof(int) + type_len;
+ }
+ free (sched_type);
+ }
+ break;
+#endif /* RBAC */
default:
goto comm_error;
}
diff -r d5dbadfb6161 -r 62d2ebb8d23b qemud/qemud.c
--- a/qemud/qemud.c Wed Apr 02 13:13:06 2008 +0900
+++ b/qemud/qemud.c Tue Jan 27 03:13:46 2009 +0900
@@ -73,7 +73,11 @@
static char *tcp_port = (char *) LIBVIRTD_TCP_PORT;
static gid_t unix_sock_gid = 0; /* Only root by default */
+#ifdef RBAC
+static int unix_sock_rw_mask = 0777; /* Allow world */
+#else
static int unix_sock_rw_mask = 0700; /* Allow user only */
+#endif
static int unix_sock_ro_mask = 0777; /* Allow world */
#if HAVE_POLKIT
diff -r d5dbadfb6161 -r 62d2ebb8d23b qemud/remote.c
--- a/qemud/remote.c Wed Apr 02 13:13:06 2008 +0900
+++ b/qemud/remote.c Tue Jan 27 03:13:46 2009 +0900
@@ -1705,9 +1705,15 @@
/* Allocate return buffer. */
ret->names.names_val = calloc (args->maxnames, sizeof (*(ret->names.names_val)));
+#ifdef RBAC
+ ret->names.names_len =
+ virConnectListDefinedNetworks_QEMUD (client->conn,
+ ret->names.names_val, args->maxnames);
+#else
ret->names.names_len =
virConnectListDefinedNetworks (client->conn,
ret->names.names_val, args->maxnames);
+#endif
if (ret->names.names_len == -1) return -1;
return 0;
@@ -1756,9 +1762,15 @@
/* Allocate return buffer. */
ret->names.names_val = calloc (args->maxnames, sizeof (*(ret->names.names_val)));
+#ifdef RBAC
+ ret->names.names_len =
+ virConnectListNetworks_QEMUD (client->conn,
+ ret->names.names_val, args->maxnames);
+#else
ret->names.names_len =
virConnectListNetworks (client->conn,
ret->names.names_val, args->maxnames);
+#endif
if (ret->names.names_len == -1) return -1;
return 0;
@@ -1780,10 +1792,17 @@
return -2;
}
+#ifdef RBAC
+ if (virNetworkCreate_QEMUD (net) == -1) {
+ virNetworkFree(net);
+ return -1;
+ }
+#else
if (virNetworkCreate (net) == -1) {
virNetworkFree(net);
return -1;
}
+#endif
virNetworkFree(net);
return 0;
}
@@ -1798,7 +1817,11 @@
virNetworkPtr net;
CHECK_CONN(client);
+#ifdef RBAC
+ net = virNetworkCreateXML_QEMUD (client->conn, args->xml);
+#else
net = virNetworkCreateXML (client->conn, args->xml);
+#endif
if (net == NULL) return -1;
make_nonnull_network (&ret->net, net);
@@ -1816,7 +1839,11 @@
virNetworkPtr net;
CHECK_CONN(client);
+#ifdef RBAC
+ net = virNetworkDefineXML_QEMUD (client->conn, args->xml);
+#else
net = virNetworkDefineXML (client->conn, args->xml);
+#endif
if (net == NULL) return -1;
make_nonnull_network (&ret->net, net);
@@ -1840,10 +1867,17 @@
return -2;
}
+#ifdef RBAC
+ if (virNetworkDestroy_QEMUD (net) == -1) {
+ virNetworkFree(net);
+ return -1;
+ }
+#else
if (virNetworkDestroy (net) == -1) {
virNetworkFree(net);
return -1;
}
+#endif
virNetworkFree(net);
return 0;
}
@@ -1865,7 +1899,11 @@
}
/* remoteDispatchClientRequest will free this. */
+#ifdef RBAC
+ ret->xml = virNetworkGetXMLDesc_QEMUD (net, args->flags);
+#else
ret->xml = virNetworkGetXMLDesc (net, args->flags);
+#endif
if (!ret->xml) {
virNetworkFree(net);
return -1;
@@ -1976,10 +2014,17 @@
return -2;
}
+#ifdef RBAC
+ if (virNetworkSetAutostart_QEMUD (net, args->autostart) == -1) {
+ virNetworkFree(net);
+ return -1;
+ }
+#else
if (virNetworkSetAutostart (net, args->autostart) == -1) {
virNetworkFree(net);
return -1;
}
+#endif
virNetworkFree(net);
return 0;
}
@@ -2000,10 +2045,17 @@
return -2;
}
+#ifdef RBAC
+ if (virNetworkUndefine_QEMUD (net) == -1) {
+ virNetworkFree(net);
+ return -1;
+ }
+#else
if (virNetworkUndefine (net) == -1) {
virNetworkFree(net);
return -1;
}
+#endif
virNetworkFree(net);
return 0;
}
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/Makefile.in
--- a/src/Makefile.in Wed Apr 02 13:13:06 2008 +0900
+++ b/src/Makefile.in Tue Jan 27 03:13:46 2009 +0900
@@ -122,7 +122,8 @@
libvirt_la-iptables.lo libvirt_la-uuid.lo \
libvirt_la-qemu_driver.lo libvirt_la-qemu_conf.lo \
libvirt_la-openvz_conf.lo libvirt_la-openvz_driver.lo \
- libvirt_la-nodeinfo.lo libvirt_la-util.lo
+ libvirt_la-nodeinfo.lo libvirt_la-util.lo \
+ libvirt_la-xenrbac_libvirt.lo
am__objects_2 = libvirt_la-remote_protocol.lo
am_libvirt_la_OBJECTS = $(am__objects_1) $(am__objects_2)
libvirt_la_OBJECTS = $(am_libvirt_la_OBJECTS)
@@ -359,6 +360,7 @@
LIBVIRT_VERSION_NUMBER = @LIBVIRT_VERSION_NUMBER@
LIBXML_CFLAGS = @LIBXML_CFLAGS@
LIBXML_LIBS = @LIBXML_LIBS@
+LIBXENRBAC = -lxenrbac
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
@@ -569,7 +571,8 @@
openvz_conf.c openvz_conf.h \
openvz_driver.c openvz_driver.h \
nodeinfo.h nodeinfo.c \
- util.c util.h
+ util.c util.h \
+ xenrbac_libvirt.c xenrbac_libvirt.h
SERVER_SOURCES = \
../qemud/remote_protocol.c ../qemud/remote_protocol.h
@@ -652,7 +655,7 @@
rm -f "$${dir}/so_locations"; \
done
libvirt.la: $(libvirt_la_OBJECTS) $(libvirt_la_DEPENDENCIES)
- $(libvirt_la_LINK) -rpath $(libdir) $(libvirt_la_OBJECTS) $(libvirt_la_LIBADD) $(LIBS)
+ $(libvirt_la_LINK) -rpath $(libdir) $(libvirt_la_OBJECTS) $(libvirt_la_LIBADD) $(LIBS) $(LIBXENRBAC)
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@@ -683,7 +686,7 @@
done
virsh$(EXEEXT): $(virsh_OBJECTS) $(virsh_DEPENDENCIES)
@rm -f virsh$(EXEEXT)
- $(virsh_LINK) $(virsh_OBJECTS) $(virsh_LDADD) $(LIBS)
+ $(virsh_LINK) $(virsh_OBJECTS) $(virsh_LDADD) $(LIBS) $(LIBXENRBAC)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -719,6 +722,8 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_la-xm_internal.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_la-xml.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_la-xs_internal.Plo(a)am__quote@
+#RBAC
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_la-xenrbac_libvirt.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virsh-console.Po(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virsh-virsh.Po(a)am__quote@
@@ -813,6 +818,13 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_la_CFLAGS) $(CFLAGS) -c -o libvirt_la-xs_internal.lo `test -f 'xs_internal.c' || echo '$(srcdir)/'`xs_internal.c
+libvirt_la-xenrbac_libvirt.lo: xenrbac_libvirt.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_la_CFLAGS) $(CFLAGS) -MT libvirt_la-xenrbac_libvirt.lo -MD -MP -MF $(DEPDIR)/libvirt_la-xenrbac_libvirt.Tpo -c -o libvirt_la-xenrbac_libvirt.lo `test -f 'xenrbac_libvirt.c' || echo '$(srcdir)/'`xenrbac_libvirt.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_la-xenrbac_libvirt.Tpo $(DEPDIR)/libvirt_la-xenrbac_libvirt.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xenrbac_libvirt.c' object='libvirt_la-xenrbac_libvirt.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_la_CFLAGS) $(CFLAGS) -c -o libvirt_la-xenrbac_libvirt.lo `test -f 'xenrbac_libvirt.c' || echo '$(srcdir)/'`xenrbac_libvirt.c
+
libvirt_la-xend_internal.lo: xend_internal.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_la_CFLAGS) $(CFLAGS) -MT libvirt_la-xend_internal.lo -MD -MP -MF $(DEPDIR)/libvirt_la-xend_internal.Tpo -c -o libvirt_la-xend_internal.lo `test -f 'xend_internal.c' || echo '$(srcdir)/'`xend_internal.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_la-xend_internal.Tpo $(DEPDIR)/libvirt_la-xend_internal.Plo
@@ -1181,7 +1193,7 @@
# target to ease building test programs
#
tst: tst.c
- $(CC) $(CFLAGS) $(INCLUDES) -I../include -o tst tst.c .libs/libvirt.a $(LIBXML_LIBS) $(VIRSH_LIBS) $(GNUTLS_LIBS) $(LIBS)
+ $(CC) $(CFLAGS) $(INCLUDES) -I../include -o tst tst.c .libs/libvirt.a $(LIBXML_LIBS) $(VIRSH_LIBS) $(GNUTLS_LIBS) $(LIBS) $(LIBXENRBAC)
cov: clean-cov $(COVERAGE_FILES)
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/libvirt.c
--- a/src/libvirt.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/libvirt.c Tue Jan 27 03:13:46 2009 +0900
@@ -40,6 +40,9 @@
#ifdef WITH_OPENVZ
#include "openvz_driver.h"
#endif
+#ifdef RBAC
+#include "xenrbac_libvirt.h"
+#endif
/*
* TODO:
@@ -481,6 +484,11 @@
if (libVer == NULL)
return (-1);
+
+#ifdef RBAC
+ if(xenRBACdomain( XR_VERSION, NULL, NULL) == -1)
+ return (-1);
+#endif
*libVer = LIBVIR_VERSION_NUMBER;
