[libvirt] [PATCH 0/9] add ACL checks to vz driver

First (patches 1 - 8) prepare driver to add checks. Nikolay Shirokovskiy (9): vz: expand start/stop/... APIs for ACL checks vz: implement plain create API thru createFlags instead of visa versa vz: factor out block stats impl vz: factor out converting block stats to params vz: add missing flagged versions of API functions vz: expand setting memory API calls vz: prepare migration for ACL checks remote: rename protocol names for close callbacks vz: add ACL checks to API calls daemon/remote.c | 4 +- src/Makefile.am | 5 +- src/check-aclrules.pl | 1 + src/remote/remote_driver.c | 4 +- src/remote/remote_protocol.x | 8 +- src/vz/vz_driver.c | 889 +++++++++++++++++++++++++++++++++++-------- src/vz/vz_sdk.c | 172 ++++----- src/vz/vz_sdk.h | 23 +- 8 files changed, 828 insertions(+), 278 deletions(-) -- 1.8.3.1

The original motivation is to expand API calls like start/stop etc so that the ACL checks could be added. But this patch has its own befenits. 1. functions like prlsdkStart/Stop use common routine to wait for job without domain lock. They become more self contained and do not return intermediate PRL_RESULT. 2. vzDomainManagedSave do not update cache twice. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 216 ++++++++++++++++++++++++++++++++++++++++++++++++----- src/vz/vz_sdk.c | 172 +++++++++++++++++++++--------------------- src/vz/vz_sdk.h | 23 ++---- 3 files changed, 291 insertions(+), 120 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index faa1f56..0079384 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -957,36 +957,210 @@ vzConnectDomainEventDeregisterAny(virConnectPtr conn, return 0; } -static int vzDomainSuspend(virDomainPtr domain) +static int +vzDomainSuspend(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkPause); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkPause(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; } -static int vzDomainResume(virDomainPtr domain) +static int +vzDomainResume(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkResume); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkResume(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; } -static int vzDomainCreate(virDomainPtr domain) +static int +vzDomainCreate(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkStart); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkStart(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; } -static int vzDomainDestroy(virDomainPtr domain) +static int +vzDomainDestroy(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkKill); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkKill(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; } -static int vzDomainShutdown(virDomainPtr domain) +static int +vzDomainShutdown(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkStop); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkStop(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; } -static int vzDomainReboot(virDomainPtr domain, - unsigned int flags) +static int +vzDomainReboot(virDomainPtr domain, unsigned int flags) { + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + virCheckFlags(0, -1); - return prlsdkDomainChangeState(domain, prlsdkRestart); + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkRestart(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; } static int vzDomainIsActive(virDomainPtr domain) @@ -1095,13 +1269,17 @@ vzDomainManagedSave(virDomainPtr domain, unsigned int flags) state = virDomainObjGetState(dom, &reason); - if (state == VIR_DOMAIN_RUNNING && (flags & VIR_DOMAIN_SAVE_PAUSED)) { - ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, prlsdkPause); - if (ret) - goto cleanup; - } + if (state == VIR_DOMAIN_RUNNING && (flags & VIR_DOMAIN_SAVE_PAUSED) && + prlsdkPause(dom) < 0) + goto cleanup; - ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, prlsdkSuspend); + if (prlsdkSuspend(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; cleanup: if (job) diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c index 77193e6..02cbb3b 100644 --- a/src/vz/vz_sdk.c +++ b/src/vz/vz_sdk.c @@ -40,6 +40,8 @@ static int prlsdkUUIDParse(const char *uuidstr, unsigned char *uuid); +static void +prlsdkConvertError(PRL_RESULT pret); VIR_LOG_INIT("parallels.sdk"); @@ -2004,131 +2006,129 @@ void prlsdkUnsubscribeFromPCSEvents(vzDriverPtr driver) logPrlError(ret); } -PRL_RESULT prlsdkStart(PRL_HANDLE sdkdom) +int prlsdkStart(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; + + job = PrlVm_StartEx(privdom->sdkdom, PSM_VM_START, 0); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } - job = PrlVm_StartEx(sdkdom, PSM_VM_START, 0); - return waitJob(job); + return 0; } -static PRL_RESULT prlsdkStopEx(PRL_HANDLE sdkdom, PRL_UINT32 mode) +int prlsdkKill(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; - job = PrlVm_StopEx(sdkdom, mode, 0); - return waitJob(job); -} + job = PrlVm_StopEx(privdom->sdkdom, PSM_KILL, 0); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } -PRL_RESULT prlsdkKill(PRL_HANDLE sdkdom) -{ - return prlsdkStopEx(sdkdom, PSM_KILL); + return 0; } -PRL_RESULT prlsdkStop(PRL_HANDLE sdkdom) +int prlsdkStop(virDomainObjPtr dom) { - return prlsdkStopEx(sdkdom, PSM_SHUTDOWN); + PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; + + job = PrlVm_StopEx(privdom->sdkdom, PSM_SHUTDOWN, 0); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; } -PRL_RESULT prlsdkPause(PRL_HANDLE sdkdom) +int prlsdkPause(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; + + job = PrlVm_Pause(privdom->sdkdom, false); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } - job = PrlVm_Pause(sdkdom, false); - return waitJob(job); + return 0; } -PRL_RESULT prlsdkResume(PRL_HANDLE sdkdom) +int prlsdkResume(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; - job = PrlVm_Resume(sdkdom); - return waitJob(job); + job = PrlVm_Resume(privdom->sdkdom); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; } -PRL_RESULT prlsdkSuspend(PRL_HANDLE sdkdom) +int prlsdkSuspend(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; - job = PrlVm_Suspend(sdkdom); - return waitJob(job); + job = PrlVm_Suspend(privdom->sdkdom); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; } -PRL_RESULT prlsdkRestart(PRL_HANDLE sdkdom) +int prlsdkRestart(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; - job = PrlVm_Restart(sdkdom); - return waitJob(job); + job = PrlVm_Restart(privdom->sdkdom); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; } -int -prlsdkDomainChangeStateLocked(vzDriverPtr driver, - virDomainObjPtr dom, - prlsdkChangeStateFunc chstate) +static void +prlsdkConvertError(PRL_RESULT pret) { - vzDomObjPtr pdom; - PRL_RESULT pret; virErrorNumber virerr; - pdom = dom->privateData; - virObjectUnlock(dom); - pret = chstate(pdom->sdkdom); - virObjectLock(dom); - if (PRL_FAILED(pret)) { - virResetLastError(); - - switch (pret) { - case PRL_ERR_DISP_VM_IS_NOT_STARTED: - case PRL_ERR_DISP_VM_IS_NOT_STOPPED: - case PRL_ERR_INVALID_ACTION_REQUESTED: - case PRL_ERR_UNIMPLEMENTED: - virerr = VIR_ERR_OPERATION_INVALID; - break; - default: - virerr = VIR_ERR_OPERATION_FAILED; - } - - virReportError(virerr, "%s", _("Can't change domain state.")); - return -1; - } - - return prlsdkUpdateDomain(driver, dom); -} - -int -prlsdkDomainChangeState(virDomainPtr domain, - prlsdkChangeStateFunc chstate) -{ - vzConnPtr privconn = domain->conn->privateData; - virDomainObjPtr dom; - int ret = -1; - bool job = false; - - if (!(dom = vzDomObjFromDomainRef(domain))) - return -1; - - if (vzDomainObjBeginJob(dom) < 0) - goto cleanup; - job = true; - - if (dom->removing) { - char uuidstr[VIR_UUID_STRING_BUFLEN]; - - virUUIDFormat(dom->def->uuid, uuidstr); - virReportError(VIR_ERR_NO_DOMAIN, - _("no domain with matching uuid '%s' (%s)"), - uuidstr, dom->def->name); - goto cleanup; + switch (pret) { + case PRL_ERR_DISP_VM_IS_NOT_STARTED: + case PRL_ERR_DISP_VM_IS_NOT_STOPPED: + case PRL_ERR_INVALID_ACTION_REQUESTED: + case PRL_ERR_UNIMPLEMENTED: + virerr = VIR_ERR_OPERATION_INVALID; + break; + default: + virerr = VIR_ERR_OPERATION_FAILED; } - ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, chstate); - - cleanup: - if (job) - vzDomainObjEndJob(dom); - virDomainObjEndAPI(&dom); - return ret; + virResetLastError(); + virReportError(virerr, "%s", _("Can't change domain state.")); } static int diff --git a/src/vz/vz_sdk.h b/src/vz/vz_sdk.h index e32001a..e9d7169 100644 --- a/src/vz/vz_sdk.h +++ b/src/vz/vz_sdk.h @@ -37,22 +37,15 @@ prlsdkAddDomainByName(vzDriverPtr driver, const char *name); int prlsdkUpdateDomain(vzDriverPtr driver, virDomainObjPtr dom); int prlsdkSubscribeToPCSEvents(vzDriverPtr driver); void prlsdkUnsubscribeFromPCSEvents(vzDriverPtr driver); -PRL_RESULT prlsdkStart(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkKill(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkStop(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkPause(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkResume(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkSuspend(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkRestart(PRL_HANDLE sdkdom); -typedef PRL_RESULT (*prlsdkChangeStateFunc)(PRL_HANDLE sdkdom); -int -prlsdkDomainChangeState(virDomainPtr domain, - prlsdkChangeStateFunc chstate); -int -prlsdkDomainChangeStateLocked(vzDriverPtr driver, - virDomainObjPtr dom, - prlsdkChangeStateFunc chstate); +int prlsdkStart(virDomainObjPtr dom); +int prlsdkKill(virDomainObjPtr dom); +int prlsdkStop(virDomainObjPtr dom); +int prlsdkPause(virDomainObjPtr dom); +int prlsdkResume(virDomainObjPtr dom); +int prlsdkSuspend(virDomainObjPtr dom); +int prlsdkRestart(virDomainObjPtr dom); + int prlsdkApplyConfig(vzDriverPtr driver, virDomainObjPtr dom, -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
The original motivation is to expand API calls like start/stop etc so that the ACL checks could be added. But this patch has its own befenits.
1. functions like prlsdkStart/Stop use common routine to wait for job without domain lock. They become more self contained and do not return intermediate PRL_RESULT.
