[PATCH 18/19] Add ACL checks into the secrets driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Insert calls to the ACL checking APIs in all secrets driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/Makefile.am            |  4 +++-
 src/secret/secret_driver.c | 31 +++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 89b2bab..647b1f2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1279,7 +1279,9 @@ noinst_LTLIBRARIES += libvirt_driver_secret.la
 #libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la
 endif
 libvirt_driver_secret_la_CFLAGS = \
-		-I$(top_srcdir)/src/conf $(AM_CFLAGS)
+		-I$(top_srcdir)/src/access \
+		-I$(top_srcdir)/src/conf \
+		$(AM_CFLAGS)
 if WITH_DRIVER_MODULES
 libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la
 libvirt_driver_secret_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 5d1739f..fbe49d7 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -42,6 +42,7 @@
 #include "virfile.h"
 #include "configmake.h"
 #include "virstring.h"
+#include "viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_SECRET
 
@@ -559,6 +560,9 @@ secretConnectNumOfSecrets(virConnectPtr conn)
     int i;
     virSecretEntryPtr secret;
 
+    if (virConnectNumOfSecretsEnsureACL(conn) < 0)
+        return -1;
+
     secretDriverLock(driver);
 
     i = 0;
@@ -578,6 +582,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
 
     memset(uuids, 0, maxuuids * sizeof(*uuids));
 
+    if (virConnectListSecretsEnsureACL(conn) < 0)
+        return -1;
+
     secretDriverLock(driver);
 
     i = 0;
@@ -643,6 +650,9 @@ secretConnectListAllSecrets(virConnectPtr conn,
 
     virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
 
+    if (virConnectListAllSecretsEnsureACL(conn) < 0)
+        return -1;
+
     secretDriverLock(driver);
 
     for (entry = driver->secrets; entry != NULL; entry = entry->next)
@@ -725,6 +735,9 @@ secretLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
         goto cleanup;
     }
 
+    if (virSecretLookupByUUIDEnsureACL(conn, secret->def) < 0)
+        goto cleanup;
+
     ret = virGetSecret(conn,
                        secret->def->uuid,
                        secret->def->usage_type,
@@ -752,6 +765,9 @@ secretLookupByUsage(virConnectPtr conn, int usageType, const char *usageID)
         goto cleanup;
     }
 
+    if (virSecretLookupByUsageEnsureACL(conn, secret->def) < 0)
+        goto cleanup;
+
     ret = virGetSecret(conn,
                        secret->def->uuid,
                        secret->def->usage_type,
@@ -781,6 +797,9 @@ secretDefineXML(virConnectPtr conn, const char *xml,
 
     secretDriverLock(driver);
 
+    if (virSecretDefineXMLEnsureACL(conn, new_attrs) < 0)
+        goto cleanup;
+
     secret = secretFindByUUID(driver, new_attrs->uuid);
     if (secret == NULL) {
         /* No existing secret with same UUID, try look for matching usage instead */
@@ -897,6 +916,9 @@ secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
         goto cleanup;
     }
 
+    if (virSecretGetXMLDescEnsureACL(obj->conn, secret->def) < 0)
+        goto cleanup;
+
     ret = virSecretDefFormat(secret->def);
 
 cleanup:
@@ -933,6 +955,9 @@ secretSetValue(virSecretPtr obj, const unsigned char *value,
         goto cleanup;
     }
 
+    if (virSecretSetValueEnsureACL(obj->conn, secret->def) < 0)
+        goto cleanup;
+
     old_value = secret->value;
     old_value_size = secret->value_size;
 
@@ -988,6 +1013,9 @@ secretGetValue(virSecretPtr obj, size_t *value_size, unsigned int flags,
         goto cleanup;
     }
 
+    if (virSecretGetValueEnsureACL(obj->conn, secret->def) < 0)
+        goto cleanup;
+
     if (secret->value == NULL) {
         char uuidstr[VIR_UUID_STRING_BUFLEN];
         virUUIDFormat(obj->uuid, uuidstr);
@@ -1034,6 +1062,9 @@ secretUndefine(virSecretPtr obj)
         goto cleanup;
     }
 
+    if (virSecretUndefineEnsureACL(obj->conn, secret->def) < 0)
+        goto cleanup;
+
     if (!secret->def->ephemeral &&
         secretDeleteSaved(driver, secret) < 0)
         goto cleanup;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]