11:32 p.m.
First (patches 1 - 8) prepare driver to add checks.
Nikolay Shirokovskiy (9):
vz: expand start/stop/... APIs for ACL checks
vz: implement plain create API thru createFlags instead of visa versa
vz: factor out block stats impl
vz: factor out converting block stats to params
vz: add missing flagged versions of API functions
vz: expand setting memory API calls
vz: prepare migration for ACL checks
remote: rename protocol names for close callbacks
vz: add ACL checks to API calls
daemon/remote.c | 4 +-
src/Makefile.am | 5 +-
src/check-aclrules.pl | 1 +
src/remote/remote_driver.c | 4 +-
src/remote/remote_protocol.x | 8 +-
src/vz/vz_driver.c | 889 +++++++++++++++++++++++++++++++++++--------
src/vz/vz_sdk.c | 172 ++++-----
src/vz/vz_sdk.h | 23 +-
8 files changed, 828 insertions(+), 278 deletions(-)
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 1/9] vz: expand start/stop/... APIs for ACL checks
The original motivation is to expand API calls like start/stop etc so that
the ACL checks could be added. But this patch has its own befenits.
1. functions like prlsdkStart/Stop use common routine to wait for
job without domain lock. They become more self contained and do
not return intermediate PRL_RESULT.
2. vzDomainManagedSave do not update cache twice.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 216 ++++++++++++++++++++++++++++++++++++++++++++++++-----
src/vz/vz_sdk.c | 172 +++++++++++++++++++++---------------------
src/vz/vz_sdk.h | 23 ++----
3 files changed, 291 insertions(+), 120 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index faa1f56..0079384 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -957,36 +957,210 @@ vzConnectDomainEventDeregisterAny(virConnectPtr conn,
return 0;
}
-static int vzDomainSuspend(virDomainPtr domain)
+static int
+vzDomainSuspend(virDomainPtr domain)
{
- return prlsdkDomainChangeState(domain, prlsdkPause);
+ vzConnPtr privconn = domain->conn->privateData;
+ virDomainObjPtr dom;
+ int ret = -1;
+ bool job = false;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ if (prlsdkPause(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
-static int vzDomainResume(virDomainPtr domain)
+static int
+vzDomainResume(virDomainPtr domain)
{
- return prlsdkDomainChangeState(domain, prlsdkResume);
+ vzConnPtr privconn = domain->conn->privateData;
+ virDomainObjPtr dom;
+ int ret = -1;
+ bool job = false;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ if (prlsdkResume(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
-static int vzDomainCreate(virDomainPtr domain)
+static int
+vzDomainCreate(virDomainPtr domain)
{
- return prlsdkDomainChangeState(domain, prlsdkStart);
+ vzConnPtr privconn = domain->conn->privateData;
+ virDomainObjPtr dom;
+ int ret = -1;
+ bool job = false;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ if (prlsdkStart(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
-static int vzDomainDestroy(virDomainPtr domain)
+static int
+vzDomainDestroy(virDomainPtr domain)
{
- return prlsdkDomainChangeState(domain, prlsdkKill);
+ vzConnPtr privconn = domain->conn->privateData;
+ virDomainObjPtr dom;
+ int ret = -1;
+ bool job = false;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ if (prlsdkKill(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
-static int vzDomainShutdown(virDomainPtr domain)
+static int
+vzDomainShutdown(virDomainPtr domain)
{
- return prlsdkDomainChangeState(domain, prlsdkStop);
+ vzConnPtr privconn = domain->conn->privateData;
+ virDomainObjPtr dom;
+ int ret = -1;
+ bool job = false;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ if (prlsdkStop(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
-static int vzDomainReboot(virDomainPtr domain,
- unsigned int flags)
+static int
+vzDomainReboot(virDomainPtr domain, unsigned int flags)
{
+ vzConnPtr privconn = domain->conn->privateData;
+ virDomainObjPtr dom;
+ int ret = -1;
+ bool job = false;
+
virCheckFlags(0, -1);
- return prlsdkDomainChangeState(domain, prlsdkRestart);
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ if (prlsdkRestart(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
static int vzDomainIsActive(virDomainPtr domain)
@@ -1095,13 +1269,17 @@ vzDomainManagedSave(virDomainPtr domain, unsigned int flags)
state = virDomainObjGetState(dom, &reason);
- if (state == VIR_DOMAIN_RUNNING && (flags & VIR_DOMAIN_SAVE_PAUSED)) {
- ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, prlsdkPause);
- if (ret)
- goto cleanup;
- }
+ if (state == VIR_DOMAIN_RUNNING && (flags & VIR_DOMAIN_SAVE_PAUSED)
&&
+ prlsdkPause(dom) < 0)
+ goto cleanup;
- ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, prlsdkSuspend);
+ if (prlsdkSuspend(dom) < 0)
+ goto cleanup;
+
+ if (prlsdkUpdateDomain(privconn->driver, dom) < 0)
+ goto cleanup;
+
+ ret = 0;
cleanup:
if (job)
diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c
index 77193e6..02cbb3b 100644
--- a/src/vz/vz_sdk.c
+++ b/src/vz/vz_sdk.c
@@ -40,6 +40,8 @@
static int
prlsdkUUIDParse(const char *uuidstr, unsigned char *uuid);
+static void
+prlsdkConvertError(PRL_RESULT pret);
VIR_LOG_INIT("parallels.sdk");
@@ -2004,131 +2006,129 @@ void prlsdkUnsubscribeFromPCSEvents(vzDriverPtr driver)
logPrlError(ret);
}
-PRL_RESULT prlsdkStart(PRL_HANDLE sdkdom)
+int prlsdkStart(virDomainObjPtr dom)
{
PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
+
+ job = PrlVm_StartEx(privdom->sdkdom, PSM_VM_START, 0);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
- job = PrlVm_StartEx(sdkdom, PSM_VM_START, 0);
- return waitJob(job);
+ return 0;
}
-static PRL_RESULT prlsdkStopEx(PRL_HANDLE sdkdom, PRL_UINT32 mode)
+int prlsdkKill(virDomainObjPtr dom)
{
PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
- job = PrlVm_StopEx(sdkdom, mode, 0);
- return waitJob(job);
-}
+ job = PrlVm_StopEx(privdom->sdkdom, PSM_KILL, 0);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
-PRL_RESULT prlsdkKill(PRL_HANDLE sdkdom)
-{
- return prlsdkStopEx(sdkdom, PSM_KILL);
+ return 0;
}
-PRL_RESULT prlsdkStop(PRL_HANDLE sdkdom)
+int prlsdkStop(virDomainObjPtr dom)
{
- return prlsdkStopEx(sdkdom, PSM_SHUTDOWN);
+ PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
+
+ job = PrlVm_StopEx(privdom->sdkdom, PSM_SHUTDOWN, 0);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
+
+ return 0;
}
-PRL_RESULT prlsdkPause(PRL_HANDLE sdkdom)
+int prlsdkPause(virDomainObjPtr dom)
{
PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
+
+ job = PrlVm_Pause(privdom->sdkdom, false);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
- job = PrlVm_Pause(sdkdom, false);
- return waitJob(job);
+ return 0;
}
-PRL_RESULT prlsdkResume(PRL_HANDLE sdkdom)
+int prlsdkResume(virDomainObjPtr dom)
{
PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
- job = PrlVm_Resume(sdkdom);
- return waitJob(job);
+ job = PrlVm_Resume(privdom->sdkdom);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
+
+ return 0;
}
-PRL_RESULT prlsdkSuspend(PRL_HANDLE sdkdom)
+int prlsdkSuspend(virDomainObjPtr dom)
{
PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
- job = PrlVm_Suspend(sdkdom);
- return waitJob(job);
