From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> Insert calls to the ACL checking APIs in all Xen driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- src/Makefile.am | 1 + src/xen/xen_driver.c | 217 +++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 210 insertions(+), 8 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 75db540..b3aed10 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -964,6 +964,7 @@ endif libvirt_driver_xen_impl_la_CFLAGS = \ $(XEN_CFLAGS) \ + -I$(top_srcdir)/src/access \ -I$(top_srcdir)/src/conf \ -I$(top_srcdir)/src/xenxs \ $(AM_CFLAGS) diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c index 217d380..4871907 100644 --- a/src/xen/xen_driver.c +++ b/src/xen/xen_driver.c @@ -66,6 +66,7 @@ #include "nodeinfo.h" #include "configmake.h" #include "virstring.h" +#include "viraccessapicheck.h" #define VIR_FROM_THIS VIR_FROM_XEN #define XEN_SAVE_DIR LOCALSTATEDIR "/lib/libvirt/xen/save" @@ -398,6 +399,9 @@ xenUnifiedConnectOpen(virConnectPtr conn, virConnectAuthPtr auth, unsigned int f /* We now know the URI is definitely for this driver, so beyond * here, don't return DECLINED, always use ERROR */ + if (virConnectOpenEnsureACL(conn) < 0) + return VIR_DRV_OPEN_ERROR; + /* Allocate per-connection private data. */ if (VIR_ALLOC(priv) < 0) { virReportOOMError(); @@ -542,15 +546,21 @@ unsigned long xenUnifiedVersion(void) static const char * -xenUnifiedConnectGetType(virConnectPtr conn ATTRIBUTE_UNUSED) +xenUnifiedConnectGetType(virConnectPtr conn) { + if (virConnectGetTypeEnsureACL(conn) < 0) + return NULL; + return "Xen"; } /* Which features are supported by this driver? */ static int -xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int feature) +xenUnifiedConnectSupportsFeature(virConnectPtr conn, int feature) { + if (virConnectSupportsFeatureEnsureACL(conn) < 0) + return -1; + switch (feature) { case VIR_DRV_FEATURE_MIGRATION_V1: case VIR_DRV_FEATURE_MIGRATION_DIRECT: @@ -563,12 +573,18 @@ xenUnifiedConnectSupportsFeature(virConnectPtr conn ATTRIBUTE_UNUSED, int featur static int xenUnifiedConnectGetVersion(virConnectPtr conn, unsigned long *hvVer) { + if (virConnectGetVersionEnsureACL(conn) < 0) + return -1; + return xenHypervisorGetVersion(conn, hvVer); } -static char *xenUnifiedConnectGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED) +static char *xenUnifiedConnectGetHostname(virConnectPtr conn) { + if (virConnectGetHostnameEnsureACL(conn) < 0) + return NULL; + return virGetHostname(); } @@ -603,6 +619,9 @@ xenUnifiedConnectIsAlive(virConnectPtr conn ATTRIBUTE_UNUSED) int xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type) { + if (virConnectGetMaxVcpusEnsureACL(conn) < 0) + return -1; + if (type && STRCASENEQ(type, "Xen")) { virReportError(VIR_ERR_INVALID_ARG, __FUNCTION__); return -1; @@ -614,6 +633,9 @@ xenUnifiedConnectGetMaxVcpus(virConnectPtr conn, const char *type) static int xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info) { + if (virNodeGetInfoEnsureACL(conn) < 0) + return -1; + return xenDaemonNodeGetInfo(conn, info); } @@ -623,6 +645,9 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn) xenUnifiedPrivatePtr priv = conn->privateData; char *xml; + if (virConnectGetCapabilitiesEnsureACL(conn) < 0) + return NULL; + if (!(xml = virCapabilitiesFormatXML(priv->caps))) { virReportOOMError(); return NULL; @@ -634,12 +659,18 @@ xenUnifiedConnectGetCapabilities(virConnectPtr conn) static int xenUnifiedConnectListDomains(virConnectPtr conn, int *ids, int maxids) { + if (virConnectListDomainsEnsureACL(conn) < 0) + return -1; + return xenStoreListDomains(conn, ids, maxids); } static int xenUnifiedConnectNumOfDomains(virConnectPtr conn) { + if (virConnectNumOfDomainsEnsureACL(conn) < 0) + return -1; + return xenStoreNumOfDomains(conn); } @@ -659,6 +690,9 @@ xenUnifiedDomainCreateXML(virConnectPtr conn, VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (xenDaemonCreateXML(conn, def) < 0) goto cleanup; @@ -680,6 +714,9 @@ xenUnifiedDomainLookupByID(virConnectPtr conn, int id) if (!(def = xenGetDomainDefForID(conn, id))) goto cleanup; + if (virDomainLookupByIDEnsureACL(conn, def) < 0) + goto cleanup; + if (!(ret = virGetDomain(conn, def->name, def->uuid))) goto cleanup; @@ -700,6 +737,9 @@ xenUnifiedDomainLookupByUUID(virConnectPtr conn, if (!