if (typeVer != NULL) {
@@ -815,6 +823,10 @@
return NULL;
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_HOSTNAME, NULL, conn) == -1)
+ return NULL;
+#endif
if (conn->driver->getHostname)
return conn->driver->getHostname (conn);
@@ -849,6 +861,10 @@
return NULL;
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_HYPERVISER_URI, NULL, conn) == -1)
+ return NULL;
+#endif
/* Drivers may override getURI, but if they don't then
* we provide a default implementation.
*/
@@ -917,6 +933,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_LIST_VM, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->listDomains)
return conn->driver->listDomains (conn, ids, maxids);
@@ -1006,6 +1026,10 @@
return (NULL);
}
+#ifdef RBAC
+ if(xenRBACxml(XR_CREATE_VM, xmlDesc, conn) == -1)
+ return (NULL);
+#endif
if (conn->driver->domainCreateLinux)
return conn->driver->domainCreateLinux (conn, xmlDesc, flags);
@@ -1189,6 +1213,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_DESTROY_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainDestroy)
return conn->driver->domainDestroy (domain);
@@ -1248,6 +1276,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_PAUSE_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainSuspend)
return conn->driver->domainSuspend (domain);
@@ -1282,6 +1314,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_PAUSE_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainResume)
return conn->driver->domainResume (domain);
@@ -1322,6 +1358,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_SAVE_VM, NULL, conn) == -1)
+ return (-1);
+#endif
/*
* We must absolutize the file path as the save is done out of process
* TODO: check for URI when libxml2 is linked in.
@@ -1377,6 +1417,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_SAVE_VM, NULL, conn) == -1)
+ return (-1);
+#endif
/*
* We must absolutize the file path as the restore is done out of process
* TODO: check for URI when libxml2 is linked in.
@@ -1436,6 +1480,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_DUMP_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
/*
* We must absolutize the file path as the save is done out of process
* TODO: check for URI when libxml2 is linked in.
@@ -1493,6 +1541,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_SHUTDOWN_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainShutdown)
return conn->driver->domainShutdown (domain);
@@ -1528,6 +1580,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_REBOOT_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainReboot)
return conn->driver->domainReboot (domain, flags);
@@ -1661,6 +1717,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_LIST_VM, domain->name, conn) == -1)
+ return (NULL);
+#endif
if (conn->driver->domainGetOSType)
return conn->driver->domainGetOSType (domain);
@@ -1734,6 +1794,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_SET_MEM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainSetMaxMemory)
return conn->driver->domainSetMaxMemory (domain, memory);
@@ -1778,6 +1842,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_SET_MEM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainSetMemory)
return conn->driver->domainSetMemory (domain, memory);
@@ -1926,6 +1994,11 @@
return NULL;
}
conn = domain->conn; /* Source connection. */
+
+#ifdef RBAC
+ if(xenRBACdomain( XR_MIGRATE_VM, domain->name, conn) == -1)
+ return NULL;
+#endif
if (!VIR_IS_CONNECT (dconn)) {
virLibConnError (conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
return NULL;
@@ -2150,6 +2223,10 @@
return 0;
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_AVAILABLE_MEM, NULL, conn) == -1)
+ return 0;
+#endif
if (conn->driver->getFreeMemory)
return conn->driver->getFreeMemory (conn);
@@ -2179,6 +2256,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_GET_SCHEDULER, domain->name, conn) == -1)
+ return NULL;
+#endif
if (conn->driver->domainGetSchedulerType){
schedtype = conn->driver->domainGetSchedulerType (domain, nparams);
return schedtype;
@@ -2216,6 +2297,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_GET_SCHEDULER, domain->name, conn) == -1)
+ return -1;
+#endif
if (conn->driver->domainGetSchedulerParameters)
return conn->driver->domainGetSchedulerParameters (domain, params, nparams);
@@ -2248,6 +2333,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_SET_SCHEDULER, domain->name, conn) == -1)
+ return -1;
+#endif
if (conn->driver->domainSetSchedulerParameters)
return conn->driver->domainSetSchedulerParameters (domain, params, nparams);
@@ -2297,6 +2386,10 @@
}
conn = dom->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_LOAD_VM, dom->name, conn) == -1)
+ return -1;
+#endif
if (conn->driver->domainBlockStats) {
if (conn->driver->domainBlockStats (dom, path, &stats2) == -1)
return -1;
@@ -2349,6 +2442,10 @@
}
conn = dom->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_LOAD_VM, dom->name, conn) == -1)
+ return -1;
+#endif
if (conn->driver->domainInterfaceStats) {
if (conn->driver->domainInterfaceStats (dom, path, &stats2) == -1)
return -1;
@@ -2396,6 +2493,10 @@
return (NULL);
}
+#ifdef RBAC
+ if(xenRBACxml(XR_DEFINE_VM, xml, conn) == -1)
+ return (NULL);
+#endif
if (conn->driver->domainDefineXML)
return conn->driver->domainDefineXML (conn, xml);
@@ -2426,6 +2527,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_UNDEFINE_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainUndefine)
return conn->driver->domainUndefine (domain);
@@ -2483,6 +2588,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_LIST_VM, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->listDefinedDomains)
return conn->driver->listDefinedDomains (conn, names, maxnames);
@@ -2518,6 +2627,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_START_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainCreate)
return conn->driver->domainCreate (domain);
@@ -2585,6 +2698,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_AUTOSTART_VM, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainSetAutostart)
return conn->driver->domainSetAutostart (domain, autostart);
@@ -2630,6 +2747,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_SET_VCPU, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainSetVcpus)
return conn->driver->domainSetVcpus (domain, nvcpus);
@@ -2682,6 +2803,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_SET_VCPU, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainPinVcpu)
return conn->driver->domainPinVcpu (domain, vcpu, cpumap, maplen);
@@ -2736,6 +2861,10 @@
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_GET_VCPU, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainGetVcpus)
return conn->driver->domainGetVcpus (domain, info, maxinfo,
cpumaps, maplen);
@@ -2802,6 +2931,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_ATTACH_DEVICE, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainAttachDevice)
return conn->driver->domainAttachDevice (domain, xml);
@@ -2834,6 +2967,10 @@
}
conn = domain->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_DETACH_DEVICE, domain->name, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->domainDetachDevice)
return conn->driver->domainDetachDevice (domain, xml);
@@ -2876,6 +3013,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_AVAILABLE_MEM, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->driver->nodeGetCellsFreeMemory)
return conn->driver->nodeGetCellsFreeMemory (conn, freeMems, startCell, maxCells);
@@ -2959,6 +3100,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_LIST_VNET, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->networkDriver && conn->networkDriver->listNetworks)
return conn->networkDriver->listNetworks (conn, names, maxnames);
@@ -3017,6 +3162,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_LIST_VNET, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->networkDriver && conn->networkDriver->listDefinedNetworks)
