From: "Daniel P. Berrange" <berrange@redhat.com> This patch introduces the virAccessManagerPtr class as the interface between virtualization drivers and the access control drivers. The viraccessperm.h file defines the various permissions that will be used for each type of object libvirt manages Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- include/libvirt/virterror.h | 4 + po/POTFILES.in | 1 + src/Makefile.am | 16 + src/access/viraccessdriver.h | 89 ++++++ src/access/viraccessdrivernop.c | 118 +++++++ src/access/viraccessdrivernop.h | 28 ++ src/access/viraccessdriverstack.c | 285 +++++++++++++++++ src/access/viraccessdriverstack.h | 32 ++ src/access/viraccessmanager.c | 339 ++++++++++++++++++++ src/access/viraccessmanager.h | 91 ++++++ src/access/viraccessperm.c | 84 +++++ src/access/viraccessperm.h | 647 ++++++++++++++++++++++++++++++++++++++ src/libvirt.c | 6 +- src/libvirt_private.syms | 37 +++ src/util/virerror.c | 8 + 15 files changed, 1783 insertions(+), 2 deletions(-) create mode 100644 src/access/viraccessdriver.h create mode 100644 src/access/viraccessdrivernop.c create mode 100644 src/access/viraccessdrivernop.h create mode 100644 src/access/viraccessdriverstack.c create mode 100644 src/access/viraccessdriverstack.h create mode 100644 src/access/viraccessmanager.c create mode 100644 src/access/viraccessmanager.h create mode 100644 src/access/viraccessperm.c create mode 100644 src/access/viraccessperm.h diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index cd7e3b3..5f78856 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -118,6 +118,8 @@ typedef enum { VIR_FROM_IDENTITY = 53, /* Error from identity code */ VIR_FROM_CGROUP = 54, /* Error from cgroups */ + VIR_FROM_ACCESS = 55, /* Error from access control manager */ + # ifdef VIR_ENUM_SENTINELS VIR_ERR_DOMAIN_LAST # endif @@ -290,6 +292,8 @@ typedef enum { VIR_ERR_AGENT_UNRESPONSIVE = 86, /* guest agent is unresponsive, not running or not usable */ VIR_ERR_RESOURCE_BUSY = 87, /* resource is already in use */ + VIR_ERR_ACCESS_DENIED = 88, /* operation on the object/resource + was denied */ } virErrorNumber; /** diff --git a/po/POTFILES.in b/po/POTFILES.in index f3ea4da..b3a8ec1 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -6,6 +6,7 @@ daemon/remote_dispatch.h daemon/stream.c gnulib/lib/gai_strerror.c gnulib/lib/regcomp.c +src/access/viraccessmanager.c src/conf/cpu_conf.c src/conf/device_conf.c src/conf/domain_conf.c diff --git a/src/Makefile.am b/src/Makefile.am index 3b86dcd..fea4862 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -790,6 +790,13 @@ SECURITY_DRIVER_APPARMOR_SOURCES = \ security/security_apparmor.h security/security_apparmor.c +ACCESS_DRIVER_SOURCES = \ + access/viraccessperm.h access/viraccessperm.c \ + access/viraccessmanager.h access/viraccessmanager.c \ + access/viraccessdriver.h \ + access/viraccessdrivernop.h access/viraccessdrivernop.c \ + access/viraccessdriverstack.h access/viraccessdriverstack.c + NODE_DEVICE_DRIVER_SOURCES = \ node_device/node_device_driver.c \ node_device/node_device_driver.h \ @@ -1376,6 +1383,15 @@ libvirt_security_manager_la_SOURCES += $(SECURITY_DRIVER_APPARMOR_SOURCES) libvirt_security_manager_la_CFLAGS += $(APPARMOR_CFLAGS) endif +libvirt_driver_access_la_SOURCES = $(ACCESS_DRIVER_SOURCES) +noinst_LTLIBRARIES += libvirt_driver_access.la +libvirt_la_BUILT_LIBADD += libvirt_driver_access.la +libvirt_driver_access_la_CFLAGS = \ + -I$(top_srcdir)/src/conf $(AM_CFLAGS) +libvirt_driver_access_la_LDFLAGS = $(AM_LDFLAGS) +libvirt_driver_access_la_LIBADD = + + # Add all conditional sources just in case... EXTRA_DIST += \ $(TEST_DRIVER_SOURCES) \ diff --git a/src/access/viraccessdriver.h b/src/access/viraccessdriver.h new file mode 100644 index 0000000..e3050b6 --- /dev/null +++ b/src/access/viraccessdriver.h @@ -0,0 +1,89 @@ +/* + * viraccessdriver.h: access control driver + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#ifndef __VIR_ACCESS_DRIVER_H__ +# define __VIR_ACCESS_DRIVER_H__ + +# include "conf/domain_conf.h" +# include "access/viraccessmanager.h" + +typedef int (*virAccessDriverCheckConnectDrv)(virAccessManagerPtr manager, + const char *driverName, + virAccessPermConnect av); +typedef int (*virAccessDriverCheckDomainDrv)(virAccessManagerPtr manager, + const char *driverName, + virDomainDefPtr domain, + virAccessPermDomain av); +typedef int (*virAccessDriverCheckInterfaceDrv)(virAccessManagerPtr manager, + const char *driverName, + virInterfaceDefPtr iface, + virAccessPermInterface av); +typedef int (*virAccessDriverCheckNetworkDrv)(virAccessManagerPtr manager, + const char *driverName, + virNetworkDefPtr network, + virAccessPermNetwork av); +typedef int (*virAccessDriverCheckNodeDeviceDrv)(virAccessManagerPtr manager, + const char *driverName, + virNodeDeviceDefPtr nodedev, + virAccessPermNodeDevice av); +typedef int (*virAccessDriverCheckNWFilterDrv)(virAccessManagerPtr manager, + const char *driverName, + virNWFilterDefPtr nwfilter, + virAccessPermNWFilter av); +typedef int (*virAccessDriverCheckSecretDrv)(virAccessManagerPtr manager, + const char *driverName, + virSecretDefPtr secret, + virAccessPermSecret av); +typedef int (*virAccessDriverCheckStoragePoolDrv)(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virAccessPermStoragePool av); +typedef int (*virAccessDriverCheckStorageVolDrv)(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virStorageVolDefPtr vol, + virAccessPermStorageVol av); + +typedef int (*virAccessDriverSetupDrv)(virAccessManagerPtr manager); +typedef void (*virAccessDriverCleanupDrv)(virAccessManagerPtr manager); + +typedef struct _virAccessDriver virAccessDriver; +typedef virAccessDriver *virAccessDriverPtr; + +struct _virAccessDriver { + size_t privateDataLen; + const char *name; + + virAccessDriverSetupDrv setup; + virAccessDriverCleanupDrv cleanup; + + virAccessDriverCheckConnectDrv checkConnect; + virAccessDriverCheckDomainDrv checkDomain; + virAccessDriverCheckInterfaceDrv checkInterface; + virAccessDriverCheckNetworkDrv checkNetwork; + virAccessDriverCheckNodeDeviceDrv checkNodeDevice; + virAccessDriverCheckNWFilterDrv checkNWFilter; + virAccessDriverCheckSecretDrv checkSecret; + virAccessDriverCheckStoragePoolDrv checkStoragePool; + virAccessDriverCheckStorageVolDrv checkStorageVol; +}; + + +#endif /* __VIR_ACCESS_DRIVER_H__ */ diff --git a/src/access/viraccessdrivernop.c b/src/access/viraccessdrivernop.c new file mode 100644 index 0000000..86ceef3 --- /dev/null +++ b/src/access/viraccessdrivernop.c @@ -0,0 +1,118 @@ +/* + * viraccessdrivernop.c: no-op access control driver + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "access/viraccessdrivernop.h" + +static int +virAccessDriverNopCheckConnect(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virAccessPermConnect perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckDomain(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virDomainDefPtr domain ATTRIBUTE_UNUSED, + virAccessPermDomain perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckInterface(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virInterfaceDefPtr iface ATTRIBUTE_UNUSED, + virAccessPermInterface perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckNetwork(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virNetworkDefPtr network ATTRIBUTE_UNUSED, + virAccessPermNetwork perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckNodeDevice(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virNodeDeviceDefPtr nodedev ATTRIBUTE_UNUSED, + virAccessPermNodeDevice perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckNWFilter(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virNWFilterDefPtr nwfilter ATTRIBUTE_UNUSED, + virAccessPermNWFilter perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckSecret(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virSecretDefPtr secret ATTRIBUTE_UNUSED, + virAccessPermSecret perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckStoragePool(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virStoragePoolDefPtr pool ATTRIBUTE_UNUSED, + virAccessPermStoragePool perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + +static int +virAccessDriverNopCheckStorageVol(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *driverName ATTRIBUTE_UNUSED, + virStoragePoolDefPtr pool ATTRIBUTE_UNUSED, + virStorageVolDefPtr vol ATTRIBUTE_UNUSED, + virAccessPermStorageVol perm ATTRIBUTE_UNUSED) +{ + return 1; /* Allow */ +} + + +virAccessDriver accessDriverNop = { + .name = "none", + .checkConnect = virAccessDriverNopCheckConnect, + .checkDomain = virAccessDriverNopCheckDomain, + .checkInterface = virAccessDriverNopCheckInterface, + .checkNetwork = virAccessDriverNopCheckNetwork, + .checkNodeDevice = virAccessDriverNopCheckNodeDevice, + .checkNWFilter = virAccessDriverNopCheckNWFilter, + .checkSecret = virAccessDriverNopCheckSecret, + .checkStoragePool = virAccessDriverNopCheckStoragePool, + .checkStorageVol = virAccessDriverNopCheckStorageVol, +}; diff --git a/src/access/viraccessdrivernop.h b/src/access/viraccessdrivernop.h new file mode 100644 index 0000000..0b5d413 --- /dev/null +++ b/src/access/viraccessdrivernop.h @@ -0,0 +1,28 @@ +/* + * viraccessdrivernop.h: no-op access control driver + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#ifndef __VIR_ACCESS_DRIVER_NOP_H__ +# define __VIR_ACCESS_DRIVER_NOP_H__ + +# include "access/viraccessdriver.h" + +extern virAccessDriver accessDriverNop; + +#endif /* __VIR_ACCESS_DRIVER_NOP_H__ */ diff --git a/src/access/viraccessdriverstack.c b/src/access/viraccessdriverstack.c new file mode 100644 index 0000000..10c1c9b --- /dev/null +++ b/src/access/viraccessdriverstack.c @@ -0,0 +1,285 @@ +/* + * viraccessdriverstack.c: stacked access control driver + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "viraccessdriverstack.h" +#include "viralloc.h" +#include "virerror.h" + +#define VIR_FROM_THIS VIR_FROM_ACCESS + +typedef struct _virAccessDriverStackPrivate virAccessDriverStackPrivate; +typedef virAccessDriverStackPrivate *virAccessDriverStackPrivatePtr; + +struct _virAccessDriverStackPrivate { + virAccessManagerPtr *managers; + size_t managersLen; +}; + + +int virAccessDriverStackAppend(virAccessManagerPtr manager, + virAccessManagerPtr child) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + + if (VIR_EXPAND_N(priv->managers, priv->managersLen, 1) < 0) { + virReportOOMError(); + return -1; + } + + priv->managers[priv->managersLen-1] = child; + + return 0; +} + + +static void virAccessDriverStackCleanup(virAccessManagerPtr manager) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + virObjectUnref(priv->managers[i]); + } + VIR_FREE(priv->managers); +} + + +static int +virAccessDriverStackCheckConnect(virAccessManagerPtr manager, + const char *driverName, + virAccessPermConnect perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckConnect(priv->managers[i], driverName, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckDomain(virAccessManagerPtr manager, + const char *driverName, + virDomainDefPtr domain, + virAccessPermDomain perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckDomain(priv->managers[i], driverName, domain, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckInterface(virAccessManagerPtr manager, + const char *driverName, + virInterfaceDefPtr iface, + virAccessPermInterface perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckInterface(priv->managers[i], driverName, iface, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckNetwork(virAccessManagerPtr manager, + const char *driverName, + virNetworkDefPtr network, + virAccessPermNetwork perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckNetwork(priv->managers[i], driverName, network, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckNodeDevice(virAccessManagerPtr manager, + const char *driverName, + virNodeDeviceDefPtr nodedev, + virAccessPermNodeDevice perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckNodeDevice(priv->managers[i], driverName, nodedev, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckNWFilter(virAccessManagerPtr manager, + const char *driverName, + virNWFilterDefPtr nwfilter, + virAccessPermNWFilter perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckNWFilter(priv->managers[i], driverName, nwfilter, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckSecret(virAccessManagerPtr manager, + const char *driverName, + virSecretDefPtr secret, + virAccessPermSecret perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckSecret(priv->managers[i], driverName, secret, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckStoragePool(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virAccessPermStoragePool perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckStoragePool(priv->managers[i], driverName, pool, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +static int +virAccessDriverStackCheckStorageVol(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virStorageVolDefPtr vol, + virAccessPermStorageVol perm) +{ + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager); + int ret = 1; + size_t i; + + for (i = 0; i < priv->managersLen; i++) { + int rv; + /* We do not short-circuit on first denial - always check all drivers */ + rv = virAccessManagerCheckStorageVol(priv->managers[i], driverName, pool, vol, perm); + if (rv == 0 && ret != -1) + ret = 0; + else if (rv == -1) + ret = -1; + } + + return ret; +} + +virAccessDriver accessDriverStack = { + .name = "stack", + .cleanup = virAccessDriverStackCleanup, + .checkConnect = virAccessDriverStackCheckConnect, + .checkDomain = virAccessDriverStackCheckDomain, + .checkInterface = virAccessDriverStackCheckInterface, + .checkNetwork = virAccessDriverStackCheckNetwork, + .checkNodeDevice = virAccessDriverStackCheckNodeDevice, + .checkNWFilter = virAccessDriverStackCheckNWFilter, + .checkSecret = virAccessDriverStackCheckSecret, + .checkStoragePool = virAccessDriverStackCheckStoragePool, + .checkStorageVol = virAccessDriverStackCheckStorageVol, +}; diff --git a/src/access/viraccessdriverstack.h b/src/access/viraccessdriverstack.h new file mode 100644 index 0000000..4e34d5f --- /dev/null +++ b/src/access/viraccessdriverstack.h @@ -0,0 +1,32 @@ +/* + * viraccessdriverstack.h: stacked access control driver + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#ifndef __VIR_ACCESS_DRIVER_STACK_H__ +# define __VIR_ACCESS_DRIVER_STACK_H__ + +# include "access/viraccessdriver.h" + + +int virAccessDriverStackAppend(virAccessManagerPtr manager, + virAccessManagerPtr child); + +extern virAccessDriver accessDriverStack; + +#endif /* __VIR_ACCESS_DRIVER_STACK_H__ */ diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c new file mode 100644 index 0000000..8b1f150 --- /dev/null +++ b/src/access/viraccessmanager.c @@ -0,0 +1,339 @@ +/* + * viraccessmanager.c: access control manager + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "viraccessmanager.h" +#include "viraccessdrivernop.h" +#include "viraccessdriverstack.h" +#include "viralloc.h" +#include "virerror.h" +#include "virobject.h" +#include "virthread.h" +#include "virlog.h" + +#define VIR_FROM_THIS VIR_FROM_ACCESS +#define virAccessError(code, ...) \ + virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \ + __FUNCTION__, __LINE__, __VA_ARGS__) + +struct _virAccessManager { + virObjectLockable parent; + + virAccessDriverPtr drv; + void *privateData; +}; + +static virClassPtr virAccessManagerClass; +static virAccessManagerPtr virAccessManagerDefault; + +static void virAccessManagerDispose(void *obj); + +static int virAccessManagerOnceInit(void) +{ + if (!(virAccessManagerClass = virClassNew(virClassForObjectLockable(), + "virAccessManagerClass", + sizeof(virAccessManager), + virAccessManagerDispose))) + return -1; + + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virAccessManager); + + +virAccessManagerPtr virAccessManagerGetDefault(void) +{ + return virObjectRef(virAccessManagerDefault); +} + + +void virAccessManagerSetDefault(virAccessManagerPtr mgr) +{ + virObjectUnref(virAccessManagerDefault); + + virAccessManagerDefault = virObjectRef(mgr); +} + + +static virAccessManagerPtr virAccessManagerNewDriver(virAccessDriverPtr drv) +{ + virAccessManagerPtr mgr; + char *privateData; + + if (virAccessManagerInitialize() < 0) + return NULL; + + if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0) { + virReportOOMError(); + return NULL; + } + + if (!(mgr = virObjectLockableNew(virAccessManagerClass))) { + VIR_FREE(privateData); + return NULL; + } + + mgr->drv = drv; + mgr->privateData = privateData; + + if (mgr->drv->setup && + mgr->drv->setup(mgr) < 0) { + virObjectUnref(mgr); + return NULL; + } + + VIR_DEBUG("Initialized with %s", mgr->drv->name); + return mgr; +} + + +static virAccessDriverPtr accessDrivers[] = { + &accessDriverNop, +}; + + +static virAccessDriverPtr virAccessManagerFindDriver(const char *name) +{ + size_t i; + for (i = 0; i < ARRAY_CARDINALITY(accessDrivers); i++) { + if (STREQ(name, accessDrivers[i]->name)) + return accessDrivers[i]; + } + + return NULL; +} + + +virAccessManagerPtr virAccessManagerNew(const char *name) +{ + virAccessDriverPtr drv; + + if (virAccessManagerInitialize() < 0) + return NULL; + + if (!(drv = virAccessManagerFindDriver(name))) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot find security driver '%s'"), + name); + return NULL; + } + + return virAccessManagerNewDriver(drv); +} + + +virAccessManagerPtr virAccessManagerNewStack(const char **names) +{ + virAccessManagerPtr manager = virAccessManagerNewDriver(&accessDriverStack); + size_t i; + + if (!manager) + return NULL; + + for (i = 0; names[i] != NULL; i++) { + virAccessManagerPtr child = virAccessManagerNew(names[i]); + + if (!child) + goto error; + + if (virAccessDriverStackAppend(manager, child) < 0) { + virObjectUnref(child); + goto error; + } + } + + return manager; + +error: + virObjectUnref(manager); + return NULL; +} + + +void *virAccessManagerGetPrivateData(virAccessManagerPtr mgr) +{ + return mgr->privateData; +} + + +static void virAccessManagerDispose(void *object) +{ + virAccessManagerPtr mgr = object; + + if (mgr->drv->cleanup) + mgr->drv->cleanup(mgr); + VIR_FREE(mgr->privateData); +} + + +/* Standard security practice is to not tell the caller *why* + * they were denied access. So this method takes the real + * libvirt errors & replaces it with a generic error. Fortunately + * the daemon logs will still contain the original error message + * should the admin need to debug things + */ +static int +virAccessManagerSanitizeError(int ret) +{ + if (ret < 0) { + virResetLastError(); + virAccessError(VIR_ERR_ACCESS_DENIED, NULL); + } + + return ret; +} + +int virAccessManagerCheckConnect(virAccessManagerPtr manager, + const char *driverName, + virAccessPermConnect perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s perm=%d", + manager, manager->drv->name, driverName, perm); + + if (manager->drv->checkConnect) + ret = manager->drv->checkConnect(manager, driverName, perm); + + return virAccessManagerSanitizeError(ret); +} + + +int virAccessManagerCheckDomain(virAccessManagerPtr manager, + const char *driverName, + virDomainDefPtr domain, + virAccessPermDomain perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s domain=%p perm=%d", + manager, manager->drv->name, driverName, domain, perm); + + if (manager->drv->checkDomain) + ret = manager->drv->checkDomain(manager, driverName, domain, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckInterface(virAccessManagerPtr manager, + const char *driverName, + virInterfaceDefPtr iface, + virAccessPermInterface perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s iface=%p perm=%d", + manager, manager->drv->name, driverName, iface, perm); + + if (manager->drv->checkInterface) + ret = manager->drv->checkInterface(manager, driverName, iface, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckNetwork(virAccessManagerPtr manager, + const char *driverName, + virNetworkDefPtr network, + virAccessPermNetwork perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s network=%p perm=%d", + manager, manager->drv->name, driverName, network, perm); + + if (manager->drv->checkNetwork) + ret = manager->drv->checkNetwork(manager, driverName, network, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, + const char *driverName, + virNodeDeviceDefPtr nodedev, + virAccessPermNodeDevice perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s nodedev=%p perm=%d", + manager, manager->drv->name, driverName, nodedev, perm); + + if (manager->drv->checkNodeDevice) + ret = manager->drv->checkNodeDevice(manager, driverName, nodedev, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, + const char *driverName, + virNWFilterDefPtr nwfilter, + virAccessPermNWFilter perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s nwfilter=%p perm=%d", + manager, manager->drv->name, driverName, nwfilter, perm); + + if (manager->drv->checkNWFilter) + ret = manager->drv->checkNWFilter(manager, driverName, nwfilter, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckSecret(virAccessManagerPtr manager, + const char *driverName, + virSecretDefPtr