[libvirt] [PATCH 18/19] Add ACL checks into the secrets driver
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Insert calls to the ACL checking APIs in all secrets driver
entrypoints.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/secret/secret_driver.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 5d1739f..b73dc51 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -42,6 +42,7 @@
#include "virfile.h"
#include "configmake.h"
#include "virstring.h"
+#include "access/viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_SECRET
@@ -559,6 +560,9 @@ secretConnectNumOfSecrets(virConnectPtr conn)
int i;
virSecretEntryPtr secret;
+ if (virConnectNumOfSecretsEnsureACL(conn) < 0)
+ return -1;
+
secretDriverLock(driver);
i = 0;
@@ -578,6 +582,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int
maxuuids)
memset(uuids, 0, maxuuids * sizeof(*uuids));
+ if (virConnectListSecretsEnsureACL(conn) < 0)
+ return -1;
+
secretDriverLock(driver);
i = 0;
@@ -643,6 +650,9 @@ secretConnectListAllSecrets(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
+ if (virConnectListAllSecretsEnsureACL(conn) < 0)
+ return -1;
+
secretDriverLock(driver);
for (entry = driver->secrets; entry != NULL; entry = entry->next)
@@ -725,6 +735,9 @@ secretLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
goto cleanup;
}
+ if (virSecretLookupByUUIDEnsureACL(conn, secret->def) < 0)
+ goto cleanup;
+
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
@@ -752,6 +765,9 @@ secretLookupByUsage(virConnectPtr conn, int usageType, const char
*usageID)
goto cleanup;
}
+ if (virSecretLookupByUsageEnsureACL(conn, secret->def) < 0)
+ goto cleanup;
+
ret = virGetSecret(conn,
secret->def->uuid,
secret->def->usage_type,
@@ -781,6 +797,9 @@ secretDefineXML(virConnectPtr conn, const char *xml,
secretDriverLock(driver);
+ if (virSecretDefineXMLEnsureACL(conn, new_attrs) < 0)
+ goto cleanup;
+
secret = secretFindByUUID(driver, new_attrs->uuid);
if (secret == NULL) {
/* No existing secret with same UUID, try look for matching usage instead */
@@ -897,6 +916,9 @@ secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
goto cleanup;
}
+ if (virSecretGetXMLDescEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
ret = virSecretDefFormat(secret->def);
cleanup:
@@ -933,6 +955,9 @@ secretSetValue(virSecretPtr obj, const unsigned char *value,
goto cleanup;
}
+ if (virSecretSetValueEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
old_value = secret->value;
old_value_size = secret->value_size;
@@ -988,6 +1013,9 @@ secretGetValue(virSecretPtr obj, size_t *value_size, unsigned int
flags,
goto cleanup;
}
+ if (virSecretGetValueEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
if (secret->value == NULL) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr);
@@ -1034,6 +1062,9 @@ secretUndefine(virSecretPtr obj)
goto cleanup;
}
+ if (virSecretUndefineEnsureACL(obj->conn, secret->def) < 0)
+ goto cleanup;
+
if (!secret->def->ephemeral &&
secretDeleteSaved(driver, secret) < 0)
goto cleanup;
--
1.8.1.4