11:11 a.m.
On 5/14/19 11:48 AM, Daniel P. Berrangé wrote:
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/access/genpolkit.pl | 2 +-
src/access/viraccessdriver.h | 6 ++++
src/access/viraccessdrivernop.c | 11 ++++++++
src/access/viraccessdriverpolkit.c | 26 ++++++++++++++++++
src/access/viraccessdriverstack.c | 25 +++++++++++++++++
src/access/viraccessmanager.c | 16 +++++++++++
src/access/viraccessmanager.h | 6 ++++
src/access/viraccessperm.c | 6 ++++
src/access/viraccessperm.h | 44 ++++++++++++++++++++++++++++++
9 files changed, 141 insertions(+), 1 deletion(-)
diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl
index e074c90eb6..f8f20caf65 100755
--- a/src/access/genpolkit.pl
+++ b/src/access/genpolkit.pl
@@ -21,7 +21,7 @@ use strict;
use warnings;
my @objects = (
- "CONNECT", "DOMAIN", "INTERFACE",
+ "CONNECT", "DOMAIN", "INTERFACE",
"NETWORK_PORT",
"NETWORK","NODE_DEVICE", "NWFILTER_BINDING",
"NWFILTER",
"SECRET", "STORAGE_POOL", "STORAGE_VOL",
);
diff --git a/src/access/viraccessdriver.h b/src/access/viraccessdriver.h
index 2cc3950f60..590d86fdf0 100644
--- a/src/access/viraccessdriver.h
+++ b/src/access/viraccessdriver.h
@@ -39,6 +39,11 @@ typedef int (*virAccessDriverCheckNetworkDrv)(virAccessManagerPtr
manager,
const char *driverName,
virNetworkDefPtr network,
virAccessPermNetwork av);
+typedef int (*virAccessDriverCheckNetworkPortDrv)(virAccessManagerPtr manager,
+ const char *driverName,
+ virNetworkDefPtr network,
+ virNetworkPortDefPtr port,
+ virAccessPermNetworkPort av);
typedef int (*virAccessDriverCheckNodeDeviceDrv)(virAccessManagerPtr manager,
const char *driverName,
virNodeDeviceDefPtr nodedev,
@@ -82,6 +87,7 @@ struct _virAccessDriver {
virAccessDriverCheckDomainDrv checkDomain;
virAccessDriverCheckInterfaceDrv checkInterface;
virAccessDriverCheckNetworkDrv checkNetwork;
+ virAccessDriverCheckNetworkPortDrv checkNetworkPort;
virAccessDriverCheckNodeDeviceDrv checkNodeDevice;
virAccessDriverCheckNWFilterDrv checkNWFilter;
virAccessDriverCheckNWFilterBindingDrv checkNWFilterBinding;
diff --git a/src/access/viraccessdrivernop.c b/src/access/viraccessdrivernop.c
index 98ef9206c5..5e9d9db759 100644
--- a/src/access/viraccessdrivernop.c
+++ b/src/access/viraccessdrivernop.c
@@ -57,6 +57,16 @@ virAccessDriverNopCheckNetwork(virAccessManagerPtr manager
ATTRIBUTE_UNUSED,
return 1; /* Allow */
}
+static int
+virAccessDriverNopCheckNetworkPort(virAccessManagerPtr manager ATTRIBUTE_UNUSED,
+ const char *driverName ATTRIBUTE_UNUSED,
+ virNetworkDefPtr network ATTRIBUTE_UNUSED,
+ virNetworkPortDefPtr port ATTRIBUTE_UNUSED,
+ virAccessPermNetworkPort perm ATTRIBUTE_UNUSED)
+{
+ return 1; /* Allow */
+}
+
static int
virAccessDriverNopCheckNodeDevice(virAccessManagerPtr manager ATTRIBUTE_UNUSED,
const char *driverName ATTRIBUTE_UNUSED,
@@ -119,6 +129,7 @@ virAccessDriver accessDriverNop = {
.checkDomain = virAccessDriverNopCheckDomain,
.checkInterface = virAccessDriverNopCheckInterface,
.checkNetwork = virAccessDriverNopCheckNetwork,
+ .checkNetworkPort = virAccessDriverNopCheckNetworkPort,
.checkNodeDevice = virAccessDriverNopCheckNodeDevice,
.checkNWFilter = virAccessDriverNopCheckNWFilter,
.checkNWFilterBinding = virAccessDriverNopCheckNWFilterBinding,
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 6954d74a15..b1473cd0a4 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -237,6 +237,31 @@ virAccessDriverPolkitCheckNetwork(virAccessManagerPtr manager,
attrs);
}
+static int
+virAccessDriverPolkitCheckNetworkPort(virAccessManagerPtr manager,
+ const char *driverName,
+ virNetworkDefPtr network,
+ virNetworkPortDefPtr port,
+ virAccessPermNetworkPort perm)
+{
+ char uuidstr1[VIR_UUID_STRING_BUFLEN];
+ char uuidstr2[VIR_UUID_STRING_BUFLEN];
+ const char *attrs[] = {
+ "connect_driver", driverName,
+ "network_name", network->name,
+ "network_uuid", uuidstr1,
+ "port_uuid", uuidstr2,
+ NULL,
+ };
+ virUUIDFormat(network->uuid, uuidstr1);
+ virUUIDFormat(port->uuid, uuidstr2);
+
+ return virAccessDriverPolkitCheck(manager,
+ "network-port",
Bah. Most of the other calls to virAccessDriverPolkitCheck with
"typename" that is two words separate it with a "-", but the one for
nwfilter binding uses an underscore :-/ (I only noticed this because
the names of the attributes to check always use underscore, and I've
always been bothered by mixing of - and _ - too bad they don't all use
_, that would allow the same name to be used as a C identifier, and make
searching easier).
Anyway, pointless rant, sorry :-)
I can't claim to have deep knowledge of the access driver, but this
addition follows the pattern of what's already there, so:
Reviewed-by: Laine Stump <laine(a)laine.org>