2. vzDomainManagedSave do not update cache twice.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 216 ++++++++++++++++++++++++++++++++++++++++++++++++----- src/vz/vz_sdk.c | 172 +++++++++++++++++++++--------------------- src/vz/vz_sdk.h | 23 ++---- 3 files changed, 291 insertions(+), 120 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index faa1f56..0079384 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -957,36 +957,210 @@ vzConnectDomainEventDeregisterAny(virConnectPtr conn, return 0; }
-static int vzDomainSuspend(virDomainPtr domain) +static int +vzDomainSuspend(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkPause); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; +
s/vzDomainObjIsExist/vzEnsureDomainExists
+ if (prlsdkPause(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; }
-static int vzDomainResume(virDomainPtr domain) +static int +vzDomainResume(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkResume); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; +
same here and below
+ if (prlsdkResume(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; }
-static int vzDomainCreate(virDomainPtr domain) +static int +vzDomainCreate(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkStart); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkStart(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; }
-static int vzDomainDestroy(virDomainPtr domain) +static int +vzDomainDestroy(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkKill); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkKill(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; }
-static int vzDomainShutdown(virDomainPtr domain) +static int +vzDomainShutdown(virDomainPtr domain) { - return prlsdkDomainChangeState(domain, prlsdkStop); + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkStop(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; }
-static int vzDomainReboot(virDomainPtr domain, - unsigned int flags) +static int +vzDomainReboot(virDomainPtr domain, unsigned int flags) { + vzConnPtr privconn = domain->conn->privateData; + virDomainObjPtr dom; + int ret = -1; + bool job = false; + virCheckFlags(0, -1); - return prlsdkDomainChangeState(domain, prlsdkRestart); + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + if (prlsdkRestart(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0; + + cleanup: + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + + return ret; }
static int vzDomainIsActive(virDomainPtr domain) @@ -1095,13 +1269,17 @@ vzDomainManagedSave(virDomainPtr domain, unsigned int flags)
state = virDomainObjGetState(dom, &reason);
- if (state == VIR_DOMAIN_RUNNING && (flags & VIR_DOMAIN_SAVE_PAUSED)) { - ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, prlsdkPause); - if (ret) - goto cleanup; - } + if (state == VIR_DOMAIN_RUNNING && (flags & VIR_DOMAIN_SAVE_PAUSED) && + prlsdkPause(dom) < 0) + goto cleanup;
- ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, prlsdkSuspend); + if (prlsdkSuspend(dom) < 0) + goto cleanup; + + if (prlsdkUpdateDomain(privconn->driver, dom) < 0) + goto cleanup; + + ret = 0;
cleanup: if (job) diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c index 77193e6..02cbb3b 100644 --- a/src/vz/vz_sdk.c +++ b/src/vz/vz_sdk.c @@ -40,6 +40,8 @@
static int prlsdkUUIDParse(const char *uuidstr, unsigned char *uuid); +static void +prlsdkConvertError(PRL_RESULT pret);
VIR_LOG_INIT("parallels.sdk");
@@ -2004,131 +2006,129 @@ void prlsdkUnsubscribeFromPCSEvents(vzDriverPtr driver) logPrlError(ret); }
-PRL_RESULT prlsdkStart(PRL_HANDLE sdkdom) +int prlsdkStart(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; + + job = PrlVm_StartEx(privdom->sdkdom, PSM_VM_START, 0); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + }
- job = PrlVm_StartEx(sdkdom, PSM_VM_START, 0); - return waitJob(job); + return 0; }
-static PRL_RESULT prlsdkStopEx(PRL_HANDLE sdkdom, PRL_UINT32 mode) +int prlsdkKill(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret;
- job = PrlVm_StopEx(sdkdom, mode, 0); - return waitJob(job); -} + job = PrlVm_StopEx(privdom->sdkdom, PSM_KILL, 0); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + }
-PRL_RESULT prlsdkKill(PRL_HANDLE sdkdom) -{ - return prlsdkStopEx(sdkdom, PSM_KILL); + return 0; }
-PRL_RESULT prlsdkStop(PRL_HANDLE sdkdom) +int prlsdkStop(virDomainObjPtr dom) { - return prlsdkStopEx(sdkdom, PSM_SHUTDOWN); + PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; + + job = PrlVm_StopEx(privdom->sdkdom, PSM_SHUTDOWN, 0); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; }
-PRL_RESULT prlsdkPause(PRL_HANDLE sdkdom) +int prlsdkPause(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret; + + job = PrlVm_Pause(privdom->sdkdom, false); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + }
- job = PrlVm_Pause(sdkdom, false); - return waitJob(job); + return 0; }
-PRL_RESULT prlsdkResume(PRL_HANDLE sdkdom) +int prlsdkResume(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret;
- job = PrlVm_Resume(sdkdom); - return waitJob(job); + job = PrlVm_Resume(privdom->sdkdom); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; }
-PRL_RESULT prlsdkSuspend(PRL_HANDLE sdkdom) +int prlsdkSuspend(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret;
- job = PrlVm_Suspend(sdkdom); - return waitJob(job); + job = PrlVm_Suspend(privdom->sdkdom); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; }
-PRL_RESULT prlsdkRestart(PRL_HANDLE sdkdom) +int prlsdkRestart(virDomainObjPtr dom) { PRL_HANDLE job = PRL_INVALID_HANDLE; + vzDomObjPtr privdom = dom->privateData; + PRL_RESULT pret;
- job = PrlVm_Restart(sdkdom); - return waitJob(job); + job = PrlVm_Restart(privdom->sdkdom); + if (PRL_FAILED(pret = waitDomainJob(job, dom))) { + prlsdkConvertError(pret); + return -1; + } + + return 0; }
-int -prlsdkDomainChangeStateLocked(vzDriverPtr driver, - virDomainObjPtr dom, - prlsdkChangeStateFunc chstate) +static void +prlsdkConvertError(PRL_RESULT pret) { - vzDomObjPtr pdom; - PRL_RESULT pret; virErrorNumber virerr;
- pdom = dom->privateData; - virObjectUnlock(dom); - pret = chstate(pdom->sdkdom); - virObjectLock(dom); - if (PRL_FAILED(pret)) { - virResetLastError(); - - switch (pret) { - case PRL_ERR_DISP_VM_IS_NOT_STARTED: - case PRL_ERR_DISP_VM_IS_NOT_STOPPED: - case PRL_ERR_INVALID_ACTION_REQUESTED: - case PRL_ERR_UNIMPLEMENTED: - virerr = VIR_ERR_OPERATION_INVALID; - break; - default: - virerr = VIR_ERR_OPERATION_FAILED; - } - - virReportError(virerr, "%s", _("Can't change domain state.")); - return -1; - } - - return prlsdkUpdateDomain(driver, dom); -} - -int -prlsdkDomainChangeState(virDomainPtr domain, - prlsdkChangeStateFunc chstate) -{ - vzConnPtr privconn = domain->conn->privateData; - virDomainObjPtr dom; - int ret = -1; - bool job = false; - - if (!(dom = vzDomObjFromDomainRef(domain))) - return -1; - - if (vzDomainObjBeginJob(dom) < 0) - goto cleanup; - job = true; - - if (dom->removing) { - char uuidstr[VIR_UUID_STRING_BUFLEN]; - - virUUIDFormat(dom->def->uuid, uuidstr); - virReportError(VIR_ERR_NO_DOMAIN, - _("no domain with matching uuid '%s' (%s)"), - uuidstr, dom->def->name); - goto cleanup; + switch (pret) { + case PRL_ERR_DISP_VM_IS_NOT_STARTED: + case PRL_ERR_DISP_VM_IS_NOT_STOPPED: + case PRL_ERR_INVALID_ACTION_REQUESTED: + case PRL_ERR_UNIMPLEMENTED: + virerr = VIR_ERR_OPERATION_INVALID; + break; + default: + virerr = VIR_ERR_OPERATION_FAILED; }
- ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, chstate); - - cleanup: - if (job) - vzDomainObjEndJob(dom); - virDomainObjEndAPI(&dom); - return ret; + virResetLastError(); + virReportError(virerr, "%s", _("Can't change domain state.")); }
static int diff --git a/src/vz/vz_sdk.h b/src/vz/vz_sdk.h index e32001a..e9d7169 100644 --- a/src/vz/vz_sdk.h +++ b/src/vz/vz_sdk.h @@ -37,22 +37,15 @@ prlsdkAddDomainByName(vzDriverPtr driver, const char *name); int prlsdkUpdateDomain(vzDriverPtr driver, virDomainObjPtr dom); int prlsdkSubscribeToPCSEvents(vzDriverPtr driver); void prlsdkUnsubscribeFromPCSEvents(vzDriverPtr driver); -PRL_RESULT prlsdkStart(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkKill(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkStop(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkPause(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkResume(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkSuspend(PRL_HANDLE sdkdom); -PRL_RESULT prlsdkRestart(PRL_HANDLE sdkdom);
-typedef PRL_RESULT (*prlsdkChangeStateFunc)(PRL_HANDLE sdkdom); -int -prlsdkDomainChangeState(virDomainPtr domain, - prlsdkChangeStateFunc chstate); -int -prlsdkDomainChangeStateLocked(vzDriverPtr driver, - virDomainObjPtr dom, - prlsdkChangeStateFunc chstate); +int prlsdkStart(virDomainObjPtr dom); +int prlsdkKill(virDomainObjPtr dom); +int prlsdkStop(virDomainObjPtr dom); +int prlsdkPause(virDomainObjPtr dom); +int prlsdkResume(virDomainObjPtr dom); +int prlsdkSuspend(virDomainObjPtr dom); +int prlsdkRestart(virDomainObjPtr dom); + int prlsdkApplyConfig(vzDriverPtr driver, virDomainObjPtr dom, ACK with mentioned changes
Maxim

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 0079384..8e39a5d 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1026,13 +1026,15 @@ vzDomainResume(virDomainPtr domain) } static int -vzDomainCreate(virDomainPtr domain) +vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) { vzConnPtr privconn = domain->conn->privateData; virDomainObjPtr dom; int ret = -1; bool job = false; + virCheckFlags(0, -1); + if (!(dom = vzDomObjFromDomainRef(domain))) return -1; @@ -1178,12 +1180,9 @@ static int vzDomainIsActive(virDomainPtr domain) } static int -vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) +vzDomainCreate(virDomainPtr domain) { - /* we don't support any create flags */ - virCheckFlags(0, -1); - - return vzDomainCreate(domain); + return vzDomainCreateWithFlags(domain, 0); } static int -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 0079384..8e39a5d 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1026,13 +1026,15 @@ vzDomainResume(virDomainPtr domain) }
static int -vzDomainCreate(virDomainPtr domain) +vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) { vzConnPtr privconn = domain->conn->privateData; virDomainObjPtr dom; int ret = -1; bool job = false;
+ virCheckFlags(0, -1); + if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
@@ -1178,12 +1180,9 @@ static int vzDomainIsActive(virDomainPtr domain) }
static int -vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) +vzDomainCreate(virDomainPtr domain) { - /* we don't support any create flags */ - virCheckFlags(0, -1); - - return vzDomainCreate(domain); + return vzDomainCreateWithFlags(domain, 0); }
static int ACK

Now we can use intended ACL check for both API calls. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 45 +++++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 8e39a5d..f7e1c07 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1518,27 +1518,21 @@ vzDomainGetMaxMemory(virDomainPtr domain) } static int -vzDomainBlockStats(virDomainPtr domain, const char *path, - virDomainBlockStatsPtr stats) +vzDomainBlockStatsImpl(virDomainObjPtr dom, + const char *path, + virDomainBlockStatsPtr stats) { - virDomainObjPtr dom = NULL; - vzDomObjPtr privdom; - int ret = -1; + vzDomObjPtr privdom = dom->privateData; size_t i; int idx; - if (!(dom = vzDomObjFromDomainRef(domain))) - return -1; - - privdom = dom->privateData; - if (*path) { if ((idx = virDomainDiskIndexByName(dom->def, path, false)) < 0) { virReportError(VIR_ERR_INVALID_ARG, _("invalid path: %s"), path); - goto cleanup; + return -1; } if (prlsdkGetBlockStats(privdom->stats, dom->def->disks[idx], stats) < 0) - goto cleanup; + return -1; } else { virDomainBlockStatsStruct s; @@ -1551,7 +1545,7 @@ vzDomainBlockStats(virDomainPtr domain, const char *path, for (i = 0; i < dom->def->ndisks; i++) { if (prlsdkGetBlockStats(privdom->stats, dom->def->disks[i], &s) < 0) - goto cleanup; + return -1; #define PARALLELS_SUM_STATS(VAR, TYPE, NAME) \ if (s.VAR != -1) \ @@ -1563,6 +1557,23 @@ vzDomainBlockStats(virDomainPtr domain, const char *path, } } stats->errs = -1; + return 0; +} + +static int +vzDomainBlockStats(virDomainPtr domain, + const char *path, + virDomainBlockStatsPtr stats) +{ + virDomainObjPtr dom; + int ret = -1; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainBlockStatsImpl(dom, path, stats) < 0) + goto cleanup; + ret = 0; cleanup: @@ -1579,6 +1590,7 @@ vzDomainBlockStatsFlags(virDomainPtr domain, unsigned int flags) { virDomainBlockStatsStruct stats; + virDomainObjPtr dom; int ret = -1; size_t i; @@ -1586,7 +1598,10 @@ vzDomainBlockStatsFlags(virDomainPtr domain, /* We don't return strings, and thus trivially support this flag. */ flags &= ~VIR_TYPED_PARAM_STRING_OKAY; - if (vzDomainBlockStats(domain, path, &stats) < 0) + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainBlockStatsImpl(dom, path, &stats) < 0) goto cleanup; if (*nparams == 0) { @@ -1618,6 +1633,8 @@ vzDomainBlockStatsFlags(virDomainPtr domain, ret = 0; cleanup: + virDomainObjEndAPI(&dom); + return ret; } -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