(def = xenGetDomainDefForUUID(conn, uuid))) goto cleanup; + if (virDomainLookupByUUIDEnsureACL(conn, def) < 0) + goto cleanup; + if (!(ret = virGetDomain(conn, def->name, def->uuid))) goto cleanup; @@ -720,6 +760,9 @@ xenUnifiedDomainLookupByName(virConnectPtr conn, if (!(def = xenGetDomainDefForName(conn, name))) goto cleanup; + if (virDomainLookupByNameEnsureACL(conn, def) < 0) + goto cleanup; + if (!(ret = virGetDomain(conn, def->name, def->uuid))) goto cleanup; @@ -809,6 +852,9 @@ xenUnifiedDomainSuspend(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSuspendEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainSuspend(dom->conn, def); cleanup: @@ -825,6 +871,9 @@ xenUnifiedDomainResume(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainResumeEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainResume(dom->conn, def); cleanup: @@ -844,6 +893,9 @@ xenUnifiedDomainShutdownFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainShutdownFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainShutdown(dom->conn, def); cleanup: @@ -868,6 +920,9 @@ xenUnifiedDomainReboot(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainRebootEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainReboot(dom->conn, def); cleanup: @@ -887,6 +942,9 @@ xenUnifiedDomainDestroyFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainDestroyFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainDestroy(dom->conn, def); cleanup: @@ -910,6 +968,9 @@ xenUnifiedDomainGetOSType(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetOSTypeEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -938,6 +999,9 @@ xenUnifiedDomainGetMaxMemory(virDomainPtr dom) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetMaxMemoryEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetMaxMemory(dom->conn, def); @@ -962,6 +1026,9 @@ xenUnifiedDomainSetMaxMemory(virDomainPtr dom, unsigned long memory) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetMaxMemoryEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainSetMaxMemory(dom->conn, def, memory); @@ -986,6 +1053,9 @@ xenUnifiedDomainSetMemory(virDomainPtr dom, unsigned long memory) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetMemoryEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainSetMemory(dom->conn, def, memory); else @@ -1006,6 +1076,9 @@ xenUnifiedDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetInfoEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetInfo(dom->conn, def, info); @@ -1035,6 +1108,9 @@ xenUnifiedDomainGetState(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetStateEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (def->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetState(dom->conn, def, state, reason); @@ -1067,6 +1143,9 @@ xenUnifiedDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSaveFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainSave(dom->conn, def, to); cleanup: @@ -1108,6 +1187,9 @@ xenUnifiedDomainManagedSave(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainManagedSaveEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1132,6 +1214,9 @@ xenUnifiedDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainHasManagedSaveImageEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1156,6 +1241,9 @@ xenUnifiedDomainManagedSaveRemove(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainManagedSaveRemoveEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1197,6 +1285,9 @@ xenUnifiedDomainCoreDump(virDomainPtr dom, const char *to, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainCoreDumpEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainCoreDump(dom->conn, def, to, flags); cleanup: @@ -1234,6 +1325,9 @@ xenUnifiedDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetVcpusFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + /* Try non-hypervisor methods first, then hypervisor direct method * as a last resort. */ @@ -1273,6 +1367,9 @@ xenUnifiedDomainPinVcpu(virDomainPtr dom, unsigned int vcpu, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainPinVcpuEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainPinVcpu(dom->conn, def, vcpu, cpumap, maplen); @@ -1299,6 +1396,9 @@ xenUnifiedDomainGetVcpus(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1330,6 +1430,9 @@ xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetVcpusFlags(dom->conn, def, flags); @@ -1365,6 +1468,9 @@ xenUnifiedDomainGetXMLDesc(virDomainPtr dom, unsigned int flags) if (!