return conn->networkDriver->listDefinedNetworks (conn,
names, maxnames);
@@ -3166,6 +3315,10 @@
return (NULL);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_CREATE_VNET, NULL, conn) == -1)
+ return (NULL);
+#endif
if (conn->networkDriver && conn->networkDriver->networkCreateXML)
return conn->networkDriver->networkCreateXML (conn, xmlDesc);
@@ -3200,6 +3353,10 @@
return (NULL);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_DEFINE_VNET, NULL, conn) == -1)
+ return (NULL);
+#endif
if (conn->networkDriver && conn->networkDriver->networkDefineXML)
return conn->networkDriver->networkDefineXML (conn, xml);
@@ -3230,6 +3387,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_DEFINE_VNET, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->networkDriver && conn->networkDriver->networkUndefine)
return conn->networkDriver->networkUndefine (network);
@@ -3266,6 +3427,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_CREATE_VNET, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->networkDriver && conn->networkDriver->networkCreate)
return conn->networkDriver->networkCreate (network);
@@ -3302,6 +3467,10 @@
return (-1);
}
+#ifdef RBAC
+ if(xenRBACdomain( XR_DESTROY_VNET, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->networkDriver && conn->networkDriver->networkDestroy)
return conn->networkDriver->networkDestroy (network);
@@ -3441,6 +3610,10 @@
conn = network->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_DETAIL_VNET, NULL, conn) == -1)
+ return (NULL);
+#endif
if (conn->networkDriver && conn->networkDriver->networkDumpXML)
return conn->networkDriver->networkDumpXML (network, flags);
@@ -3538,6 +3711,10 @@
conn = network->conn;
+#ifdef RBAC
+ if(xenRBACdomain( XR_AUTOSTART_VNET, NULL, conn) == -1)
+ return (-1);
+#endif
if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
return conn->networkDriver->networkSetAutostart (network, autostart);
@@ -3545,6 +3722,340 @@
return -1;
}
+#ifdef RBAC
+/**
+ * virDomainGetXMLDesc_XRBAC:
+ * @op_id: a access ID
+ * @domain: a domain object
+ * @flags: an OR'ed set of virDomainXMLFlags
+ *
+ * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of error.
+ * the caller must free() the returned value.
+ */
+char *
+virDomainGetXMLDesc_XRBAC(int op_id, virDomainPtr domain, int flags)
+{
+ /* parameter Check */
+ if( domain == NULL ) {
+ virLibConnError( domain->conn, VIR_ERR_INTERNAL_ERROR, "domain name");
+ return NULL;
+ }
+ if( (domain->name == NULL) || (strlen(domain->name) == 0) ){
+ virLibConnError( domain->conn, VIR_ERR_INTERNAL_ERROR, "domain name");
+ return NULL;
+ }
+
+ if(xenRBACdomain( op_id, domain->name, domain->conn) == -1)
+ return NULL;
+
+ return virDomainGetXMLDesc(domain, flags);
+}
+
+/**
+ * virConnectListNetworks_QEMUD:
+ * @conn: pointer to the hypervisor connection
+ * @names: array to collect the list of names of active networks
+ * @maxnames: size of @names
+ *
+ * Collect the list of active networks, and store their names in @names
+ *
+ * Returns the number of networks found or -1 in case of error
+ */
+int
+virConnectListNetworks_QEMUD(virConnectPtr conn, char **const names, int maxnames)
+{
+ DEBUG("conn=%p, names=%p, maxnames=%d", conn, names, maxnames);
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return (-1);
+ }
+
+ if ((names == NULL) || (maxnames < 0)) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return (-1);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->listNetworks)
+ return conn->networkDriver->listNetworks (conn, names, maxnames);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+
+/**
+ * virConnectListDefinedNetworks_QEMUD:
+ * @conn: pointer to the hypervisor connection
+ * @names: pointer to an array to store the names
+ * @maxnames: size of the array
+ *
+ * list the inactive networks, stores the pointers to the names in @names
+ *
+ * Returns the number of names provided in the array or -1 in case of error
+ */
+int
+virConnectListDefinedNetworks_QEMUD(virConnectPtr conn, char **const names,
+ int maxnames)
+{
+ DEBUG("conn=%p, names=%p, maxnames=%d", conn, names, maxnames);
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return (-1);
+ }
+
+ if ((names == NULL) || (maxnames < 0)) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return (-1);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->listDefinedNetworks)
+ return conn->networkDriver->listDefinedNetworks (conn,
+ names, maxnames);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+
+/**
+ * virNetworkCreateXML_QEMUD:
+ * @conn: pointer to the hypervisor connection
+ * @xmlDesc: an XML description of the network
+ *
+ * Create and start a new virtual network, based on an XML description
+ * similar to the one returned by virNetworkGetXMLDesc()
+ *
+ * Returns a new network object or NULL in case of failure
+ */
+virNetworkPtr
+virNetworkCreateXML_QEMUD(virConnectPtr conn, const char *xmlDesc)
+{
+ DEBUG("conn=%p, xmlDesc=%s", conn, xmlDesc);
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return (NULL);
+ }
+ if (xmlDesc == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return (NULL);
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (NULL);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->networkCreateXML)
+ return conn->networkDriver->networkCreateXML (conn, xmlDesc);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return NULL;
+}
+
+/**
+ * virNetworkDefineXML_QEMUD:
+ * @conn: pointer to the hypervisor connection
+ * @xml: the XML description for the network, preferably in UTF-8
+ *
+ * Define a network, but does not create it
+ *
+ * Returns NULL in case of error, a pointer to the network otherwise
+ */
+virNetworkPtr
+virNetworkDefineXML_QEMUD(virConnectPtr conn, const char *xml)
+{
+ DEBUG("conn=%p, xml=%s", conn, xml);
+
+ if (!VIR_IS_CONNECT(conn)) {
+ virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
+ return (NULL);
+ }
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (NULL);
+ }
+ if (xml == NULL) {
+ virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return (NULL);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->networkDefineXML)
+ return conn->networkDriver->networkDefineXML (conn, xml);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return NULL;
+}
+
+/**
+ * virNetworkUndefine_QEMUD:
+ * @network: pointer to a defined network
+ *
+ * Undefine a network but does not stop it if it is running
+ *
+ * Returns 0 in case of success, -1 in case of error
+ */
+int
+virNetworkUndefine_QEMUD(virNetworkPtr network) {
+ virConnectPtr conn;
+ DEBUG("network=%p", network);
+
+ if (!VIR_IS_CONNECTED_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (-1);
+ }
+ conn = network->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->networkUndefine)
+ return conn->networkDriver->networkUndefine (network);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+
+/**
+ * virNetworkCreate_QEMUD:
+ * @network: pointer to a defined network
+ *
+ * Create and start a defined network. If the call succeed the network
+ * moves from the defined to the running networks pools.
+ *
+ * Returns 0 in case of success, -1 in case of error
+ */
+int
+virNetworkCreate_QEMUD(virNetworkPtr network)
+{
+ virConnectPtr conn;
+ DEBUG("network=%p", network);
+
+ if (network == NULL) {
+ TODO
+ return (-1);
+ }
+ if (!VIR_IS_CONNECTED_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (-1);
+ }
+ conn = network->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->networkCreate)
+ return conn->networkDriver->networkCreate (network);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+
+/**
+ * virNetworkDestroy_QEMUD:
+ * @network: a network object
+ *
+ * Destroy the network object. The running instance is shutdown if not down
+ * already and all resources used by it are given back to the hypervisor.