secret, + virAccessPermSecret perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s secret=%p perm=%d", + manager, manager->drv->name, driverName, secret, perm); + + if (manager->drv->checkSecret) + ret = manager->drv->checkSecret(manager, driverName, secret, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virAccessPermStoragePool perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s pool=%p perm=%d", + manager, manager->drv->name, driverName, pool, perm); + + if (manager->drv->checkStoragePool) + ret = manager->drv->checkStoragePool(manager, driverName, pool, perm); + + return virAccessManagerSanitizeError(ret); +} + +int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virStorageVolDefPtr vol, + virAccessPermStorageVol perm) +{ + int ret = 0; + VIR_DEBUG("manager=%p(name=%s) driver=%s pool=%p vol=%p perm=%d", + manager, manager->drv->name, driverName, pool, vol, perm); + + if (manager->drv->checkStorageVol) + ret = manager->drv->checkStorageVol(manager, driverName, pool, vol, perm); + + return virAccessManagerSanitizeError(ret); +} diff --git a/src/access/viraccessmanager.h b/src/access/viraccessmanager.h new file mode 100644 index 0000000..e7eb15d --- /dev/null +++ b/src/access/viraccessmanager.h @@ -0,0 +1,91 @@ +/* + * viraccessmanager.h: access control manager + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#ifndef __VIR_ACCESS_MANAGER_H__ +# define __VIR_ACCESS_MANAGER_H__ + +# include "viridentity.h" +# include "conf/domain_conf.h" +# include "conf/network_conf.h" +# include "conf/nwfilter_conf.h" +# include "conf/node_device_conf.h" +# include "conf/storage_conf.h" +# include "conf/secret_conf.h" +# include "conf/interface_conf.h" +# include "access/viraccessperm.h" + +typedef struct _virAccessManager virAccessManager; +typedef virAccessManager *virAccessManagerPtr; + +virAccessManagerPtr virAccessManagerGetDefault(void); +void virAccessManagerSetDefault(virAccessManagerPtr manager); + +virAccessManagerPtr virAccessManagerNew(const char *name); +virAccessManagerPtr virAccessManagerNewStack(const char **names); + + +void *virAccessManagerGetPrivateData(virAccessManagerPtr manager); + + +/* + * The virAccessManagerCheckXXX functions will + * Return -1 on error + * Return 0 on auth deny + * Return 1 on auth allow + */ +int virAccessManagerCheckConnect(virAccessManagerPtr manager, + const char *driverName, + virAccessPermConnect perm); +int virAccessManagerCheckDomain(virAccessManagerPtr manager, + const char *driverName, + virDomainDefPtr domain, + virAccessPermDomain perm); +int virAccessManagerCheckInterface(virAccessManagerPtr manager, + const char *driverName, + virInterfaceDefPtr iface, + virAccessPermInterface perm); +int virAccessManagerCheckNetwork(virAccessManagerPtr manager, + const char *driverName, + virNetworkDefPtr network, + virAccessPermNetwork perm); +int virAccessManagerCheckNodeDevice(virAccessManagerPtr manager, + const char *driverName, + virNodeDeviceDefPtr nodedev, + virAccessPermNodeDevice perm); +int virAccessManagerCheckNWFilter(virAccessManagerPtr manager, + const char *driverName, + virNWFilterDefPtr nwfilter, + virAccessPermNWFilter perm); +int virAccessManagerCheckSecret(virAccessManagerPtr manager, + const char *driverName, + virSecretDefPtr secret, + virAccessPermSecret perm); +int virAccessManagerCheckStoragePool(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virAccessPermStoragePool perm); +int virAccessManagerCheckStorageVol(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virStorageVolDefPtr vol, + virAccessPermStorageVol perm); + + +#endif /* __VIR_ACCESS_MANAGER_H__ */ diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c new file mode 100644 index 0000000..17f6243 --- /dev/null +++ b/src/access/viraccessperm.c @@ -0,0 +1,84 @@ +/* + * viraccessperm.c: access control permissions + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "viraccessperm.h" + + +VIR_ENUM_IMPL(virAccessPermConnect, + VIR_ACCESS_PERM_CONNECT_LAST, + "getattr", "read", "write", + "search_domains", "search_networks", + "search_storage_pools", "search_node_devices", + "search_interfaces", "search_secrets", + "search_nwfilters", + "detect_storage_pool", "pm_control", + "interface_transaction"); + +VIR_ENUM_IMPL(virAccessPermDomain, + VIR_ACCESS_PERM_DOMAIN_LAST, + "getattr", "read", "write", "read_secure", + "start", "stop", "reset", + "save", "delete", + "migrate", "snapshot", "suspend", "hibernate", "core_dump", "pm_control", + "init_control", "inject_nmi", "send_input", "send_signal", "fs_trim", + "block_read", "block_write", "mem_read", + "open_graphics", "open_device", "screenshot", + "open_namespace"); + +VIR_ENUM_IMPL(virAccessPermInterface, + VIR_ACCESS_PERM_INTERFACE_LAST, + "getattr", "read", "write", "save", + "delete", "start", "stop"); + +VIR_ENUM_IMPL(virAccessPermNetwork, + VIR_ACCESS_PERM_NETWORK_LAST, + "getattr", "read", "write", + "save", "delete", "start", "stop"); + +VIR_ENUM_IMPL(virAccessPermNodeDevice, + VIR_ACCESS_PERM_NODE_DEVICE_LAST, + "getattr", "read", "write", + "start", "stop", + "dettach"); + +VIR_ENUM_IMPL(virAccessPermNWFilter, + VIR_ACCESS_PERM_NWFILTER_LAST, + "getattr", "read", "write", + "save", "delete"); + +VIR_ENUM_IMPL(virAccessPermSecret, + VIR_ACCESS_PERM_SECRET_LAST, + "getattr", "read", "write", + "read_secure", "save", "delete"); + +VIR_ENUM_IMPL(virAccessPermStoragePool, + VIR_ACCESS_PERM_STORAGE_POOL_LAST, + "getattr", "read", "write", + "save", "delete", "start", "stop", + "refresh", "search_storage_vols", + "format"); + +VIR_ENUM_IMPL(virAccessPermStorageVol, + VIR_ACCESS_PERM_STORAGE_VOL_LAST, + "getattr", "read", "create", "delete", + "format", "resize", "data_read", + "data_write"); diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h new file mode 100644 index 0000000..2f76c95 --- /dev/null +++ b/src/access/viraccessperm.h @@ -0,0 +1,647 @@ +/* + * viraccessperm.h: access control permissions + * + * Copyright (C) 2012-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#ifndef __VIR_ACCESS_PERM_H__ +# define __VIR_ACCESS_PERM_H__ + +# include "internal.h" +# include "virutil.h" + +typedef enum { + /** + * @desc: Access connection + * @message: Accessing the connection requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_GETATTR, + + /** + * @desc: Read host + * @message: Reading the host configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_READ, + + /** + * @desc: Write host + * @message: Writing the host configuration requires authorization + */ + VIR_ACCESS_PERM_CONNECT_WRITE, + + /** + * @desc: List domains + * @message: Listing domains requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS, + + /** + * @desc: List networks + * @message: Listing networks requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS, + + /** + * @desc: List storage pools + * @message: Listing storage pools requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_STORAGE_POOLS, + + /** + * @desc: List node devices + * @message: Listing node devices requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_NODE_DEVICES, + + /** + * @desc: List interfaces + * @message: Listing interfaces requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_INTERFACES, + + /** + * @desc: List secrets + * @message: Listing secrets requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_SECRETS, + + /** + * @desc: List network filters + * @message: Listing network filters requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_CONNECT_SEARCH_NWFILTERS, + + + /** + * @desc: Detect storage pools + * @message: Detecting storage pools requires authorization + */ + VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS, + + /** + * @desc: Use host power management + * @message: Using host power management requires authorization + */ + VIR_ACCESS_PERM_CONNECT_PM_CONTROL, + + /** + * @desc: Interface transactions + * @message: Using interface transactions requires authorization + */ + VIR_ACCESS_PERM_CONNECT_INTERFACE_TRANSACTION, + + VIR_ACCESS_PERM_CONNECT_LAST, +} virAccessPermConnect; + +typedef enum { + /** + * @desc: Access domain + * @message: Accessing the domain requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_DOMAIN_GETATTR, /* Name/ID/UUID access */ + + /** + * @desc: Read domain + * @message: Reading domain configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_DOMAIN_READ, /* Config view */ + + /** + * @desc: Write domain + * @message: Writing domain configuration requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_WRITE, /* Config change */ + + /** + * @desc: Read secure domain + * @message: Reading secure domain configuration requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_READ_SECURE, /* Config access of passwords */ + + /** + * @desc: Start domain + * @message: Starting the domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_START, /* Power on */ + + /** + * @desc: Stop domain + * @message: Stopping the domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_STOP, /* Power off */ + + /** + * @desc: Reset domain + * @message: Resetting the domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_RESET, /* Power reset */ + + /** + * @desc: Save domain + * @message: Saving domain configuration requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_SAVE, /* Write out persistent config */ + + /** + * @desc: Delete domain + * @message: Deleting domain configuration requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_DELETE, /* Remove persistent config */ + + + /** + * @desc: Migrate domain + * @message: Migrating domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_MIGRATE, /* Host migration */ + + /** + * @desc: Snapshot domain + * @message: Snapshotting domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_SNAPSHOT, /* Snapshot disks/memory */ + + /** + * @desc: Suspend domain + * @message: Suspending domain CPUs requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_SUSPEND, /* Pause/resume CPUs */ + + /** + * @desc: Hibernate domain + * @message: Saving domain state requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_HIBERNATE, /* Save state to host */ + + /** + * @desc: Dump domain + * @message: Dumping domain corefile requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_CORE_DUMP, /* Dump guest core */ + + /** + * @desc: Use domain power management + * @message: Using domain power management requires authoriation + */ + VIR_ACCESS_PERM_DOMAIN_PM_CONTROL, /* S3/S5 suspend/wakeup */ + + /* Interactions with guest OS */ + + /** + * @desc: Domain init control + * @message: Controlling domain init process requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_INIT_CONTROL, /* Init shutdown/reboot request */ + + /** + * @desc: Inject domain NMI + * @message: Injecting interrupt requries authoriation + */ + VIR_ACCESS_PERM_DOMAIN_INJECT_NMI, /* Trigger interrupts */ + + /** + * @desc: Send domain input + * @message: Sending input events to domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_SEND_INPUT, /* Send guest input device (key/mouse) events */ + + /** + * @desc: Send domain signal + * @message: Sending signals to processes in domain requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_SEND_SIGNAL, /* Send a signal to processes inside */ + + /** + * @desc: Trim domain filesystems + * @message: Trimming domain filesystems require authorization + */ + VIR_ACCESS_PERM_DOMAIN_FS_TRIM, /* Issue TRIM to guest filesystems */ + + /* Peeking at guest */ + + /** + * @desc: Read domain block + * @message: Reading domain block devices requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_BLOCK_READ, /* Read data from block devices */ + + /** + * @desc: Write domain block + * @message: Writing domain block devices requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_BLOCK_WRITE, /* resize/pull/rebase/commit */ + + /** + * @desc: Read domain memory + * @message: Reading domain memory requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_MEM_READ, /* Read data from guest memory */ + + /* Device interaction */ + + /** + * @desc: Open domain graphics + * @message: Opening domain graphics console requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_OPEN_GRAPHICS, /* Open graphical console */ + + /** + * @desc: Open domain device + * @message: Opening domain devices requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_OPEN_DEVICE, /* Open a guest console/channel */ + + /** + * @desc: Take domain screenshot + * @message: Taking domain screenshots requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_SCREENSHOT, /* Trigger a screen shot */ + + + /** + * @desc: Open domain namespace + * @message: Opening domain namespaces requires authorization + */ + VIR_ACCESS_PERM_DOMAIN_OPEN_NAMESPACE, + + VIR_ACCESS_PERM_DOMAIN_LAST, +} virAccessPermDomain; + +typedef enum { + + /** + * @desc: Access interface + * @message: Accessing interface requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_INTERFACE_GETATTR, + + /** + * @desc: Read interface + * @message: Reading interface configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_INTERFACE_READ, + + /** + * @desc: Write interface + * @message: Writing interface configuration requires authorization + */ + VIR_ACCESS_PERM_INTERFACE_WRITE, + + /** + * @desc: Save interface + * @message: Saving interface configuration requires authorization + */ + VIR_ACCESS_PERM_INTERFACE_SAVE, + + /** + * @desc: Delete interface + * @message: Deleting interface configuration requires authorization + */ + VIR_ACCESS_PERM_INTERFACE_DELETE, + + /** + * @desc: Start interface + * @message: Starting interface requires authorization + */ + VIR_ACCESS_PERM_INTERFACE_START, + + /** + * @desc: Stop interface + * @message: Stopping interface requires authorization + */ + VIR_ACCESS_PERM_INTERFACE_STOP, + + VIR_ACCESS_PERM_INTERFACE_LAST +} virAccessPermInterface; + +typedef enum { + + /** + * @desc: Access network + * @message: Accessing network requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_NETWORK_GETATTR, + + /** + * @desc: Read network + * @message: Reading network configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_NETWORK_READ, + + /** + * @desc: Write network + * @message: Writing network configuration requries authorization + */ + VIR_ACCESS_PERM_NETWORK_WRITE, + + /** + * @desc: Save network + * @message: Saving network configuration requires authorization + */ + VIR_ACCESS_PERM_NETWORK_SAVE, + + /** + * @desc: Delete network + * @message: Deleting network configuration requires authorization + */ + VIR_ACCESS_PERM_NETWORK_DELETE, + + /** + * @desc: Start network + * @message: Starting network requires authorization + */ + VIR_ACCESS_PERM_NETWORK_START, + + /** + * @desc: Stop network + * @message: Stopping network requires authorization + */ + VIR_ACCESS_PERM_NETWORK_STOP, + + VIR_ACCESS_PERM_NETWORK_LAST +} virAccessPermNetwork; + +typedef enum { + + /** + * @desc: Access node device + * @message: Accesing node device requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_NODE_DEVICE_GETATTR, + + /** + * @desc: Read node device + * @message: Reading node device configuration requires authorization + */ + VIR_ACCESS_PERM_NODE_DEVICE_READ, + + /** + * @desc: Write node device + * @message: Writing node device configuration requires authorization + */ + VIR_ACCESS_PERM_NODE_DEVICE_WRITE, + + /** + * @desc: Start node device + * @message: Starting node device requires authorization + */ + VIR_ACCESS_PERM_NODE_DEVICE_START, + + /** + * @desc: Stop node device + * @message: Stopping node device requires authorization + */ + VIR_ACCESS_PERM_NODE_DEVICE_STOP, + + /** + * @desc: Detach node device + * @message: Detaching node device driver requires authorization + */ + VIR_ACCESS_PERM_NODE_DEVICE_DETTACH, + + VIR_ACCESS_PERM_NODE_DEVICE_LAST +} virAccessPermNodeDevice; + +typedef enum { + + /** + * @desc: Access network filter + * @message: Accessing network filter requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_NWFILTER_GETATTR, + + /** + * @desc: Read network filter + * @message: Reading network filter configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_NWFILTER_READ, + + /** + * @desc: Write network filter + * @message: Writing network filter configuration requires authorization + */ + VIR_ACCESS_PERM_NWFILTER_WRITE, + + /** + * @desc: Save network filter + * @message: Saving network filter configuration requires authorization + */ + VIR_ACCESS_PERM_NWFILTER_SAVE, + + /** + * @desc: Delete network filter + * @message: Deleting network filter configuration requires authorization + */ + VIR_ACCESS_PERM_NWFILTER_DELETE, + + VIR_ACCESS_PERM_NWFILTER_LAST +} virAccessPermNWFilter; + +typedef enum { + + /** + * @desc: Access secret + * @message: Accessing secret requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_SECRET_GETATTR, + + /** + * @desc: Read secret + * @message: Reading secret configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_SECRET_READ, + + /** + * @desc: Write secret + * @message: Writing secret configuration requires authorization + */ + VIR_ACCESS_PERM_SECRET_WRITE, + + /** + * @desc: Read secure secret + * @message: Reading secure secret configuration requires authorization + */ + VIR_ACCESS_PERM_SECRET_READ_SECURE, + + /** + * @desc: Save secret + * @message: Saving secret configuration requires authorization + */ + VIR_ACCESS_PERM_SECRET_SAVE, + + /** + * @desc: Delete secret + * @message: Deleting secret configuration requires authorization + */ + VIR_ACCESS_PERM_SECRET_DELETE, + + VIR_ACCESS_PERM_SECRET_LAST +} virAccessPermSecret; + +typedef enum { + + /** + * @desc: Access storage pool + * @message: Accessing storage pool requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_STORAGE_POOL_GETATTR, + + /** + * @desc: Read storage pool + * @message: Reading storage pool configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_STORAGE_POOL_READ, + + /** + * @desc: Write storage pool + * @message: Writing storage pool configuration requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_WRITE, + + /** + * @desc: Save storage pool + * @message: Saving storage pool configuration requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_SAVE, + + /** + * @desc: Delete storage pool + * @message: Deleting storage pool configuration requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_DELETE, + + /** + * @desc: Start storage pool + * @message: Starting storage pool configuration requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_START, + + /** + * @desc: Stop storage pool + * @message: Stopping storage pool configuration requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_STOP, + + /** + * @desc: Refresh storage pool + * @message: Refreshing storage pool volumes requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_REFRESH, + + /** + * @desc: List storage pool volumes + * @message: Listing storage pool volumes requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_SEARCH_STORAGE_VOLS, + + /** + * @desc: Format storage pool + * @message: Formatting storage pool data requires authorization + */ + VIR_ACCESS_PERM_STORAGE_POOL_FORMAT, + + VIR_ACCESS_PERM_STORAGE_POOL_LAST +} virAccessPermStoragePool; + +typedef enum { + + /** + * @desc: Access storage volume + * @message: Acceessing storage volume requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_STORAGE_VOL_GETATTR, + + /** + * @desc: Read storage volume + * @message: Reading storage volume configuration requires authorization + * @anonymous: 1 + */ + VIR_ACCESS_PERM_STORAGE_VOL_READ, + + /** + * @desc: Create storage volume + * @message: Creating storage volume requires authorization + */ + VIR_ACCESS_PERM_STORAGE_VOL_CREATE, + + /** + * @desc: Delete storage volume + * @message: Deleting storage volume requires authorization + */ + VIR_ACCESS_PERM_STORAGE_VOL_DELETE, + + /** + * @desc: Format storage volume + * @message: Formatting storage volume data requires authorization + */ + VIR_ACCESS_PERM_STORAGE_VOL_FORMAT, + + /** + * @desc: Resize storage volume + * @message: Resizing storage volume requires authorization + */ + VIR_ACCESS_PERM_STORAGE_VOL_RESIZE, + + /** + * @desc: Read storage volume data + * @message: Reading storage volume data requires authorization + */ + VIR_ACCESS_PERM_STORAGE_VOL_DATA_READ, + + /** + * @desc: Write storage volume data + * @message: Writing storage volume data requires authorization + */ + VIR_ACCESS_PERM_STORAGE_VOL_DATA_WRITE, + + VIR_ACCESS_PERM_STORAGE_VOL_LAST +} virAccessPermStorageVol; + +VIR_ENUM_DECL(virAccessPermConnect); +VIR_ENUM_DECL(virAccessPermDomain); +VIR_ENUM_DECL(virAccessPermInterface); +VIR_ENUM_DECL(virAccessPermNetwork); +VIR_ENUM_DECL(virAccessPermNodeDevice); +VIR_ENUM_DECL(virAccessPermNWFilter); +VIR_ENUM_DECL(virAccessPermSecret); +VIR_ENUM_DECL(virAccessPermStoragePool); +VIR_ENUM_DECL(virAccessPermStorageVol); + +#endif /* __VIR_ACCESS_PERM_H__ */ diff --git a/src/libvirt.c b/src/libvirt.c index db120b7..b467679 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -827,8 +827,10 @@ int virStateInitialize(bool privileged, if (virStateDriverTab[i]->stateInitialize(privileged, callback, opaque) < 0) { - VIR_ERROR(_("Initialization of %s state driver failed"), - virStateDriverTab[i]->name); + virErrorPtr err = virGetLastError(); + VIR_ERROR(_("Initialization of %s state driver failed: %s"), + virStateDriverTab[i]->name, + err && err->message ? err->message : _("Unknown problem")); return -1; } } diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index b449293..ccfa236 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -5,6 +5,43 @@ # Keep this file sorted by header name, then by symbols with each header. # +# access/viraccessmanager.h +virAccessManagerCheckConnect; +virAccessManagerCheckDomain; +virAccessManagerCheckInterface; +virAccessManagerCheckNetwork; +virAccessManagerCheckNodeDevice; +virAccessManagerCheckNWFilter; +virAccessManagerCheckSecret; +virAccessManagerCheckStoragePool; +virAccessManagerCheckStorageVol; +virAccessManagerGetDefault; +virAccessManagerNew; +virAccessManagerNewStack; +virAccessManagerSetDefault; + + +# access/viraccessperm.h +virAccessPermConnectTypeFromString; +virAccessPermConnectTypeToString; +virAccessPermDomainTypeFromString; +virAccessPermDomainTypeToString; +virAccessPermInterfaceTypeFromString; +virAccessPermInterfaceTypeToString; +virAccessPermNetworkTypeFromString; +virAccessPermNetworkTypeToString; +virAccessPermNodeDeviceTypeFromString; +virAccessPermNodeDeviceTypeToString; +virAccessPermNWFilterTypeFromString; +virAccessPermNWFilterTypeToString; +virAccessPermSecretTypeFromString; +virAccessPermSecretTypeToString; +virAccessPermStoragePoolTypeFromString; +virAccessPermStoragePoolTypeToString; +virAccessPermStorageVolTypeFromString; +virAccessPermStorageVolTypeToString; + + # conf/capabilities.h virCapabilitiesAddGuest; virCapabilitiesAddGuestDomain; diff --git a/src/util/virerror.c b/src/util/virerror.c index 251dbcd..4789bae 100644 --- a/src/util/virerror.c +++ b/src/util/virerror.c @@ -121,6 +121,8 @@ VIR_ENUM_IMPL(virErrorDomain, VIR_ERR_DOMAIN_LAST, "Init control", "Identity", "Cgroup", + + "Access Manager", /* 55 */ ) @@ -1235,6 +1237,12 @@ virErrorMsg(virErrorNumber error, const char *info) else errmsg = _("resource busy %s"); break; + case VIR_ERR_ACCESS_DENIED: + if (info == NULL) + errmsg = _("access denied"); + else + errmsg = _("access denied: %s"); + break; } return errmsg; } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> The access control checks in the 'connectOpen' driver method will require 'conn->driver' to be non-NULL. Set this before running the 'connectOpen' method and NULL-ify it again on failure. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/libvirt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/libvirt.c b/src/libvirt.c index b467679..8e8f415 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -1201,6 +1201,7 @@ do_open(const char *name, } VIR_DEBUG("trying driver %d (%s) ...", i, virDriverTab[i]->name); + ret->driver = virDriverTab[i]; res = virDriverTab[i]->connectOpen(ret, auth, flags); VIR_DEBUG("driver %d %s returned %s", i, virDriverTab[i]->name, @@ -1209,10 +1210,12 @@ do_open(const char *name, (res == VIR_DRV_OPEN_ERROR ? "ERROR" : "unknown status"))); if (res == VIR_DRV_OPEN_SUCCESS) { - ret->driver = virDriverTab[i]; break; } else if (res == VIR_DRV_OPEN_ERROR) { + ret->driver = NULL; goto failed; + } else { + ret->driver = NULL; } } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Add a new 'access_drivers' config parameter to the libvirtd.conf configuration file. This allows admins to setup the default access control drivers to use for API authorization. The same driver is to be used by all internal drivers & APIs Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- daemon/Makefile.am | 1 + daemon/libvirtd-config.c | 4 ++++ daemon/libvirtd-config.h | 2 ++ daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 28 +++++++++++++++++++++++++++- daemon/libvirtd.conf | 9 +++++++++ daemon/test_libvirtd.aug.in | 4 ++++ 7 files changed, 48 insertions(+), 1 deletion(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index fca0eac..e8a8371 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -24,6 +24,7 @@ INCLUDES = \ -I$(top_srcdir)/src/conf \ -I$(top_srcdir)/src/rpc \ -I$(top_srcdir)/src/remote \ + -I$(top_srcdir)/src/access \ $(GETTEXT_CPPFLAGS) CLEANFILES = diff --git a/daemon/libvirtd-config.c b/daemon/libvirtd-config.c index d9357b7..6f60256 100644 --- a/daemon/libvirtd-config.c +++ b/daemon/libvirtd-config.c @@ -379,6 +379,10 @@ daemonConfigLoadOptions(struct daemonConfig *data, if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0) goto error; + if (remoteConfigGetStringList(conf, "access_drivers", + &data->access_drivers, filename) < 0) + goto error; + GET_CONF_STR(conf, filename, unix_sock_group); GET_CONF_STR(conf, filename, unix_sock_ro_perms); GET_CONF_STR(conf, filename, unix_sock_rw_perms); diff --git a/daemon/libvirtd-config.h b/daemon/libvirtd-config.h index 07118de..973e0ea 100644 --- a/daemon/libvirtd-config.h +++ b/daemon/libvirtd-config.h @@ -45,6 +45,8 @@ struct daemonConfig { int auth_tcp; int auth_tls; + char **access_drivers; + int mdns_adv; char *mdns_name; diff --git a/daemon/libvirtd.aug b/daemon/libvirtd.aug index f32b3a1..7c56a41 100644 --- a/daemon/libvirtd.aug +++ b/daemon/libvirtd.aug @@ -51,6 +51,7 @@ module Libvirtd = | bool_entry "tls_no_sanity_certificate" | str_array_entry "tls_allowed_dn_list" | str_array_entry "sasl_allowed_username_list" + | str_array_entry "access_drivers" let processing_entry = int_entry "min_workers" | int_entry "max_workers" diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index ae6a15c..26c1c1f 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -52,8 +52,9 @@ #include "remote.h" #include "virhook.h" #include "viraudit.h" -#include "locking/lock_manager.h" #include "virstring.h" +#include "locking/lock_manager.h" +#include "viraccessmanager.h" #ifdef WITH_DRIVER_MODULES # include "driver.h" @@ -728,6 +729,26 @@ error: } +static int +daemonSetupAccessManager(struct daemonConfig *config) +{ + virAccessManagerPtr mgr; + const char *none[] = { "none", NULL }; + const char **driver = (const char **)config->access_drivers; + + if (!driver || + !driver[0]) + driver = none; + + if (!(mgr = virAccessManagerNewStack(driver))) + return -1; + + virAccessManagerSetDefault(mgr); + virObjectUnref(mgr); + return 0; +} + + /* Display version information. */ static void daemonVersion(const char *argv0) @@ -1260,6 +1281,11 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } + if (daemonSetupAccessManager(config) < 0) { + VIR_ERROR(_("Can't initialize access manager")); + exit(EXIT_FAILURE); + } + if (!pid_file && daemonPidFilePath(privileged, &pid_file) < 0) { diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf index 47da520..75196a0 100644 --- a/daemon/libvirtd.conf +++ b/daemon/libvirtd.conf @@ -155,6 +155,15 @@ #auth_tls = "none" +# Change the API access control scheme +# +# By default an authenticated user is allowed access +# to all APIs. Access drivers can place restrictions +# on this. By default the 'nop' driver is enabled, +# meaning no access control checks are done once a +# client has authenticated with libvirtd +# +#access_drivers = [ "polkit", "selinux" ] ################################################################# # diff --git a/daemon/test_libvirtd.aug.in b/daemon/test_libvirtd.aug.in index 455b74a..9215337 100644 --- a/daemon/test_libvirtd.aug.in +++ b/daemon/test_libvirtd.aug.in @@ -17,6 +17,10 @@ module Test_libvirtd = { "auth_unix_rw" = "none" } { "auth_tcp" = "sasl" } { "auth_tls" = "none" } + { "access_drivers" + { "1" = "polkit" } + { "2" = "selinux" } + } { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" } { "cert_file" = "/etc/pki/libvirt/servercert.pem" } { "ca_file" = "/etc/pki/CA/cacert.pem" } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Add an access control driver that uses the pkcheck command to check authorization requests. This is fairly inefficient, particularly for cases where an API returns a list of objects and needs to check permission for each object. It would be desirable to use the polkit API but this links to glib with abort-on-OOM behaviour, so can't be used. The other alternative is to speak to dbus directly Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- .gitignore | 1 + po/POTFILES.in | 1 + src/Makefile.am | 28 ++- src/access/genpolkit.pl | 119 +++++++++++ src/access/viraccessdriverpolkit.c | 399 +++++++++++++++++++++++++++++++++++++ src/access/viraccessdriverpolkit.h | 28 +++ src/access/viraccessmanager.c | 6 + 7 files changed, 581 insertions(+), 1 deletion(-) create mode 100755 src/access/genpolkit.pl create mode 100644 src/access/viraccessdriverpolkit.c create mode 100644 src/access/viraccessdriverpolkit.h diff --git a/.gitignore b/.gitignore index b12d1ab..f9168fc 100644 --- a/.gitignore +++ b/.gitignore @@ -103,6 +103,7 @@ /run /sc_* /src/.*.stamp +/src/access/org.libvirt.api.policy /src/esx/*.generated.* /src/hyperv/*.generated.* /src/libvirt*.def diff --git a/po/POTFILES.in b/po/POTFILES.in index b3a8ec1..af7fd7f 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -6,6 +6,7 @@ daemon/remote_dispatch.h daemon/stream.c gnulib/lib/gai_strerror.c gnulib/lib/regcomp.c +src/access/viraccessdriverpolkit.c src/access/viraccessmanager.c src/conf/cpu_conf.c src/conf/device_conf.c diff --git a/src/Makefile.am b/src/Makefile.am index fea4862..9c118a9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -797,6 +797,13 @@ ACCESS_DRIVER_SOURCES = \ access/viraccessdrivernop.h access/viraccessdrivernop.c \ access/viraccessdriverstack.h access/viraccessdriverstack.c +ACCESS_DRIVER_POLKIT_SOURCES = \ + access/viraccessdriverpolkit.h access/viraccessdriverpolkit.c + +ACCESS_DRIVER_POLKIT_POLICY = \ + access/org.libvirt.api.policy + + NODE_DEVICE_DRIVER_SOURCES = \ node_device/node_device_driver.c \ node_device/node_device_driver.h \ @@ -1391,6 +1398,24 @@ libvirt_driver_access_la_CFLAGS = \ libvirt_driver_access_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_access_la_LIBADD = +EXTRA_DIST += access/genpolkit.pl + +if WITH_POLKIT1 +libvirt_driver_access_la_SOURCES += $(ACCESS_DRIVER_POLKIT_SOURCES) + +polkitactiondir = $(datadir)/polkit-1/actions +polkitaction_DATA = $(ACCESS_DRIVER_POLKIT_POLICY) + +$(ACCESS_DRIVER_POLKIT_POLICY): $(srcdir)/access/viraccessperm.h \ + $(srcdir)/access/genpolkit.pl Makefile.am + $(AM_V_GEN)$(PERL) $(srcdir)/access/genpolkit.pl < $< > $@ || rm -f $@ + +CLEANFILES += $(ACCESS_DRIVER_POLKIT_POLICY) +BUILT_SOURCES += $(ACCESS_DRIVER_POLKIT_POLICY) +else +EXTRA_DIST += $(ACCESS_DRIVER_POLKIT_SOURCES) +endif + # Add all conditional sources just in case... EXTRA_DIST += \ @@ -1430,7 +1455,8 @@ EXTRA_DIST += \ $(SECRET_DRIVER_SOURCES) \ $(VBOX_DRIVER_EXTRA_DIST) \ $(VMWARE_DRIVER_SOURCES) \ - $(XENXS_SOURCES) + $(XENXS_SOURCES) \ + $(ACCESS_DRIVER_POLKIT_POLICY) check-local: check-augeas diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl new file mode 100755 index 0000000..eb7069a --- /dev/null +++ b/src/access/genpolkit.pl @@ -0,0 +1,119 @@ +#!/usr/bin/perl +# +# Copyright (C) 2012-2013 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# <http://www.gnu.org/licenses/>. +# + +use strict; +use warnings; + +my @objects = ( + "CONNECT", "DOMAIN", "INTERFACE", + "NETWORK","NODE_DEVICE", "NWFILTER", + "SECRET", "STORAGE_POOL", "STORAGE_VOL", + ); + +my $objects = join ("|", @objects); + +# Data we're going to be generating looks like this +# +# <policyconfig> +# <action id="org.libvirt.unix.monitor"> +# <description>Monitor local virtualized systems</description> +# <message>System policy prevents monitoring of local virtualized systems</message> +# <defaults> +# <allow_any>yes</allow_any> +# <allow_inactive>yes</allow_inactive> +# <allow_active>yes</allow_active> +# </defaults> +# </action> +# ...more <action> rules... +# </policyconfig> + +my %opts; +my $in_opts = 0; + +my %perms; + +while (<>) { + if ($in_opts) { + if (m,\*/,) { + $in_opts = 0; + } elsif (/\*\s*\@(\w+):\s*(.*?)\s*$/) { + $opts{$1} = $2; + } + } elsif (m,/\*\*,) { + $in_opts = 1; + } elsif (/VIR_ACCESS_PERM_($objects)_((?:\w|_)+),/) { + my $object = lc $1; + my $perm = lc $2; + next if $perm eq "last"; + + $object =~ s/_/-/g; + $perm =~ s/_/-/g; + + $perms{$object} = {} unless exists $perms{$object}; + $perms{$object}->{$perm} = { + desc => $opts{desc}, + message => $opts{message}, + anonymous => $opts{anonymous} + }; + %opts = (); + } +} + +print <<EOF; +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> +<policyconfig> + <vendor>Libvirt Project</vendor> + <vendor_url>http://libvirt.org</vendor_url> +EOF + +foreach my $object (sort { $a cmp $b } keys %perms) { + foreach my $perm (sort { $a cmp $b } keys %{$perms{$object}}) { + my $description = $perms{$object}->{$perm}->{desc}; + my $message = $perms{$object}->{$perm}->{message}; + my $anonymous = $perms{$object}->{$perm}->{anonymous}; + + die "missing description for $object.$perm" unless + defined $description; + die "missing message for $object.$perm" unless + defined $message; + + my $allow_any = $anonymous ? "yes" : "no"; + my $allow_inactive = $allow_any; + my $allow_active = $allow_any; + + print <<EOF; + <action id="org.libvirt.api.$object.$perm"> + <description>$description</description> + <message>$message</message> + <defaults> + <allow_any>$allow_any</allow_any> + <allow_inactive>$allow_inactive</allow_inactive> + <allow_active>$allow_active</allow_active> + </defaults> + </action> +EOF + + } +} + +print <<EOF; +</policyconfig> +EOF diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c new file mode 100644 index 0000000..a7ea439 --- /dev/null +++ b/src/access/viraccessdriverpolkit.c @@ -0,0 +1,399 @@ +/* + * viraccessdriverpolkit.c: polkited access control driver + * + * Copyright (C) 2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "viraccessdriverpolkit.h" +#include "viralloc.h" +#include "vircommand.h" +#include "virlog.h" +#include "virprocess.h" +#include "virerror.h" +#include "virstring.h" + +#define VIR_FROM_THIS VIR_FROM_ACCESS +#define virAccessError(code, ...) \ + virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \ + __FUNCTION__, __LINE__, __VA_ARGS__) + +#define VIR_ACCESS_DRIVER_POLKIT_ACTION_PREFIX "org.libvirt.api" + +typedef struct _virAccessDriverPolkitPrivate virAccessDriverPolkitPrivate; +typedef virAccessDriverPolkitPrivate *virAccessDriverPolkitPrivatePtr; + +struct _virAccessDriverPolkitPrivate { + bool ignore; +}; + + +static void virAccessDriverPolkitCleanup(virAccessManagerPtr manager ATTRIBUTE_UNUSED) +{ +} + + +static char * +virAccessDriverPolkitFormatAction(const char *typename, + const char *permname) +{ + char *actionid = NULL; + size_t i; + + if (virAsprintf(&actionid, "%s.%s.%s", + VIR_ACCESS_DRIVER_POLKIT_ACTION_PREFIX, + typename, permname) < 0) { + virReportOOMError(); + return NULL; + } + + for (i = 0; actionid[i]; i++) + if (actionid[i] == '_') + actionid[i] = '-'; + + return actionid; +} + + +static char * +virAccessDriverPolkitFormatProcess(const char *actionid) +{ + virIdentityPtr identity = virIdentityGetCurrent(); + const char *process = NULL; + char *ret = NULL; + + if (!identity) { + virAccessError(VIR_ERR_ACCESS_DENIED, + _("Policy kit denied action %s from <anonymous>"), + actionid); + return NULL; + } + if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0) + goto cleanup; + + if (!process) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process ID available")); + goto cleanup; + } + + if (VIR_STRDUP(ret, process) < 0) + goto cleanup; + +cleanup: + virObjectUnref(identity); + return ret; +} + + +static int +virAccessDriverPolkitCheck(virAccessManagerPtr manager ATTRIBUTE_UNUSED, + const char *typename, + const char *permname, + const char **attrs) +{ + char *actionid = NULL; + char *process = NULL; + virCommandPtr cmd = NULL; + int status; + int ret = -1; + + if (!(actionid = virAccessDriverPolkitFormatAction(typename, permname))) + goto cleanup; + + if (!(process = virAccessDriverPolkitFormatProcess(actionid))) + goto cleanup; + + cmd = virCommandNewArgList(PKCHECK_PATH, + "--action-id", actionid, + "--process", process, + NULL); + + while (attrs && attrs[0] && attrs[1]) { + virCommandAddArgList(cmd, "--detail", attrs[0], attrs[1], NULL); + attrs += 2; + } + + if (virCommandRun(cmd, &status) < 0) + goto cleanup; + + if (status == 0) { + ret = 1; /* Allowed */ + } else { + if (status == 1 || + status == 2 || + status == 3) { + ret = 0; /* Denied */ + } else { + ret = -1; /* Error */ + char *tmp = virProcessTranslateStatus(status); + virAccessError(VIR_ERR_ACCESS_DENIED, + _("Policy kit denied action %s from %s: %s"), + actionid, process, NULLSTR(tmp)); + VIR_FREE(tmp); + } + goto cleanup; + } + +cleanup: + virCommandFree(cmd); + VIR_FREE(actionid); + VIR_FREE(process); + return ret; +} + + +static int +virAccessDriverPolkitCheckConnect(virAccessManagerPtr manager, + const char *driverName, + virAccessPermConnect perm) +{ + const char *attrs[] = { + "connect-driver", driverName, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "connect", + virAccessPermConnectTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckDomain(virAccessManagerPtr manager, + const char *driverName, + virDomainDefPtr domain, + virAccessPermDomain perm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + const char *attrs[] = { + "connect-driver", driverName, + "domain-name", domain->name, + "domain-uuid", uuidstr, + NULL, + }; + virUUIDFormat(domain->uuid, uuidstr); + + return virAccessDriverPolkitCheck(manager, + "domain", + virAccessPermDomainTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckInterface(virAccessManagerPtr manager, + const char *driverName, + virInterfaceDefPtr iface, + virAccessPermInterface perm) +{ + const char *attrs[] = { + "connect-driver", driverName, + "interface-name", iface->name, + "interface-macaddr", iface->mac, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "interface", + virAccessPermInterfaceTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckNetwork(virAccessManagerPtr manager, + const char *driverName, + virNetworkDefPtr network, + virAccessPermNetwork perm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + const char *attrs[] = { + "connect-driver", driverName, + "network-name", network->name, + "network-uuid", uuidstr, + NULL, + }; + virUUIDFormat(network->uuid, uuidstr); + + return virAccessDriverPolkitCheck(manager, + "network", + virAccessPermNetworkTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager, + const char *driverName, + virNodeDeviceDefPtr nodedev, + virAccessPermNodeDevice perm) +{ + const char *attrs[] = { + "connect-driver", driverName, + "node-device-name", nodedev->name, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "nodedevice", + virAccessPermNodeDeviceTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckNWFilter(virAccessManagerPtr manager, + const char *driverName, + virNWFilterDefPtr nwfilter, + virAccessPermNWFilter perm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + const char *attrs[] = { + "connect-driver", driverName, + "nwfilter-name", nwfilter->name, + "nwfilter-uuid", uuidstr, + NULL, + }; + virUUIDFormat(nwfilter->uuid, uuidstr); + + return virAccessDriverPolkitCheck(manager, + "nwfilter", + virAccessPermNWFilterTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckSecret(virAccessManagerPtr manager, + const char *driverName, + virSecretDefPtr secret, + virAccessPermSecret perm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + virUUIDFormat(secret->uuid, uuidstr); + + switch (secret->usage_type) { + default: + case VIR_SECRET_USAGE_TYPE_NONE: { + const char *attrs[] = { + "connect-driver", driverName, + "secret-uuid", uuidstr, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "secret", + virAccessPermSecretTypeToString(perm), + attrs); + } break; + case VIR_SECRET_USAGE_TYPE_VOLUME: { + const char *attrs[] = { + "connect-driver", driverName, + "secret-uuid", uuidstr, + "secret-usage-volume", secret->usage.volume, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "secret", + virAccessPermSecretTypeToString(perm), + attrs); + } break; + case VIR_SECRET_USAGE_TYPE_CEPH: { + const char *attrs[] = { + "connect-driver", driverName, + "secret-uuid", uuidstr, + "secret-usage-ceph", secret->usage.ceph, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "secret", + virAccessPermSecretTypeToString(perm), + attrs); + } break; + case VIR_SECRET_USAGE_TYPE_ISCSI: { + const char *attrs[] = { + "connect-driver", driverName, + "secret-uuid", uuidstr, + "secret-usage-target", secret->usage.target, + NULL, + }; + + return virAccessDriverPolkitCheck(manager, + "secret", + virAccessPermSecretTypeToString(perm), + attrs); + } break; + } +} + +static int +virAccessDriverPolkitCheckStoragePool(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virAccessPermStoragePool perm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + const char *attrs[] = { + "connect-driver", driverName, + "pool-name", pool->name, + "pool-uuid", uuidstr, + NULL, + }; + virUUIDFormat(pool->uuid, uuidstr); + + return virAccessDriverPolkitCheck(manager, + "pool", + virAccessPermStoragePoolTypeToString(perm), + attrs); +} + +static int +virAccessDriverPolkitCheckStorageVol(virAccessManagerPtr manager, + const char *driverName, + virStoragePoolDefPtr pool, + virStorageVolDefPtr vol, + virAccessPermStorageVol perm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + const char *attrs[] = { + "connect-driver", driverName, + "pool-name", pool->name, + "pool-uuid", uuidstr, + "vol-name", vol->name, + "vol-key", vol->key, + NULL, + }; + virUUIDFormat(pool->uuid, uuidstr); + + return virAccessDriverPolkitCheck(manager, + "vol", + virAccessPermStorageVolTypeToString(perm), + attrs); +} + +virAccessDriver accessDriverPolkit = { + .name = "polkit", + .cleanup = virAccessDriverPolkitCleanup, + .checkConnect = virAccessDriverPolkitCheckConnect, + .checkDomain = virAccessDriverPolkitCheckDomain, + .checkInterface = virAccessDriverPolkitCheckInterface, + .checkNetwork = virAccessDriverPolkitCheckNetwork, + .checkNodeDevice = virAccessDriverPolkitCheckNodeDevice, + .checkNWFilter = virAccessDriverPolkitCheckNWFilter, + .checkSecret = virAccessDriverPolkitCheckSecret, + .checkStoragePool = virAccessDriverPolkitCheckStoragePool, + .checkStorageVol = virAccessDriverPolkitCheckStorageVol, +}; diff --git a/src/access/viraccessdriverpolkit.h b/src/access/viraccessdriverpolkit.h new file mode 100644 index 0000000..00b044f --- /dev/null +++ b/src/access/viraccessdriverpolkit.h @@ -0,0 +1,28 @@ +/* + * viraccessdriverpolkit.h: polkited access control driver + * + * Copyright (C) 2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#ifndef __VIR_ACCESS_DRIVER_POLKIT_H__ +# define __VIR_ACCESS_DRIVER_POLKIT_H__ + +# include "viraccessdriver.h" + +extern virAccessDriver accessDriverPolkit; + +#endif /* __VIR_ACCESS_DRIVER_POLKIT_H__ */ diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c index 8b1f150..559a844 100644 --- a/src/access/viraccessmanager.c +++ b/src/access/viraccessmanager.c @@ -23,6 +23,9 @@ #include "viraccessmanager.h" #include "viraccessdrivernop.h" #include "viraccessdriverstack.h" +#if WITH_POLKIT1 +# include "viraccessdriverpolkit.h" +#endif #include "viralloc.h" #include "virerror.h" #include "virobject.h" @@ -108,6 +111,9 @@ static virAccessManagerPtr virAccessManagerNewDriver(virAccessDriverPtr drv) static virAccessDriverPtr accessDrivers[] = { &accessDriverNop, +#if WITH_POLKIT1 + &accessDriverPolkit, +#endif }; -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Introduce annotations to all RPC messages to declare what access control checks are required. There are two new annotations defined: @acl: <object>:<permission> @acl: <object>:<permission>:<flagname> Declare the access control requirements for the API. May be repeated multiple times, if multiple rules are required. <object> is one of 'connect', 'domain', 'network', 'storagepool', 'interface', 'nodedev', 'secret'. <permission> is one of the permissions in access/viraccessperm.h <flagname> indicates the rule only applies if the named flag is set in the API call @aclfilter: <object>:<permission> Declare an access control filter that will be applied to a list of objects being returned by an API. This allows the returned list to be filtered to only show those the user has permissions against Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/locking/lock_protocol.x | 8 + src/remote/lxc_protocol.x | 1 + src/remote/qemu_protocol.x | 4 + src/remote/remote_protocol.x | 406 +++++++++++++++++++++++++++++++++++++++++++ src/rpc/gendispatch.pl | 2 +- 5 files changed, 420 insertions(+), 1 deletion(-) diff --git a/src/locking/lock_protocol.x b/src/locking/lock_protocol.x index f69f2e8..354d51a 100644 --- a/src/locking/lock_protocol.x +++ b/src/locking/lock_protocol.x @@ -105,41 +105,49 @@ enum virLockSpaceProtocolProcedure { /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_REGISTER = 1, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_RESTRICT = 2, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_NEW = 3, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_RESOURCE = 4, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_DELETE_RESOURCE = 5, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_ACQUIRE_RESOURCE = 6, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_RELEASE_RESOURCE = 7, /** * @generate: none + * @acl: none */ VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_LOCKSPACE = 8 }; diff --git a/src/remote/lxc_protocol.x b/src/remote/lxc_protocol.x index f6cd590..1cde90e 100644 --- a/src/remote/lxc_protocol.x +++ b/src/remote/lxc_protocol.x @@ -65,6 +65,7 @@ enum lxc_procedure { /** * @generate: none * @priority: low + * @acl: domain:open_namespace */ LXC_PROC_DOMAIN_OPEN_NAMESPACE = 1 }; diff --git a/src/remote/qemu_protocol.x b/src/remote/qemu_protocol.x index 63fd92f..1e7cf7c 100644 --- a/src/remote/qemu_protocol.x +++ b/src/remote/qemu_protocol.x @@ -91,18 +91,22 @@ enum qemu_procedure { /** * @generate: none * @priority: low + * @acl: domain:write */ QEMU_PROC_DOMAIN_MONITOR_COMMAND = 1, /** * @generate: both * @priority: low + * @acl: domain:start + * @acl: domain:write */ QEMU_PROC_DOMAIN_ATTACH = 2, /** * @generate: both * @priority: low + * @acl: domain:write */ QEMU_PROC_DOMAIN_AGENT_COMMAND = 3 }; diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 9723377..061faaf 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -2775,1664 +2775,2070 @@ enum remote_procedure { * to this rule, e.g. domainDestroy. Other APIs MAY be marked as high * priority. If in doubt, it's safe to choose low. Low is taken as default, * and thus can be left out. + * + * - @acl: <object>:<permission> + * - @acl: <object>:<permission>:<flagname> + * + * Declare the access control requirements for the API. May be repeated + * multiple times, if multiple rules are required. + * + * <object> is one of 'connect', 'domain', 'network', 'storagepool', + * 'interface', 'nodedev', 'secret'. + * <permission> is one of the permissions in access/viraccessperm.h + * <flagname> indicates the rule only applies if the named flag + * is set in the API call + * + * - @aclfilter: <object>:<permission> + * + * Declare an access control filter that will be applied to a list + * of objects being returned by an API. This allows the returned + * list to be filtered to only show those the user has permissions + * against */ /** * @generate: none * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_OPEN = 1, /** * @generate: none * @priority: high + * @acl: none */ REMOTE_PROC_CONNECT_CLOSE = 2, /** * @generate: server * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_GET_TYPE = 3, /** * @generate: both * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_GET_VERSION = 4, /** * @generate: both * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_GET_MAX_VCPUS = 5, /** * @generate: both * @priority: high + * @acl: connect:read */ REMOTE_PROC_NODE_GET_INFO = 6, /** * @generate: both + * @acl: connect:read */ REMOTE_PROC_CONNECT_GET_CAPABILITIES = 7, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_ATTACH_DEVICE = 8, /** * @generate: server + * @acl: domain:start */ REMOTE_PROC_DOMAIN_CREATE = 9, /** * @generate: both + * @acl: domain:write + * @acl: domain:start */ REMOTE_PROC_DOMAIN_CREATE_XML = 10, /** * @generate: both * @priority: high + * @acl: domain:write + * @acl: domain:save */ REMOTE_PROC_DOMAIN_DEFINE_XML = 11, /** * @generate: both * @priority: high + * @acl: domain:stop */ REMOTE_PROC_DOMAIN_DESTROY = 12, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_DETACH_DEVICE = 13, /** * @generate: both + * @acl: domain:read + * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE */ REMOTE_PROC_DOMAIN_GET_XML_DESC = 14, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_AUTOSTART = 15, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_INFO = 16, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_MAX_MEMORY = 17, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_MAX_VCPUS = 18, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_OS_TYPE = 19, /** * @generate: none * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_VCPUS = 20, /** * @generate: both * @priority: high + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_LIST_DEFINED_DOMAINS = 21, /** * @generate: both * @priority: high + * @acl: domain:getattr */ REMOTE_PROC_DOMAIN_LOOKUP_BY_ID = 22, /** * @generate: both * @priority: high + * @acl: domain:getattr */ REMOTE_PROC_DOMAIN_LOOKUP_BY_NAME = 23, /** * @generate: both * @priority: high + * @acl: domain:getattr */ REMOTE_PROC_DOMAIN_LOOKUP_BY_UUID = 24, /** * @generate: both * @priority: high + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_NUM_OF_DEFINED_DOMAINS = 25, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_PIN_VCPU = 26, /** * @generate: both + * @acl: domain:init_control */ REMOTE_PROC_DOMAIN_REBOOT = 27, /** * @generate: both + * @acl: domain:suspend */ REMOTE_PROC_DOMAIN_RESUME = 28, /** * @generate: both * @priority: high + * @acl: domain:write */ REMOTE_PROC_DOMAIN_SET_AUTOSTART = 29, /** * @generate: both * @priority: high + * @acl: domain:write */ REMOTE_PROC_DOMAIN_SET_MAX_MEMORY = 30, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_SET_MEMORY = 31, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_SET_VCPUS = 32, /** * @generate: both + * @acl: domain:init_control */ REMOTE_PROC_DOMAIN_SHUTDOWN = 33, /** * @generate: both + * @acl: domain:suspend */ REMOTE_PROC_DOMAIN_SUSPEND = 34, /** * @generate: both * @priority: high + * @acl: domain:delete */ REMOTE_PROC_DOMAIN_UNDEFINE = 35, /** * @generate: both * @priority: high + * @acl: connect:search_networks + * @aclfilter: network:getattr */ REMOTE_PROC_CONNECT_LIST_DEFINED_NETWORKS = 36, /** * @generate: server * @priority: high + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_LIST_DOMAINS = 37, /** * @generate: both * @priority: high + * @acl: connect:search_networks + * @aclfilter: network:getattr */ REMOTE_PROC_CONNECT_LIST_NETWORKS = 38, /** * @generate: both + * @acl: network:start */ REMOTE_PROC_NETWORK_CREATE = 39, /** * @generate: both + * @acl: network:write + * @acl: network:start */ REMOTE_PROC_NETWORK_CREATE_XML = 40, /** * @generate: both * @priority: high + * @acl: network:write + * @acl: network:save */ REMOTE_PROC_NETWORK_DEFINE_XML = 41, /** * @generate: both * @priority: high + * @acl: network:stop */ REMOTE_PROC_NETWORK_DESTROY = 42, /** * @generate: both * @priority: high + * @acl: network:read */ REMOTE_PROC_NETWORK_GET_XML_DESC = 43, /** * @generate: both * @priority: high + * @acl: network:read */ REMOTE_PROC_NETWORK_GET_AUTOSTART = 44, /** * @generate: both * @priority: high + * @acl: network:read */ REMOTE_PROC_NETWORK_GET_BRIDGE_NAME = 45, /** * @generate: both * @priority: high + * @acl: network:getattr */ REMOTE_PROC_NETWORK_LOOKUP_BY_NAME = 46, /** * @generate: both * @priority: high + * @acl: network:getattr */ REMOTE_PROC_NETWORK_LOOKUP_BY_UUID = 47, /** * @generate: both * @priority: high + * @acl: network:write */ REMOTE_PROC_NETWORK_SET_AUTOSTART = 48, /** * @generate: both * @priority: high + * @acl: network:delete */ REMOTE_PROC_NETWORK_UNDEFINE = 49, /** * @generate: both * @priority: high + * @acl: connect:search_networks + * @aclfilter: network:getattr */ REMOTE_PROC_CONNECT_NUM_OF_DEFINED_NETWORKS = 50, /** * @generate: both * @priority: high + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_NUM_OF_DOMAINS = 51, /** * @generate: both * @priority: high + * @acl: connect:search_networks + * @aclfilter: network:getattr */ REMOTE_PROC_CONNECT_NUM_OF_NETWORKS = 52, /** * @generate: both + * @acl: domain:core_dump */ REMOTE_PROC_DOMAIN_CORE_DUMP = 53, /** * @generate: both + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_RESTORE = 54, /** * @generate: both + * @acl: domain:hibernate */ REMOTE_PROC_DOMAIN_SAVE = 55, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_SCHEDULER_TYPE = 56, /** * @generate: client + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_SCHEDULER_PARAMETERS = 57, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SET_SCHEDULER_PARAMETERS = 58, /** * @generate: both * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_GET_HOSTNAME = 59, /** * @generate: client * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_SUPPORTS_FEATURE = 60, /** * @generate: none + * @acl: domain:migrate + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_MIGRATE_PREPARE = 61, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_PERFORM = 62, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_FINISH = 63, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_BLOCK_STATS = 64, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_INTERFACE_STATS = 65, /** * @generate: none * @priority: high + * @acl: none */ REMOTE_PROC_AUTH_LIST = 66, /** * @generate: none * @priority: high + * @acl: none */ REMOTE_PROC_AUTH_SASL_INIT = 67, /** * @generate: none * @priority: high + * @acl: none */ REMOTE_PROC_AUTH_SASL_START = 68, /** * @generate: none * @priority: high + * @acl: none */ REMOTE_PROC_AUTH_SASL_STEP = 69, /** * @generate: none * @priority: high + * @acl: none */ REMOTE_PROC_AUTH_POLKIT = 70, /** * @generate: both * @priority: high + * @acl: connect:search_storage_pools + * @aclfilter: storage_pool:getattr */ REMOTE_PROC_CONNECT_NUM_OF_STORAGE_POOLS = 71, /** * @generate: both * @priority: high + * @acl: connect:search_storage_pools + * @aclfilter: storage_pool:getattr */ REMOTE_PROC_CONNECT_LIST_STORAGE_POOLS = 72, /** * @generate: both * @priority: high + * @acl: connect:search_storage_pools + * @aclfilter: storage_pool:getattr */ REMOTE_PROC_CONNECT_NUM_OF_DEFINED_STORAGE_POOLS = 73, /** * @generate: both * @priority: high + * @acl: connect:search_storage_pools + * @aclfilter: storage_pool:getattr */ REMOTE_PROC_CONNECT_LIST_DEFINED_STORAGE_POOLS = 74, /** * @generate: server + * @acl: connect:detect_storage_pools */ REMOTE_PROC_CONNECT_FIND_STORAGE_POOL_SOURCES = 75, /** * @generate: both + * @acl: storage_pool:start + * @acl: storage_pool:write */ REMOTE_PROC_STORAGE_POOL_CREATE_XML = 76, /** * @generate: both * @priority: high + * @acl: storage_pool:write + * @acl: storage_pool:save */ REMOTE_PROC_STORAGE_POOL_DEFINE_XML = 77, /** * @generate: both + * @acl: storage_pool:start */ REMOTE_PROC_STORAGE_POOL_CREATE = 78, /** * @generate: both + * @acl: storage_pool:format */ REMOTE_PROC_STORAGE_POOL_BUILD = 79, /** * @generate: both * @priority: high + * @acl: storage_pool:stop */ REMOTE_PROC_STORAGE_POOL_DESTROY = 80, /** * @generate: both + * @acl: storage_pool:format */ REMOTE_PROC_STORAGE_POOL_DELETE = 81, /** * @generate: both * @priority: high + * @acl: storage_pool:delete */ REMOTE_PROC_STORAGE_POOL_UNDEFINE = 82, /** * @generate: both + * @acl: storage_pool:refresh */ REMOTE_PROC_STORAGE_POOL_REFRESH = 83, /** * @generate: both * @priority: high + * @acl: storage_pool:getattr */ REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_NAME = 84, /** * @generate: both * @priority: high + * @acl: storage_pool:getattr */ REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_UUID = 85, /** * @generate: both * @priority: high + * @acl: storage_pool:getattr */ REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_VOLUME = 86, /** * @generate: both * @priority: high + * @acl: storage_pool:read */ REMOTE_PROC_STORAGE_POOL_GET_INFO = 87, /** * @generate: both * @priority: high + * @acl: storage_pool:read */ REMOTE_PROC_STORAGE_POOL_GET_XML_DESC = 88, /** * @generate: both * @priority: high + * @acl: storage_pool:read */ REMOTE_PROC_STORAGE_POOL_GET_AUTOSTART = 89, /** * @generate: both * @priority: high + * @acl: storage_pool:write */ REMOTE_PROC_STORAGE_POOL_SET_AUTOSTART = 90, /** * @generate: both * @priority: high + * @acl: storage_pool:search_storage_vols + * @aclfilter: storage_vol:getattr */ REMOTE_PROC_STORAGE_POOL_NUM_OF_VOLUMES = 91, /** * @generate: both * @priority: high + * @acl: storage_pool:search_storage_vols + * @aclfilter: storage_vol:getattr */ REMOTE_PROC_STORAGE_POOL_LIST_VOLUMES = 92, /** * @generate: both + * @acl: storage_vol:create */ REMOTE_PROC_STORAGE_VOL_CREATE_XML = 93, /** * @generate: both + * @acl: storage_vol:delete */ REMOTE_PROC_STORAGE_VOL_DELETE = 94, /** * @generate: both * @priority: high + * @acl: storage_vol:getattr */ REMOTE_PROC_STORAGE_VOL_LOOKUP_BY_NAME = 95, /** * @generate: both * @priority: high + * @acl: storage_vol:getattr */ REMOTE_PROC_STORAGE_VOL_LOOKUP_BY_KEY = 96, /** * @generate: both * @priority: high + * @acl: storage_vol:getattr */ REMOTE_PROC_STORAGE_VOL_LOOKUP_BY_PATH = 97, /** * @generate: both * @priority: high + * @acl: storage_vol:read */ REMOTE_PROC_STORAGE_VOL_GET_INFO = 98, /** * @generate: both * @priority: high + * @acl: storage_vol:read */ REMOTE_PROC_STORAGE_VOL_GET_XML_DESC = 99, /** * @generate: both * @priority: high + * @acl: storage_vol:read */ REMOTE_PROC_STORAGE_VOL_GET_PATH = 100, /** * @generate: server * @priority: high + * @acl: connect:read */ REMOTE_PROC_NODE_GET_CELLS_FREE_MEMORY = 101, /** * @generate: both * @priority: high + * @acl: connect:read */ REMOTE_PROC_NODE_GET_FREE_MEMORY = 102, /** * @generate: none + * @acl: domain:block_read */ REMOTE_PROC_DOMAIN_BLOCK_PEEK = 103, /** * @generate: none + * @acl: domain:mem_read */ REMOTE_PROC_DOMAIN_MEMORY_PEEK = 104, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER = 105, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_DOMAIN_EVENT_DEREGISTER = 106, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE = 107, /** * @generate: none + * @acl: domain:migrate + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_MIGRATE_PREPARE2 = 108, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_FINISH2 = 109, /** * @generate: server * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_GET_URI = 110, /** * @generate: both * @priority: high + * @acl: connect:search_node_devices + * @aclfilter: node_device:getattr */ REMOTE_PROC_NODE_NUM_OF_DEVICES = 111, /** * @generate: both * @priority: high + * @acl: connect:search_node_devices + * @aclfilter: node_device:getattr */ REMOTE_PROC_NODE_LIST_DEVICES = 112, /** * @generate: both * @priority: high + * @acl: node_device:getattr */ REMOTE_PROC_NODE_DEVICE_LOOKUP_BY_NAME = 113, /** * @generate: both + * @acl: node_device:read */ REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114, /** * @generate: client * @priority: high + * @acl: node_device:read */ REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115, /** * @generate: both * @priority: high + * @acl: node_device:read */ REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116, /** * @generate: both * @priority: high + * @acl: node_device:read */ REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117, /** * @generate: server + * @acl: node_device:dettach */ REMOTE_PROC_NODE_DEVICE_DETTACH = 118, /** * @generate: server + * @acl: node_device:dettach */ REMOTE_PROC_NODE_DEVICE_RE_ATTACH = 119, /** * @generate: server + * @acl: node_device:dettach */ REMOTE_PROC_NODE_DEVICE_RESET = 120, /** * @generate: none * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_SECURITY_LABEL = 121, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_NODE_GET_SECURITY_MODEL = 122, /** * @generate: both + * @acl: node_device:write + * @acl: node_device:start */ REMOTE_PROC_NODE_DEVICE_CREATE_XML = 123, /** * @generate: both * @priority: high + * @acl: node_device:stop */ REMOTE_PROC_NODE_DEVICE_DESTROY = 124, /** * @generate: both + * @acl: storage_vol:create */ REMOTE_PROC_STORAGE_VOL_CREATE_XML_FROM = 125, /** * @generate: both * @priority: high + * @acl: connect:search_interfaces + * @aclfilter: interface:getattr */ REMOTE_PROC_CONNECT_NUM_OF_INTERFACES = 126, /** * @generate: both * @priority: high + * @acl: connect:search_interfaces + * @aclfilter: interface:getattr */ REMOTE_PROC_CONNECT_LIST_INTERFACES = 127, /** * @generate: both * @priority: high + * @acl: interface:getattr */ REMOTE_PROC_INTERFACE_LOOKUP_BY_NAME = 128, /** * @generate: both * @priority: high + * @acl: interface:getattr */ REMOTE_PROC_INTERFACE_LOOKUP_BY_MAC_STRING = 129, /** * @generate: both + * @acl: interface:read */ REMOTE_PROC_INTERFACE_GET_XML_DESC = 130, /** * @generate: both * @priority: high + * @acl: interface:write + * @acl: interface:save */ REMOTE_PROC_INTERFACE_DEFINE_XML = 131, /** * @generate: both * @priority: high + * @acl: interface:delete */ REMOTE_PROC_INTERFACE_UNDEFINE = 132, /** * @generate: both + * @acl: interface:start */ REMOTE_PROC_INTERFACE_CREATE = 133, /** * @generate: both * @priority: high + * @acl: interface:stop */ REMOTE_PROC_INTERFACE_DESTROY = 134, /** * @generate: both + * @acl: connect:read */ REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135, /** * @generate: both + * @acl: connect:read */ REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136, /** * @generate: both * @priority: high + * @acl: connect:search_interfaces + * @aclfilter: interface:getattr */ REMOTE_PROC_CONNECT_NUM_OF_DEFINED_INTERFACES = 137, /** * @generate: both * @priority: high + * @acl: connect:search_interfaces + * @aclfilter: interface:getattr */ REMOTE_PROC_CONNECT_LIST_DEFINED_INTERFACES = 138, /** * @generate: both * @priority: high + * @acl: connect:search_secrets + * @aclfilter: secret:getattr */ REMOTE_PROC_CONNECT_NUM_OF_SECRETS = 139, /** * @generate: both * @priority: high + * @acl: connect:search_secrets + * @aclfilter: secret:getattr */ REMOTE_PROC_CONNECT_LIST_SECRETS = 140, /** * @generate: both * @priority: high + * @acl: secret:getattr */ REMOTE_PROC_SECRET_LOOKUP_BY_UUID = 141, /** * @generate: both * @priority: high + * @acl: secret:write + * @acl: secret:save */ REMOTE_PROC_SECRET_DEFINE_XML = 142, /** * @generate: both * @priority: high + * @acl: secret:read */ REMOTE_PROC_SECRET_GET_XML_DESC = 143, /** * @generate: both * @priority: high + * @acl: secret:write */ REMOTE_PROC_SECRET_SET_VALUE = 144, /** * @generate: none * @priority: high + * @acl: secret:read_secure */ REMOTE_PROC_SECRET_GET_VALUE = 145, /** * @generate: both * @priority: high + * @acl: secret:delete */ REMOTE_PROC_SECRET_UNDEFINE = 146, /** * @generate: both * @priority: high + * @acl: secret:getattr */ REMOTE_PROC_SECRET_LOOKUP_BY_USAGE = 147, /** * @generate: both * @writestream: 1 + * @acl: domain:migrate + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL = 148, /** * @generate: server * @priority: high + * @acl: none */ REMOTE_PROC_CONNECT_IS_SECURE = 149, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_IS_ACTIVE = 150, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_IS_PERSISTENT = 151, /** * @generate: both * @priority: high + * @acl: network:read */ REMOTE_PROC_NETWORK_IS_ACTIVE = 152, /** * @generate: both * @priority: high + * @acl: network:read */ REMOTE_PROC_NETWORK_IS_PERSISTENT = 153, /** * @generate: both * @priority: high + * @acl: storage_pool:read */ REMOTE_PROC_STORAGE_POOL_IS_ACTIVE = 154, /** * @generate: both * @priority: high + * @acl: storage_pool:read */ REMOTE_PROC_STORAGE_POOL_IS_PERSISTENT = 155, /** * @generate: both * @priority: high + * @acl: interface:read */ REMOTE_PROC_INTERFACE_IS_ACTIVE = 156, /** * @generate: both * @priority: high + * @acl: connect:getattr */ REMOTE_PROC_CONNECT_GET_LIB_VERSION = 157, /** * @generate: both * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_COMPARE_CPU = 158, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_MEMORY_STATS = 159, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_ATTACH_DEVICE_FLAGS = 160, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_DETACH_DEVICE_FLAGS = 161, /** * @generate: both + * @acl: connect:read */ REMOTE_PROC_CONNECT_BASELINE_CPU = 162, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_JOB_INFO = 163, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_ABORT_JOB = 164, /** * @generate: both + * @acl: storage_vol:format */ REMOTE_PROC_STORAGE_VOL_WIPE = 165, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_SET_MAX_DOWNTIME = 166, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY = 167, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_DOMAIN_EVENT_DEREGISTER_ANY = 168, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_REBOOT = 169, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_RTC_CHANGE = 170, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_WATCHDOG = 171, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_IO_ERROR = 172, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_GRAPHICS = 173, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_UPDATE_DEVICE_FLAGS = 174, /** * @generate: both * @priority: high + * @acl: nwfilter:getattr */ REMOTE_PROC_NWFILTER_LOOKUP_BY_NAME = 175, /** * @generate: both * @priority: high + * @acl: nwfilter:getattr */ REMOTE_PROC_NWFILTER_LOOKUP_BY_UUID = 176, /** * @generate: both * @priority: high + * @acl: nwfilter:read */ REMOTE_PROC_NWFILTER_GET_XML_DESC = 177, /** * @generate: both * @priority: high + * @acl: connect:search_nwfilters + * @aclfilter: nwfilter:getattr */ REMOTE_PROC_CONNECT_NUM_OF_NWFILTERS = 178, /** * @generate: both * @priority: high + * @acl: connect:search_nwfilters + * @aclfilter: nwfilter:getattr */ REMOTE_PROC_CONNECT_LIST_NWFILTERS = 179, /** * @generate: both * @priority: high + * @acl: nwfilter:write + * @acl: nwfilter:save */ REMOTE_PROC_NWFILTER_DEFINE_XML = 180, /** * @generate: both * @priority: high + * @acl: nwfilter:delete */ REMOTE_PROC_NWFILTER_UNDEFINE = 181, /** * @generate: both + * @acl: domain:hibernate */ REMOTE_PROC_DOMAIN_MANAGED_SAVE = 182, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_HAS_MANAGED_SAVE_IMAGE = 183, /** * @generate: both + * @acl: domain:hibernate */ REMOTE_PROC_DOMAIN_MANAGED_SAVE_REMOVE = 184, /** * @generate: both + * @acl: domain:snapshot */ REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML = 185, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_NUM = 187, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_NAMES = 188, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_LOOKUP_BY_NAME = 189, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_HAS_CURRENT_SNAPSHOT = 190, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_CURRENT = 191, /** * @generate: both + * @acl: domain:snapshot */ REMOTE_PROC_DOMAIN_REVERT_TO_SNAPSHOT = 192, /** * @generate: both + * @acl: domain:snapshot */ REMOTE_PROC_DOMAIN_SNAPSHOT_DELETE = 193, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_BLOCK_INFO = 194, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_IO_ERROR_REASON = 195, /** * @generate: server + * @acl: domain:start */ REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS = 196, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_MEMORY_PARAMETERS = 197, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_MEMORY_PARAMETERS = 198, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS = 199, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS = 200, /** * @generate: both * @readstream: 2 + * @acl: domain:open_device */ REMOTE_PROC_DOMAIN_OPEN_CONSOLE = 201, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_IS_UPDATED = 202, /** * @generate: both * @priority: high + * @acl: connect:read */ REMOTE_PROC_CONNECT_GET_SYSINFO = 203, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_MEMORY_FLAGS = 204, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_BLKIO_PARAMETERS = 205, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_BLKIO_PARAMETERS = 206, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_SET_MAX_SPEED = 207, /** * @generate: both * @writestream: 1 + * @acl: storage_vol:data_write */ REMOTE_PROC_STORAGE_VOL_UPLOAD = 208, /** * @generate: both * @readstream: 1 + * @acl: storage_vol:data_read */ REMOTE_PROC_STORAGE_VOL_DOWNLOAD = 209, /** * @generate: both + * @acl: domain:inject_nmi */ REMOTE_PROC_DOMAIN_INJECT_NMI = 210, /** * @generate: both * @readstream: 1 + * @acl: domain:screenshot */ REMOTE_PROC_DOMAIN_SCREENSHOT = 211, /** * @generate: none * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_STATE = 212, /** * @generate: none + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_BEGIN3 = 213, /** * @generate: none + * @acl: domain:migrate + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_MIGRATE_PREPARE3 = 214, /** * @generate: server * @writestream: 1 + * @acl: domain:migrate + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL3 = 215, /** * @generate: none + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_PERFORM3 = 216, /** * @generate: none + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_FINISH3 = 217, /** * @generate: none + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_CONFIRM3 = 218, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_SCHEDULER_PARAMETERS_FLAGS = 219, /** * @generate: both + * @acl: connect:interface_transaction */ REMOTE_PROC_INTERFACE_CHANGE_BEGIN = 220, /** * @generate: both + * @acl: connect:interface_transaction */ REMOTE_PROC_INTERFACE_CHANGE_COMMIT = 221, /** * @generate: both + * @acl: connect:interface_transaction */ REMOTE_PROC_INTERFACE_CHANGE_ROLLBACK = 222, /** * @generate: client + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_SCHEDULER_PARAMETERS_FLAGS = 223, /** * @generate: none + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_CONTROL_ERROR = 224, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_PIN_VCPU_FLAGS = 225, /** * @generate: both + * @acl: domain:send_input */ REMOTE_PROC_DOMAIN_SEND_KEY = 226, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_NODE_GET_CPU_STATS = 227, /** * @generate: none * @priority: high + * @acl: connect:read */ REMOTE_PROC_NODE_GET_MEMORY_STATS = 228, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_CONTROL_INFO = 229, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_VCPU_PIN_INFO = 230, /** * @generate: both * @priority: high + * @acl: domain:delete */ REMOTE_PROC_DOMAIN_UNDEFINE_FLAGS = 231, /** * @generate: both + * @acl: domain:hibernate */ REMOTE_PROC_DOMAIN_SAVE_FLAGS = 232, /** * @generate: both + * @acl: domain:start + * @acl: domain:write */ REMOTE_PROC_DOMAIN_RESTORE_FLAGS = 233, /** * @generate: both * @priority: high + * @acl: domain:stop */ REMOTE_PROC_DOMAIN_DESTROY_FLAGS = 234, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, /** * @generate: both * @priority: high + * @acl: domain:write + * @acl: domain:hibernate */ REMOTE_PROC_DOMAIN_SAVE_IMAGE_DEFINE_XML = 236, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_BLOCK_JOB_ABORT = 237, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_BLOCK_JOB_INFO = 238, /** * @generate: both + * @acl: domain:write */ REMOTE_PROC_DOMAIN_BLOCK_JOB_SET_SPEED = 239, /** * @generate: both + * @acl: domain:block_write */ REMOTE_PROC_DOMAIN_BLOCK_PULL = 240, /** * @generate: none + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_BLOCK_JOB = 241, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_GET_MAX_SPEED = 242, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_BLOCK_STATS_FLAGS = 243, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT = 244, /** * @generate: both + * @acl: domain:reset */ REMOTE_PROC_DOMAIN_RESET = 245, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN = 246, /** * @generate: both * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247, /** * @generate: none + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_DISK_CHANGE = 248, /** * @generate: none + * @acl: domain:open_graphics */ REMOTE_PROC_DOMAIN_OPEN_GRAPHICS = 249, /** * @generate: both + * @acl: connect:pm_control */ REMOTE_PROC_NODE_SUSPEND_FOR_DURATION = 250, /** * @generate: both + * @acl: domain:block_write */ REMOTE_PROC_DOMAIN_BLOCK_RESIZE = 251, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_BLOCK_IO_TUNE = 252, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_BLOCK_IO_TUNE = 253, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_NUMA_PARAMETERS = 254, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_NUMA_PARAMETERS = 255, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_INTERFACE_PARAMETERS = 256, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_INTERFACE_PARAMETERS = 257, /** * @generate: both + * @acl: domain:init_control */ REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS = 258, /** * @generate: both + * @acl: storage_vol:format */ REMOTE_PROC_STORAGE_VOL_WIPE_PATTERN = 259, /** * @generate: both + * @acl: storage_vol:resize */ REMOTE_PROC_STORAGE_VOL_RESIZE = 260, /** * @generate: both + * @acl: domain:pm_control */ REMOTE_PROC_DOMAIN_PM_SUSPEND_FOR_DURATION = 261, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_CPU_STATS = 262, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_DISK_ERRORS = 263, /** * @generate: both + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_SET_METADATA = 264, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_METADATA = 265, /** * @generate: both + * @acl: domain:block_write */ REMOTE_PROC_DOMAIN_BLOCK_REBASE = 266, /** * @generate: both + * @acl: domain:pm_control */ REMOTE_PROC_DOMAIN_PM_WAKEUP = 267, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_TRAY_CHANGE = 268, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_PMWAKEUP = 269, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_PMSUSPEND = 270, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_IS_CURRENT = 271, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_HAS_METADATA = 272, /** * @generate: none * @priority: high + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_DOMAINS = 273, /** * @generate: none * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_LIST_ALL_SNAPSHOTS = 274, /** * @generate: none * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_ALL_CHILDREN = 275, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_BALLOON_CHANGE = 276, /** * @generate: both + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277, /** * @generate: none * @priority: high + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_SECURITY_LABEL_LIST = 278, /** * @generate: none + * @acl: domain:write + * @acl: domain:save:!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE + * @acl: domain:save:VIR_DOMAIN_AFFECT_CONFIG */ REMOTE_PROC_DOMAIN_PIN_EMULATOR = 279, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_EMULATOR_PIN_INFO = 280, /** * @generate: none * @priority: high + * @acl: connect:search_storage_pools + * @aclfilter: storage_pool:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_STORAGE_POOLS = 281, /** * @generate: none * @priority: high + * @acl: storage_pool:search_storage_vols + * @aclfilter: storage_vol:getattr */ REMOTE_PROC_STORAGE_POOL_LIST_ALL_VOLUMES = 282, /** * @generate: none * @priority: high + * @acl: connect:search_networks + * @aclfilter: network:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_NETWORKS = 283, /** * @generate: none * @priority: high + * @acl: connect:search_interfaces + * @aclfilter: interface:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES = 284, /** * @generate: none * @priority: high + * @acl: connect:search_node_devices + * @aclfilter: node_device:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_NODE_DEVICES = 285, /** * @generate: none * @priority: high + * @acl: connect:search_nwfilters + * @aclfilter: nwfilter:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_NWFILTERS = 286, /** * @generate: none * @priority: high + * @acl: connect:search_secrets + * @aclfilter: secret:getattr */ REMOTE_PROC_CONNECT_LIST_ALL_SECRETS = 287, /** * @generate: both + * @acl: connect:write */ REMOTE_PROC_NODE_SET_MEMORY_PARAMETERS = 288, /** * @generate: none + * @acl: connect:read */ REMOTE_PROC_NODE_GET_MEMORY_PARAMETERS = 289, /** * @generate: both + * @acl: domain:block_write */ REMOTE_PROC_DOMAIN_BLOCK_COMMIT = 290, /** * @generate: both * @priority: high + * @acl: network:write + * @acl: network:save:!VIR_NETWORK_UPDATE_AFFECT_CONFIG|VIR_NETWORK_UPDATE_AFFECT_LIVE + * @acl: network:save:VIR_NETWORK_UPDATE_AFFECT_CONFIG */ REMOTE_PROC_NETWORK_UPDATE = 291, /** * @generate: both + * @acl: none */ REMOTE_PROC_DOMAIN_EVENT_PMSUSPEND_DISK = 292, /** * @generate: none + * @acl: connect:read */ REMOTE_PROC_NODE_GET_CPU_MAP = 293, /** * @generate: both + * @acl: domain:fs_trim */ REMOTE_PROC_DOMAIN_FSTRIM = 294, /** * @generate: both + * @acl: domain:send_signal */ REMOTE_PROC_DOMAIN_SEND_PROCESS_SIGNAL = 295, /** * @generate: both * @readstream: 2 + * @acl: domain:open_device */ REMOTE_PROC_DOMAIN_OPEN_CHANNEL = 296, /** * @generate: both * @priority: high + * @acl: node_device:getattr */ REMOTE_PROC_NODE_DEVICE_LOOKUP_SCSI_HOST_BY_WWN = 297, /** * @generate: none + * @acl: domain:read */ REMOTE_PROC_DOMAIN_GET_JOB_STATS = 298, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_GET_COMPRESSION_CACHE = 299, /** * @generate: both + * @acl: domain:migrate */ REMOTE_PROC_DOMAIN_MIGRATE_SET_COMPRESSION_CACHE = 300, /** * @generate: server + * @acl: node_device:dettach */ REMOTE_PROC_NODE_DEVICE_DETACH_FLAGS = 301 diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index 3356fee..4d5007f 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -123,7 +123,7 @@ while (<PROTOCOL>) { push(@{$calls{$name}->{ret_members}}, $1); } } elsif ($collect_opts) { - if (m,^\s*\*\s*\@(\w+)\s*:\s*(\w+)\s*$,) { + if (m,^\s*\*\s*\@(\w+)\s*:\s*((?:\w|:|\!|\|)+)\s*$,) { $opts{$1} = $2; } elsif (m,^\s*\*/\s*$,) { $collect_opts = 0; -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Insert calls to the ACL checking APIs in all LXC driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/Makefile.am | 4 +- src/lxc/lxc_driver.c | 219 ++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 210 insertions(+), 13 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 658d551..a915fe3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1107,7 +1107,9 @@ endif libvirt_driver_lxc_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ $(FUSE_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS) if WITH_BLKID libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 3d6baf5..3cfd177 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -68,6 +68,8 @@ #include "virtypedparam.h" #include "viruri.h" #include "virstring.h" +#include "viraccessapicheck.h" +#include "viraccessapichecklxc.h" #define VIR_FROM_THIS VIR_FROM_LXC @@ -148,6 +150,9 @@ static virDrvOpenStatus lxcConnectOpen(virConnectPtr conn, } } + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + conn->privateData = lxc_driver; return VIR_DRV_OPEN_SUCCESS; @@ -190,6 +195,9 @@ static char *lxcConnectGetCapabilities(virConnectPtr conn) { virLXCDriverPtr driver = conn->privateData; char *xml; + if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + lxcDriverLock(driver); if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL) virReportOOMError(); @@ -216,6 +224,9 @@ static virDomainPtr lxcDomainLookupByID(virConnectPtr conn, goto cleanup; } + if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -245,6 +256,9 @@ static virDomainPtr lxcDomainLookupByUUID(virConnectPtr conn, goto cleanup; } + if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -271,6 +285,9 @@ static virDomainPtr lxcDomainLookupByName(virConnectPtr conn, goto cleanup; } + if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0) + goto cleanup; + dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -298,6 +315,10 @@ static int lxcDomainIsActive(virDomainPtr dom) _("No domain with matching uuid '%s'"), uuidstr); goto cleanup; } + + if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0) + goto cleanup; + ret = virDomainObjIsActive(obj); cleanup: @@ -323,6 +344,10 @@ static int lxcDomainIsPersistent(virDomainPtr dom) _("No domain with matching uuid '%s'"), uuidstr); goto cleanup; } + + if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0) + goto cleanup; + ret = obj->persistent; cleanup: @@ -347,6 +372,10 @@ static int lxcDomainIsUpdated(virDomainPtr dom) _("No domain with matching uuid '%s'"), uuidstr); goto cleanup; } + + if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0) + goto cleanup; + ret = obj->updated; cleanup: @@ -359,6 +388,9 @@ static int lxcConnectListDomains(virConnectPtr conn, int *ids, int nids) { virLXCDriverPtr driver = conn->privateData; int n; + if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); n = virDomainObjListGetActiveIDs(driver->domains, ids, nids); lxcDriverUnlock(driver); @@ -370,6 +402,9 @@ static int lxcConnectNumOfDomains(virConnectPtr conn) { virLXCDriverPtr driver = conn->privateData; int n; + if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); n = virDomainObjListNumOfDomains(driver->domains, 1); lxcDriverUnlock(driver); @@ -382,6 +417,9 @@ static int lxcConnectListDefinedDomains(virConnectPtr conn, virLXCDriverPtr driver = conn->privateData; int n; + if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); n = virDomainObjListGetInactiveNames(driver->domains, names, nnames); lxcDriverUnlock(driver); @@ -394,6 +432,9 @@ static int lxcConnectNumOfDefinedDomains(virConnectPtr conn) { virLXCDriverPtr driver = conn->privateData; int n; + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); n = virDomainObjListNumOfDomains(driver->domains, 0); lxcDriverUnlock(driver); @@ -418,6 +459,9 @@ static virDomainPtr lxcDomainDefineXML(virConnectPtr conn, const char *xml) VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (virSecurityManagerVerify(driver->securityManager, def) < 0) goto cleanup; @@ -482,6 +526,9 @@ static int lxcDomainUndefineFlags(virDomainPtr dom, goto cleanup; } + if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!vm->persistent) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot undefine transient domain")); @@ -541,6 +588,9 @@ static int lxcDomainGetInfo(virDomainPtr dom, priv = vm->privateData; + if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + info->state = virDomainObjGetState(vm, NULL); if (!virDomainObjIsActive(vm)) { @@ -599,6 +649,9 @@ lxcDomainGetState(virDomainPtr dom, goto cleanup; } + if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + *state = virDomainObjGetState(vm, reason); ret = 0; @@ -626,7 +679,11 @@ static char *lxcDomainGetOSType(virDomainPtr dom) goto cleanup; } - ignore_value(VIR_STRDUP(ret, vm->def->os.type)); + if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + + if (VIR_STRDUP(ret, vm->def->os.type) < 0) + goto cleanup; cleanup: if (vm) @@ -654,6 +711,9 @@ lxcDomainGetMaxMemory(virDomainPtr dom) goto cleanup; } + if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + ret = vm->def->mem.max_balloon; cleanup: @@ -679,6 +739,9 @@ static int lxcDomainSetMaxMemory(virDomainPtr dom, unsigned long newmax) { goto cleanup; } + if (virDomainSetMaxMemoryEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (newmax < vm->def->mem.cur_balloon) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("Cannot set max memory lower than current memory")); @@ -712,6 +775,9 @@ static int lxcDomainSetMemory(virDomainPtr dom, unsigned long newmem) { } priv = vm->privateData; + if (virDomainSetMemoryEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (newmem > vm->def->mem.max_balloon) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("Cannot set memory higher than max memory")); @@ -774,6 +840,9 @@ lxcDomainSetMemoryParameters(virDomainPtr dom, } priv = vm->privateData; + if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + ret = 0; for (i = 0; i < nparams; i++) { virTypedParameterPtr param = ¶ms[i]; @@ -837,6 +906,9 @@ lxcDomainGetMemoryParameters(virDomainPtr dom, } priv = vm->privateData; + if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if ((*nparams) == 0) { /* Current number of memory parameters supported by cgroups */ *nparams = LXC_NB_MEM_PARAM; @@ -923,6 +995,9 @@ static char *lxcDomainGetXMLDesc(virDomainPtr dom, goto cleanup; } + if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + ret = virDomainDefFormat((flags & VIR_DOMAIN_XML_INACTIVE) && vm->newDef ? vm->newDef : vm->def, flags); @@ -961,6 +1036,9 @@ static int lxcDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) goto cleanup; } + if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if ((vm->def->nets != NULL) && !