+ job = PrlVm_Suspend(privdom->sdkdom);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
+
+ return 0;
}
-PRL_RESULT prlsdkRestart(PRL_HANDLE sdkdom)
+int prlsdkRestart(virDomainObjPtr dom)
{
PRL_HANDLE job = PRL_INVALID_HANDLE;
+ vzDomObjPtr privdom = dom->privateData;
+ PRL_RESULT pret;
- job = PrlVm_Restart(sdkdom);
- return waitJob(job);
+ job = PrlVm_Restart(privdom->sdkdom);
+ if (PRL_FAILED(pret = waitDomainJob(job, dom))) {
+ prlsdkConvertError(pret);
+ return -1;
+ }
+
+ return 0;
}
-int
-prlsdkDomainChangeStateLocked(vzDriverPtr driver,
- virDomainObjPtr dom,
- prlsdkChangeStateFunc chstate)
+static void
+prlsdkConvertError(PRL_RESULT pret)
{
- vzDomObjPtr pdom;
- PRL_RESULT pret;
virErrorNumber virerr;
- pdom = dom->privateData;
- virObjectUnlock(dom);
- pret = chstate(pdom->sdkdom);
- virObjectLock(dom);
- if (PRL_FAILED(pret)) {
- virResetLastError();
-
- switch (pret) {
- case PRL_ERR_DISP_VM_IS_NOT_STARTED:
- case PRL_ERR_DISP_VM_IS_NOT_STOPPED:
- case PRL_ERR_INVALID_ACTION_REQUESTED:
- case PRL_ERR_UNIMPLEMENTED:
- virerr = VIR_ERR_OPERATION_INVALID;
- break;
- default:
- virerr = VIR_ERR_OPERATION_FAILED;
- }
-
- virReportError(virerr, "%s", _("Can't change domain
state."));
- return -1;
- }
-
- return prlsdkUpdateDomain(driver, dom);
-}
-
-int
-prlsdkDomainChangeState(virDomainPtr domain,
- prlsdkChangeStateFunc chstate)
-{
- vzConnPtr privconn = domain->conn->privateData;
- virDomainObjPtr dom;
- int ret = -1;
- bool job = false;
-
- if (!(dom = vzDomObjFromDomainRef(domain)))
- return -1;
-
- if (vzDomainObjBeginJob(dom) < 0)
- goto cleanup;
- job = true;
-
- if (dom->removing) {
- char uuidstr[VIR_UUID_STRING_BUFLEN];
-
- virUUIDFormat(dom->def->uuid, uuidstr);
- virReportError(VIR_ERR_NO_DOMAIN,
- _("no domain with matching uuid '%s' (%s)"),
- uuidstr, dom->def->name);
- goto cleanup;
+ switch (pret) {
+ case PRL_ERR_DISP_VM_IS_NOT_STARTED:
+ case PRL_ERR_DISP_VM_IS_NOT_STOPPED:
+ case PRL_ERR_INVALID_ACTION_REQUESTED:
+ case PRL_ERR_UNIMPLEMENTED:
+ virerr = VIR_ERR_OPERATION_INVALID;
+ break;
+ default:
+ virerr = VIR_ERR_OPERATION_FAILED;
}
- ret = prlsdkDomainChangeStateLocked(privconn->driver, dom, chstate);
-
- cleanup:
- if (job)
- vzDomainObjEndJob(dom);
- virDomainObjEndAPI(&dom);
- return ret;
+ virResetLastError();
+ virReportError(virerr, "%s", _("Can't change domain
state."));
}
static int
diff --git a/src/vz/vz_sdk.h b/src/vz/vz_sdk.h
index e32001a..e9d7169 100644
--- a/src/vz/vz_sdk.h
+++ b/src/vz/vz_sdk.h
@@ -37,22 +37,15 @@ prlsdkAddDomainByName(vzDriverPtr driver, const char *name);
int prlsdkUpdateDomain(vzDriverPtr driver, virDomainObjPtr dom);
int prlsdkSubscribeToPCSEvents(vzDriverPtr driver);
void prlsdkUnsubscribeFromPCSEvents(vzDriverPtr driver);
-PRL_RESULT prlsdkStart(PRL_HANDLE sdkdom);
-PRL_RESULT prlsdkKill(PRL_HANDLE sdkdom);
-PRL_RESULT prlsdkStop(PRL_HANDLE sdkdom);
-PRL_RESULT prlsdkPause(PRL_HANDLE sdkdom);
-PRL_RESULT prlsdkResume(PRL_HANDLE sdkdom);
-PRL_RESULT prlsdkSuspend(PRL_HANDLE sdkdom);
-PRL_RESULT prlsdkRestart(PRL_HANDLE sdkdom);
-typedef PRL_RESULT (*prlsdkChangeStateFunc)(PRL_HANDLE sdkdom);
-int
-prlsdkDomainChangeState(virDomainPtr domain,
- prlsdkChangeStateFunc chstate);
-int
-prlsdkDomainChangeStateLocked(vzDriverPtr driver,
- virDomainObjPtr dom,
- prlsdkChangeStateFunc chstate);
+int prlsdkStart(virDomainObjPtr dom);
+int prlsdkKill(virDomainObjPtr dom);
+int prlsdkStop(virDomainObjPtr dom);
+int prlsdkPause(virDomainObjPtr dom);
+int prlsdkResume(virDomainObjPtr dom);
+int prlsdkSuspend(virDomainObjPtr dom);
+int prlsdkRestart(virDomainObjPtr dom);
+
int
prlsdkApplyConfig(vzDriverPtr driver,
virDomainObjPtr dom,
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 2/9] vz: implement plain create API thru createFlags instead of visa versa
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 0079384..8e39a5d 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -1026,13 +1026,15 @@ vzDomainResume(virDomainPtr domain)
}
static int
-vzDomainCreate(virDomainPtr domain)
+vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags)
{
vzConnPtr privconn = domain->conn->privateData;
virDomainObjPtr dom;
int ret = -1;
bool job = false;
+ virCheckFlags(0, -1);
+
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
@@ -1178,12 +1180,9 @@ static int vzDomainIsActive(virDomainPtr domain)
}
static int
-vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags)
+vzDomainCreate(virDomainPtr domain)
{
- /* we don't support any create flags */
- virCheckFlags(0, -1);
-
- return vzDomainCreate(domain);
+ return vzDomainCreateWithFlags(domain, 0);
}
static int
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 3/9] vz: factor out block stats impl
Now we can use intended ACL check for both API calls.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 45 +++++++++++++++++++++++++++++++--------------
1 file changed, 31 insertions(+), 14 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 8e39a5d..f7e1c07 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -1518,27 +1518,21 @@ vzDomainGetMaxMemory(virDomainPtr domain)
}
static int
-vzDomainBlockStats(virDomainPtr domain, const char *path,
- virDomainBlockStatsPtr stats)
+vzDomainBlockStatsImpl(virDomainObjPtr dom,
+ const char *path,
+ virDomainBlockStatsPtr stats)
{
- virDomainObjPtr dom = NULL;
- vzDomObjPtr privdom;
- int ret = -1;
+ vzDomObjPtr privdom = dom->privateData;
size_t i;
int idx;
- if (!(dom = vzDomObjFromDomainRef(domain)))
- return -1;
-
- privdom = dom->privateData;
-
if (*path) {
if ((idx = virDomainDiskIndexByName(dom->def, path, false)) < 0) {
virReportError(VIR_ERR_INVALID_ARG, _("invalid path: %s"), path);
- goto cleanup;
+ return -1;
}
if (prlsdkGetBlockStats(privdom->stats, dom->def->disks[idx], stats)
< 0)
- goto cleanup;
+ return -1;
} else {
virDomainBlockStatsStruct s;
@@ -1551,7 +1545,7 @@ vzDomainBlockStats(virDomainPtr domain, const char *path,
for (i = 0; i < dom->def->ndisks; i++) {
if (prlsdkGetBlockStats(privdom->stats, dom->def->disks[i], &s)
< 0)
- goto cleanup;
+ return -1;
#define PARALLELS_SUM_STATS(VAR, TYPE, NAME) \
if (s.VAR != -1) \
@@ -1563,6 +1557,23 @@ vzDomainBlockStats(virDomainPtr domain, const char *path,
}
}
stats->errs = -1;
+ return 0;
+}
+
+static int
+vzDomainBlockStats(virDomainPtr domain,
+ const char *path,
+ virDomainBlockStatsPtr stats)
+{
+ virDomainObjPtr dom;
+ int ret = -1;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainBlockStatsImpl(dom, path, stats) < 0)
+ goto cleanup;
+
ret = 0;
cleanup:
@@ -1579,6 +1590,7 @@ vzDomainBlockStatsFlags(virDomainPtr domain,
unsigned int flags)
{
virDomainBlockStatsStruct stats;
+ virDomainObjPtr dom;
int ret = -1;
size_t i;
@@ -1586,7 +1598,10 @@ vzDomainBlockStatsFlags(virDomainPtr domain,
/* We don't return strings, and thus trivially support this flag. */
flags &= ~VIR_TYPED_PARAM_STRING_OKAY;
- if (vzDomainBlockStats(domain, path, &stats) < 0)
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainBlockStatsImpl(dom, path, &stats) < 0)
goto cleanup;
if (*nparams == 0) {
@@ -1618,6 +1633,8 @@ vzDomainBlockStatsFlags(virDomainPtr domain,
ret = 0;
cleanup:
+ virDomainObjEndAPI(&dom);
+
return ret;
}
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 4/9] vz: factor out converting block stats to params
This action deserves its own function and makes main API call
structure much cleaner.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 61 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 36 insertions(+), 25 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index f7e1c07..72774ae 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -1583,6 +1583,41 @@ vzDomainBlockStats(virDomainPtr domain,
}
static int
+vzDomainBlockStatsToParams(virDomainBlockStatsPtr stats,
+ virTypedParameterPtr params,
+ int *nparams)
+{
+ size_t i;
+
+ if (*nparams == 0) {
+#define PARALLELS_COUNT_STATS(VAR, TYPE, NAME) \
+ if ((stats->VAR) != -1) \
+ ++*nparams;
+
+ PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_COUNT_STATS)
+
+#undef PARALLELS_COUNT_STATS
+ return 0;
+ }
+
+ i = 0;
+#define PARALLELS_BLOCK_STATS_ASSIGN_PARAM(VAR, TYPE, NAME) \
+ if (i < *nparams && (stats->VAR) != -1) {
\
+ if (virTypedParameterAssign(params + i, TYPE, \
+ VIR_TYPED_PARAM_LLONG, (stats->VAR)) < 0) \
+ return -1; \
+ i++; \
+ }
+
+ PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_BLOCK_STATS_ASSIGN_PARAM)
+
+#undef PARALLELS_BLOCK_STATS_ASSIGN_PARAM
+
+ *nparams = i;
+ return 0;
+}
+
+static int
vzDomainBlockStatsFlags(virDomainPtr domain,
const char *path,
virTypedParameterPtr params,
@@ -1592,7 +1627,6 @@ vzDomainBlockStatsFlags(virDomainPtr domain,
virDomainBlockStatsStruct stats;
virDomainObjPtr dom;
int ret = -1;
- size_t i;
virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
/* We don't return strings, and thus trivially support this flag. */
@@ -1604,32 +1638,9 @@ vzDomainBlockStatsFlags(virDomainPtr domain,
if (vzDomainBlockStatsImpl(dom, path, &stats) < 0)
goto cleanup;
- if (*nparams == 0) {
-#define PARALLELS_COUNT_STATS(VAR, TYPE, NAME) \
- if ((stats.VAR) != -1) \
- ++*nparams;
-
- PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_COUNT_STATS)
-
-#undef PARALLELS_COUNT_STATS
- ret = 0;
+ if (vzDomainBlockStatsToParams(&stats, params, nparams) < 0)
goto cleanup;
- }
- i = 0;
-#define PARALLELS_BLOCK_STATS_ASSIGN_PARAM(VAR, TYPE, NAME) \
- if (i < *nparams && (stats.VAR) != -1) {
\
- if (virTypedParameterAssign(params + i, TYPE, \
- VIR_TYPED_PARAM_LLONG, (stats.VAR)) < 0) \
- goto cleanup; \
- i++; \
- }
-
- PARALLELS_BLOCK_STATS_FOREACH(PARALLELS_BLOCK_STATS_ASSIGN_PARAM)
-
-#undef PARALLELS_BLOCK_STATS_ASSIGN_PARAM
-
- *nparams = i;
ret = 0;
cleanup:
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 5/9] vz: add missing flagged versions of API functions
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 72774ae..9c93db1 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -1062,13 +1062,15 @@ vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags)
}
static int
-vzDomainDestroy(virDomainPtr domain)
+vzDomainDestroyFlags(virDomainPtr domain, unsigned int flags)
{
vzConnPtr privconn = domain->conn->privateData;
virDomainObjPtr dom;
int ret = -1;
bool job = false;
+ virCheckFlags(0, -1);
+
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
@@ -1096,13 +1098,21 @@ vzDomainDestroy(virDomainPtr domain)
}
static int
-vzDomainShutdown(virDomainPtr domain)
+vzDomainDestroy(virDomainPtr dom)
+{
+ return vzDomainDestroyFlags(dom, 0);
+}
+
+static int
+vzDomainShutdownFlags(virDomainPtr domain, unsigned int flags)
{
vzConnPtr privconn = domain->conn->privateData;
virDomainObjPtr dom;
int ret = -1;
bool job = false;
+ virCheckFlags(0, -1);
+
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
@@ -1129,6 +1139,11 @@ vzDomainShutdown(virDomainPtr domain)
return ret;
}
+static int vzDomainShutdown(virDomainPtr dom)
+{
+ return vzDomainShutdownFlags(dom, 0);
+}
+
static int
vzDomainReboot(virDomainPtr domain, unsigned int flags)
{
@@ -3126,7 +3141,9 @@ static virHypervisorDriver vzHypervisorDriver = {
.domainSuspend = vzDomainSuspend, /* 0.10.0 */
.domainResume = vzDomainResume, /* 0.10.0 */
.domainDestroy = vzDomainDestroy, /* 0.10.0 */
+ .domainDestroyFlags = vzDomainDestroyFlags, /* 2.0.0 */
.domainShutdown = vzDomainShutdown, /* 0.10.0 */
+ .domainShutdownFlags = vzDomainShutdownFlags, /* 2.0.0 */
.domainCreate = vzDomainCreate, /* 0.10.0 */
.domainCreateWithFlags = vzDomainCreateWithFlags, /* 1.2.10 */
.domainReboot = vzDomainReboot, /* 1.3.0 */
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 6/9] vz: expand setting memory API calls
We need it to prepare the calls for ACL checks otherwise ACL checking
script will fail.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 85 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 50 insertions(+), 35 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 9c93db1..12abe82 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -1850,48 +1850,63 @@ vzConnectUnregisterCloseCallback(virConnectPtr conn,
virConnectCloseFunc cb)
return ret;
}
-static int vzDomainSetMemoryFlagsImpl(virDomainPtr domain, unsigned long memory,
- unsigned int flags, bool useflags)
-{
- virDomainObjPtr dom = NULL;
- int ret = -1;
- bool job = false;
-
- virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
- VIR_DOMAIN_AFFECT_CONFIG, -1);
-
- if (!(dom = vzDomObjFromDomainRef(domain)))
- return -1;
-
- if (useflags && vzCheckConfigUpdateFlags(dom, &flags) < 0)
- goto cleanup;
-
- if (vzDomainObjBeginJob(dom) < 0)
- goto cleanup;
- job = true;
-
- if (!vzDomainObjIsExist(dom))
- goto cleanup;
-
- ret = prlsdkSetMemsize(dom, memory >> 10);
-
- cleanup:
-
- if (job)
- vzDomainObjEndJob(dom);
- virDomainObjEndAPI(&dom);
- return ret;
-}
-
static int vzDomainSetMemoryFlags(virDomainPtr domain, unsigned long memory,
unsigned int flags)
{
- return vzDomainSetMemoryFlagsImpl(domain, memory, flags, true);
+ virDomainObjPtr dom = NULL;
+ int ret = -1;
+ bool job = false;
+
+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
+ VIR_DOMAIN_AFFECT_CONFIG, -1);
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzCheckConfigUpdateFlags(dom, &flags) < 0)
+ goto cleanup;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ ret = prlsdkSetMemsize(dom, memory >> 10);
+
+ cleanup:
+
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+ return ret;
}
static int vzDomainSetMemory(virDomainPtr domain, unsigned long memory)
{
- return vzDomainSetMemoryFlagsImpl(domain, memory, 0, false);
+ virDomainObjPtr dom = NULL;
+ int ret = -1;
+ bool job = false;
+
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
+ if (vzDomainObjBeginJob(dom) < 0)
+ goto cleanup;
+ job = true;
+
+ if (!vzDomainObjIsExist(dom))
+ goto cleanup;
+
+ ret = prlsdkSetMemsize(dom, memory >> 10);
+
+ cleanup:
+
+ if (job)
+ vzDomainObjEndJob(dom);
+ virDomainObjEndAPI(&dom);
+ return ret;
}
static virDomainSnapshotObjPtr
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 7/9] vz: prepare migration for ACL checks
ACL check on perform step should be in API call itself to make ACL
checking script pass. Thus we need to reorganize code to obtain
domain object in perform API itself. Most of this is straight
forward, the only nuance is dropping locks on lengthy remote
operations.
