File libvirt-ibm of Package libvirt
diff -BNurbp libvirt-0.6.0/README_IBM_EXT libvirt-ibm/README_IBM_EXT
--- libvirt-0.6.0/README_IBM_EXT 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/README_IBM_EXT 2009-04-27 16:07:29.000000000 +0200
@@ -0,0 +1,25 @@
+Licensed Material - Property of IBM
+"Restricted Materials of IBM"
+5746-SM2
+Copyright IBM Corp. 2006-2009 All Rights Reserved.
+
+This are extensions to libVirt (http://libvirt.org) Virtualization API.
+It includes:
+* Framework to chain multiple intercepting drivers in the call-path of the existing libVirt API
+* Test chain driver (can be used as template for new chain drivers)
+* Generic Access Control chain driver
+ * Verifier module for above AC-driver that implements RBAC
+* CompMgr chain driver, that relays certain VM actions to running IBM Compartment Manager
+
+Run configure with --enable-debug=yes to get usefull debug information
+(also requires env LIBVIRT_DEBUG=1 to be set during run-time).
+
+
+Files
+-----
+src/chain_driver.[c,h] - Core chaining framework
+src/chain_utils.[c,h] - Utility functions for use by chain drivers
+src/chdrv_test.[c,h] - Test chain driver
+src/chdrv_ac.[c,h] - Base access control chain driver (supports pluggable verifiers)
+src/verif_rbac.[c,h] - Pluggable verifier that enforce RBAC for above AC driver
+src/chdrv_compmgr.[c,h] - Forwarder chain driver for VM actions to CompMgr
diff -BNurbp libvirt-0.6.0/configure libvirt-ibm/configure
--- libvirt-0.6.0/configure 2009-01-31 10:06:31.000000000 +0100
+++ libvirt-ibm/configure 2009-04-27 16:07:29.000000000 +0200
@@ -48514,7 +48514,8 @@ IFS=$as_save_IFS
;;
esac
fi
-QCOW_CREATE=$ac_cv_path_QCOW_CREATE
+#QCOW_CREATE=$ac_cv_path_QCOW_CREATE
+QCOW_CREATE=""
if test -n "$QCOW_CREATE"; then
{ echo "$as_me:$LINENO: result: $QCOW_CREATE" >&5
echo "${ECHO_T}$QCOW_CREATE" >&6; }
diff -BNurbp libvirt-0.6.0/configure.in libvirt-ibm/configure.in
--- libvirt-0.6.0/configure.in 2009-01-31 10:05:55.000000000 +0100
+++ libvirt-ibm/configure.in 2009-04-29 17:05:46.000000000 +0200
@@ -78,7 +78,7 @@ dnl Availability of various not common t
AC_CHECK_FUNCS([strerror_r strtok_r getmntent_r getgrnam_r getpwuid_r])
dnl Availability of various common headers (non-fatal if missing).
-AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/utsname.h sys/wait.h winsock2.h sched.h termios.h sys/poll.h syslog.h])
+AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/utsname.h sys/wait.h winsock2.h sched.h termios.h sys/poll.h syslog.h strings.h])
dnl Where are the XDR functions?
dnl If portablexdr is installed, prefer that.
diff -BNurbp libvirt-0.6.0/include/libvirt/libvirt.h libvirt-ibm/include/libvirt/libvirt.h
--- libvirt-0.6.0/include/libvirt/libvirt.h 2009-01-31 10:20:10.000000000 +0100
+++ libvirt-ibm/include/libvirt/libvirt.h 1970-01-01 01:00:00.000000000 +0100
@@ -1,1308 +0,0 @@
-/* -*- c -*-
- * libvirt.h:
- * Summary: core interfaces for the libvirt library
- * Description: Provides the interfaces of the libvirt library to handle
- * virtualized domains
- *
- * Copy: Copyright (C) 2005,2006 Red Hat, Inc.
- *
- * See COPYING.LIB for the License of this software
- *
- * Author: Daniel Veillard <veillard@redhat.com>
- */
-
-#ifndef __VIR_VIRLIB_H__
-#define __VIR_VIRLIB_H__
-
-#include <sys/types.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef VIR_DEPRECATED
- /* The feature is present in gcc-3.1 and newer. */
-# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
-# define VIR_DEPRECATED __attribute__((__deprecated__))
-# else
-# define VIR_DEPRECATED /* nothing */
-# endif
-#endif /* VIR_DEPRECATED */
-
-/**
- * virConnect:
- *
- * a virConnect is a private structure representing a connection to
- * the Hypervisor.
- */
-typedef struct _virConnect virConnect;
-
-/**
- * virConnectPtr:
- *
- * a virConnectPtr is pointer to a virConnect private structure, this is the
- * type used to reference a connection to the Hypervisor in the API.
- */
-typedef virConnect *virConnectPtr;
-
-/**
- * virDomain:
- *
- * a virDomain is a private structure representing a domain.
- */
-typedef struct _virDomain virDomain;
-
-/**
- * virDomainPtr:
- *
- * a virDomainPtr is pointer to a virDomain private structure, this is the
- * type used to reference a domain in the API.
- */
-typedef virDomain *virDomainPtr;
-
-/**
- * virDomainState:
- *
- * A domain may be in different states at a given point in time
- */
-typedef enum {
- VIR_DOMAIN_NOSTATE = 0, /* no state */
- VIR_DOMAIN_RUNNING = 1, /* the domain is running */
- VIR_DOMAIN_BLOCKED = 2, /* the domain is blocked on resource */
- VIR_DOMAIN_PAUSED = 3, /* the domain is paused by user */
- VIR_DOMAIN_SHUTDOWN= 4, /* the domain is being shut down */
- VIR_DOMAIN_SHUTOFF = 5, /* the domain is shut off */
- VIR_DOMAIN_CRASHED = 6 /* the domain is crashed */
-} virDomainState;
-
-/**
- * virDomainInfoPtr:
- *
- * a virDomainInfo is a structure filled by virDomainGetInfo() and extracting
- * runtime information for a given active Domain
- */
-
-typedef struct _virDomainInfo virDomainInfo;
-
-struct _virDomainInfo {
- unsigned char state; /* the running state, one of virDomainState */
- unsigned long maxMem; /* the maximum memory in KBytes allowed */
- unsigned long memory; /* the memory in KBytes used by the domain */
- unsigned short nrVirtCpu; /* the number of virtual CPUs for the domain */
- unsigned long long cpuTime; /* the CPU time used in nanoseconds */
-};
-
-/**
- * virDomainInfoPtr:
- *
- * a virDomainInfoPtr is a pointer to a virDomainInfo structure.
- */
-
-typedef virDomainInfo *virDomainInfoPtr;
-
-/**
- * virDomainCreateFlags:
- *
- * Flags OR'ed together to provide specific behaviour when creating a
- * Domain.
- */
-typedef enum {
- VIR_DOMAIN_NONE = 0
-} virDomainCreateFlags;
-
-/**
- * virNodeInfoPtr:
- *
- * a virNodeInfo is a structure filled by virNodeGetInfo() and providing
- * the information for the Node.
- */
-
-typedef struct _virNodeInfo virNodeInfo;
-
-struct _virNodeInfo {
- char model[32]; /* string indicating the CPU model */
- unsigned long memory;/* memory size in kilobytes */
- unsigned int cpus; /* the number of active CPUs */
- unsigned int mhz; /* expected CPU frequency */
- unsigned int nodes; /* the number of NUMA cell, 1 for uniform mem access */
- unsigned int sockets;/* number of CPU socket per node */
- unsigned int cores; /* number of core per socket */
- unsigned int threads;/* number of threads per core */
-};
-
-
-/**
- * virDomainSchedParameterType:
- *
- * A scheduler parameter field type
- */
-typedef enum {
- VIR_DOMAIN_SCHED_FIELD_INT = 1, /* integer case */
- VIR_DOMAIN_SCHED_FIELD_UINT = 2, /* unsigned integer case */
- VIR_DOMAIN_SCHED_FIELD_LLONG = 3, /* long long case */
- VIR_DOMAIN_SCHED_FIELD_ULLONG = 4, /* unsigned long long case */
- VIR_DOMAIN_SCHED_FIELD_DOUBLE = 5, /* double case */
- VIR_DOMAIN_SCHED_FIELD_BOOLEAN = 6 /* boolean(character) case */
-} virSchedParameterType;
-
-/**
- * VIR_DOMAIN_SCHED_FIELD_LENGTH:
- *
- * Macro providing the field length of virSchedParameter
- */
-
-#define VIR_DOMAIN_SCHED_FIELD_LENGTH 80
-
-/**
- * virDomainSchedParameter:
- *
- * a virDomainSchedParameter is the set of scheduler parameters
- */
-
-typedef struct _virSchedParameter virSchedParameter;
-
-struct _virSchedParameter {
- char field[VIR_DOMAIN_SCHED_FIELD_LENGTH]; /* parameter name */
- int type; /* parameter type */
- union {
- int i; /* data for integer case */
- unsigned int ui; /* data for unsigned integer case */
- long long int l; /* data for long long integer case */
- unsigned long long int ul; /* data for unsigned long long integer case */
- double d; /* data for double case */
- char b; /* data for char case */
- } value; /* parameter value */
-};
-
-/**
- * virSchedParameterPtr:
- *
- * a virSchedParameterPtr is a pointer to a virSchedParameter structure.
- */
-
-typedef virSchedParameter *virSchedParameterPtr;
-
-/*
- * Fetch scheduler parameters, caller allocates 'params' field of size 'nparams'
- */
-int virDomainGetSchedulerParameters (virDomainPtr domain,
- virSchedParameterPtr params,
- int *nparams);
-
-/*
- * Change scheduler parameters
- */
-int virDomainSetSchedulerParameters (virDomainPtr domain,
- virSchedParameterPtr params,
- int nparams);
-
-/**
- * virDomainBlockStats:
- *
- * Block device stats for virDomainBlockStats.
- *
- * Hypervisors may return a field set to ((long long)-1) which indicates
- * that the hypervisor does not support that statistic.
- *
- * NB. Here 'long long' means 64 bit integer.
- */
-typedef struct _virDomainBlockStats virDomainBlockStatsStruct;
-
-struct _virDomainBlockStats {
- long long rd_req; /* number of read requests */
- long long rd_bytes; /* number of read bytes */
- long long wr_req; /* number of write requests */
- long long wr_bytes; /* number of written bytes */
- long long errs; /* In Xen this returns the mysterious 'oo_req'. */
-};
-
-/**
- * virDomainBlockStatsPtr:
- *
- * A pointer to a virDomainBlockStats structure
- */
-typedef virDomainBlockStatsStruct *virDomainBlockStatsPtr;
-
-/**
- * virDomainInterfaceStats:
- *
- * Network interface stats for virDomainInterfaceStats.
- *
- * Hypervisors may return a field set to ((long long)-1) which indicates
- * that the hypervisor does not support that statistic.
- *
- * NB. Here 'long long' means 64 bit integer.
- */
-typedef struct _virDomainInterfaceStats virDomainInterfaceStatsStruct;
-
-struct _virDomainInterfaceStats {
- long long rx_bytes;
- long long rx_packets;
- long long rx_errs;
- long long rx_drop;
- long long tx_bytes;
- long long tx_packets;
- long long tx_errs;
- long long tx_drop;
-};
-
-/**
- * virDomainInterfaceStatsPtr:
- *
- * A pointer to a virDomainInterfaceStats structure
- */
-typedef virDomainInterfaceStatsStruct *virDomainInterfaceStatsPtr;
-
-
-/* Domain migration flags. */
-typedef enum {
- VIR_MIGRATE_LIVE = 1, /* live migration */
-} virDomainMigrateFlags;
-
-/* Domain migration. */
-virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
- unsigned long flags, const char *dname,
- const char *uri, unsigned long bandwidth);
-
-/**
- * VIR_NODEINFO_MAXCPUS:
- * @nodeinfo: virNodeInfo instance
- *
- * This macro is to calculate the total number of CPUs supported
- * but not necessary active in the host.
- */
-
-
-#define VIR_NODEINFO_MAXCPUS(nodeinfo) ((nodeinfo).nodes*(nodeinfo).sockets*(nodeinfo).cores*(nodeinfo).threads)
-
-/**
- * virNodeInfoPtr:
- *
- * a virNodeInfoPtr is a pointer to a virNodeInfo structure.
- */
-
-typedef virNodeInfo *virNodeInfoPtr;
-
-/**
- * virConnectFlags
- *
- * Flags when opening a connection to a hypervisor
- */
-typedef enum {
- VIR_CONNECT_RO = 1, /* A readonly connection */
-} virConnectFlags;
-
-
-typedef enum {
- VIR_CRED_USERNAME = 1, /* Identity to act as */
- VIR_CRED_AUTHNAME = 2, /* Identify to authorize as */
- VIR_CRED_LANGUAGE = 3, /* RFC 1766 languages, comma separated */
- VIR_CRED_CNONCE = 4, /* client supplies a nonce */
- VIR_CRED_PASSPHRASE = 5, /* Passphrase secret */
- VIR_CRED_ECHOPROMPT = 6, /* Challenge response */
- VIR_CRED_NOECHOPROMPT = 7, /* Challenge response */
- VIR_CRED_REALM = 8, /* Authentication realm */
- VIR_CRED_EXTERNAL = 9, /* Externally managed credential */
-
- /* More may be added - expect the unexpected */
-} virConnectCredentialType;
-
-struct _virConnectCredential {
- int type; /* One of virConnectCredentialType constants */
- const char *prompt; /* Prompt to show to user */
- const char *challenge; /* Additional challenge to show */
- const char *defresult; /* Optional default result */
- char *result; /* Result to be filled with user response (or defresult) */
- unsigned int resultlen; /* Length of the result */
-};
-
-typedef struct _virConnectCredential virConnectCredential;
-typedef virConnectCredential *virConnectCredentialPtr;
-
-
-/**
- * virConnectCredCallbackPtr
- *
- * @param authtype type of authentication being performed
- * @param cred list of virConnectCredential object to fetch from user
- * @param ncred size of cred list
- * @param cbdata opaque data passed to virConnectOpenAuth
- *
- * When authentication requires one or more interactions, this callback
- * is invoked. For each interaction supplied, data must be gathered
- * from the user and filled in to the 'result' and 'resultlen' fields.
- * If an interaction can not be filled, fill in NULL and 0.
- *
- * Return 0 if all interactions were filled, or -1 upon error
- */
-typedef int (*virConnectAuthCallbackPtr)(virConnectCredentialPtr cred,
- unsigned int ncred,
- void *cbdata);
-
-struct _virConnectAuth {
- int *credtype; /* List of supported virConnectCredentialType values */
- unsigned int ncredtype;
-
- virConnectAuthCallbackPtr cb; /* Callback used to collect credentials */
- void *cbdata;
-};
-
-
-typedef struct _virConnectAuth virConnectAuth;
-typedef virConnectAuth *virConnectAuthPtr;
-
-extern virConnectAuthPtr virConnectAuthPtrDefault;
-
-/**
- * VIR_UUID_BUFLEN:
- *
- * This macro provides the length of the buffer required
- * for virDomainGetUUID()
- */
-
-#define VIR_UUID_BUFLEN (16)
-
-/**
- * VIR_UUID_STRING_BUFLEN:
- *
- * This macro provides the length of the buffer required
- * for virDomainGetUUIDString()
- */
-
-#define VIR_UUID_STRING_BUFLEN (36+1)
-
-/* library versioning */
-
-/**
- * LIBVIR_VERSION_NUMBER:
- *
- * Macro providing the version of the library as
- * version * 1,000,000 + minor * 1000 + micro
- */
-
-#define LIBVIR_VERSION_NUMBER 6000
-
-int virGetVersion (unsigned long *libVer,
- const char *type,
- unsigned long *typeVer);
-
-/*
- * Connection and disconnections to the Hypervisor
- */
-int virInitialize (void);
-
-virConnectPtr virConnectOpen (const char *name);
-virConnectPtr virConnectOpenReadOnly (const char *name);
-virConnectPtr virConnectOpenAuth (const char *name,
- virConnectAuthPtr auth,
- int flags);
-int virConnectRef (virConnectPtr conn);
-int virConnectClose (virConnectPtr conn);
-const char * virConnectGetType (virConnectPtr conn);
-int virConnectGetVersion (virConnectPtr conn,
- unsigned long *hvVer);
-char * virConnectGetHostname (virConnectPtr conn);
-char * virConnectGetURI (virConnectPtr conn);
-
-
-/*
- * Capabilities of the connection / driver.
- */
-
-int virConnectGetMaxVcpus (virConnectPtr conn,
- const char *type);
-int virNodeGetInfo (virConnectPtr conn,
- virNodeInfoPtr info);
-char * virConnectGetCapabilities (virConnectPtr conn);
-
-unsigned long long virNodeGetFreeMemory (virConnectPtr conn);
-
-/*
- * Gather list of running domains
- */
-int virConnectListDomains (virConnectPtr conn,
- int *ids,
- int maxids);
-
-/*
- * Number of domains
- */
-int virConnectNumOfDomains (virConnectPtr conn);
-
-
-/*
- * Get connection from domain.
- */
-virConnectPtr virDomainGetConnect (virDomainPtr domain);
-
-/*
- * Domain creation and destruction
- */
-virDomainPtr virDomainCreateXML (virConnectPtr conn,
- const char *xmlDesc,
- unsigned int flags);
-virDomainPtr virDomainLookupByName (virConnectPtr conn,
- const char *name);
-virDomainPtr virDomainLookupByID (virConnectPtr conn,
- int id);
-virDomainPtr virDomainLookupByUUID (virConnectPtr conn,
- const unsigned char *uuid);
-virDomainPtr virDomainLookupByUUIDString (virConnectPtr conn,
- const char *uuid);
-
-int virDomainShutdown (virDomainPtr domain);
-int virDomainReboot (virDomainPtr domain,
- unsigned int flags);
-int virDomainDestroy (virDomainPtr domain);
-int virDomainRef (virDomainPtr domain);
-int virDomainFree (virDomainPtr domain);
-
-/*
- * Domain suspend/resume
- */
-int virDomainSuspend (virDomainPtr domain);
-int virDomainResume (virDomainPtr domain);
-
-/*
- * Domain save/restore
- */
-int virDomainSave (virDomainPtr domain,
- const char *to);
-int virDomainRestore (virConnectPtr conn,
- const char *from);
-
-/*
- * Domain core dump
- */
-int virDomainCoreDump (virDomainPtr domain,
- const char *to,
- int flags);
-
-/*
- * Domain runtime information
- */
-int virDomainGetInfo (virDomainPtr domain,
- virDomainInfoPtr info);
-
-/*
- * Return scheduler type in effect 'sedf', 'credit', 'linux'
- */
-char * virDomainGetSchedulerType(virDomainPtr domain,
- int *nparams);
-
-/*
- * Dynamic control of domains
- */
-const char * virDomainGetName (virDomainPtr domain);
-unsigned int virDomainGetID (virDomainPtr domain);
-int virDomainGetUUID (virDomainPtr domain,
- unsigned char *uuid);
-int virDomainGetUUIDString (virDomainPtr domain,
- char *buf);
-char * virDomainGetOSType (virDomainPtr domain);
-unsigned long virDomainGetMaxMemory (virDomainPtr domain);
-int virDomainSetMaxMemory (virDomainPtr domain,
- unsigned long memory);
-int virDomainSetMemory (virDomainPtr domain,
- unsigned long memory);
-int virDomainGetMaxVcpus (virDomainPtr domain);
-
-/*
- * XML domain description
- */
-/**
- * virDomainXMLFlags:
- *
- * Flags available for virDomainGetXMLDesc
- */
-
-typedef enum {
- VIR_DOMAIN_XML_SECURE = 1, /* dump security sensitive information too */
- VIR_DOMAIN_XML_INACTIVE = 2/* dump inactive domain information */
-} virDomainXMLFlags;
-
-char * virDomainGetXMLDesc (virDomainPtr domain,
- int flags);
-
-int virDomainBlockStats (virDomainPtr dom,
- const char *path,
- virDomainBlockStatsPtr stats,
- size_t size);
-int virDomainInterfaceStats (virDomainPtr dom,
- const char *path,
- virDomainInterfaceStatsPtr stats,
- size_t size);
-int virDomainBlockPeek (virDomainPtr dom,
- const char *path,
- unsigned long long offset,
- size_t size,
- void *buffer,
- unsigned int flags);
-
-/* Memory peeking flags. */
-typedef enum {
- VIR_MEMORY_VIRTUAL = 1, /* addresses are virtual addresses */
-} virDomainMemoryFlags;
-
-int virDomainMemoryPeek (virDomainPtr dom,
- unsigned long long start,
- size_t size,
- void *buffer,
- unsigned int flags);
-
-/*
- * defined but not running domains
- */
-virDomainPtr virDomainDefineXML (virConnectPtr conn,
- const char *xml);
-int virDomainUndefine (virDomainPtr domain);
-int virConnectNumOfDefinedDomains (virConnectPtr conn);
-int virConnectListDefinedDomains (virConnectPtr conn,
- char **const names,
- int maxnames);
-int virDomainCreate (virDomainPtr domain);
-
-int virDomainGetAutostart (virDomainPtr domain,
- int *autostart);
-int virDomainSetAutostart (virDomainPtr domain,
- int autostart);
-
-/**
- * virVcpuInfo: structure for information about a virtual CPU in a domain.
- */
-
-typedef enum {
- VIR_VCPU_OFFLINE = 0, /* the virtual CPU is offline */
- VIR_VCPU_RUNNING = 1, /* the virtual CPU is running */
- VIR_VCPU_BLOCKED = 2, /* the virtual CPU is blocked on resource */
-} virVcpuState;
-
-typedef struct _virVcpuInfo virVcpuInfo;
-struct _virVcpuInfo {
- unsigned int number; /* virtual CPU number */
- int state; /* value from virVcpuState */
- unsigned long long cpuTime; /* CPU time used, in nanoseconds */
- int cpu; /* real CPU number, or -1 if offline */
-};
-typedef virVcpuInfo *virVcpuInfoPtr;
-
-int virDomainSetVcpus (virDomainPtr domain,
- unsigned int nvcpus);
-
-int virDomainPinVcpu (virDomainPtr domain,
- unsigned int vcpu,
- unsigned char *cpumap,
- int maplen);
-
-/**
- * VIR_USE_CPU:
- * @cpumap: pointer to a bit map of real CPUs (in 8-bit bytes) (IN/OUT)
- * @cpu: the physical CPU number
- *
- * This macro is to be used in conjunction with virDomainPinVcpu() API.
- * USE_CPU macro set the bit (CPU usable) of the related cpu in cpumap.
- */
-
-#define VIR_USE_CPU(cpumap,cpu) (cpumap[(cpu)/8] |= (1<<((cpu)%8)))
-
-/**
- * VIR_UNUSE_CPU:
- * @cpumap: pointer to a bit map of real CPUs (in 8-bit bytes) (IN/OUT)
- * @cpu: the physical CPU number
- *
- * This macro is to be used in conjunction with virDomainPinVcpu() API.
- * USE_CPU macro reset the bit (CPU not usable) of the related cpu in cpumap.
- */
-
-#define VIR_UNUSE_CPU(cpumap,cpu) (cpumap[(cpu)/8] &= ~(1<<((cpu)%8)))
-
-/**
- * VIR_CPU_MAPLEN:
- * @cpu: number of physical CPUs
- *
- * This macro is to be used in conjunction with virDomainPinVcpu() API.
- * It returns the length (in bytes) required to store the complete
- * CPU map between a single virtual & all physical CPUs of a domain.
- */
-
-#define VIR_CPU_MAPLEN(cpu) (((cpu)+7)/8)
-
-
-int virDomainGetVcpus (virDomainPtr domain,
- virVcpuInfoPtr info,
- int maxinfo,
- unsigned char *cpumaps,
- int maplen);
-
-/**
- * VIR_CPU_USABLE:
- * @cpumaps: pointer to an array of cpumap (in 8-bit bytes) (IN)
- * @maplen: the length (in bytes) of one cpumap
- * @vcpu: the virtual CPU number
- * @cpu: the physical CPU number
- *
- * This macro is to be used in conjunction with virDomainGetVcpus() API.
- * VIR_CPU_USABLE macro returns a non zero value (true) if the cpu
- * is usable by the vcpu, and 0 otherwise.
- */
-
-#define VIR_CPU_USABLE(cpumaps,maplen,vcpu,cpu) \
- (cpumaps[((vcpu)*(maplen))+((cpu)/8)] & (1<<((cpu)%8)))
-
-/**
- * VIR_COPY_CPUMAP:
- * @cpumaps: pointer to an array of cpumap (in 8-bit bytes) (IN)
- * @maplen: the length (in bytes) of one cpumap
- * @vcpu: the virtual CPU number
- * @cpumap: pointer to a cpumap (in 8-bit bytes) (OUT)
- * This cpumap must be previously allocated by the caller
- * (ie: malloc(maplen))
- *
- * This macro is to be used in conjunction with virDomainGetVcpus() and
- * virDomainPinVcpu() APIs. VIR_COPY_CPUMAP macro extract the cpumap of
- * the specified vcpu from cpumaps array and copy it into cpumap to be used
- * later by virDomainPinVcpu() API.
- */
-#define VIR_COPY_CPUMAP(cpumaps,maplen,vcpu,cpumap) \
- memcpy(cpumap, &(cpumaps[(vcpu)*(maplen)]), (maplen))
-
-
-/**
- * VIR_GET_CPUMAP:
- * @cpumaps: pointer to an array of cpumap (in 8-bit bytes) (IN)
- * @maplen: the length (in bytes) of one cpumap
- * @vcpu: the virtual CPU number
- *
- * This macro is to be used in conjunction with virDomainGetVcpus() and
- * virDomainPinVcpu() APIs. VIR_GET_CPUMAP macro returns a pointer to the
- * cpumap of the specified vcpu from cpumaps array.
- */
-#define VIR_GET_CPUMAP(cpumaps,maplen,vcpu) &(cpumaps[(vcpu)*(maplen)])
-
-int virDomainAttachDevice(virDomainPtr domain, const char *xml);
-int virDomainDetachDevice(virDomainPtr domain, const char *xml);
-
-/*
- * NUMA support
- */
-
-int virNodeGetCellsFreeMemory(virConnectPtr conn,
- unsigned long long *freeMems,
- int startCell,
- int maxCells);
-
-/*
- * Virtual Networks API
- */
-
-/**
- * virNetwork:
- *
- * a virNetwork is a private structure representing a virtual network.
- */
-typedef struct _virNetwork virNetwork;
-
-/**
- * virNetworkPtr:
- *
- * a virNetworkPtr is pointer to a virNetwork private structure, this is the
- * type used to reference a virtual network in the API.
- */
-typedef virNetwork *virNetworkPtr;
-
-/*
- * Get connection from network.