Now we can use intended ACL check for both API calls.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 45 +++++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 14 deletions(-) ACK

This action deserves its own function and makes main API call structure much cleaner. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 61 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index f7e1c07..72774ae 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1583,6 +1583,41 @@ vzDomainBlockStats(virDomainPtr domain, } static int +vzDomainBlockStatsToParams(virDomainBlockStatsPtr stats, + virTypedParameterPtr params, + int *nparams) +{ + size_t i; + + if (*nparams == 0) { +#define PARALLELS_COUNT_STATS(VAR, TYPE, NAME) \ + if ((stats->VAR) != -1) \ + ++*nparams; + + PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_COUNT_STATS) + +#undef PARALLELS_COUNT_STATS + return 0; + } + + i = 0; +#define PARALLELS_BLOCK_STATS_ASSIGN_PARAM(VAR, TYPE, NAME) \ + if (i < *nparams && (stats->VAR) != -1) { \ + if (virTypedParameterAssign(params + i, TYPE, \ + VIR_TYPED_PARAM_LLONG, (stats->VAR)) < 0) \ + return -1; \ + i++; \ + } + + PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_BLOCK_STATS_ASSIGN_PARAM) + +#undef PARALLELS_BLOCK_STATS_ASSIGN_PARAM + + *nparams = i; + return 0; +} + +static int vzDomainBlockStatsFlags(virDomainPtr domain, const char *path, virTypedParameterPtr params, @@ -1592,7 +1627,6 @@ vzDomainBlockStatsFlags(virDomainPtr domain, virDomainBlockStatsStruct stats; virDomainObjPtr dom; int ret = -1; - size_t i; virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); /* We don't return strings, and thus trivially support this flag. */ @@ -1604,32 +1638,9 @@ vzDomainBlockStatsFlags(virDomainPtr domain, if (vzDomainBlockStatsImpl(dom, path, &stats) < 0) goto cleanup; - if (*nparams == 0) { -#define PARALLELS_COUNT_STATS(VAR, TYPE, NAME) \ - if ((stats.VAR) != -1) \ - ++*nparams; - - PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_COUNT_STATS) - -#undef PARALLELS_COUNT_STATS - ret = 0; + if (vzDomainBlockStatsToParams(&stats, params, nparams) < 0) goto cleanup; - } - i = 0; -#define PARALLELS_BLOCK_STATS_ASSIGN_PARAM(VAR, TYPE, NAME) \ - if (i < *nparams && (stats.VAR) != -1) { \ - if (virTypedParameterAssign(params + i, TYPE, \ - VIR_TYPED_PARAM_LLONG, (stats.VAR)) < 0) \ - goto cleanup; \ - i++; \ - } - - PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_BLOCK_STATS_ASSIGN_PARAM) - -#undef PARALLELS_BLOCK_STATS_ASSIGN_PARAM - - *nparams = i; ret = 0; cleanup: -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
This action deserves its own function and makes main API call structure much cleaner.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 61 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 25 deletions(-)
ACK

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 72774ae..9c93db1 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1062,13 +1062,15 @@ vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) } static int -vzDomainDestroy(virDomainPtr domain) +vzDomainDestroyFlags(virDomainPtr domain, unsigned int flags) { vzConnPtr privconn = domain->conn->privateData; virDomainObjPtr dom; int ret = -1; bool job = false; + virCheckFlags(0, -1); + if (!(dom = vzDomObjFromDomainRef(domain))) return -1; @@ -1096,13 +1098,21 @@ vzDomainDestroy(virDomainPtr domain) } static int -vzDomainShutdown(virDomainPtr domain) +vzDomainDestroy(virDomainPtr dom) +{ + return vzDomainDestroyFlags(dom, 0); +} + +static int +vzDomainShutdownFlags(virDomainPtr domain, unsigned int flags) { vzConnPtr privconn = domain->conn->privateData; virDomainObjPtr dom; int ret = -1; bool job = false; + virCheckFlags(0, -1); + if (!(dom = vzDomObjFromDomainRef(domain))) return -1; @@ -1129,6 +1139,11 @@ vzDomainShutdown(virDomainPtr domain) return ret; } +static int vzDomainShutdown(virDomainPtr dom) +{ + return vzDomainShutdownFlags(dom, 0); +} + static int vzDomainReboot(virDomainPtr domain, unsigned int flags) { @@ -3126,7 +3141,9 @@ static virHypervisorDriver vzHypervisorDriver = { .domainSuspend = vzDomainSuspend, /* 0.10.0 */ .domainResume = vzDomainResume, /* 0.10.0 */ .domainDestroy = vzDomainDestroy, /* 0.10.0 */ + .domainDestroyFlags = vzDomainDestroyFlags, /* 2.0.0 */ .domainShutdown = vzDomainShutdown, /* 0.10.0 */ + .domainShutdownFlags = vzDomainShutdownFlags, /* 2.0.0 */ .domainCreate = vzDomainCreate, /* 0.10.0 */ .domainCreateWithFlags = vzDomainCreateWithFlags, /* 1.2.10 */ .domainReboot = vzDomainReboot, /* 1.3.0 */ -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) ACK with libvirt version correction to 2.2.0

We need it to prepare the calls for ACL checks otherwise ACL checking script will fail. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 85 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 35 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 9c93db1..12abe82 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1850,48 +1850,63 @@ vzConnectUnregisterCloseCallback(virConnectPtr conn, virConnectCloseFunc cb) return ret; } -static int vzDomainSetMemoryFlagsImpl(virDomainPtr domain, unsigned long memory, - unsigned int flags, bool useflags) -{ - virDomainObjPtr dom = NULL; - int ret = -1; - bool job = false; - - virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | - VIR_DOMAIN_AFFECT_CONFIG, -1); - - if (!(dom = vzDomObjFromDomainRef(domain))) - return -1; - - if (useflags && vzCheckConfigUpdateFlags(dom, &flags) < 0) - goto cleanup; - - if (vzDomainObjBeginJob(dom) < 0) - goto cleanup; - job = true; - - if (!vzDomainObjIsExist(dom)) - goto cleanup; - - ret = prlsdkSetMemsize(dom, memory >> 10); - - cleanup: - - if (job) - vzDomainObjEndJob(dom); - virDomainObjEndAPI(&dom); - return ret; -} - static int vzDomainSetMemoryFlags(virDomainPtr domain, unsigned long memory, unsigned int flags) { - return vzDomainSetMemoryFlagsImpl(domain, memory, flags, true); + virDomainObjPtr dom = NULL; + int ret = -1; + bool job = false; + + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | + VIR_DOMAIN_AFFECT_CONFIG, -1); + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzCheckConfigUpdateFlags(dom, &flags) < 0) + goto cleanup; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + ret = prlsdkSetMemsize(dom, memory >> 10); + + cleanup: + + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + return ret; } static int vzDomainSetMemory(virDomainPtr domain, unsigned long memory) { - return vzDomainSetMemoryFlagsImpl(domain, memory, 0, false); + virDomainObjPtr dom = NULL; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; + + ret = prlsdkSetMemsize(dom, memory >> 10); + + cleanup: + + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + return ret; } static virDomainSnapshotObjPtr -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
We need it to prepare the calls for ACL checks otherwise ACL checking script will fail.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 85 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 35 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 9c93db1..12abe82 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -1850,48 +1850,63 @@ vzConnectUnregisterCloseCallback(virConnectPtr conn, virConnectCloseFunc cb) return ret; }
-static int vzDomainSetMemoryFlagsImpl(virDomainPtr domain, unsigned long memory, - unsigned int flags, bool useflags) -{ - virDomainObjPtr dom = NULL; - int ret = -1; - bool job = false; - - virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | - VIR_DOMAIN_AFFECT_CONFIG, -1); - - if (!(dom = vzDomObjFromDomainRef(domain))) - return -1; - - if (useflags && vzCheckConfigUpdateFlags(dom, &flags) < 0) - goto cleanup; - - if (vzDomainObjBeginJob(dom) < 0) - goto cleanup; - job = true; - - if (!vzDomainObjIsExist(dom)) - goto cleanup; - - ret = prlsdkSetMemsize(dom, memory >> 10); - - cleanup: - - if (job) - vzDomainObjEndJob(dom); - virDomainObjEndAPI(&dom); - return ret; -} - static int vzDomainSetMemoryFlags(virDomainPtr domain, unsigned long memory, unsigned int flags) { - return vzDomainSetMemoryFlagsImpl(domain, memory, flags, true); + virDomainObjPtr dom = NULL; + int ret = -1; + bool job = false; + + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | + VIR_DOMAIN_AFFECT_CONFIG, -1); + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzCheckConfigUpdateFlags(dom, &flags) < 0) + goto cleanup; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; +
Now it's vzEnsureDomainExists
+ ret = prlsdkSetMemsize(dom, memory >> 10); + + cleanup: + + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + return ret; }
static int vzDomainSetMemory(virDomainPtr domain, unsigned long memory) { - return vzDomainSetMemoryFlagsImpl(domain, memory, 0, false); + virDomainObjPtr dom = NULL; + int ret = -1; + bool job = false; + + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + + if (vzDomainObjBeginJob(dom) < 0) + goto cleanup; + job = true; + + if (!vzDomainObjIsExist(dom)) + goto cleanup; +
same
+ ret = prlsdkSetMemsize(dom, memory >> 10); + + cleanup: + + if (job) + vzDomainObjEndJob(dom); + virDomainObjEndAPI(&dom); + return ret; }
static virDomainSnapshotObjPtr Otherwise ACK

ACL check on perform step should be in API call itself to make ACL checking script pass. Thus we need to reorganize code to obtain domain object in perform API itself. Most of this is straight forward, the only nuance is dropping locks on lengthy remote operations. The other motivation is to have only perform step ACL checks for p2p migration instead of both begin in perform if we can leave ACL check in vzDomainMigratePerformStep. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 114 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 48 deletions(-) diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 12abe82..9fa377e 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -2601,43 +2601,55 @@ vzEatCookie(const char *cookiein, int cookieinlen, unsigned int flags) NULL static char * -vzDomainMigrateBegin3Params(virDomainPtr domain, - virTypedParameterPtr params, - int nparams, - char **cookieout, - int *cookieoutlen, - unsigned int flags) +vzDomainMigrateBeginStep(virDomainObjPtr dom, + vzDriverPtr driver, + virTypedParameterPtr params, + int nparams, + char **cookieout, + int *cookieoutlen) { - char *xml = NULL; - virDomainObjPtr dom = NULL; - vzConnPtr privconn = domain->conn->privateData; - - virCheckFlags(VZ_MIGRATION_FLAGS, NULL); - - if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0) - goto cleanup; - /* we can't do this check via VZ_MIGRATION_PARAMETERS as on preparation * step domain xml will be passed via this parameter and it is a common * style to use single allowed parameter list definition in all steps */ if (virTypedParamsGet(params, nparams, VIR_MIGRATE_PARAM_DEST_XML)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Changing destination XML is not supported")); - goto cleanup; + return NULL; } - if (!