[libvirt] [PATCH 13/19] Add ACL checks into the storage driver
Daniel P. Berrange
berrange at redhat.com
Thu May 9 13:26:16 UTC 2013
From: "Daniel P. Berrange" <berrange at redhat.com>
Insert calls to the ACL checking APIs in all storage driver
entrypoints.
Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
src/storage/storage_driver.c | 155 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 151 insertions(+), 4 deletions(-)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 990f0b1..edbd94d 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -48,6 +48,7 @@
#include "fdstream.h"
#include "configmake.h"
#include "virstring.h"
+#include "access/viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -248,6 +249,9 @@ storagePoolLookupByUUID(virConnectPtr conn,
goto cleanup;
}
+ if (virStoragePoolLookupByUUIDEnsureACL(conn, pool->def) < 0)
+ goto cleanup;
+
ret = virGetStoragePool(conn, pool->def->name, pool->def->uuid,
NULL, NULL);
@@ -274,6 +278,9 @@ storagePoolLookupByName(virConnectPtr conn,
goto cleanup;
}
+ if (virStoragePoolLookupByNameEnsureACL(conn, pool->def) < 0)
+ goto cleanup;
+
ret = virGetStoragePool(conn, pool->def->name, pool->def->uuid,
NULL, NULL);
@@ -285,7 +292,30 @@ cleanup:
static virStoragePoolPtr
storagePoolLookupByVolume(virStorageVolPtr vol) {
- return storagePoolLookupByName(vol->conn, vol->pool);
+ virStorageDriverStatePtr driver = vol->conn->storagePrivateData;
+ virStoragePoolObjPtr pool;
+ virStoragePoolPtr ret = NULL;
+
+ storageDriverLock(driver);
+ pool = virStoragePoolObjFindByName(&driver->pools, vol->pool);
+ storageDriverUnlock(driver);
+
+ if (!pool) {
+ virReportError(VIR_ERR_NO_STORAGE_POOL,
+ _("no storage pool with matching name '%s'"), vol->pool);
+ goto cleanup;
+ }
+
+ if (virStoragePoolLookupByVolumeEnsureACL(vol->conn, pool->def) < 0)
+ goto cleanup;
+
+ ret = virGetStoragePool(vol->conn, pool->def->name, pool->def->uuid,
+ NULL, NULL);
+
+cleanup:
+ if (pool)
+ virStoragePoolObjUnlock(pool);
+ return ret;
}
static virDrvOpenStatus
@@ -313,6 +343,9 @@ storageConnectNumOfStoragePools(virConnectPtr conn) {
virStorageDriverStatePtr driver = conn->storagePrivateData;
unsigned int i, nactive = 0;
+ if (virConnectNumOfStoragePoolsEnsureACL(conn) < 0)
+ return -1;
+
storageDriverLock(driver);
for (i = 0 ; i < driver->pools.count ; i++) {
virStoragePoolObjLock(driver->pools.objs[i]);
@@ -332,6 +365,9 @@ storageConnectListStoragePools(virConnectPtr conn,
virStorageDriverStatePtr driver = conn->storagePrivateData;
int got = 0, i;
+ if (virConnectListStoragePoolsEnsureACL(conn) < 0)
+ return -1;
+
storageDriverLock(driver);
for (i = 0 ; i < driver->pools.count && got < nnames ; i++) {
virStoragePoolObjLock(driver->pools.objs[i]);
@@ -361,6 +397,9 @@ storageConnectNumOfDefinedStoragePools(virConnectPtr conn) {
virStorageDriverStatePtr driver = conn->storagePrivateData;
unsigned int i, nactive = 0;
+ if (virConnectNumOfDefinedStoragePoolsEnsureACL(conn) < 0)
+ return -1;
+
storageDriverLock(driver);
for (i = 0 ; i < driver->pools.count ; i++) {
virStoragePoolObjLock(driver->pools.objs[i]);
@@ -380,6 +419,9 @@ storageConnectListDefinedStoragePools(virConnectPtr conn,
virStorageDriverStatePtr driver = conn->storagePrivateData;
int got = 0, i;
+ if (virConnectListDefinedStoragePoolsEnsureACL(conn) < 0)
+ return -1;
+
storageDriverLock(driver);
for (i = 0 ; i < driver->pools.count && got < nnames ; i++) {
virStoragePoolObjLock(driver->pools.objs[i]);
@@ -417,6 +459,9 @@ storageConnectFindStoragePoolSources(virConnectPtr conn,
virStorageBackendPtr backend;
char *ret = NULL;
+ if (virConnectFindStoragePoolSourcesEnsureACL(conn) < 0)
+ return NULL;
+
backend_type = virStoragePoolTypeFromString(type);
if (backend_type < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -455,6 +500,10 @@ static int storagePoolIsActive(virStoragePoolPtr pool)
virReportError(VIR_ERR_NO_STORAGE_POOL, NULL);
goto cleanup;
}
+
+ if (virStoragePoolIsActiveEnsureACL(pool->conn, obj->def) < 0)
+ goto cleanup;
+
ret = virStoragePoolObjIsActive(obj);
cleanup:
@@ -476,6 +525,10 @@ static int storagePoolIsPersistent(virStoragePoolPtr pool)
virReportError(VIR_ERR_NO_STORAGE_POOL, NULL);