- */
-virConnectPtr virNetworkGetConnect (virNetworkPtr network);
-
-/*
- * List active networks
- */
-int virConnectNumOfNetworks (virConnectPtr conn);
-int virConnectListNetworks (virConnectPtr conn,
- char **const names,
- int maxnames);
-
-/*
- * List inactive networks
- */
-int virConnectNumOfDefinedNetworks (virConnectPtr conn);
-int virConnectListDefinedNetworks (virConnectPtr conn,
- char **const names,
- int maxnames);
-
-/*
- * Lookup network by name or uuid
- */
-virNetworkPtr virNetworkLookupByName (virConnectPtr conn,
- const char *name);
-virNetworkPtr virNetworkLookupByUUID (virConnectPtr conn,
- const unsigned char *uuid);
-virNetworkPtr virNetworkLookupByUUIDString (virConnectPtr conn,
- const char *uuid);
-
-/*
- * Create active transient network
- */
-virNetworkPtr virNetworkCreateXML (virConnectPtr conn,
- const char *xmlDesc);
-
-/*
- * Define inactive persistent network
- */
-virNetworkPtr virNetworkDefineXML (virConnectPtr conn,
- const char *xmlDesc);
-
-/*
- * Delete persistent network
- */
-int virNetworkUndefine (virNetworkPtr network);
-
-/*
- * Activate persistent network
- */
-int virNetworkCreate (virNetworkPtr network);
-
-/*
- * Network destroy/free
- */
-int virNetworkDestroy (virNetworkPtr network);
-int virNetworkRef (virNetworkPtr network);
-int virNetworkFree (virNetworkPtr network);
-
-/*
- * Network information
- */
-const char* virNetworkGetName (virNetworkPtr network);
-int virNetworkGetUUID (virNetworkPtr network,
- unsigned char *uuid);
-int virNetworkGetUUIDString (virNetworkPtr network,
- char *buf);
-char * virNetworkGetXMLDesc (virNetworkPtr network,
- int flags);
-char * virNetworkGetBridgeName (virNetworkPtr network);
-
-int virNetworkGetAutostart (virNetworkPtr network,
- int *autostart);
-int virNetworkSetAutostart (virNetworkPtr network,
- int autostart);
-
-
-/**
- * virStoragePool:
- *
- * a virStoragePool is a private structure representing a storage pool
- */
-typedef struct _virStoragePool virStoragePool;
-
-/**
- * virStoragePoolPtr:
- *
- * a virStoragePoolPtr is pointer to a virStoragePool private structure, this is the
- * type used to reference a storage pool in the API.
- */
-typedef virStoragePool *virStoragePoolPtr;
-
-
-typedef enum {
- VIR_STORAGE_POOL_INACTIVE = 0, /* Not running */
- VIR_STORAGE_POOL_BUILDING = 1, /* Initializing pool, not available */
- VIR_STORAGE_POOL_RUNNING = 2, /* Running normally */
- VIR_STORAGE_POOL_DEGRADED = 3, /* Running degraded */
-} virStoragePoolState;
-
-
-typedef enum {
- VIR_STORAGE_POOL_BUILD_NEW = 0, /* Regular build from scratch */
- VIR_STORAGE_POOL_BUILD_REPAIR = 1, /* Repair / reinitialize */
- VIR_STORAGE_POOL_BUILD_RESIZE = 2 /* Extend existing pool */
-} virStoragePoolBuildFlags;
-
-typedef enum {
- VIR_STORAGE_POOL_DELETE_NORMAL = 0, /* Delete metadata only (fast) */
- VIR_STORAGE_POOL_DELETE_ZEROED = 1, /* Clear all data to zeros (slow) */
-} virStoragePoolDeleteFlags;
-
-typedef struct _virStoragePoolInfo virStoragePoolInfo;
-
-struct _virStoragePoolInfo {
- int state; /* virStoragePoolState flags */
- unsigned long long capacity; /* Logical size bytes */
- unsigned long long allocation; /* Current allocation bytes */
- unsigned long long available; /* Remaining free space bytes */
-};
-
-typedef virStoragePoolInfo *virStoragePoolInfoPtr;
-
-
-/**
- * virStorageVol:
- *
- * a virStorageVol is a private structure representing a storage volume
- */
-typedef struct _virStorageVol virStorageVol;
-
-/**
- * virStorageVolPtr:
- *
- * a virStorageVolPtr is pointer to a virStorageVol private structure, this is the
- * type used to reference a storage volume in the API.
- */
-typedef virStorageVol *virStorageVolPtr;
-
-
-typedef enum {
- VIR_STORAGE_VOL_FILE = 0, /* Regular file based volumes */
- VIR_STORAGE_VOL_BLOCK = 1, /* Block based volumes */
-} virStorageVolType;
-
-typedef enum {
- VIR_STORAGE_VOL_DELETE_NORMAL = 0, /* Delete metadata only (fast) */
- VIR_STORAGE_VOL_DELETE_ZEROED = 1, /* Clear all data to zeros (slow) */
-} virStorageVolDeleteFlags;
-
-typedef struct _virStorageVolInfo virStorageVolInfo;
-
-struct _virStorageVolInfo {
- int type; /* virStorageVolType flags */
- unsigned long long capacity; /* Logical size bytes */
- unsigned long long allocation; /* Current allocation bytes */
-};
-
-typedef virStorageVolInfo *virStorageVolInfoPtr;
-
-/*
- * Get connection from pool.
- */
-virConnectPtr virStoragePoolGetConnect (virStoragePoolPtr pool);
-
-/*
- * List active storage pools
- */
-int virConnectNumOfStoragePools (virConnectPtr conn);
-int virConnectListStoragePools (virConnectPtr conn,
- char **const names,
- int maxnames);
-
-/*
- * List inactive storage pools
- */
-int virConnectNumOfDefinedStoragePools(virConnectPtr conn);
-int virConnectListDefinedStoragePools(virConnectPtr conn,
- char **const names,
- int maxnames);
-
-/*
- * Query a host for storage pools of a particular type
- */
-char * virConnectFindStoragePoolSources(virConnectPtr conn,
- const char *type,
- const char *srcSpec,
- unsigned int flags);
-
-/*
- * Lookup pool by name or uuid
- */
-virStoragePoolPtr virStoragePoolLookupByName (virConnectPtr conn,
- const char *name);
-virStoragePoolPtr virStoragePoolLookupByUUID (virConnectPtr conn,
- const unsigned char *uuid);
-virStoragePoolPtr virStoragePoolLookupByUUIDString(virConnectPtr conn,
- const char *uuid);
-virStoragePoolPtr virStoragePoolLookupByVolume (virStorageVolPtr vol);
-
-/*
- * Creating/destroying pools
- */
-virStoragePoolPtr virStoragePoolCreateXML (virConnectPtr conn,
- const char *xmlDesc,
- unsigned int flags);
-virStoragePoolPtr virStoragePoolDefineXML (virConnectPtr conn,
- const char *xmlDesc,
- unsigned int flags);
-int virStoragePoolBuild (virStoragePoolPtr pool,
- unsigned int flags);
-int virStoragePoolUndefine (virStoragePoolPtr pool);
-int virStoragePoolCreate (virStoragePoolPtr pool,
- unsigned int flags);
-int virStoragePoolDestroy (virStoragePoolPtr pool);
-int virStoragePoolDelete (virStoragePoolPtr pool,
- unsigned int flags);
-int virStoragePoolRef (virStoragePoolPtr pool);
-int virStoragePoolFree (virStoragePoolPtr pool);
-int virStoragePoolRefresh (virStoragePoolPtr pool,
- unsigned int flags);
-
-/*
- * StoragePool information
- */
-const char* virStoragePoolGetName (virStoragePoolPtr pool);
-int virStoragePoolGetUUID (virStoragePoolPtr pool,
- unsigned char *uuid);
-int virStoragePoolGetUUIDString (virStoragePoolPtr pool,
- char *buf);
-
-int virStoragePoolGetInfo (virStoragePoolPtr vol,
- virStoragePoolInfoPtr info);
-
-char * virStoragePoolGetXMLDesc (virStoragePoolPtr pool,
- unsigned int flags);
-
-int virStoragePoolGetAutostart (virStoragePoolPtr pool,
- int *autostart);
-int virStoragePoolSetAutostart (virStoragePoolPtr pool,
- int autostart);
-
-/*
- * List/lookup storage volumes within a pool
- */
-int virStoragePoolNumOfVolumes (virStoragePoolPtr pool);
-int virStoragePoolListVolumes (virStoragePoolPtr pool,
- char **const names,
- int maxnames);
-
-virConnectPtr virStorageVolGetConnect (virStorageVolPtr vol);
-
-/*
- * Lookup volumes based on various attributes
- */
-virStorageVolPtr virStorageVolLookupByName (virStoragePoolPtr pool,
- const char *name);
-virStorageVolPtr virStorageVolLookupByKey (virConnectPtr conn,
- const char *key);
-virStorageVolPtr virStorageVolLookupByPath (virConnectPtr conn,
- const char *path);
-
-
-const char* virStorageVolGetName (virStorageVolPtr vol);
-const char* virStorageVolGetKey (virStorageVolPtr vol);
-
-virStorageVolPtr virStorageVolCreateXML (virStoragePoolPtr pool,
- const char *xmldesc,
- unsigned int flags);
-int virStorageVolDelete (virStorageVolPtr vol,
- unsigned int flags);
-int virStorageVolRef (virStorageVolPtr vol);
-int virStorageVolFree (virStorageVolPtr vol);
-
-int virStorageVolGetInfo (virStorageVolPtr vol,
- virStorageVolInfoPtr info);
-char * virStorageVolGetXMLDesc (virStorageVolPtr pool,
- unsigned int flags);
-
-char * virStorageVolGetPath (virStorageVolPtr vol);
-
-/*
- * Deprecated calls
- */
-virDomainPtr virDomainCreateLinux (virConnectPtr conn,
- const char *xmlDesc,
- unsigned int flags);
-
-/*
- * Host device enumeration
- */
-
-/**
- * virNodeDevice:
- *
- * A virNodeDevice contains a node (host) device details.
- */
-
-typedef struct _virNodeDevice virNodeDevice;
-
-/**
- * virNodeDevicePtr:
- *
- * A virNodeDevicePtr is a pointer to a virNodeDevice structure. Get
- * one via virNodeDeviceLookupByKey, virNodeDeviceLookupByName, or
- * virNodeDeviceCreate. Be sure to Call virNodeDeviceFree when done
- * using a virNodeDevicePtr obtained from any of the above functions to
- * avoid leaking memory.
- */
-
-typedef virNodeDevice *virNodeDevicePtr;
-
-
-int virNodeNumOfDevices (virConnectPtr conn,
- const char *cap,
- unsigned int flags);
-
-int virNodeListDevices (virConnectPtr conn,
- const char *cap,
- char **const names,
- int maxnames,
- unsigned int flags);
-
-virNodeDevicePtr virNodeDeviceLookupByName (virConnectPtr conn,
- const char *name);
-
-const char * virNodeDeviceGetName (virNodeDevicePtr dev);
-
-const char * virNodeDeviceGetParent (virNodeDevicePtr dev);
-
-int virNodeDeviceNumOfCaps (virNodeDevicePtr dev);
-
-int virNodeDeviceListCaps (virNodeDevicePtr dev,
- char **const names,
- int maxnames);
-
-char * virNodeDeviceGetXMLDesc (virNodeDevicePtr dev,
- unsigned int flags);
-
-int virNodeDeviceRef (virNodeDevicePtr dev);
-int virNodeDeviceFree (virNodeDevicePtr dev);
-
-/*
- * Domain Event Notification
- */
-
-/**
- * virDomainEventType:
- *
- * a virDomainEventType is emitted during domain lifecycle events
- */
-typedef enum {
- VIR_DOMAIN_EVENT_DEFINED = 0,
- VIR_DOMAIN_EVENT_UNDEFINED = 1,
- VIR_DOMAIN_EVENT_STARTED = 2,
- VIR_DOMAIN_EVENT_SUSPENDED = 3,
- VIR_DOMAIN_EVENT_RESUMED = 4,
- VIR_DOMAIN_EVENT_STOPPED = 5,
-} virDomainEventType;
-
-/**
- * virDomainEventDefinedDetailType:
- *
- * Details on the caused of the 'defined' lifecycle event
- */
-typedef enum {
- VIR_DOMAIN_EVENT_DEFINED_ADDED = 0, /* Newly created config file */
- VIR_DOMAIN_EVENT_DEFINED_UPDATED = 1, /* Changed config file */
-} virDomainEventDefinedDetailType;
-
-/**
- * virDomainEventUndefinedDetailType:
- *
- * Details on the caused of the 'undefined' lifecycle event
- */
-typedef enum {
- VIR_DOMAIN_EVENT_UNDEFINED_REMOVED = 0, /* Deleted the config file */
-} virDomainEventUndefinedDetailType;
-
-/**
- * virDomainEventStartedDetailType:
- *
- * Details on the caused of the 'started' lifecycle event
- */
-typedef enum {
- VIR_DOMAIN_EVENT_STARTED_BOOTED = 0, /* Normal startup from boot */
- VIR_DOMAIN_EVENT_STARTED_MIGRATED = 1, /* Incoming migration from another host */
- VIR_DOMAIN_EVENT_STARTED_RESTORED = 2, /* Restored from a state file */
-} virDomainEventStartedDetailType;
-
-/**
- * virDomainEventSuspendedDetailType:
- *
- * Details on the caused of the 'suspended' lifecycle event
- */
-typedef enum {
- VIR_DOMAIN_EVENT_SUSPENDED_PAUSED = 0, /* Normal suspend due to admin pause */
- VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED = 1, /* Suspended for offline migration */
-} virDomainEventSuspendedDetailType;
-
-/**
- * virDomainEventResumedDetailType:
- *
- * Details on the caused of the 'resumed' lifecycle event
- */
-typedef enum {
- VIR_DOMAIN_EVENT_RESUMED_UNPAUSED = 0, /* Normal resume due to admin unpause */
- VIR_DOMAIN_EVENT_RESUMED_MIGRATED = 1, /* Resumed for completion of migration */
-} virDomainEventResumedDetailType;
-
-/**
- * virDomainEventStoppedDetailType:
- *
- * Details on the caused of the 'stopped' lifecycle event
- */
-typedef enum {
- VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN = 0, /* Normal shutdown */
- VIR_DOMAIN_EVENT_STOPPED_DESTROYED = 1, /* Forced poweroff from host */
- VIR_DOMAIN_EVENT_STOPPED_CRASHED = 2, /* Guest crashed */
- VIR_DOMAIN_EVENT_STOPPED_MIGRATED = 3, /* Migrated off to another host */
- VIR_DOMAIN_EVENT_STOPPED_SAVED = 4, /* Saved to a state file */
- VIR_DOMAIN_EVENT_STOPPED_FAILED = 5, /* Host emulator/mgmt failed */
-} virDomainEventStoppedDetailType;
-
-
-/**
- * virConnectDomainEventCallback:
- * @conn: virConnect connection
- * @dom: The domain on which the event occured
- * @event: The specfic virDomainEventType which occured
- * @detail: event specific detail information
- * @opaque: opaque user data
- *
- * A callback function to be registered, and called when a domain event occurs
- */
-typedef int (*virConnectDomainEventCallback)(virConnectPtr conn,
- virDomainPtr dom,
- int event,
- int detail,
- void *opaque);
-
-typedef void (*virFreeCallback)(void *opaque);
-
-int virConnectDomainEventRegister(virConnectPtr conn,
- virConnectDomainEventCallback cb,
- void *opaque,
- virFreeCallback freecb);
-
-int virConnectDomainEventDeregister(virConnectPtr conn,
- virConnectDomainEventCallback cb);
-
-/*
- * Events Implementation
- */
-
-/**
- * virEventHandleType:
- *
- * a virEventHandleType is used similar to POLLxxx FD events, but is specific
- * to libvirt. A client app must translate to, and from POLL events when using
- * this construct.
- */
-typedef enum {
- VIR_EVENT_HANDLE_READABLE = (1 << 0),
- VIR_EVENT_HANDLE_WRITABLE = (1 << 1),
- VIR_EVENT_HANDLE_ERROR = (1 << 2),
- VIR_EVENT_HANDLE_HANGUP = (1 << 3),
-} virEventHandleType;
-
-/**
- * virEventHandleCallback:
- *
- * @watch: watch on which the event occurred
- * @fd: file handle on which the event occurred
- * @events: bitset of events from virEventHandleType constants
- * @opaque: user data registered with handle
- *
- * Callback for receiving file handle events. The callback will
- * be invoked once for each event which is pending.
- */
-typedef void (*virEventHandleCallback)(int watch, int fd, int events, void *opaque);
-
-/**
- * virEventAddHandleFunc:
- * @fd: file descriptor to listen on
- * @event: bitset of events on which to fire the callback
- * @cb: the callback to be called when an event occurrs
- * @opaque: user data to pass to the callback
- * @ff: the callback invoked to free opaque data blob
- *
- * Part of the EventImpl, this callback Adds a file handle callback to
- * listen for specific events. The same file handle can be registered
- * multiple times provided the requested event sets are non-overlapping
- *
- * If the opaque user data requires free'ing when the handle
- * is unregistered, then a 2nd callback can be supplied for
- * this purpose.
- *
- * Returns a handle watch number to be used for updating
- * and unregistering for events
- */
-typedef int (*virEventAddHandleFunc)(int fd, int event,
- virEventHandleCallback cb,
- void *opaque,
- virFreeCallback ff);
-
-/**
- * virEventUpdateHandleFunc:
- * @watch: file descriptor watch to modify
- * @event: new events to listen on
- *
- * Part of the EventImpl, this user-provided callback is notified when
- * events to listen on change
- */
-typedef void (*virEventUpdateHandleFunc)(int watch, int event);
-
-/**
- * virEventRemoveHandleFunc:
- * @watch: file descriptor watch to stop listening on
- *
- * Part of the EventImpl, this user-provided callback is notified when
- * an fd is no longer being listened on.
- *
- * If a virEventHandleFreeFunc was supplied when the handle was
- * registered, it will be invoked some time during, or after this
- * function call, when it is safe to release the user data.
- */
-typedef int (*virEventRemoveHandleFunc)(int watch);
-
-/**
- * virEventTimeoutCallback:
- *
- * @timer: timer id emitting the event
- * @opaque: user data registered with handle
- *
- * callback for receiving timer events
- */
-typedef void (*virEventTimeoutCallback)(int timer, void *opaque);
-
-/**
- * virEventAddTimeoutFunc:
- * @timeout: The timeout to monitor
- * @cb: the callback to call when timeout has expired
- * @opaque: user data to pass to the callback
- * @ff: the callback invoked to free opaque data blob
- *
- * Part of the EventImpl, this user-defined callback handles adding an
- * event timeout.
- *
- * If the opaque user data requires free'ing when the handle
- * is unregistered, then a 2nd callback can be supplied for
- * this purpose.
- *
- * Returns a timer value
- */
-typedef int (*virEventAddTimeoutFunc)(int timeout,
- virEventTimeoutCallback cb,
- void *opaque,
- virFreeCallback ff);
-
-/**
- * virEventUpdateTimeoutFunc:
- * @timer: the timer to modify
- * @timeout: the new timeout value
- *
- * Part of the EventImpl, this user-defined callback updates an
- * event timeout.
- */
-typedef void (*virEventUpdateTimeoutFunc)(int timer, int timeout);
-
-/**
- * virEventRemoveTimeoutFunc:
- * @timer: the timer to remove
- *
- * Part of the EventImpl, this user-defined callback removes a timer
- *
- * If a virEventTimeoutFreeFunc was supplied when the handle was
- * registered, it will be invoked some time during, or after this
- * function call, when it is safe to release the user data.
- *
- * Returns 0 on success, -1 on failure
- */
-typedef int (*virEventRemoveTimeoutFunc)(int timer);
-
-void virEventRegisterImpl(virEventAddHandleFunc addHandle,
- virEventUpdateHandleFunc updateHandle,
- virEventRemoveHandleFunc removeHandle,
- virEventAddTimeoutFunc addTimeout,
- virEventUpdateTimeoutFunc updateTimeout,
- virEventRemoveTimeoutFunc removeTimeout);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __VIR_VIRLIB_H__ */
diff -BNurbp libvirt-0.6.0/include/libvirt/libvirt.h.in libvirt-ibm/include/libvirt/libvirt.h.in
--- libvirt-0.6.0/include/libvirt/libvirt.h.in 2009-01-20 14:48:27.000000000 +0100
+++ libvirt-ibm/include/libvirt/libvirt.h.in 2009-04-27 16:07:29.000000000 +0200
@@ -345,6 +345,11 @@ struct _virConnectAuth {
virConnectAuthCallbackPtr cb; /* Callback used to collect credentials */
void *cbdata;
+
+ /* Status data from connection and authentication*/
+ int remote_type; /* 0=Unix, 1=TCP, 2=TLS */
+ int remote_fd;
+ char *remote_saslUsername;
};
diff -BNurbp libvirt-0.6.0/include/libvirt/virterror.h libvirt-ibm/include/libvirt/virterror.h
--- libvirt-0.6.0/include/libvirt/virterror.h 2008-11-25 14:42:33.000000000 +0100
+++ libvirt-ibm/include/libvirt/virterror.h 2009-04-27 16:07:29.000000000 +0200
@@ -61,6 +61,7 @@ typedef enum {
VIR_FROM_UML, /* Error at the UML driver */
VIR_FROM_NODEDEV, /* Error from node device monitor */
VIR_FROM_XEN_INOTIFY, /* Error from xen inotify layer */
+ VIR_FROM_ACC_CTRL, /* Error from AC-module */
} virErrorDomain;
@@ -154,6 +155,7 @@ typedef enum {
VIR_WAR_NO_NODE, /* failed to start node driver */
VIR_ERR_INVALID_NODE_DEVICE,/* invalid node device object */
VIR_ERR_NO_NODE_DEVICE,/* node device not found */
+ VIR_ERR_ACC_DENIED, /* access denied */
} virErrorNumber;
/**
diff -BNurbp libvirt-0.6.0/libvirt.pc libvirt-ibm/libvirt.pc
--- libvirt-0.6.0/libvirt.pc 2009-01-31 10:20:10.000000000 +0100
+++ libvirt-ibm/libvirt.pc 1970-01-01 01:00:00.000000000 +0100
@@ -1,11 +0,0 @@
-prefix=/usr
-exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-
-Name: libvirt
-Version: 0.6.0
-Description: libvirt library
-Requires:
-Libs: -L${libdir} -lvirt -lpthread
-Cflags: -I${includedir}
diff -BNurbp libvirt-0.6.0/libvirt.spec libvirt-ibm/libvirt.spec
--- libvirt-0.6.0/libvirt.spec 2009-01-31 10:20:10.000000000 +0100
+++ libvirt-ibm/libvirt.spec 1970-01-01 01:00:00.000000000 +0100
@@ -1,710 +0,0 @@
-# -*- rpm-spec -*-
-
-%define with_xen 0%{!?_without_xen:1}
-%define with_xen_proxy 0%{!?_without_xen_proxy:1}
-%define with_qemu 0%{!?_without_qemu:1}
-%define with_openvz 0%{!?_without_openvz:1}
-%define with_lxc 0%{!?_without_lxc:1}
-%define with_sasl 0%{!?_without_sasl:1}
-%define with_avahi 0%{!?_without_avahi:1}
-%define with_polkit 0%{!?_without_polkit:0}
-%define with_python 0%{!?_without_python:1}
-%define with_libvirtd 0%{!?_without_libvirtd:1}
-%define with_uml 0%{!?_without_uml:1}
-%define with_network 0%{!?_without_network:1}
-
-# Xen is available only on i386 x86_64 ia64
-%ifnarch i386 i686 x86_64 ia64
-%define with_xen 0
-%endif
-
-%if ! %{with_xen}
-%define with_xen_proxy 0
-%endif
-
-%if 0%{?fedora}
-%ifarch ppc64
-%define with_qemu 0
-%endif
-%endif
-
-%if 0%{?fedora} >= 8
-%define with_polkit 0%{!?_without_polkit:1}
-%define with_xen_proxy 0
-%endif
-
-#
-# If building on RHEL switch on the specific support
-# for the specific Xen version
-#
-%if 0%{?fedora}
-%define with_rhel5 0
-%else
-%define with_rhel5 1
-%endif
-
-
-Summary: Library providing a simple API virtualization
-Name: libvirt
-Version: 0.6.0
-Release: 1%{?dist}%{?extra_release}
-License: LGPLv2+
-Group: Development/Libraries
-Source: libvirt-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-URL: http://libvirt.org/
-BuildRequires: python python-devel
-Requires: libxml2
-Requires: readline
-Requires: ncurses
-Requires: dnsmasq
-Requires: bridge-utils
-Requires: iptables
-# needed for device enumeration
-Requires: hal
-# So remote clients can access libvirt over SSH tunnel
-# (client invokes 'nc' against the UNIX socket on the server)
-Requires: nc
-%if %{with_sasl}
-Requires: cyrus-sasl
-# Not technically required, but makes 'out-of-box' config
-# work correctly & doesn't have onerous dependencies
-Requires: cyrus-sasl-md5
-%endif
-%if %{with_polkit}
-Requires: PolicyKit >= 0.6
-%endif
-# For mount/umount in FS driver
-BuildRequires: util-linux
-# For showmount in FS driver (netfs discovery)
-BuildRequires: nfs-utils
-Requires: nfs-utils
-%if %{with_qemu}
-# From QEMU RPMs
-Requires: /usr/bin/qemu-img
-%else
-%if %{with_xen}
-# From Xen RPMs
-Requires: /usr/sbin/qcow-create
-%endif
-%endif
-# For LVM drivers
-Requires: lvm2
-# For ISCSI driver
-Requires: iscsi-initiator-utils
-# For disk driver
-Requires: parted
-%if %{with_xen}
-BuildRequires: xen-devel
-%endif
-BuildRequires: libxml2-devel
-BuildRequires: xhtml1-dtds
-BuildRequires: readline-devel
-BuildRequires: ncurses-devel
-BuildRequires: gettext
-BuildRequires: gnutls-devel
-BuildRequires: hal-devel
-%if %{with_avahi}
-BuildRequires: avahi-devel
-%endif
-BuildRequires: libselinux-devel
-BuildRequires: dnsmasq
-BuildRequires: bridge-utils
-%if %{with_qemu}
-BuildRequires: qemu
-%endif
-%if %{with_sasl}
-BuildRequires: cyrus-sasl-devel
-%endif
-%if %{with_polkit}
-BuildRequires: PolicyKit-devel >= 0.6
-%endif
-# For mount/umount in FS driver
-BuildRequires: util-linux
-%if %{with_qemu}
-# From QEMU RPMs
-BuildRequires: /usr/bin/qemu-img
-%else
-%if %{with_xen}
-# From Xen RPMs
-BuildRequires: /usr/sbin/qcow-create
-%endif
-%endif
-# For LVM drivers
-BuildRequires: lvm2
-# For ISCSI driver
-BuildRequires: iscsi-initiator-utils
-# For disk driver
-BuildRequires: parted-devel
-# For QEMU/LXC numa info
-BuildRequires: numactl-devel
-Obsoletes: libvir
-
-# Fedora build root suckage
-BuildRequires: gawk
-
-%description
-Libvirt is a C toolkit to interact with the virtualization capabilities
-of recent versions of Linux (and other OSes).
-
-%package devel
-Summary: Libraries, includes, etc. to compile with the libvirt library
-Group: Development/Libraries
-Requires: libvirt = %{version}
-Requires: pkgconfig
-%if %{with_xen}
-Requires: xen-devel
-%endif
-Obsoletes: libvir-devel
-
-%description devel
-Includes and documentations for the C library providing an API to use
-the virtualization capabilities of recent versions of Linux (and other OSes).
-
-%if %{with_python}
-%package python
-Summary: Python bindings for the libvirt library
-Group: Development/Libraries
-Requires: libvirt = %{version}
-Obsoletes: libvir-python
-
-%description python
-The libvirt-python package contains a module that permits applications
-written in the Python programming language to use the interface
-supplied by the libvirt library to use the virtualization capabilities
-of recent versions of Linux (and other OSes).