(dom = vzDomObjFromDomain(domain))) - goto cleanup; - /* session uuid, domain uuid and domain name are for backward compat */ - if (vzBakeCookie(privconn->driver, dom, cookieout, cookieoutlen, + if (vzBakeCookie(driver, dom, cookieout, cookieoutlen, VZ_MIGRATION_COOKIE_SESSION_UUID | VZ_MIGRATION_COOKIE_DOMAIN_UUID | VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0) + return NULL; + + return virDomainDefFormat(dom->def, driver->caps, + VIR_DOMAIN_XML_MIGRATABLE); +} + +static char * +vzDomainMigrateBegin3Params(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + char **cookieout, + int *cookieoutlen, + unsigned int flags) +{ + char *xml = NULL; + virDomainObjPtr dom = NULL; + vzConnPtr privconn = domain->conn->privateData; + + virCheckFlags(VZ_MIGRATION_FLAGS, NULL); + + if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0) + goto cleanup; + + if (!(dom = vzDomObjFromDomain(domain))) goto cleanup; - xml = virDomainDefFormat(dom->def, privconn->driver->caps, - VIR_DOMAIN_XML_MIGRATABLE); + xml = vzDomainMigrateBeginStep(dom, privconn->driver, params, nparams, + cookieout, cookieoutlen); cleanup: @@ -2765,7 +2777,8 @@ vzParseVzURI(const char *uri_str) } static int -vzDomainMigratePerformStep(virDomainPtr domain, +vzDomainMigratePerformStep(virDomainObjPtr dom, + vzDriverPtr driver, virTypedParameterPtr params, int nparams, const char *cookiein, @@ -2773,20 +2786,13 @@ vzDomainMigratePerformStep(virDomainPtr domain, unsigned int flags) { int ret = -1; - virDomainObjPtr dom = NULL; - vzDomObjPtr privdom; + vzDomObjPtr privdom = dom->privateData; virURIPtr vzuri = NULL; - vzConnPtr privconn = domain->conn->privateData; const char *miguri = NULL; const char *dname = NULL; vzMigrationCookiePtr mig = NULL; bool job = false; - virCheckFlags(VZ_MIGRATION_FLAGS, -1); - - if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0) - goto cleanup; - if (virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_URI, &miguri) < 0 || virTypedParamsGetString(params, nparams, @@ -2803,13 +2809,9 @@ vzDomainMigratePerformStep(virDomainPtr domain, VZ_MIGRATION_COOKIE_SESSION_UUID))) goto cleanup; - if (!(dom = vzDomObjFromDomainRef(domain))) - goto cleanup; - if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; - privdom = dom->privateData; privdom->job.hasProgress = true; if (!vzDomainObjIsExist(dom)) @@ -2821,7 +2823,7 @@ vzDomainMigratePerformStep(virDomainPtr domain, if (prlsdkMigrate(dom, vzuri, mig->session_uuid, dname, flags) < 0) goto cleanup; - virDomainObjListRemove(privconn->driver->domains, dom); + virDomainObjListRemove(driver->domains, dom); virObjectLock(dom); ret = 0; @@ -2829,7 +2831,6 @@ vzDomainMigratePerformStep(virDomainPtr domain, cleanup: if (job) vzDomainObjEndJob(dom); - virDomainObjEndAPI(&dom); virURIFree(vzuri); vzMigrationCookieFree(mig); @@ -2837,7 +2838,8 @@ vzDomainMigratePerformStep(virDomainPtr domain, } static int -vzDomainMigratePerformP2P(virDomainPtr domain, +vzDomainMigratePerformP2P(virDomainObjPtr dom, + vzDriverPtr driver, const char *dconnuri, virTypedParameterPtr orig_params, int nparams, @@ -2862,19 +2864,22 @@ vzDomainMigratePerformP2P(virDomainPtr domain, if (!(dconn = virConnectOpen(dconnuri))) goto done; - if (!(dom_xml = vzDomainMigrateBegin3Params(domain, params, nparams, - &cookieout, &cookieoutlen, - flags))) + if (!(dom_xml = vzDomainMigrateBeginStep(dom, driver, params, nparams, + &cookieout, &cookieoutlen))) goto done; cookiein = cookieout; cookieinlen = cookieoutlen; cookieout = NULL; cookieoutlen = 0; - if (dconn->driver->domainMigratePrepare3Params + virObjectUnlock(dom); + ret = dconn->driver->domainMigratePrepare3Params (dconn, params, nparams, cookiein, cookieinlen, - &cookieout, &cookieoutlen, &uri, flags) < 0) + &cookieout, &cookieoutlen, &uri, flags); + virObjectLock(dom); + if (ret < 0) goto done; + ret = -1; /* preparation step was successful, thus on any error we must perform * finish step to finalize migration on target @@ -2890,7 +2895,7 @@ vzDomainMigratePerformP2P(virDomainPtr domain, cookieinlen = cookieoutlen; cookieout = NULL; cookieoutlen = 0; - if (vzDomainMigratePerformStep(domain, params, nparams, cookiein, + if (vzDomainMigratePerformStep(dom, driver, params, nparams, cookiein, cookieinlen, flags) < 0) { orig_err = virSaveLastError(); goto finish; @@ -2903,12 +2908,14 @@ vzDomainMigratePerformP2P(virDomainPtr domain, VIR_MIGRATE_PARAM_DEST_NAME, NULL) <= 0 && virTypedParamsReplaceString(¶ms, &nparams, VIR_MIGRATE_PARAM_DEST_NAME, - domain->name) < 0) + dom->def->name) < 0) goto done; + virObjectUnlock(dom); ddomain = dconn->driver->domainMigrateFinish3Params(dconn, params, nparams, NULL, 0, NULL, NULL, flags, cancelled); + virObjectLock(dom); if (ddomain) ret = 0; virObjectUnref(ddomain); @@ -2940,17 +2947,28 @@ vzDomainMigratePerform3Params(virDomainPtr domain, int *cookieoutlen ATTRIBUTE_UNUSED, unsigned int flags) { + int ret; + virDomainObjPtr dom; + vzConnPtr privconn = domain->conn->privateData; + virCheckFlags(VZ_MIGRATION_FLAGS, -1); if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0) return -1; + if (!(dom = vzDomObjFromDomainRef(domain))) + return -1; + if (flags & VIR_MIGRATE_PEER2PEER) - return vzDomainMigratePerformP2P(domain, dconnuri, params, nparams, flags); + ret = vzDomainMigratePerformP2P(dom, privconn->driver, dconnuri, + params, nparams, flags); else - return vzDomainMigratePerformStep(domain, params, nparams, - cookiein, cookieinlen, flags); + ret = vzDomainMigratePerformStep(dom, privconn->driver, params, nparams, + cookiein, cookieinlen, flags); + virDomainObjEndAPI(&dom); + + return ret; } static virDomainPtr -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
ACL check on perform step should be in API call itself to make ACL checking script pass. Thus we need to reorganize code to obtain domain object in perform API itself. Most of this is straight forward, the only nuance is dropping locks on lengthy remote operations. The other motivation is to have only perform step ACL checks for p2p migration instead of both begin in perform if we can leave ACL check in vzDomainMigratePerformStep.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/vz/vz_driver.c | 114 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 48 deletions(-) ACK

This way we make naming consistent to API calls and make subsequent ACL checks possible (otherwise ACL check would discover name discrepancies). Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- daemon/remote.c | 4 ++-- src/remote/remote_driver.c | 4 ++-- src/remote/remote_protocol.x | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 4e2aff8..2c71315 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -3517,7 +3517,7 @@ remoteDispatchNodeDeviceGetParent(virNetServerPtr server ATTRIBUTE_UNUSED, } static int -remoteDispatchConnectCloseCallbackRegister(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchConnectRegisterCloseCallback(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr) @@ -3549,7 +3549,7 @@ remoteDispatchConnectCloseCallbackRegister(virNetServerPtr server ATTRIBUTE_UNUS } static int -remoteDispatchConnectCloseCallbackUnregister(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchConnectUnregisterCloseCallback(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientPtr client, virNetMessagePtr msg ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 3f9d812..0457e21 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -7540,7 +7540,7 @@ remoteConnectRegisterCloseCallback(virConnectPtr conn, } if (priv->serverCloseCallback && - call(conn, priv, 0, REMOTE_PROC_CONNECT_CLOSE_CALLBACK_REGISTER, + call(conn, priv, 0, REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK, (xdrproc_t) xdr_void, (char *) NULL, (xdrproc_t) xdr_void, (char *) NULL) == -1) goto cleanup; @@ -7571,7 +7571,7 @@ remoteConnectUnregisterCloseCallback(virConnectPtr conn, } if (priv->serverCloseCallback && - call(conn, priv, 0, REMOTE_PROC_CONNECT_CLOSE_CALLBACK_UNREGISTER, + call(conn, priv, 0, REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK, (xdrproc_t) xdr_void, (char *) NULL, (xdrproc_t) xdr_void, (char *) NULL) == -1) goto cleanup; diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index d11bfdf..e7a7025 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -5796,13 +5796,13 @@ enum remote_procedure { * @generate: none * @acl: none */ - REMOTE_PROC_CONNECT_CLOSE_CALLBACK_REGISTER = 360, + REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK = 360, /** * @generate: none * @acl: none */ - REMOTE_PROC_CONNECT_CLOSE_CALLBACK_UNREGISTER = 361, + REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK = 361, /** * @generate: none -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
This way we make naming consistent to API calls and make subsequent ACL checks possible (otherwise ACL check would discover name discrepancies).
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- daemon/remote.c | 4 ++-- src/remote/remote_driver.c | 4 ++-- src/remote/remote_protocol.x | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-)
ACK

vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to move removing domain from domain list from perform to confirm step. This would further imply adding a flag and check that migration is in progress to prohibit mistakenly (maliciously) removing domains on confirm step. vz version of p2p also need to be fixed to include confirm step. One would also need to add means to cleanup pending migration on client disconnect as now is has state across several API calls. On the other hand current version of confirm step is totaly harmless thus it is easier to whitelist it at the moment. Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/Makefile.am | 5 +- src/check-aclrules.pl | 1 + src/remote/remote_protocol.x | 4 +- src/vz/vz_driver.c | 348 +++++++++++++++++++++++++++++++++++++++---- 4 files changed, 330 insertions(+), 28 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index a14cb3f..8ecec55 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -651,6 +651,7 @@ STATEFUL_DRIVER_SOURCE_FILES = \ $(STORAGE_DRIVER_SOURCES) \ $(UML_DRIVER_SOURCES) \ $(XEN_DRIVER_SOURCES) \ + $(VZ_DRIVER_SOURCES) \ $(NULL) @@ -1514,7 +1515,9 @@ else ! WITH_DRIVER_MODULES noinst_LTLIBRARIES += libvirt_driver_vz.la endif ! WITH_DRIVER_MODULES libvirt_driver_vz_impl_la_CFLAGS = \ - -I$(srcdir)/conf $(AM_CFLAGS) \ + -I$(srcdir)/conf \ + -I$(srcdir)/access \ + $(AM_CFLAGS) \ $(PARALLELS_SDK_CFLAGS) $(LIBNL_CFLAGS) libvirt_driver_vz_impl_la_SOURCES = $(VZ_DRIVER_SOURCES) libvirt_driver_vz_impl_la_LIBADD = $(PARALLELS_SDK_LIBS) $(LIBNL_LIBS) diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl index 9151e6a..8739cda 100755 --- a/src/check-aclrules.pl +++ b/src/check-aclrules.pl @@ -73,6 +73,7 @@ my %implwhitelist = ( "xenUnifiedDomainIsPersistent" => 1, "xenUnifiedDomainIsUpdated" => 1, "xenUnifiedDomainOpenConsole" => 1, + "vzDomainMigrateConfirm3Params" => 1, ); my %filterimplwhitelist = ( "xenUnifiedConnectListDomains" => 1, diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index e7a7025..64e4b9e 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -5794,13 +5794,13 @@ enum remote_procedure { /** * @generate: none - * @acl: none + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK = 360, /** * @generate: none - * @acl: none + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK = 361, diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 9fa377e..8e1d039 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -53,6 +53,7 @@ #include "virtypedparam.h" #include "virhostmem.h" #include "virhostcpu.h" +#include "viraccessapicheck.h" #include "vz_driver.h" #include "vz_utils.h" @@ -229,6 +230,9 @@ vzConnectGetCapabilities(virConnectPtr conn) vzConnPtr privconn = conn->privateData; char *xml; + if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + xml = virCapabilitiesFormatXML(privconn->driver->caps); return xml; } @@ -375,6 +379,9 @@ vzConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + if (!(driver = vzGetDriverConnection())) return VIR_DRV_OPEN_ERROR; @@ -432,13 +439,20 @@ static int vzConnectGetVersion(virConnectPtr conn, unsigned long *hvVer) { vzConnPtr privconn = conn->privateData; + + if (virConnectGetVersionEnsureACL(conn) < 0) + return -1; + *hvVer = privconn->driver->vzVersion; return 0; } -static char *vzConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) +static char *vzConnectGetHostname(virConnectPtr conn) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); } @@ -451,6 +465,9 @@ vzConnectGetSysinfo(virConnectPtr conn, unsigned int flags) virCheckFlags(0, NULL); + if (virConnectGetSysinfoEnsureACL(conn) < 0) + return NULL; + if (!driver->hostsysinfo) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Host SMBIOS information is not available")); @@ -471,8 +488,11 @@ vzConnectListDomains(virConnectPtr conn, int *ids, int maxids) vzConnPtr privconn = conn->privateData; int n; + if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + n = virDomainObjListGetActiveIDs(privconn->driver->domains, ids, maxids, - NULL, NULL); + virConnectListDomainsCheckACL, conn); return n; } @@ -483,8 +503,11 @@ vzConnectNumOfDomains(virConnectPtr conn) vzConnPtr privconn = conn->privateData; int count; + if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + count = virDomainObjListNumOfDomains(privconn->driver->domains, true, - NULL, NULL); + virConnectNumOfDomainsCheckACL, conn); return count; } @@ -495,9 +518,14 @@ vzConnectListDefinedDomains(virConnectPtr conn, char **const names, int maxnames vzConnPtr privconn = conn->privateData; int n; + if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + memset(names, 0, sizeof(*names) * maxnames); n = virDomainObjListGetInactiveNames(privconn->driver->domains, names, - maxnames, NULL, NULL); + maxnames, + virConnectListDefinedDomainsCheckACL, + conn); return n; } @@ -508,8 +536,12 @@ vzConnectNumOfDefinedDomains(virConnectPtr conn) vzConnPtr privconn = conn->privateData; int count; + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + count = virDomainObjListNumOfDomains(privconn->driver->domains, false, - NULL, NULL); + virConnectNumOfDefinedDomainsCheckACL, + conn); return count; } @@ -522,8 +554,12 @@ vzConnectListAllDomains(virConnectPtr conn, int ret = -1; virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); + + if (virConnectListAllDomainsEnsureACL(conn) < 0) + return -1; + ret = virDomainObjListExport(privconn->driver->domains, conn, domains, - NULL, flags); + virConnectListAllDomainsCheckACL, flags); return ret; } @@ -532,7 +568,7 @@ static virDomainPtr vzDomainLookupByID(virConnectPtr conn, int id) { vzConnPtr privconn = conn->privateData; - virDomainPtr ret; + virDomainPtr ret = NULL; virDomainObjPtr dom; dom = virDomainObjListFindByID(privconn->driver->domains, id); @@ -542,10 +578,14 @@ vzDomainLookupByID(virConnectPtr conn, int id) return NULL; } + if (virDomainLookupByIDEnsureACL(conn, dom->def) < 0) + goto cleanup; + ret = virGetDomain(conn, dom->def->name, dom->def->uuid); if (ret) ret->id = dom->def->id; + cleanup: virObjectUnlock(dom); return ret; } @@ -554,7 +594,7 @@ static virDomainPtr vzDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid) { vzConnPtr privconn = conn->privateData; - virDomainPtr ret; + virDomainPtr ret = NULL; virDomainObjPtr dom; dom = virDomainObjListFindByUUID(privconn->driver->domains, uuid); @@ -567,10 +607,14 @@ vzDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid) return NULL; } + if (virDomainLookupByUUIDEnsureACL(conn, dom->def) < 0) + goto cleanup; + ret = virGetDomain(conn, dom->def->name, dom->def->uuid); if (ret) ret->id = dom->def->id; + cleanup: virObjectUnlock(dom); return ret; } @@ -579,7 +623,7 @@ static virDomainPtr vzDomainLookupByName(virConnectPtr conn, const char *name) { vzConnPtr privconn = conn->privateData; - virDomainPtr ret; + virDomainPtr ret = NULL; virDomainObjPtr dom; dom = virDomainObjListFindByName(privconn->driver->domains, name); @@ -590,10 +634,14 @@ vzDomainLookupByName(virConnectPtr conn, const char *name) return NULL; } + if (virDomainLookupByNameEnsureACL(conn, dom->def) < 0) + goto cleanup; + ret = virGetDomain(conn, dom->def->name, dom->def->uuid); if (ret) ret->id = dom->def->id; + cleanup: virDomainObjEndAPI(&dom); return ret; } @@ -607,6 +655,9 @@ vzDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info) if (!(dom = vzDomObjFromDomainRef(domain))) goto cleanup; + if (virDomainGetInfoEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + info->state = virDomainObjGetState(dom, NULL); info->memory = dom->def->mem.cur_balloon; info->maxMem = virDomainDefGetMemoryTotal(dom->def); @@ -645,8 +696,12 @@ vzDomainGetOSType(virDomainPtr domain) if (!(dom = vzDomObjFromDomain(domain))) return NULL; + if (virDomainGetOSTypeEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ignore_value(VIR_STRDUP(ret, virDomainOSTypeToString(dom->def->os.type))); + cleanup: virObjectUnlock(dom); return ret; } @@ -655,12 +710,19 @@ static int vzDomainIsPersistent(virDomainPtr domain) { virDomainObjPtr dom; + int ret = -1; if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainIsPersistentEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + + ret = 1; + + cleanup: virObjectUnlock(dom); - return 1; + return ret; } static int @@ -668,16 +730,22 @@ vzDomainGetState(virDomainPtr domain, int *state, int *reason, unsigned int flags) { virDomainObjPtr dom; + int ret = -1; virCheckFlags(0, -1); if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainGetStateEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + *state = virDomainObjGetState(dom, reason); + ret = 0; + cleanup: virObjectUnlock(dom); - return 0; + return ret; } static char * @@ -693,11 +761,15 @@ vzDomainGetXMLDesc(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomain(domain))) return NULL; + if (virDomainGetXMLDescEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + def = (flags & VIR_DOMAIN_XML_INACTIVE) && dom->newDef ? dom->newDef : dom->def; ret = virDomainDefFormat(def, privconn->driver->caps, flags); + cleanup: virObjectUnlock(dom); return ret; } @@ -706,14 +778,20 @@ static int vzDomainGetAutostart(virDomainPtr domain, int *autostart) { virDomainObjPtr dom; + int ret = -1; if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainGetAutostartEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + *autostart = dom->autostart; + ret = 0; + cleanup: virObjectUnlock(dom); - return 0; + return ret; } static bool @@ -752,6 +830,9 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) parse_flags)) == NULL) goto cleanup; + if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) + goto cleanup; + dom = virDomainObjListFindByUUIDRef(driver->domains, def->uuid); if (dom == NULL) { virResetLastError(); @@ -829,9 +910,12 @@ vzDomainDefineXML(virConnectPtr conn, const char *xml) static int -vzNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetInfo(virConnectPtr conn, virNodeInfoPtr nodeinfo) { + if (virNodeGetInfoEnsureACL(conn) < 0) + return -1; + return nodeGetInfo(nodeinfo); } @@ -854,13 +938,16 @@ static int vzConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED) static char * -vzConnectBaselineCPU(virConnectPtr conn ATTRIBUTE_UNUSED, +vzConnectBaselineCPU(virConnectPtr conn, const char **xmlCPUs, unsigned int ncpus, unsigned int flags) { virCheckFlags(VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, NULL); + if (virConnectBaselineCPUEnsureACL(conn) < 0) + return NULL; + return cpuBaselineXML(xmlCPUs, ncpus, NULL, 0, flags); } @@ -879,6 +966,9 @@ vzDomainGetVcpus(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainGetVcpusEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(dom)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -922,6 +1012,9 @@ vzNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned int *online, unsigned int flags) { + if (virNodeGetCPUMapEnsureACL(conn) < 0) + return -1; + return virHostCPUGetMap(cpumap, online, flags); } @@ -935,6 +1028,10 @@ vzConnectDomainEventRegisterAny(virConnectPtr conn, { int ret = -1; vzConnPtr privconn = conn->privateData; + + if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) + return -1; + if (virDomainEventStateRegisterID(conn, privconn->driver->domainEventState, domain, eventID, @@ -949,6 +1046,9 @@ vzConnectDomainEventDeregisterAny(virConnectPtr conn, { vzConnPtr privconn = conn->privateData; + if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) + return -1; + if (virObjectEventStateDeregisterID(conn, privconn->driver->domainEventState, callbackID) < 0) @@ -968,6 +1068,9 @@ vzDomainSuspend(virDomainPtr domain) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainSuspendEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1002,6 +1105,9 @@ vzDomainResume(virDomainPtr domain) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainResumeEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1038,6 +1144,9 @@ vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainCreateWithFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1074,6 +1183,9 @@ vzDomainDestroyFlags(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainDestroyFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1116,6 +1228,9 @@ vzDomainShutdownFlags(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainShutdownFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1157,6 +1272,9 @@ vzDomainReboot(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainRebootEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1188,7 +1306,12 @@ static int vzDomainIsActive(virDomainPtr domain) if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainIsActiveEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ret = virDomainObjIsActive(dom); + + cleanup: virObjectUnlock(dom); return ret; @@ -1215,6 +1338,9 @@ vzDomainUndefineFlags(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainUndefineFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1244,16 +1370,23 @@ vzDomainHasManagedSaveImage(virDomainPtr domain, unsigned int flags) { virDomainObjPtr dom = NULL; int state, reason; - int ret = 0; + int ret = -1; virCheckFlags(0, -1); if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainHasManagedSaveImageEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + state = virDomainObjGetState(dom, &reason); if (state == VIR_DOMAIN_SHUTOFF && reason == VIR_DOMAIN_SHUTOFF_SAVED) ret = 1; + else + ret = 0; + + cleanup: virObjectUnlock(dom); return ret; @@ -1274,6 +1407,9 @@ vzDomainManagedSave(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainManagedSaveEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1314,6 +1450,9 @@ vzDomainManagedSaveRemove(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainManagedSaveRemoveEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + state = virDomainObjGetState(dom, &reason); if (!