goto cleanup;
}
+
+ if (virStoragePoolIsPersistentEnsureACL(pool->conn, obj->def) < 0)
+ goto cleanup;
+
ret = obj->configFile ? 1 : 0;
cleanup:
@@ -502,6 +555,9 @@ storagePoolCreateXML(virConnectPtr conn,
if (!(def = virStoragePoolDefParseString(xml)))
goto cleanup;
+ if (virStoragePoolCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virStoragePoolObjIsDuplicate(&driver->pools, def, 1) < 0)
goto cleanup;
@@ -559,6 +615,9 @@ storagePoolDefineXML(virConnectPtr conn,
if (!(def = virStoragePoolDefParseString(xml)))
goto cleanup;
+ if (virStoragePoolDefineXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (virStoragePoolObjIsDuplicate(&driver->pools, def, 0) < 0)
goto cleanup;
@@ -604,6 +663,9 @@ storagePoolUndefine(virStoragePoolPtr obj) {
goto cleanup;
}
+ if (virStoragePoolUndefineEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if (virStoragePoolObjIsActive(pool)) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("storage pool '%s' is still active"),
@@ -663,6 +725,9 @@ storagePoolCreate(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolCreateEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -710,6 +775,9 @@ storagePoolBuild(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolBuildEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -748,6 +816,9 @@ storagePoolDestroy(virStoragePoolPtr obj) {
goto cleanup;
}
+ if (virStoragePoolDestroyEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -808,6 +879,9 @@ storagePoolDelete(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolDeleteEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -862,6 +936,9 @@ storagePoolRefresh(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolRefreshEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -918,6 +995,9 @@ storagePoolGetInfo(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolGetInfoEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if (virStorageBackendForType(pool->def->type) == NULL)
goto cleanup;
@@ -958,6 +1038,9 @@ storagePoolGetXMLDesc(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolGetXMLDescEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if ((flags & VIR_STORAGE_XML_INACTIVE) && pool->newDef)
def = pool->newDef;
else
@@ -988,6 +1071,9 @@ storagePoolGetAutostart(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolGetAutostartEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if (!pool->configFile) {
*autostart = 0;
} else {
@@ -1017,6 +1103,9 @@ storagePoolSetAutostart(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolSetAutostartEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if (!pool->configFile) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("pool has no config file"));
@@ -1077,6 +1166,9 @@ storagePoolNumOfVolumes(virStoragePoolPtr obj) {
goto cleanup;
}
+ if (virStoragePoolNumOfVolumesEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if (!virStoragePoolObjIsActive(pool)) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("storage pool '%s' is not active"), pool->def->name);
@@ -1110,6 +1202,9 @@ storagePoolListVolumes(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStoragePoolListVolumesEnsureACL(obj->conn, pool->def) < 0)
+ goto cleanup;
+
if (!virStoragePoolObjIsActive(pool)) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("storage pool '%s' is not active"), pool->def->name);
@@ -1161,6 +1256,9 @@ storagePoolListAllVolumes(virStoragePoolPtr pool,
goto cleanup;
}
+ if (virStoragePoolListAllVolumesEnsureACL(pool->conn, obj->def) < 0)
+ goto cleanup;
+
if (!virStoragePoolObjIsActive(obj)) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("storage pool '%s' is not active"), obj->def->name);
@@ -1239,6 +1337,9 @@ storageVolLookupByName(virStoragePoolPtr obj,
goto cleanup;
}
+ if (virStorageVolLookupByNameEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto cleanup;
+
ret = virGetStorageVol(obj->conn, pool->def->name, vol->name, vol->key,
NULL, NULL);
@@ -1263,21 +1364,27 @@ storageVolLookupByKey(virConnectPtr conn,
virStorageVolDefPtr vol =
virStorageVolDefFindByKey(driver->pools.objs[i], key);
- if (vol)
+ if (vol) {
+ if (virStorageVolLookupByKeyEnsureACL(conn, driver->pools.objs[i]->def, vol) < 0)