-%endif
-
-%prep
-%setup -q
-
-%build
-%if ! %{with_xen}
-%define _without_xen --without-xen
-%endif
-
-%if ! %{with_qemu}
-%define _without_qemu --without-qemu
-%endif
-
-%if ! %{with_openvz}
-%define _without_openvz --without-openvz
-%endif
-
-%if ! %{with_lxc}
-%define _without_lxc --without-lxc
-%endif
-
-%if ! %{with_sasl}
-%define _without_sasl --without-sasl
-%endif
-
-%if ! %{with_avahi}
-%define _without_avahi --without-avahi
-%endif
-
-%if ! %{with_polkit}
-%define _without_polkit --without-polkit
-%endif
-
-%if ! %{with_python}
-%define _without_python --without-python
-%endif
-
-%if ! %{with_libvirtd}
-%define _without_libvirtd --without-libvirtd
-%endif
-
-%if ! %{with_uml}
-%define _without_uml --without-uml
-%endif
-
-%if %{with_rhel5}
-%define _with_rhel5_api --with-rhel5-api
-%endif
-
-%if ! %{with_network}
-%define _without_network --without-network
-%endif
-
-%configure %{?_without_xen} \
- %{?_without_qemu} \
- %{?_without_openvz} \
- %{?_without_lxc} \
- %{?_without_sasl} \
- %{?_without_avahi} \
- %{?_without_polkit} \
- %{?_without_python} \
- %{?_without_libvirtd} \
- %{?_without_uml} \
- %{?_without_network} \
- %{?_with_rhel5_api} \
- --with-init-script=redhat \
- --with-qemud-pid-file=%{_localstatedir}/run/libvirt_qemud.pid \
- --with-remote-file=%{_localstatedir}/run/libvirtd.pid
-make %{?_smp_mflags}
-
-%install
-rm -fr %{buildroot}
-
-%makeinstall
-(cd docs/examples ; make clean ; rm -rf .deps Makefile Makefile.in)
-(cd docs/examples/python ; rm -f Makefile Makefile.in)
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
-
-%if %{with_qemu}
-# We don't want to install /etc/libvirt/qemu/networks in the main %files list
-# because if the admin wants to delete the default network completely, we don't
-# want to end up re-incarnating it on every RPM upgrade.
-install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/
-cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \
- $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
-# Strip auto-generated UUID - we need it generated per-install
-sed -i -e "/<uuid>/d" $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
-%else
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
-rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug
-rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
-%endif
-%find_lang %{name}
-
-%if ! %{with_python}
-rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}
-%endif
-
-%if ! %{with_qemu}
-rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
-%endif
-
-%clean
-rm -fr %{buildroot}
-
-%post
-/sbin/ldconfig
-
-%if %{with_libvirtd}
-%if %{with_qemu}
-# We want to install the default network for initial RPM installs
-# or on the first upgrade from a non-network aware libvirt only.
-# We check this by looking to see if the daemon is already installed
-/sbin/chkconfig --list libvirtd 1>/dev/null 2>&1
-if [ $? != 0 -a ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ]
-then
- UUID=`/usr/bin/uuidgen`
- sed -e "s,</name>,</name>\n <uuid>$UUID</uuid>," \
- < %{_datadir}/libvirt/networks/default.xml \
- > %{_sysconfdir}/libvirt/qemu/networks/default.xml
- ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
-fi
-%endif
-
-/sbin/chkconfig --add libvirtd
-%endif
-
-%preun
-%if %{with_libvirtd}
-if [ $1 = 0 ]; then
- /sbin/service libvirtd stop 1>/dev/null 2>&1
- /sbin/chkconfig --del libvirtd
-fi
-%endif
-
-%postun
-/sbin/ldconfig
-
-%files -f %{name}.lang
-%defattr(-, root, root)
-
-%doc AUTHORS ChangeLog NEWS README COPYING.LIB TODO
-%doc %{_mandir}/man1/virsh.1*
-%{_bindir}/virsh
-%{_libdir}/lib*.so.*
-%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/
-
-%if %{with_qemu}
-%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/
-%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/
-%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
-%endif
-
-%if %{with_libvirtd}
-%{_sysconfdir}/rc.d/init.d/libvirtd
-%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
-%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
-%endif
-
-%if %{with_qemu}
-%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
-%endif
-
-%if %{with_sasl}
-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
-%endif
-
-%if %{with_qemu}
-%dir %{_datadir}/libvirt/
-%dir %{_datadir}/libvirt/networks/
-%{_datadir}/libvirt/networks/default.xml
-%endif
-
-%dir %{_datadir}/libvirt/
-%dir %{_datadir}/libvirt/schemas/
-
-%{_datadir}/libvirt/schemas/domain.rng
-%{_datadir}/libvirt/schemas/network.rng
-%{_datadir}/libvirt/schemas/storagepool.rng
-%{_datadir}/libvirt/schemas/storagevol.rng
-%{_datadir}/libvirt/schemas/nodedev.rng
-%{_datadir}/libvirt/schemas/capability.rng
-
-%dir %{_localstatedir}/run/libvirt/
-
-%dir %{_localstatedir}/lib/libvirt/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/images/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/
-
-%if %{with_qemu}
-%dir %{_localstatedir}/run/libvirt/qemu/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/qemu/
-%endif
-%if %{with_lxc}
-%dir %{_localstatedir}/run/libvirt/lxc/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/
-%endif
-%if %{with_uml}
-%dir %{_localstatedir}/run/libvirt/uml/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
-%endif
-%if %{with_network}
-%dir %{_localstatedir}/run/libvirt/network/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/network/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/iptables/filter/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/iptables/nat/
-%endif
-
-%if %{with_qemu}
-%{_datadir}/augeas/lenses/libvirtd_qemu.aug
-%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
-%endif
-
-%if %{with_libvirtd}
-%{_datadir}/augeas/lenses/libvirtd.aug
-%{_datadir}/augeas/lenses/tests/test_libvirtd.aug
-%endif
-
-%if %{with_polkit}
-%{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
-%endif
-
-%if %{with_qemu}
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
-%endif
-
-%if %{with_xen_proxy}
-%attr(4755, root, root) %{_libexecdir}/libvirt_proxy
-%endif
-
-%if %{with_lxc}
-%attr(0755, root, root) %{_libexecdir}/libvirt_lxc
-%endif
-
-%if %{with_libvirtd}
-%attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
-%attr(0755, root, root) %{_sbindir}/libvirtd
-%endif
-
-%doc docs/*.xml
-
-%files devel
-%defattr(-, root, root)
-
-%{_libdir}/lib*.so
-%dir %{_includedir}/libvirt
-%{_includedir}/libvirt/*.h
-%{_libdir}/pkgconfig/libvirt.pc
-%doc %{_datadir}/gtk-doc/html/libvirt/*.devhelp
-%doc %{_datadir}/gtk-doc/html/libvirt/*.html
-%doc %{_datadir}/gtk-doc/html/libvirt/*.png
-%doc %{_datadir}/gtk-doc/html/libvirt/*.css
-
-%doc docs/*.html docs/html docs/*.gif
-%doc docs/examples
-%doc docs/libvirt-api.xml
-
-%if %{with_python}
-%files python
-%defattr(-, root, root)
-
-%doc AUTHORS NEWS README COPYING.LIB
-%{_libdir}/python*/site-packages/libvirt.py*
-%{_libdir}/python*/site-packages/libvirtmod*
-%doc python/tests/*.py
-%doc python/TODO
-%doc python/libvirtclass.txt
-%doc docs/examples/python
-%endif
-
-%changelog
-* Tue Nov 25 2008 Daniel Veillard <veillard@redhat.com> - 0.5.0-1
-- release of 0.5.0
-
-* Tue Sep 23 2008 Daniel Veillard <veillard@redhat.com> - 0.4.6-1
-- release of 0.4.6
-
-* Mon Sep 8 2008 Daniel Veillard <veillard@redhat.com> - 0.4.5-1
-- release of 0.4.5
-
-* Wed Jun 25 2008 Daniel Veillard <veillard@redhat.com> - 0.4.4-1
-- release of 0.4.4
-- mostly a few bug fixes from 0.4.3
-
-* Thu Jun 12 2008 Daniel Veillard <veillard@redhat.com> - 0.4.3-1
-- release of 0.4.3
-- lots of bug fixes and small improvements
-
-* Tue Apr 8 2008 Daniel Veillard <veillard@redhat.com> - 0.4.2-1
-- release of 0.4.2
-- lots of bug fixes and small improvements
-
-* Mon Mar 3 2008 Daniel Veillard <veillard@redhat.com> - 0.4.1-1
-- Release of 0.4.1
-- Storage APIs
-- xenner support
-- lots of assorted improvements, bugfixes and cleanups
-- documentation and localization improvements
-
-* Tue Dec 18 2007 Daniel Veillard <veillard@redhat.com> - 0.4.0-1
-- Release of 0.4.0
-- SASL based authentication
-- PolicyKit authentication
-- improved NUMA and statistics support
-- lots of assorted improvements, bugfixes and cleanups
-- documentation and localization improvements
-
-* Sun Sep 30 2007 Daniel Veillard <veillard@redhat.com> - 0.3.3-1
-- Release of 0.3.3
-- Avahi support
-- NUMA support
-- lots of assorted improvements, bugfixes and cleanups
-- documentation and localization improvements
-
-* Tue Aug 21 2007 Daniel Veillard <veillard@redhat.com> - 0.3.2-1
-- Release of 0.3.2
-- API for domains migration
-- APIs for collecting statistics on disks and interfaces
-- lots of assorted bugfixes and cleanups
-- documentation and localization improvements
-
-* Tue Jul 24 2007 Daniel Veillard <veillard@redhat.com> - 0.3.1-1
-- Release of 0.3.1
-- localtime clock support
-- PS/2 and USB input devices
-- lots of assorted bugfixes and cleanups
-- documentation and localization improvements
-
-* Mon Jul 9 2007 Daniel Veillard <veillard@redhat.com> - 0.3.0-1
-- Release of 0.3.0
-- Secure remote access support
-- unification of daemons
-- lots of assorted bugfixes and cleanups
-- documentation and localization improvements
-
-* Fri Jun 8 2007 Daniel Veillard <veillard@redhat.com> - 0.2.3-1
-- Release of 0.2.3
-- lot of assorted bugfixes and cleanups
-- support for Xen-3.1
-- new scheduler API
-
-* Tue Apr 17 2007 Daniel Veillard <veillard@redhat.com> - 0.2.2-1
-- Release of 0.2.2
-- lot of assorted bugfixes and cleanups
-- preparing for Xen-3.0.5
-
-* Thu Mar 22 2007 Jeremy Katz <katzj@redhat.com> - 0.2.1-2.fc7
-- don't require xen; we don't need the daemon and can control non-xen now
-- fix scriptlet error (need to own more directories)
-- update description text
-
-* Fri Mar 16 2007 Daniel Veillard <veillard@redhat.com> - 0.2.1-1
-- Release of 0.2.1
-- lot of bug and portability fixes
-- Add support for network autostart and init scripts
-- New API to detect the virtualization capabilities of a host
-- Documentation updates
-
-* Fri Feb 23 2007 Daniel P. Berrange <berrange@redhat.com> - 0.2.0-4.fc7
-- Fix loading of guest & network configs
-
-* Fri Feb 16 2007 Daniel P. Berrange <berrange@redhat.com> - 0.2.0-3.fc7
-- Disable kqemu support since its not in Fedora qemu binary
-- Fix for -vnc arg syntax change in 0.9.0 QEMU
-
-* Thu Feb 15 2007 Daniel P. Berrange <berrange@redhat.com> - 0.2.0-2.fc7
-- Fixed path to qemu daemon for autostart
-- Fixed generation of <features> block in XML
-- Pre-create config directory at startup
-
-* Wed Feb 14 2007 Daniel Veillard <veillard@redhat.com> 0.2.0-1.fc7
-- support for KVM and QEmu
-- support for network configuration
-- assorted fixes
-
-* Mon Jan 22 2007 Daniel Veillard <veillard@redhat.com> 0.1.11-1.fc7
-- finish inactive Xen domains support
-- memory leak fix
-- RelaxNG schemas for XML configs
-
-* Wed Dec 20 2006 Daniel Veillard <veillard@redhat.com> 0.1.10-1.fc7
-- support for inactive Xen domains
-- improved support for Xen display and vnc
-- a few bug fixes
-- localization updates
-
-* Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 0.1.9-2
-- rebuild against python 2.5
-
-* Wed Nov 29 2006 Daniel Veillard <veillard@redhat.com> 0.1.9-1
-- better error reporting
-- python bindings fixes and extensions
-- add support for shareable drives
-- add support for non-bridge style networking
-- hot plug device support
-- added support for inactive domains
-- API to dump core of domains
-- various bug fixes, cleanups and improvements
-- updated the localization
-
-* Tue Nov 7 2006 Daniel Veillard <veillard@redhat.com> 0.1.8-3
-- it's pkgconfig not pgkconfig !
-
-* Mon Nov 6 2006 Daniel Veillard <veillard@redhat.com> 0.1.8-2
-- fixing spec file, added %dist, -devel requires pkgconfig and xen-devel
-- Resolves: rhbz#202320
-
-* Mon Oct 16 2006 Daniel Veillard <veillard@redhat.com> 0.1.8-1
-- fix missing page size detection code for ia64
-- fix mlock size when getting domain info list from hypervisor
-- vcpu number initialization
-- don't label crashed domains as shut off
-- fix virsh man page
-- blktapdd support for alternate drivers like blktap
-- memory leak fixes (xend interface and XML parsing)
-- compile fix
-- mlock/munlock size fixes
-
-* Fri Sep 22 2006 Daniel Veillard <veillard@redhat.com> 0.1.7-1
-- Fix bug when running against xen-3.0.3 hypercalls
-- Fix memory bug when getting vcpus info from xend
-
-* Fri Sep 22 2006 Daniel Veillard <veillard@redhat.com> 0.1.6-1
-- Support for localization
-- Support for new Xen-3.0.3 cdrom and disk configuration
-- Support for setting VNC port
-- Fix bug when running against xen-3.0.2 hypercalls
-- Fix reconnection problem when talking directly to http xend
-
-* Tue Sep 5 2006 Jeremy Katz <katzj@redhat.com> - 0.1.5-3
-- patch from danpb to support new-format cd devices for HVM guests
-
-* Tue Sep 5 2006 Daniel Veillard <veillard@redhat.com> 0.1.5-2
-- reactivating ia64 support
-
-* Tue Sep 5 2006 Daniel Veillard <veillard@redhat.com> 0.1.5-1
-- new release
-- bug fixes
-- support for new hypervisor calls
-- early code for config files and defined domains
-
-* Mon Sep 4 2006 Daniel Berrange <berrange@redhat.com> - 0.1.4-5
-- add patch to address dom0_ops API breakage in Xen 3.0.3 tree
-
-* Mon Aug 28 2006 Jeremy Katz <katzj@redhat.com> - 0.1.4-4
-- add patch to support paravirt framebuffer in Xen
-
-* Mon Aug 21 2006 Daniel Veillard <veillard@redhat.com> 0.1.4-3
-- another patch to fix network handling in non-HVM guests
-
-* Thu Aug 17 2006 Daniel Veillard <veillard@redhat.com> 0.1.4-2
-- patch to fix virParseUUID()
-
-* Wed Aug 16 2006 Daniel Veillard <veillard@redhat.com> 0.1.4-1
-- vCPUs and affinity support
-- more complete XML, console and boot options
-- specific features support
-- enforced read-only connections
-- various improvements, bug fixes
-
-* Wed Aug 2 2006 Jeremy Katz <katzj@redhat.com> - 0.1.3-6
-- add patch from pvetere to allow getting uuid from libvirt
-
-* Wed Aug 2 2006 Jeremy Katz <katzj@redhat.com> - 0.1.3-5
-- build on ia64 now
-
-* Thu Jul 27 2006 Jeremy Katz <katzj@redhat.com> - 0.1.3-4
-- don't BR xen, we just need xen-devel
-
-* Thu Jul 27 2006 Daniel Veillard <veillard@redhat.com> 0.1.3-3
-- need rebuild since libxenstore is now versionned
-
-* Mon Jul 24 2006 Mark McLoughlin <markmc@redhat.com> - 0.1.3-2
-- Add BuildRequires: xen-devel
-
-* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.1.3-1.1
-- rebuild
-
-* Tue Jul 11 2006 Daniel Veillard <veillard@redhat.com> 0.1.3-1
-- support for HVM Xen guests
-- various bugfixes
-
-* Mon Jul 3 2006 Daniel Veillard <veillard@redhat.com> 0.1.2-1
-- added a proxy mechanism for read only access using httpu
-- fixed header includes paths
-
-* Wed Jun 21 2006 Daniel Veillard <veillard@redhat.com> 0.1.1-1
-- extend and cleanup the driver infrastructure and code
-- python examples
-- extend uuid support
-- bug fixes, buffer handling cleanups
-- support for new Xen hypervisor API
-- test driver for unit testing
-- virsh --conect argument
-
-* Mon Apr 10 2006 Daniel Veillard <veillard@redhat.com> 0.1.0-1
-- various fixes
-- new APIs: for Node information and Reboot
-- virsh improvements and extensions
-- documentation updates and man page
-- enhancement and fixes of the XML description format
-
-* Tue Feb 28 2006 Daniel Veillard <veillard@redhat.com> 0.0.6-1
-- added error handling APIs
-- small bug fixes
-- improve python bindings
-- augment documentation and regression tests
-
-* Thu Feb 23 2006 Daniel Veillard <veillard@redhat.com> 0.0.5-1
-- new domain creation API
-- new UUID based APIs
-- more tests, documentation, devhelp
-- bug fixes
-
-* Fri Feb 10 2006 Daniel Veillard <veillard@redhat.com> 0.0.4-1
-- fixes some problems in 0.0.3 due to the change of names
-
-* Wed Feb 8 2006 Daniel Veillard <veillard@redhat.com> 0.0.3-1
-- changed library name to libvirt from libvir, complete and test the python
- bindings
-
-* Sun Jan 29 2006 Daniel Veillard <veillard@redhat.com> 0.0.2-1
-- upstream release of 0.0.2, use xend, save and restore added, python bindings
- fixed
-
-* Wed Nov 2 2005 Daniel Veillard <veillard@redhat.com> 0.0.1-1
-- created
diff -BNurbp libvirt-0.6.0/qemud/Makefile.am libvirt-ibm/qemud/Makefile.am
--- libvirt-0.6.0/qemud/Makefile.am 2009-01-31 10:04:17.000000000 +0100
+++ libvirt-ibm/qemud/Makefile.am 2009-04-29 15:30:15.000000000 +0200
@@ -221,7 +221,6 @@ install-logrotate: libvirtd.logrotate
mkdir -p $(DESTDIR)$(sysconfdir)/logrotate.d/
$(INSTALL_DATA) $< $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
-if LIBVIRT_INIT_SCRIPTS_RED_HAT
install-init: libvirtd.init
mkdir -p $(DESTDIR)$(sysconfdir)/rc.d/init.d
$(INSTALL_SCRIPT) libvirtd.init \
@@ -249,13 +248,6 @@ check-local:
test -x '$(AUGPARSE)' \
&& '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd_qemu.aug || :
-else
-
-install-init:
-uninstall-init:
-
-endif # DBUS_INIT_SCRIPTS_RED_HAT
-
# This must be added last, since functions it provides/replaces
# are used by nearly every other library.
libvirtd_LDADD += ../gnulib/lib/libgnu.la $(LIBSOCKET)
diff -BNurbp libvirt-0.6.0/qemud/libvirtd.conf libvirt-ibm/qemud/libvirtd.conf
--- libvirt-0.6.0/qemud/libvirtd.conf 2009-01-20 21:39:28.000000000 +0100
+++ libvirt-ibm/qemud/libvirtd.conf 2009-06-09 12:22:09.000000000 +0200
@@ -19,7 +19,7 @@
# using this capability.
#
# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+listen_tls = 0
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
@@ -30,7 +30,7 @@
# DIGEST_MD5 and GSSAPI (Kerberos5)
#
# This is disabled by default, uncomment this to enable it.
-#listen_tcp = 1
+listen_tcp = 1
@@ -57,7 +57,7 @@
# stopping the Avahi daemon
#
# This is enabled by default, uncomment this to disable it
-#mdns_adv = 0
+mdns_adv = 0
# Override the default mDNS advertizement name. This must be
# unique on the immediate broadcast network.
@@ -142,7 +142,7 @@
# Don't do this outside of a dev/test scenario. For real world
# use, always enable SASL and use the GSSAPI or DIGEST-MD5
# mechanism in /etc/sasl2/libvirt.conf
-#auth_tcp = "sasl"
+auth_tcp = "none"
# Change the authentication scheme for TLS sockets.
#
@@ -194,7 +194,7 @@
#
# Default is to always verify. Uncommenting this will disable
# verification - make sure an IP whitelist is set
-#tls_no_verify_certificate = 1
+tls_no_verify_certificate = 1
# A whitelist of allowed x509 Distinguished Names
@@ -312,3 +312,7 @@
# e.g.:
# log_outputs="3:syslog:libvirtd"
# to log all warnings and errors to syslog under the libvirtd ident
+
+log_level=1
+log_filters="2:event"
+log_outputs="0:file:/var/log/libvirtd"
diff -BNurbp libvirt-0.6.0/qemud/libvirtd.init.in libvirt-ibm/qemud/libvirtd.init.in
--- libvirt-0.6.0/qemud/libvirtd.init.in 2008-06-11 15:02:12.000000000 +0200
+++ libvirt-ibm/qemud/libvirtd.init.in 2009-06-09 12:22:09.000000000 +0200
@@ -6,6 +6,9 @@
### BEGIN INIT INFO
# Provides: libvirtd
# Should-Start: xend
+# Required-Start: xend
+# Should-Stop: xend
+# Required-Stop: xend
# Default-Start: 3 4 5
# Short-Description: daemon for libvirt virtualization API
# Description: This is a daemon for managing guest instances
@@ -44,7 +47,7 @@ test -f @sysconfdir@/sysconfig/libvirtd
LIBVIRTD_CONFIG_ARGS=
if [ -n "$LIBVIRTD_CONFIG" ]
then
- LIBVIRTD_CONFIG_ARGS="--config $LIBVIRTD_CONFIG"
+ LIBVIRTD_CONFIG_ARGS="--listen --config $LIBVIRTD_CONFIG"
fi
RETVAL=0
diff -BNurbp libvirt-0.6.0/qemud/remote.c libvirt-ibm/qemud/remote.c
--- libvirt-0.6.0/qemud/remote.c 2009-01-31 10:04:17.000000000 +0100
+++ libvirt-ibm/qemud/remote.c 2009-06-09 12:22:09.000000000 +0200
@@ -446,10 +446,24 @@ remoteDispatchOpen (struct qemud_server
flags = args->flags;
if (client->readonly) flags |= VIR_CONNECT_RO;
+ /*
client->conn =
flags & VIR_CONNECT_RO
? virConnectOpenReadOnly (name)
: virConnectOpen (name);
+ */
+
+ /* Fill in user ident annd auth info */
+ virConnectAuth auth;
+ auth.remote_type = client->type;
+ auth.remote_fd = client->fd;
+#if HAVE_SASL
+ auth.remote_saslUsername = client->saslUsername;
+#else
+ auth.remote_saslUsername = NULL;
+#endif
+ client->conn = virConnectOpenAuth(name, &auth, flags);
+
if (client->conn == NULL)
remoteDispatchConnError(rerr, NULL);
diff -BNurbp libvirt-0.6.0/src/Makefile.am libvirt-ibm/src/Makefile.am
--- libvirt-0.6.0/src/Makefile.am 2009-01-31 10:04:17.000000000 +0100
+++ libvirt-ibm/src/Makefile.am 2009-04-27 16:07:23.000000000 +0200
@@ -19,7 +19,7 @@ INCLUDES = \
$(WARN_CFLAGS)
confdir = $(sysconfdir)/libvirt/
-conf_DATA = qemu.conf
+conf_DATA = qemu.conf verif_rbac.conf
ICON_FILES = \
libvirt_win_icon_16x16.ico \
@@ -66,7 +66,12 @@ DRIVER_SOURCES = \
datatypes.c datatypes.h \
domain_event.c domain_event.h \
stats_linux.c stats_linux.h \
- libvirt.c libvirt_internal.h
+ libvirt.c libvirt_internal.h \
+ chain_driver.c chain_driver.h \
+ chain_utils.c chain_utils.h \
+ chdrv_ac.c chdrv_ac.h \
+ verif_rbac.c verif_rbac.h \
+ chdrv_compmgr.c chdrv_compmgr.h
# Domain driver generic impl APIs
@@ -463,7 +468,8 @@ libvirt_la_LDFLAGS = $(VERSION_SCRIPT_FL
$(COVERAGE_CFLAGS:-f%=-Wc,-f%) \
$(LIBXML_LIBS) $(SELINUX_LIBS) \
$(XEN_LIBS) $(DRIVER_MODULE_LIBS) \
- @CYGWIN_EXTRA_LDFLAGS@ @MINGW_EXTRA_LDFLAGS@
+ @CYGWIN_EXTRA_LDFLAGS@ @MINGW_EXTRA_LDFLAGS@ \
+ `xmlrpc-c-config client --libs`
libvirt_la_CFLAGS = $(COVERAGE_CFLAGS) -DIN_LIBVIRT
libvirt_la_DEPENDENCIES = $(libvirt_la_LIBADD) libvirt.syms
@@ -481,7 +487,7 @@ test_LDFLAGS = \
# Just like the above, but with a slightly different set of public symbols.
libvirt_test_la_SOURCES = $(libvirt_la_SOURCES)
libvirt_test_la_LIBADD = $(libvirt_la_LIBADD)
-libvirt_test_la_LDFLAGS = $(test_LDFLAGS)
+libvirt_test_la_LDFLAGS = $(test_LDFLAGS) `xmlrpc-c-config client --libs`
libvirt_test_la_CFLAGS = $(COVERAGE_CFLAGS)
bin_PROGRAMS = virsh
@@ -490,7 +496,7 @@ virsh_SOURCES = \
console.c console.h \
virsh.c
-virsh_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDFLAGS)
+virsh_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDFLAGS) `xmlrpc-c-config client --libs`
virsh_LDADD = \
$(STATIC_BINARIES) \
$(WARN_CFLAGS) \
diff -BNurbp libvirt-0.6.0/src/Makefile.in libvirt-ibm/src/Makefile.in
--- libvirt-0.6.0/src/Makefile.in 2009-01-31 10:19:54.000000000 +0100
+++ libvirt-ibm/src/Makefile.in 2009-04-27 16:07:23.000000000 +0200
@@ -211,7 +211,11 @@ libvirt_driver_la_LIBADD =
am__objects_1 = libvirt_driver_la-driver.lo \
libvirt_driver_la-datatypes.lo \
libvirt_driver_la-domain_event.lo \
- libvirt_driver_la-stats_linux.lo libvirt_driver_la-libvirt.lo
+ libvirt_driver_la-stats_linux.lo libvirt_driver_la-libvirt.lo \
+ libvirt_driver_la-chain_driver.lo \
+ libvirt_driver_la-chain_utils.lo libvirt_driver_la-chdrv_ac.lo \
+ libvirt_driver_la-verif_rbac.lo \
+ libvirt_driver_la-chdrv_compmgr.lo
am__objects_2 = libvirt_driver_la-capabilities.lo \
libvirt_driver_la-domain_conf.lo libvirt_driver_la-nodeinfo.lo
am__objects_3 = libvirt_driver_la-network_conf.lo
@@ -1099,6 +1103,7 @@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
INCLUDES = \
@@ -1120,7 +1125,7 @@ INCLUDES = \
$(WARN_CFLAGS)
