From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> Insert calls to the ACL checking APIs in all nwfilter driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- src/Makefile.am | 9 +++++++-- src/nwfilter/nwfilter_driver.c | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index c899001..89b2bab 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1394,8 +1394,13 @@ noinst_LTLIBRARIES += libvirt_driver_nwfilter.la # Stateful, so linked to daemon instead #libvirt_la_BUILT_LIBADD += libvirt_driver_nwfilter.la endif -libvirt_driver_nwfilter_la_CFLAGS = $(LIBPCAP_CFLAGS) \ - -I$(top_srcdir)/src/conf $(LIBNL_CFLAGS) $(AM_CFLAGS) $(DBUS_CFLAGS) +libvirt_driver_nwfilter_la_CFLAGS = \ + $(LIBPCAP_CFLAGS) \ + $(LIBNL_CFLAGS) \ + $(DBUS_CFLAGS) \ + -I$(top_srcdir)/src/access \ + -I$(top_srcdir)/src/conf \ + $(AM_CFLAGS) libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS) libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS) if WITH_DRIVER_MODULES diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 6573307..7e8e202 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -42,6 +42,7 @@ #include "nwfilter_gentech_driver.h" #include "configmake.h" #include "virstring.h" +#include "viraccessapicheck.h" #include "nwfilter_ipaddrmap.h" #include "nwfilter_dhcpsnoop.h" @@ -374,6 +375,9 @@ nwfilterLookupByUUID(virConnectPtr conn, goto cleanup; } + if (virNWFilterLookupByUUIDEnsureACL(conn, nwfilter->def) < 0) + goto cleanup; + ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid); cleanup: @@ -400,6 +404,9 @@ nwfilterLookupByName(virConnectPtr conn, goto cleanup; } + if (virNWFilterLookupByNameEnsureACL(conn, nwfilter->def) < 0) + goto cleanup; + ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid); cleanup: @@ -434,6 +441,10 @@ nwfilterClose(virConnectPtr conn) { static int nwfilterConnectNumOfNWFilters(virConnectPtr conn) { virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData; + + if (virConnectNumOfNWFiltersEnsureACL(conn) < 0) + return -1; + return driver->nwfilters.count; } @@ -445,6 +456,9 @@ nwfilterConnectListNWFilters(virConnectPtr conn, virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData; int got = 0, i; + if (virConnectListNWFiltersEnsureACL(conn) < 0) + return -1; + nwfilterDriverLock(driver); for (i = 0; i < driver->nwfilters.count && got < nnames; i++) { virNWFilterObjLock(driver->nwfilters.objs[i]); @@ -481,6 +495,9 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn, virCheckFlags(0, -1); + if (virConnectListAllNWFiltersEnsureACL(conn) < 0) + return -1; + nwfilterDriverLock(driver); if (!filters) { @@ -537,6 +554,9 @@ nwfilterDefineXML(virConnectPtr conn, if (!(def = virNWFilterDefParseString(conn, xml))) goto cleanup; + if (virNWFilterDefineXMLEnsureACL(conn, def) < 0) + goto cleanup; + if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def))) goto cleanup; @@ -578,6 +598,9 @@ nwfilterUndefine(virNWFilterPtr obj) { goto cleanup; } + if (virNWFilterUndefineEnsureACL(obj->conn, nwfilter->def) < 0) + goto cleanup; + if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -626,6 +649,9 @@ nwfilterGetXMLDesc(virNWFilterPtr obj, goto cleanup; } + if (virNWFilterGetXMLDescEnsureACL(obj->conn, nwfilter->def) < 0) + goto cleanup; + ret = virNWFilterDefFormat(nwfilter->def); cleanup: -- 1.8.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list