+ * The data structure is freed and should not be used thereafter if the
+ * call does not return an error.
+ * This function may requires priviledged access
+ *
+ * Returns 0 in case of success and -1 in case of failure.
+ */
+int
+virNetworkDestroy_QEMUD(virNetworkPtr network)
+{
+ virConnectPtr conn;
+ DEBUG("network=%p", network);
+
+ if (!VIR_IS_CONNECTED_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (-1);
+ }
+
+ conn = network->conn;
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ return (-1);
+ }
+
+ if (conn->networkDriver && conn->networkDriver->networkDestroy)
+ return conn->networkDriver->networkDestroy (network);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+
+/**
+ * virNetworkGetXMLDesc_QEMUD:
+ * @network: a network object
+ * @flags: and OR'ed set of extraction flags, not used yet
+ *
+ * Provide an XML description of the network. The description may be reused
+ * later to relaunch the network with virNetworkCreateXML().
+ *
+ * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of error.
+ * the caller must free() the returned value.
+ */
+char *
+virNetworkGetXMLDesc_QEMUD(virNetworkPtr network, int flags)
+{
+ virConnectPtr conn;
+ DEBUG("network=%p, flags=%d", network, flags);
+
+ if (!VIR_IS_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (NULL);
+ }
+ if (flags != 0) {
+ virLibNetworkError(network, VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return (NULL);
+ }
+
+ conn = network->conn;
+
+ if (conn->networkDriver && conn->networkDriver->networkDumpXML)
+ return conn->networkDriver->networkDumpXML (network, flags);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return NULL;
+}
+
+/**
+ * virNetworkSetAutostart_QEMUD:
+ * @network: a network object
+ * @autostart: whether the network should be automatically started 0 or 1
+ *
+ * Configure the network to be automatically started
+ * when the host machine boots.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+int
+virNetworkSetAutostart_QEMUD(virNetworkPtr network,
+ int autostart)
+{
+ virConnectPtr conn;
+ DEBUG("network=%p, autostart=%d", network, autostart);
+
+ if (!VIR_IS_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (-1);
+ }
+
+ conn = network->conn;
+
+ if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
+ return conn->networkDriver->networkSetAutostart (network, autostart);
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+#endif
+
+
/*
* vim: set tabstop=4:
* vim: set shiftwidth=4:
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/libvirt_sym.version
--- a/src/libvirt_sym.version Wed Apr 02 13:13:06 2008 +0900
+++ b/src/libvirt_sym.version Tue Jan 27 03:13:46 2009 +0900
@@ -28,6 +28,7 @@
virDomainGetName;
virDomainGetOSType;
virDomainGetXMLDesc;
+ virDomainGetXMLDesc_XRBAC;
virDomainLookupByID;
virDomainLookupByName;
virDomainLookupByUUID;
@@ -99,6 +100,15 @@
virNetworkGetBridgeName;
virNetworkGetAutostart;
virNetworkSetAutostart;
+ virConnectListNetworks_QEMUD;
+ virConnectListDefinedNetworks_QEMUD;
+ virNetworkCreateXML_QEMUD;
+ virNetworkDefineXML_QEMUD;
+ virNetworkUndefine_QEMUD;
+ virNetworkCreate_QEMUD;
+ virNetworkDestroy_QEMUD;
+ virNetworkGetXMLDesc_QEMUD;
+ virNetworkSetAutostart_QEMUD;
/* Symbols with __ are private only
for use by the libvirtd daemon.
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/proxy_internal.c
--- a/src/proxy_internal.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/proxy_internal.c Tue Jan 27 03:13:46 2009 +0900
@@ -42,6 +42,9 @@
static unsigned long xenProxyDomainGetMaxMemory(virDomainPtr domain);
static int xenProxyDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info);
static char *xenProxyDomainGetOSType(virDomainPtr domain);
+#ifdef RBAC
+static char *xenProxyGetSchedulerType(virDomainPtr domain, int *nparams);
+#endif
struct xenUnifiedDriver xenProxyDriver = {
xenProxyOpen, /* open */
@@ -80,7 +83,11 @@
NULL, /* domainDetachDevice */
NULL, /* domainGetAutostart */
NULL, /* domainSetAutostart */
+#ifdef RBAC
+ xenProxyGetSchedulerType, /* domainGetInfo */
+#else
NULL, /* domainGetSchedulerType */
+#endif
NULL, /* domainGetSchedulerParameters */
NULL, /* domainSetSchedulerParameters */
};
@@ -533,9 +540,11 @@
int ret;
int fd;
xenUnifiedPrivatePtr priv;
-
+
+#ifndef RBAC
if (!(flags & VIR_CONNECT_RO))
return(-1);
+#endif
priv = (xenUnifiedPrivatePtr) conn->privateData;
priv->proxy = -1;
@@ -1113,6 +1122,54 @@
return(ostype);
}
+#ifdef RBAC
+static char *
+xenProxyGetSchedulerType(virDomainPtr domain, int *nparams)
+{
+ virProxyPacket req;
+ virProxyFullPacket ans;
+ int ret, type_len;
+ char *sched_type;
+
+ if (!VIR_IS_CONNECTED_DOMAIN(domain)) {
+ if (domain == NULL)
+ virProxyError(NULL, VIR_ERR_INVALID_DOMAIN, __FUNCTION__);
+ else
+ virProxyError(domain->conn, VIR_ERR_INVALID_DOMAIN, __FUNCTION__);
+ return NULL;
+ }
+ if (domain->id < 0)
+ return NULL;
+
+ memset(&req, 0, sizeof(req));
+ req.command = VIR_PROXY_GET_SCHEDTYPE;
+ req.len = sizeof(req);
+ ret = xenProxyCommand(domain->conn, &req, &ans, 0);
+ if (ret < 0) {
+ xenProxyClose(domain->conn);
+ return NULL;
+ }
+ if (ans.data.arg == -1)
+ return NULL;
+ if (ans.len <= sizeof(virProxyPacket)) {
+ virProxyError(domain->conn, VIR_ERR_OPERATION_FAILED, __FUNCTION__);
+ return NULL;
+ }
+
+ type_len = ans.len - sizeof (virProxyPacket) - sizeof(int);
+ sched_type = malloc (type_len + 1);
+ if (!sched_type) {
+ virProxyError (domain->conn, VIR_ERR_NO_MEMORY, __FUNCTION__);
+ return NULL;
+ }
+
+ *nparams = ans.extra.arg[0];
+ memmove (sched_type, &ans.extra.str[4], type_len);
+ sched_type[type_len] = '\0';
+
+ return sched_type;
+}
+#endif
#endif /* WITH_XEN */
/*
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/proxy_internal.h
--- a/src/proxy_internal.h Wed Apr 02 13:13:06 2008 +0900
+++ b/src/proxy_internal.h Tue Jan 27 03:13:46 2009 +0900
@@ -37,7 +37,12 @@
VIR_PROXY_DOMAIN_INFO = 9,
VIR_PROXY_DOMAIN_XML = 10,
VIR_PROXY_DOMAIN_OSTYPE = 11,
+#ifdef RBAC
+ VIR_PROXY_GET_CAPABILITIES = 12,
+ VIR_PROXY_GET_SCHEDTYPE = 13
+#else
VIR_PROXY_GET_CAPABILITIES = 12
+#endif
} virProxyCommand;
/*
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/remote_internal.c
--- a/src/remote_internal.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/remote_internal.c Tue Jan 27 03:13:46 2009 +0900
@@ -677,7 +677,7 @@
cmd_argv[j++] = strdup (sockname ? sockname : LIBVIRTD_PRIV_UNIX_SOCKET);
cmd_argv[j++] = 0;
assert (j == nr_args);
- for (j = 0; j < nr_args; j++)
+ for (j = 0; j < (nr_args-1); j++)
if (cmd_argv[j] == NULL) {
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
goto failed;
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/virsh.c
--- a/src/virsh.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/virsh.c Tue Jan 27 03:13:46 2009 +0900
@@ -49,6 +49,10 @@
#include "internal.h"
#include "console.h"
+#ifdef RBAC
+#include "xenrbac_libvirt.h"
+#endif
+
static char *progname;
#ifndef TRUE
@@ -1066,12 +1070,13 @@
if (!(dom = vshCommandOptDomainBy(ctl, cmd, "name", NULL, VSH_BYNAME)))
return FALSE;
+#ifndef RBAC
if (virDomainGetID(dom) != (unsigned int)-1) {
vshError(ctl, FALSE, _("Domain is already active"));
virDomainFree(dom);
return FALSE;
}
-
+#endif
if (virDomainCreate(dom) == 0) {
vshPrint(ctl, _("Domain %s started\n"),
virDomainGetName(dom));
@@ -1549,6 +1554,25 @@
if (!(dom = vshCommandOptDomain(ctl, cmd, "domain", NULL)))
return FALSE;
+#ifdef RBAC
+ if ((str = virDomainGetOSType(dom))) {
+ id = virDomainGetID(dom);
+ if (id == ((unsigned int)-1))
+ vshPrint(ctl, "%-15s %s\n", _("Id:"), "-");
+ else
+ vshPrint(ctl, "%-15s %d\n", _("Id:"), id);
+ vshPrint(ctl, "%-15s %s\n", _("Name:"), virDomainGetName(dom));
+
+ if (virDomainGetUUIDString(dom, &uuid[0])==0)
+ vshPrint(ctl, "%-15s %s\n", _("UUID:"), uuid);
+
+ vshPrint(ctl, "%-15s %s\n", _("OS Type:"), str);
+ free(str);
+ } else {
+ virDomainFree(dom);
+ return FALSE;
+ }
+#else
id = virDomainGetID(dom);
if (id == ((unsigned int)-1))
vshPrint(ctl, "%-15s %s\n", _("Id:"), "-");
@@ -1563,6 +1587,7 @@
vshPrint(ctl, "%-15s %s\n", _("OS Type:"), str);
free(str);
}
+#endif
if (virDomainGetInfo(dom, &info) == 0) {
vshPrint(ctl, "%-15s %s\n", _("State:"),
@@ -2116,7 +2141,11 @@
if (!(dom = vshCommandOptDomain(ctl, cmd, "domain", NULL)))
return FALSE;
+#ifdef RBAC
+ dump = virDomainGetXMLDesc_XRBAC(XR_DETAIL_VM, dom, 0);
+#else
dump = virDomainGetXMLDesc(dom, 0);
+#endif
if (dump != NULL) {
printf("%s", dump);
free(dump);
@@ -2555,7 +2584,6 @@
}
if (maxactive) {
activeNames = vshMalloc(ctl, sizeof(char *) * maxactive);
-
if ((maxactive = virConnectListNetworks(ctl->conn, activeNames,
maxactive)) < 0) {
vshError(ctl, FALSE, _("Failed to list active networks"));
@@ -2576,7 +2604,6 @@
}
if (maxinactive) {
inactiveNames = vshMalloc(ctl, sizeof(char *) * maxinactive);
-
if ((maxinactive = virConnectListDefinedNetworks(ctl->conn, inactiveNames, maxinactive)) < 0) {
vshError(ctl, FALSE, _("Failed to list inactive networks"));
if (activeNames)
@@ -2824,6 +2851,13 @@
return FALSE;
}
+#ifdef RBAC
+ ret = virGetVersion(&libVersion, hvType, &apiVersion);
+ if (ret < 0) {
+ vshError(ctl, FALSE, _("failed to get the library version"));
+ return FALSE;
+ }
+
includeVersion = LIBVIR_VERSION_NUMBER;
major = includeVersion / 1000000;
includeVersion %= 1000000;
@@ -2831,12 +2865,22 @@
rel = includeVersion % 1000;
vshPrint(ctl, _("Compiled against library: libvir %d.%d.%d\n"),
major, minor, rel);
+#else
+ includeVersion = LIBVIR_VERSION_NUMBER;
+ major = includeVersion / 1000000;
+ includeVersion %= 1000000;
+ minor = includeVersion / 1000;
+ rel = includeVersion % 1000;
+ vshPrint(ctl, _("Compiled against library: libvir %d.%d.%d\n"),
+ major, minor, rel);
ret = virGetVersion(&libVersion, hvType, &apiVersion);
if (ret < 0) {
vshError(ctl, FALSE, _("failed to get the library version"));
return FALSE;
}
+#endif
+
major = libVersion / 1000000;
libVersion %= 1000000;
minor = libVersion / 1000;
@@ -2961,7 +3005,11 @@
if (!(dom = vshCommandOptDomain(ctl, cmd, "domain", NULL)))
return FALSE;
+#ifdef RBAC
+ doc = virDomainGetXMLDesc_XRBAC(XR_DETAIL_VM, dom, 0);
+#else
doc = virDomainGetXMLDesc(dom, 0);
+#endif
if (!doc)
goto cleanup;
@@ -3038,7 +3086,11 @@
if (!(dom = vshCommandOptDomain(ctl, cmd, "domain", NULL)))
return FALSE;
+#ifdef RBAC
+ doc = virDomainGetXMLDesc_XRBAC(XR_DETAIL_VM, dom, 0);
+#else
doc = virDomainGetXMLDesc(dom, 0);
+#endif
if (!doc)
goto cleanup;
@@ -4532,12 +4584,15 @@
/* set up the library error handler */
virSetErrorFunc(NULL, virshErrorHandler);
+#ifdef RBAC
+#else
#ifndef __MINGW32__
/* Force a non-root, Xen connection to readonly */
if ((ctl->name == NULL ||
!strcasecmp(ctl->name, "xen")) && ctl->uid != 0)
ctl->readonly = 1;
#endif
+#endif /* RBAC */
ctl->conn = virConnectOpenAuth(ctl->name,
virConnectAuthPtrDefault,
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/virterror.c
--- a/src/virterror.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/virterror.c Tue Jan 27 03:13:46 2009 +0900
@@ -300,6 +300,11 @@
case VIR_FROM_STATS_LINUX:
dom = "Linux Stats ";
break;
+#ifdef RBAC
+ case VIR_FROM_XENRBAC:
+ dom = "Xen RBAC ";
+ break;
+#endif
}
if ((err->dom != NULL) && (err->code != VIR_ERR_INVALID_DOMAIN)) {
@@ -679,6 +684,14 @@
else
errmsg = _("authentication failed: %s");
break;
+#ifdef RBAC
+ case VIR_ERR_PERMISSION:
+ if (info == NULL)
+ errmsg = _("operation not permitted");
+ else
+ errmsg = _("operation not permitted: %s");
+ break;
+#endif
}
return (errmsg);
}
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xen_internal.c
--- a/src/xen_internal.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/xen_internal.c Tue Jan 27 03:13:46 2009 +0900
@@ -741,7 +741,6 @@
errmsg, info, NULL, value, 0, errmsg, info, value);
}
-#ifndef PROXY
/**
* virXenErrorFunc:
@@ -779,7 +778,6 @@
}
}
-#endif /* PROXY */
/**
* virXenPerror:
@@ -1069,7 +1067,6 @@
}
-#ifndef PROXY
/**
* xenHypervisorGetSchedulerType:
* @domain: pointer to the Xen Hypervisor block
@@ -1082,19 +1079,35 @@
char *
xenHypervisorGetSchedulerType(virDomainPtr domain, int *nparams)
{
+ if ((domain == NULL) || (domain->conn == NULL)) {
+ virXenErrorFunc(NULL, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
+ "domain is NULL", 0);
+ return NULL;
+ }
+ if (domain->id < 0) {
+ virXenErrorFunc(domain->conn, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
+ "domain->id invalid", 0);
+ return NULL;
+ }
+ return(xenHypervisorGetSchedType(domain->conn, nparams));
+}
+
+char *
+xenHypervisorGetSchedType(virConnectPtr conn, int *nparams)
+{
char *schedulertype = NULL;
xenUnifiedPrivatePtr priv;
- if ((domain == NULL) || (domain->conn == NULL)) {
+ if (conn == NULL) {
virXenErrorFunc(NULL, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
- "domain or conn is NULL", 0);
+ "conn is NULL", 0);
return NULL;
}
- priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
- if (priv->handle < 0 || domain->id < 0) {
- virXenErrorFunc(domain->conn, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
- "priv->handle or domain->id invalid", 0);
+ priv = (xenUnifiedPrivatePtr) conn->privateData;
+ if (priv->handle < 0) {
+ virXenErrorFunc(conn, VIR_ERR_INTERNAL_ERROR, __FUNCTION__,
+ "priv->handle invalid", 0);
return NULL;
}
@@ -1104,8 +1117,8 @@
* TODO: check on Xen 3.0.3
*/
if (dom_interface_version < 5) {
- virXenErrorFunc(domain->conn, VIR_ERR_NO_XEN, __FUNCTION__,
- "unsupported in dom interface < 5", 0);
+ virXenErrorFunc(conn, VIR_ERR_NO_XEN, __FUNCTION__,
+ "unsupported in dom interface < 5", 0);
return NULL;
}
@@ -1138,6 +1151,7 @@
return schedulertype;
}
+#ifndef PROXY
static const char *str_weight = "weight";
static const char *str_cap = "cap";
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xen_internal.h
--- a/src/xen_internal.h Wed Apr 02 13:13:06 2008 +0900
+++ b/src/xen_internal.h Tue Jan 27 03:13:46 2009 +0900
@@ -76,8 +76,10 @@
int maplen);
int xenHypervisorGetVcpuMax (virDomainPtr domain);
-char * xenHypervisorGetSchedulerType (virDomainPtr domain,
- int *nparams);