confdir = $(sysconfdir)/libvirt/
-conf_DATA = qemu.conf
+conf_DATA = qemu.conf verif_rbac.conf
ICON_FILES = \
libvirt_win_icon_16x16.ico \
libvirt_win_icon_32x32.ico \
@@ -1180,7 +1185,12 @@ DRIVER_SOURCES = \
datatypes.c datatypes.h \
domain_event.c domain_event.h \
stats_linux.c stats_linux.h \
- libvirt.c libvirt_internal.h
+ libvirt.c libvirt_internal.h \
+ chain_driver.c chain_driver.h \
+ chain_utils.c chain_utils.h \
+ chdrv_ac.c chdrv_ac.h \
+ verif_rbac.c verif_rbac.h \
+ chdrv_compmgr.c chdrv_compmgr.h
# Domain driver generic impl APIs
@@ -1375,7 +1385,8 @@ libvirt_la_LDFLAGS = $(VERSION_SCRIPT_FL
$(COVERAGE_CFLAGS:-f%=-Wc,-f%) \
$(LIBXML_LIBS) $(SELINUX_LIBS) \
$(XEN_LIBS) $(DRIVER_MODULE_LIBS) \
- @CYGWIN_EXTRA_LDFLAGS@ @MINGW_EXTRA_LDFLAGS@
+ @CYGWIN_EXTRA_LDFLAGS@ @MINGW_EXTRA_LDFLAGS@ \
+ `xmlrpc-c-config client --libs`
libvirt_la_CFLAGS = $(COVERAGE_CFLAGS) -DIN_LIBVIRT
libvirt_la_DEPENDENCIES = $(libvirt_la_LIBADD) libvirt.syms
@@ -1390,13 +1401,13 @@ test_LDFLAGS = \
# Just like the above, but with a slightly different set of public symbols.
libvirt_test_la_SOURCES = $(libvirt_la_SOURCES)
libvirt_test_la_LIBADD = $(libvirt_la_LIBADD)
-libvirt_test_la_LDFLAGS = $(test_LDFLAGS)
+libvirt_test_la_LDFLAGS = $(test_LDFLAGS) `xmlrpc-c-config client --libs`
libvirt_test_la_CFLAGS = $(COVERAGE_CFLAGS)
virsh_SOURCES = \
console.c console.h \
virsh.c
-virsh_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDFLAGS)
+virsh_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDFLAGS) `xmlrpc-c-config client --libs`
virsh_LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) $(NUMACTL_LIBS) \
libvirt.la ../gnulib/lib/libgnu.la $(VIRSH_LIBS) \
$(am__append_45)
@@ -1621,6 +1632,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iptables.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-capabilities.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-chain_driver.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-chain_utils.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-chdrv_ac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-chdrv_compmgr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-datatypes.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-domain_conf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-domain_event.Plo@am__quote@
@@ -1631,6 +1646,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-nodeinfo.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-stats_linux.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-storage_conf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_la-verif_rbac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_nodedev_la-node_device.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_nodedev_la-node_device_devkit.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libvirt_driver_nodedev_la-node_device_hal.Plo@am__quote@
@@ -1752,6 +1768,41 @@ libvirt_driver_la-libvirt.lo: libvirt.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -c -o libvirt_driver_la-libvirt.lo `test -f 'libvirt.c' || echo '$(srcdir)/'`libvirt.c
+libvirt_driver_la-chain_driver.lo: chain_driver.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -MT libvirt_driver_la-chain_driver.lo -MD -MP -MF $(DEPDIR)/libvirt_driver_la-chain_driver.Tpo -c -o libvirt_driver_la-chain_driver.lo `test -f 'chain_driver.c' || echo '$(srcdir)/'`chain_driver.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_driver_la-chain_driver.Tpo $(DEPDIR)/libvirt_driver_la-chain_driver.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='chain_driver.c' object='libvirt_driver_la-chain_driver.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -c -o libvirt_driver_la-chain_driver.lo `test -f 'chain_driver.c' || echo '$(srcdir)/'`chain_driver.c
+
+libvirt_driver_la-chain_utils.lo: chain_utils.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -MT libvirt_driver_la-chain_utils.lo -MD -MP -MF $(DEPDIR)/libvirt_driver_la-chain_utils.Tpo -c -o libvirt_driver_la-chain_utils.lo `test -f 'chain_utils.c' || echo '$(srcdir)/'`chain_utils.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_driver_la-chain_utils.Tpo $(DEPDIR)/libvirt_driver_la-chain_utils.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='chain_utils.c' object='libvirt_driver_la-chain_utils.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -c -o libvirt_driver_la-chain_utils.lo `test -f 'chain_utils.c' || echo '$(srcdir)/'`chain_utils.c
+
+libvirt_driver_la-chdrv_ac.lo: chdrv_ac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -MT libvirt_driver_la-chdrv_ac.lo -MD -MP -MF $(DEPDIR)/libvirt_driver_la-chdrv_ac.Tpo -c -o libvirt_driver_la-chdrv_ac.lo `test -f 'chdrv_ac.c' || echo '$(srcdir)/'`chdrv_ac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_driver_la-chdrv_ac.Tpo $(DEPDIR)/libvirt_driver_la-chdrv_ac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='chdrv_ac.c' object='libvirt_driver_la-chdrv_ac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -c -o libvirt_driver_la-chdrv_ac.lo `test -f 'chdrv_ac.c' || echo '$(srcdir)/'`chdrv_ac.c
+
+libvirt_driver_la-verif_rbac.lo: verif_rbac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -MT libvirt_driver_la-verif_rbac.lo -MD -MP -MF $(DEPDIR)/libvirt_driver_la-verif_rbac.Tpo -c -o libvirt_driver_la-verif_rbac.lo `test -f 'verif_rbac.c' || echo '$(srcdir)/'`verif_rbac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_driver_la-verif_rbac.Tpo $(DEPDIR)/libvirt_driver_la-verif_rbac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='verif_rbac.c' object='libvirt_driver_la-verif_rbac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -c -o libvirt_driver_la-verif_rbac.lo `test -f 'verif_rbac.c' || echo '$(srcdir)/'`verif_rbac.c
+
+libvirt_driver_la-chdrv_compmgr.lo: chdrv_compmgr.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -MT libvirt_driver_la-chdrv_compmgr.lo -MD -MP -MF $(DEPDIR)/libvirt_driver_la-chdrv_compmgr.Tpo -c -o libvirt_driver_la-chdrv_compmgr.lo `test -f 'chdrv_compmgr.c' || echo '$(srcdir)/'`chdrv_compmgr.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_driver_la-chdrv_compmgr.Tpo $(DEPDIR)/libvirt_driver_la-chdrv_compmgr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='chdrv_compmgr.c' object='libvirt_driver_la-chdrv_compmgr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -c -o libvirt_driver_la-chdrv_compmgr.lo `test -f 'chdrv_compmgr.c' || echo '$(srcdir)/'`chdrv_compmgr.c
+
libvirt_driver_la-capabilities.lo: capabilities.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libvirt_driver_la_CFLAGS) $(CFLAGS) -MT libvirt_driver_la-capabilities.lo -MD -MP -MF $(DEPDIR)/libvirt_driver_la-capabilities.Tpo -c -o libvirt_driver_la-capabilities.lo `test -f 'capabilities.c' || echo '$(srcdir)/'`capabilities.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/libvirt_driver_la-capabilities.Tpo $(DEPDIR)/libvirt_driver_la-capabilities.Plo
diff -BNurbp libvirt-0.6.0/src/chain_driver.c libvirt-ibm/src/chain_driver.c
--- libvirt-0.6.0/src/chain_driver.c 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chain_driver.c 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,226 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#include <config.h>
+#include <stdio.h>
+
+#include "internal.h"
+#include "datatypes.h"
+#include "logging.h"
+#include "memory.h"
+#include "virterror_internal.h"
+#include "chain_driver.h"
+//#include "chdrv_test.h"
+#include "chdrv_ac.h"
+#include "chdrv_compmgr.h"
+
+#define CHAIN_DRIVERS_MAX 10
+chainDriverPtr chainDrivers[CHAIN_DRIVERS_MAX];
+int chainDriverCount = 0;
+
+struct _chainPrivate {
+ // back pointer to associated connection
+ virConnectPtr conn;
+
+ int (*closeFunc) (virConnectPtr conn);
+
+ chainDriverPtr drivers[CHAIN_DRIVERS_MAX];
+ void *driverPrivs[CHAIN_DRIVERS_MAX];
+ virDriver driverFronts[CHAIN_DRIVERS_MAX];
+ int driverCount;
+};
+typedef struct _chainPrivate *chainPrivatePtr;
+
+// Macros for accessing AC-module private data for each connection
+#define GET_PRIVATE(conn) \
+ chainPrivatePtr priv = (chainPrivatePtr) (conn)->chainPrivateData
+#define GET_PRIVATE_FROM_DOM(domain) \
+ GET_PRIVATE(domain->conn)
+
+// Error reporting helper macros
+#define chainError(conn, code, fmt...) \
+ virReportErrorHelper(conn, VIR_FROM_ACC_CTRL, code, __FILE__, \
+ __FUNCTION__, __LINE__, fmt)
+
+// Internal forward declaration
+static chainPrivatePtr allocPrivate(virConnectPtr conn);
+static void freePrivate(virConnectPtr conn);
+static int mapDriverFunctions(virDriverPtr src, virDriverPtr dest);
+static int chainClose(virConnectPtr conn);
+
+/*
+ * Public chain module functions
+ */
+int chainInitialize(void)
+{
+ DEBUG0("start");
+ //testChainRegister();
+ accCtrlChainRegister();
+ compMgrChainRegister();
+ return 0;
+}
+
+int chainRegisterDriver(chainDriverPtr cDriver)
+{
+ if(chainDriverCount >= CHAIN_DRIVERS_MAX)
+ {
+ chainError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "registering chain driver, stack is full");
+ return -1;
+ }
+ chainDrivers[chainDriverCount] = cDriver;
+ chainDriverCount++;
+
+ DEBUG("Registered driver: %s", cDriver->driver->name);
+ return 0;
+}
+
+int chainInject(virConnectPtr conn, virConnectAuthPtr auth,
+ int flags)
+{
+ chainPrivatePtr priv = allocPrivate(conn);
+ if(priv == NULL)
+ goto error;
+ DEBUG("conn:%p", conn);
+
+ if(chainDriverCount < 1)
+ {
+ DEBUG0("No chain driver(s) registered, skipping injecting");
+ return VIR_DRV_OPEN_DECLINED;
+ }
+
+ virDriverPtr backend = NULL;
+ if(VIR_ALLOC(backend) < 0)
+ goto error;
+ memcpy(backend, conn->driver, sizeof(virDriver));
+
+ virDriverPtr frontend = NULL;
+ int i, ret;
+ for(i = (chainDriverCount-1); i >= 0; i--)
+ {
+ int idx = priv->driverCount;
+ // Allocate requested privata data block before calling open
+ if(chainDrivers[i]->privSize > 0)
+ {
+ priv->driverPrivs[idx] = malloc(chainDrivers[i]->privSize);
+ if(priv->driverPrivs[idx] == NULL)
+ continue;
+ memset(priv->driverPrivs[idx], 0, chainDrivers[i]->privSize);
+ }
+
+ ret = chainDrivers[i]->chainOpen(conn, auth, flags,
+ priv->driverPrivs[idx], backend);
+ DEBUG("%s.open = %d", chainDrivers[i]->driver->name, ret);
+ if(ret == VIR_DRV_OPEN_SUCCESS)
+ {
+ priv->drivers[idx] = chainDrivers[i];
+
+ frontend = &(priv->driverFronts[idx]);
+ memcpy(frontend, backend, sizeof(*frontend));
+ mapDriverFunctions(frontend, chainDrivers[i]->driver);
+ priv->driverCount++;
+ backend = frontend;
+ }
+ else
+ free(priv->driverPrivs[idx]);
+ }
+
+ // Inject chain-driver core close function on the top.
+ priv->closeFunc = backend->close;
+ backend->close = chainClose;
+
+ // Set new composite driver interface as frontend
+ conn->driver = backend;
+
+ return 0;
+
+error:
+ if(priv != NULL)
+ freePrivate(conn);
+ chainError(conn, VIR_ERR_INTERNAL_ERROR,
+ "Injecting chaindriver failed");
+ return VIR_DRV_OPEN_ERROR;
+}
+
+void *chainDrvGetPriv(virConnectPtr conn, chainDriverPtr chainDrv)
+{
+ GET_PRIVATE(conn);
+ int i;
+ for(i = 0; i < priv->driverCount; i++)
+ {
+ if(priv->drivers[i] == chainDrv)
+ {
+ return priv->driverPrivs[i];
+ }
+ }
+ return NULL;
+}
+
+/*
+ * Private module functions
+ */
+static chainPrivatePtr allocPrivate(virConnectPtr conn)
+{
+ chainPrivatePtr priv;
+ /* Allocate per-connection private data. */
+ if (VIR_ALLOC(priv) < 0) {
+ chainError(NULL, VIR_ERR_NO_MEMORY, "allocating private data");
+ return NULL;
+ }
+ conn->chainPrivateData = priv;
+ priv->conn = conn;
+ return priv;
+}
+
+static void freePrivate(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ int i;
+ for(i = 0; i < priv->driverCount; i++)
+ {
+ if(priv->driverPrivs[i] != NULL)
+ free(priv->driverPrivs[i]);
+ }
+ VIR_FREE(priv);
+ conn->chainPrivateData = NULL;
+}
+
+// This mapping funtion must be up to date with struct _virDriver in
+// driver.h
+static int mapDriverFunctions(virDriverPtr src, virDriverPtr dest)
+{
+ // Skip virDrvNo and name of driver
+ int pos = sizeof(int) + sizeof(char*);
+ int idx = 0;
+ void **srcPtr = (void**)((char*)src + pos);
+ void **destPtr = (void**)((char*)dest + pos);
+ while(pos < sizeof(virDriver))
+ {
+ if(destPtr[idx] != NULL)
+ {
+ srcPtr[idx] = destPtr[idx];
+ //DEBUG("chaining %s.func:%d",dest->name, idx);
+ }
+ idx++;
+ pos += sizeof(void*);
+ }
+
+ return 0;
+}
+
+static int chainClose(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ int ret;
+ DEBUG("conn:%p", conn);
+ ret = priv->closeFunc(conn);
+ freePrivate(conn);
+ return ret;
+}
diff -BNurbp libvirt-0.6.0/src/chain_driver.h libvirt-ibm/src/chain_driver.h
--- libvirt-0.6.0/src/chain_driver.h 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chain_driver.h 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,32 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#ifndef __VIR_CHAIN_DRIVER_H__
+#define __VIR_CHAIN_DRIVER_H__
+
+#include "internal.h"
+#include "driver.h"
+
+struct _chainDriver {
+ virDriverPtr driver;
+ int privSize;
+ int (*chainOpen) (virConnectPtr conn, virConnectAuthPtr auth,
+ int flags, void *privPtr, virDriverPtr target);
+};
+typedef struct _chainDriver chainDriver;
+typedef struct _chainDriver *chainDriverPtr;
+
+int chainInitialize(void);
+int chainInject(virConnectPtr conn, virConnectAuthPtr auth, int flags);
+void *chainDrvGetPriv(virConnectPtr conn, chainDriverPtr chainDrv);
+
+int chainRegisterDriver(chainDriverPtr cDriver);
+
+#endif /* __VIR_CHAIN_DRIVER_H__ */
diff -BNurbp libvirt-0.6.0/src/chain_utils.c libvirt-ibm/src/chain_utils.c
--- libvirt-0.6.0/src/chain_utils.c 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chain_utils.c 2009-06-09 12:22:09.000000000 +0200
@@ -0,0 +1,49 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#include "../config.h"
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+#include "chain_utils.h"
+
+char* getTagFromXML(const char *xmlDescr, const char *tagName) {
+ char startTag[64];
+ char endTag[64];
+ sprintf(startTag, "<%s>", tagName);
+ sprintf(endTag, "</%s>", tagName);
+
+ char *ptr = strcasestr(xmlDescr, startTag);
+ if(ptr == NULL)
+ return NULL;
+ ptr += strlen(startTag);
+
+ char *ptrEnd = strcasestr(ptr, endTag);
+ if(ptrEnd == NULL)
+ return NULL;
+
+ // trim white spaces
+ while((ptr < ptrEnd) &&
+ (*ptr == ' '))
+ ptr++;
+
+ while((ptr < ptrEnd) &&
+ (*(ptrEnd-1) == ' '))
+ ptrEnd--;
+
+ return strndup(ptr, ptrEnd-ptr);
+}
+
+char* getDomainNameFromXML(const char *xmlDescr)
+{
+ return getTagFromXML(xmlDescr, "name");
+}
diff -BNurbp libvirt-0.6.0/src/chain_utils.h libvirt-ibm/src/chain_utils.h
--- libvirt-0.6.0/src/chain_utils.h 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chain_utils.h 2009-06-09 12:22:09.000000000 +0200
@@ -0,0 +1,13 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+
+char* getTagFromXML(const char *xmlDescr, const char *tagName);
+char* getDomainNameFromXML(const char *xmlDescr);
diff -BNurbp libvirt-0.6.0/src/chdrv_ac.c libvirt-ibm/src/chdrv_ac.c
--- libvirt-0.6.0/src/chdrv_ac.c 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chdrv_ac.c 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,813 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#include <config.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include "internal.h"
+#include "datatypes.h"
+#include "logging.h"
+#include "memory.h"
+#include "virterror_internal.h"
+#include "chain_driver.h"
+#include "chdrv_ac.h"
+#include "verif_rbac.h"
+
+#define ACC_CTRL_DEFAULT_VERDICT ACC_CTRL_CHECK_FAIL
+
+static chainDriverPtr thisDriver;
+static accCtrlVerifierPtr verifier = NULL;
+
+// Macros for accessing AC-module private data for each connection
+#define GET_PRIVATE(conn) \
+ accCtrlPrivatePtr priv = (accCtrlPrivatePtr)chainDrvGetPriv(conn, thisDriver)
+#define GET_PRIVATE_FROM_DOM(domain) \
+ GET_PRIVATE(domain->conn)
+
+// Error reporting helper macros
+#define acError(conn, code, fmt...) \
+ virReportErrorHelper(conn, VIR_FROM_ACC_CTRL, code, __FILE__, \
+ __FUNCTION__, __LINE__, fmt)
+
+#define acErrorDenied(conn, fmt...) \
+ virReportErrorHelper(conn, VIR_FROM_ACC_CTRL, VIR_ERR_ACC_DENIED, __FILE__, \
+ __FUNCTION__, __LINE__, fmt)
+
+
+/*
+ * Internal checking routines
+ */
+static const char *acModeString[] = {
+ "unknown",
+ "create",
+ "read",
+ "modify",
+ "delete"
+};
+
+static const char *acVerdictString[] = {
+ "denied",
+ "granted"
+};
+
+static int acCheckHostAction(accCtrlPrivatePtr priv,
+ accCtrlMode mode, const char *funcName)
+{
+ int verdict = ACC_CTRL_DEFAULT_VERDICT;
+ if(priv->verifier != NULL && priv->verifier->checkHostAction != NULL)
+ {
+ verdict = priv->verifier->checkHostAction(priv, mode, funcName);
+ DEBUG("%s (%s) %s:%s", funcName, acModeString[mode], priv->verifier->name,
+ acVerdictString[verdict]);
+ }
+ return verdict;
+}
+#define AC_CHECK_HOST_ACTION(priv, mode) \
+ acCheckHostAction(priv, mode, __FUNCTION__)
+
+static int acCheckDomainCreate(accCtrlPrivatePtr priv,
+ const char *funcName, const char *xml)
+{
+ int verdict = ACC_CTRL_DEFAULT_VERDICT;
+ if(priv->verifier != NULL && priv->verifier->checkDomainCreate != NULL)
+ {
+ verdict = priv->verifier->checkDomainCreate(priv, funcName, xml);
+ DEBUG("%s (%s) %s:%s", funcName, acModeString[ACC_CTRL_MODE_CREATE],
+ priv->verifier->name, acVerdictString[verdict]);
+ }
+ return verdict;
+}
+#define AC_CHECK_DOMAIN_CREATE(priv, xml) \
+ acCheckDomainCreate(priv, __FUNCTION__, xml)
+
+static int acCheckDomainDefine(accCtrlPrivatePtr priv,
+ const char *funcName, const char *xml)
+{
+ int verdict = ACC_CTRL_DEFAULT_VERDICT;
+ if(priv->verifier != NULL && priv->verifier->checkDomainDefine != NULL)
+ {
+ verdict = priv->verifier->checkDomainDefine(priv, funcName, xml);
+ DEBUG("%s (%s) %s:%s", funcName, acModeString[ACC_CTRL_MODE_CREATE],
+ priv->verifier->name, acVerdictString[verdict]);
+ }
+ return verdict;
+}
+#define AC_CHECK_DOMAIN_DEFINE(priv, xml) \
+ acCheckDomainDefine(priv, __FUNCTION__, xml)
+
+
+static int acCheckDomainAction(accCtrlPrivatePtr priv,
+ virDomainPtr domain, accCtrlMode mode,
+ const char *funcName, int reportError)
+{
+ int verdict = ACC_CTRL_DEFAULT_VERDICT;
+ if(priv->verifier != NULL && priv->verifier->checkDomainAction != NULL)
+ {
+ verdict = priv->verifier->checkDomainAction(priv, domain, mode, funcName);
+ DEBUG("%s (%s) on '%s' %s:%s", funcName, acModeString[mode],
+ domain->name, priv->verifier->name, acVerdictString[verdict]);
+ if((verdict == ACC_CTRL_CHECK_FAIL) && reportError)
+ acErrorDenied(domain->conn, priv->verifier->lastError(priv, NULL),
+ "");
+ }
+ return verdict;
+}
+#define AC_CHECK_DOMAIN_ACTION(priv, domain, mode) \
+ acCheckDomainAction(priv, domain, mode, __FUNCTION__, 1)
+
+
+static int acCheckDomainByIdAction(accCtrlPrivatePtr priv, int id,
+ accCtrlMode mode, const char *funcName)
+{
+ virDomainPtr domain = priv->target->domainLookupByID(priv->conn, id);
+ if(domain == NULL)
+ return ACC_CTRL_CHECK_FAIL;
+ int retval = acCheckDomainAction(priv, domain, mode, funcName, 0);
+ virUnrefDomain(domain);
+ return retval;
+}
+
+static int acCheckDomainByNameAction(accCtrlPrivatePtr priv, char * const name,
+ accCtrlMode mode, const char *funcName)
+{
+ virDomainPtr domain = priv->target->domainLookupByName(priv->conn, name);
+ if(domain == NULL)
+ return ACC_CTRL_CHECK_FAIL;
+ int retval = acCheckDomainAction(priv, domain, mode, funcName, 0);
+ virUnrefDomain(domain);
+ return retval;
+}
+
+static int acFilteredListDomains(accCtrlPrivatePtr priv,
+ int *ids,
+ int maxids)
+{
+ int numDomains;
+ int *tempIds;
+ int ret = 0;
+ int i;
+
+ // Fetch number of domains from backend-driver
+ numDomains = priv->target->numOfDomains(priv->conn);
+ if(numDomains < 0)
+ return numDomains;
+ // Allocate dynamic list and fetch domain IDs
+ if (VIR_ALLOC_N(tempIds, numDomains) < 0)
+ {
+ acError(NULL, VIR_ERR_NO_MEMORY, "allocating temp id-list array");
+ return -1;
+ }
+ numDomains = priv->target->listDomains(priv->conn, tempIds, numDomains);
+ if(numDomains < 0) {
+ VIR_FREE(tempIds);
+ return numDomains;
+ }
+ // AC check each domain ID before copying them over to result array
+ for(i = 0; i < numDomains; i++)
+ {
+ if(acCheckDomainByIdAction(priv, tempIds[i], ACC_CTRL_MODE_READ,
+ "acListDomains"))
+ {
+ if(ids != NULL)
+ ids[ret] = tempIds[i];
+ ret++;
+ if((ids != NULL) && (ret >= maxids))
+ break;
+ }
+ }
+ VIR_FREE(tempIds);
+ return ret;
+}
+
+static int acFilteredListDefinedDomains(accCtrlPrivatePtr priv,
+ char **const names,
+ int maxnames)
+{
+ int numDomains;
+ char **tempNames;
+ int ret = 0;
+ int i;
+
+ // Fetch number of defined domains from backend-driver
+ numDomains = priv->target->numOfDefinedDomains(priv->conn);
+ if(numDomains < 0)
+ return numDomains;
+ // Allocate dynamic list and fetch domain names
+ if (VIR_ALLOC_N(tempNames, numDomains) < 0)
+ {
+ acError(NULL, VIR_ERR_NO_MEMORY, "allocating temp char-ptr array");
+ return -1;
+ }
+ numDomains = priv->target->listDefinedDomains(priv->conn, tempNames,
+ numDomains);
+ if(numDomains < 0) {
+ VIR_FREE(tempNames);
+ return numDomains;
+ }
+ // AC check each domain ID before copying them over to result array
+ for(i = 0; i < numDomains; i++)
+ {
+ if(acCheckDomainByNameAction(priv, tempNames[i], ACC_CTRL_MODE_READ,
+ "acListDefinedDomains"))
+ {
+ if(names != NULL)
+ names[ret] = tempNames[i];
+ ret++;
+ if((names != NULL) && (ret >= maxnames))
+ break;
+ }
+ }
+ VIR_FREE(tempNames);
+ return ret;
+
+}
+
+/*
+ * Driver functions
+ */
+static int acDomainEventCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
+ virDomainPtr dom,
+ int event,
+ int detail,
+ void * opaque)
+{
+ int ret;
+ virDomainInfo domInfo;
+ accCtrlPrivatePtr priv = (accCtrlPrivatePtr)opaque;
+ assert(priv != NULL);
+ assert(dom != NULL);
+ switch(event)
+ {
+ case VIR_DOMAIN_EVENT_DEFINED:
+ if(detail == VIR_DOMAIN_EVENT_DEFINED_ADDED)
+ {
+ if(priv->verifier != NULL &&
+ priv->verifier->domainAddedEvent != NULL)
+ {
+ priv->verifier->domainAddedEvent(priv, dom);
+ break;
+ }
+ }
+ DEBUG("Ignored domain name:%s event:%d detail:%d",
+ dom->name, event, detail);
+ break;
+ case VIR_DOMAIN_EVENT_UNDEFINED:
+ if(priv->verifier != NULL &&
+ priv->verifier->domainRemovedEvent != NULL)
+ {
+ priv->verifier->domainRemovedEvent(priv, dom);
+ break;
+ }
+ DEBUG("Ignored domain name:%s event:%d",
+ dom->name, event);
+ break;
+ case VIR_DOMAIN_EVENT_STARTED:
+ case VIR_DOMAIN_EVENT_SUSPENDED:
+ case VIR_DOMAIN_EVENT_RESUMED:
+ DEBUG("Ignored domain name:%s event:%d detail:%d",
+ dom->name, event, detail);
+ break;
+ case VIR_DOMAIN_EVENT_STOPPED:
+ // Check if domain still exists after being stopped
+ ret = priv->target->domainGetInfo(dom, &domInfo);
+ if(ret < 0)
+ { // No, domain was not persistent, lets call remove handler
+ if(priv->verifier != NULL &&
+ priv->verifier->domainRemovedEvent != NULL)
+ priv->verifier->domainRemovedEvent(priv, dom);
+ }
+ else
+ DEBUG("Domain name:%s stopped but still defined", dom->name);
+ break;
+ default:
+ DEBUG("Unknown domain event:%d on domain name:%s", event, dom->name);
+ break;
+ }
+ return 0;
+}
+
+static virDrvOpenStatus acChainOpen(virConnectPtr conn, virConnectAuthPtr auth,
+ int flags ATTRIBUTE_UNUSED, void *privPtr,
+ virDriverPtr target)
+{
+ accCtrlPrivatePtr priv = (accCtrlPrivatePtr)privPtr;
+
+ priv->conn = conn;
+ priv->target = target;
+ priv->verifier = NULL; // Set default
+
+ if(verifier == NULL)
+ {
+ DEBUG0("No verifier registered");
+ return VIR_DRV_OPEN_DECLINED;
+ }
+
+ int ret = verifier->open(priv, auth);
+ if(ret != VIR_DRV_OPEN_SUCCESS)
+ return ret;
+
+
+ if(target->domainEventRegister == NULL)
+ {
