[libvirt] [PATCH 01/19] Define basic internal API for access control
Michal Privoznik
mprivozn at redhat.com
Fri Jun 21 09:17:10 UTC 2013
On 19.06.2013 19:00, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> This patch introduces the virAccessManagerPtr class as the
> interface between virtualization drivers and the access
> control drivers. The viraccessperm.h file defines the
> various permissions that will be used for each type of object
> libvirt manages
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> include/libvirt/virterror.h | 4 +
> po/POTFILES.in | 1 +
> src/Makefile.am | 16 +
> src/access/viraccessdriver.h | 89 ++++++
> src/access/viraccessdrivernop.c | 118 +++++++
> src/access/viraccessdrivernop.h | 28 ++
> src/access/viraccessdriverstack.c | 285 +++++++++++++++++
> src/access/viraccessdriverstack.h | 32 ++
> src/access/viraccessmanager.c | 339 ++++++++++++++++++++
> src/access/viraccessmanager.h | 91 ++++++
> src/access/viraccessperm.c | 84 +++++
> src/access/viraccessperm.h | 647 ++++++++++++++++++++++++++++++++++++++
> src/libvirt.c | 6 +-
> src/libvirt_private.syms | 37 +++
> src/util/virerror.c | 8 +
> 15 files changed, 1783 insertions(+), 2 deletions(-)
> create mode 100644 src/access/viraccessdriver.h
> create mode 100644 src/access/viraccessdrivernop.c
> create mode 100644 src/access/viraccessdrivernop.h
> create mode 100644 src/access/viraccessdriverstack.c
> create mode 100644 src/access/viraccessdriverstack.h
> create mode 100644 src/access/viraccessmanager.c
> create mode 100644 src/access/viraccessmanager.h
> create mode 100644 src/access/viraccessperm.c
> create mode 100644 src/access/viraccessperm.h
>
> diff --git a/src/access/viraccessdriverstack.c b/src/access/viraccessdriverstack.c
> new file mode 100644
> index 0000000..10c1c9b
> --- /dev/null
> +++ b/src/access/viraccessdriverstack.c
> @@ -0,0 +1,285 @@
> +/*
> + * viraccessdriverstack.c: stacked access control driver
> + *
> + * Copyright (C) 2012-2013 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <config.h>
> +
> +#include "viraccessdriverstack.h"
> +#include "viralloc.h"
> +#include "virerror.h"
> +
> +#define VIR_FROM_THIS VIR_FROM_ACCESS
> +
> +typedef struct _virAccessDriverStackPrivate virAccessDriverStackPrivate;
> +typedef virAccessDriverStackPrivate *virAccessDriverStackPrivatePtr;
> +
> +struct _virAccessDriverStackPrivate {
> + virAccessManagerPtr *managers;
> + size_t managersLen;
> +};
> +
> +
> +int virAccessDriverStackAppend(virAccessManagerPtr manager,
> + virAccessManagerPtr child)
> +{
> + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager);
> +
> + if (VIR_EXPAND_N(priv->managers, priv->managersLen, 1) < 0) {
> + virReportOOMError();
> + return -1;
> + }
> +
> + priv->managers[priv->managersLen-1] = child;
> +
> + return 0;
> +}
> +
> +
> +static void virAccessDriverStackCleanup(virAccessManagerPtr manager)
> +{
> + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager);
> + size_t i;
> +
> + for (i = 0; i < priv->managersLen; i++) {
> + virObjectUnref(priv->managers[i]);
> + }
> + VIR_FREE(priv->managers);
> +}
> +
> +
> +static int
> +virAccessDriverStackCheckConnect(virAccessManagerPtr manager,
> + const char *driverName,
> + virAccessPermConnect perm)
> +{
> + virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager);
> + int ret = 1;
> + size_t i;
> +
> + for (i = 0; i < priv->managersLen; i++) {
> + int rv;
> + /* We do not short-circuit on first denial - always check all drivers */
> + rv = virAccessManagerCheckConnect(priv->managers[i], driverName, perm);
> + if (rv == 0 && ret != -1)
> + ret = 0;
> + else if (rv == -1)
s/ == -1/ < 0/ here and in others
> + ret = -1;
> + }
> +
> + return ret;
> +}
> +
Michal
More information about the libvir-list
mailing list