(driver->have_netns)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("System lacks NETNS support")); @@ -1036,6 +1114,9 @@ lxcDomainCreateXML(virConnectPtr conn, VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (virSecurityManagerVerify(driver->securityManager, def) < 0) goto cleanup; @@ -1101,6 +1182,9 @@ static int lxcDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secla goto cleanup; } + if (virDomainGetSecurityLabelEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainVirtTypeToString(vm->def->virtType)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unknown virt type in domain definition '%d'"), @@ -1157,6 +1241,9 @@ static int lxcNodeGetSecurityModel(virConnectPtr conn, lxcDriverLock(driver); memset(secmodel, 0, sizeof(*secmodel)); + if (virNodeGetSecurityModelEnsureACL(conn) < 0) + goto cleanup; + /* we treat no driver as success, but simply return no data in *secmodel */ if (driver->caps->host.nsecModels == 0 || driver->caps->host.secModels[0].model == NULL) @@ -1195,6 +1282,9 @@ lxcConnectDomainEventRegister(virConnectPtr conn, virLXCDriverPtr driver = conn->privateData; int ret; + if (virConnectDomainEventRegisterEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); ret = virDomainEventStateRegister(conn, driver->domainEventState, @@ -1212,6 +1302,9 @@ lxcConnectDomainEventDeregister(virConnectPtr conn, virLXCDriverPtr driver = conn->privateData; int ret; + if (virConnectDomainEventDeregisterEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); ret = virDomainEventStateDeregister(conn, driver->domainEventState, @@ -1233,6 +1326,9 @@ lxcConnectDomainEventRegisterAny(virConnectPtr conn, virLXCDriverPtr driver = conn->privateData; int ret; + if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); if (virDomainEventStateRegisterID(conn, driver->domainEventState, @@ -1252,6 +1348,9 @@ lxcConnectDomainEventDeregisterAny(virConnectPtr conn, virLXCDriverPtr driver = conn->privateData; int ret; + if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); ret = virDomainEventStateDeregisterID(conn, driver->domainEventState, @@ -1293,6 +1392,9 @@ lxcDomainDestroyFlags(virDomainPtr dom, goto cleanup; } + if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -1544,12 +1646,15 @@ static int lxcStateCleanup(void) } -static int lxcConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned long *version) +static int lxcConnectGetVersion(virConnectPtr conn, unsigned long *version) { struct utsname ver; uname(&ver); + if (virConnectGetVersionEnsureACL(conn) < 0) + return -1; + if (virParseVersionString(ver.release, version, true) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown release: %s"), ver.release); return -1; @@ -1559,8 +1664,11 @@ static int lxcConnectGetVersion(virConnectPtr conn ATTRIBUTE_UNUSED, unsigned lo } -static char *lxcConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) +static char *lxcConnectGetHostname(virConnectPtr conn) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); } @@ -1617,6 +1725,9 @@ static char *lxcDomainGetSchedulerType(virDomainPtr dom, } priv = vm->privateData; + if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup CPU controller is not mounted")); @@ -1753,6 +1864,9 @@ lxcDomainSetSchedulerParametersFlags(virDomainPtr dom, } priv = vm->privateData; + if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainLiveConfigHelperMethod(driver->caps, driver->xmlopt, vm, &flags, &vmdef) < 0) goto cleanup; @@ -1882,6 +1996,9 @@ lxcDomainGetSchedulerParametersFlags(virDomainPtr dom, } priv = vm->privateData; + if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (*nparams > 1) { rc = lxcGetCpuBWStatus(priv->cgroup); if (rc < 0) @@ -1996,6 +2113,9 @@ lxcDomainSetBlkioParameters(virDomainPtr dom, } priv = vm->privateData; + if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainLiveConfigHelperMethod(driver->caps, driver->xmlopt, vm, &flags, &persistentDef) < 0) goto cleanup; @@ -2088,6 +2208,9 @@ lxcDomainGetBlkioParameters(virDomainPtr dom, } priv = vm->privateData; + if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if ((*nparams) == 0) { /* Current number of blkio parameters supported by cgroups */ *nparams = LXC_NB_BLKIO_PARAM; @@ -2184,6 +2307,9 @@ lxcDomainInterfaceStats(virDomainPtr dom, goto cleanup; } + if (virDomainInterfaceStatsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -2239,6 +2365,9 @@ static int lxcDomainGetAutostart(virDomainPtr dom, goto cleanup; } + if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + *autostart = vm->autostart; ret = 0; @@ -2266,6 +2395,9 @@ static int lxcDomainSetAutostart(virDomainPtr dom, goto cleanup; } + if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!vm->persistent) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot set autostart for transient domain")); @@ -2427,6 +2559,9 @@ static int lxcDomainSuspend(virDomainPtr dom) goto cleanup; } + if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -2480,6 +2615,9 @@ static int lxcDomainResume(virDomainPtr dom) priv = vm->privateData; + if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -2537,6 +2675,9 @@ lxcDomainOpenConsole(virDomainPtr dom, goto cleanup; } + if (virDomainOpenConsoleEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); @@ -2617,6 +2758,9 @@ lxcDomainSendProcessSignal(virDomainPtr dom, } priv = vm->privateData; + if (virDomainSendProcessSignalEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); @@ -2672,6 +2816,9 @@ lxcConnectListAllDomains(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); + if (virConnectListAllDomainsEnsureACL(conn) < 0) + return -1; + lxcDriverLock(driver); ret = virDomainObjListExport(driver->domains, conn, domains, flags); lxcDriverUnlock(driver); @@ -2708,6 +2855,9 @@ lxcDomainShutdownFlags(virDomainPtr dom, priv = vm->privateData; + if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -2797,6 +2947,9 @@ lxcDomainReboot(virDomainPtr dom, priv = vm->privateData; + if (virDomainRebootEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -4153,6 +4306,9 @@ static int lxcDomainAttachDeviceFlags(virDomainPtr dom, goto cleanup; } + if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { if (affect == VIR_DOMAIN_AFFECT_CURRENT) flags |= VIR_DOMAIN_AFFECT_LIVE; @@ -4278,6 +4434,9 @@ static int lxcDomainUpdateDeviceFlags(virDomainPtr dom, goto cleanup; } + if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { if (affect == VIR_DOMAIN_AFFECT_CURRENT) flags |= VIR_DOMAIN_AFFECT_LIVE; @@ -4387,6 +4546,9 @@ static int lxcDomainDetachDeviceFlags(virDomainPtr dom, goto cleanup; } + if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + if (virDomainObjIsActive(vm)) { if (affect == VIR_DOMAIN_AFFECT_CURRENT) flags |= VIR_DOMAIN_AFFECT_LIVE; @@ -4510,6 +4672,9 @@ static int lxcDomainLxcOpenNamespace(virDomainPtr dom, } priv = vm->privateData; + if (virDomainLxcOpenNamespaceEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is not running")); @@ -4541,6 +4706,9 @@ lxcConnectGetSysinfo(virConnectPtr conn, unsigned int flags) virCheckFlags(0, NULL); + if (virConnectGetSysinfoEnsureACL(conn) < 0) + return NULL; + if (!driver->hostsysinfo) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Host SMBIOS information is not available")); @@ -4558,88 +4726,115 @@ lxcConnectGetSysinfo(virConnectPtr conn, unsigned int flags) static int -lxcNodeGetInfo(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeGetInfo(virConnectPtr conn, virNodeInfoPtr nodeinfo) { + if (virNodeGetInfoEnsureACL(conn) < 0) + return -1; + return nodeGetInfo(nodeinfo); } static int -lxcNodeGetCPUStats(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeGetCPUStats(virConnectPtr conn, int cpuNum, virNodeCPUStatsPtr params, int *nparams, unsigned int flags) { + if (virNodeGetCPUStatsEnsureACL(conn) < 0) + return -1; + return nodeGetCPUStats(cpuNum, params, nparams, flags); } static int -lxcNodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeGetMemoryStats(virConnectPtr conn, int cellNum, virNodeMemoryStatsPtr params, int *nparams, unsigned int flags) { + if (virNodeGetMemoryStatsEnsureACL(conn) < 0) + return -1; + return nodeGetMemoryStats(cellNum, params, nparams, flags); } static int -lxcNodeGetCellsFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, int startCell, int maxCells) { + if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0) + return -1; + return nodeGetCellsFreeMemory(freeMems, startCell, maxCells); } static unsigned long long -lxcNodeGetFreeMemory(virConnectPtr conn ATTRIBUTE_UNUSED) +lxcNodeGetFreeMemory(virConnectPtr conn) { + if (virNodeGetFreeMemoryEnsureACL(conn) < 0) + return 0; + return nodeGetFreeMemory(); } static int -lxcNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeGetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int *nparams, unsigned int flags) { + if (virNodeGetMemoryParametersEnsureACL(conn) < 0) + return -1; + return nodeGetMemoryParameters(params, nparams, flags); } static int -lxcNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeSetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int nparams, unsigned int flags) { + if (virNodeSetMemoryParametersEnsureACL(conn) < 0) + return -1; + return nodeSetMemoryParameters(params, nparams, flags); } static int -lxcNodeGetCPUMap(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeGetCPUMap(virConnectPtr conn, unsigned char **cpumap, unsigned int *online, unsigned int flags) { + if (virNodeGetCPUMapEnsureACL(conn) < 0) + return -1; + return nodeGetCPUMap(cpumap, online, flags); } static int -lxcNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED, +lxcNodeSuspendForDuration(virConnectPtr conn, unsigned int target, unsigned long long duration, unsigned int flags) { + if (virNodeSuspendForDurationEnsureACL(conn) < 0) + return -1; + return nodeSuspendForDuration(target, duration, flags); } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Insert calls to the ACL checking APIs in all Xen driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/Makefile.am | 1 + src/xen/xen_driver.c | 217 +++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 210 insertions(+), 8 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 75db540..b3aed10 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -964,6 +964,7 @@ endif libvirt_driver_xen_impl_la_CFLAGS = \ $(XEN_CFLAGS) \ + -I$(top_srcdir)/src/access \ -I$(top_srcdir)/src/conf \ -I$(top_srcdir)/src/xenxs \ $(AM_CFLAGS) diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c index 217d380..4871907 100644 --- a/src/xen/xen_driver.c +++ b/src/xen/xen_driver.c @@ -66,6 +66,7 @@ #include "nodeinfo.h" #include "configmake.h" #include "virstring.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_XEN #define XEN_SAVE_DIR LOCALSTATEDIR "/lib/libvirt/xen/save" @@ -398,6 +399,9 @@ xenUnifiedConnectOpen(virConnectPtr conn, virConnectAuthPtr auth, unsigned int f /* We now know the URI is definitely for this driver, so beyond * here, don't return DECLINED, always use ERROR */ + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + /* Allocate per-connection private data. */ if (VIR_ALLOC(priv) < 0) { virReportOOMError(); @@ -542,15 +546,21 @@ unsigned long xenUnifiedVersion(void) static const char * -xenUnifiedConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) +xenUnifiedConnectGetType(virConnectPtr conn) { + if (virConnectGetTypeEnsureACL(conn) < 0) + return NULL; + return "Xen"; } /* Which features are supported by this driver? */ static int -xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature) +xenUnifiedConnectSupportsFeature(virConnectPtr conn, int feature) { + if (virConnectSupportsFeatureEnsureACL(conn) < 0) + return -1; + switch (feature) { case VIR_DRV_FEATURE_MIGRATION_V1: case VIR_DRV_FEATURE_MIGRATION_DIRECT: @@ -563,12 +573,18 @@ xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int featur static int xenUnifiedConnectGetVersion(virConnectPtr conn, unsigned long *hvVer) { + if (virConnectGetVersionEnsureACL(conn) < 0) + return -1; + return xenHypervisorGetVersion(conn, hvVer); } -static char *xenUnifiedConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) +static char *xenUnifiedConnectGetHostname(virConnectPtr conn) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); } @@ -603,6 +619,9 @@ xenUnifiedConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED) int xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type) { + if (virConnectGetMaxVcpusEnsureACL(conn) < 0) + return -1; + if (type && STRCASENEQ(type, "Xen")) { virReportError(VIR_ERR_INVALID_ARG, __FUNCTION__); return -1; @@ -614,6 +633,9 @@ xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type) static int xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info) { + if (virNodeGetInfoEnsureACL(conn) < 0) + return -1; + return xenDaemonNodeGetInfo(conn, info); } @@ -623,6 +645,9 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn) xenUnifiedPrivatePtr priv = conn->privateData; char *xml; + if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + if (!(xml = virCapabilitiesFormatXML(priv->caps))) { virReportOOMError(); return NULL; @@ -634,12 +659,18 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn) static int xenUnifiedConnectListDomains(virConnectPtr conn, int *ids, int maxids) { + if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + return xenStoreListDomains(conn, ids, maxids); } static int xenUnifiedConnectNumOfDomains(virConnectPtr conn) { + if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + return xenStoreNumOfDomains(conn); } @@ -659,6 +690,9 @@ xenUnifiedDomainCreateXML(virConnectPtr conn, VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (xenDaemonCreateXML(conn, def) < 0) goto cleanup; @@ -680,6 +714,9 @@ xenUnifiedDomainLookupByID(virConnectPtr conn, int id) if (!(def = xenGetDomainDefForID(conn, id))) goto cleanup; + if (virDomainLookupByIDEnsureACL(conn, def) < 0) + goto cleanup; + if (!(ret = virGetDomain(conn, def->name, def->uuid))) goto cleanup; @@ -700,6 +737,9 @@ xenUnifiedDomainLookupByUUID(virConnectPtr conn, if (!(def = xenGetDomainDefForUUID(conn, uuid))) goto cleanup; + if (virDomainLookupByUUIDEnsureACL(conn, def) < 0) + goto cleanup; + if (!(ret = virGetDomain(conn, def->name, def->uuid))) goto cleanup; @@ -720,6 +760,9 @@ xenUnifiedDomainLookupByName(virConnectPtr conn, if (!(def = xenGetDomainDefForName(conn, name))) goto cleanup; + if (virDomainLookupByNameEnsureACL(conn, def) < 0) + goto cleanup; + if (!(ret = virGetDomain(conn, def->name, def->uuid))) goto cleanup; @@ -809,6 +852,9 @@ xenUnifiedDomainSuspend(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSuspendEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainSuspend(dom->conn, def); cleanup: @@ -825,6 +871,9 @@ xenUnifiedDomainResume(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainResumeEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainResume(dom->conn, def); cleanup: @@ -844,6 +893,9 @@ xenUnifiedDomainShutdownFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainShutdownFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainShutdown(dom->conn, def); cleanup: @@ -868,6 +920,9 @@ xenUnifiedDomainReboot(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainRebootEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainReboot(dom->conn, def); cleanup: @@ -887,6 +942,9 @@ xenUnifiedDomainDestroyFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainDestroyFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainDestroy(dom->conn, def); cleanup: @@ -910,6 +968,9 @@ xenUnifiedDomainGetOSType(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetOSTypeEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -938,6 +999,9 @@ xenUnifiedDomainGetMaxMemory(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetMaxMemoryEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetMaxMemory(dom->conn, def); @@ -962,6 +1026,9 @@ xenUnifiedDomainSetMaxMemory(virDomainPtr dom, unsigned long memory) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetMaxMemoryEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainSetMaxMemory(dom->conn, def, memory); @@ -986,6 +1053,9 @@ xenUnifiedDomainSetMemory(virDomainPtr dom, unsigned long memory) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetMemoryEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainSetMemory(dom->conn, def, memory); else @@ -1006,6 +1076,9 @@ xenUnifiedDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetInfoEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetInfo(dom->conn, def, info); @@ -1035,6 +1108,9 @@ xenUnifiedDomainGetState(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetStateEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetState(dom->conn, def, state, reason); @@ -1067,6 +1143,9 @@ xenUnifiedDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSaveFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainSave(dom->conn, def, to); cleanup: @@ -1108,6 +1187,9 @@ xenUnifiedDomainManagedSave(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainManagedSaveEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1132,6 +1214,9 @@ xenUnifiedDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainHasManagedSaveImageEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1156,6 +1241,9 @@ xenUnifiedDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainManagedSaveRemoveEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1197,6 +1285,9 @@ xenUnifiedDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainCoreDumpEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainCoreDump(dom->conn, def, to, flags); cleanup: @@ -1234,6 +1325,9 @@ xenUnifiedDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetVcpusFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + /* Try non-hypervisor methods first, then hypervisor direct method * as a last resort. */ @@ -1273,6 +1367,9 @@ xenUnifiedDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainPinVcpuEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainPinVcpu(dom->conn, def, vcpu, cpumap, maplen); @@ -1299,6 +1396,9 @@ xenUnifiedDomainGetVcpus(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1330,6 +1430,9 @@ xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetVcpusFlags(dom->conn, def, flags); @@ -1365,6 +1468,9 @@ xenUnifiedDomainGetXMLDesc(virDomainPtr dom, unsigned int flags) if (!(minidef = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetXMLDescEnsureACL(dom->conn, minidef, flags) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { def = xenXMDomainGetXMLDesc(dom->conn, minidef); } else { @@ -1402,6 +1508,9 @@ xenUnifiedConnectDomainXMLFromNative(virConnectPtr conn, virCheckFlags(0, NULL); + if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0) + return NULL; + if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) && STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) { virReportError(VIR_ERR_INVALID_ARG, @@ -1451,6 +1560,9 @@ xenUnifiedConnectDomainXMLToNative(virConnectPtr conn, virCheckFlags(0, NULL); + if (virConnectDomainXMLToNativeEnsureACL(conn) < 0) + return NULL; + if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) && STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) { virReportError(VIR_ERR_INVALID_ARG, @@ -1523,6 +1635,9 @@ xenUnifiedDomainMigratePerform(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainMigratePerformEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainMigratePerform(dom->conn, def, cookie, cookielen, uri, flags, dname, resource); @@ -1550,6 +1665,9 @@ xenUnifiedDomainMigrateFinish(virConnectPtr dconn, if (!