+ acError(NULL, VIR_ERR_NO_SUPPORT, "callback registering on driver:%s",
+ target->name);
+ verifier->close(priv);
+ return VIR_DRV_OPEN_DECLINED;
+ }
+
+ if(target->domainEventRegister(conn, acDomainEventCallback,
+ priv, NULL) < 0)
+ {
+ acError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "failed event callback registering on driver:%s",
+ target->name);
+ verifier->close(priv);
+ return VIR_DRV_OPEN_DECLINED;
+ }
+
+
+ priv->verifier = verifier;
+
+ DEBUG("conn:%p verifier:%s", conn, priv->verifier->name);
+
+ return VIR_DRV_OPEN_SUCCESS;
+}
+
+static int acClose(virConnectPtr conn)
+{
+ int retval;
+ GET_PRIVATE(conn);
+ DEBUG("conn:%p", conn);
+ if(priv->verifier != NULL)
+ priv->verifier->close(priv);
+ retval = priv->target->close(conn);
+ return retval;
+}
+
+
+static const char *acGetType(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_HOST_ACTION(priv, ACC_CTRL_MODE_READ) == ACC_CTRL_CHECK_OK)
+ return priv->target->type(conn);
+ else
+ return NULL;
+}
+
+static int acGetVersion(virConnectPtr conn,
+ unsigned long *hvVer)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_HOST_ACTION(priv, ACC_CTRL_MODE_READ) == ACC_CTRL_CHECK_OK)
+ return priv->target->version(conn, hvVer);
+ else
+ return -1;
+}
+
+static char *acGetHostname(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_HOST_ACTION(priv, ACC_CTRL_MODE_READ) == ACC_CTRL_CHECK_OK)
+ return priv->target->getHostname(conn);
+ else
+ return NULL;
+}
+
+static int acGetMaxVcpus(virConnectPtr conn,
+ const char *type)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_HOST_ACTION(priv, ACC_CTRL_MODE_READ) == ACC_CTRL_CHECK_OK)
+ return priv->target->getMaxVcpus(conn, type);
+ else
+ return -1;
+}
+
+static int acNodeGetInfo(virConnectPtr conn,
+ virNodeInfoPtr info)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_HOST_ACTION(priv, ACC_CTRL_MODE_READ) == ACC_CTRL_CHECK_OK)
+ return priv->target->nodeGetInfo(conn, info);
+ else
+ return -1;
+}
+
+static char *acGetCapabilities(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_HOST_ACTION(priv, ACC_CTRL_MODE_READ) == ACC_CTRL_CHECK_OK)
+ return priv->target->getCapabilities(conn);
+ else
+ return NULL;
+}
+
+static int acListDomains (virConnectPtr conn,
+ int *ids,
+ int maxids)
+{
+ GET_PRIVATE(conn);
+ return acFilteredListDomains(priv, ids, maxids);
+}
+
+static int acNumOfDomains(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ return acFilteredListDomains(priv, NULL, -1);
+}
+
+static virDomainPtr acDomainCreateXML(virConnectPtr conn, const char *xml,
+ unsigned int flags)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_DOMAIN_CREATE(priv, xml))
+ {
+ virDomainPtr domain = priv->target->domainCreateXML(conn, xml, flags);
+ if(priv->verifier != NULL && priv->verifier->postDomainCreate != NULL)
+ priv->verifier->postDomainCreate(priv, domain);
+ return domain;
+ }
+ else
+ return NULL;
+}
+
+static virDomainPtr acDomainLookupByID(virConnectPtr conn,
+ int id)
+{
+ GET_PRIVATE(conn);
+ virDomainPtr domain = priv->target->domainLookupByID(conn, id);
+ if(domain == NULL)
+ return NULL;
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return domain;
+ else
+ return NULL;
+}
+
+static virDomainPtr acDomainLookupByUUID(virConnectPtr conn,
+ const unsigned char *uuid)
+{
+ GET_PRIVATE(conn);
+ virDomainPtr domain = priv->target->domainLookupByUUID(conn, uuid);
+ if(domain == NULL)
+ return NULL;
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return domain;
+ else
+ return NULL;
+}
+
+static virDomainPtr acDomainLookupByName(virConnectPtr conn,
+ const char *name)
+{
+ GET_PRIVATE(conn);
+ virDomainPtr domain = priv->target->domainLookupByName(conn, name);
+ if(domain == NULL)
+ return NULL;
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return domain;
+ else
+ return NULL;
+}
+
+static int acDomainSuspend(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainSuspend(domain);
+ else
+ return -1;
+}
+
+static int acDomainResume(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainResume(domain);
+ else
+ return -1;
+}
+static int acDomainShutdown(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainShutdown(domain);
+ else
+ return -1;
+}
+static int acDomainReboot(virDomainPtr domain, unsigned int action)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainReboot(domain, action);
+ else
+ return -1;
+}
+
+static int acDomainDestroy(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_DELETE))
+ {
+ int ret = priv->target->domainDestroy(domain);
+ return ret;
+ }
+ else
+ return -1;
+}
+
+static char *acDomainGetOSType(virDomainPtr domain) {
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainGetOSType(domain);
+ else
+ return NULL;
+}
+
+static unsigned long acDomainGetMaxMemory(virDomainPtr domain) {
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainGetMaxMemory(domain);
+ else
+ return 0;
+}
+
+static int acDomainSetMaxMemory(virDomainPtr domain,
+ unsigned long memory)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainSetMaxMemory(domain, memory);
+ else
+ return -1;
+}
+
+static int acDomainSetMemory(virDomainPtr domain,
+ unsigned long memory)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainSetMemory(domain, memory);
+ else
+ return -1;
+}
+
+static int acDomainGetInfo(virDomainPtr domain,
+ virDomainInfoPtr info)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainGetInfo(domain, info);
+ else
+ return -1;
+}
+
+static int acDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainSetVcpus(domain, nvcpus);
+ else
+ return -1;
+}
+
+static int acDomainPinVcpu(virDomainPtr domain, unsigned int vcpu,
+ unsigned char *cpumap, int maplen)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainPinVcpu(domain, vcpu, cpumap, maplen);
+ else
+ return -1;
+}
+
+static int acDomainGetVcpus(virDomainPtr domain,
+ virVcpuInfoPtr info, int maxinfo,
+ unsigned char *cpumaps, int maplen)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainGetVcpus(domain, info, maxinfo,
+ cpumaps, maplen);
+ else
+ return -1;
+}
+
+static int acDomainGetMaxVcpus(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainGetMaxVcpus(domain);
+ else
+ return -1;
+}
+
+static char *acDomainDumpXML(virDomainPtr domain, int flags)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainDumpXML(domain, flags);
+ else
+ return NULL;
+}
+
+static int acListDefinedDomains(virConnectPtr conn,
+ char **const names,
+ int maxnames)
+{
+ GET_PRIVATE(conn);
+ return acFilteredListDefinedDomains(priv, names, maxnames);
+}
+
+static int acNumOfDefinedDomains(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ return acFilteredListDefinedDomains(priv, NULL, -1);
+}
+
+static int acDomainStart(virDomainPtr domain) {
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainCreate(domain);
+ else
+ return -1;
+}
+
+static virDomainPtr acDomainDefineXML(virConnectPtr conn, const char *xml)
+{
+ GET_PRIVATE(conn);
+ if(AC_CHECK_DOMAIN_DEFINE(priv, xml))
+ {
+ virDomainPtr domain = priv->target->domainDefineXML(conn, xml);
+ if(priv->verifier != NULL && priv->verifier->postDomainDefine != NULL)
+ priv->verifier->postDomainDefine(priv, domain);
+ return domain;
+ }
+ else
+ return NULL;
+}
+
+static int acDomainUndefine(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_DELETE))
+ {
+ int ret = priv->target->domainUndefine(domain);
+ return ret;
+ }
+ else
+ return -1;
+}
+
+static int acDomainGetAutostart(virDomainPtr domain,
+ int *autostart)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_READ))
+ return priv->target->domainGetAutostart(domain, autostart);
+ else
+ return -1;
+}
+
+static int acDomainSetAutostart(virDomainPtr domain,
+ int autostart)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ if(AC_CHECK_DOMAIN_ACTION(priv, domain, ACC_CTRL_MODE_MODIFY))
+ return priv->target->domainSetAutostart(domain, autostart);
+ else
+ return -1;
+}
+
+static int acStartup(void)
+{
+ DEBUG0("called");
+ return 0;
+}
+
+static int acShutdown(void)
+{
+ if(verifier != NULL && verifier->shutdown != NULL)
+ return verifier->shutdown(NULL);
+ return 0;
+}
+
+static int acReload(void)
+{
+ if(verifier != NULL && verifier->reload != NULL)
+ return verifier->reload(NULL);
+ return 0;
+}
+
+static int acActive(void)
+{
+ DEBUG0("called");
+ return 1;
+}
+
+
+static virDriver baseDriver = {
+ 0,
+ "AccCtrl",
+ NULL, /* open */
+ acClose, /* close */
+ NULL, /* supports_feature */
+ acGetType, /* type */
+ acGetVersion, /* version */
+ acGetHostname, /* hostname */
+ NULL, /* URI */
+ acGetMaxVcpus, /* getMaxVcpus */
+ acNodeGetInfo, /* nodeGetInfo */
+ acGetCapabilities, /* getCapabilities */
+ acListDomains, /* listDomains */
+ acNumOfDomains, /* numOfDomains */
+ acDomainCreateXML, /* domainCreateXML */
+ acDomainLookupByID, /* domainLookupByID */
+ acDomainLookupByUUID, /* domainLookupByUUID */
+ acDomainLookupByName, /* domainLookupByName */
+ acDomainSuspend, /* domainSuspend */
+ acDomainResume, /* domainResume */
+ acDomainShutdown, /* domainShutdown */
+ acDomainReboot, /* domainReboot */
+ acDomainDestroy, /* domainDestroy */
+ acDomainGetOSType, /* domainGetOSType */
+ acDomainGetMaxMemory, /* domainGetMaxMemory */
+ acDomainSetMaxMemory, /* domainSetMaxMemory */
+ acDomainSetMemory, /* domainSetMemory */
+ acDomainGetInfo, /* domainGetInfo */
+ NULL, /* domainSave */
+ NULL, /* domainRestore */
+ NULL, /* domainCoreDump */
+ acDomainSetVcpus, /* domainSetVcpus */
+ acDomainPinVcpu, /* domainPinVcpu */
+ acDomainGetVcpus, /* domainGetVcpus */
+ acDomainGetMaxVcpus, /* domainGetMaxVcpus */
+ acDomainDumpXML, /* domainDumpXML */
+ acListDefinedDomains, /* listDefinedDomains */
+ acNumOfDefinedDomains, /* numOfDefinedDomains */
+ acDomainStart, /* domainCreate */
+ acDomainDefineXML, /* domainDefineXML */
+ acDomainUndefine, /* domainUndefine */
+ NULL, /* domainAttachDevice */
+ NULL, /* domainDetachDevice */
+ acDomainGetAutostart, /* domainGetAutostart */
+ acDomainSetAutostart, /* domainSetAutostart */
+ NULL, /* domainGetSchedulerType */
+ NULL, /* domainGetSchedulerParameters */
+ NULL, /* domainSetSchedulerParameters */
+ NULL, /* domainMigratePrepare */
+ NULL, /* domainMigratePerform */
+ NULL, /* domainMigrateFinish */
+ NULL, /* domainBlockStats */
+ NULL, /* domainInterfaceStats */
+ NULL, /* domainBlockPeek */
+ NULL, /* domainMemoryPeek */
+ NULL, /* nodeGetCellsFreeMemory */
+ NULL, /* getFreeMemory */
+ NULL, /* domainEventRegister */
+ NULL, /* domainEventDeregister */
+ NULL, /* domainMigratePrepare2 */
+ NULL, /* domainMigrateFinish2 */
+};
+
+static chainDriver accCtrlChainDriver = {
+ &baseDriver,
+ sizeof(struct _accCtrlPrivate),
+ acChainOpen,
+};
+
+static virStateDriver accCtrlStateDriver = {
+ acStartup,
+ acShutdown,
+ acReload,
+ acActive,
+};
+
+/*
+ * Public AC-module functions
+ */
+
+int accCtrlChainRegister(void)
+{
+ if(virRegisterStateDriver(&accCtrlStateDriver) < 0)
+ return -1;
+ if(rbacRegister() < 0)
+ return -1;
+ thisDriver = &accCtrlChainDriver;
+ return chainRegisterDriver(thisDriver);
+}
+
+int accCtrlRegisterVerifier(accCtrlVerifierPtr verif)
+{
+ verifier = verif;
+ DEBUG("Registered verifier module: %s", verif->name);
+ return 0;
+}
diff -BNurbp libvirt-0.6.0/src/chdrv_ac.h libvirt-ibm/src/chdrv_ac.h
--- libvirt-0.6.0/src/chdrv_ac.h 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chdrv_ac.h 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,75 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#ifndef __VIR_CHDRV_AC_H__
+#define __VIR_CHDRV_AC_H__
+
+#include "internal.h"
+#include "driver.h"
+
+typedef struct _accCtrlVerifier accCtrlVerifier;
+typedef accCtrlVerifier *accCtrlVerifierPtr;
+
+struct _accCtrlPrivate {
+ // back pointer to associated connection
+ virConnectPtr conn;
+
+ // Pointers to target driver
+ virDriverPtr target;
+
+ // Pointer to loaded access control verifier module
+ accCtrlVerifierPtr verifier;
+
+ // Private data for verifier module(s)
+ void *verifPrivateData;
+};
+typedef struct _accCtrlPrivate *accCtrlPrivatePtr;
+
+#define ACC_CTRL_CHECK_OK 1
+#define ACC_CTRL_CHECK_FAIL 0
+
+typedef enum {
+ ACC_CTRL_MODE_UNKNOWN = 0,
+ ACC_CTRL_MODE_CREATE,
+ ACC_CTRL_MODE_READ,
+ ACC_CTRL_MODE_MODIFY,
+ ACC_CTRL_MODE_DELETE,
+} accCtrlMode;
+
+// Verifier module interface
+// Minimum required: name, open, close, lastError
+struct _accCtrlVerifier {
+ const char *name;
+ int (*open) (accCtrlPrivatePtr priv, virConnectAuthPtr auth);
+ int (*close) (accCtrlPrivatePtr priv);
+ char* (*lastError) (accCtrlPrivatePtr priv, int *errNum);
+ int (*reload) (accCtrlPrivatePtr priv);
+ int (*shutdown) (accCtrlPrivatePtr priv);
+
+ int (*checkHostAction) (accCtrlPrivatePtr priv, accCtrlMode mode,
+ const char *funcName);
+ int (*checkDomainAction) (accCtrlPrivatePtr priv, virDomainPtr domain,
+ accCtrlMode mode, const char *funcName);
+ int (*checkDomainCreate) (accCtrlPrivatePtr priv, const char *funcName,
+ const char *xml);
+ int (*checkDomainDefine) (accCtrlPrivatePtr priv, const char *funcName,
+ const char *xml);
+ int (*postDomainCreate) (accCtrlPrivatePtr priv, virDomainPtr domain);
+ int (*postDomainDefine) (accCtrlPrivatePtr priv, virDomainPtr domain);
+
+ int (*domainAddedEvent) (accCtrlPrivatePtr priv, virDomainPtr domain);
+ int (*domainRemovedEvent) (accCtrlPrivatePtr priv, virDomainPtr domain);
+};
+
+int accCtrlChainRegister(void);
+
+int accCtrlRegisterVerifier(accCtrlVerifierPtr verif);
+
+#endif /* __VIR_CHDRV_AC_H__ */
diff -BNurbp libvirt-0.6.0/src/chdrv_compmgr.c libvirt-ibm/src/chdrv_compmgr.c
--- libvirt-0.6.0/src/chdrv_compmgr.c 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chdrv_compmgr.c 2009-05-14 08:31:28.000000000 +0200
@@ -0,0 +1,678 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+
+#include <xmlrpc-c/base.h>
+#include <xmlrpc-c/client.h>
+
+#include "internal.h"
+#include "datatypes.h"
+#include "logging.h"
+#include "memory.h"
+#include "virterror_internal.h"
+#include "uuid.h"
+#include "chain_driver.h"
+#include "chdrv_compmgr.h"
+
+#define COMPMGR_XMLRPC_NAME "Chain Driver relay client"
+#define COMPMGR_XMLRPC_VERSION "0.1"
+
+#define COMPMGR_COMPSTATE_STOPPED 0
+#define COMPMGR_COMPSTATE_STARTING 1
+#define COMPMGR_COMPSTATE_RUNNING 2
+#define COMPMGR_COMPSTATE_STOPPING 3
+
+struct compMgrDomain {
+ char *name;
+ char *uuidStr;
+ unsigned char uuid[VIR_UUID_BUFLEN];
+ int state;
+};
+typedef struct compMgrDomain *compMgrDomainPtr;
+
+struct compMgrDomainList {
+ compMgrDomainPtr *doms;
+ int count;
+};
+typedef struct compMgrDomainList *compMgrDomainListPtr;
+
+struct compMgrPrivate {
+ virConnectPtr conn;
+ virDriverPtr target;
+ xmlrpc_client *clientP;
+
+ struct compMgrDomainList domList;
+};
+typedef struct compMgrPrivate *compMgrPrivatePtr;
+
+static chainDriverPtr thisDriver;
+
+static const char *serverUrl = "http://localhost:6150/RPC2";
+
+#define compMgrError(conn, code, fmt...) \
+ virReportErrorHelper(conn, VIR_FROM_RPC, code, __FILE__, \
+ __FUNCTION__, __LINE__, fmt)
+
+#define GET_PRIVATE(conn) \
+ compMgrPrivatePtr priv = (compMgrPrivatePtr)chainDrvGetPriv(conn, thisDriver)
+#define GET_PRIVATE_FROM_DOM(domain) \
+ GET_PRIVATE(domain->conn)
+
+#define XMLRPC_ENV_INIT xmlrpc_env env; xmlrpc_env_init(&env)
+#define XMLRPC_ENV_CLEAN xmlrpc_env_clean(&env)
+
+static int faultOccurred(xmlrpc_env *envP) {
+ if(envP->fault_occurred) {
+ DEBUG("XML-RPC Fault: %s (%d)",
+ envP->fault_string, envP->fault_code);
+ xmlrpc_env_clean(envP);
+ return 1;
+ }
+ return 0;
+}
+
+static compMgrDomainPtr newDomain(const char *name,
+ const char *uuidStr)
+{
+ compMgrDomainPtr dom = NULL;
+ if(VIR_ALLOC(dom) < 0)
+ return NULL;
+ if(virUUIDParse(uuidStr, dom->uuid) < 0)
+ {
+ VIR_FREE(dom);
+ return NULL;
+ }
+ dom->name = strdup(name);
+ dom->uuidStr = strdup(uuidStr);
+ return dom;
+}
+
+static void freeDomain(compMgrDomainPtr dom)
+{
+ if(dom->name != NULL)
+ VIR_FREE(dom->name);
+ if(dom->uuidStr != NULL)
+ VIR_FREE(dom->uuidStr);
+ VIR_FREE(dom);
+}
+
+static int addDomain(compMgrDomainListPtr listPtr, compMgrDomainPtr dom)
+{
+ if(VIR_REALLOC_N(listPtr->doms, listPtr->count + 1) < 0)
+ return -1;
+ listPtr->doms[listPtr->count] = dom;
+ listPtr->count++;
+ return 0;
+}
+
+static void initDomainList(compMgrDomainListPtr listPtr)
+{
+ memset(listPtr, 0, sizeof(struct compMgrDomainList));
+}
+
+static void freeDomainList(compMgrDomainListPtr listPtr)
+{
+ int i;
+ for(i = 0; i < listPtr->count; i++)
+ freeDomain(listPtr->doms[i]);
+ VIR_FREE(listPtr->doms);
+ listPtr->doms = NULL;
+ listPtr->count = 0;
+}
+
+static compMgrDomainPtr findDomainByName(compMgrDomainListPtr listPtr,
+ const char *name)
+{
+ compMgrDomainPtr dom = NULL;
+ int i;
+ for(i = 0; i < listPtr->count; i++)
+ {
+ if(strcmp(listPtr->doms[i]->name, name) == 0)
+ return listPtr->doms[i];
+ }
+ return dom;
+}
+
+static compMgrDomainPtr findDomainByUUID(compMgrDomainListPtr listPtr,
+ const unsigned char *uuid)
+{
+ compMgrDomainPtr dom = NULL;
+ int i;
+ for(i = 0; i < listPtr->count; i++)
+ {
+ if(memcmp(listPtr->doms[i]->uuid, uuid, VIR_UUID_BUFLEN) == 0)
+ return listPtr->doms[i];
+ }
+ return dom;
+}
+
+static compMgrDomainPtr findDomainByUUIDStr(compMgrDomainListPtr listPtr,
+ const char *uuidStr)
+{
+ unsigned char uuid[VIR_UUID_BUFLEN];
+ if(virUUIDParse(uuidStr, uuid) < 0)
+ return NULL;
+ return findDomainByUUID(listPtr, uuid);
+}
+
+static compMgrDomainPtr findDomain(compMgrDomainListPtr listPtr,
+ const virDomainPtr virDom)
+{
+ return findDomainByUUID(listPtr, virDom->uuid);
+}
+
+static int compMgrEnabledConfig(const char *xmlDescr)
+{
+ if(strstr(xmlDescr, "security") != NULL)
+ return 1; // Config contains security section for Compmgr
+ return 0; // Config not enabled for CompMgr
+}
+
+/*
+ * Compartment Manager remote functions
+ */
+static int compMgrGetVMs(compMgrPrivatePtr priv)
+{
+ XMLRPC_ENV_INIT;
+ freeDomainList(&(priv->domList));
+
+ xmlrpc_value *resultP;
+ xmlrpc_client_call2f(&env, priv->clientP, serverUrl, "VM.list", &resultP,
+ "(n)");
+ if(faultOccurred(&env))
+ return -1;
+
+ int alen = xmlrpc_array_size(&env, resultP);
+ DEBUG("Received %d VMs", alen);
+ int i;
+ for(i = 0; i < alen; i++)
+ {
+ xmlrpc_value *itemP;
+ xmlrpc_array_read_item(&env, resultP, i, &itemP);
+ if(faultOccurred(&env))
+ return -1;
+
+ char *domName = NULL;
+ char *domUuid = NULL;
+ char *domState = NULL;
+
+ if(xmlrpc_struct_has_key(&env, itemP, "name"))
+ xmlrpc_decompose_value(&env, itemP, "{s:s,*}",
+ "name", &domName);
+ else
+ {
+ DEBUG0("Missing domain name from CompMgr, ignoring domain");
+ continue;
+ }
+ if(xmlrpc_struct_has_key(&env, itemP, "uuid"))
+ xmlrpc_decompose_value(&env, itemP, "{s:s,*}",
+ "uuid", &domUuid);
+ else
+ {
+ DEBUG("Missing domain uuid from CompMgr, ignoring domain:%s",
+ domName);
+ free(domName);
+ continue;
+ }
+
+ if(xmlrpc_struct_has_key(&env, itemP, "state"))
+ xmlrpc_decompose_value(&env, itemP, "{s:s,*}",
+ "state", &domState);
+ else
+ {
+ DEBUG("Missing domain state from CompMgr, ignoring domain:%s",
+ domName);
+ free(domName);
+ free(domUuid);
+ continue;
+ }
+
+ compMgrDomainPtr dom = newDomain(domName, domUuid);
+ if(dom != NULL) {
+ addDomain(&(priv->domList), dom);
+ if(strcmp(domState, "stopped") == 0)
+ dom->state = COMPMGR_COMPSTATE_STOPPED;
+ else if(strcmp(domState, "starting") == 0)
+ dom->state = COMPMGR_COMPSTATE_STARTING;
+ else if(strcmp(domState, "running") == 0)
+ dom->state = COMPMGR_COMPSTATE_RUNNING;
+ else if(strcmp(domState, "stopping") == 0)
+ dom->state = COMPMGR_COMPSTATE_STOPPING;
+ }
+
+ free(domName);
+ free(domUuid);
+ free(domState);
+ }
+ xmlrpc_DECREF(resultP);
+ XMLRPC_ENV_CLEAN;
+ return 0;
+}
+
+static char* compMgrRegisterVM(compMgrPrivatePtr priv, const char *xmlDescr)
+{
+ XMLRPC_ENV_INIT;
+ DEBUG("xmlDescr:%d", strlen(xmlDescr));
+
+ xmlrpc_value *resultP;
+ xmlrpc_client_call2f(&env, priv->clientP, serverUrl, "VM.register",
+ &resultP, "(s)", xmlDescr);
+ if(faultOccurred(&env))
+ return NULL;
+
+ char *uuidStr = NULL;
+ xmlrpc_decompose_value(&env, resultP, "(s)",
+ &uuidStr);
+ xmlrpc_DECREF(resultP);
+ XMLRPC_ENV_CLEAN;
+ return uuidStr;
+}
+
+static int compMgrDeregisterVM(compMgrPrivatePtr priv, compMgrDomainPtr dom)
+{
+ XMLRPC_ENV_INIT;
+ DEBUG("domain:%s", dom->name);
+
+ xmlrpc_value *resultP;
+ xmlrpc_client_call2f(&env, priv->clientP, serverUrl, "VM.deregister",
+ &resultP, "({s:s})", "uuid", dom->uuidStr);
+ if(faultOccurred(&env))
+ return -1;
+ xmlrpc_DECREF(resultP);
+ XMLRPC_ENV_CLEAN;
+ return 0;
+}
+
+static char* compMgrGetVMConf(compMgrPrivatePtr priv, compMgrDomainPtr dom)
+{
+ XMLRPC_ENV_INIT;
+ DEBUG("domain:%s", dom->name);
+
+ xmlrpc_value *resultP;
+ xmlrpc_client_call2f(&env, priv->clientP, serverUrl, "VM.get_config",
+ &resultP, "({s:s})", "uuid", dom->uuidStr);
+ if(faultOccurred(&env))
+ return NULL;
+
+ char *xmlDescr = NULL;
+ xmlrpc_decompose_value(&env, resultP, "(s)", &xmlDescr);
+ if(faultOccurred(&env))
+ return NULL;
+
+ xmlrpc_DECREF(resultP);
+ XMLRPC_ENV_CLEAN;
+ return xmlDescr;
+}
+
+static int compMgrStartVM(compMgrPrivatePtr priv, compMgrDomainPtr dom)
+{
+ XMLRPC_ENV_INIT;
+ DEBUG("domain:%s", dom->name);
+
+ xmlrpc_value *resultP;
+ xmlrpc_client_call2f(&env, priv->clientP, serverUrl, "VM.start",
+ &resultP, "({s:s})", "uuid", dom->uuidStr);
+ if(faultOccurred(&env))
+ return -1;
+ xmlrpc_DECREF(resultP);
+ XMLRPC_ENV_CLEAN;
+ return 0;
+}
+
+static int compMgrStopVM(compMgrPrivatePtr priv, compMgrDomainPtr dom)
+{
+ XMLRPC_ENV_INIT;
+ DEBUG("domain:%s", dom->name);
+ xmlrpc_value *resultP;
+ xmlrpc_client_call2f(&env, priv->clientP, serverUrl, "VM.stop",
+ &resultP, "({s:s})", "uuid", dom->uuidStr);
+ if(faultOccurred(&env))
+ return -1;
+ xmlrpc_DECREF(resultP);
+ XMLRPC_ENV_CLEAN;
+ return 0;
+}
+
+/*
+ * Driver functions
+ */
+static int driverChainOpen(virConnectPtr conn,
+ virConnectAuthPtr auth,
+ int flags ATTRIBUTE_UNUSED, void *privPtr,
+ virDriverPtr target)
+{
+ compMgrPrivatePtr priv = (compMgrPrivatePtr)privPtr;
+ priv->conn = conn;
+ priv->target = target;
+ initDomainList(&(priv->domList));
+
+ if(auth == NULL)
+ {
+ DEBUG0("No auth data, CompMgr relay not enabled");
+ return VIR_DRV_OPEN_DECLINED;
+ }
+ if(auth->remote_type == 0)
+ {
+ DEBUG0("Connection over Unix-socket, CompMgr relay not enabled");
+ return VIR_DRV_OPEN_DECLINED;
+ }
+
+ XMLRPC_ENV_INIT;
+ xmlrpc_client_create(&env, XMLRPC_CLIENT_NO_FLAGS, COMPMGR_XMLRPC_NAME,
+ COMPMGR_XMLRPC_VERSION, NULL, 0, &(priv->clientP));
+ if(faultOccurred(&env))
+ {
+ compMgrError(conn, VIR_ERR_INTERNAL_ERROR,
+ "Failed to create XMLRPC client");
+ priv->clientP = NULL;
+ return VIR_DRV_OPEN_ERROR;
+ }
+
+ if(compMgrGetVMs(priv) < 0)
+ {
+ DEBUG0("Failed to retreive list from CompMgr, will continue empty");
+ /*
+ xmlrpc_client_destroy(priv->clientP);
+ priv->clientP = NULL;
+ return VIR_DRV_OPEN_ERROR;
+ */
+ }
+
+ DEBUG("compMgr open conn:%p URI:%s", conn, serverUrl);
+ return VIR_DRV_OPEN_SUCCESS;
+}
+
+static int driverClose(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ DEBUG("compMgr conn:%p", conn);
+ if(priv->clientP != NULL) {
+ xmlrpc_client_event_loop_finish(priv->clientP);
+ DEBUG0("TODO: xmlrpc_client_destroy() skipped, since it might crash");
+ //xmlrpc_client_destroy(priv->clientP);
+ priv->clientP = NULL;
+ }
+ return priv->target->close(conn);
+}
+
+static virDomainPtr domainCreateXML(virConnectPtr conn,
+ const char *xml ATTRIBUTE_UNUSED,
+ unsigned int flags ATTRIBUTE_UNUSED)
+{
+ compMgrError(conn, VIR_ERR_INTERNAL_ERROR,
+ "CompMgr: Create command not allowed, please use define+start");
