NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add access control filtering of node device objects

Browse Source 
Ensure that all APIs which list node device objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
2013-06-26 17:50:54 +01:00
parent bbaa4e1cba
commit b1f3029afd
4 changed files with 33 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/node_device/node_device_driver.c
View File

@@ -140,11 +140,13 @@ nodeNumOfDevices(virConnectPtr conn,
nodeDeviceLock(driver);
for (i = 0; i < driver->devs.count; i++) {
virNodeDeviceObjLock(driver->devs.objs[i]);
if ((cap == NULL) ||
virNodeDeviceHasCap(driver->devs.objs[i], cap))
virNodeDeviceObjPtr obj = driver->devs.objs[i];
virNodeDeviceObjLock(obj);
if (virNodeNumOfDevicesCheckACL(conn, obj->def) &&
((cap == NULL) ||
virNodeDeviceHasCap(obj, cap)))
++ndevs;
virNodeDeviceObjUnlock(driver->devs.objs[i]);
virNodeDeviceObjUnlock(obj);
}
nodeDeviceUnlock(driver);
@@ -168,15 +170,17 @@ nodeListDevices(virConnectPtr conn,
nodeDeviceLock(driver);
for (i = 0; i < driver->devs.count && ndevs < maxnames; i++) {
virNodeDeviceObjLock(driver->devs.objs[i]);
if (cap == NULL ||
virNodeDeviceHasCap(driver->devs.objs[i], cap)) {
if (VIR_STRDUP(names[ndevs++], driver->devs.objs[i]->def->name) < 0) {
virNodeDeviceObjUnlock(driver->devs.objs[i]);
virNodeDeviceObjPtr obj = driver->devs.objs[i];
virNodeDeviceObjLock(obj);
if (virNodeListDevicesCheckACL(conn, obj->def) &&
(cap == NULL ||
virNodeDeviceHasCap(obj, cap))) {
if (VIR_STRDUP(names[ndevs++], obj->def->name) < 0) {
virNodeDeviceObjUnlock(obj);
goto failure;
}
}
virNodeDeviceObjUnlock(driver->devs.objs[i]);
virNodeDeviceObjUnlock(obj);
}
nodeDeviceUnlock(driver);
@@ -204,7 +208,9 @@ nodeConnectListAllNodeDevices(virConnectPtr conn,
return -1;
nodeDeviceLock(driver);
ret = virNodeDeviceList(conn, driver->devs, devices, flags);
ret = virNodeDeviceObjListExport(conn, driver->devs, devices,
virConnectListAllNodeDevicesCheckACL,
flags);
nodeDeviceUnlock(driver);
return ret;
}