+char * xenHypervisorGetSchedulerType (virDomainPtr domain,
+ int *nparams);
+char * xenHypervisorGetSchedType (virConnectPtr conn,
+ int *nparams);
int xenHypervisorGetSchedulerParameters (virDomainPtr domain,
virSchedParameterPtr params,
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xen_unified.c
--- a/src/xen_unified.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/xen_unified.c Tue Jan 27 03:13:46 2009 +0900
@@ -40,6 +40,9 @@
#include "xm_internal.h"
#include "xml.h"
+#ifdef RBAC
+#include <xen/xen.h>
+#endif
static int
xenUnifiedNodeGetInfo (virConnectPtr conn, virNodeInfoPtr info);
static int
@@ -266,6 +269,11 @@
priv->xendConfigVersion > 2)
continue;
+#ifdef RBAC
+ /* Ignore proxy for non-root */
+ if (i == XEN_UNIFIED_HYPERVISOR_OFFSET && getuid() != 0)
+ continue;
+#endif
/* Ignore proxy for root */
if (i == XEN_UNIFIED_PROXY_OFFSET && getuid() == 0)
continue;
@@ -282,10 +290,15 @@
#endif
}
+#ifdef RBAC
+ if (!priv->opened[i] &&
+ (!(conn->flags & VIR_CONNECT_RO) || getuid() == 0 || i == XEN_UNIFIED_PROXY_OFFSET)) {
+#else
/* If as root, then all drivers must succeed.
If non-root, then only proxy must succeed */
if (!priv->opened[i] &&
(getuid() == 0 || i == XEN_UNIFIED_PROXY_OFFSET)) {
+#endif
for (j = 0; j < i; ++j)
if (priv->opened[j]) drivers[j]->close (conn);
free (priv);
@@ -381,6 +394,9 @@
static int
xenUnifiedGetMaxVcpus (virConnectPtr conn, const char *type)
{
+#ifdef RBAC
+ return MAX_VIRT_CPUS;
+#else
GET_PRIVATE(conn);
if (type && STRCASENEQ (type, "Xen")) {
@@ -394,6 +410,7 @@
xenUnifiedError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
+#endif
}
static int
@@ -889,6 +906,9 @@
static int
xenUnifiedDomainGetMaxVcpus (virDomainPtr dom)
{
+#ifdef RBAC
+ return MAX_VIRT_CPUS;
+#else
GET_PRIVATE(dom->conn);
int i, ret;
@@ -899,6 +919,7 @@
}
return -1;
+#endif
}
static char *
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xend_internal.c
--- a/src/xend_internal.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/xend_internal.c Tue Jan 27 03:13:46 2009 +0900
@@ -62,6 +62,12 @@
static int xenDaemonDomainCoreDump(virDomainPtr domain, const char *filename,
int flags);
#endif /* PROXY */
+#ifdef RBAC
+static int xenDaemonGetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params, int *nparams);
+static int xenDaemonSetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params, int nparams);
+#endif /* RBAC */
#ifndef PROXY
struct xenUnifiedDriver xenDaemonDriver = {
@@ -102,8 +108,13 @@
NULL, /* domainGetAutostart */
NULL, /* domainSetAutostart */
NULL, /* domainGetSchedulerType */
+#ifdef RBAC
+ xenDaemonGetSchedulerParameters, /* domainGetSchedulerParameters */
+ xenDaemonSetSchedulerParameters, /* domainSetSchedulerParameters */
+#else
NULL, /* domainGetSchedulerParameters */
NULL, /* domainSetSchedulerParameters */
+#endif
};
/**
@@ -235,7 +246,11 @@
* is rather normal, this should fallback to the proxy (or
* remote) mechanism.
*/
+#ifdef RBAC
+ if (getuid() == 0) {
+#else
if ((getuid() == 0) || (xend->flags & VIR_CONNECT_RO)) {
+#endif
virXendError(xend, VIR_ERR_INTERNAL_ERROR,
"failed to connect to xend");
}
@@ -3591,6 +3606,109 @@
return(ret);
}
+
+#ifdef RBAC
+static const char *str_weight = "weight";
+static const char *str_cap = "cap";
+
+static int
+xenDaemonGetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params, int *nparams)
+{
+ xenUnifiedPrivatePtr priv;
+ struct sexpr *root;
+ int weight, cap;
+
+ if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)) {
+ virXendError((domain ? domain->conn : NULL), VIR_ERR_INVALID_ARG,
+ __FUNCTION__);
+ return (-1);
+ }
+
+ priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
+ if (domain->id < 0 && priv->xendConfigVersion < 3)
+ return (-1);
+
+ root = sexpr_get(domain->conn, "/xend/domain/%d?detail=1", domain->id);
+ if (root == NULL)
+ return (-1);
+
+ weight = sexpr_int(root, "domain/cpu_weight");
+ cap = sexpr_int(root, "domain/cpu_cap");
+
+ strncpy (params[0].field, str_weight, VIR_DOMAIN_SCHED_FIELD_LENGTH);
+ params[0].type = VIR_DOMAIN_SCHED_FIELD_INT;
+ params[0].value.i = weight;
+
+ strncpy (params[1].field, str_cap, VIR_DOMAIN_SCHED_FIELD_LENGTH);
+ params[1].type = VIR_DOMAIN_SCHED_FIELD_INT;
+ params[1].value.i = cap;
+
+ return (0);
+}
+
+static int
+xenDaemonSetSchedulerParameters(virDomainPtr domain,
+ virSchedParameterPtr params, int nparams)
+{
+ int i;
+ int weight_set = 0;
+ int cap_set = 0;
+ char buf_weight[VIR_UUID_BUFLEN];
+ char buf_cap[VIR_UUID_BUFLEN];
+ xenUnifiedPrivatePtr priv;
+ int weight, cap;
+ struct sexpr *root;
+
+ if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)
+ || (nparams == 0) || (params == NULL)) {
+ virXendError((domain ? domain->conn : NULL), VIR_ERR_INVALID_ARG,
+ __FUNCTION__);
+ return (-1);
+ }
+
+ priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
+
+ if (domain->id < 0 && priv->xendConfigVersion < 3)
+ return(-1);
+
+ /* search specified parameter */
+ memset(&buf_weight, 0, VIR_UUID_BUFLEN);
+ memset(&buf_cap, 0, VIR_UUID_BUFLEN);
+ for (i = 0; i < nparams; i++) {
+ if (STREQ (params[i].field, str_weight) &&
+ params[i].type == VIR_DOMAIN_SCHED_FIELD_UINT) {
+ snprintf(buf_weight, sizeof(buf_weight), "%d", params[i].value.ui);
+ weight_set = 1;
+ } else if (STREQ (params[i].field, str_cap) &&
+ params[i].type == VIR_DOMAIN_SCHED_FIELD_UINT) {
+ snprintf(buf_cap, sizeof(buf_cap), "%d", params[i].value.ui);
+ cap_set = 1;
+ } else {
+ virXendError((domain ? domain->conn : NULL),
+ VIR_ERR_INVALID_ARG, __FUNCTION__);
+ return(-1);
+ }
+ }
+
+ /* get the current setting from xend */
+ root = sexpr_get(domain->conn, "/xend/domain/%d?detail=1", domain->id);
+ weight = sexpr_int(root, "domain/cpu_weight");
+ cap = sexpr_int(root, "domain/cpu_cap");
+
+
+ /* if not specified parameter, set the current value */
+ if (weight_set != 1)
+ snprintf(buf_weight, sizeof(buf_weight), "%d", weight);
+ if (cap_set != 1)
+ snprintf(buf_cap, sizeof(buf_weight), "%d", cap);
+
+ /* xend operation */
+ return(xend_op(domain->conn, domain->name, "op", "domain_sched_credit_set",
+ "weight", buf_weight, "cap", buf_cap, NULL));
+}
+#endif /* RBAC */
+
#endif /* ! PROXY */
#endif /* WITH_XEN */
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xenrbac.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/xenrbac.h Tue Jan 27 03:13:46 2009 +0900
@@ -0,0 +1,39 @@
+/*
+ Copyright (C) 2008 Fujitsu Limited.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef __XENRBAC_H__
+#define __XENRBAC_H__
+
+#include <errno.h>
+
+int xr_judge(char *username, int opeid, char *domainname, int flag_all);
+
+#define XR_ANY 0
+#define XR_ALL 1
+
+#define XR_ACCEPT 0
+#define XR_DENY EPERM
+
+#endif /*__XENRBAC_H__*/
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xenrbac_libvirt.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/xenrbac_libvirt.c Tue Jan 27 03:13:46 2009 +0900
@@ -0,0 +1,162 @@
+/*
+ * xr_internal.c: access to Xen RBAC
+ *
+ * Copyright (C) 2008 FUJITSU Limited.