(state == VIR_DOMAIN_SHUTOFF && reason == VIR_DOMAIN_SHUTOFF_SAVED)) @@ -1366,6 +1505,9 @@ static int vzDomainAttachDeviceFlags(virDomainPtr domain, const char *xml, if (vzCheckConfigUpdateFlags(dom, &flags) < 0) goto cleanup; + if (virDomainAttachDeviceFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + dev = virDomainDeviceDefParse(xml, dom->def, privconn->driver->caps, privconn->driver->xmlopt, VIR_DOMAIN_XML_INACTIVE); if (dev == NULL) @@ -1435,6 +1577,9 @@ static int vzDomainDetachDeviceFlags(virDomainPtr domain, const char *xml, if (vzCheckConfigUpdateFlags(dom, &flags) < 0) goto cleanup; + if (virDomainDetachDeviceFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + dev = virDomainDeviceDefParse(xml, dom->def, privconn->driver->caps, privconn->driver->xmlopt, VIR_DOMAIN_XML_INACTIVE | @@ -1502,6 +1647,9 @@ vzDomainSetUserPassword(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainSetUserPasswordEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1527,7 +1675,12 @@ vzDomainGetMaxMemory(virDomainPtr domain) if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainGetMaxMemoryEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ret = virDomainDefGetMemoryTotal(dom->def); + + cleanup: virObjectUnlock(dom); return ret; } @@ -1586,6 +1739,9 @@ vzDomainBlockStats(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainBlockStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainBlockStatsImpl(dom, path, stats) < 0) goto cleanup; @@ -1650,6 +1806,9 @@ vzDomainBlockStatsFlags(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainBlockStatsFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainBlockStatsImpl(dom, path, &stats) < 0) goto cleanup; @@ -1671,14 +1830,19 @@ vzDomainInterfaceStats(virDomainPtr domain, { virDomainObjPtr dom = NULL; vzDomObjPtr privdom; - int ret; + int ret = -1; if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainInterfaceStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + privdom = dom->privateData; ret = prlsdkGetNetStats(privdom->stats, privdom->sdkdom, path, stats); + + cleanup: virDomainObjEndAPI(&dom); return ret; @@ -1698,9 +1862,14 @@ vzDomainMemoryStats(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainMemoryStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + privdom = dom->privateData; ret = prlsdkGetMemoryStats(privdom->stats, stats, nr_stats); + + cleanup: virDomainObjEndAPI(&dom); return ret; @@ -1711,7 +1880,7 @@ vzDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags) { virDomainObjPtr dom; - int ret; + int ret = -1; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG | @@ -1720,11 +1889,15 @@ vzDomainGetVcpusFlags(virDomainPtr domain, if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainGetVcpusFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (flags & VIR_DOMAIN_VCPU_MAXIMUM) ret = virDomainDefGetVcpusMax(dom->def); else ret = virDomainDefGetVcpus(dom->def); + cleanup: virObjectUnlock(dom); return ret; @@ -1739,19 +1912,29 @@ static int vzDomainGetMaxVcpus(virDomainPtr domain) static int vzDomainIsUpdated(virDomainPtr domain) { virDomainObjPtr dom; + int ret = -1; /* As far as VZ domains are always updated (e.g. current==persistent), * we just check for domain existence */ if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainIsUpdatedEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + + ret = 0; + + cleanup: virObjectUnlock(dom); - return 0; + return ret; } -static int vzConnectGetMaxVcpus(virConnectPtr conn ATTRIBUTE_UNUSED, +static int vzConnectGetMaxVcpus(virConnectPtr conn, const char *type) { + if (virConnectGetMaxVcpusEnsureACL(conn) < 0) + return -1; + /* As far as we have no limitation for containers * we report maximum */ if (type == NULL || STRCASEEQ(type, "vz") || STRCASEEQ(type, "parallels")) @@ -1763,38 +1946,51 @@ static int vzConnectGetMaxVcpus(virConnectPtr conn ATTRIBUTE_UNUSED, } static int -vzNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetCPUStats(virConnectPtr conn, int cpuNum, virNodeCPUStatsPtr params, int *nparams, unsigned int flags) { + if (virNodeGetCPUStatsEnsureACL(conn) < 0) + return -1; + return virHostCPUGetStats(cpuNum, params, nparams, flags); } static int -vzNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetMemoryStats(virConnectPtr conn, int cellNum, virNodeMemoryStatsPtr params, int *nparams, unsigned int flags) { + if (virNodeGetMemoryStatsEnsureACL(conn) < 0) + return -1; + return virHostMemGetStats(cellNum, params, nparams, flags); } static int -vzNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, int startCell, int maxCells) { + if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0) + return -1; + return virHostMemGetCellsFree(freeMems, startCell, maxCells); } static unsigned long long -vzNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED) +vzNodeGetFreeMemory(virConnectPtr conn) { unsigned long long freeMem; + + if (virNodeGetFreeMemoryEnsureACL(conn) < 0) + return -1; + if (virHostMemGetInfo(NULL, &freeMem) < 0) return 0; return freeMem; @@ -1809,6 +2005,9 @@ vzConnectRegisterCloseCallback(virConnectPtr conn, vzConnPtr privconn = conn->privateData; int ret = -1; + if (virConnectRegisterCloseCallbackEnsureACL(conn) < 0) + return -1; + virObjectLock(privconn->driver); if (virConnectCloseCallbackDataGetCallback(privconn->closeCallback) != NULL) { @@ -1833,6 +2032,9 @@ vzConnectUnregisterCloseCallback(virConnectPtr conn, virConnectCloseFunc cb) vzConnPtr privconn = conn->privateData; int ret = -1; + if (virConnectUnregisterCloseCallbackEnsureACL(conn) < 0) + return -1; + virObjectLock(privconn->driver); if (virConnectCloseCallbackDataGetCallback(privconn->closeCallback) != cb) { @@ -1866,6 +2068,9 @@ static int vzDomainSetMemoryFlags(virDomainPtr domain, unsigned long memory, if (vzCheckConfigUpdateFlags(dom, &flags) < 0) goto cleanup; + if (virDomainSetMemoryFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1892,6 +2097,9 @@ static int vzDomainSetMemory(virDomainPtr domain, unsigned long memory) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainSetMemoryEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1964,6 +2172,9 @@ vzDomainSnapshotNum(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainSnapshotNumEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -1992,6 +2203,9 @@ vzDomainSnapshotListNames(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainSnapshotListNamesEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2019,6 +2233,9 @@ vzDomainListAllSnapshots(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainListAllSnapshotsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2046,6 +2263,9 @@ vzDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return NULL; + if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, dom->def, flags) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2079,6 +2299,9 @@ vzDomainSnapshotNumChildren(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1; + if (virDomainSnapshotNumChildrenEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2111,6 +2334,9 @@ vzDomainSnapshotListChildrenNames(virDomainSnapshotPtr snapshot, if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1; + if (virDomainSnapshotListChildrenNamesEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2142,6 +2368,9 @@ vzDomainSnapshotListAllChildren(virDomainSnapshotPtr snapshot, if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1; + if (virDomainSnapshotListAllChildrenEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2172,6 +2401,9 @@ vzDomainSnapshotLookupByName(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return NULL; + if (virDomainSnapshotLookupByNameEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2199,6 +2431,9 @@ vzDomainHasCurrentSnapshot(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainHasCurrentSnapshotEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2224,6 +2459,9 @@ vzDomainSnapshotGetParent(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return NULL; + if (virDomainSnapshotGetParentEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2259,6 +2497,9 @@ vzDomainSnapshotCurrent(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return NULL; + if (virDomainSnapshotCurrentEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2290,6 +2531,9 @@ vzDomainSnapshotIsCurrent(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1; + if (virDomainSnapshotIsCurrentEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2317,6 +2561,9 @@ vzDomainSnapshotHasMetadata(virDomainSnapshotPtr snapshot, if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1; + if (virDomainSnapshotHasMetadataEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup; @@ -2352,6 +2599,9 @@ vzDomainSnapshotCreateXML(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return NULL; + if (virDomainSnapshotCreateXMLEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (!(def = virDomainSnapshotDefParseString(xmlDesc, driver->caps, driver->xmlopt, parse_flags))) goto cleanup; @@ -2412,9 +2662,13 @@ vzDomainSnapshotDelete(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1; + if (virDomainSnapshotDeleteEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + ret = prlsdkDeleteSnapshot(dom, snapshot->name, flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN); + cleanup: virDomainObjEndAPI(&dom); return ret; @@ -2432,6 +2686,9 @@ vzDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomain(snapshot->domain))) return -1; + if (virDomainRevertToSnapshotEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -2648,6 +2905,9 @@ vzDomainMigrateBegin3Params(virDomainPtr domain, if (!(dom = vzDomObjFromDomain(domain))) goto cleanup; + if (virDomainMigrateBegin3ParamsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + xml = vzDomainMigrateBeginStep(dom, privconn->driver, params, nparams, cookieout, cookieoutlen); @@ -2694,8 +2954,11 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, unsigned int flags) { vzConnPtr privconn = conn->privateData; + vzDriverPtr driver = privconn->driver; const char *miguri = NULL; const char *dname = NULL; + const char *dom_xml = NULL; + virDomainDefPtr def = NULL; int ret = -1; virCheckFlags(VZ_MIGRATION_FLAGS, -1); @@ -2706,6 +2969,8 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, if (virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_URI, &miguri) < 0 || virTypedParamsGetString(params, nparams, + VIR_MIGRATE_PARAM_DEST_XML, &dom_xml) < 0 || + virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_DEST_NAME, &dname) < 0) goto cleanup; @@ -2722,15 +2987,32 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, | VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0) goto cleanup; + if (!(def = virDomainDefParseString(dom_xml, driver->caps, driver->xmlopt, + VIR_DOMAIN_DEF_PARSE_INACTIVE))) + goto cleanup; + + if (dname) { + VIR_FREE(def->name); + if (VIR_STRDUP(def->name, dname) < 0) + goto cleanup; + } + + if (virDomainMigratePrepare3ParamsEnsureACL(conn, def) < 0) + goto cleanup; + ret = 0; cleanup: + virDomainDefFree(def); return ret; } static int vzConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature) { + if (virConnectSupportsFeatureEnsureACL(conn) < 0) + return -1; + switch (feature) { case VIR_DRV_FEATURE_MIGRATION_PARAMS: case VIR_DRV_FEATURE_MIGRATION_P2P: @@ -2947,7 +3229,7 @@ vzDomainMigratePerform3Params(virDomainPtr domain, int *cookieoutlen ATTRIBUTE_UNUSED, unsigned int flags) { - int ret; + int ret = -1; virDomainObjPtr dom; vzConnPtr privconn = domain->conn->privateData; @@ -2959,6 +3241,9 @@ vzDomainMigratePerform3Params(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1; + if (virDomainMigratePerform3ParamsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (flags & VIR_MIGRATE_PEER2PEER) ret = vzDomainMigratePerformP2P(dom, privconn->driver, dconnuri, params, nparams, flags); @@ -2966,6 +3251,7 @@ vzDomainMigratePerform3Params(virDomainPtr domain, ret = vzDomainMigratePerformStep(dom, privconn->driver, params, nparams, cookiein, cookieinlen, flags); + cleanup: virDomainObjEndAPI(&dom); return ret; @@ -3003,6 +3289,11 @@ vzDomainMigrateFinish3Params(virConnectPtr dconn, if (!(dom = prlsdkAddDomainByName(driver, name))) goto cleanup; + /* At first glace at may look strange that we add domain and + * then check ACL but we touch only cache and not real system state */ + if (virDomainMigrateFinish3ParamsEnsureACL(dconn, dom->def) < 0) + goto cleanup; + domain = virGetDomain(dconn, dom->def->name, dom->def->uuid); if (domain) domain->id = dom->def->id; @@ -3060,13 +3351,17 @@ static int vzDomainGetJobInfo(virDomainPtr domain, virDomainJobInfoPtr info) { virDomainObjPtr dom; - int ret; + int ret = -1; if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainGetJobInfoEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ret = vzDomainGetJobInfoImpl(dom, info); + cleanup: virObjectUnlock(dom); return ret; } @@ -3122,6 +3417,9 @@ vzDomainGetJobStats(virDomainPtr domain, if (!(dom = vzDomObjFromDomain(domain))) return -1; + if (virDomainGetJobStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainGetJobInfoImpl(dom, &info) < 0) goto cleanup; -- 1.8.3.1

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to move removing domain from domain list from perform to confirm step. This would further imply adding a flag and check that migration is in progress to prohibit mistakenly (maliciously) removing domains on confirm step. vz version of p2p also need to be fixed to include confirm step. One would also need to add means to cleanup pending migration on client disconnect as now is has state across several API calls.
