|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 19/21] xenstored: use domain_is_unprivileged instead of checking conn->id
This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
tools/xenstore/xenstored_core.c | 6 +++---
tools/xenstore/xenstored_domain.c | 8 ++++----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index aad0298..4897c97 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -492,7 +492,7 @@ static enum xs_perm_type perm_for_conn(struct connection
*conn,
mask &= ~XS_PERM_WRITE;
/* Owners and tools get it all... */
- if (!conn->id || perms[0].id == conn->id
+ if (!domain_is_unprivileged(conn) || perms[0].id == conn->id
|| (conn->target && perms[0].id == conn->target->id))
return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
@@ -830,11 +830,11 @@ static struct node *construct_node(struct connection
*conn, const char *name)
node->tdb = tdb_context(conn);
node->name = talloc_strdup(node, name);
- /* Inherit permissions, except domains own what they create */
+ /* Inherit permissions, except unprivileged domains own what they
create */
node->num_perms = parent->num_perms;
node->perms = talloc_memdup(node, parent->perms,
node->num_perms * sizeof(node->perms[0]));
- if (conn && conn->id)
+ if (domain_is_unprivileged(conn))
node->perms[0].id = conn->id;
/* No children, no data */
diff --git a/tools/xenstore/xenstored_domain.c
b/tools/xenstore/xenstored_domain.c
index 6a0dbc2..d89528f 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -356,7 +356,7 @@ void do_introduce(struct connection *conn, struct
buffered_data *in)
return;
}
- if (conn->id != 0 || !conn->can_write) {
+ if (domain_is_unprivileged(conn) || !conn->can_write) {
send_error(conn, EACCES);
return;
}
@@ -420,7 +420,7 @@ void do_set_target(struct connection *conn, struct
buffered_data *in)
return;
}
- if (conn->id != 0 || !conn->can_write) {
+ if (domain_is_unprivileged(conn) || !conn->can_write) {
send_error(conn, EACCES);
return;
}
@@ -472,7 +472,7 @@ void do_release(struct connection *conn, const char
*domid_str)
return;
}
- if (conn->id != 0) {
+ if (domain_is_unprivileged(conn)) {
send_error(conn, EACCES);
return;
}
@@ -509,7 +509,7 @@ void do_resume(struct connection *conn, const char
*domid_str)
return;
}
- if (conn->id != 0) {
+ if (domain_is_unprivileged(conn)) {
send_error(conn, EACCES);
return;
}
--
1.7.7.5
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |