[libvirt] [PATCH 01/19] Define basic internal API for access control

Fri Jun 21 09:17:10 UTC 2013

On 19.06.2013 19:00, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
> 
> This patch introduces the virAccessManagerPtr class as the
> interface between virtualization drivers and the access
> control drivers. The viraccessperm.h file defines the
> various permissions that will be used for each type of object
> libvirt manages
> 
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
>  include/libvirt/virterror.h       |   4 +
>  po/POTFILES.in                    |   1 +
>  src/Makefile.am                   |  16 +
>  src/access/viraccessdriver.h      |  89 ++++++
>  src/access/viraccessdrivernop.c   | 118 +++++++
>  src/access/viraccessdrivernop.h   |  28 ++
>  src/access/viraccessdriverstack.c | 285 +++++++++++++++++
>  src/access/viraccessdriverstack.h |  32 ++
>  src/access/viraccessmanager.c     | 339 ++++++++++++++++++++
>  src/access/viraccessmanager.h     |  91 ++++++
>  src/access/viraccessperm.c        |  84 +++++
>  src/access/viraccessperm.h        | 647 ++++++++++++++++++++++++++++++++++++++
>  src/libvirt.c                     |   6 +-
>  src/libvirt_private.syms          |  37 +++
>  src/util/virerror.c               |   8 +
>  15 files changed, 1783 insertions(+), 2 deletions(-)
>  create mode 100644 src/access/viraccessdriver.h
>  create mode 100644 src/access/viraccessdrivernop.c
>  create mode 100644 src/access/viraccessdrivernop.h
>  create mode 100644 src/access/viraccessdriverstack.c
>  create mode 100644 src/access/viraccessdriverstack.h
>  create mode 100644 src/access/viraccessmanager.c
>  create mode 100644 src/access/viraccessmanager.h
>  create mode 100644 src/access/viraccessperm.c
>  create mode 100644 src/access/viraccessperm.h
> 

> diff --git a/src/access/viraccessdriverstack.c b/src/access/viraccessdriverstack.c
> new file mode 100644
> index 0000000..10c1c9b
> --- /dev/null
> +++ b/src/access/viraccessdriverstack.c
> @@ -0,0 +1,285 @@
> +/*
> + * viraccessdriverstack.c: stacked access control driver
> + *
> + * Copyright (C) 2012-2013 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library.  If not, see
> + * <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <config.h>
> +
> +#include "viraccessdriverstack.h"
> +#include "viralloc.h"
> +#include "virerror.h"
> +
> +#define VIR_FROM_THIS VIR_FROM_ACCESS
> +
> +typedef struct _virAccessDriverStackPrivate virAccessDriverStackPrivate;
> +typedef virAccessDriverStackPrivate *virAccessDriverStackPrivatePtr;
> +
> +struct _virAccessDriverStackPrivate {
> +    virAccessManagerPtr *managers;
> +    size_t managersLen;
> +};
> +
> +
> +int virAccessDriverStackAppend(virAccessManagerPtr manager,
> +                               virAccessManagerPtr child)
> +{
> +    virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager);
> +
> +    if (VIR_EXPAND_N(priv->managers, priv->managersLen, 1) < 0) {
> +        virReportOOMError();
> +        return -1;
> +    }
> +
> +    priv->managers[priv->managersLen-1] = child;
> +
> +    return 0;
> +}
> +
> +
> +static void virAccessDriverStackCleanup(virAccessManagerPtr manager)
> +{
> +    virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager);
> +    size_t i;
> +
> +    for (i = 0; i < priv->managersLen; i++) {
> +        virObjectUnref(priv->managers[i]);
> +    }
> +    VIR_FREE(priv->managers);
> +}
> +
> +
> +static int
> +virAccessDriverStackCheckConnect(virAccessManagerPtr manager,
> +                                 const char *driverName,
> +                                 virAccessPermConnect perm)
> +{
> +    virAccessDriverStackPrivatePtr priv = virAccessManagerGetPrivateData(manager);
> +    int ret = 1;
> +    size_t i;
> +
> +    for (i = 0; i < priv->managersLen; i++) {
> +        int rv;
> +        /* We do not short-circuit on first denial - always check all drivers */
> +        rv = virAccessManagerCheckConnect(priv->managers[i], driverName, perm);
> +        if (rv == 0 && ret != -1)
> +            ret = 0;
> +        else if (rv == -1)

s/ == -1/ < 0/ here and in others

> +            ret = -1;
> +    }
> +
> +    return ret;
> +}
> +

Michal