On the other hand current version of confirm step is totaly harmless thus it is easier to whitelist it at the moment.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> --- src/Makefile.am | 5 +- src/check-aclrules.pl | 1 + src/remote/remote_protocol.x | 4 +- src/vz/vz_driver.c | 348 +++++++++++++++++++++++++++++++++++++++---- 4 files changed, 330 insertions(+), 28 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am index a14cb3f..8ecec55 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -651,6 +651,7 @@ STATEFUL_DRIVER_SOURCE_FILES = \ $(STORAGE_DRIVER_SOURCES) \ $(UML_DRIVER_SOURCES) \ $(XEN_DRIVER_SOURCES) \ + $(VZ_DRIVER_SOURCES) \ $(NULL)
@@ -1514,7 +1515,9 @@ else ! WITH_DRIVER_MODULES noinst_LTLIBRARIES += libvirt_driver_vz.la endif ! WITH_DRIVER_MODULES libvirt_driver_vz_impl_la_CFLAGS = \ - -I$(srcdir)/conf $(AM_CFLAGS) \ + -I$(srcdir)/conf \ + -I$(srcdir)/access \ + $(AM_CFLAGS) \ $(PARALLELS_SDK_CFLAGS) $(LIBNL_CFLAGS) libvirt_driver_vz_impl_la_SOURCES = $(VZ_DRIVER_SOURCES) libvirt_driver_vz_impl_la_LIBADD = $(PARALLELS_SDK_LIBS) $(LIBNL_LIBS) diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl index 9151e6a..8739cda 100755 --- a/src/check-aclrules.pl +++ b/src/check-aclrules.pl @@ -73,6 +73,7 @@ my %implwhitelist = ( "xenUnifiedDomainIsPersistent" => 1, "xenUnifiedDomainIsUpdated" => 1, "xenUnifiedDomainOpenConsole" => 1, + "vzDomainMigrateConfirm3Params" => 1, ); my %filterimplwhitelist = ( "xenUnifiedConnectListDomains" => 1, diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index e7a7025..64e4b9e 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -5794,13 +5794,13 @@ enum remote_procedure {
/** * @generate: none - * @acl: none + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK = 360,
/** * @generate: none - * @acl: none + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK = 361,
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c index 9fa377e..8e1d039 100644 --- a/src/vz/vz_driver.c +++ b/src/vz/vz_driver.c @@ -53,6 +53,7 @@ #include "virtypedparam.h" #include "virhostmem.h" #include "virhostcpu.h" +#include "viraccessapicheck.h"
#include "vz_driver.h" #include "vz_utils.h" @@ -229,6 +230,9 @@ vzConnectGetCapabilities(virConnectPtr conn) vzConnPtr privconn = conn->privateData; char *xml;
+ if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + xml = virCapabilitiesFormatXML(privconn->driver->caps); return xml; } @@ -375,6 +379,9 @@ vzConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; }
+ if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + if (!(driver = vzGetDriverConnection())) return VIR_DRV_OPEN_ERROR;
@@ -432,13 +439,20 @@ static int vzConnectGetVersion(virConnectPtr conn, unsigned long *hvVer) { vzConnPtr privconn = conn->privateData; + + if (virConnectGetVersionEnsureACL(conn) < 0) + return -1; + *hvVer = privconn->driver->vzVersion; return 0; }
-static char *vzConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) +static char *vzConnectGetHostname(virConnectPtr conn) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); }
@@ -451,6 +465,9 @@ vzConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
virCheckFlags(0, NULL);
+ if (virConnectGetSysinfoEnsureACL(conn) < 0) + return NULL; + if (!driver->hostsysinfo) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Host SMBIOS information is not available")); @@ -471,8 +488,11 @@ vzConnectListDomains(virConnectPtr conn, int *ids, int maxids) vzConnPtr privconn = conn->privateData; int n;
+ if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + n = virDomainObjListGetActiveIDs(privconn->driver->domains, ids, maxids, - NULL, NULL); + virConnectListDomainsCheckACL, conn);
return n; } @@ -483,8 +503,11 @@ vzConnectNumOfDomains(virConnectPtr conn) vzConnPtr privconn = conn->privateData; int count;
+ if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + count = virDomainObjListNumOfDomains(privconn->driver->domains, true, - NULL, NULL); + virConnectNumOfDomainsCheckACL, conn);
return count; } @@ -495,9 +518,14 @@ vzConnectListDefinedDomains(virConnectPtr conn, char **const names, int maxnames vzConnPtr privconn = conn->privateData; int n;
+ if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + memset(names, 0, sizeof(*names) * maxnames); n = virDomainObjListGetInactiveNames(privconn->driver->domains, names, - maxnames, NULL, NULL); + maxnames, + virConnectListDefinedDomainsCheckACL, + conn);
return n; } @@ -508,8 +536,12 @@ vzConnectNumOfDefinedDomains(virConnectPtr conn) vzConnPtr privconn = conn->privateData; int count;
+ if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + count = virDomainObjListNumOfDomains(privconn->driver->domains, false, - NULL, NULL); + virConnectNumOfDefinedDomainsCheckACL, + conn); return count; }
@@ -522,8 +554,12 @@ vzConnectListAllDomains(virConnectPtr conn, int ret = -1;
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); + + if (virConnectListAllDomainsEnsureACL(conn) < 0) + return -1; + ret = virDomainObjListExport(privconn->driver->domains, conn, domains, - NULL, flags); + virConnectListAllDomainsCheckACL, flags);
return ret; } @@ -532,7 +568,7 @@ static virDomainPtr vzDomainLookupByID(virConnectPtr conn, int id) { vzConnPtr privconn = conn->privateData; - virDomainPtr ret; + virDomainPtr ret = NULL; virDomainObjPtr dom;
dom = virDomainObjListFindByID(privconn->driver->domains, id); @@ -542,10 +578,14 @@ vzDomainLookupByID(virConnectPtr conn, int id) return NULL; }
+ if (virDomainLookupByIDEnsureACL(conn, dom->def) < 0) + goto cleanup; + ret = virGetDomain(conn, dom->def->name, dom->def->uuid); if (ret) ret->id = dom->def->id;
+ cleanup: virObjectUnlock(dom); return ret; } @@ -554,7 +594,7 @@ static virDomainPtr vzDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid) { vzConnPtr privconn = conn->privateData; - virDomainPtr ret; + virDomainPtr ret = NULL; virDomainObjPtr dom;
dom = virDomainObjListFindByUUID(privconn->driver->domains, uuid); @@ -567,10 +607,14 @@ vzDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid) return NULL; }
+ if (virDomainLookupByUUIDEnsureACL(conn, dom->def) < 0) + goto cleanup; + ret = virGetDomain(conn, dom->def->name, dom->def->uuid); if (ret) ret->id = dom->def->id;
+ cleanup: virObjectUnlock(dom); return ret; } @@ -579,7 +623,7 @@ static virDomainPtr vzDomainLookupByName(virConnectPtr conn, const char *name) { vzConnPtr privconn = conn->privateData; - virDomainPtr ret; + virDomainPtr ret = NULL; virDomainObjPtr dom;
dom = virDomainObjListFindByName(privconn->driver->domains, name); @@ -590,10 +634,14 @@ vzDomainLookupByName(virConnectPtr conn, const char *name) return NULL; }
+ if (virDomainLookupByNameEnsureACL(conn, dom->def) < 0) + goto cleanup; + ret = virGetDomain(conn, dom->def->name, dom->def->uuid); if (ret) ret->id = dom->def->id;
+ cleanup: virDomainObjEndAPI(&dom); return ret; } @@ -607,6 +655,9 @@ vzDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info) if (!(dom = vzDomObjFromDomainRef(domain))) goto cleanup;
+ if (virDomainGetInfoEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + info->state = virDomainObjGetState(dom, NULL); info->memory = dom->def->mem.cur_balloon; info->maxMem = virDomainDefGetMemoryTotal(dom->def); @@ -645,8 +696,12 @@ vzDomainGetOSType(virDomainPtr domain) if (!(dom = vzDomObjFromDomain(domain))) return NULL;
+ if (virDomainGetOSTypeEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ignore_value(VIR_STRDUP(ret, virDomainOSTypeToString(dom->def->os.type)));
+ cleanup: virObjectUnlock(dom); return ret; } @@ -655,12 +710,19 @@ static int vzDomainIsPersistent(virDomainPtr domain) { virDomainObjPtr dom; + int ret = -1;
if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainIsPersistentEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + + ret = 1; + + cleanup: virObjectUnlock(dom); - return 1; + return ret; }
static int @@ -668,16 +730,22 @@ vzDomainGetState(virDomainPtr domain, int *state, int *reason, unsigned int flags) { virDomainObjPtr dom; + int ret = -1;
virCheckFlags(0, -1);
if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainGetStateEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + *state = virDomainObjGetState(dom, reason); + ret = 0;
+ cleanup: virObjectUnlock(dom); - return 0; + return ret; }
static char * @@ -693,11 +761,15 @@ vzDomainGetXMLDesc(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomain(domain))) return NULL;
+ if (virDomainGetXMLDescEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + def = (flags & VIR_DOMAIN_XML_INACTIVE) && dom->newDef ? dom->newDef : dom->def;
ret = virDomainDefFormat(def, privconn->driver->caps, flags);
+ cleanup: virObjectUnlock(dom); return ret; } @@ -706,14 +778,20 @@ static int vzDomainGetAutostart(virDomainPtr domain, int *autostart) { virDomainObjPtr dom; + int ret = -1;
if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainGetAutostartEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + *autostart = dom->autostart; + ret = 0;
+ cleanup: virObjectUnlock(dom); - return 0; + return ret; }
static bool @@ -752,6 +830,9 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) parse_flags)) == NULL) goto cleanup;
+ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) + goto cleanup; + dom = virDomainObjListFindByUUIDRef(driver->domains, def->uuid); if (dom == NULL) { virResetLastError(); @@ -829,9 +910,12 @@ vzDomainDefineXML(virConnectPtr conn, const char *xml)
static int -vzNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetInfo(virConnectPtr conn, virNodeInfoPtr nodeinfo) { + if (virNodeGetInfoEnsureACL(conn) < 0) + return -1; + return nodeGetInfo(nodeinfo); }
@@ -854,13 +938,16 @@ static int vzConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED)
static char * -vzConnectBaselineCPU(virConnectPtr conn ATTRIBUTE_UNUSED, +vzConnectBaselineCPU(virConnectPtr conn, const char **xmlCPUs, unsigned int ncpus, unsigned int flags) { virCheckFlags(VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, NULL);
+ if (virConnectBaselineCPUEnsureACL(conn) < 0) + return NULL; + return cpuBaselineXML(xmlCPUs, ncpus, NULL, 0, flags); }
@@ -879,6 +966,9 @@ vzDomainGetVcpus(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainGetVcpusEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(dom)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -922,6 +1012,9 @@ vzNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED,
It's no longer unused
unsigned int *online, unsigned int flags) { + if (virNodeGetCPUMapEnsureACL(conn) < 0) + return -1; + return virHostCPUGetMap(cpumap, online, flags); }
@@ -935,6 +1028,10 @@ vzConnectDomainEventRegisterAny(virConnectPtr conn, { int ret = -1; vzConnPtr privconn = conn->privateData; + + if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) + return -1; + if (virDomainEventStateRegisterID(conn, privconn->driver->domainEventState, domain, eventID, @@ -949,6 +1046,9 @@ vzConnectDomainEventDeregisterAny(virConnectPtr conn, { vzConnPtr privconn = conn->privateData;
+ if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) + return -1; + if (virObjectEventStateDeregisterID(conn, privconn->driver->domainEventState, callbackID) < 0) @@ -968,6 +1068,9 @@ vzDomainSuspend(virDomainPtr domain) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainSuspendEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1002,6 +1105,9 @@ vzDomainResume(virDomainPtr domain) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainResumeEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1038,6 +1144,9 @@ vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainCreateWithFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1074,6 +1183,9 @@ vzDomainDestroyFlags(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainDestroyFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1116,6 +1228,9 @@ vzDomainShutdownFlags(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainShutdownFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1157,6 +1272,9 @@ vzDomainReboot(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainRebootEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1188,7 +1306,12 @@ static int vzDomainIsActive(virDomainPtr domain) if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainIsActiveEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ret = virDomainObjIsActive(dom); + + cleanup: virObjectUnlock(dom);
return ret; @@ -1215,6 +1338,9 @@ vzDomainUndefineFlags(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainUndefineFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1244,16 +1370,23 @@ vzDomainHasManagedSaveImage(virDomainPtr domain, unsigned int flags) { virDomainObjPtr dom = NULL; int state, reason; - int ret = 0; + int ret = -1;
virCheckFlags(0, -1);
if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainHasManagedSaveImageEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + state = virDomainObjGetState(dom, &reason); if (state == VIR_DOMAIN_SHUTOFF && reason == VIR_DOMAIN_SHUTOFF_SAVED) ret = 1; + else + ret = 0; + + cleanup: virObjectUnlock(dom);
return ret; @@ -1274,6 +1407,9 @@ vzDomainManagedSave(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainManagedSaveEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1314,6 +1450,9 @@ vzDomainManagedSaveRemove(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainManagedSaveRemoveEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + state = virDomainObjGetState(dom, &reason);
if (!(state == VIR_DOMAIN_SHUTOFF && reason == VIR_DOMAIN_SHUTOFF_SAVED)) @@ -1366,6 +1505,9 @@ static int vzDomainAttachDeviceFlags(virDomainPtr domain, const char *xml, if (vzCheckConfigUpdateFlags(dom, &flags) < 0) goto cleanup;
+ if (virDomainAttachDeviceFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + dev = virDomainDeviceDefParse(xml, dom->def, privconn->driver->caps, privconn->driver->xmlopt, VIR_DOMAIN_XML_INACTIVE); if (dev == NULL) @@ -1435,6 +1577,9 @@ static int vzDomainDetachDeviceFlags(virDomainPtr domain, const char *xml, if (vzCheckConfigUpdateFlags(dom, &flags) < 0) goto cleanup;