The other motivation is to have only perform step ACL checks for
p2p migration instead of both begin in perform if we can leave
ACL check in vzDomainMigratePerformStep.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/vz/vz_driver.c | 114 +++++++++++++++++++++++++++++++----------------------
1 file changed, 66 insertions(+), 48 deletions(-)
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 12abe82..9fa377e 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -2601,43 +2601,55 @@ vzEatCookie(const char *cookiein, int cookieinlen, unsigned int
flags)
NULL
static char *
-vzDomainMigrateBegin3Params(virDomainPtr domain,
- virTypedParameterPtr params,
- int nparams,
- char **cookieout,
- int *cookieoutlen,
- unsigned int flags)
+vzDomainMigrateBeginStep(virDomainObjPtr dom,
+ vzDriverPtr driver,
+ virTypedParameterPtr params,
+ int nparams,
+ char **cookieout,
+ int *cookieoutlen)
{
- char *xml = NULL;
- virDomainObjPtr dom = NULL;
- vzConnPtr privconn = domain->conn->privateData;
-
- virCheckFlags(VZ_MIGRATION_FLAGS, NULL);
-
- if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0)
- goto cleanup;
-
/* we can't do this check via VZ_MIGRATION_PARAMETERS as on preparation
* step domain xml will be passed via this parameter and it is a common
* style to use single allowed parameter list definition in all steps */
if (virTypedParamsGet(params, nparams, VIR_MIGRATE_PARAM_DEST_XML)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Changing destination XML is not supported"));
- goto cleanup;
+ return NULL;
}
- if (!(dom = vzDomObjFromDomain(domain)))
- goto cleanup;
-
/* session uuid, domain uuid and domain name are for backward compat */
- if (vzBakeCookie(privconn->driver, dom, cookieout, cookieoutlen,
+ if (vzBakeCookie(driver, dom, cookieout, cookieoutlen,
VZ_MIGRATION_COOKIE_SESSION_UUID
| VZ_MIGRATION_COOKIE_DOMAIN_UUID
| VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0)
+ return NULL;
+
+ return virDomainDefFormat(dom->def, driver->caps,
+ VIR_DOMAIN_XML_MIGRATABLE);
+}
+
+static char *
+vzDomainMigrateBegin3Params(virDomainPtr domain,
+ virTypedParameterPtr params,
+ int nparams,
+ char **cookieout,
+ int *cookieoutlen,
+ unsigned int flags)
+{
+ char *xml = NULL;
+ virDomainObjPtr dom = NULL;
+ vzConnPtr privconn = domain->conn->privateData;
+
+ virCheckFlags(VZ_MIGRATION_FLAGS, NULL);
+
+ if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0)
+ goto cleanup;
+
+ if (!(dom = vzDomObjFromDomain(domain)))
goto cleanup;
- xml = virDomainDefFormat(dom->def, privconn->driver->caps,
- VIR_DOMAIN_XML_MIGRATABLE);
+ xml = vzDomainMigrateBeginStep(dom, privconn->driver, params, nparams,
+ cookieout, cookieoutlen);
cleanup:
@@ -2765,7 +2777,8 @@ vzParseVzURI(const char *uri_str)
}
static int
-vzDomainMigratePerformStep(virDomainPtr domain,
+vzDomainMigratePerformStep(virDomainObjPtr dom,
+ vzDriverPtr driver,
virTypedParameterPtr params,
int nparams,
const char *cookiein,
@@ -2773,20 +2786,13 @@ vzDomainMigratePerformStep(virDomainPtr domain,
unsigned int flags)
{
int ret = -1;
- virDomainObjPtr dom = NULL;
- vzDomObjPtr privdom;
+ vzDomObjPtr privdom = dom->privateData;
virURIPtr vzuri = NULL;
- vzConnPtr privconn = domain->conn->privateData;
const char *miguri = NULL;
const char *dname = NULL;
vzMigrationCookiePtr mig = NULL;
bool job = false;
- virCheckFlags(VZ_MIGRATION_FLAGS, -1);
-
- if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0)
- goto cleanup;
-
if (virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_URI, &miguri) < 0 ||
virTypedParamsGetString(params, nparams,
@@ -2803,13 +2809,9 @@ vzDomainMigratePerformStep(virDomainPtr domain,
VZ_MIGRATION_COOKIE_SESSION_UUID)))
goto cleanup;
- if (!(dom = vzDomObjFromDomainRef(domain)))
- goto cleanup;
-
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
- privdom = dom->privateData;
privdom->job.hasProgress = true;
if (!vzDomainObjIsExist(dom))
@@ -2821,7 +2823,7 @@ vzDomainMigratePerformStep(virDomainPtr domain,
if (prlsdkMigrate(dom, vzuri, mig->session_uuid, dname, flags) < 0)
goto cleanup;
- virDomainObjListRemove(privconn->driver->domains, dom);
+ virDomainObjListRemove(driver->domains, dom);
virObjectLock(dom);
ret = 0;
@@ -2829,7 +2831,6 @@ vzDomainMigratePerformStep(virDomainPtr domain,
cleanup:
if (job)
vzDomainObjEndJob(dom);
- virDomainObjEndAPI(&dom);
virURIFree(vzuri);
vzMigrationCookieFree(mig);
@@ -2837,7 +2838,8 @@ vzDomainMigratePerformStep(virDomainPtr domain,
}
static int
-vzDomainMigratePerformP2P(virDomainPtr domain,
+vzDomainMigratePerformP2P(virDomainObjPtr dom,
+ vzDriverPtr driver,
const char *dconnuri,
virTypedParameterPtr orig_params,
int nparams,
@@ -2862,19 +2864,22 @@ vzDomainMigratePerformP2P(virDomainPtr domain,
if (!(dconn = virConnectOpen(dconnuri)))
goto done;
- if (!(dom_xml = vzDomainMigrateBegin3Params(domain, params, nparams,
- &cookieout, &cookieoutlen,
- flags)))
+ if (!(dom_xml = vzDomainMigrateBeginStep(dom, driver, params, nparams,
+ &cookieout, &cookieoutlen)))
goto done;
cookiein = cookieout;
cookieinlen = cookieoutlen;
cookieout = NULL;
cookieoutlen = 0;
- if (dconn->driver->domainMigratePrepare3Params
+ virObjectUnlock(dom);
+ ret = dconn->driver->domainMigratePrepare3Params
(dconn, params, nparams, cookiein, cookieinlen,
- &cookieout, &cookieoutlen, &uri, flags) < 0)
+ &cookieout, &cookieoutlen, &uri, flags);
+ virObjectLock(dom);
+ if (ret < 0)
goto done;
+ ret = -1;
/* preparation step was successful, thus on any error we must perform
* finish step to finalize migration on target
@@ -2890,7 +2895,7 @@ vzDomainMigratePerformP2P(virDomainPtr domain,
cookieinlen = cookieoutlen;
cookieout = NULL;
cookieoutlen = 0;
- if (vzDomainMigratePerformStep(domain, params, nparams, cookiein,
+ if (vzDomainMigratePerformStep(dom, driver, params, nparams, cookiein,
cookieinlen, flags) < 0) {
orig_err = virSaveLastError();
goto finish;
@@ -2903,12 +2908,14 @@ vzDomainMigratePerformP2P(virDomainPtr domain,
VIR_MIGRATE_PARAM_DEST_NAME, NULL) <= 0 &&
virTypedParamsReplaceString(¶ms, &nparams,
VIR_MIGRATE_PARAM_DEST_NAME,
- domain->name) < 0)
+ dom->def->name) < 0)
goto done;
+ virObjectUnlock(dom);
ddomain = dconn->driver->domainMigrateFinish3Params(dconn, params, nparams,
NULL, 0, NULL, NULL,
flags, cancelled);
+ virObjectLock(dom);
if (ddomain)
ret = 0;
virObjectUnref(ddomain);
@@ -2940,17 +2947,28 @@ vzDomainMigratePerform3Params(virDomainPtr domain,
int *cookieoutlen ATTRIBUTE_UNUSED,
unsigned int flags)
{
+ int ret;
+ virDomainObjPtr dom;
+ vzConnPtr privconn = domain->conn->privateData;
+
virCheckFlags(VZ_MIGRATION_FLAGS, -1);
if (virTypedParamsValidate(params, nparams, VZ_MIGRATION_PARAMETERS) < 0)
return -1;
+ if (!(dom = vzDomObjFromDomainRef(domain)))
+ return -1;
+
if (flags & VIR_MIGRATE_PEER2PEER)
- return vzDomainMigratePerformP2P(domain, dconnuri, params, nparams, flags);
+ ret = vzDomainMigratePerformP2P(dom, privconn->driver, dconnuri,
+ params, nparams, flags);
else
- return vzDomainMigratePerformStep(domain, params, nparams,
- cookiein, cookieinlen, flags);
+ ret = vzDomainMigratePerformStep(dom, privconn->driver, params, nparams,
+ cookiein, cookieinlen, flags);
+ virDomainObjEndAPI(&dom);
+
+ return ret;
}
static virDomainPtr
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 8/9] remote: rename protocol names for close callbacks
This way we make naming consistent to API calls and make subsequent
ACL checks possible (otherwise ACL check would discover name
discrepancies).