+ *
+ * See COPYING.LIB for the License of this software
+ *
+ */
+
+#include "libvirt/libvirt.h"
+#include "libvirt/virterror.h"
+#include "internal.h"
+
+#include <stdio.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <unistd.h>
+
+#include <libxml/parser.h>
+#include <libxml/xpath.h>
+#include <libxml/uri.h>
+
+#include "xenrbac_libvirt.h"
+#include "xenrbac.h"
+
+
+/**
+ * xenRBACError:
+ * @error: the error number
+ * @info: extra information string
+ *
+ * Handle an error at the connection level
+ */
+static void
+xenRBACError(virConnectPtr conn, virErrorNumber error, const char *info)
+{
+ const char *errmsg;
+
+ if (error == VIR_ERR_OK)
+ return;
+
+ errmsg = __virErrorMsg(error, info);
+ __virRaiseError(conn, NULL, NULL, VIR_FROM_XENRBAC, error, VIR_ERR_ERROR,
+ errmsg, info, NULL, 0, 0, errmsg, info);
+}
+
+int
+xenRBACdomain(int op_id, char *domname, virConnectPtr conn)
+{
+ struct passwd *pw = NULL;
+ int ret=0;
+ char msg_buff[256];
+
+ memset((char *)msg_buff, (char)NULL, 256);
+
+ /* parameter Check */
+ if( op_id <= 0 ) {
+ snprintf(msg_buff, 256, "unknown access ID ID = %d", op_id);
+ xenRBACError( conn, VIR_ERR_INTERNAL_ERROR, msg_buff);
+ return -1;
+ }
+
+ if( (domname != NULL) && (strlen(domname) == 0) ){
+ xenRBACError( conn, VIR_ERR_INTERNAL_ERROR, "domain name");
+ return -1;
+ }
+ /* Get username */
+ if( !(pw = getpwuid( getuid())) ){
+ if(errno == 0)
+ xenRBACError( conn, VIR_ERR_SYSTEM_ERROR, NULL);
+ else
+ xenRBACError( conn, VIR_ERR_SYSTEM_ERROR, strerror(errno));
+ return -1;
+ }
+
+ ret = xr_judge( pw->pw_name, op_id, domname, XR_ANY);
+ if ( ret != 0 ){
+ switch(ret) {
+ case EPERM:
+ xenRBACError( conn, VIR_ERR_PERMISSION, NULL);
+ return -1;
+
+ case EINVAL:
+ xenRBACError( conn, VIR_ERR_INTERNAL_ERROR, NULL);
+ return -1;
+
+ case ENOMEM:
+ xenRBACError( conn, VIR_ERR_NO_MEMORY, NULL);
+ return -1;
+
+ case ENOENT:
+ case EACCES:
+ xenRBACError( conn, VIR_ERR_OPEN_FAILED, NULL);
+ return -1;
+
+ default:
+ xenRBACError( conn, VIR_ERR_INTERNAL_ERROR, NULL);
+ return -1;
+
+ } //switch_end
+ }
+
+ return 0;
+}
+
+int
+xenRBACxml( int op_id, const char *xmlDesc, virConnectPtr conn)
+{
+
+ xmlDocPtr xml = NULL;
+ xmlXPathObjectPtr obj = NULL;
+ xmlXPathContextPtr ctxt = NULL;
+ int ret = 0;
+
+ /* parameter Check */
+ if( xmlDesc == NULL ){
+ xenRBACError( conn, VIR_ERR_INTERNAL_ERROR, "xmlDesc");
+ return -1;
+ }
+
+ xml = xmlReadDoc((const xmlChar *) xmlDesc, "domain.xml", NULL,
+ XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NOWARNING);
+ if (!xml) {
+ xenRBACError( conn, VIR_ERR_XML_ERROR, NULL);
+ ret = -1;
+ goto cleanup;
+ }
+
+ ctxt = xmlXPathNewContext(xml);
+ if (!ctxt) {
+ xenRBACError( conn, VIR_ERR_XML_ERROR, NULL);
+ ret = -1;
+ goto cleanup;
+ }
+
+ obj = xmlXPathEval(BAD_CAST "string(/domain/name)" , ctxt);
+ if (!obj) {
+ xenRBACError( conn, VIR_ERR_XML_ERROR, NULL);
+ ret = -1;
+ goto cleanup;
+ }
+ if ( (obj->type == XPATH_STRING) && (obj->stringval != NULL) && (obj->stringval[0] != 0) ) {
+ ret = xenRBACdomain( op_id, (char *)obj->stringval, conn);
+ } else {
+ xenRBACError( conn, VIR_ERR_XML_ERROR, NULL);
+ ret = -1;
+ goto cleanup;
+ }
+
+ cleanup:
+ if (obj)
+ xmlXPathFreeObject(obj);
+ if (ctxt)
+ xmlXPathFreeContext(ctxt);
+ if (xml)
+ xmlFreeDoc(xml);
+
+ return ret;
+}
+
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xenrbac_libvirt.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/xenrbac_libvirt.h Tue Jan 27 03:13:46 2009 +0900
@@ -0,0 +1,68 @@
+/*
+ * xenrbac_libvirt.h: internal API for access to Xen RBAC
+ *
+ * Copyright (C) 2008 FUJITSU Limited.