(minidef = xenGetDomainDefForName(dconn, dname))) goto cleanup; + if (virDomainMigrateFinishEnsureACL(dconn, minidef) < 0) + goto cleanup; + if (flags & VIR_MIGRATE_PERSIST_DEST) { if (!(def = xenDaemonDomainGetXMLDesc(dconn, minidef, NULL))) goto cleanup; @@ -1579,6 +1697,9 @@ xenUnifiedConnectListDefinedDomains(virConnectPtr conn, char **const names, { xenUnifiedPrivatePtr priv = conn->privateData; + if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { return xenXMListDefinedDomains(conn, names, maxnames); } else { @@ -1591,6 +1712,9 @@ xenUnifiedConnectNumOfDefinedDomains(virConnectPtr conn) { xenUnifiedPrivatePtr priv = conn->privateData; + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { return xenXMNumOfDefinedDomains(conn); } else { @@ -1611,6 +1735,9 @@ xenUnifiedDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainCreateWithFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1653,6 +1780,9 @@ xenUnifiedDomainDefineXML(virConnectPtr conn, const char *xml) VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (xenXMDomainDefineXML(conn, def) < 0) goto cleanup; @@ -1684,6 +1814,9 @@ xenUnifiedDomainUndefineFlags(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainUndefineFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainUndefine(dom->conn, def); else @@ -1718,6 +1851,9 @@ xenUnifiedDomainAttachDevice(virDomainPtr dom, const char *xml) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainAttachDeviceEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags); else @@ -1739,6 +1875,9 @@ xenUnifiedDomainAttachDeviceFlags(virDomainPtr dom, const char *xml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags); else @@ -1768,6 +1907,9 @@ xenUnifiedDomainDetachDevice(virDomainPtr dom, const char *xml) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainDetachDeviceEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags); else @@ -1789,6 +1931,9 @@ xenUnifiedDomainDetachDeviceFlags(virDomainPtr dom, const char *xml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags); else @@ -1809,6 +1954,9 @@ xenUnifiedDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + ret = xenDaemonUpdateDeviceFlags(dom->conn, def, xml, flags); cleanup: @@ -1826,6 +1974,9 @@ xenUnifiedDomainGetAutostart(virDomainPtr dom, int *autostart) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetAutostartEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetAutostart(def, autostart); else @@ -1846,6 +1997,9 @@ xenUnifiedDomainSetAutostart(virDomainPtr dom, int autostart) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetAutostartEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainSetAutostart(def, autostart); else @@ -1866,6 +2020,9 @@ xenUnifiedDomainGetSchedulerType(virDomainPtr dom, int *nparams) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetSchedulerTypeEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1897,6 +2054,9 @@ xenUnifiedDomainGetSchedulerParametersFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetSchedulerParametersEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1937,6 +2097,9 @@ xenUnifiedDomainSetSchedulerParametersFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1972,6 +2135,9 @@ xenUnifiedDomainBlockStats(virDomainPtr dom, const char *path, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainBlockStatsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenHypervisorDomainBlockStats(dom->conn, def, path, stats); cleanup: @@ -1989,6 +2155,9 @@ xenUnifiedDomainInterfaceStats(virDomainPtr dom, const char *path, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainInterfaceStatsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenHypervisorDomainInterfaceStats(def, path, stats); cleanup: @@ -2010,6 +2179,9 @@ xenUnifiedDomainBlockPeek(virDomainPtr dom, const char *path, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainBlockPeekEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainBlockPeek(dom->conn, def, path, offset, size, buffer); else @@ -2024,6 +2196,9 @@ static int xenUnifiedNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, int startCell, int maxCells) { + if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0) + return 0; + return xenHypervisorNodeGetCellsFreeMemory(conn, freeMems, startCell, maxCells); } @@ -2033,6 +2208,9 @@ xenUnifiedNodeGetFreeMemory(virConnectPtr conn) { unsigned long long freeMem = 0; + if (virNodeGetFreeMemoryEnsureACL(conn) < 0) + return 0; + if (xenHypervisorNodeGetCellsFreeMemory(conn, &freeMem, -1, 1) < 0) return 0; return freeMem; @@ -2046,8 +2224,11 @@ xenUnifiedConnectDomainEventRegister(virConnectPtr conn, virFreeCallback freefunc) { xenUnifiedPrivatePtr priv = conn->privateData; - int ret; + + if (virConnectDomainEventRegisterEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2070,6 +2251,10 @@ xenUnifiedConnectDomainEventDeregister(virConnectPtr conn, { int ret; xenUnifiedPrivatePtr priv = conn->privateData; + + if (virConnectDomainEventDeregisterEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2096,8 +2281,11 @@ xenUnifiedConnectDomainEventRegisterAny(virConnectPtr conn, virFreeCallback freefunc) { xenUnifiedPrivatePtr priv = conn->privateData; - int ret; + + if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2121,6 +2309,10 @@ xenUnifiedConnectDomainEventDeregisterAny(virConnectPtr conn, { int ret; xenUnifiedPrivatePtr priv = conn->privateData; + + if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2396,31 +2588,40 @@ cleanup: } static int -xenUnifiedNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, +xenUnifiedNodeGetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int *nparams, unsigned int flags) { + if (virNodeGetMemoryParametersEnsureACL(conn) < 0) + return -1; + return nodeGetMemoryParameters(params, nparams, flags); } static int -xenUnifiedNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, +xenUnifiedNodeSetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int nparams, unsigned int flags) { + if (virNodeSetMemoryParametersEnsureACL(conn) < 0) + return -1; + return nodeSetMemoryParameters(params, nparams, flags); } static int -xenUnifiedNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED, +xenUnifiedNodeSuspendForDuration(virConnectPtr conn, unsigned int target, unsigned long long duration, unsigned int flags) { + if (virNodeSuspendForDurationEnsureACL(conn) < 0) + return -1; + return nodeSuspendForDuration(target, duration, flags); } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Insert calls to the ACL checking APIs in all storage driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/Makefile.am | 4 +- src/storage/storage_driver.c | 155 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 154 insertions(+), 5 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index fd99ee2..1d43e0d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1284,7 +1284,9 @@ endif # Needed to keep automake quiet about conditionals libvirt_driver_storage_impl_la_SOURCES = libvirt_driver_storage_impl_la_CFLAGS = \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_storage_impl_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_storage_impl_la_LIBADD = libvirt_driver_storage_impl_la_LIBADD += $(SECDRIVER_LIBS) diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index 858aeca..cc8eaa9 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -48,6 +48,7 @@ #include "fdstream.h" #include "configmake.h" #include "virstring.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_STORAGE @@ -248,6 +249,9 @@ storagePoolLookupByUUID(virConnectPtr conn, goto cleanup; } + if (virStoragePoolLookupByUUIDEnsureACL(conn, pool->def) < 0) + goto cleanup; + ret = virGetStoragePool(conn, pool->def->name, pool->def->uuid, NULL, NULL); @@ -274,6 +278,9 @@ storagePoolLookupByName(virConnectPtr conn, goto cleanup; } + if (virStoragePoolLookupByNameEnsureACL(conn, pool->def) < 0) + goto cleanup; + ret = virGetStoragePool(conn, pool->def->name, pool->def->uuid, NULL, NULL); @@ -285,7 +292,30 @@ cleanup: static virStoragePoolPtr storagePoolLookupByVolume(virStorageVolPtr vol) { - return storagePoolLookupByName(vol->conn, vol->pool); + virStorageDriverStatePtr driver = vol->conn->storagePrivateData; + virStoragePoolObjPtr pool; + virStoragePoolPtr ret = NULL; + + storageDriverLock(driver); + pool = virStoragePoolObjFindByName(&driver->pools, vol->pool); + storageDriverUnlock(driver); + + if (!pool) { + virReportError(VIR_ERR_NO_STORAGE_POOL, + _("no storage pool with matching name '%s'"), vol->pool); + goto cleanup; + } + + if (virStoragePoolLookupByVolumeEnsureACL(vol->conn, pool->def) < 0) + goto cleanup; + + ret = virGetStoragePool(vol->conn, pool->def->name, pool->def->uuid, + NULL, NULL); + +cleanup: + if (pool) + virStoragePoolObjUnlock(pool); + return ret; } static virDrvOpenStatus @@ -313,6 +343,9 @@ storageConnectNumOfStoragePools(virConnectPtr conn) { virStorageDriverStatePtr driver = conn->storagePrivateData; unsigned int i, nactive = 0; + if (virConnectNumOfStoragePoolsEnsureACL(conn) < 0) + return -1; + storageDriverLock(driver); for (i = 0; i < driver->pools.count; i++) { virStoragePoolObjLock(driver->pools.objs[i]); @@ -332,6 +365,9 @@ storageConnectListStoragePools(virConnectPtr conn, virStorageDriverStatePtr driver = conn->storagePrivateData; int got = 0, i; + if (virConnectListStoragePoolsEnsureACL(conn) < 0) + return -1; + storageDriverLock(driver); for (i = 0; i < driver->pools.count && got < nnames; i++) { virStoragePoolObjLock(driver->pools.objs[i]); @@ -360,6 +396,9 @@ storageConnectNumOfDefinedStoragePools(virConnectPtr conn) { virStorageDriverStatePtr driver = conn->storagePrivateData; unsigned int i, nactive = 0; + if (virConnectNumOfDefinedStoragePoolsEnsureACL(conn) < 0) + return -1; + storageDriverLock(driver); for (i = 0; i < driver->pools.count; i++) { virStoragePoolObjLock(driver->pools.objs[i]); @@ -379,6 +418,9 @@ storageConnectListDefinedStoragePools(virConnectPtr conn, virStorageDriverStatePtr driver = conn->storagePrivateData; int got = 0, i; + if (virConnectListDefinedStoragePoolsEnsureACL(conn) < 0) + return -1; + storageDriverLock(driver); for (i = 0; i < driver->pools.count && got < nnames; i++) { virStoragePoolObjLock(driver->pools.objs[i]); @@ -415,6 +457,9 @@ storageConnectFindStoragePoolSources(virConnectPtr conn, virStorageBackendPtr backend; char *ret = NULL; + if (virConnectFindStoragePoolSourcesEnsureACL(conn) < 0) + return NULL; + backend_type = virStoragePoolTypeFromString(type); if (backend_type < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -453,6 +498,10 @@ static int storagePoolIsActive(virStoragePoolPtr pool) virReportError(VIR_ERR_NO_STORAGE_POOL, NULL); goto cleanup; } + + if (virStoragePoolIsActiveEnsureACL(pool->conn, obj->def) < 0) + goto cleanup; + ret = virStoragePoolObjIsActive(obj); cleanup: @@ -474,6 +523,10 @@ static int storagePoolIsPersistent(virStoragePoolPtr pool) virReportError(VIR_ERR_NO_STORAGE_POOL, NULL); goto cleanup; } + + if (virStoragePoolIsPersistentEnsureACL(pool->conn, obj->def) < 0) + goto cleanup; + ret = obj->configFile ? 1 : 0; cleanup: @@ -500,6 +553,9 @@ storagePoolCreateXML(virConnectPtr conn, if (!(def = virStoragePoolDefParseString(xml))) goto cleanup; + if (virStoragePoolCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (virStoragePoolObjIsDuplicate(&driver->pools, def, 1) < 0) goto cleanup; @@ -557,6 +613,9 @@ storagePoolDefineXML(virConnectPtr conn, if (!(def = virStoragePoolDefParseString(xml))) goto cleanup; + if (virStoragePoolDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (virStoragePoolObjIsDuplicate(&driver->pools, def, 0) < 0) goto cleanup; @@ -602,6 +661,9 @@ storagePoolUndefine(virStoragePoolPtr obj) { goto cleanup; } + if (virStoragePoolUndefineEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if (virStoragePoolObjIsActive(pool)) { virReportError(VIR_ERR_OPERATION_INVALID, _("storage pool '%s' is still active"), @@ -661,6 +723,9 @@ storagePoolCreate(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolCreateEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -708,6 +773,9 @@ storagePoolBuild(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolBuildEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -746,6 +814,9 @@ storagePoolDestroy(virStoragePoolPtr obj) { goto cleanup; } + if (virStoragePoolDestroyEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -806,6 +877,9 @@ storagePoolDelete(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolDeleteEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -860,6 +934,9 @@ storagePoolRefresh(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolRefreshEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -916,6 +993,9 @@ storagePoolGetInfo(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolGetInfoEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if (virStorageBackendForType(pool->def->type) == NULL) goto cleanup; @@ -956,6 +1036,9 @@ storagePoolGetXMLDesc(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolGetXMLDescEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if ((flags & VIR_STORAGE_XML_INACTIVE) && pool->newDef) def = pool->newDef; else @@ -986,6 +1069,9 @@ storagePoolGetAutostart(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolGetAutostartEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if (!pool->configFile) { *autostart = 0; } else { @@ -1015,6 +1101,9 @@ storagePoolSetAutostart(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolSetAutostartEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if (!pool->configFile) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("pool has no config file")); @@ -1075,6 +1164,9 @@ storagePoolNumOfVolumes(virStoragePoolPtr obj) { goto cleanup; } + if (virStoragePoolNumOfVolumesEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if (!virStoragePoolObjIsActive(pool)) { virReportError(VIR_ERR_OPERATION_INVALID, _("storage pool '%s' is not active"), pool->def->name); @@ -1108,6 +1200,9 @@ storagePoolListVolumes(virStoragePoolPtr obj, goto cleanup; } + if (virStoragePoolListVolumesEnsureACL(obj->conn, pool->def) < 0) + goto cleanup; + if (!virStoragePoolObjIsActive(pool)) { virReportError(VIR_ERR_OPERATION_INVALID, _("storage pool '%s' is not active"), pool->def->name); @@ -1157,6 +1252,9 @@ storagePoolListAllVolumes(virStoragePoolPtr pool, goto cleanup; } + if (virStoragePoolListAllVolumesEnsureACL(pool->conn, obj->def) < 0) + goto cleanup; + if (!virStoragePoolObjIsActive(obj)) { virReportError(VIR_ERR_OPERATION_INVALID, _("storage pool '%s' is not active"), obj->def->name); @@ -1235,6 +1333,9 @@ storageVolLookupByName(virStoragePoolPtr obj, goto cleanup; } + if (virStorageVolLookupByNameEnsureACL(obj->conn, pool->def, vol) < 0) + goto cleanup; + ret = virGetStorageVol(obj->conn, pool->def->name, vol->name, vol->key, NULL, NULL); @@ -1259,21 +1360,27 @@ storageVolLookupByKey(virConnectPtr conn, virStorageVolDefPtr vol = virStorageVolDefFindByKey(driver->pools.objs[i], key); - if (vol) + if (vol) { + if (virStorageVolLookupByKeyEnsureACL(conn, driver->pools.objs[i]->def, vol) < 0) + goto cleanup; + ret = virGetStorageVol(conn, driver->pools.objs[i]->def->name, vol->name, vol->key, NULL, NULL); + goto cleanup; + } } virStoragePoolObjUnlock(driver->pools.objs[i]); } - storageDriverUnlock(driver); if (!ret) virReportError(VIR_ERR_NO_STORAGE_VOL, _("no storage vol with matching key %s"), key); +cleanup: + storageDriverUnlock(driver); return ret; } @@ -1313,12 +1420,17 @@ storageVolLookupByPath(virConnectPtr conn, stable_path); VIR_FREE(stable_path); - if (vol) + if (vol) { + if (virStorageVolLookupByPathEnsureACL(conn, driver->pools.objs[i]->def, vol) < 0) + goto cleanup; + ret = virGetStorageVol(conn, driver->pools.objs[i]->def->name, vol->name, vol->key, NULL, NULL); + goto cleanup; + } } virStoragePoolObjUnlock(driver->pools.objs[i]); } @@ -1327,6 +1439,7 @@ storageVolLookupByPath(virConnectPtr conn, virReportError(VIR_ERR_NO_STORAGE_VOL, _("no storage vol with matching path %s"), path); +cleanup: VIR_FREE(cleanpath); storageDriverUnlock(driver); return ret; @@ -1370,6 +1483,9 @@ storageVolCreateXML(virStoragePoolPtr obj, if (voldef == NULL) goto cleanup; + if (virStorageVolCreateXMLEnsureACL(obj->conn, pool->def, voldef) < 0) + goto cleanup; + if (virStorageVolDefFindByName(pool, voldef->name)) { virReportError(VIR_ERR_NO_STORAGE_VOL, _("storage vol '%s' already exists"), voldef->name); @@ -1521,6 +1637,9 @@ storageVolCreateXMLFrom(virStoragePoolPtr obj, if (newvol == NULL) goto cleanup; + if (virStorageVolCreateXMLFromEnsureACL(obj->conn, pool->def, newvol) < 0) + goto cleanup; + if (virStorageVolDefFindByName(pool, newvol->name)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("storage volume name '%s' already in use."), @@ -1662,6 +1781,9 @@ storageVolDownload(virStorageVolPtr obj, goto out; } + if (virStorageVolDownloadEnsureACL(obj->conn, pool->def, vol) < 0) + goto out; + if (vol->building) { virReportError(VIR_ERR_OPERATION_INVALID, _("volume '%s' is still being allocated."), @@ -1725,6 +1847,9 @@ storageVolUpload(virStorageVolPtr obj, goto out; } + if (virStorageVolUploadEnsureACL(obj->conn, pool->def, vol) < 0) + goto out; + if (vol->building) { virReportError(VIR_ERR_OPERATION_INVALID, _("volume '%s' is still being allocated."), @@ -1794,6 +1919,9 @@ storageVolResize(virStorageVolPtr obj, goto out; } + if (virStorageVolResizeEnsureACL(obj->conn, pool->def, vol) < 0) + goto out; + if (vol->building) { virReportError(VIR_ERR_OPERATION_INVALID, _("volume '%s' is still being allocated."), @@ -2094,6 +2222,9 @@ storageVolWipePattern(virStorageVolPtr obj, goto out; } + if (virStorageVolWipePatternEnsureACL(obj->conn, pool->def, vol) < 0) + goto out; + if (vol->building) { virReportError(VIR_ERR_OPERATION_INVALID, _("volume '%s' is still being allocated."), @@ -2162,6 +2293,9 @@ storageVolDelete(virStorageVolPtr obj, goto cleanup; } + if (virStorageVolDeleteEnsureACL(obj->conn, pool->def, vol) < 0) + goto cleanup; + if (vol->building) { virReportError(VIR_ERR_OPERATION_INVALID, _("volume '%s' is still being allocated."), @@ -2241,6 +2375,9 @@ storageVolGetInfo(virStorageVolPtr obj, goto cleanup; } + if (virStorageVolGetInfoEnsureACL(obj->conn, pool->def, vol) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -2298,6 +2435,9 @@ storageVolGetXMLDesc(virStorageVolPtr obj, goto cleanup; } + if (virStorageVolGetXMLDescEnsureACL(obj->conn, pool->def, vol) < 0) + goto cleanup; + if ((backend = virStorageBackendForType(pool->def->type)) == NULL) goto cleanup; @@ -2346,6 +2486,9 @@ storageVolGetPath(virStorageVolPtr obj) { goto cleanup; } + if (virStorageVolGetPathEnsureACL(obj->conn, pool->def, vol) < 0) + goto cleanup; + ignore_value(VIR_STRDUP(ret, vol->target.path)); cleanup: @@ -2364,10 +2507,14 @@ storageConnectListAllStoragePools(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ALL, -1); + if (virConnectListAllStoragePoolsEnsureACL(conn) < 0) + goto cleanup; + storageDriverLock(driver); ret = virStoragePoolList(conn, driver->pools, pools, flags); storageDriverUnlock(driver); +cleanup: return ret; } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Insert calls to the ACL checking APIs in all interface driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/Makefile.am | 5 +- src/interface/interface_backend_netcf.c | 115 ++++++++++++++++++++++++++++++++ src/interface/interface_backend_udev.c | 85 ++++++++++++++++++++--- 3 files changed, 196 insertions(+), 9 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index a76c27e..8e60612 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1248,7 +1248,10 @@ noinst_LTLIBRARIES += libvirt_driver_interface.la # Stateful, so linked to daemon instead #libvirt_la_BUILT_LIBADD += libvirt_driver_interface.la endif -libvirt_driver_interface_la_CFLAGS = -I$(top_srcdir)/src/conf $(AM_CFLAGS) +libvirt_driver_interface_la_CFLAGS = \ + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_interface_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_interface_la_LIBADD = if WITH_NETCF diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c index d626017..a995816 100644 --- a/src/interface/interface_backend_netcf.c +++ b/src/interface/interface_backend_netcf.c @@ -31,6 +31,8 @@ #include "interface_conf.h" #include "viralloc.h" #include "virlog.h" +#include "virstring.