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
daemon/remote.c | 4 ++--
src/remote/remote_driver.c | 4 ++--
src/remote/remote_protocol.x | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 4e2aff8..2c71315 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3517,7 +3517,7 @@ remoteDispatchNodeDeviceGetParent(virNetServerPtr server
ATTRIBUTE_UNUSED,
}
static int
-remoteDispatchConnectCloseCallbackRegister(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchConnectRegisterCloseCallback(virNetServerPtr server ATTRIBUTE_UNUSED,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr)
@@ -3549,7 +3549,7 @@ remoteDispatchConnectCloseCallbackRegister(virNetServerPtr server
ATTRIBUTE_UNUS
}
static int
-remoteDispatchConnectCloseCallbackUnregister(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchConnectUnregisterCloseCallback(virNetServerPtr server ATTRIBUTE_UNUSED,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 3f9d812..0457e21 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -7540,7 +7540,7 @@ remoteConnectRegisterCloseCallback(virConnectPtr conn,
}
if (priv->serverCloseCallback &&
- call(conn, priv, 0, REMOTE_PROC_CONNECT_CLOSE_CALLBACK_REGISTER,
+ call(conn, priv, 0, REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK,
(xdrproc_t) xdr_void, (char *) NULL,
(xdrproc_t) xdr_void, (char *) NULL) == -1)
goto cleanup;
@@ -7571,7 +7571,7 @@ remoteConnectUnregisterCloseCallback(virConnectPtr conn,
}
if (priv->serverCloseCallback &&
- call(conn, priv, 0, REMOTE_PROC_CONNECT_CLOSE_CALLBACK_UNREGISTER,
+ call(conn, priv, 0, REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK,
(xdrproc_t) xdr_void, (char *) NULL,
(xdrproc_t) xdr_void, (char *) NULL) == -1)
goto cleanup;
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index d11bfdf..e7a7025 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -5796,13 +5796,13 @@ enum remote_procedure {
* @generate: none
* @acl: none
*/
- REMOTE_PROC_CONNECT_CLOSE_CALLBACK_REGISTER = 360,
+ REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK = 360,
/**
* @generate: none
* @acl: none
*/
- REMOTE_PROC_CONNECT_CLOSE_CALLBACK_UNREGISTER = 361,
+ REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK = 361,
/**
* @generate: none
--
1.8.3.1
11:32 p.m.
New subject: [libvirt] [PATCH 9/9] vz: add ACL checks to API calls
vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to
move removing domain from domain list from perform to confirm
step. This would further imply adding a flag and check that migration
is in progress to prohibit mistakenly (maliciously) removing domains
on confirm step. vz version of p2p also need to be fixed to include confirm step.
One would also need to add means to cleanup pending migration
on client disconnect as now is has state across several API
calls.
On the other hand current version of confirm step is totaly
harmless thus it is easier to whitelist it at the moment.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/Makefile.am | 5 +-
src/check-aclrules.pl | 1 +
src/remote/remote_protocol.x | 4 +-
src/vz/vz_driver.c | 348 +++++++++++++++++++++++++++++++++++++++----
4 files changed, 330 insertions(+), 28 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index a14cb3f..8ecec55 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -651,6 +651,7 @@ STATEFUL_DRIVER_SOURCE_FILES = \
$(STORAGE_DRIVER_SOURCES) \
$(UML_DRIVER_SOURCES) \
$(XEN_DRIVER_SOURCES) \
+ $(VZ_DRIVER_SOURCES) \
$(NULL)
@@ -1514,7 +1515,9 @@ else ! WITH_DRIVER_MODULES
noinst_LTLIBRARIES += libvirt_driver_vz.la
endif ! WITH_DRIVER_MODULES
libvirt_driver_vz_impl_la_CFLAGS = \
- -I$(srcdir)/conf $(AM_CFLAGS) \
+ -I$(srcdir)/conf \
+ -I$(srcdir)/access \
+ $(AM_CFLAGS) \
$(PARALLELS_SDK_CFLAGS) $(LIBNL_CFLAGS)
libvirt_driver_vz_impl_la_SOURCES = $(VZ_DRIVER_SOURCES)
libvirt_driver_vz_impl_la_LIBADD = $(PARALLELS_SDK_LIBS) $(LIBNL_LIBS)
diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl
index 9151e6a..8739cda 100755
--- a/src/check-aclrules.pl
+++ b/src/check-aclrules.pl
@@ -73,6 +73,7 @@ my %implwhitelist = (
"xenUnifiedDomainIsPersistent" => 1,
"xenUnifiedDomainIsUpdated" => 1,
"xenUnifiedDomainOpenConsole" => 1,
+ "vzDomainMigrateConfirm3Params" => 1,
);
my %filterimplwhitelist = (
"xenUnifiedConnectListDomains" => 1,
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index e7a7025..64e4b9e 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -5794,13 +5794,13 @@ enum remote_procedure {
/**
* @generate: none
- * @acl: none
+ * @acl: connect:getattr
*/
REMOTE_PROC_CONNECT_REGISTER_CLOSE_CALLBACK = 360,
/**
* @generate: none
- * @acl: none
+ * @acl: connect:getattr
*/
REMOTE_PROC_CONNECT_UNREGISTER_CLOSE_CALLBACK = 361,
diff --git a/src/vz/vz_driver.c b/src/vz/vz_driver.c
index 9fa377e..8e1d039 100644
--- a/src/vz/vz_driver.c
+++ b/src/vz/vz_driver.c
@@ -53,6 +53,7 @@
#include "virtypedparam.h"
#include "virhostmem.h"
#include "virhostcpu.h"
+#include "viraccessapicheck.h"
#include "vz_driver.h"
#include "vz_utils.h"
@@ -229,6 +230,9 @@ vzConnectGetCapabilities(virConnectPtr conn)
vzConnPtr privconn = conn->privateData;
char *xml;
+ if (virConnectGetCapabilitiesEnsureACL(conn) < 0)
+ return NULL;
+
xml = virCapabilitiesFormatXML(privconn->driver->caps);
return xml;
}
@@ -375,6 +379,9 @@ vzConnectOpen(virConnectPtr conn,
return VIR_DRV_OPEN_ERROR;
}
+ if (virConnectOpenEnsureACL(conn) < 0)
+ return VIR_DRV_OPEN_ERROR;
+
if (!(driver = vzGetDriverConnection()))
return VIR_DRV_OPEN_ERROR;
@@ -432,13 +439,20 @@ static int
vzConnectGetVersion(virConnectPtr conn, unsigned long *hvVer)
{
vzConnPtr privconn = conn->privateData;
+
+ if (virConnectGetVersionEnsureACL(conn) < 0)
+ return -1;
+
*hvVer = privconn->driver->vzVersion;
return 0;
}
-static char *vzConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
+static char *vzConnectGetHostname(virConnectPtr conn)
{
+ if (virConnectGetHostnameEnsureACL(conn) < 0)
+ return NULL;
+
return virGetHostname();
}
@@ -451,6 +465,9 @@ vzConnectGetSysinfo(virConnectPtr conn, unsigned int flags)
virCheckFlags(0, NULL);
+ if (virConnectGetSysinfoEnsureACL(conn) < 0)
+ return NULL;
+
if (!driver->hostsysinfo) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Host SMBIOS information is not available"));
@@ -471,8 +488,11 @@ vzConnectListDomains(virConnectPtr conn, int *ids, int maxids)
vzConnPtr privconn = conn->privateData;
int n;
+ if (virConnectListDomainsEnsureACL(conn) < 0)
+ return -1;
+
n = virDomainObjListGetActiveIDs(privconn->driver->domains, ids, maxids,
- NULL, NULL);
+ virConnectListDomainsCheckACL, conn);
return n;
}
@@ -483,8 +503,11 @@ vzConnectNumOfDomains(virConnectPtr conn)
vzConnPtr privconn = conn->privateData;
int count;
+ if (virConnectNumOfDomainsEnsureACL(conn) < 0)
+ return -1;
+
count = virDomainObjListNumOfDomains(privconn->driver->domains, true,
- NULL, NULL);
+ virConnectNumOfDomainsCheckACL, conn);
return count;
}
@@ -495,9 +518,14 @@ vzConnectListDefinedDomains(virConnectPtr conn, char **const names,
int maxnames
vzConnPtr privconn = conn->privateData;
int n;
+ if (virConnectListDefinedDomainsEnsureACL(conn) < 0)
+ return -1;
+
memset(names, 0, sizeof(*names) * maxnames);
n = virDomainObjListGetInactiveNames(privconn->driver->domains, names,
- maxnames, NULL, NULL);
+ maxnames,
+ virConnectListDefinedDomainsCheckACL,
+ conn);
return n;
}
@@ -508,8 +536,12 @@ vzConnectNumOfDefinedDomains(virConnectPtr conn)
vzConnPtr privconn = conn->privateData;
int count;
+ if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0)
+ return -1;
+
count = virDomainObjListNumOfDomains(privconn->driver->domains, false,
- NULL, NULL);
+ virConnectNumOfDefinedDomainsCheckACL,
+ conn);
return count;
}
@@ -522,8 +554,12 @@ vzConnectListAllDomains(virConnectPtr conn,
int ret = -1;
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
+
+ if (virConnectListAllDomainsEnsureACL(conn) < 0)
+ return -1;
+
ret = virDomainObjListExport(privconn->driver->domains, conn, domains,
- NULL, flags);
+ virConnectListAllDomainsCheckACL, flags);
return ret;
}
@@ -532,7 +568,7 @@ static virDomainPtr
vzDomainLookupByID(virConnectPtr conn, int id)
{
vzConnPtr privconn = conn->privateData;
- virDomainPtr ret;
+ virDomainPtr ret = NULL;
virDomainObjPtr dom;
dom = virDomainObjListFindByID(privconn->driver->domains, id);
@@ -542,10 +578,14 @@ vzDomainLookupByID(virConnectPtr conn, int id)
return NULL;
}
+ if (virDomainLookupByIDEnsureACL(conn, dom->def) < 0)
+ goto cleanup;
+
ret = virGetDomain(conn, dom->def->name, dom->def->uuid);
if (ret)
ret->id = dom->def->id;
+ cleanup:
virObjectUnlock(dom);
return ret;
}
@@ -554,7 +594,7 @@ static virDomainPtr
vzDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
{
vzConnPtr privconn = conn->privateData;
- virDomainPtr ret;
+ virDomainPtr ret = NULL;
virDomainObjPtr dom;
dom = virDomainObjListFindByUUID(privconn->driver->domains, uuid);
@@ -567,10 +607,14 @@ vzDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
return NULL;
}
+ if (virDomainLookupByUUIDEnsureACL(conn, dom->def) < 0)
+ goto cleanup;
+
ret = virGetDomain(conn, dom->def->name, dom->def->uuid);
if (ret)
ret->id = dom->def->id;
+ cleanup:
virObjectUnlock(dom);
return ret;
}
@@ -579,7 +623,7 @@ static virDomainPtr
vzDomainLookupByName(virConnectPtr conn, const char *name)
{
vzConnPtr privconn = conn->privateData;
- virDomainPtr ret;
+ virDomainPtr ret = NULL;
virDomainObjPtr dom;
dom = virDomainObjListFindByName(privconn->driver->domains, name);
@@ -590,10 +634,14 @@ vzDomainLookupByName(virConnectPtr conn, const char *name)
return NULL;
}
+ if (virDomainLookupByNameEnsureACL(conn, dom->def) < 0)
+ goto cleanup;
+
ret = virGetDomain(conn, dom->def->name, dom->def->uuid);
if (ret)
ret->id = dom->def->id;
+ cleanup:
virDomainObjEndAPI(&dom);
return ret;
}
@@ -607,6 +655,9 @@ vzDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info)
if (!(dom = vzDomObjFromDomainRef(domain)))
goto cleanup;
+ if (virDomainGetInfoEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
info->state = virDomainObjGetState(dom, NULL);
info->memory = dom->def->mem.cur_balloon;
info->maxMem = virDomainDefGetMemoryTotal(dom->def);
@@ -645,8 +696,12 @@ vzDomainGetOSType(virDomainPtr domain)
if (!(dom = vzDomObjFromDomain(domain)))
return NULL;
+ if (virDomainGetOSTypeEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
ignore_value(VIR_STRDUP(ret, virDomainOSTypeToString(dom->def->os.type)));
+ cleanup:
virObjectUnlock(dom);
return ret;
}
@@ -655,12 +710,19 @@ static int
vzDomainIsPersistent(virDomainPtr domain)
{
virDomainObjPtr dom;
+ int ret = -1;
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainIsPersistentEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
+ ret = 1;
+
+ cleanup:
virObjectUnlock(dom);
- return 1;
+ return ret;
}
static int
@@ -668,16 +730,22 @@ vzDomainGetState(virDomainPtr domain,
int *state, int *reason, unsigned int flags)
{
virDomainObjPtr dom;
+ int ret = -1;
virCheckFlags(0, -1);
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainGetStateEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
*state = virDomainObjGetState(dom, reason);
+ ret = 0;
+ cleanup:
virObjectUnlock(dom);
- return 0;
+ return ret;
}
static char *
@@ -693,11 +761,15 @@ vzDomainGetXMLDesc(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomain(domain)))
return NULL;
+ if (virDomainGetXMLDescEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
def = (flags & VIR_DOMAIN_XML_INACTIVE) &&
dom->newDef ? dom->newDef : dom->def;
ret = virDomainDefFormat(def, privconn->driver->caps, flags);
+ cleanup:
virObjectUnlock(dom);
return ret;
}
@@ -706,14 +778,20 @@ static int
vzDomainGetAutostart(virDomainPtr domain, int *autostart)
{
virDomainObjPtr dom;
+ int ret = -1;
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainGetAutostartEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
*autostart = dom->autostart;
+ ret = 0;
+ cleanup:
virObjectUnlock(dom);
- return 0;
+ return ret;
}
static bool
@@ -752,6 +830,9 @@ vzDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned
int flags)
parse_flags)) == NULL)
goto cleanup;
+ if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
+ goto cleanup;
+
dom = virDomainObjListFindByUUIDRef(driver->domains, def->uuid);
if (dom == NULL) {
virResetLastError();
@@ -829,9 +910,12 @@ vzDomainDefineXML(virConnectPtr conn, const char *xml)
static int
-vzNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED,
+vzNodeGetInfo(virConnectPtr conn,
virNodeInfoPtr nodeinfo)
{
+ if (virNodeGetInfoEnsureACL(conn) < 0)
+ return -1;
+
return nodeGetInfo(nodeinfo);
}
@@ -854,13 +938,16 @@ static int vzConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED)
static char *
-vzConnectBaselineCPU(virConnectPtr conn ATTRIBUTE_UNUSED,
+vzConnectBaselineCPU(virConnectPtr conn,
const char **xmlCPUs,
unsigned int ncpus,
unsigned int flags)
{
virCheckFlags(VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, NULL);
+ if (virConnectBaselineCPUEnsureACL(conn) < 0)
+ return NULL;
+
return cpuBaselineXML(xmlCPUs, ncpus, NULL, 0, flags);
}
@@ -879,6 +966,9 @@ vzDomainGetVcpus(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainGetVcpusEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(dom)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s",
@@ -922,6 +1012,9 @@ vzNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED,
unsigned int *online,
unsigned int flags)
{
+ if (virNodeGetCPUMapEnsureACL(conn) < 0)
+ return -1;
+
return virHostCPUGetMap(cpumap, online, flags);
}
@@ -935,6 +1028,10 @@ vzConnectDomainEventRegisterAny(virConnectPtr conn,
{
int ret = -1;
vzConnPtr privconn = conn->privateData;
+
+ if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0)
+ return -1;
+
if (virDomainEventStateRegisterID(conn,
privconn->driver->domainEventState,
domain, eventID,
@@ -949,6 +1046,9 @@ vzConnectDomainEventDeregisterAny(virConnectPtr conn,
{
vzConnPtr privconn = conn->privateData;
+ if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0)
+ return -1;
+
if (virObjectEventStateDeregisterID(conn,
privconn->driver->domainEventState,
callbackID) < 0)
@@ -968,6 +1068,9 @@ vzDomainSuspend(virDomainPtr domain)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainSuspendEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1002,6 +1105,9 @@ vzDomainResume(virDomainPtr domain)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainResumeEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1038,6 +1144,9 @@ vzDomainCreateWithFlags(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainCreateWithFlagsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1074,6 +1183,9 @@ vzDomainDestroyFlags(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainDestroyFlagsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1116,6 +1228,9 @@ vzDomainShutdownFlags(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainShutdownFlagsEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1157,6 +1272,9 @@ vzDomainReboot(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainRebootEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1188,7 +1306,12 @@ static int vzDomainIsActive(virDomainPtr domain)
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainIsActiveEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
ret = virDomainObjIsActive(dom);
+
+ cleanup:
virObjectUnlock(dom);
return ret;
@@ -1215,6 +1338,9 @@ vzDomainUndefineFlags(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainUndefineFlagsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1244,16 +1370,23 @@ vzDomainHasManagedSaveImage(virDomainPtr domain, unsigned int
flags)
{
virDomainObjPtr dom = NULL;
int state, reason;
- int ret = 0;
+ int ret = -1;
virCheckFlags(0, -1);
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainHasManagedSaveImageEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
state = virDomainObjGetState(dom, &reason);
if (state == VIR_DOMAIN_SHUTOFF && reason == VIR_DOMAIN_SHUTOFF_SAVED)
ret = 1;
+ else
+ ret = 0;
+
+ cleanup:
virObjectUnlock(dom);
return ret;
@@ -1274,6 +1407,9 @@ vzDomainManagedSave(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainManagedSaveEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1314,6 +1450,9 @@ vzDomainManagedSaveRemove(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainManagedSaveRemoveEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
state = virDomainObjGetState(dom, &reason);
if (!(state == VIR_DOMAIN_SHUTOFF && reason == VIR_DOMAIN_SHUTOFF_SAVED))
@@ -1366,6 +1505,9 @@ static int vzDomainAttachDeviceFlags(virDomainPtr domain, const char
*xml,
if (vzCheckConfigUpdateFlags(dom, &flags) < 0)
goto cleanup;
+ if (virDomainAttachDeviceFlagsEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
dev = virDomainDeviceDefParse(xml, dom->def, privconn->driver->caps,
privconn->driver->xmlopt,
VIR_DOMAIN_XML_INACTIVE);
if (dev == NULL)
@@ -1435,6 +1577,9 @@ static int vzDomainDetachDeviceFlags(virDomainPtr domain, const char
*xml,
if (vzCheckConfigUpdateFlags(dom, &flags) < 0)
goto cleanup;
+ if (virDomainDetachDeviceFlagsEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
dev = virDomainDeviceDefParse(xml, dom->def, privconn->driver->caps,
privconn->driver->xmlopt,
VIR_DOMAIN_XML_INACTIVE |
@@ -1502,6 +1647,9 @@ vzDomainSetUserPassword(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainSetUserPasswordEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1527,7 +1675,12 @@ vzDomainGetMaxMemory(virDomainPtr domain)
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainGetMaxMemoryEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
ret = virDomainDefGetMemoryTotal(dom->def);
+
+ cleanup:
virObjectUnlock(dom);
return ret;
}
@@ -1586,6 +1739,9 @@ vzDomainBlockStats(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainBlockStatsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainBlockStatsImpl(dom, path, stats) < 0)
goto cleanup;
@@ -1650,6 +1806,9 @@ vzDomainBlockStatsFlags(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainBlockStatsFlagsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainBlockStatsImpl(dom, path, &stats) < 0)
goto cleanup;
@@ -1671,14 +1830,19 @@ vzDomainInterfaceStats(virDomainPtr domain,
{
virDomainObjPtr dom = NULL;
vzDomObjPtr privdom;
- int ret;
+ int ret = -1;
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainInterfaceStatsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
privdom = dom->privateData;
ret = prlsdkGetNetStats(privdom->stats, privdom->sdkdom, path, stats);
+
+ cleanup:
virDomainObjEndAPI(&dom);
return ret;
@@ -1698,9 +1862,14 @@ vzDomainMemoryStats(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainMemoryStatsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
privdom = dom->privateData;
ret = prlsdkGetMemoryStats(privdom->stats, stats, nr_stats);
+
+ cleanup:
virDomainObjEndAPI(&dom);
return ret;
@@ -1711,7 +1880,7 @@ vzDomainGetVcpusFlags(virDomainPtr domain,
unsigned int flags)
{
virDomainObjPtr dom;
- int ret;
+ int ret = -1;
virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
VIR_DOMAIN_AFFECT_CONFIG |
@@ -1720,11 +1889,15 @@ vzDomainGetVcpusFlags(virDomainPtr domain,
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainGetVcpusFlagsEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
if (flags & VIR_DOMAIN_VCPU_MAXIMUM)
ret = virDomainDefGetVcpusMax(dom->def);
else
ret = virDomainDefGetVcpus(dom->def);
+ cleanup:
virObjectUnlock(dom);
return ret;
@@ -1739,19 +1912,29 @@ static int vzDomainGetMaxVcpus(virDomainPtr domain)
static int vzDomainIsUpdated(virDomainPtr domain)
{
virDomainObjPtr dom;
+ int ret = -1;
/* As far as VZ domains are always updated (e.g. current==persistent),
* we just check for domain existence */
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainIsUpdatedEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
virObjectUnlock(dom);
- return 0;
+ return ret;
}
-static int vzConnectGetMaxVcpus(virConnectPtr conn ATTRIBUTE_UNUSED,
+static int vzConnectGetMaxVcpus(virConnectPtr conn,
const char *type)
{
+ if (virConnectGetMaxVcpusEnsureACL(conn) < 0)
+ return -1;
+
/* As far as we have no limitation for containers
* we report maximum */
if (type == NULL || STRCASEEQ(type, "vz") || STRCASEEQ(type,
"parallels"))
@@ -1763,38 +1946,51 @@ static int vzConnectGetMaxVcpus(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
static int
-vzNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+vzNodeGetCPUStats(virConnectPtr conn,
int cpuNum,
virNodeCPUStatsPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetCPUStatsEnsureACL(conn) < 0)
+ return -1;
+
return virHostCPUGetStats(cpuNum, params, nparams, flags);
}
static int
-vzNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED,
+vzNodeGetMemoryStats(virConnectPtr conn,
int cellNum,
virNodeMemoryStatsPtr params,
int *nparams,
unsigned int flags)
{
+ if (virNodeGetMemoryStatsEnsureACL(conn) < 0)
+ return -1;
+
return virHostMemGetStats(cellNum, params, nparams, flags);
}
static int
-vzNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED,
+vzNodeGetCellsFreeMemory(virConnectPtr conn,
unsigned long long *freeMems,
int startCell,
int maxCells)
{
+ if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0)
+ return -1;
+
return virHostMemGetCellsFree(freeMems, startCell, maxCells);
}
static unsigned long long
-vzNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED)
+vzNodeGetFreeMemory(virConnectPtr conn)
{
unsigned long long freeMem;
+
+ if (virNodeGetFreeMemoryEnsureACL(conn) < 0)
+ return -1;
+
if (virHostMemGetInfo(NULL, &freeMem) < 0)
return 0;
return freeMem;
@@ -1809,6 +2005,9 @@ vzConnectRegisterCloseCallback(virConnectPtr conn,
vzConnPtr privconn = conn->privateData;
int ret = -1;
+ if (virConnectRegisterCloseCallbackEnsureACL(conn) < 0)
+ return -1;
+
virObjectLock(privconn->driver);
if (virConnectCloseCallbackDataGetCallback(privconn->closeCallback) != NULL) {
@@ -1833,6 +2032,9 @@ vzConnectUnregisterCloseCallback(virConnectPtr conn,
virConnectCloseFunc cb)
vzConnPtr privconn = conn->privateData;
int ret = -1;
+ if (virConnectUnregisterCloseCallbackEnsureACL(conn) < 0)
+ return -1;
+
virObjectLock(privconn->driver);
if (virConnectCloseCallbackDataGetCallback(privconn->closeCallback) != cb) {
@@ -1866,6 +2068,9 @@ static int vzDomainSetMemoryFlags(virDomainPtr domain, unsigned long
memory,
if (vzCheckConfigUpdateFlags(dom, &flags) < 0)
goto cleanup;
+ if (virDomainSetMemoryFlagsEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1892,6 +2097,9 @@ static int vzDomainSetMemory(virDomainPtr domain, unsigned long
memory)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainSetMemoryEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -1964,6 +2172,9 @@ vzDomainSnapshotNum(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainSnapshotNumEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -1992,6 +2203,9 @@ vzDomainSnapshotListNames(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainSnapshotListNamesEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2019,6 +2233,9 @@ vzDomainListAllSnapshots(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainListAllSnapshotsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2046,6 +2263,9 @@ vzDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot, unsigned
