From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Insert calls to the ACL checking APIs in all secrets driver
entrypoints.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/Makefile.am | 4 +++-
src/secret/secret_driver.c | 31 +++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 89b2bab..647b1f2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1279,7 +1279,9 @@ noinst_LTLIBRARIES += libvirt_driver_secret.la
#libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la
endif
libvirt_driver_secret_la_CFLAGS = \
- -I$(top_srcdir)/src/conf $(AM_CFLAGS)
+ -I$(top_srcdir)/src/access \
+ -I$(top_srcdir)/src/conf \
+ $(AM_CFLAGS)
if WITH_DRIVER_MODULES
libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la
libvirt_driver_secret_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 5d1739f..fbe49d7 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -42,6 +42,7 @@
#include "virfile.h"
#include "configmake.h"
#include "virstring.h"
+#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_SECRET
@@ -559,6 +560,9 @@ secretConnectNumOfSecrets(virConnectPtr conn)
int i;
virSecretEntryPtr secret;
+ if (virConnectNumOfSecretsEnsureACL(conn) < 0)
+ return -1;
+
secretDriverLock(driver);
i = 0;
@@ -578,6 +582,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
memset(uuids, 0, maxuuids * sizeof(*uuids));
+ if (virConnectListSecretsEnsureACL(conn) < 0)
+ return -1;
+
secretDriverLock(driver);
i = 0;
@@ -643,6 +650,9 @@ secretConnectListAllSecrets(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
+ if (virConnectListAllSecretsEnsureACL(conn) < 0)
+ return -1;
+
secretDriverLock(driver);
for (entry = driver->secrets; entry != NULL; entry = entry->next)
@@ -725,6 +735,9 @@ secretLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
goto cleanup;
}
+ if (virSecretLookupByUUIDEnsureACL(conn, secret->def) < 0)
+ goto cleanup;
+
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
@@ -752,6 +765,9 @@ secretLookupByUsage(virConnectPtr conn, int usageType, const char *usageID)
goto cleanup;
}
+ if (virSecretLookupByUsageEnsureACL(conn, secret->def) < 0)
+ goto cleanup;
+
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
@@ -781,6 +797,9 @@ secretDefineXML(virConnectPtr conn, const char *xml,
secretDriverLock(driver);
+ if (virSecretDefineXMLEnsureACL(conn, new_attrs) < 0)
+ goto cleanup;
+
secret = secretFindByUUID(driver, new_attrs->uuid);
if (secret == NULL) {
/* No existing secret with same UUID, try look for matching usage instead */
@@ -897,6 +916,9 @@ secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
goto cleanup;
}
+ if (virSecretGetXMLDescEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
ret = virSecretDefFormat(secret->def);
cleanup:
@@ -933,6 +955,9 @@ secretSetValue(virSecretPtr obj, const unsigned char *value,
goto cleanup;
}
+ if (virSecretSetValueEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
old_value = secret->value;
old_value_size = secret->value_size;
@@ -988,6 +1013,9 @@ secretGetValue(virSecretPtr obj, size_t *value_size, unsigned int flags,
goto cleanup;
}
+ if (virSecretGetValueEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
if (secret->value == NULL) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
@@ -1034,6 +1062,9 @@ secretUndefine(virSecretPtr obj)
goto cleanup;
}
+ if (virSecretUndefineEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
if (!secret->def->ephemeral &&
secretDeleteSaved(driver, secret) < 0)
goto cleanup;
--
1.8.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list