[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 21/23] xenstored: use domain_is_unprivileged instead of checking conn->id



This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/xenstore/xenstored_core.c   |    6 +++---
 tools/xenstore/xenstored_domain.c |    8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index dee7bbd..06703ec 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -463,7 +463,7 @@ static enum xs_perm_type perm_for_conn(struct connection 
*conn,
                mask &= ~XS_PERM_WRITE;
 
        /* Owners and tools get it all... */
-       if (!conn->id || perms[0].id == conn->id
+       if (!domain_is_unprivileged(conn) || perms[0].id == conn->id
                 || (conn->target && perms[0].id == conn->target->id))
                return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
 
@@ -801,11 +801,11 @@ static struct node *construct_node(struct connection 
*conn, const char *name)
        node->tdb = tdb_context(conn);
        node->name = talloc_strdup(node, name);
 
-       /* Inherit permissions, except domains own what they create */
+       /* Inherit permissions, except unprivileged domains own what they 
create */
        node->num_perms = parent->num_perms;
        node->perms = talloc_memdup(node, parent->perms,
                                    node->num_perms * sizeof(node->perms[0]));
-       if (conn && conn->id)
+       if (domain_is_unprivileged(conn))
                node->perms[0].id = conn->id;
 
        /* No children, no data */
diff --git a/tools/xenstore/xenstored_domain.c 
b/tools/xenstore/xenstored_domain.c
index 6a0dbc2..d89528f 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -356,7 +356,7 @@ void do_introduce(struct connection *conn, struct 
buffered_data *in)
                return;
        }
 
-       if (conn->id != 0 || !conn->can_write) {
+       if (domain_is_unprivileged(conn) || !conn->can_write) {
                send_error(conn, EACCES);
                return;
        }
@@ -420,7 +420,7 @@ void do_set_target(struct connection *conn, struct 
buffered_data *in)
                return;
        }
 
-       if (conn->id != 0 || !conn->can_write) {
+       if (domain_is_unprivileged(conn) || !conn->can_write) {
                send_error(conn, EACCES);
                return;
        }
@@ -472,7 +472,7 @@ void do_release(struct connection *conn, const char 
*domid_str)
                return;
        }
 
-       if (conn->id != 0) {
+       if (domain_is_unprivileged(conn)) {
                send_error(conn, EACCES);
                return;
        }
@@ -509,7 +509,7 @@ void do_resume(struct connection *conn, const char 
*domid_str)
                return;
        }
 
-       if (conn->id != 0) {
+       if (domain_is_unprivileged(conn)) {
                send_error(conn, EACCES);
                return;
        }
-- 
1.7.7.5


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.