int flags)
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return NULL;
+ if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, dom->def,
flags) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2079,6 +2299,9 @@ vzDomainSnapshotNumChildren(virDomainSnapshotPtr snapshot, unsigned
int flags)
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return -1;
+ if (virDomainSnapshotNumChildrenEnsureACL(snapshot->domain->conn, dom->def)
< 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2111,6 +2334,9 @@ vzDomainSnapshotListChildrenNames(virDomainSnapshotPtr snapshot,
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return -1;
+ if (virDomainSnapshotListChildrenNamesEnsureACL(snapshot->domain->conn,
dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2142,6 +2368,9 @@ vzDomainSnapshotListAllChildren(virDomainSnapshotPtr snapshot,
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return -1;
+ if (virDomainSnapshotListAllChildrenEnsureACL(snapshot->domain->conn,
dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2172,6 +2401,9 @@ vzDomainSnapshotLookupByName(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return NULL;
+ if (virDomainSnapshotLookupByNameEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2199,6 +2431,9 @@ vzDomainHasCurrentSnapshot(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainHasCurrentSnapshotEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2224,6 +2459,9 @@ vzDomainSnapshotGetParent(virDomainSnapshotPtr snapshot, unsigned
int flags)
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return NULL;
+ if (virDomainSnapshotGetParentEnsureACL(snapshot->domain->conn, dom->def)
< 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2259,6 +2497,9 @@ vzDomainSnapshotCurrent(virDomainPtr domain, unsigned int flags)
if (!(dom = vzDomObjFromDomainRef(domain)))
return NULL;
+ if (virDomainSnapshotCurrentEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2290,6 +2531,9 @@ vzDomainSnapshotIsCurrent(virDomainSnapshotPtr snapshot, unsigned
int flags)
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return -1;
+ if (virDomainSnapshotIsCurrentEnsureACL(snapshot->domain->conn, dom->def)
< 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2317,6 +2561,9 @@ vzDomainSnapshotHasMetadata(virDomainSnapshotPtr snapshot,
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return -1;
+ if (virDomainSnapshotHasMetadataEnsureACL(snapshot->domain->conn, dom->def)
< 0)
+ goto cleanup;
+
if (!(snapshots = prlsdkLoadSnapshots(dom)))
goto cleanup;
@@ -2352,6 +2599,9 @@ vzDomainSnapshotCreateXML(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return NULL;
+ if (virDomainSnapshotCreateXMLEnsureACL(domain->conn, dom->def, flags) < 0)
+ goto cleanup;
+
if (!(def = virDomainSnapshotDefParseString(xmlDesc, driver->caps,
driver->xmlopt, parse_flags)))
goto cleanup;
@@ -2412,9 +2662,13 @@ vzDomainSnapshotDelete(virDomainSnapshotPtr snapshot, unsigned int
flags)
if (!(dom = vzDomObjFromDomainRef(snapshot->domain)))
return -1;
+ if (virDomainSnapshotDeleteEnsureACL(snapshot->domain->conn, dom->def) <
0)
+ goto cleanup;
+
ret = prlsdkDeleteSnapshot(dom, snapshot->name,
flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN);
+ cleanup:
virDomainObjEndAPI(&dom);
return ret;
@@ -2432,6 +2686,9 @@ vzDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, unsigned int
flags)
if (!(dom = vzDomObjFromDomain(snapshot->domain)))
return -1;
+ if (virDomainRevertToSnapshotEnsureACL(snapshot->domain->conn, dom->def)
< 0)
+ goto cleanup;
+
if (vzDomainObjBeginJob(dom) < 0)
goto cleanup;
job = true;
@@ -2648,6 +2905,9 @@ vzDomainMigrateBegin3Params(virDomainPtr domain,
if (!(dom = vzDomObjFromDomain(domain)))
goto cleanup;
+ if (virDomainMigrateBegin3ParamsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
xml = vzDomainMigrateBeginStep(dom, privconn->driver, params, nparams,
cookieout, cookieoutlen);
@@ -2694,8 +2954,11 @@ vzDomainMigratePrepare3Params(virConnectPtr conn,
unsigned int flags)
{
vzConnPtr privconn = conn->privateData;
+ vzDriverPtr driver = privconn->driver;
const char *miguri = NULL;
const char *dname = NULL;
+ const char *dom_xml = NULL;
+ virDomainDefPtr def = NULL;
int ret = -1;
virCheckFlags(VZ_MIGRATION_FLAGS, -1);
@@ -2706,6 +2969,8 @@ vzDomainMigratePrepare3Params(virConnectPtr conn,
if (virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_URI, &miguri) < 0 ||
virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_XML, &dom_xml) < 0 ||
+ virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_DEST_NAME, &dname) < 0)
goto cleanup;
@@ -2722,15 +2987,32 @@ vzDomainMigratePrepare3Params(virConnectPtr conn,
| VZ_MIGRATION_COOKIE_DOMAIN_NAME) < 0)
goto cleanup;
+ if (!(def = virDomainDefParseString(dom_xml, driver->caps, driver->xmlopt,
+ VIR_DOMAIN_DEF_PARSE_INACTIVE)))
+ goto cleanup;
+
+ if (dname) {
+ VIR_FREE(def->name);
+ if (VIR_STRDUP(def->name, dname) < 0)
+ goto cleanup;
+ }
+
+ if (virDomainMigratePrepare3ParamsEnsureACL(conn, def) < 0)
+ goto cleanup;
+
ret = 0;
cleanup:
+ virDomainDefFree(def);
return ret;
}
static int
vzConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature)
{
+ if (virConnectSupportsFeatureEnsureACL(conn) < 0)
+ return -1;
+
switch (feature) {
case VIR_DRV_FEATURE_MIGRATION_PARAMS:
case VIR_DRV_FEATURE_MIGRATION_P2P:
@@ -2947,7 +3229,7 @@ vzDomainMigratePerform3Params(virDomainPtr domain,
int *cookieoutlen ATTRIBUTE_UNUSED,
unsigned int flags)
{
- int ret;
+ int ret = -1;
virDomainObjPtr dom;
vzConnPtr privconn = domain->conn->privateData;
@@ -2959,6 +3241,9 @@ vzDomainMigratePerform3Params(virDomainPtr domain,
if (!(dom = vzDomObjFromDomainRef(domain)))
return -1;
+ if (virDomainMigratePerform3ParamsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (flags & VIR_MIGRATE_PEER2PEER)
ret = vzDomainMigratePerformP2P(dom, privconn->driver, dconnuri,
params, nparams, flags);
@@ -2966,6 +3251,7 @@ vzDomainMigratePerform3Params(virDomainPtr domain,
ret = vzDomainMigratePerformStep(dom, privconn->driver, params, nparams,
cookiein, cookieinlen, flags);
+ cleanup:
virDomainObjEndAPI(&dom);
return ret;
@@ -3003,6 +3289,11 @@ vzDomainMigrateFinish3Params(virConnectPtr dconn,
if (!(dom = prlsdkAddDomainByName(driver, name)))
goto cleanup;
+ /* At first glace at may look strange that we add domain and
+ * then check ACL but we touch only cache and not real system state */
+ if (virDomainMigrateFinish3ParamsEnsureACL(dconn, dom->def) < 0)
+ goto cleanup;
+
domain = virGetDomain(dconn, dom->def->name, dom->def->uuid);
if (domain)
domain->id = dom->def->id;
@@ -3060,13 +3351,17 @@ static int
vzDomainGetJobInfo(virDomainPtr domain, virDomainJobInfoPtr info)
{
virDomainObjPtr dom;
- int ret;
+ int ret = -1;
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainGetJobInfoEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
ret = vzDomainGetJobInfoImpl(dom, info);
+ cleanup:
virObjectUnlock(dom);
return ret;
}
@@ -3122,6 +3417,9 @@ vzDomainGetJobStats(virDomainPtr domain,
if (!(dom = vzDomObjFromDomain(domain)))
return -1;
+ if (virDomainGetJobStatsEnsureACL(domain->conn, dom->def) < 0)
+ goto cleanup;
+
if (vzDomainGetJobInfoImpl(dom, &info) < 0)
goto cleanup;
--
1.8.3.1
3146
days inactive
3206
days old
19 comments
2 participants
participants (2)
-
Maxim Nestratov -
Nikolay Shirokovskiy