(minidef = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetXMLDescEnsureACL(dom->conn, minidef, flags) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { def = xenXMDomainGetXMLDesc(dom->conn, minidef); } else { @@ -1402,6 +1508,9 @@ xenUnifiedConnectDomainXMLFromNative(virConnectPtr conn, virCheckFlags(0, NULL); + if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0) + return NULL; + if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) && STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) { virReportError(VIR_ERR_INVALID_ARG, @@ -1451,6 +1560,9 @@ xenUnifiedConnectDomainXMLToNative(virConnectPtr conn, virCheckFlags(0, NULL); + if (virConnectDomainXMLToNativeEnsureACL(conn) < 0) + return NULL; + if (STRNEQ(format, XEN_CONFIG_FORMAT_XM) && STRNEQ(format, XEN_CONFIG_FORMAT_SEXPR)) { virReportError(VIR_ERR_INVALID_ARG, @@ -1523,6 +1635,9 @@ xenUnifiedDomainMigratePerform(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainMigratePerformEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenDaemonDomainMigratePerform(dom->conn, def, cookie, cookielen, uri, flags, dname, resource); @@ -1550,6 +1665,9 @@ xenUnifiedDomainMigrateFinish(virConnectPtr dconn, if (!(minidef = xenGetDomainDefForName(dconn, dname))) goto cleanup; + if (virDomainMigrateFinishEnsureACL(dconn, minidef) < 0) + goto cleanup; + if (flags & VIR_MIGRATE_PERSIST_DEST) { if (!(def = xenDaemonDomainGetXMLDesc(dconn, minidef, NULL))) goto cleanup; @@ -1579,6 +1697,9 @@ xenUnifiedConnectListDefinedDomains(virConnectPtr conn, char **const names, { xenUnifiedPrivatePtr priv = conn->privateData; + if (virConnectListDefinedDomainsEnsureACL(conn) < 0) + return -1; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { return xenXMListDefinedDomains(conn, names, maxnames); } else { @@ -1591,6 +1712,9 @@ xenUnifiedConnectNumOfDefinedDomains(virConnectPtr conn) { xenUnifiedPrivatePtr priv = conn->privateData; + if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) + return -1; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { return xenXMNumOfDefinedDomains(conn); } else { @@ -1611,6 +1735,9 @@ xenUnifiedDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainCreateWithFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (!(name = xenUnifiedDomainManagedSavePath(priv, def))) goto cleanup; @@ -1653,6 +1780,9 @@ xenUnifiedDomainDefineXML(virConnectPtr conn, const char *xml) VIR_DOMAIN_XML_INACTIVE))) goto cleanup; + if (virDomainDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { if (xenXMDomainDefineXML(conn, def) < 0) goto cleanup; @@ -1684,6 +1814,9 @@ xenUnifiedDomainUndefineFlags(virDomainPtr dom, unsigned int flags) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainUndefineFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainUndefine(dom->conn, def); else @@ -1718,6 +1851,9 @@ xenUnifiedDomainAttachDevice(virDomainPtr dom, const char *xml) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainAttachDeviceEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags); else @@ -1739,6 +1875,9 @@ xenUnifiedDomainAttachDeviceFlags(virDomainPtr dom, const char *xml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainAttachDeviceFlags(dom->conn, def, xml, flags); else @@ -1768,6 +1907,9 @@ xenUnifiedDomainDetachDevice(virDomainPtr dom, const char *xml) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainDetachDeviceEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags); else @@ -1789,6 +1931,9 @@ xenUnifiedDomainDetachDeviceFlags(virDomainPtr dom, const char *xml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainDetachDeviceFlags(dom->conn, def, xml, flags); else @@ -1809,6 +1954,9 @@ xenUnifiedDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + ret = xenDaemonUpdateDeviceFlags(dom->conn, def, xml, flags); cleanup: @@ -1826,6 +1974,9 @@ xenUnifiedDomainGetAutostart(virDomainPtr dom, int *autostart) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetAutostartEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetAutostart(def, autostart); else @@ -1846,6 +1997,9 @@ xenUnifiedDomainSetAutostart(virDomainPtr dom, int autostart) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetAutostartEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainSetAutostart(def, autostart); else @@ -1866,6 +2020,9 @@ xenUnifiedDomainGetSchedulerType(virDomainPtr dom, int *nparams) if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetSchedulerTypeEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1897,6 +2054,9 @@ xenUnifiedDomainGetSchedulerParametersFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainGetSchedulerParametersEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1937,6 +2097,9 @@ xenUnifiedDomainSetSchedulerParametersFlags(virDomainPtr dom, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, def, flags) < 0) + goto cleanup; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -1972,6 +2135,9 @@ xenUnifiedDomainBlockStats(virDomainPtr dom, const char *path, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainBlockStatsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenHypervisorDomainBlockStats(dom->conn, def, path, stats); cleanup: @@ -1989,6 +2155,9 @@ xenUnifiedDomainInterfaceStats(virDomainPtr dom, const char *path, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainInterfaceStatsEnsureACL(dom->conn, def) < 0) + goto cleanup; + ret = xenHypervisorDomainInterfaceStats(def, path, stats); cleanup: @@ -2010,6 +2179,9 @@ xenUnifiedDomainBlockPeek(virDomainPtr dom, const char *path, if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; + if (virDomainBlockPeekEnsureACL(dom->conn, def) < 0) + goto cleanup; + if (dom->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainBlockPeek(dom->conn, def, path, offset, size, buffer); else @@ -2024,6 +2196,9 @@ static int xenUnifiedNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, int startCell, int maxCells) { + if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0) + return 0; + return xenHypervisorNodeGetCellsFreeMemory(conn, freeMems, startCell, maxCells); } @@ -2033,6 +2208,9 @@ xenUnifiedNodeGetFreeMemory(virConnectPtr conn) { unsigned long long freeMem = 0; + if (virNodeGetFreeMemoryEnsureACL(conn) < 0) + return 0; + if (xenHypervisorNodeGetCellsFreeMemory(conn, &freeMem, -1, 1) < 0) return 0; return freeMem; @@ -2046,8 +2224,11 @@ xenUnifiedConnectDomainEventRegister(virConnectPtr conn, virFreeCallback freefunc) { xenUnifiedPrivatePtr priv = conn->privateData; - int ret; + + if (virConnectDomainEventRegisterEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2070,6 +2251,10 @@ xenUnifiedConnectDomainEventDeregister(virConnectPtr conn, { int ret; xenUnifiedPrivatePtr priv = conn->privateData; + + if (virConnectDomainEventDeregisterEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2096,8 +2281,11 @@ xenUnifiedConnectDomainEventRegisterAny(virConnectPtr conn, virFreeCallback freefunc) { xenUnifiedPrivatePtr priv = conn->privateData; - int ret; + + if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2121,6 +2309,10 @@ xenUnifiedConnectDomainEventDeregisterAny(virConnectPtr conn, { int ret; xenUnifiedPrivatePtr priv = conn->privateData; + + if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) + return -1; + xenUnifiedLock(priv); if (priv->xsWatch == -1) { @@ -2396,31 +2588,40 @@ cleanup: } static int -xenUnifiedNodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, +xenUnifiedNodeGetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int *nparams, unsigned int flags) { + if (virNodeGetMemoryParametersEnsureACL(conn) < 0) + return -1; + return nodeGetMemoryParameters(params, nparams, flags); } static int -xenUnifiedNodeSetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, +xenUnifiedNodeSetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int nparams, unsigned int flags) { + if (virNodeSetMemoryParametersEnsureACL(conn) < 0) + return -1; + return nodeSetMemoryParameters(params, nparams, flags); } static int -xenUnifiedNodeSuspendForDuration(virConnectPtr conn ATTRIBUTE_UNUSED, +xenUnifiedNodeSuspendForDuration(virConnectPtr conn, unsigned int target, unsigned long long duration, unsigned int flags) { + if (virNodeSuspendForDurationEnsureACL(conn) < 0) + return -1; + return nodeSuspendForDuration(target, duration, flags); } -- 1.8.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list