+ return NULL;
+}
+
+static virDomainPtr domainLookupByUUID(virConnectPtr conn,
+ const unsigned char *uuid)
+{
+ GET_PRIVATE(conn);
+ compMgrDomainPtr dom = findDomainByUUID(&(priv->domList), uuid);
+ if(dom != NULL)
+ {
+ DEBUG("using local ref: %s", dom->name);
+ return virGetDomain(conn, dom->name, dom->uuid);
+ }
+
+ return priv->target->domainLookupByUUID(conn, uuid);
+}
+
+static virDomainPtr domainLookupByName(virConnectPtr conn,
+ const char *name)
+{
+ GET_PRIVATE(conn);
+ compMgrDomainPtr dom = findDomainByName(&(priv->domList), name);
+ if(dom != NULL)
+ {
+ DEBUG("using local ref: %s", dom->name);
+ return virGetDomain(conn, dom->name, dom->uuid);
+ }
+
+ return priv->target->domainLookupByName(conn, name);
+}
+
+
+static int domainShutdown(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ compMgrDomainPtr dom = findDomain(&(priv->domList), domain);
+ if(dom != NULL)
+ {
+ DEBUG("using local ref: %s", dom->name);
+ return compMgrStopVM(priv, dom);
+ }
+ return priv->target->domainShutdown(domain);
+}
+
+static int domainDestroy(virDomainPtr domain)
+{
+ compMgrError(domain->conn, VIR_ERR_INTERNAL_ERROR,
+ "CompMgr: Destroy command not allowed, please use shutdown+undefine");
+ return -1;
+}
+
+static int domainGetInfo(virDomainPtr domain,
+ virDomainInfoPtr info)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ compMgrDomainPtr dom = findDomain(&(priv->domList), domain);
+ if((dom != NULL) && (dom->state != COMPMGR_COMPSTATE_RUNNING))
+ {
+ DEBUG("using local ref: %s", dom->name);
+ memset(info, 0, sizeof(*info));
+ switch(dom->state) {
+ case COMPMGR_COMPSTATE_STOPPED:
+ info->state = VIR_DOMAIN_SHUTOFF;
+ break;
+ case COMPMGR_COMPSTATE_STARTING:
+ info->state = VIR_DOMAIN_BLOCKED;
+ break;
+ case COMPMGR_COMPSTATE_STOPPING:
+ info->state = VIR_DOMAIN_SHUTDOWN;
+ break;
+ default:
+ info->state = VIR_DOMAIN_NOSTATE;
+ break;
+ }
+ return 0;
+ }
+ return priv->target->domainGetInfo(domain, info);
+}
+
+static char *domainDumpXML(virDomainPtr domain, int flags)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ compMgrDomainPtr dom = findDomain(&(priv->domList), domain);
+ if(dom != NULL && (dom->state != COMPMGR_COMPSTATE_RUNNING))
+ {
+ DEBUG("using local ref: %s", dom->name);
+ return compMgrGetVMConf(priv, dom);
+ }
+ return priv->target->domainDumpXML(domain, flags);
+}
+
+static int listDefinedDomains(virConnectPtr conn,
+ char **const names,
+ int maxnames)
+{
+ GET_PRIVATE(conn);
+ compMgrGetVMs(priv);
+ int ret = priv->target->listDefinedDomains(conn, names, maxnames);
+ if(ret < 0)
+ return ret;
+ int i = 0;
+ int inj = 0;
+ while((ret < maxnames) && (i < priv->domList.count))
+ {
+ if(priv->domList.doms[i]->state == COMPMGR_COMPSTATE_STOPPED) {
+ names[ret] = strdup(priv->domList.doms[i]->name);
+ ret++;
+ inj++;
+ }
+ i++;
+ }
+ DEBUG("CompMgr injected comps:%d", inj);
+ return ret;
+}
+
+static int numOfDefinedDomains(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ compMgrGetVMs(priv);
+ int drvCount = priv->target->numOfDefinedDomains(conn);
+ if(drvCount < 0)
+ return drvCount;
+ int i, mgrCount = 0;
+ for(i = 0; i < priv->domList.count; i++) {
+ if(priv->domList.doms[i]->state == COMPMGR_COMPSTATE_STOPPED)
+ mgrCount++;
+ }
+ DEBUG("Driver:%d CompMgr:%d", drvCount, mgrCount);
+ return (drvCount + mgrCount);
+}
+
+static int domainCreate(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ compMgrDomainPtr dom = findDomain(&(priv->domList), domain);
+ if(dom != NULL)
+ {
+ DEBUG("using local ref: %s", dom->name);
+ int ret = compMgrStartVM(priv, dom);
+ compMgrGetVMs(priv);
+ return ret;
+ }
+ return priv->target->domainCreate(domain);
+}
+
+static virDomainPtr domainDefineXML(virConnectPtr conn, const char *xml)
+{
+ GET_PRIVATE(conn);
+ if(compMgrEnabledConfig(xml))
+ {
+ DEBUG0("Security enabled config");
+ char *uuidStr = compMgrRegisterVM(priv, xml);
+ if(uuidStr == NULL)
+ return NULL;
+ compMgrGetVMs(priv);
+ compMgrDomainPtr dom = findDomainByUUIDStr(&(priv->domList), uuidStr);
+ if(dom == NULL)
+ return NULL;
+ return virGetDomain(conn, dom->name, dom->uuid);
+ }
+ return priv->target->domainDefineXML(conn, xml);
+}
+
+static int domainUndefine(virDomainPtr domain)
+{
+ GET_PRIVATE_FROM_DOM(domain);
+ compMgrDomainPtr dom = findDomain(&(priv->domList), domain);
+ if(dom != NULL)
+ {
+ DEBUG("using local ref: %s", dom->name);
+ int ret = compMgrDeregisterVM(priv, dom);
+ compMgrGetVMs(priv);
+ return ret;
+ }
+ return priv->target->domainUndefine(domain);
+}
+
+/*
+ * Internal functions
+ */
+static virDriver baseDriver = {
+ 0,
+ "CompMgr",
+ NULL, /* open */
+ driverClose, /* close */
+ NULL, /* supports_feature */
+ NULL, /* type */
+ NULL, /* version */
+ NULL, /* hostname */
+ NULL, /* URI */
+ NULL, /* getMaxVcpus */
+ NULL, /* nodeGetInfo */
+ NULL, /* getCapabilities */
+ NULL, /* listDomains */
+ NULL, /* numOfDomains */
+ domainCreateXML, /* domainCreateXML */
+ NULL, /* domainLookupByID */
+ domainLookupByUUID, /* domainLookupByUUID */
+ domainLookupByName, /* domainLookupByName */
+ NULL, /* domainSuspend */
+ NULL, /* domainResume */
+ domainShutdown, /* domainShutdown */
+ NULL, /* domainReboot */
+ domainDestroy, /* domainDestroy */
+ NULL, /* domainGetOSType */
+ NULL, /* domainGetMaxMemory */
+ NULL, /* domainSetMaxMemory */
+ NULL, /* domainSetMemory */
+ domainGetInfo, /* domainGetInfo */
+ NULL, /* domainSave */
+ NULL, /* domainRestore */
+ NULL, /* domainCoreDump */
+ NULL, /* domainSetVcpus */
+ NULL, /* domainPinVcpu */
+ NULL, /* domainGetVcpus */
+ NULL, /* domainGetMaxVcpus */
+ domainDumpXML, /* domainDumpXML */
+ listDefinedDomains, /* listDefinedDomains */
+ numOfDefinedDomains, /* numOfDefinedDomains */
+ domainCreate, /* domainCreate */
+ domainDefineXML, /* domainDefineXML */
+ domainUndefine, /* domainUndefine */
+ NULL, /* domainAttachDevice */
+ NULL, /* domainDetachDevice */
+ NULL, /* domainGetAutostart */
+ NULL, /* domainSetAutostart */
+ NULL, /* domainGetSchedulerType */
+ NULL, /* domainGetSchedulerParameters */
+ NULL, /* domainSetSchedulerParameters */
+ NULL, /* domainMigratePrepare */
+ NULL, /* domainMigratePerform */
+ NULL, /* domainMigrateFinish */
+ NULL, /* domainBlockStats */
+ NULL, /* domainInterfaceStats */
+ NULL, /* domainBlockPeek */
+ NULL, /* domainMemoryPeek */
+ NULL, /* nodeGetCellsFreeMemory */
+ NULL, /* getFreeMemory */
+ NULL, /* domainEventRegister */
+ NULL, /* domainEventDeregister */
+ NULL, /* domainMigratePrepare2 */
+ NULL, /* domainMigrateFinish2 */
+};
+
+static chainDriver compMgrChainDriver = {
+ &baseDriver,
+ sizeof(struct compMgrPrivate),
+ driverChainOpen,
+};
+
+/*
+ * Public functions
+ */
+int compMgrChainRegister(void)
+{
+ XMLRPC_ENV_INIT;
+ xmlrpc_client_setup_global_const(&env);
+ /*
+ xmlrpc_client_init2(&env, XMLRPC_CLIENT_NO_FLAGS,
+ COMPMGR_XMLRPC_NAME, COMPMGR_XMLRPC_VERSION, NULL, 0);
+ */
+ thisDriver = &compMgrChainDriver;
+ XMLRPC_ENV_CLEAN;
+ return chainRegisterDriver(thisDriver);
+}
diff -BNurbp libvirt-0.6.0/src/chdrv_compmgr.h libvirt-ibm/src/chdrv_compmgr.h
--- libvirt-0.6.0/src/chdrv_compmgr.h 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chdrv_compmgr.h 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,11 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+int compMgrChainRegister(void);
diff -BNurbp libvirt-0.6.0/src/chdrv_test.c libvirt-ibm/src/chdrv_test.c
--- libvirt-0.6.0/src/chdrv_test.c 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chdrv_test.c 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,152 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#include <config.h>
+#include <stdio.h>
+
+#include "internal.h"
+#include "datatypes.h"
+#include "logging.h"
+#include "memory.h"
+#include "virterror_internal.h"
+#include "chain_driver.h"
+//#include "chain_test.h"
+
+struct chainTestPrivate {
+ virDriverPtr target;
+};
+typedef struct chainTestPrivate *chainTestPrivatePtr;
+
+static chainDriverPtr thisDriver;
+
+#define GET_PRIVATE(conn) \
+ chainTestPrivatePtr priv = (chainTestPrivatePtr)chainDrvGetPriv(conn, thisDriver)
+
+/*
+ * Driver functions
+ */
+static int testChainOpen(virConnectPtr conn,
+ virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ int flags ATTRIBUTE_UNUSED, void *privPtr,
+ virDriverPtr target)
+{
+ chainTestPrivatePtr priv = (chainTestPrivatePtr)privPtr;
+ priv->target = target;
+ DEBUG("conn:%p target:%s priv:%p", conn, target->name, priv);
+ return VIR_DRV_OPEN_SUCCESS;
+}
+
+static int testClose(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ DEBUG("conn:%p", conn);
+ priv->target->close(conn);
+ return 0;
+}
+
+
+static char *testGetHostname(virConnectPtr conn)
+{
+ GET_PRIVATE(conn);
+ char *hostname = priv->target->getHostname(conn);
+ DEBUG("conn:%p hostname:%s", conn, hostname);
+ return hostname;
+}
+
+static int testListDomains(virConnectPtr conn, int *ids, int maxids)
+{
+ GET_PRIVATE(conn);
+ int ret = priv->target->listDomains(conn, ids, maxids);
+ DEBUG("conn:%p ret:%d", conn, ret);
+ return ret;
+}
+
+
+/*
+ * Internal functions
+ */
+static virDriver baseDriver = {
+ 0,
+ "chdrv_test",
+ NULL, /* open */
+ testClose, /* close */
+ NULL, /* supports_feature */
+ NULL, /* type */
+ NULL, /* version */
+ testGetHostname, /* hostname */
+ NULL, /* URI */
+ NULL, /* getMaxVcpus */
+ NULL, /* nodeGetInfo */
+ NULL, /* getCapabilities */
+ testListDomains, /* listDomains */
+ NULL, /* numOfDomains */
+ NULL, /* domainCreateXML */
+ NULL, /* domainLookupByID */
+ NULL, /* domainLookupByUUID */
+ NULL, /* domainLookupByName */
+ NULL, /* domainSuspend */
+ NULL, /* domainResume */
+ NULL, /* domainShutdown */
+ NULL, /* domainReboot */
+ NULL, /* domainDestroy */
+ NULL, /* domainGetOSType */
+ NULL, /* domainGetMaxMemory */
+ NULL, /* domainSetMaxMemory */
+ NULL, /* domainSetMemory */
+ NULL, /* domainGetInfo */
+ NULL, /* domainSave */
+ NULL, /* domainRestore */
+ NULL, /* domainCoreDump */
+ NULL, /* domainSetVcpus */
+ NULL, /* domainPinVcpu */
+ NULL, /* domainGetVcpus */
+ NULL, /* domainGetMaxVcpus */
+ NULL, /* domainDumpXML */
+ NULL, /* listDefinedDomains */
+ NULL, /* numOfDefinedDomains */
+ NULL, /* domainCreate */
+ NULL, /* domainDefineXML */
+ NULL, /* domainUndefine */
+ NULL, /* domainAttachDevice */
+ NULL, /* domainDetachDevice */
+ NULL, /* domainGetAutostart */
+ NULL, /* domainSetAutostart */
+ NULL, /* domainGetSchedulerType */
+ NULL, /* domainGetSchedulerParameters */
+ NULL, /* domainSetSchedulerParameters */
+ NULL, /* domainMigratePrepare */
+ NULL, /* domainMigratePerform */
+ NULL, /* domainMigrateFinish */
+ NULL, /* domainBlockStats */
+ NULL, /* domainInterfaceStats */
+ NULL, /* domainBlockPeek */
+ NULL, /* domainMemoryPeek */
+ NULL, /* nodeGetCellsFreeMemory */
+ NULL, /* getFreeMemory */
+ NULL, /* domainEventRegister */
+ NULL, /* domainEventDeregister */
+ NULL, /* domainMigratePrepare2 */
+ NULL, /* domainMigrateFinish2 */
+};
+
+static chainDriver chainTestDriver = {
+ &baseDriver,
+ sizeof(struct chainTestPrivate),
+ testChainOpen,
+};
+
+/*
+ * Public functions
+ */
+int testChainRegister(void)
+{
+ thisDriver = &chainTestDriver;
+ return chainRegisterDriver(thisDriver);
+}
diff -BNurbp libvirt-0.6.0/src/chdrv_test.h libvirt-ibm/src/chdrv_test.h
--- libvirt-0.6.0/src/chdrv_test.h 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/chdrv_test.h 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,11 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+int testChainRegister(void);
diff -BNurbp libvirt-0.6.0/src/datatypes.h libvirt-ibm/src/datatypes.h
--- libvirt-0.6.0/src/datatypes.h 2009-01-20 14:48:27.000000000 +0100
+++ libvirt-ibm/src/datatypes.h 2009-04-27 16:07:23.000000000 +0200
@@ -117,7 +117,7 @@ struct _virConnect {
void * networkPrivateData;
void * storagePrivateData;
void * devMonPrivateData;
-
+ void * chainPrivateData;
/*
* The lock mutex must be acquired before accessing/changing
* any of members following this point, or changing the ref
diff -BNurbp libvirt-0.6.0/src/libvirt.c libvirt-ibm/src/libvirt.c
--- libvirt-0.6.0/src/libvirt.c 2009-01-31 10:04:17.000000000 +0100
+++ libvirt-ibm/src/libvirt.c 2009-04-27 16:07:23.000000000 +0200
@@ -56,6 +56,7 @@
#include "openvz_driver.h"
#endif
#endif
+#include "chain_driver.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -322,6 +323,8 @@ virInitialize(void)
#endif
#endif
+ if(chainInitialize() == -1) return -1;
+
return(0);
}
@@ -998,6 +1001,9 @@ do_open (const char *name,
}
}
+ if(chainInject(ret, auth, flags) == VIR_DRV_OPEN_ERROR)
+ goto failed;
+
return ret;
failed:
diff -BNurbp libvirt-0.6.0/src/verif_rbac.c libvirt-ibm/src/verif_rbac.c
--- libvirt-0.6.0/src/verif_rbac.c 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/verif_rbac.c 2009-06-09 12:22:09.000000000 +0200
@@ -0,0 +1,1905 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+#include <config.h>
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <arpa/inet.h>
+#include <assert.h>
+
+#include "internal.h"
+#include "memory.h"
+#include "virterror_internal.h"
+#include "uuid.h"
+#include "util.h"
+#include "datatypes.h"
+#include "logging.h"
+#include "chain_utils.h"
+#include "chdrv_ac.h"
+#include "verif_rbac.h"
+
+#define ACL_FILE_SEP ','
+
+static const char *confFile = SYSCONF_DIR "/libvirt/verif_rbac.conf";
+static const char *confFileState = SYSCONF_DIR "/libvirt/verif_rbac.state";
+
+// Should be kept up to date with accCtrlAction enum in acc_ctrl.h
+static const char *acModeString[] = {
+ "[any]",
+ "create",
+ "read",
+ "modify",
+ "delete",
+ NULL
+};
+
+typedef enum {
+ ACL_GROUP_ANY = 0,
+ ACL_GROUP_HOST,
+ ACL_GROUP_DOMAIN
+} aclGroup;
+static const char *aclGroupString[] = {
+ "[any]",
+ "host",
+ "domain",
+ NULL
+};
+
+typedef enum {
+ ACL_MATCH_OBJ_ANY = 0,
+ ACL_MATCH_OBJ_NAME,
+ ACL_MATCH_OBJ_ID,
+ ACL_MATCH_OBJ_UUID,
+ ACL_MATCH_OBJ_OWNER
+} aclMatchObject;
+static const char *aclMatchObjectString[] = {
+ "[any]",
+ "name",
+ "id",
+ "uuid",
+ "owner",
+ NULL
+};
+
+struct aclObjMatch {
+ aclMatchObject matchBy;
+ int hasValue;
+ char *name;
+ int id;
+ unsigned char uuid[VIR_UUID_BUFLEN];
+ char *owner;
+};
+typedef struct aclObjMatch *aclObjMatchPtr;
+
+typedef enum {
+ ACL_MATCH_CALL_ANY = 0,
+ ACL_MATCH_CALL_MODE,
+ ACL_MATCH_CALL_FUNC
+} aclMatchCallType;
+static const char *aclMatchCallString[] = {
+ "[any]",
+ "mode",
+ "func",
+ NULL
+};
+
+struct aclCallMatch {
+ aclMatchCallType matchCallBy;
+ int callMode;
+ char *callFunc;
+};
+typedef struct aclCallMatch *aclCallMatchPtr;
+
+struct aclRule {
+ int id;
+ aclGroup group;
+
+ struct aclObjMatch *objMatch;
+
+ struct aclCallMatch *callMatches;
+ int callMatchCount;
+};
+typedef struct aclRule *aclRulePtr;
+
+typedef enum {
+ ACL_MATCH_ROLE_ANY = 0,
+ ACL_MATCH_ROLE_USERNAME,
+ ACL_MATCH_ROLE_SERVERADDR,
+ ACL_MATCH_ROLE_CLIENTADDR,
+} aclRoleMatchType;
+static const char *aclRoleMatchTypeString[] = {
+ "[any]",
+ "username",
+ "serverAddr",
+ "clientAddr",
+ NULL
+};
+
+struct aclRoleMatch {
+ aclRoleMatchType type;
+ char *str;
+ int strLen;
+};
+
+#define ACL_ROLE_MATCH_MAX 16
+#define ACL_RULES_MAX 128
+
+typedef struct aclRole *aclRolePtr;
+struct aclRole {
+ int id;
+ char *name;
+
+ struct aclRoleMatch match[ACL_ROLE_MATCH_MAX];
+ int matchCount;
+
+ aclRulePtr rules[ACL_RULES_MAX];
+ int ruleCount;
+
+ aclRulePtr newDomainRule;
+
+ int optEnforceOwner;
+};
+
+#define ACL_ROLES_MAX 64
+static aclRolePtr aclRoles[ACL_ROLES_MAX];
+static int aclRoleCount = 0;
+static aclRolePtr aclDefaultRole;
+static int aclUnsavedConf = 0;
+
+#define ACL_SESSION_MAX 10
+static accCtrlPrivatePtr aclSessions[ACL_SESSION_MAX];
+static int aclSessionCount = 0;
+
+// What via the session was established
+typedef enum {
+ ACL_CONNTYPE_UNKNOWN = 0,
+ ACL_CONNTYPE_UNIX,
+ ACL_CONNTYPE_TCP,
+ ACL_CONNTYPE_TLS,
+} aclConnType;
+
+
+#define ACL_ERROR_MAXLEN 128
+struct _aclPrivate {
+ // back pointer to associated connection
+ virConnectPtr conn;
+
+ char lastErrorString[ACL_ERROR_MAXLEN];
+ int lastErrorNum;
+
+ // Connection ident and auth status
+ aclConnType connType;
+ int connFd;
+ char *connUsername;
+ char *connServerAddr;
+ int connServerPort;
+ char *connClientAddr;
+ int connClientPort;
+
+ aclRolePtr role;
+ int tempAllowMode;
+};
+typedef struct _aclPrivate *aclPrivatePtr;
+
+#define GET_PRIVATE(acPriv) \
+ assert(acPriv != NULL); \
+ assert(acPriv->verifPrivateData != NULL); \
+ aclPrivatePtr priv = (aclPrivatePtr) (acPriv)->verifPrivateData
+
+#define aclError(priv, code, fmt...) \
+ aclErrorFunc(priv, code, __FILE__, __FUNCTION__, __LINE__, fmt)
+
+// Internal forward declarations
+static void aclErrorFunc(aclPrivatePtr priv, int code, const char* file,
+ const char *func, int line, const char* format, ...);
+static int aclAddSession(accCtrlPrivatePtr acPriv);
+static int aclRemoveSession(accCtrlPrivatePtr acPriv);
+static char *aclGetDomainOwner(accCtrlPrivatePtr acPriv, virDomainPtr domain);
+static int aclParseAuth(aclPrivatePtr priv, virConnectAuthPtr auth);
+static int aclCleanRoles(void);
+static aclRolePtr aclGetMatchingRole(accCtrlPrivatePtr acPriv);
+static char* aclRuleToString(aclRulePtr rule);
+static int aclMatchRuleCall(aclRulePtr rule, int mode, const char *funcName);
+static int aclMatchRuleObject(aclRulePtr rule, const char *name, int id,
+ const unsigned char *uuid, const char *owner);
+static int aclAutoAddDomainRule(aclRolePtr role, virDomainPtr domain);
+static int aclAutoRemoveDomainRule(aclRolePtr role, virDomainPtr domain);
+static int aclLoadFile(const char *filename);
+static int aclSaveFile(const char *filename);
+static int aclConfChanged(void);
+
+/*
+ * Verifier-module driver functions
+ */
+static int aclOpen(accCtrlPrivatePtr acPriv, virConnectAuthPtr auth)
+{
+ DEBUG("priv:%p auth:%p", acPriv, auth);
+ aclPrivatePtr priv;
+ /* Allocate per-connection private data. */
+ if (VIR_ALLOC(priv) < 0)
+ {
+ aclError(NULL, VIR_ERR_NO_MEMORY,
+ "allocating ACL private struct");
+ return VIR_DRV_OPEN_ERROR;
+ }
+
+ if(aclParseAuth(priv, auth) < 0)
+ {
+ VIR_FREE(priv);
+ return VIR_DRV_OPEN_ERROR;
+ }
+
+ if(priv->connType == ACL_CONNTYPE_UNKNOWN ||
+ priv->connType == ACL_CONNTYPE_UNIX)
+ {
+ DEBUG0("No AC support for this type of connection");
+ VIR_FREE(priv);
+ return VIR_DRV_OPEN_DECLINED;
+ }
+
+ acPriv->verifPrivateData = priv;
+ priv->conn = acPriv->conn;
+
+ priv->role = aclGetMatchingRole(acPriv);
+ DEBUG("Assigned role:%p name:%s", priv->role, priv->role->name);
+ if(aclAddSession(acPriv) < 0)
+ {
+ VIR_FREE(priv);
+ acPriv->verifPrivateData = NULL;
+ return VIR_DRV_OPEN_ERROR;
+ }
+ return VIR_DRV_OPEN_SUCCESS;
+}
+
+static int aclClose(accCtrlPrivatePtr acPriv)
+{
+ DEBUG("priv:%p", acPriv);
+ assert(acPriv != NULL);
+ assert(acPriv->verifPrivateData != NULL);
+
+ aclRemoveSession(acPriv);
+ VIR_FREE(acPriv->verifPrivateData);
+ acPriv->verifPrivateData = NULL;
+ return 0;
+}
+
+static char* aclLastError(accCtrlPrivatePtr acPriv, int *errNum)
+{
+ GET_PRIVATE(acPriv);
+ if(errNum != NULL)
+ *errNum = priv->lastErrorNum;
+ return priv->lastErrorString;
+}
+
+static int aclReload(accCtrlPrivatePtr acPriv ATTRIBUTE_UNUSED)
+{
+ int idx;
+
+ DEBUG("open sessions: %d",aclSessionCount);
+
+ // Temporary assign default role to all open session while reloading
+ for(idx = 0; idx < aclSessionCount; idx++)
+ {
+ assert(aclSessions[idx] != NULL);
+ GET_PRIVATE(aclSessions[idx]);
+ priv->role = aclDefaultRole;
+ DEBUG("Session:%d temporary has role:%s", idx, priv->role->name);
+ }
+
+ if(aclUnsavedConf)
+ return aclSaveFile(confFileState);
+
+ if(aclCleanRoles() < 0)
+ return -1;
+
+ if(aclLoadFile(confFileState) < 0)
+ {
+ if(aclLoadFile(confFile) < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Failed re-reading ACL file: %s",
+ confFile);
+ return -1;
+ }
+ }
+
+ // Rematch roles for open sessions
+ for(idx = 0; idx < aclSessionCount; idx++)
+ {
+ GET_PRIVATE(aclSessions[idx]);
+ priv->role = aclGetMatchingRole(aclSessions[idx]);
+ DEBUG("Session:%d now has role:%s", idx, priv->role->name);
+ }
+ return 0;
+}
+
+static int aclShutdown(accCtrlPrivatePtr acPriv ATTRIBUTE_UNUSED)
+{
+ if(aclUnsavedConf)
+ return aclSaveFile(confFileState);
+ return 0;
+}
+
+static int aclCheckHostAction(accCtrlPrivatePtr acPriv, accCtrlMode mode,
+ const char *funcName)
+{
+ GET_PRIVATE(acPriv);
+ int idx;
+ aclRolePtr role = priv->role;
+ aclRulePtr rule;
+ int match = 0;
+ for(idx = 0; idx < ACL_RULES_MAX; idx++)
+ {
+ rule = role->rules[idx];
+ if(rule == NULL)
+ continue;
+ if(rule->group != ACL_GROUP_HOST)
+ continue;
+ if(aclMatchRuleCall(rule, mode, funcName))
+ {
+ match = 1;
+ break;
+ }
+ }
+ if(match)
+ {
+ DEBUG("Matched rule: %s", aclRuleToString(rule));
+ return ACC_CTRL_CHECK_OK;
+ }
+ else
+ return ACC_CTRL_CHECK_FAIL;
+}
+
+static int aclCheckDomainAction(accCtrlPrivatePtr acPriv, virDomainPtr domain,
+ accCtrlMode mode, const char *funcName)
+{
+ GET_PRIVATE(acPriv);
+ if(priv->tempAllowMode == mode)
+ {
+ DEBUG("Matched temporary allow mode: %s", acModeString[mode]);
+ return ACC_CTRL_CHECK_OK;
+ }
+ int idx;
+ aclRolePtr role = priv->role;
+ aclRulePtr rule;
+ char *owner = NULL;
+
+ for(idx = 0; idx < ACL_RULES_MAX; idx++)
+ {
+ rule = role->rules[idx];
+ if(rule == NULL)
+ continue;
+ if(rule->group != ACL_GROUP_DOMAIN)
+ continue;
+
+ if(owner != NULL) {
+ free(owner);
+ owner = NULL;
+ }
+ // Only retreive owner tag if rule is going to look at it
+ // (expensive task)
+ if((rule->objMatch != NULL) &&
+ (rule->objMatch->matchBy == ACL_MATCH_OBJ_OWNER))
+ {
+ owner = aclGetDomainOwner(acPriv, domain);
+ }
+
+ if(!aclMatchRuleObject(rule, domain->name, domain->id, domain->uuid,
+ owner))
+ continue;
+
+ if(!aclMatchRuleCall(rule, mode, funcName))
+ continue;
+
+ break;
+ }
+ if(idx == ACL_RULES_MAX)
+ return ACC_CTRL_CHECK_FAIL;
+
+ DEBUG("Matched rule: %s", aclRuleToString(rule));
+ return ACC_CTRL_CHECK_OK;
+}
+
+static int aclCheckNewDomain(accCtrlPrivatePtr acPriv, const char *funcName,
+ const char *xml)
+{
+ GET_PRIVATE(acPriv);
+ int idx;
+ aclRolePtr role = priv->role;
+ aclRulePtr rule;
+
+ for(idx = 0; idx < ACL_RULES_MAX; idx++)
+ {
+ rule = role->rules[idx];
+ if(rule == NULL)
+ continue;
+ if(rule->group != ACL_GROUP_DOMAIN)
+ continue;
+
+ if(!aclMatchRuleCall(rule, ACC_CTRL_MODE_CREATE, funcName))
+ continue;
+ break;
+ }
+ if(idx == ACL_RULES_MAX)
+ return ACC_CTRL_CHECK_FAIL;
+ DEBUG("Matched rule: %s", aclRuleToString(rule));
+
+ char *domName = getDomainNameFromXML(xml);
+ if(domName == NULL)
+ {
+ aclError(priv, VIR_ERR_XML_ERROR,
+ "Failed getting domain name from XML description");
+ return ACC_CTRL_CHECK_FAIL;
+ }
+ if(role->optEnforceOwner)
+ {
+ char *owner = getTagFromXML(xml, "owner");
+ if((owner == NULL) ||
+ (strcmp(owner, role->name) != 0))
+ {
+ aclError(priv, VIR_ERR_XML_ERROR,
+ "Owner tag '%s' in XML not matching role name '%s'",
+ owner, role->name);
+ free(owner);
+ return ACC_CTRL_CHECK_FAIL;
+ }
+ free(owner);
+ }
+
+ if(acPriv->target->domainLookupByName(acPriv->conn, domName) != NULL)
+ {
+ aclError(priv, VIR_ERR_DOM_EXIST,
+ "name:%s", domName);
+ return ACC_CTRL_CHECK_FAIL;
+ }
+ return ACC_CTRL_CHECK_OK;
+}
+
+static int aclCheckDomainCreate(accCtrlPrivatePtr acPriv, const char *funcName,
+ const char *xml)
+{
+ if(aclCheckNewDomain(acPriv, funcName, xml) == ACC_CTRL_CHECK_FAIL)
+ return ACC_CTRL_CHECK_FAIL;
+
+ GET_PRIVATE(acPriv);
+ // Temporary allow all read actions for this session to allow underlying
+ // driver to do queries during create process.