+ if (virDomainDetachDeviceFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + dev = virDomainDeviceDefParse(xml, dom->def, privconn->driver->caps, privconn->driver->xmlopt, VIR_DOMAIN_XML_INACTIVE | @@ -1502,6 +1647,9 @@ vzDomainSetUserPassword(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainSetUserPasswordEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1527,7 +1675,12 @@ vzDomainGetMaxMemory(virDomainPtr domain) if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainGetMaxMemoryEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ret = virDomainDefGetMemoryTotal(dom->def); + + cleanup: virObjectUnlock(dom); return ret; } @@ -1586,6 +1739,9 @@ vzDomainBlockStats(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainBlockStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainBlockStatsImpl(dom, path, stats) < 0) goto cleanup;
@@ -1650,6 +1806,9 @@ vzDomainBlockStatsFlags(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainBlockStatsFlagsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainBlockStatsImpl(dom, path, &stats) < 0) goto cleanup;
@@ -1671,14 +1830,19 @@ vzDomainInterfaceStats(virDomainPtr domain, { virDomainObjPtr dom = NULL; vzDomObjPtr privdom; - int ret; + int ret = -1;
if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainInterfaceStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + privdom = dom->privateData;
ret = prlsdkGetNetStats(privdom->stats, privdom->sdkdom, path, stats); + + cleanup: virDomainObjEndAPI(&dom);
return ret; @@ -1698,9 +1862,14 @@ vzDomainMemoryStats(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainMemoryStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + privdom = dom->privateData;
ret = prlsdkGetMemoryStats(privdom->stats, stats, nr_stats); + + cleanup: virDomainObjEndAPI(&dom);
return ret; @@ -1711,7 +1880,7 @@ vzDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags) { virDomainObjPtr dom; - int ret; + int ret = -1;
virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG | @@ -1720,11 +1889,15 @@ vzDomainGetVcpusFlags(virDomainPtr domain, if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainGetVcpusFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (flags & VIR_DOMAIN_VCPU_MAXIMUM) ret = virDomainDefGetVcpusMax(dom->def); else ret = virDomainDefGetVcpus(dom->def);
+ cleanup: virObjectUnlock(dom);
return ret; @@ -1739,19 +1912,29 @@ static int vzDomainGetMaxVcpus(virDomainPtr domain) static int vzDomainIsUpdated(virDomainPtr domain) { virDomainObjPtr dom; + int ret = -1;
/* As far as VZ domains are always updated (e.g. current==persistent), * we just check for domain existence */ if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainIsUpdatedEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + + ret = 0; + + cleanup: virObjectUnlock(dom); - return 0; + return ret; }
-static int vzConnectGetMaxVcpus(virConnectPtr conn ATTRIBUTE_UNUSED, +static int vzConnectGetMaxVcpus(virConnectPtr conn, const char *type) { + if (virConnectGetMaxVcpusEnsureACL(conn) < 0) + return -1; + /* As far as we have no limitation for containers * we report maximum */ if (type == NULL || STRCASEEQ(type, "vz") || STRCASEEQ(type, "parallels")) @@ -1763,38 +1946,51 @@ static int vzConnectGetMaxVcpus(virConnectPtr conn ATTRIBUTE_UNUSED, }
static int -vzNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetCPUStats(virConnectPtr conn, int cpuNum, virNodeCPUStatsPtr params, int *nparams, unsigned int flags) { + if (virNodeGetCPUStatsEnsureACL(conn) < 0) + return -1; + return virHostCPUGetStats(cpuNum, params, nparams, flags); }
static int -vzNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetMemoryStats(virConnectPtr conn, int cellNum, virNodeMemoryStatsPtr params, int *nparams, unsigned int flags) { + if (virNodeGetMemoryStatsEnsureACL(conn) < 0) + return -1; + return virHostMemGetStats(cellNum, params, nparams, flags); }
static int -vzNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED, +vzNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, int startCell, int maxCells) { + if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0) + return -1; + return virHostMemGetCellsFree(freeMems, startCell, maxCells); }
static unsigned long long -vzNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED) +vzNodeGetFreeMemory(virConnectPtr conn) { unsigned long long freeMem; + + if (virNodeGetFreeMemoryEnsureACL(conn) < 0) + return -1; + if (virHostMemGetInfo(NULL, &freeMem) < 0) return 0; return freeMem; @@ -1809,6 +2005,9 @@ vzConnectRegisterCloseCallback(virConnectPtr conn, vzConnPtr privconn = conn->privateData; int ret = -1;
+ if (virConnectRegisterCloseCallbackEnsureACL(conn) < 0) + return -1; + virObjectLock(privconn->driver);
if (virConnectCloseCallbackDataGetCallback(privconn->closeCallback) != NULL) { @@ -1833,6 +2032,9 @@ vzConnectUnregisterCloseCallback(virConnectPtr conn, virConnectCloseFunc cb) vzConnPtr privconn = conn->privateData; int ret = -1;
+ if (virConnectUnregisterCloseCallbackEnsureACL(conn) < 0) + return -1; + virObjectLock(privconn->driver);
if (virConnectCloseCallbackDataGetCallback(privconn->closeCallback) != cb) { @@ -1866,6 +2068,9 @@ static int vzDomainSetMemoryFlags(virDomainPtr domain, unsigned long memory, if (vzCheckConfigUpdateFlags(dom, &flags) < 0) goto cleanup;
+ if (virDomainSetMemoryFlagsEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1892,6 +2097,9 @@ static int vzDomainSetMemory(virDomainPtr domain, unsigned long memory) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainSetMemoryEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -1964,6 +2172,9 @@ vzDomainSnapshotNum(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainSnapshotNumEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -1992,6 +2203,9 @@ vzDomainSnapshotListNames(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainSnapshotListNamesEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2019,6 +2233,9 @@ vzDomainListAllSnapshots(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainListAllSnapshotsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2046,6 +2263,9 @@ vzDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return NULL;
+ if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, dom->def, flags) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2079,6 +2299,9 @@ vzDomainSnapshotNumChildren(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1;
+ if (virDomainSnapshotNumChildrenEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2111,6 +2334,9 @@ vzDomainSnapshotListChildrenNames(virDomainSnapshotPtr snapshot, if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1;
+ if (virDomainSnapshotListChildrenNamesEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2142,6 +2368,9 @@ vzDomainSnapshotListAllChildren(virDomainSnapshotPtr snapshot, if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1;
+ if (virDomainSnapshotListAllChildrenEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2172,6 +2401,9 @@ vzDomainSnapshotLookupByName(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return NULL;
+ if (virDomainSnapshotLookupByNameEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2199,6 +2431,9 @@ vzDomainHasCurrentSnapshot(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainHasCurrentSnapshotEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2224,6 +2459,9 @@ vzDomainSnapshotGetParent(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return NULL;
+ if (virDomainSnapshotGetParentEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2259,6 +2497,9 @@ vzDomainSnapshotCurrent(virDomainPtr domain, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(domain))) return NULL;
+ if (virDomainSnapshotCurrentEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2290,6 +2531,9 @@ vzDomainSnapshotIsCurrent(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1;
+ if (virDomainSnapshotIsCurrentEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2317,6 +2561,9 @@ vzDomainSnapshotHasMetadata(virDomainSnapshotPtr snapshot, if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1;
+ if (virDomainSnapshotHasMetadataEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (!(snapshots = prlsdkLoadSnapshots(dom))) goto cleanup;
@@ -2352,6 +2599,9 @@ vzDomainSnapshotCreateXML(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return NULL;
+ if (virDomainSnapshotCreateXMLEnsureACL(domain->conn, dom->def, flags) < 0) + goto cleanup; + if (!(def = virDomainSnapshotDefParseString(xmlDesc, driver->caps, driver->xmlopt, parse_flags))) goto cleanup; @@ -2412,9 +2662,13 @@ vzDomainSnapshotDelete(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomainRef(snapshot->domain))) return -1;
+ if (virDomainSnapshotDeleteEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + ret = prlsdkDeleteSnapshot(dom, snapshot->name, flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN);
+ cleanup: virDomainObjEndAPI(&dom);
return ret; @@ -2432,6 +2686,9 @@ vzDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, unsigned int flags) if (!(dom = vzDomObjFromDomain(snapshot->domain))) return -1;
+ if (virDomainRevertToSnapshotEnsureACL(snapshot->domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainObjBeginJob(dom) < 0) goto cleanup; job = true; @@ -2648,6 +2905,9 @@ vzDomainMigrateBegin3Params(virDomainPtr domain, if (!(dom = vzDomObjFromDomain(domain))) goto cleanup;
+ if (virDomainMigrateBegin3ParamsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + xml = vzDomainMigrateBeginStep(dom, privconn->driver, params, nparams, cookieout, cookieoutlen);
@@ -2694,8 +2954,11 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, unsigned int flags) { vzConnPtr privconn = conn->privateData; + vzDriverPtr driver = privconn->driver; const char *miguri = NULL; const char *dname = NULL; + const char *dom_xml = NULL; + virDomainDefPtr def = NULL; int ret = -1;
virCheckFlags(VZ_MIGRATION_FLAGS, -1); @@ -2706,6 +2969,8 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, if (virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_URI, &miguri) < 0 || virTypedParamsGetString(params, nparams, + VIR_MIGRATE_PARAM_DEST_XML, &dom_xml) < 0 || + virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_DEST_NAME, &dname) < 0) goto cleanup;
@@ -2722,15 +2987,32 @@ vzDomainMigratePrepare3Params(virConnectPtr conn, | VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0) goto cleanup;
+ if (!(def = virDomainDefParseString(dom_xml, driver->caps, driver->xmlopt, + VIR_DOMAIN_DEF_PARSE_INACTIVE))) + goto cleanup; + + if (dname) { + VIR_FREE(def->name); + if (VIR_STRDUP(def->name, dname) < 0) + goto cleanup; + } + + if (virDomainMigratePrepare3ParamsEnsureACL(conn, def) < 0) + goto cleanup; + ret = 0;
cleanup: + virDomainDefFree(def); return ret; }
static int vzConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature) { + if (virConnectSupportsFeatureEnsureACL(conn) < 0) + return -1; + switch (feature) { case VIR_DRV_FEATURE_MIGRATION_PARAMS: case VIR_DRV_FEATURE_MIGRATION_P2P: @@ -2947,7 +3229,7 @@ vzDomainMigratePerform3Params(virDomainPtr domain, int *cookieoutlen ATTRIBUTE_UNUSED, unsigned int flags) { - int ret; + int ret = -1; virDomainObjPtr dom; vzConnPtr privconn = domain->conn->privateData;
@@ -2959,6 +3241,9 @@ vzDomainMigratePerform3Params(virDomainPtr domain, if (!(dom = vzDomObjFromDomainRef(domain))) return -1;
+ if (virDomainMigratePerform3ParamsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (flags & VIR_MIGRATE_PEER2PEER) ret = vzDomainMigratePerformP2P(dom, privconn->driver, dconnuri, params, nparams, flags); @@ -2966,6 +3251,7 @@ vzDomainMigratePerform3Params(virDomainPtr domain, ret = vzDomainMigratePerformStep(dom, privconn->driver, params, nparams, cookiein, cookieinlen, flags);
+ cleanup: virDomainObjEndAPI(&dom);
return ret; @@ -3003,6 +3289,11 @@ vzDomainMigrateFinish3Params(virConnectPtr dconn, if (!(dom = prlsdkAddDomainByName(driver, name))) goto cleanup;
+ /* At first glace at may look strange that we add domain and + * then check ACL but we touch only cache and not real system state */ + if (virDomainMigrateFinish3ParamsEnsureACL(dconn, dom->def) < 0) + goto cleanup; + domain = virGetDomain(dconn, dom->def->name, dom->def->uuid); if (domain) domain->id = dom->def->id; @@ -3060,13 +3351,17 @@ static int vzDomainGetJobInfo(virDomainPtr domain, virDomainJobInfoPtr info) { virDomainObjPtr dom; - int ret; + int ret = -1;
if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainGetJobInfoEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + ret = vzDomainGetJobInfoImpl(dom, info);
+ cleanup: virObjectUnlock(dom); return ret; } @@ -3122,6 +3417,9 @@ vzDomainGetJobStats(virDomainPtr domain, if (!(dom = vzDomObjFromDomain(domain))) return -1;
+ if (virDomainGetJobStatsEnsureACL(domain->conn, dom->def) < 0) + goto cleanup; + if (vzDomainGetJobInfoImpl(dom, &info) < 0) goto cleanup;
ACK with some cosmetic changes after rebase

24-Jun-16 17:32, Nikolay Shirokovskiy пишет:
First (patches 1 - 8) prepare driver to add checks.
Nikolay Shirokovskiy (9): vz: expand start/stop/... APIs for ACL checks vz: implement plain create API thru createFlags instead of visa versa vz: factor out block stats impl vz: factor out converting block stats to params vz: add missing flagged versions of API functions vz: expand setting memory API calls vz: prepare migration for ACL checks remote: rename protocol names for close callbacks vz: add ACL checks to API calls
daemon/remote.c | 4 +- src/Makefile.am | 5 +- src/check-aclrules.pl | 1 + src/remote/remote_driver.c | 4 +- src/remote/remote_protocol.x | 8 +- src/vz/vz_driver.c | 889 +++++++++++++++++++++++++++++++++++-------- src/vz/vz_sdk.c | 172 ++++----- src/vz/vz_sdk.h | 23 +- 8 files changed, 828 insertions(+), 278 deletions(-)
Pushed now. Thanks! Maxim
participants (2)
-
Maxim Nestratov
-
Nikolay Shirokovskiy