From 151a0e8c4ce50a8096b1d1cc46277a9831d30b1a Mon Sep 17 00:00:00 2001 Message-Id: <151a0e8c4ce50a8096b1d1cc46277a9831d30b1a.1379193140.git.jdenemar@redhat.com> From: "Daniel P. Berrange" Date: Thu, 12 Sep 2013 17:34:45 +0100 Subject: [PATCH] Fix polkit permission names for storage pools, vols & node devices https://bugzilla.redhat.com/show_bug.cgi?id=700443 The polkit access driver used the wrong permission names for checks on storage pools, volumes and node devices. This led to them always being denied access. The 'dettach' permission was also mis-spelt and should have been 'detach'. While permission names are ABI sensitive, the fact that the code used the wrong object name for checking node device permissions, means that no one could have used the mis-spelt 'dettach' permission. Signed-off-by: Daniel P. Berrange (cherry picked from commit 621849383ad1aad61fe630184e689f5aca6ab7e0) --- src/access/viraccessdriverpolkit.c | 6 +++--- src/access/viraccessperm.c | 2 +- src/access/viraccessperm.h | 2 +- src/remote/remote_protocol.x | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 4c76e64..b472bc3 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager, }; return virAccessDriverPolkitCheck(manager, - "nodedevice", + "node-device", virAccessPermNodeDeviceTypeToString(perm), attrs); } @@ -355,7 +355,7 @@ virAccessDriverPolkitCheckStoragePool(virAccessManagerPtr manager, virUUIDFormat(pool->uuid, uuidstr); return virAccessDriverPolkitCheck(manager, - "pool", + "storage-pool", virAccessPermStoragePoolTypeToString(perm), attrs); } @@ -379,7 +379,7 @@ virAccessDriverPolkitCheckStorageVol(virAccessManagerPtr manager, virUUIDFormat(pool->uuid, uuidstr); return virAccessDriverPolkitCheck(manager, - "vol", + "storage-vol", virAccessPermStorageVolTypeToString(perm), attrs); } diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c index 17f6243..9c720f9 100644 --- a/src/access/viraccessperm.c +++ b/src/access/viraccessperm.c @@ -58,7 +58,7 @@ VIR_ENUM_IMPL(virAccessPermNodeDevice, VIR_ACCESS_PERM_NODE_DEVICE_LAST, "getattr", "read", "write", "start", "stop", - "dettach"); + "detach"); VIR_ENUM_IMPL(virAccessPermNWFilter, VIR_ACCESS_PERM_NWFILTER_LAST, diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h index 2f76c95..fdc461b 100644 --- a/src/access/viraccessperm.h +++ b/src/access/viraccessperm.h @@ -427,7 +427,7 @@ typedef enum { * @desc: Detach node device * @message: Detaching node device driver requires authorization */ - VIR_ACCESS_PERM_NODE_DEVICE_DETTACH, + VIR_ACCESS_PERM_NODE_DEVICE_DETACH, VIR_ACCESS_PERM_NODE_DEVICE_LAST } virAccessPermNodeDevice; diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index a1c23da..85ad9ba 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3696,19 +3696,19 @@ enum remote_procedure { /** * @generate: server - * @acl: node_device:dettach + * @acl: node_device:detach */ REMOTE_PROC_NODE_DEVICE_DETTACH = 118, /** * @generate: server - * @acl: node_device:dettach + * @acl: node_device:detach */ REMOTE_PROC_NODE_DEVICE_RE_ATTACH = 119, /** * @generate: server - * @acl: node_device:dettach + * @acl: node_device:detach */ REMOTE_PROC_NODE_DEVICE_RESET = 120, @@ -4929,7 +4929,7 @@ enum remote_procedure { /** * @generate: server - * @acl: node_device:dettach + * @acl: node_device:detach */ REMOTE_PROC_NODE_DEVICE_DETACH_FLAGS = 301, -- 1.8.3.2