+ *
+ * See COPYING.LIB for the License of this software
+ *
+ */
+
+
+#ifndef __VIR_XR_JUDGE_H__
+#define __VIR_XR_JUDGE_H__
+
+int xenRBACdomain(int op_id, char *domainname, virConnectPtr conn);
+int xenRBACxml(int op_id, const char *xmlDesc, virConnectPtr conn);
+
+#ifdef RBAC
+/* ACCESS LIST */
+#define XR_CREATE_VM 1
+#define XR_START_VM 2
+#define XR_DESTROY_VM 3
+#define XR_SHUTDOWN_VM 4
+#define XR_PAUSE_VM 5
+#define XR_SUSPEND_VM 6
+#define XR_SAVE_VM 7
+#define XR_DEFINE_VM 8
+#define XR_MIGRATE_VM 9
+#define XR_REBOOT_VM 10
+#define XR_DUMP_VM 11
+#define XR_RENAME_VM 12
+#define XR_SYSREQ_VM 13
+#define XR_AUTOSTART_VM 14
+#define XR_UNDEFINE_VM 15 /* Step2 2008.8.13 */
+#define XR_LIST_VM 16
+#define XR_DETAIL_VM 17
+#define XR_LOAD_VM 18
+#define XR_UPTIME_VM 19
+#define XR_XEND_LOG 20
+#define XR_XEND_MSG 21
+#define XR_HOSTNAME 22
+#define XR_AVAILABLE_MEM 23
+
+#define XR_SET_VCPU 30
+#define XR_GET_VCPU 31
+#define XR_SET_SCHEDULER 32
+#define XR_GET_SCHEDULER 33
+#define XR_SET_MEM 34
+#define XR_ATTACH_DEVICE 35 /* Step2 2008.8.13 */
+#define XR_LIST_VBD 36
+#define XR_LIST_VNIF 37
+#define XR_LIST_VTPM 38
+#define XR_CREATE_VNET 40
+#define XR_LIST_VNET 41
+#define XR_DETAIL_VNET 42
+#define XR_AUTOSTART_VNET 43
+#define XR_DEFINE_VNET 44
+#define XR_DETACH_DEVICE 45 /* Step2 2008.8.13 */
+#define XR_CHANGE_DEVICE 46 /* Step2 2008.8.13 */
+#define XR_DESTROY_VNET 47 /* Step2 2008.8.13 */
+
+#define XR_HYPERVISER_URI 61
+#define XR_VERSION 62
+#define XR_SEND_TRIGGER 63
+#define XR_SEND_DEBUG_KEY 64
+#endif
+
+#endif /* __VIR_XR_JUDGE_H__ */
+
diff -r d5dbadfb6161 -r 62d2ebb8d23b src/xs_internal.c
--- a/src/xs_internal.c Wed Apr 02 13:13:06 2008 +0900
+++ b/src/xs_internal.c Tue Jan 27 03:13:46 2009 +0900
@@ -336,7 +336,11 @@
#ifdef PROXY
priv->xshandle = xs_daemon_open_readonly();
#else
+#ifdef RBAC
+ if ((getuid != 0) || (flags & VIR_CONNECT_RO))
+#else
if (flags & VIR_CONNECT_RO)
+#endif
priv->xshandle = xs_daemon_open_readonly();
else
priv->xshandle = xs_daemon_open();
@@ -348,7 +352,11 @@
* is rather normal, this should fallback to the proxy (or
* remote) mechanism.
*/
+#ifdef RBAC
+ if (!(flags & VIR_CONNECT_RO)) {
+#else
if (getuid() == 0) {
+#endif
virXenStoreError(NULL, VIR_ERR_NO_XEN,
_("failed to connect to Xen Store"));
}
diff -r d5dbadfb6161 -r 62d2ebb8d23b tests/Makefile.in
--- a/tests/Makefile.in Wed Apr 02 13:13:06 2008 +0900
+++ b/tests/Makefile.in Tue Jan 27 03:13:46 2009 +0900
@@ -387,6 +387,7 @@
LIBXML_CFLAGS = @LIBXML_CFLAGS@
LIBXML_LIBS = @LIBXML_LIBS@
LN_S = @LN_S@
+LIBXENRBAC = -lxenrbac
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
@@ -693,37 +694,37 @@
done
conftest$(EXEEXT): $(conftest_OBJECTS) $(conftest_DEPENDENCIES)
@rm -f conftest$(EXEEXT)
- $(LINK) $(conftest_OBJECTS) $(conftest_LDADD) $(LIBS)
+ $(LINK) $(conftest_OBJECTS) $(conftest_LDADD) $(LIBS) $(LIBXENRBAC)
nodeinfotest$(EXEEXT): $(nodeinfotest_OBJECTS) $(nodeinfotest_DEPENDENCIES)
@rm -f nodeinfotest$(EXEEXT)
- $(LINK) $(nodeinfotest_OBJECTS) $(nodeinfotest_LDADD) $(LIBS)
+ $(LINK) $(nodeinfotest_OBJECTS) $(nodeinfotest_LDADD) $(LIBS) $(LIBXENRBAC)
qemuxml2argvtest$(EXEEXT): $(qemuxml2argvtest_OBJECTS) $(qemuxml2argvtest_DEPENDENCIES)
@rm -f qemuxml2argvtest$(EXEEXT)
- $(LINK) $(qemuxml2argvtest_OBJECTS) $(qemuxml2argvtest_LDADD) $(LIBS)
+ $(LINK) $(qemuxml2argvtest_OBJECTS) $(qemuxml2argvtest_LDADD) $(LIBS) $(LIBXENRBAC)
qemuxml2xmltest$(EXEEXT): $(qemuxml2xmltest_OBJECTS) $(qemuxml2xmltest_DEPENDENCIES)
@rm -f qemuxml2xmltest$(EXEEXT)
- $(LINK) $(qemuxml2xmltest_OBJECTS) $(qemuxml2xmltest_LDADD) $(LIBS)
+ $(LINK) $(qemuxml2xmltest_OBJECTS) $(qemuxml2xmltest_LDADD) $(LIBS) $(LIBXENRBAC)
reconnect$(EXEEXT): $(reconnect_OBJECTS) $(reconnect_DEPENDENCIES)
@rm -f reconnect$(EXEEXT)
- $(LINK) $(reconnect_OBJECTS) $(reconnect_LDADD) $(LIBS)
+ $(LINK) $(reconnect_OBJECTS) $(reconnect_LDADD) $(LIBS) $(LIBXENRBAC)
sexpr2xmltest$(EXEEXT): $(sexpr2xmltest_OBJECTS) $(sexpr2xmltest_DEPENDENCIES)
@rm -f sexpr2xmltest$(EXEEXT)
- $(LINK) $(sexpr2xmltest_OBJECTS) $(sexpr2xmltest_LDADD) $(LIBS)
+ $(LINK) $(sexpr2xmltest_OBJECTS) $(sexpr2xmltest_LDADD) $(LIBS) $(LIBXENRBAC)
virshtest$(EXEEXT): $(virshtest_OBJECTS) $(virshtest_DEPENDENCIES)
@rm -f virshtest$(EXEEXT)
- $(LINK) $(virshtest_OBJECTS) $(virshtest_LDADD) $(LIBS)
+ $(LINK) $(virshtest_OBJECTS) $(virshtest_LDADD) $(LIBS) $(LIBXENRBAC)
xencapstest$(EXEEXT): $(xencapstest_OBJECTS) $(xencapstest_DEPENDENCIES)
@rm -f xencapstest$(EXEEXT)
- $(LINK) $(xencapstest_OBJECTS) $(xencapstest_LDADD) $(LIBS)
+ $(LINK) $(xencapstest_OBJECTS) $(xencapstest_LDADD) $(LIBS) $(LIBXENRBAC)
xmconfigtest$(EXEEXT): $(xmconfigtest_OBJECTS) $(xmconfigtest_DEPENDENCIES)
@rm -f xmconfigtest$(EXEEXT)
- $(LINK) $(xmconfigtest_OBJECTS) $(xmconfigtest_LDADD) $(LIBS)
+ $(LINK) $(xmconfigtest_OBJECTS) $(xmconfigtest_LDADD) $(LIBS) $(LIBXENRBAC)
xml2sexprtest$(EXEEXT): $(xml2sexprtest_OBJECTS) $(xml2sexprtest_DEPENDENCIES)
@rm -f xml2sexprtest$(EXEEXT)
- $(LINK) $(xml2sexprtest_OBJECTS) $(xml2sexprtest_LDADD) $(LIBS)
+ $(LINK) $(xml2sexprtest_OBJECTS) $(xml2sexprtest_LDADD) $(LIBS) $(LIBXENRBAC)
xmlrpctest$(EXEEXT): $(xmlrpctest_OBJECTS) $(xmlrpctest_DEPENDENCIES)
@rm -f xmlrpctest$(EXEEXT)
- $(LINK) $(xmlrpctest_OBJECTS) $(xmlrpctest_LDADD) $(LIBS)
+ $(LINK) $(xmlrpctest_OBJECTS) $(xmlrpctest_LDADD) $(LIBS) $(LIBXENRBAC)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
15 years, 10 months
- 1
- 0
[libvirt] docs/examples/*.res
by John Levon
What are these files supposed to be? Dan V's 2105:ed8c8b0ec3c5 changeset
backed out my change:
install-data-local:
$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
-@INSTALL@ -m 0644 $(srcdir)/*.html $(srcdir)/*.c
$(srcdir)/*.xml \
- $(srcdir)/*.xsl $(DESTDIR)$(HTML_DIR)
+ $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR)
They don't exist in the repository, so $(srcdir) can't be right, but nor
can I see any rules to generate them in the objdir...
regards
john
15 years, 10 months
- 2
- 3