+ goto cleanup;
+
ret = virGetStorageVol(conn,
driver->pools.objs[i]->def->name,
vol->name,
vol->key,
NULL, NULL);
+ goto cleanup;
+ }
}
virStoragePoolObjUnlock(driver->pools.objs[i]);
}
- storageDriverUnlock(driver);
if (!ret)
virReportError(VIR_ERR_NO_STORAGE_VOL,
_("no storage vol with matching key %s"), key);
+cleanup:
+ storageDriverUnlock(driver);
return ret;
}
@@ -1317,12 +1424,17 @@ storageVolLookupByPath(virConnectPtr conn,
stable_path);
VIR_FREE(stable_path);
- if (vol)
+ if (vol) {
+ if (virStorageVolLookupByPathEnsureACL(conn, driver->pools.objs[i]->def, vol) < 0)
+ goto cleanup;
+
ret = virGetStorageVol(conn,
driver->pools.objs[i]->def->name,
vol->name,
vol->key,
NULL, NULL);
+ goto cleanup;
+ }
}
virStoragePoolObjUnlock(driver->pools.objs[i]);
}
@@ -1331,6 +1443,7 @@ storageVolLookupByPath(virConnectPtr conn,
virReportError(VIR_ERR_NO_STORAGE_VOL,
_("no storage vol with matching path %s"), path);
+cleanup:
VIR_FREE(cleanpath);
storageDriverUnlock(driver);
return ret;
@@ -1374,6 +1487,9 @@ storageVolCreateXML(virStoragePoolPtr obj,
if (voldef == NULL)
goto cleanup;
+ if (virStorageVolCreateXMLEnsureACL(obj->conn, pool->def, voldef) < 0)
+ goto cleanup;
+
if (virStorageVolDefFindByName(pool, voldef->name)) {
virReportError(VIR_ERR_NO_STORAGE_VOL,
_("storage vol '%s' already exists"), voldef->name);
@@ -1525,6 +1641,9 @@ storageVolCreateXMLFrom(virStoragePoolPtr obj,
if (newvol == NULL)
goto cleanup;
+ if (virStorageVolCreateXMLFromEnsureACL(obj->conn, pool->def, newvol) < 0)
+ goto cleanup;
+
if (virStorageVolDefFindByName(pool, newvol->name)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("storage volume name '%s' already in use."),
@@ -1666,6 +1785,9 @@ storageVolDownload(virStorageVolPtr obj,
goto out;
}
+ if (virStorageVolDownloadEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto out;
+
if (vol->building) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("volume '%s' is still being allocated."),
@@ -1729,6 +1851,9 @@ storageVolUpload(virStorageVolPtr obj,
goto out;
}
+ if (virStorageVolUploadEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto out;
+
if (vol->building) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("volume '%s' is still being allocated."),
@@ -1796,6 +1921,9 @@ storageVolResize(virStorageVolPtr obj,
goto out;
}
+ if (virStorageVolResizeEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto out;
+
if (vol->building) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("volume '%s' is still being allocated."),
@@ -2088,6 +2216,9 @@ storageVolWipePattern(virStorageVolPtr obj,
goto out;
}
+ if (virStorageVolWipePatternEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto out;
+
if (vol->building) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("volume '%s' is still being allocated."),
@@ -2156,6 +2287,9 @@ storageVolDelete(virStorageVolPtr obj,
goto cleanup;
}
+ if (virStorageVolDeleteEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto cleanup;
+
if (vol->building) {
virReportError(VIR_ERR_OPERATION_INVALID,
_("volume '%s' is still being allocated."),
@@ -2235,6 +2369,9 @@ storageVolGetInfo(virStorageVolPtr obj,
goto cleanup;
}
+ if (virStorageVolGetInfoEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -2292,6 +2429,9 @@ storageVolGetXMLDesc(virStorageVolPtr obj,
goto cleanup;
}
+ if (virStorageVolGetXMLDescEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto cleanup;
+
if ((backend = virStorageBackendForType(pool->def->type)) == NULL)
goto cleanup;
@@ -2340,6 +2480,9 @@ storageVolGetPath(virStorageVolPtr obj) {
goto cleanup;
}
+ if (virStorageVolGetPathEnsureACL(obj->conn, pool->def, vol) < 0)
+ goto cleanup;
+
ret = strdup(vol->target.path);
if (ret == NULL)
virReportOOMError();
@@ -2360,10 +2503,14 @@ storageConnectListAllStoragePools(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ALL, -1);
+ if (virConnectListAllStoragePoolsEnsureACL(conn) < 0)
+ goto cleanup;
+
storageDriverLock(driver);
ret = virStoragePoolList(conn, driver->pools, pools, flags);
storageDriverUnlock(driver);
+cleanup:
return ret;
}
--
1.8.1.4
More information about the libvir-list
mailing list