[libvirt] [PATCH 16/19] Add ACL checks into the node device driver
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Insert calls to the ACL checking APIs in all node device
driver entrypoints.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/node_device/node_device_driver.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index c596901..377d5a9 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -37,6 +37,8 @@
#include "node_device_conf.h"
#include "node_device_hal.h"
#include "node_device_driver.h"
+#include "virutil.h"
+#include "access/viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_NODEDEV
@@ -125,6 +127,9 @@ nodeNumOfDevices(virConnectPtr conn,
int ndevs = 0;
unsigned int i;
+ if (virNodeNumOfDevicesEnsureACL(conn) < 0)
+ return -1;
+
virCheckFlags(0, -1);
nodeDeviceLock(driver);
@@ -150,6 +155,9 @@ nodeListDevices(virConnectPtr conn,
int ndevs = 0;
unsigned int i;
+ if (virNodeListDevicesEnsureACL(conn) < 0)
+ return -1;
+
virCheckFlags(0, -1);
nodeDeviceLock(driver);
@@ -186,6 +194,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP, -1);
+ if (virConnectListAllNodeDevicesEnsureACL(conn) < 0)
+ return -1;
+
nodeDeviceLock(driver);
ret = virNodeDeviceList(conn, driver->devs, devices, flags);
nodeDeviceUnlock(driver);
@@ -208,6 +219,9 @@ nodeDeviceLookupByName(virConnectPtr conn, const char *name)
goto cleanup;
}
+ if (virNodeDeviceLookupByNameEnsureACL(conn, obj->def) < 0)
+ goto cleanup;
+
ret = virGetNodeDevice(conn, name);
cleanup:
@@ -246,6 +260,10 @@ nodeDeviceLookupSCSIHostByWWN(virConnectPtr conn,
VIR_NODE_DEV_CAP_FLAG_HBA_FC_HOST) {
if (STREQ(cap->data.scsi_host.wwnn, wwnn) &&
STREQ(cap->data.scsi_host.wwpn, wwpn)) {
+
+ if (virNodeDeviceLookupSCSIHostByWWNEnsureACL(conn, obj->def)
< 0)
+ goto out;
+
dev = virGetNodeDevice(conn, obj->def->name);
virNodeDeviceObjUnlock(obj);
goto out;
@@ -285,6 +303,9 @@ nodeDeviceGetXMLDesc(virNodeDevicePtr dev,
goto cleanup;
}
+ if (virNodeDeviceGetXMLDescEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
update_driver_name(obj);
update_caps(obj);
@@ -315,6 +336,9 @@ nodeDeviceGetParent(virNodeDevicePtr dev)
goto cleanup;
}
+ if (virNodeDeviceGetParentEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
if (obj->def->parent) {
if (VIR_STRDUP(ret, obj->def->parent) < 0)
goto cleanup;
@@ -350,6 +374,9 @@ nodeDeviceNumOfCaps(virNodeDevicePtr dev)
goto cleanup;
}
+ if (virNodeDeviceNumOfCapsEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
for (caps = obj->def->caps; caps; caps = caps->next)
++ncaps;
ret = ncaps;
@@ -381,6 +408,9 @@ nodeDeviceListCaps(virNodeDevicePtr dev, char **const names, int
maxnames)
goto cleanup;
}
+ if (virNodeDeviceListCapsEnsureACL(dev->conn, obj->def) < 0)
+ goto cleanup;
+
for (caps = obj->def->caps; caps && ncaps < maxnames; caps =
caps->next) {
if (VIR_STRDUP(names[ncaps], virNodeDevCapTypeToString(caps->type)) < 0)
goto cleanup;
@@ -488,6 +518,9 @@ nodeDeviceCreateXML(virConnectPtr conn,
goto cleanup;
}
+ if (virNodeDeviceCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virNodeDeviceGetWWNs(def, &wwnn, &wwpn) == -1) {
goto cleanup;
}
@@ -541,6 +574,9 @@ nodeDeviceDestroy(virNodeDevicePtr dev)
goto out;
}
+ if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0)
+ goto out;
+
if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) {
goto out;
}
--
1.8.1.4