[libvirt] [PATCH 17/19] Add ACL checks into the nwfilter driver

Daniel P. Berrange berrange at redhat.com
Wed Jun 19 17:00:58 UTC 2013


From: "Daniel P. Berrange" <berrange at redhat.com>

Insert calls to the ACL checking APIs in all nwfilter driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 src/Makefile.am                |  9 +++++++--
 src/nwfilter/nwfilter_driver.c | 26 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index c899001..89b2bab 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1394,8 +1394,13 @@ noinst_LTLIBRARIES += libvirt_driver_nwfilter.la
 # Stateful, so linked to daemon instead
 #libvirt_la_BUILT_LIBADD += libvirt_driver_nwfilter.la
 endif
-libvirt_driver_nwfilter_la_CFLAGS = $(LIBPCAP_CFLAGS) \
-		-I$(top_srcdir)/src/conf $(LIBNL_CFLAGS) $(AM_CFLAGS) $(DBUS_CFLAGS)
+libvirt_driver_nwfilter_la_CFLAGS = \
+		$(LIBPCAP_CFLAGS) \
+		$(LIBNL_CFLAGS) \
+		$(DBUS_CFLAGS) \
+		-I$(top_srcdir)/src/access \
+		-I$(top_srcdir)/src/conf \
+		$(AM_CFLAGS)
 libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS)
 libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS)
 if WITH_DRIVER_MODULES
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 6573307..7e8e202 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -42,6 +42,7 @@
 #include "nwfilter_gentech_driver.h"
 #include "configmake.h"
 #include "virstring.h"
+#include "viraccessapicheck.h"
 
 #include "nwfilter_ipaddrmap.h"
 #include "nwfilter_dhcpsnoop.h"
@@ -374,6 +375,9 @@ nwfilterLookupByUUID(virConnectPtr conn,
         goto cleanup;
     }
 
+    if (virNWFilterLookupByUUIDEnsureACL(conn, nwfilter->def) < 0)
+        goto cleanup;
+
     ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
 
 cleanup:
@@ -400,6 +404,9 @@ nwfilterLookupByName(virConnectPtr conn,
         goto cleanup;
     }
 
+    if (virNWFilterLookupByNameEnsureACL(conn, nwfilter->def) < 0)
+        goto cleanup;
+
     ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
 
 cleanup:
@@ -434,6 +441,10 @@ nwfilterClose(virConnectPtr conn) {
 static int
 nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
     virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
+
+    if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
+        return -1;
+
     return driver->nwfilters.count;
 }
 
@@ -445,6 +456,9 @@ nwfilterConnectListNWFilters(virConnectPtr conn,
     virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
     int got = 0, i;
 
+    if (virConnectListNWFiltersEnsureACL(conn) < 0)
+        return -1;
+
     nwfilterDriverLock(driver);
     for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
         virNWFilterObjLock(driver->nwfilters.objs[i]);
@@ -481,6 +495,9 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn,
 
     virCheckFlags(0, -1);
 
+    if (virConnectListAllNWFiltersEnsureACL(conn) < 0)
+        return -1;
+
     nwfilterDriverLock(driver);
 
     if (!filters) {
@@ -537,6 +554,9 @@ nwfilterDefineXML(virConnectPtr conn,
     if (!(def = virNWFilterDefParseString(conn, xml)))
         goto cleanup;
 
+    if (virNWFilterDefineXMLEnsureACL(conn, def) < 0)
+        goto cleanup;
+
     if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def)))
         goto cleanup;
 
@@ -578,6 +598,9 @@ nwfilterUndefine(virNWFilterPtr obj) {
         goto cleanup;
     }
 
+    if (virNWFilterUndefineEnsureACL(obj->conn, nwfilter->def) < 0)
+        goto cleanup;
+
     if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) {
         virReportError(VIR_ERR_OPERATION_INVALID,
                        "%s",
@@ -626,6 +649,9 @@ nwfilterGetXMLDesc(virNWFilterPtr obj,
         goto cleanup;
     }
 
+    if (virNWFilterGetXMLDescEnsureACL(obj->conn, nwfilter->def) < 0)
+        goto cleanup;
+
     ret = virNWFilterDefFormat(nwfilter->def);
 
 cleanup:
-- 
1.8.1.4




More information about the libvir-list mailing list