+ // This will be reset in postDomainCreate
+ priv->tempAllowMode = ACC_CTRL_MODE_READ;
+ return ACC_CTRL_CHECK_OK;
+}
+
+static int aclPostDomainCreate(accCtrlPrivatePtr acPriv, virDomainPtr domain)
+{
+ DEBUG("domain:%p", domain);
+ GET_PRIVATE(acPriv);
+ // Reset of temporary read allow for underlying driver
+ priv->tempAllowMode = 0;
+
+ if(priv->role->newDomainRule == NULL)
+ return 0;
+ if(domain == NULL)
+ return 0;
+ return aclAutoAddDomainRule(priv->role, domain);
+}
+
+
+static int aclCheckDomainDefine(accCtrlPrivatePtr acPriv, const char *funcName,
+ const char *xml)
+{
+ if(aclCheckNewDomain(acPriv, funcName, xml) == ACC_CTRL_CHECK_FAIL)
+ return ACC_CTRL_CHECK_FAIL;
+
+ GET_PRIVATE(acPriv);
+ // Temporary allow all read actions for this session to allow underlying
+ // driver to do queries during create process.
+ // This will be reset in postDomainCreate
+ priv->tempAllowMode = ACC_CTRL_MODE_READ;
+ return ACC_CTRL_CHECK_OK;
+}
+
+static int aclPostDomainDefine(accCtrlPrivatePtr acPriv, virDomainPtr domain)
+{
+ DEBUG("domain:%p", domain);
+ GET_PRIVATE(acPriv);
+ // Reset of temporary read allow for underlying driver
+ priv->tempAllowMode = 0;
+
+ if(priv->role->newDomainRule == NULL)
+ return 0;
+ if(domain == NULL)
+ return 0;
+ return aclAutoAddDomainRule(priv->role, domain);
+}
+
+
+static int aclDomainRemovedEvent(accCtrlPrivatePtr acPriv ATTRIBUTE_UNUSED,
+ virDomainPtr domain)
+{
+ assert(domain != NULL);
+ DEBUG("domain name:%s", domain->name);
+
+ // Apply 'undefine' action for all roles to make sure that we remove
+ // dynamic rule from a role even if that role didn't have active
+ // connection by the time we got this event (another role had the rights
+ // to remove the domain)
+ int idx;
+ for(idx = 0; idx < aclRoleCount; idx++)
+ {
+ assert(aclRoles[idx] != NULL);
+ if(aclRoles[idx]->newDomainRule != NULL)
+ aclAutoRemoveDomainRule(aclRoles[idx], domain);
+ }
+ return 0;
+}
+
+/*
+ * Internal module functions
+ */
+static void aclErrorFunc(aclPrivatePtr priv, int code,
+ const char* file, const char *func, int line,
+ const char* format, ...)
+{
+ virConnectPtr conn = NULL;
+ char str[512];
+ va_list args;
+ va_start(args, format);
+ vsnprintf(str, 512, format, args);
+ va_end(args);
+ if(priv != NULL)
+ conn = priv->conn;
+ virReportErrorHelper(conn, VIR_FROM_ACC_CTRL, code, file, func, line,
+ str, "");
+}
+
+static int aclAddSession(accCtrlPrivatePtr acPriv)
+{
+ if(aclSessionCount >= ACL_SESSION_MAX)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR, "Maximum sessions reached");
+ return -1;
+ }
+ aclSessions[aclSessionCount] = acPriv;
+ aclSessionCount++;
+ return 0;
+}
+
+static int aclRemoveSession(accCtrlPrivatePtr acPriv)
+{
+ int idx = 0;
+ while(idx < aclSessionCount &&
+ aclSessions[idx] != acPriv)
+ idx++;
+ assert(idx < aclSessionCount);
+
+ if(aclSessionCount > (idx+1))
+ {
+ while(idx < (aclSessionCount-1))
+ {
+ aclSessions[idx] = aclSessions[idx+1];
+ idx++;
+ }
+ aclSessions[aclSessionCount-1] = NULL;
+ }
+ else
+ aclSessions[idx] = NULL;
+ aclSessionCount--;
+ return 0;
+}
+
+static const char *aclAddrToStr(const struct sockaddr *sa, char *s, size_t maxlen)
+{
+ switch(sa->sa_family) {
+ case AF_INET:
+ return inet_ntop(AF_INET, &(((struct sockaddr_in *)sa)->sin_addr),
+ s, maxlen);
+
+ case AF_INET6:
+ return inet_ntop(AF_INET6, &(((struct sockaddr_in6 *)sa)->sin6_addr),
+ s, maxlen);
+
+ default:
+ strncpy(s, "Unknown AF", maxlen);
+ return NULL;
+ }
+
+ return s;
+}
+
+static int aclAddrToPort(const struct sockaddr *sa)
+{
+ int port = 0;
+ switch(sa->sa_family) {
+ case AF_INET:
+ case AF_INET6:
+ port = ntohs(((struct sockaddr_in*)sa)->sin_port);
+ break;
+ default:
+ return -1;
+ }
+ return port;
+}
+
+static char *aclGetDomainOwner(accCtrlPrivatePtr acPriv, virDomainPtr domain)
+{
+ char *owner = NULL;
+ char *xml = acPriv->target->domainDumpXML(domain, 0);
+ if(xml == NULL)
+ return NULL;
+ owner = getTagFromXML(xml, "owner");
+ DEBUG("domain: %s owner: %s", domain->name, owner);
+ free(xml);
+ return owner;
+}
+
+static int aclParseAuth(aclPrivatePtr priv, virConnectAuthPtr auth)
+{
+ struct sockaddr_storage addr;
+ struct sockaddr *addrPtr = (struct sockaddr*)&addr;
+ char str[INET6_ADDRSTRLEN];
+
+ if(auth == NULL)
+ {
+ DEBUG0("No auth data");
+ priv->connType = ACL_CONNTYPE_UNKNOWN;
+ return 0;
+ }
+
+ switch(auth->remote_type)
+ {
+ case 0:
+ priv->connType = ACL_CONNTYPE_UNIX;
+ break;
+ case 1:
+ priv->connType = ACL_CONNTYPE_TCP;
+ break;
+ case 2:
+ priv->connType = ACL_CONNTYPE_TLS;
+ break;
+ default:
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR, "Unknown connection type:%d",
+ priv->connType);
+ return -1;
+ break;
+ }
+ DEBUG("Auth type:%d", priv->connType);
+ if(priv->connType == ACL_CONNTYPE_UNIX)
+ return 0;
+
+ if(auth->remote_saslUsername != NULL)
+ priv->connUsername = strdup(auth->remote_saslUsername);
+
+ socklen_t namelen = sizeof(addr);
+ if(getsockname(auth->remote_fd, addrPtr, &namelen) < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR, "Failed getsockname");
+ return -1;
+ }
+ aclAddrToStr(addrPtr, str, INET6_ADDRSTRLEN);
+ priv->connServerAddr = strdup(str);
+ priv->connServerPort = aclAddrToPort(addrPtr);
+
+ namelen = sizeof(addr);
+ if(getpeername(auth->remote_fd, addrPtr, &namelen) < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR, "Failed getpeername");
+ return -1;
+ }
+ aclAddrToStr(addrPtr, str, INET6_ADDRSTRLEN);
+ priv->connClientAddr = strdup(str);
+ priv->connClientPort = aclAddrToPort(addrPtr);
+
+ DEBUG("Server:%s Client:%s Username:%s", priv->connServerAddr, priv->connClientAddr,
+ priv->connUsername);
+
+ return 0;
+}
+
+
+static char ruleString[512];
+static char* aclRuleToString(aclRulePtr rule)
+{
+ if(rule == NULL)
+ {
+ sprintf(ruleString, "[null]");
+ return ruleString;
+ }
+ char *ptr = ruleString;
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+
+ sprintf(ptr, "[%d %s", rule->id, aclGroupString[rule->group]);
+ ptr += strlen(ptr);
+ if(rule->group == ACL_GROUP_DOMAIN)
+ {
+ sprintf(ptr, ":%s", aclMatchObjectString[rule->objMatch->matchBy]);
+ ptr += strlen(ptr);
+ switch(rule->objMatch->matchBy)
+ {
+ case ACL_MATCH_OBJ_ANY:
+ break;
+ case ACL_MATCH_OBJ_NAME:
+ sprintf(ptr, ":%s", rule->objMatch->name);
+ ptr += strlen(ptr);
+ break;
+ case ACL_MATCH_OBJ_ID:
+ sprintf(ptr, ":%d", rule->objMatch->id);
+ ptr += strlen(ptr);
+ break;
+ case ACL_MATCH_OBJ_UUID:
+ virUUIDFormat(rule->objMatch->uuid, uuidstr);
+ sprintf(ptr, ":%s", uuidstr);
+ ptr += strlen(ptr);
+ break;
+ case ACL_MATCH_OBJ_OWNER:
+ sprintf(ptr, ":%s", rule->objMatch->owner);
+ ptr += strlen(ptr);
+ break;
+ }
+ }
+
+ sprintf(ptr, " ");
+ ptr += strlen(ptr);
+
+ int i;
+ for(i = 0; i < rule->callMatchCount; i++)
+ {
+ sprintf(ptr, "%s",
+ aclMatchCallString[rule->callMatches[i].matchCallBy]);
+ ptr += strlen(ptr);
+ if(rule->callMatches[i].matchCallBy == ACL_MATCH_CALL_MODE)
+ {
+ sprintf(ptr, ":%s", acModeString[rule->callMatches[i].callMode]);
+ ptr += strlen(ptr);
+ }
+ if((i+1) < rule->callMatchCount)
+ {
+ sprintf(ptr, "|");
+ ptr += strlen(ptr);
+ }
+ }
+
+ sprintf(ptr, "]");
+ return ruleString;
+}
+
+static aclRulePtr aclAllocRule(int group)
+{
+ aclRulePtr rule;
+ if(VIR_ALLOC(rule) < 0)
+ {
+ aclError(NULL, VIR_ERR_NO_MEMORY,
+ "Out of memory when allocating rule");
+ return NULL;
+ }
+ rule->group = group;
+ rule->id = -1;
+ return rule;
+}
+
+static int aclAddRule(aclRolePtr role, aclRulePtr rule)
+{
+ if(role->ruleCount >= ACL_RULES_MAX)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR, "Rule list full");
+ return -1;
+ }
+ int idx = 0;
+ while(role->rules[idx] != NULL)
+ {
+ idx++;
+ if(idx >= ACL_RULES_MAX)
+ return -1;
+ }
+ rule->id = idx;
+ role->rules[idx] = rule;
+ role->ruleCount++;
+ return 0;
+}
+
+static int aclRemoveRule(aclRolePtr role, aclRulePtr rule)
+{
+ int idx = 0;
+ while(role->rules[idx] != rule)
+ {
+ idx++;
+ if(idx >= ACL_RULES_MAX)
+ return -1;
+ }
+ rule->id = -1;
+ role->rules[idx] = NULL;
+ role->ruleCount--;
+ return 0;
+}
+
+
+static int aclFreeRule(aclRulePtr rule)
+{
+ assert(rule != NULL);
+ if(rule->objMatch != NULL)
+ {
+ if(rule->objMatch->name != NULL)
+ VIR_FREE(rule->objMatch->name);
+ VIR_FREE(rule->objMatch);
+ }
+
+ if(rule->callMatchCount > 0)
+ {
+ assert(rule->callMatches != NULL);
+ int midx;
+ for(midx = 0; midx < rule->callMatchCount; midx++)
+ {
+ if(rule->callMatches[midx].callFunc != NULL)
+ VIR_FREE(rule->callMatches[midx].callFunc);
+ }
+ VIR_FREE(rule->callMatches);
+ }
+ VIR_FREE(rule);
+ return 0;
+}
+
+static aclRulePtr aclCopyRule(aclRulePtr rule)
+{
+ aclRulePtr nRule = aclAllocRule(rule->group);
+ if(nRule == NULL)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Out of memory copying rule");
+ return NULL;
+ }
+ rule->id = -1;
+
+ if(rule->objMatch != NULL)
+ {
+ if(VIR_ALLOC(nRule->objMatch) < 0)
+ goto error;
+ memcpy(nRule->objMatch, rule->objMatch, sizeof(struct aclObjMatch));
+ if(rule->objMatch->name != NULL)
+ {
+ nRule->objMatch->name = strdup(rule->objMatch->name);
+ if(nRule->objMatch->name == NULL)
+ goto error;
+ }
+ }
+
+ if(rule->callMatchCount > 0)
+ {
+ if(VIR_ALLOC_N(nRule->callMatches, rule->callMatchCount) < 0)
+ goto error;
+ nRule->callMatchCount = rule->callMatchCount;
+ int i;
+ for(i = 0; i < rule->callMatchCount; i++)
+ {
+ memcpy(&(nRule->callMatches[i]), &(rule->callMatches[i]),
+ sizeof(struct aclCallMatch));
+ if(rule->callMatches[i].callFunc != NULL)
+ nRule->callMatches[i].callFunc =
+ strdup(rule->callMatches[i].callFunc);
+ }
+ }
+
+ return nRule;
+
+error:
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Out of memory copying rule");
+ aclFreeRule(nRule);
+ return NULL;
+}
+
+static int aclIsEquivRule(aclRulePtr rule1, aclRulePtr rule2)
+{
+ if(rule1->group != rule2->group)
+ return 0;
+
+ if(rule1->objMatch == NULL ||
+ rule2->objMatch == NULL)
+ {
+ if(rule1->objMatch != rule2->objMatch)
+ return 0;
+ }
+ else
+ {
+ if(rule1->objMatch->matchBy != rule2->objMatch->matchBy)
+ return 0;
+ switch(rule1->objMatch->matchBy)
+ {
+ case ACL_MATCH_OBJ_ANY:
+ break;
+ case ACL_MATCH_OBJ_NAME:
+ if(rule1->objMatch->hasValue && rule2->objMatch->hasValue)
+ {
+ if(strcmp(rule1->objMatch->name, rule2->objMatch->name) != 0)
+ return 0;
+ }
+ break;
+ case ACL_MATCH_OBJ_ID:
+ if(rule1->objMatch->hasValue && rule2->objMatch->hasValue)
+ {
+ if(rule1->objMatch->id != rule2->objMatch->id)
+ return 0;
+ }
+ break;
+ case ACL_MATCH_OBJ_UUID:
+ if(rule1->objMatch->hasValue && rule2->objMatch->hasValue)
+ {
+ if(memcmp(rule1->objMatch->uuid, rule2->objMatch->uuid,
+ VIR_UUID_BUFLEN) != 0)
+ return 0;
+ }
+ break;
+ case ACL_MATCH_OBJ_OWNER:
+ if(rule1->objMatch->hasValue && rule2->objMatch->hasValue)
+ {
+ if(strcmp(rule1->objMatch->owner, rule2->objMatch->owner) != 0)
+ return 0;
+ }
+ break;
+ }
+ }
+
+ if(rule1->callMatchCount != rule2->callMatchCount)
+ return 0;
+ int i;
+ for(i = 0; i < rule1->callMatchCount; i++)
+ {
+ if(rule1->callMatches[i].matchCallBy !=
+ rule2->callMatches[i].matchCallBy)
+ return 0;
+ switch(rule1->callMatches[i].matchCallBy)
+ {
+ case ACL_MATCH_CALL_ANY:
+ break;
+ case ACL_MATCH_CALL_MODE:
+ if(rule1->callMatches[i].callMode !=
+ rule2->callMatches[i].callMode)
+ return 0;
+ break;
+ case ACL_MATCH_CALL_FUNC:
+ if(strcmp(rule1->callMatches[i].callFunc,
+ rule2->callMatches[i].callFunc) != 0)
+ return 0;
+ break;
+ }
+ }
+
+ return 1;
+}
+
+
+static int aclMatchRuleCall(aclRulePtr rule, int mode, const char *funcName)
+{
+ int midx;
+ for(midx = 0; midx < rule->callMatchCount; midx++)
+ {
+ switch(rule->callMatches[midx].matchCallBy)
+ {
+ case ACL_MATCH_CALL_ANY:
+ return 1;
+ case ACL_MATCH_CALL_MODE:
+ if(mode == rule->callMatches[midx].callMode)
+ return 1;
+ break;
+ case ACL_MATCH_CALL_FUNC:
+ if(strcmp(funcName, rule->callMatches[midx].callFunc) == 0)
+ return 1;
+ break;
+ }
+ }
+ return 0;
+}
+
+static int aclMatchRuleObject(aclRulePtr rule, const char *name, int id,
+ const unsigned char *uuid, const char *owner)
+{
+ aclObjMatchPtr objMatch = rule->objMatch;
+ if(objMatch == NULL)
+ return 0;
+
+ switch(objMatch->matchBy)
+ {
+ case ACL_MATCH_OBJ_ANY:
+ return 1;
+ case ACL_MATCH_OBJ_NAME:
+ if(!objMatch->hasValue && name != NULL)
+ return 0;
+ if(strcmp(name, objMatch->name) == 0)
+ return 1;
+ break;
+ case ACL_MATCH_OBJ_ID:
+ if(!objMatch->hasValue && id != -1)
+ return 0;
+ if(id == objMatch->id)
+ return 1;
+ break;
+ case ACL_MATCH_OBJ_UUID:
+ if(!objMatch->hasValue && uuid != NULL)
+ return 0;
+ if(memcmp(uuid, objMatch->uuid, VIR_UUID_BUFLEN) == 0)
+ return 1;
+ break;
+ case ACL_MATCH_OBJ_OWNER:
+ if(!objMatch->hasValue && owner != NULL)
+ return 0;
+ if((objMatch->owner == NULL) &&
+ (owner == NULL))
+ return 1;
+ if(owner == NULL)
+ return 0;
+ if(strcmp(owner, objMatch->owner) == 0)
+ return 1;
+ break;
+ }
+ return 0;
+}
+
+static int aclAddRuleCallMatch(aclRulePtr rule, aclMatchCallType matchCallBy,
+ int mode, const char *funcName, int funcNameLen)
+{
+ if(VIR_REALLOC_N(rule->callMatches, rule->callMatchCount+1) < 0)
+ return -1;
+ aclCallMatchPtr match = &(rule->callMatches[rule->callMatchCount]);
+ memset(match, 0, sizeof(*match));
+
+ match->matchCallBy = matchCallBy;
+ switch(matchCallBy)
+ {
+ case ACL_MATCH_CALL_FUNC:
+ if((match->callFunc = strndup(funcName, funcNameLen)) == NULL)
+ {
+ aclError(NULL, VIR_ERR_NO_MEMORY,
+ "Out of memory when creating new rule callMatch");
+ goto error;
+ }
+ break;
+ case ACL_MATCH_CALL_MODE:
+ match->callMode = mode;
+ break;
+ case ACL_MATCH_CALL_ANY:
+ break;
+ default:
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Unknown mode:%d when creating new rule callMatch", mode);
+ goto error;
+ }
+ rule->callMatchCount++;
+ return 0;
+
+error:
+ // Free last added struct
+ if(VIR_REALLOC_N(rule->callMatches, rule->callMatchCount) < 0)
+ return -1;
+ return -1;
+}
+
+
+static aclRulePtr aclCreateDomainRule(virDomainPtr domain, aclRulePtr template)
+{
+ aclRulePtr rule = aclCopyRule(template);
+ if(rule == NULL)
+ return NULL;
+
+ switch(rule->objMatch->matchBy)
+ {
+ case ACL_MATCH_OBJ_NAME:
+ rule->objMatch->name = strdup(domain->name);
+ rule->objMatch->hasValue = 1;
+ break;
+ case ACL_MATCH_OBJ_ID:
+ rule->objMatch->id = domain->id;
+ rule->objMatch->hasValue = 1;
+ break;
+ case ACL_MATCH_OBJ_ANY:
+ rule->objMatch->matchBy = ACL_MATCH_OBJ_UUID;
+ case ACL_MATCH_OBJ_UUID:
+ memcpy(rule->objMatch->uuid, domain->uuid, VIR_UUID_BUFLEN);
+ rule->objMatch->hasValue = 1;
+ break;
+ case ACL_MATCH_OBJ_OWNER:
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Can not create domain rule that uses matching of owner");
+ break;
+ }
+
+ return rule;
+}
+
+static int aclAutoAddDomainRule(aclRolePtr role, virDomainPtr domain)
+{
+ assert(domain != NULL);
+ assert(role->newDomainRule != NULL);
+ if(role->newDomainRule == NULL)
+ return -1;
+
+ aclRulePtr rule = aclCreateDomainRule(domain, role->newDomainRule);
+ if(rule == NULL)
+ return -1;
+
+ if(aclAddRule(role, rule) < 0)
+ {
+ aclFreeRule(rule);
+ return -1;
+ }
+ DEBUG("Rule: %s", aclRuleToString(rule));
+ aclConfChanged();
+ return 0;
+}
+
+static int aclAutoRemoveDomainRule(aclRolePtr role, virDomainPtr domain)
+{
+ assert(domain != NULL);
+ assert(role->newDomainRule != NULL);
+ aclRulePtr rule = aclCreateDomainRule(domain, role->newDomainRule);
+ if(rule == NULL)
+ return -1;
+
+ int idx;
+ aclRulePtr match = NULL;
+
+ for(idx = 0; idx < ACL_RULES_MAX; idx++)
+ {
+ if(role->rules[idx] != NULL &&
+ aclIsEquivRule(role->rules[idx], rule))
+ {
+ if(match != NULL)
+ DEBUG("Warning: Found more than one matching rule in role: %s, will remove last found", role->name);
+ match = role->rules[idx];
+ }
+ }
+ if(match != NULL)
+ {
+ DEBUG("role: %s rule: %s", role->name, aclRuleToString(match));
+ if(aclRemoveRule(role, match) == 0)
+ {
+ aclFreeRule(match);
+ aclConfChanged();
+ }
+ }
+
+ aclFreeRule(rule);
+
+ return 0;
+}
+
+static aclRolePtr aclAllocRoleN(const char *name, int nameLen)
+{
+ assert(name != NULL);
+ assert(nameLen > 0);
+ aclRolePtr role;
+ if(VIR_ALLOC(role) < 0)
+ return NULL;
+ role->name = strndup(name, nameLen);
+ role->id = -1;
+ return role;
+}
+
+static aclRolePtr aclAllocRole(const char *name)
+{
+ return aclAllocRoleN(name, strlen(name));
+}
+
+static int aclFreeRole(aclRolePtr role)
+{
+ assert(role != NULL);
+ assert(role->id != -1);
+ int i;
+ if(role->name != NULL)
+ VIR_FREE(role->name);
+
+ for(i = 0; i < role->matchCount; i++)
+ {
+ if(role->match[i].str != NULL)
+ VIR_FREE(role->match[i].str);
+ }
+
+ for(i = 0; i < ACL_RULES_MAX; i++)
+ {
+ if(role->rules[i] != NULL)
+ aclFreeRule(role->rules[i]);
+ }
+
+ VIR_FREE(role);
+ return 0;
+}
+
+
+static int aclAddRole(aclRolePtr role)
+{
+ assert(role != NULL);
+ assert(role->id == -1);
+ int i;
+ for(i = 0; i < ACL_ROLES_MAX; i++)
+ {
+ if(aclRoles[i] == NULL)
+ {
+ role->id = i;
+ aclRoles[i] = role;
+ aclRoleCount++;
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static int aclRemoveRole(aclRolePtr role)
+{
+ assert(role != NULL);
+ assert(role->id != -1);
+ int idx = role->id;
+ if(aclRoles[idx] != role)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Role to free not existing in list");
+ return -1;
+ }
+ aclRoles[idx] = NULL;
+ aclRoleCount--;
+ return 0;
+}
+
+static int aclCleanRoles(void)
+{
+ aclRolePtr role;
+ int count = 0;
+ while(aclRoleCount > 0)
+ {
+ role = aclRoles[aclRoleCount-1];
+ assert(role != NULL);
+ aclRemoveRole(role);
+ aclFreeRole(role);
+ count++;
+ }
+ DEBUG("Cleaned up %d roles", count);
+ return 0;
+}
+
+static aclRolePtr aclGetMatchingRole(accCtrlPrivatePtr acPriv)
+{
+ GET_PRIVATE(acPriv);
+ aclRolePtr role;
+ int i, j;
+ for(i = 0; i < ACL_ROLES_MAX; i++)
+ {
+ role = aclRoles[i];
+ if(role != NULL)
+ {
+ for(j = 0; j < role->matchCount; j++)
+ {
+ struct aclRoleMatch match = role->match[j];
+ switch(match.type)
+ {
+ case ACL_MATCH_ROLE_ANY:
+ return role;
+ case ACL_MATCH_ROLE_USERNAME:
+ if(priv->connUsername == NULL)
+ continue;
+ if(strcmp(match.str, priv->connUsername) == 0)
+ return role;
+ break;
+ case ACL_MATCH_ROLE_SERVERADDR:
+ if(priv->connServerAddr == NULL)
+ continue;
+ if(strstr(priv->connServerAddr, match.str) != NULL)
+ return role;
+ break;
+ case ACL_MATCH_ROLE_CLIENTADDR:
+ if(priv->connClientAddr == NULL)
+ continue;
+ if(strstr(priv->connClientAddr, match.str) != NULL)
+ return role;
+ break;
+ }
+ }
+ }
+ }