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_INTERFACE @@ -52,6 +54,36 @@ static void interfaceDriverUnlock(struct interface_driver *driver) virMutexUnlock(&driver->lock); } +/* + * Get a minimal virInterfaceDef containing enough metadata + * for access control checks to be performed. Currently + * this implies existance of name and mac address attributes + */ +static virInterfaceDef * ATTRIBUTE_NONNULL(1) +netcfGetMinimalDefForDevice(struct netcf_if *iface) +{ + virInterfaceDef *def; + + /* Allocate our interface definition structure */ + if (VIR_ALLOC(def) < 0) { + virReportOOMError(); + return NULL; + } + + if (VIR_STRDUP(def->name, ncf_if_name(iface)) < 0) + goto cleanup; + + if (VIR_STRDUP(def->mac, ncf_if_mac_string(iface)) < 0) + goto cleanup; + + return def; + +cleanup: + virInterfaceDefFree(def); + return NULL; +} + + static int netcf_to_vir_err(int netcf_errcode) { switch (netcf_errcode) @@ -182,6 +214,9 @@ static int netcfConnectNumOfInterfaces(virConnectPtr conn) int count; struct interface_driver *driver = conn->interfacePrivateData; + if (virConnectNumOfInterfacesEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); count = ncf_num_of_interfaces(driver->netcf, NETCF_IFACE_ACTIVE); if (count < 0) { @@ -201,6 +236,9 @@ static int netcfConnectListInterfaces(virConnectPtr conn, char **const names, in struct interface_driver *driver = conn->interfacePrivateData; int count; + if (virConnectListInterfacesEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); count = ncf_list_interfaces(driver->netcf, nnames, names, NETCF_IFACE_ACTIVE); @@ -223,6 +261,9 @@ static int netcfConnectNumOfDefinedInterfaces(virConnectPtr conn) int count; struct interface_driver *driver = conn->interfacePrivateData; + if (virConnectNumOfDefinedInterfacesEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); count = ncf_num_of_interfaces(driver->netcf, NETCF_IFACE_INACTIVE); if (count < 0) { @@ -243,6 +284,9 @@ static int netcfConnectListDefinedInterfaces(virConnectPtr conn, char **const na struct interface_driver *driver = conn->interfacePrivateData; int count; + if (virConnectListDefinedInterfacesEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); count = ncf_list_interfaces(driver->netcf, nnames, names, NETCF_IFACE_INACTIVE); @@ -279,6 +323,9 @@ netcfConnectListAllInterfaces(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_INTERFACES_FILTERS_ACTIVE, -1); + if (virConnectListAllInterfacesEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); /* List all interfaces, in case of we might support new filter flags @@ -414,6 +461,7 @@ static virInterfacePtr netcfInterfaceLookupByName(virConnectPtr conn, struct interface_driver *driver = conn->interfacePrivateData; struct netcf_if *iface; virInterfacePtr ret = NULL; + virInterfaceDefPtr def = NULL; interfaceDriverLock(driver); iface = ncf_lookup_by_name(driver->netcf, name); @@ -432,10 +480,17 @@ static virInterfacePtr netcfInterfaceLookupByName(virConnectPtr conn, goto cleanup; } + if (!(def = netcfGetMinimalDefForDevice(iface))) + goto cleanup; + + if (virInterfaceLookupByNameEnsureACL(conn, def) < 0) + goto cleanup; + ret = virGetInterface(conn, ncf_if_name(iface), ncf_if_mac_string(iface)); cleanup: ncf_if_free(iface); + virInterfaceDefFree(def); interfaceDriverUnlock(driver); return ret; } @@ -447,6 +502,7 @@ static virInterfacePtr netcfInterfaceLookupByMACString(virConnectPtr conn, struct netcf_if *iface; int niface; virInterfacePtr ret = NULL; + virInterfaceDefPtr def = NULL; interfaceDriverLock(driver); niface = ncf_lookup_by_mac_string(driver->netcf, macstr, 1, &iface); @@ -472,10 +528,18 @@ static virInterfacePtr netcfInterfaceLookupByMACString(virConnectPtr conn, goto cleanup; } + + if (!(def = netcfGetMinimalDefForDevice(iface))) + goto cleanup; + + if (virInterfaceLookupByMACStringEnsureACL(conn, def) < 0) + goto cleanup; + ret = virGetInterface(conn, ncf_if_name(iface), ncf_if_mac_string(iface)); cleanup: ncf_if_free(iface); + virInterfaceDefFree(def); interfaceDriverUnlock(driver); return ret; } @@ -520,6 +584,9 @@ static char *netcfInterfaceGetXMLDesc(virInterfacePtr ifinfo, goto cleanup; } + if (virInterfaceGetXMLDescEnsureACL(ifinfo->conn, ifacedef) < 0) + goto cleanup; + ret = virInterfaceDefFormat(ifacedef); if (!ret) { /* error was already reported */ @@ -554,6 +621,9 @@ static virInterfacePtr netcfInterfaceDefineXML(virConnectPtr conn, goto cleanup; } + if (virInterfaceDefineXMLEnsureACL(conn, ifacedef) < 0) + goto cleanup; + xmlstr = virInterfaceDefFormat(ifacedef); if (!xmlstr) { /* error was already reported */ @@ -584,6 +654,7 @@ cleanup: static int netcfInterfaceUndefine(virInterfacePtr ifinfo) { struct interface_driver *driver = ifinfo->conn->interfacePrivateData; struct netcf_if *iface = NULL; + virInterfaceDefPtr def = NULL; int ret = -1; interfaceDriverLock(driver); @@ -594,6 +665,13 @@ static int netcfInterfaceUndefine(virInterfacePtr ifinfo) { goto cleanup; } + + if (!(def = netcfGetMinimalDefForDevice(iface))) + goto cleanup; + + if (virInterfaceUndefineEnsureACL(ifinfo->conn, def) < 0) + goto cleanup; + ret = ncf_if_undefine(iface); if (ret < 0) { const char *errmsg, *details; @@ -607,6 +685,7 @@ static int netcfInterfaceUndefine(virInterfacePtr ifinfo) { cleanup: ncf_if_free(iface); + virInterfaceDefFree(def); interfaceDriverUnlock(driver); return ret; } @@ -616,6 +695,7 @@ static int netcfInterfaceCreate(virInterfacePtr ifinfo, { struct interface_driver *driver = ifinfo->conn->interfacePrivateData; struct netcf_if *iface = NULL; + virInterfaceDefPtr def = NULL; int ret = -1; virCheckFlags(0, -1); @@ -628,6 +708,13 @@ static int netcfInterfaceCreate(virInterfacePtr ifinfo, goto cleanup; } + + if (!(def = netcfGetMinimalDefForDevice(iface))) + goto cleanup; + + if (virInterfaceCreateEnsureACL(ifinfo->conn, def) < 0) + goto cleanup; + ret = ncf_if_up(iface); if (ret < 0) { const char *errmsg, *details; @@ -641,6 +728,7 @@ static int netcfInterfaceCreate(virInterfacePtr ifinfo, cleanup: ncf_if_free(iface); + virInterfaceDefFree(def); interfaceDriverUnlock(driver); return ret; } @@ -650,6 +738,7 @@ static int netcfInterfaceDestroy(virInterfacePtr ifinfo, { struct interface_driver *driver = ifinfo->conn->interfacePrivateData; struct netcf_if *iface = NULL; + virInterfaceDefPtr def = NULL; int ret = -1; virCheckFlags(0, -1); @@ -662,6 +751,13 @@ static int netcfInterfaceDestroy(virInterfacePtr ifinfo, goto cleanup; } + + if (!(def = netcfGetMinimalDefForDevice(iface))) + goto cleanup; + + if (virInterfaceDestroyEnsureACL(ifinfo->conn, def) < 0) + goto cleanup; + ret = ncf_if_down(iface); if (ret < 0) { const char *errmsg, *details; @@ -675,6 +771,7 @@ static int netcfInterfaceDestroy(virInterfacePtr ifinfo, cleanup: ncf_if_free(iface); + virInterfaceDefFree(def); interfaceDriverUnlock(driver); return ret; } @@ -684,6 +781,7 @@ static int netcfInterfaceIsActive(virInterfacePtr ifinfo) struct interface_driver *driver = ifinfo->conn->interfacePrivateData; struct netcf_if *iface = NULL; unsigned int flags = 0; + virInterfaceDefPtr def = NULL; int ret = -1; interfaceDriverLock(driver); @@ -694,6 +792,13 @@ static int netcfInterfaceIsActive(virInterfacePtr ifinfo) goto cleanup; } + + if (!(def = netcfGetMinimalDefForDevice(iface))) + goto cleanup; + + if (virInterfaceIsActiveEnsureACL(ifinfo->conn, def) < 0) + goto cleanup; + if (ncf_if_status(iface, &flags) < 0) { const char *errmsg, *details; int errcode = ncf_error(driver->netcf, &errmsg, &details); @@ -708,6 +813,7 @@ static int netcfInterfaceIsActive(virInterfacePtr ifinfo) cleanup: ncf_if_free(iface); + virInterfaceDefFree(def); interfaceDriverUnlock(driver); return ret; } @@ -720,6 +826,9 @@ static int netcfInterfaceChangeBegin(virConnectPtr conn, unsigned int flags) virCheckFlags(0, -1); /* currently flags must be 0 */ + if (virInterfaceChangeBeginEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); ret = ncf_change_begin(driver->netcf, 0); @@ -743,6 +852,9 @@ static int netcfInterfaceChangeCommit(virConnectPtr conn, unsigned int flags) virCheckFlags(0, -1); /* currently flags must be 0 */ + if (virInterfaceChangeCommitEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); ret = ncf_change_commit(driver->netcf, 0); @@ -766,6 +878,9 @@ static int netcfInterfaceChangeRollback(virConnectPtr conn, unsigned int flags) virCheckFlags(0, -1); /* currently flags must be 0 */ + if (virInterfaceChangeRollbackEnsureACL(conn) < 0) + return -1; + interfaceDriverLock(driver); ret = ncf_change_rollback(driver->netcf, 0); diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index a6c7fde..68e1e2f 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -31,6 +31,7 @@ #include "interface_conf.h" #include "viralloc.h" #include "virstring.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_INTERFACE @@ -61,6 +62,36 @@ virUdevStatusString(virUdevStatus status) return ""; } +/* + * Get a minimal virInterfaceDef containing enough metadata + * for access control checks to be performed. Currently + * this implies existance of name and mac address attributes + */ +static virInterfaceDef * ATTRIBUTE_NONNULL(1) +udevGetMinimalDefForDevice(struct udev_device *dev) +{ + virInterfaceDef *def; + + /* Allocate our interface definition structure */ + if (VIR_ALLOC(def) < 0) { + virReportOOMError(); + return NULL; + } + + if (VIR_STRDUP(def->name, udev_device_get_sysname(dev)) < 0) + goto cleanup; + + if (VIR_STRDUP(def->mac, udev_device_get_sysattr_value(dev, "address")) < 0) + goto cleanup; + + return def; + +cleanup: + virInterfaceDefFree(def); + return NULL; +} + + static struct udev_enumerate * ATTRIBUTE_NONNULL(1) udevGetDevices(struct udev *udev, virUdevStatus status) { @@ -255,6 +286,9 @@ error: static int udevConnectNumOfInterfaces(virConnectPtr conn) { + if (virConnectNumOfInterfacesEnsureACL(conn) < 0) + return -1; + return udevNumOfInterfacesByStatus(conn, VIR_UDEV_IFACE_ACTIVE); } @@ -263,6 +297,9 @@ udevConnectListInterfaces(virConnectPtr conn, char **const names, int names_len) { + if (virConnectListInterfacesEnsureACL(conn) < 0) + return -1; + return udevListInterfacesByStatus(conn, names, names_len, VIR_UDEV_IFACE_ACTIVE); } @@ -270,6 +307,9 @@ udevConnectListInterfaces(virConnectPtr conn, static int udevConnectNumOfDefinedInterfaces(virConnectPtr conn) { + if (virConnectNumOfDefinedInterfacesEnsureACL(conn) < 0) + return -1; + return udevNumOfInterfacesByStatus(conn, VIR_UDEV_IFACE_INACTIVE); } @@ -278,6 +318,9 @@ udevConnectListDefinedInterfaces(virConnectPtr conn, char **const names, int names_len) { + if (virConnectListDefinedInterfacesEnsureACL(conn) < 0) + return -1; + return udevListInterfacesByStatus(conn, names, names_len, VIR_UDEV_IFACE_INACTIVE); } @@ -302,6 +345,9 @@ udevConnectListAllInterfaces(virConnectPtr conn, virCheckFlags(VIR_CONNECT_LIST_INTERFACES_FILTERS_ACTIVE, -1); + if (virConnectListAllInterfacesEnsureACL(conn) < 0) + return -1; + /* Grab a udev reference */ udev = udev_ref(driverState->udev); @@ -412,8 +458,8 @@ udevInterfaceLookupByName(virConnectPtr conn, const char *name) struct udev_iface_driver *driverState = conn->interfacePrivateData; struct udev *udev = udev_ref(driverState->udev); struct udev_device *dev; - const char *macaddr; virInterfacePtr ret = NULL; + virInterfaceDefPtr def = NULL; /* get a device reference based on the device name */ dev = udev_device_new_from_subsystem_sysname(udev, "net", name); @@ -424,12 +470,18 @@ udevInterfaceLookupByName(virConnectPtr conn, const char *name) goto cleanup; } - macaddr = udev_device_get_sysattr_value(dev, "address"); - ret = virGetInterface(conn, name, macaddr); + if (!(def = udevGetMinimalDefForDevice(dev))) + goto cleanup; + + if (virInterfaceLookupByNameEnsureACL(conn, def) < 0) + goto cleanup; + + ret = virGetInterface(conn, def->name, def->mac); udev_device_unref(dev); cleanup: udev_unref(udev); + virInterfaceDefFree(def); return ret; } @@ -442,7 +494,7 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const char *macstr) struct udev_enumerate *enumerate = NULL; struct udev_list_entry *dev_entry; struct udev_device *dev; - const char *name; + virInterfaceDefPtr def = NULL; virInterfacePtr ret = NULL; enumerate = udevGetDevices(udev, VIR_UDEV_IFACE_ALL); @@ -480,14 +532,21 @@ udevInterfaceLookupByMACString(virConnectPtr conn, const char *macstr) } dev = udev_device_new_from_syspath(udev, udev_list_entry_get_name(dev_entry)); - name = udev_device_get_sysname(dev); - ret = virGetInterface(conn, name, macstr); + + if (!(def = udevGetMinimalDefForDevice(dev))) + goto cleanup; + + if (virInterfaceLookupByMACStringEnsureACL(conn, def) < 0) + goto cleanup; + + ret = virGetInterface(conn, def->name, def->mac); udev_device_unref(dev); cleanup: if (enumerate) udev_enumerate_unref(enumerate); udev_unref(udev); + virInterfaceDefFree(def); return ret; } @@ -1044,6 +1103,9 @@ udevInterfaceGetXMLDesc(virInterfacePtr ifinfo, if (!ifacedef) goto cleanup; + if (virInterfaceGetXMLDescEnsureACL(ifinfo->conn, ifacedef) < 0) + goto cleanup; + xmlstr = virInterfaceDefFormat(ifacedef); virInterfaceDefFree(ifacedef); @@ -1061,7 +1123,8 @@ udevInterfaceIsActive(virInterfacePtr ifinfo) struct udev_iface_driver *driverState = ifinfo->conn->interfacePrivateData; struct udev *udev = udev_ref(driverState->udev); struct udev_device *dev; - int status; + virInterfaceDefPtr def = NULL; + int status = -1; dev = udev_device_new_from_subsystem_sysname(udev, "net", ifinfo->name); @@ -1069,10 +1132,15 @@ udevInterfaceIsActive(virInterfacePtr ifinfo) virReportError(VIR_ERR_NO_INTERFACE, _("couldn't find interface named '%s'"), ifinfo->name); - status = -1; goto cleanup; } + if (!(def = udevGetMinimalDefForDevice(dev))) + goto cleanup; + + if (virInterfaceIsActiveEnsureACL(ifinfo->conn, def) < 0) + goto cleanup; + /* Check if it's active or not */ status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up"); @@ -1080,6 +1148,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo) cleanup: udev_unref(udev); + virInterfaceDefFree(def); return status; } -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Insert calls to the ACL checking APIs in all nwfilter driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/Makefile.am | 9 +++++++-- src/nwfilter/nwfilter_driver.c | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index c899001..89b2bab 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1394,8 +1394,13 @@ noinst_LTLIBRARIES += libvirt_driver_nwfilter.la # Stateful, so linked to daemon instead #libvirt_la_BUILT_LIBADD += libvirt_driver_nwfilter.la endif -libvirt_driver_nwfilter_la_CFLAGS = $(LIBPCAP_CFLAGS) \ - -I$(top_srcdir)/src/conf $(LIBNL_CFLAGS) $(AM_CFLAGS) $(DBUS_CFLAGS) +libvirt_driver_nwfilter_la_CFLAGS = \ + $(LIBPCAP_CFLAGS) \ + $(LIBNL_CFLAGS) \ + $(DBUS_CFLAGS) \ + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS) libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS) if WITH_DRIVER_MODULES diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 6573307..7e8e202 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -42,6 +42,7 @@ #include "nwfilter_gentech_driver.h" #include "configmake.h" #include "virstring.h" +#include "viraccessapicheck.h" #include "nwfilter_ipaddrmap.h" #include "nwfilter_dhcpsnoop.h" @@ -374,6 +375,9 @@ nwfilterLookupByUUID(virConnectPtr conn, goto cleanup; } + if (virNWFilterLookupByUUIDEnsureACL(conn, nwfilter->def) < 0) + goto cleanup; + ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid); cleanup: @@ -400,6 +404,9 @@ nwfilterLookupByName(virConnectPtr conn, goto cleanup; } + if (virNWFilterLookupByNameEnsureACL(conn, nwfilter->def) < 0) + goto cleanup; + ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid); cleanup: @@ -434,6 +441,10 @@ nwfilterClose(virConnectPtr conn) { static int nwfilterConnectNumOfNWFilters(virConnectPtr conn) { virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData; + + if (virConnectNumOfNWFiltersEnsureACL(conn) < 0) + return -1; + return driver->nwfilters.count; } @@ -445,6 +456,9 @@ nwfilterConnectListNWFilters(virConnectPtr conn, virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData; int got = 0, i; + if (virConnectListNWFiltersEnsureACL(conn) < 0) + return -1; + nwfilterDriverLock(driver); for (i = 0; i < driver->nwfilters.count && got < nnames; i++) { virNWFilterObjLock(driver->nwfilters.objs[i]); @@ -481,6 +495,9 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn, virCheckFlags(0, -1); + if (virConnectListAllNWFiltersEnsureACL(conn) < 0) + return -1; + nwfilterDriverLock(driver); if (!filters) { @@ -537,6 +554,9 @@ nwfilterDefineXML(virConnectPtr conn, if (!(def = virNWFilterDefParseString(conn, xml))) goto cleanup; + if (virNWFilterDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def))) goto cleanup; @@ -578,6 +598,9 @@ nwfilterUndefine(virNWFilterPtr obj) { goto cleanup; } + if (virNWFilterUndefineEnsureACL(obj->conn, nwfilter->def) < 0) + goto cleanup; + if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -626,6 +649,9 @@ nwfilterGetXMLDesc(virNWFilterPtr obj, goto cleanup; } + if (virNWFilterGetXMLDescEnsureACL(obj->conn, nwfilter->def) < 0) + goto cleanup; + ret = virNWFilterDefFormat(nwfilter->def); cleanup: -- 1.8.1.4

From: "Daniel P. Berrange" <berrange@redhat.com> Add a script which parses the driver API code and validates that every API registered in a virNNNDriverPtr table contains an ACL check matching the API name. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/Makefile.am | 22 +++++++- src/check-aclrules.pl | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 164 insertions(+), 2 deletions(-) create mode 100644 src/check-aclrules.pl diff --git a/src/Makefile.am b/src/Makefile.am index 647b1f2..9e22e42 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -478,16 +478,34 @@ DRIVER_SOURCE_FILES = \ $(XENAPI_DRIVER_SOURCES) \ $(NULL) +STATEFUL_DRIVER_SOURCE_FILES = \ + $(INTERFACE_DRIVER_SOURCES) \ + $(LIBXL_DRIVER_SOURCES) \ + $(LXC_DRIVER_SOURCES) \ + $(NETWORK_DRIVER_SOURCES) \ + $(NODE_DEVICE_DRIVER_SOURCES) \ + $(NWFILTER_DRIVER_SOURCES) \ + $(QEMU_DRIVER_SOURCES) \ + $(SECRET_DRIVER_SOURCES) \ + $(STORAGE_DRIVER_SOURCES) \ + $(UML_DRIVER_SOURCES) \ + $(XEN_DRIVER_SOURCES) \ + $(NULL) + check-driverimpls: $(AM_V_GEN)$(PERL) $(srcdir)/check-driverimpls.pl \ $(filter /%,$(DRIVER_SOURCE_FILES)) \ $(addprefix $(srcdir)/,$(filter-out /%,$(DRIVER_SOURCE_FILES))) -EXTRA_DIST += check-driverimpls.pl +check-aclrules: + $(AM_V_GEN)$(PERL) $(srcdir)/check-aclrules.pl \ + $(STATEFUL_DRIVER_SOURCE_FILES) + +EXTRA_DIST += check-driverimpls.pl check-aclrules.pl check-local: check-protocol check-symfile check-symsorting \ - check-drivername check-driverimpls + check-drivername check-driverimpls check-aclrules .PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct) # Mock driver, covering domains, storage, networks, etc diff --git a/src/check-aclrules.pl b/src/check-aclrules.pl new file mode 100644 index 0000000..62da2b7 --- /dev/null +++ b/src/check-aclrules.pl @@ -0,0 +1,144 @@ +#!/usr/bin/perl +# +# Copyright (C) 2013 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# <http://www.gnu.org/licenses/>. +# +# This script validates that the driver implementation of any +# public APIs contain ACL checks. +# +# As the script reads each source file, it attempts to identify +# top level function names. +# +# When reading the body of the functions, it looks for anything +# that looks like an API called named XXXEnsureACL. It will +# validate that the XXX prefix matches the name of the function +# it occurs in. +# +# When it later finds the virDriverPtr table, for each entry +# point listed, it will validate if there was a previously +# detected EnsureACL call recorded. +# +use strict; +use warnings; + +my $status = 0; + +my $brace = 0; +my $maybefunc; +my $intable = 0; +my $table; + +my %acls; + +my %whitelist = ( + "connectClose" => 1, + "connectIsEncrypted" => 1, + "connectIsSecure" => 1, + "connectIsAlive" => 1, + "networkOpen" => 1, + "networkClose" => 1, + "nwfilterOpen" => 1, + "nwfilterClose" => 1, + "secretOpen" => 1, + "secretClose" => 1, + "storageOpen" => 1, + "storageClose" => 1, + "interfaceOpen" => 1, + "interfaceClose" => 1, + ); + +my $lastfile; + +while (<>) { + if (!defined $lastfile || + $lastfile ne $ARGV) { + %acls = (); + $brace = 0; + $maybefunc = undef; + $lastfile = $ARGV; + } + if ($brace == 0) { + # Looks for anything which appears to be a function + # body name. Doesn't matter if we pick up bogus stuff + # here, as long as we don't miss valid stuff + if (m,\b(\w+)\(,) { + $maybefunc = $1; + } + } elsif ($brace > 0) { + if (m,(\w+)EnsureACL,) { + # Record the fact that maybefunc contains an + # ACL call, and make sure it is the right call! + my $func = $1; + $func =~ s/^vir//; + if (!defined $maybefunc) { + print "$ARGV:$. Unexpected check '$func' outside function\n"; + $status = 1; + } else { + unless ($maybefunc =~ /$func$/i) { + print "$ARGV:$. Mismatch check 'vir${func}EnsureACL' for function '$maybefunc'\n"; + $status = 1; + } + } + $acls{$maybefunc} = 1; + } elsif (m,\b(\w+)\(,) { + # Handles case where we replaced an API with a new + # one which adds new parameters, and we're left with + # a simple stub calling the new API. + my $callfunc = $1; + if (exists $acls{$callfunc}) { + $acls{$maybefunc} = 1; + } + } + } + + # Pass the vir*DriverPtr tables and make sure that + # every func listed there, has an impl which calls + # an ACL function + if ($intable) { + if (/\}/) { + $intable = 0; + $table = undef; + } elsif (/\.(\w+)\s*=\s*(\w+),?/) { + my $api = $1; + my $impl = $2; + + if ($api ne "no" && + $api ne "name" && + $table ne "virStateDriver" && + !exists $acls{$impl} && + !exists $whitelist{$api}) { + print "$ARGV:$. Missing ACL check in function '$impl' for '$api'\n"; + $status = 1; + } + } + } elsif (/^(?:static\s+)?(vir(?:\w+)?Driver)\s+/) { + if ($1 ne "virNWFilterCallbackDriver" && + $1 ne "virNWFilterTechDriver" && + $1 ne "virDomainConfNWFilterDriver") { + $intable = 1; + $table = $1; + } + } + + + my $count; + $count = s/{//g; + $brace += $count; + $count = s/}//g; + $brace -= $count; +} + +exit $status; -- 1.8.1.4