+ // No matching role found, applying default
+ return aclDefaultRole;
+}
+
+static int aclAddRoleMatch(aclRolePtr role, aclRoleMatchType type,
+ const char *matchStr, int matchStrLen)
+{
+ if(role->matchCount >= ACL_ROLE_MATCH_MAX)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Max(%d) match criterias reached for role", ACL_ROLE_MATCH_MAX);
+ return -1;
+ }
+ struct aclRoleMatch *match = &(role->match[role->matchCount]);
+ switch(type)
+ {
+ case ACL_MATCH_ROLE_ANY:
+ break;
+ case ACL_MATCH_ROLE_USERNAME:
+ case ACL_MATCH_ROLE_SERVERADDR:
+ case ACL_MATCH_ROLE_CLIENTADDR:
+ match->str = strndup(matchStr, matchStrLen);
+ match->strLen = matchStrLen;
+ break;
+ }
+ match->type = type;
+ role->matchCount++;
+ DEBUG("Add RoleMatch type:%s str:%s", aclRoleMatchTypeString[match->type],
+ match->str);
+ return 0;
+}
+
+static int parseModeString(const char *str, int *mode)
+{
+ int idx = 1;
+ if(strlen(str) < 1)
+ return -1;
+ if(str[0] == '*')
+ {
+ *mode = 0; // 0 means any action
+ return 1;
+ }
+ while(acModeString[idx] != NULL &&
+ strncmp(str, acModeString[idx], strlen(acModeString[idx])))
+ idx++;
+ if(acModeString[idx] == NULL)
+ return -1;
+ *mode = idx;
+ return strlen(acModeString[idx]);
+}
+
+static int funcIterNext(const char *funcString)
+{
+ const char *ptr = funcString;
+ int i = 0;
+ while((ptr[i] != '\0') &&
+ (ptr[i] != '|'))
+ i++;
+ return i;
+}
+
+static int aclParseCallMatch(aclRulePtr rule, const char *line)
+{
+ int len;
+ if(strncmp(line, "*", strlen("*")) == 0)
+ {
+ if(aclAddRuleCallMatch(rule, ACL_MATCH_CALL_ANY, 0, NULL, 0) < 0)
+ return -1;
+ }
+ else if(strncmp(line, "mode:", strlen("mode:")) == 0)
+ {
+ int mode = 0;
+ if((len = parseModeString(line+strlen("mode:"), &mode)) < 0)
+ return -1;
+ if(aclAddRuleCallMatch(rule, ACL_MATCH_CALL_MODE, mode, NULL, 0) < 0)
+ return -1;
+ }
+ else if(strncmp(line, "action:", strlen("action:")) == 0)
+ {
+ const char *ptr;
+ ptr = line + strlen("action:");
+ if(*ptr == '*')
+ {
+ if(aclAddRuleCallMatch(rule, ACL_MATCH_CALL_ANY, 0, NULL, 0) < 0)
+ return -1;
+ }
+ else
+ {
+ while((len = funcIterNext(ptr)) > 0)
+ {
+ if(aclAddRuleCallMatch(rule, ACL_MATCH_CALL_FUNC, 0,
+ ptr, len) < 0)
+ return -1;
+ ptr += len + 1;
+ }
+ }
+ }
+ else
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Unknown host mode/action specifier");
+ return -1;
+ }
+ return 0;
+}
+
+static aclObjMatchPtr aclParseObjMatch(const char *line)
+{
+ const char *ptr;
+ int matchBy = 0;
+
+ if(line[0] == '*') {
+ matchBy = ACL_MATCH_OBJ_ANY;
+ ptr = line + 1;
+ }
+ else
+ {
+ while(aclMatchObjectString[matchBy] != NULL &&
+ strncmp(line, aclMatchObjectString[matchBy],
+ strlen(aclMatchObjectString[matchBy])))
+ matchBy++;
+ if(aclMatchObjectString[matchBy] == NULL)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Invalid domain matching expression");
+ return NULL;
+ }
+ ptr = line + strlen(aclMatchObjectString[matchBy]);
+ }
+
+ aclObjMatchPtr objMatch;
+ if(VIR_ALLOC(objMatch) < 0)
+ return NULL;
+ objMatch->matchBy = matchBy;
+
+ // If no value specified to match then leave empty and return
+ if(*ptr != ':')
+ return objMatch;
+ else
+ ptr++;
+
+ int len = 0;
+ char *endptr;
+
+ switch(matchBy)
+ {
+ //case ACL_MATCH_OBJ_ANY:
+ case ACL_MATCH_OBJ_NAME:
+ len = index(ptr, ACL_FILE_SEP) - ptr;
+ if(len < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "zero length name for domain rule matching");
+ goto error;
+ }
+ objMatch->name = strndup(ptr, len);
+ break;
+ case ACL_MATCH_OBJ_ID:
+ if(virStrToLong_i(ptr, &endptr, 10, &(objMatch->id)) < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "failed parse domain rule matching id");
+ goto error;
+ }
+ break;
+ case ACL_MATCH_OBJ_UUID:
+ if(virUUIDParse(ptr, objMatch->uuid))
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "failed parse domain rule matching uuid");
+ goto error;
+ }
+ break;
+ case ACL_MATCH_OBJ_OWNER:
+ len = index(ptr, ACL_FILE_SEP) - ptr;
+ if(len < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "zero length owner for domain rule matching");
+ goto error;
+ }
+ objMatch->owner = strndup(ptr, len);
+ break;
+ }
+ objMatch->hasValue = 1;
+ return objMatch;
+
+error:
+ VIR_FREE(objMatch);
+ return NULL;
+}
+
+static int aclParseHostLine(aclRolePtr role, const char *line)
+{
+ aclRulePtr rule = aclAllocRule(ACL_GROUP_HOST);
+ if(rule == NULL)
+ return -1;
+
+ if(aclParseCallMatch(rule, line) < 0)
+ {
+ aclFreeRule(rule);
+ return -1;
+ }
+
+ if(aclAddRule(role, rule) < 0)
+ {
+ aclFreeRule(rule);
+ return -1;
+ }
+ DEBUG("Added host rule: %s", aclRuleToString(rule));
+ return 0;
+}
+
+static aclRulePtr aclParseDomainRule(const char *line)
+{
+ const char *ptr;
+
+ // Jump to mode/action specifier
+ ptr = index(line, ACL_FILE_SEP);
+ if(ptr == NULL)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "No mode/action specified for domain rule");
+ return NULL;
+ }
+ ptr++;
+
+ aclRulePtr rule = aclAllocRule(ACL_GROUP_DOMAIN);
+ if(rule == NULL)
+ return NULL;
+
+ aclObjMatchPtr objMatch = aclParseObjMatch(line);
+ if(objMatch == NULL)
+ return NULL;
+ rule->objMatch = objMatch;
+
+ if(aclParseCallMatch(rule, ptr) < 0)
+ {
+ aclFreeRule(rule);
+ return NULL;
+ }
+
+ return rule;
+}
+
+static int aclParseDomainLine(aclRolePtr role, const char *line)
+{
+ aclRulePtr rule = aclParseDomainRule(line);
+ if(aclAddRule(role, rule) < 0)
+ {
+ aclFreeRule(rule);
+ return -1;
+ }
+ DEBUG("Added domain rule: %s", aclRuleToString(rule));
+ return 0;
+}
+
+static aclRolePtr aclParseRoleLine(const char *line)
+{
+ int len;
+ const char *ptr;
+ if(strncmp(line, "name:", strlen("name:")) == 0)
+ {
+ const char *name = line + strlen("name:");
+ ptr = index(name, ACL_FILE_SEP);
+ if(ptr == NULL)
+ return NULL;
+ len = ptr - name;
+ aclRolePtr role = aclAllocRoleN(name, len);
+ ptr++;
+ if(strncmp(ptr, "match:", strlen("match:")) != 0)
+ {
+ aclFreeRole(role);
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Unknown 3rd param for role");
+ return NULL;
+ }
+ ptr += strlen("match:");
+ if(ptr == NULL)
+ {
+ aclFreeRole(role);
+ return NULL;
+ }
+
+ while((len = funcIterNext(ptr)) > 0)
+ {
+ int i = 0;
+ while(aclRoleMatchTypeString[i] != NULL &&
+ strncmp(ptr, aclRoleMatchTypeString[i],
+ strlen(aclRoleMatchTypeString[i])) != 0)
+ i++;
+ if(aclRoleMatchTypeString[i] != NULL)
+ {
+ const char *match = ptr + strlen(aclRoleMatchTypeString[i]) + 1;
+ int matchLen = len - strlen(aclRoleMatchTypeString[i]) - 1;
+ aclAddRoleMatch(role, i, match, matchLen);
+ }
+ else
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Unknown matching for role, skipping");
+ }
+
+ ptr += len + 1;
+ }
+
+ aclAddRole(role);
+ return role;
+ }
+ else
+ return NULL;
+}
+
+static int aclParseNewLine(aclRolePtr role, const char *line)
+{
+ const char *ptr;
+
+ if(strncmp(line, "domain", strlen("domain")) == 0)
+ {
+ ptr = line + strlen("domain") + 1;
+ aclRulePtr rule = aclParseDomainRule(ptr);
+ if(rule == NULL)
+ return -1;
+ role->newDomainRule = rule;
+ }
+ else
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Unknown group in 'new' rule ");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int aclParseOptionLine(aclRolePtr role, const char *line)
+{
+ if(strncmp(line, "enforce_owner", strlen("enforce_owner")) == 0)
+ {
+ role->optEnforceOwner = 1;
+ }
+ else
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Unknown option '%s' for role: %s", line, role->name);
+ return -1;
+ }
+ return 0;
+}
+
+
+static int aclLoadFile(const char *filename)
+{
+ int num = 1;
+ char line[512];
+ FILE *fil;
+ aclRolePtr role = NULL;
+ line[511] = '\0';
+
+ fil = fopen(filename, "r");
+ if(fil == NULL)
+ return -1;
+ DEBUG("Loading config from: %s", filename);
+
+ while(!feof(fil))
+ {
+ if(fgets(line, 511, fil) != NULL)
+ {
+ if(strlen(line) > 0 &&
+ line[0] != '#')
+ {
+ if(line[strlen(line)-1] == '\r' || line[strlen(line)-1] == '\n')
+ line[strlen(line)-1] = '\0';
+ if(strncmp(line, "host", strlen("host")) == 0)
+ {
+ if(role == NULL)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Host rule before selecting role on line:%d\n", num);
+ else
+ if(aclParseHostLine(role, line+strlen("host")+1) < 0)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Failed parsing host rule on line:%d\n", num);
+ }
+ else if(strncmp(line, "domain", strlen("domain")) == 0)
+ {
+ if(role == NULL)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Domain rule before selecting role on line:%d\n", num);
+ else
+ if(aclParseDomainLine(role, line+strlen("domain")+1) < 0)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Failed parsing domain rule on line:%d\n", num);
+ }
+ else if(strncmp(line, "role", strlen("role")) == 0)
+ {
+ role = aclParseRoleLine(line+strlen("role")+1);
+ if(role == NULL)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "Failed parsing role definition on line:%d\n", num);
+ }
+ else if(strncmp(line, "new", strlen("new")) == 0)
+ {
+ if(role == NULL)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "'new' rule before selecting role on line:%d\n", num);
+ else
+ aclParseNewLine(role, line+strlen("new")+1);
+ }
+ else if(strncmp(line, "option", strlen("option")) == 0)
+ {
+ if(role == NULL)
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR,
+ "'option' before selecting role on line:%d\n", num);
+ else
+ aclParseOptionLine(role, line+strlen("option")+1);
+ }
+ }
+ }
+ num++;
+ }
+ fclose(fil);
+ aclUnsavedConf = 0;
+ return 0;
+}
+
+static int aclWriteRule(FILE *fil, aclRulePtr rule)
+{
+ switch(rule->group)
+ {
+ case ACL_GROUP_HOST:
+ case ACL_GROUP_DOMAIN:
+ fprintf(fil, "%s,", aclGroupString[rule->group]);
+ break;
+ default:
+ return -1;
+ break;
+ }
+
+ if(rule->group == ACL_GROUP_DOMAIN)
+ {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ switch(rule->objMatch->matchBy)
+ {
+ case ACL_MATCH_OBJ_ANY:
+ fprintf(fil, "*");
+ break;
+ case ACL_MATCH_OBJ_NAME:
+ if(rule->objMatch->hasValue)
+ fprintf(fil, "name:%s", rule->objMatch->name);
+ else
+ fprintf(fil, "name");
+ break;
+ case ACL_MATCH_OBJ_ID:
+ if(rule->objMatch->hasValue)
+ fprintf(fil, "id:%d", rule->objMatch->id);
+ else
+ fprintf(fil, "id");
+ break;
+ case ACL_MATCH_OBJ_UUID:
+ if(rule->objMatch->hasValue)
+ {
+ virUUIDFormat(rule->objMatch->uuid, uuidstr);
+ fprintf(fil, "uuid:%s", uuidstr);
+ }
+ else
+ fprintf(fil, "uuid");
+ break;
+ case ACL_MATCH_OBJ_OWNER:
+ if(rule->objMatch->hasValue)
+ fprintf(fil, "owner:%s", rule->objMatch->owner);
+ else
+ fprintf(fil, "owner");
+ break;
+ }
+ fprintf(fil, ",");
+ }
+
+ int midx;
+ for(midx = 0; midx < rule->callMatchCount; midx++)
+ {
+ switch(rule->callMatches[midx].matchCallBy)
+ {
+ case ACL_MATCH_CALL_ANY:
+ fprintf(fil, "*");
+ break;
+ case ACL_MATCH_CALL_MODE:
+ fprintf(fil, "mode:%s",
+ acModeString[rule->callMatches[midx].callMode]);
+ break;
+ case ACL_MATCH_CALL_FUNC:
+ // quick-fix that only prints action header once
+ if(midx == 0)
+ fprintf(fil, "action:");
+ fprintf(fil, "%s", rule->callMatches[midx].callFunc);
+ break;
+ }
+ if((midx+1) < rule->callMatchCount)
+ fprintf(fil, "|");
+ }
+ fprintf(fil, "\n");
+ return 0;
+}
+
+static int aclSaveFile(const char *filename)
+{
+ FILE *fil;
+
+ fil = fopen(filename, "w");
+ if(fil == NULL)
+ return -1;
+ DEBUG("Saving config to: %s", filename);
+
+ int ri;
+ aclRolePtr role;
+ for(ri = 0; ri < aclRoleCount; ri++)
+ {
+ role = aclRoles[ri];
+ fprintf(fil, "role,name:%s,match:", role->name);
+ int mi;
+ for(mi = 0; mi < role->matchCount; mi++)
+ {
+ fprintf(fil, "%s=%s", aclRoleMatchTypeString[role->match[mi].type],
+ role->match[mi].str);
+ if((mi+1) < role->matchCount)
+ fprintf(fil, "|");
+ }
+ fprintf(fil, "\n");
+
+ if(role->optEnforceOwner)
+ {
+ fprintf(fil, "option,enforce_owner\n");
+ }
+
+ if(role->newDomainRule != NULL)
+ {
+ fprintf(fil, "new,");
+ aclWriteRule(fil, role->newDomainRule);
+ }
+
+ int rui;
+ for(rui = 0; rui < role->ruleCount; rui++)
+ {
+ aclWriteRule(fil, role->rules[rui]);
+ }
+ }
+ fclose(fil);
+ aclUnsavedConf = 0;
+ return 0;
+}
+
+static int aclConfChanged(void)
+{
+ aclUnsavedConf = 0;
+
+ if(aclSaveFile(confFileState) < 0)
+ return -1;
+
+ aclUnsavedConf = 0;
+ return 0;
+}
+
+static accCtrlVerifier aclVerifier = {
+ .name = "RBAC-file",
+ .open = aclOpen,
+ .close = aclClose,
+ .lastError = aclLastError,
+ .reload = aclReload,
+ .shutdown = aclShutdown,
+ .checkHostAction = aclCheckHostAction,
+ .checkDomainAction = aclCheckDomainAction,
+ .checkDomainCreate = aclCheckDomainCreate,
+ .checkDomainDefine = aclCheckDomainDefine,
+ .postDomainCreate = aclPostDomainCreate,
+ .postDomainDefine = aclPostDomainDefine,
+ .domainAddedEvent = NULL,
+ .domainRemovedEvent = aclDomainRemovedEvent,
+};
+
+/*
+ * Public verifier-module functions
+ */
+
+int rbacRegister(void)
+{
+ // Init role list
+ memset(aclRoles, 0, sizeof(aclRolePtr) * ACL_ROLES_MAX);
+
+ // Create default role outside of list
+ aclDefaultRole = aclAllocRole("default");
+ if(aclDefaultRole == NULL)
+ return -1;
+
+ if(aclLoadFile(confFileState) < 0)
+ {
+ if(aclLoadFile(confFile) < 0)
+ {
+ aclError(NULL, VIR_ERR_INTERNAL_ERROR, "Failed reading ACL file: %s",
+ confFile);
+ return -1;
+ }
+ }
+
+ return accCtrlRegisterVerifier(&aclVerifier);
+}
diff -BNurbp libvirt-0.6.0/src/verif_rbac.conf libvirt-ibm/src/verif_rbac.conf
--- libvirt-0.6.0/src/verif_rbac.conf 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/verif_rbac.conf 2009-06-09 12:22:09.000000000 +0200
@@ -0,0 +1,98 @@
+#
+# Licensed Material - Property of IBM
+#
+# "Restricted Materials of IBM"
+#
+# 5746-SM2
+#
+# Copyright IBM Corp. 2009 All Rights Reserved.
+#
+# RBAC verifier policy file
+# -------------------------
+# * Actions that are not specified here are by default denied
+# * Verifier module currently looks for this file at /etc/libvirt/rbac.conf
+# * parser do not currently handle spaces at unexpected places
+#
+# Format: host,(allowed_calls)
+# domain,(dom_ident),(allowed_calls)
+#
+# allowed_calls: *
+# mode:[create,read,modify,delete]
+# action:[func1,func2,...]
+#
+# dom_ident: *
+# id:4
+# name:dom1
+# uuid:b7454226-48f3-ccde-a3f9-9e38bc3e3c91
+# owner:blue.tvd.opentc.net (should be same as role name)
+#
+# Each line starting with 'role' denotes the begining of a new role
+# specification and subsequent host,domain rules are added to that role.
+#
+# Role format: role,name:role_name,match:[user_match1,user_match2,...]
+#
+# user_match: serverAddr=192.168.0.1 - Match established remote calls
+# receive IP address
+# clientAddr=192.168.0.10 - Match established remote calls
+# send IP address
+# username=admin - Match username if authentication is
+# required & performed (sasl)
+#
+# Extra options can be set for (current) role with line starting with 'option'
+# Option format: option,(option_name),[optional arguments]
+#
+# option_name: enforce_owner - Enforces so new defined domains
+# owner tag matches role name
+#
+# DEPRECIATED: (functionality better handled with enforce_owner
+# Dynamic updates of rules when domain are created and removed.
+# Format: new,domain,dom_ident_class,allowed_calls
+#
+# dom_ident_class: have same valid prefixes as [dom_ident] above but no
+# specific identifier after. (this will be fetched from
+# the domain in focus of the dynamic update (created, removed)
+#
+# If dynamic updates are enabled and resulted in modified rule-set this gets
+# saved to /etc/libvirt/rbac.state.conf, which during start/reload of policies
+# takes precence of the original rbac.conf file
+
+role,name:trusted,match:serverAddr=127.0.0.1
+#------------
+host,*
+domain,*,*
+#############
+
+role,name:blue.tvd.opentc.net,match:serverAddr=10.0.0.1|username=blue
+#------------
+option,enforce_owner
+host,mode:read
+domain,name:vnetbridge,mode:read
+domain,*,mode:create
+domain,owner:blue.tvd.opentc.net,*
+new,domain,uuid,*
+#############
+
+role,name:red.tvd.opentc.net,match:serverAddr=10.0.1.1
+#------------
+option,enforce_owner
+host,mode:read
+domain,name:vnetbridge,mode:read
+domain,*,mode:create
+domain,owner:red.tvd.opentc.net,*
+new,domain,uuid,*
+#############
+
+
+#role,name:example,match:serverAddr=192.168.0.1|username=admin
+#------------
+#host,action:acGetVersion
+#host,mode:read
+#domain,uuid:5c1ac49b-f0de-4d18-0b9b-bbddcbbcc719,mode:read
+#domain,name:vnetbridge,mode:read
+#domain,name:vnetbridge,mode:modify
+
+#domain,id:120,mode:delete
+
+#domain,*,mode:create
+#new,domain,uuid,*
+#############
diff -BNurbp libvirt-0.6.0/src/verif_rbac.h libvirt-ibm/src/verif_rbac.h
--- libvirt-0.6.0/src/verif_rbac.h 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-ibm/src/verif_rbac.h 2009-04-27 16:07:23.000000000 +0200
@@ -0,0 +1,11 @@
+/*
+ * Licensed Material - Property of IBM
+ *
+ * "Restricted Materials of IBM"
+ *
+ * 5746-SM2
+ *
+ * Copyright IBM Corp. 2009 All Rights Reserved.
+ *
+ */
+int rbacRegister(void);
diff -BNurbp libvirt-0.6.0/src/virterror.c libvirt-ibm/src/virterror.c
--- libvirt-0.6.0/src/virterror.c 2009-01-31 10:04:18.000000000 +0100
+++ libvirt-ibm/src/virterror.c 2009-04-27 16:07:23.000000000 +0200
@@ -151,6 +151,9 @@ static const char *virErrorDomainName(vi
case VIR_FROM_UML:
dom = "UML ";
break;
+ case VIR_FROM_ACC_CTRL:
+ dom = "Access Control ";
+ break;
}
return(dom);
}
@@ -962,6 +965,12 @@ virErrorMsg(virErrorNumber error, const
else
errmsg = _("Node device not found: %s");
break;
+ case VIR_ERR_ACC_DENIED:
+ if (info == NULL)
+ errmsg = _("Access denied");
+ else
+ errmsg = _("Access denied: %s");
+ break;
}
return (errmsg);
}
diff -BNurbp libvirt-0.6.0/src/xen_inotify.c libvirt-ibm/src/xen_inotify.c
--- libvirt-0.6.0/src/xen_inotify.c 2009-01-31 10:04:18.000000000 +0100
+++ libvirt-ibm/src/xen_inotify.c 2009-04-27 16:07:23.000000000 +0200
@@ -143,7 +143,7 @@ xenInotifyXendDomainsDirLookup(virConnec
search for, and create a domain from the stored
list info */
for (i = 0 ; i < priv->configInfoList->count ; i++) {
- if (!memcmp(uuid, priv->configInfoList->doms[i]->uuid, VIR_UUID_BUFLEN)) {
+ if (!memcmp(rawuuid, priv->configInfoList->doms[i]->uuid, VIR_UUID_BUFLEN)) {
*name = strdup(priv->configInfoList->doms[i]->name);
if (!*name) {
virXenInotifyError(NULL, VIR_ERR_INTERNAL_ERROR,
@@ -333,7 +333,7 @@ reread:
xenInotifyDomainEventFromFile(conn, fname,
VIR_DOMAIN_EVENT_UNDEFINED,
VIR_DOMAIN_EVENT_UNDEFINED_REMOVED);
- if (!event)
+ if (event)
xenUnifiedDomainEventDispatch(conn->privateData, event);
else
virXenInotifyError(NULL, VIR_ERR_INTERNAL_ERROR,
