8:26 a.m.
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Insert calls to the ACL checking APIs in all network driver
entrypoints.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/network/bridge_driver.c | 61 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 99c1316..76966df 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -65,6 +65,7 @@
#include "virdbus.h"
#include "virfile.h"
#include "virstring.h"
+#include "access/viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_NETWORK
@@ -2769,6 +2770,9 @@ static virNetworkPtr networkLookupByUUID(virConnectPtr conn,
goto cleanup;
}
+ if (virNetworkLookupByUUIDEnsureACL(conn, network->def) < 0)
+ goto cleanup;
+
ret = virGetNetwork(conn, network->def->name, network->def->uuid);
cleanup:
@@ -2792,6 +2796,9 @@ static virNetworkPtr networkLookupByName(virConnectPtr conn,
goto cleanup;
}
+ if (virNetworkLookupByNameEnsureACL(conn, network->def) < 0)
+ goto cleanup;
+
ret = virGetNetwork(conn, network->def->name, network->def->uuid);
cleanup:
@@ -2822,6 +2829,9 @@ static int networkConnectNumOfNetworks(virConnectPtr conn) {
int nactive = 0, i;
struct network_driver *driver = conn->networkPrivateData;
+ if (virConnectNumOfNetworksEnsureACL(conn) < 0)
+ return -1;
+
networkDriverLock(driver);
for (i = 0 ; i < driver->networks.count ; i++) {
virNetworkObjLock(driver->networks.objs[i]);
@@ -2838,6 +2848,9 @@ static int networkConnectListNetworks(virConnectPtr conn, char
**const names, in
struct network_driver *driver = conn->networkPrivateData;
int got = 0, i;
+ if (virConnectListNetworksEnsureACL(conn) < 0)
+ return -1;
+
networkDriverLock(driver);
for (i = 0 ; i < driver->networks.count && got < nnames ; i++) {
virNetworkObjLock(driver->networks.objs[i]);
@@ -2865,6 +2878,9 @@ static int networkConnectNumOfDefinedNetworks(virConnectPtr conn) {
int ninactive = 0, i;
struct network_driver *driver = conn->networkPrivateData;
+ if (virConnectNumOfDefinedNetworksEnsureACL(conn) < 0)
+ return -1;
+
networkDriverLock(driver);
for (i = 0 ; i < driver->networks.count ; i++) {
virNetworkObjLock(driver->networks.objs[i]);
@@ -2881,6 +2897,9 @@ static int networkConnectListDefinedNetworks(virConnectPtr conn,
char **const na
struct network_driver *driver = conn->networkPrivateData;
int got = 0, i;
+ if (virConnectListDefinedNetworksEnsureACL(conn) < 0)
+ return -1;
+
networkDriverLock(driver);
for (i = 0 ; i < driver->networks.count && got < nnames ; i++) {
virNetworkObjLock(driver->networks.objs[i]);
@@ -2913,10 +2932,14 @@ networkConnectListAllNetworks(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_NETWORKS_FILTERS_ALL, -1);
+ if (virConnectListAllNetworksEnsureACL(conn) < 0)
+ goto cleanup;
+
networkDriverLock(driver);
ret = virNetworkList(conn, driver->networks, nets, flags);
networkDriverUnlock(driver);
+cleanup:
return ret;
}
@@ -2933,6 +2956,10 @@ static int networkIsActive(virNetworkPtr net)
virReportError(VIR_ERR_NO_NETWORK, NULL);
goto cleanup;
}
+
+ if (virNetworkIsActiveEnsureACL(net->conn, obj->def) < 0)
+ goto cleanup;
+
ret = virNetworkObjIsActive(obj);
cleanup:
@@ -2954,6 +2981,10 @@ static int networkIsPersistent(virNetworkPtr net)
virReportError(VIR_ERR_NO_NETWORK, NULL);
goto cleanup;
}
+
+ if (virNetworkIsPersistentEnsureACL(net->conn, obj->def) < 0)
+ goto cleanup;
+
ret = obj->persistent;
cleanup:
@@ -3121,6 +3152,9 @@ static virNetworkPtr networkCreateXML(virConnectPtr conn, const char
*xml) {
if (!(def = virNetworkDefParseString(xml)))
goto cleanup;
+ if (virNetworkCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (networkValidate(driver, def, true) < 0)
goto cleanup;
@@ -3161,6 +3195,9 @@ static virNetworkPtr networkDefineXML(virConnectPtr conn, const char
*xml) {
if (!(def = virNetworkDefParseString(xml)))
goto cleanup;
+ if (virNetworkDefineXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
if (networkValidate(driver, def, false) < 0)
goto cleanup;
@@ -3219,6 +3256,9 @@ networkUndefine(virNetworkPtr net) {
goto cleanup;
}
+ if (virNetworkUndefineEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
if (virNetworkObjIsActive(network))
active = true;
@@ -3279,6 +3319,9 @@ networkUpdate(virNetworkPtr net,
goto cleanup;
}
+ if (virNetworkUpdateEnsureACL(net->conn, network->def, flags) < 0)
+ goto cleanup;
+
/* see if we are listening for dhcp pre-modification */
for (ii = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_INET, ii));
@@ -3414,6 +3457,9 @@ static int networkCreate(virNetworkPtr net) {
goto cleanup;
}
+ if (virNetworkCreateEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
ret = networkStartNetwork(driver, network);
cleanup:
@@ -3437,6 +3483,9 @@ static int networkDestroy(virNetworkPtr net) {
goto cleanup;
}
+ if (virNetworkDestroyEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
if (!virNetworkObjIsActive(network)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("network is not active"));
@@ -3482,6 +3531,9 @@ static char *networkGetXMLDesc(virNetworkPtr net,
goto cleanup;
}
+ if (virNetworkGetXMLDescEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
if ((flags & VIR_NETWORK_XML_INACTIVE) && network->newDef)
def = network->newDef;
else
@@ -3510,6 +3562,9 @@ static char *networkGetBridgeName(virNetworkPtr net) {
goto cleanup;
}
+ if (virNetworkGetBridgeNameEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
if (!(network->def->bridge)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("network '%s' does not have a bridge name."),
@@ -3540,6 +3595,9 @@ static int networkGetAutostart(virNetworkPtr net,
goto cleanup;
}
+ if (virNetworkGetAutostartEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
*autostart = network->autostart;
ret = 0;
@@ -3565,6 +3623,9 @@ static int networkSetAutostart(virNetworkPtr net,
goto cleanup;
}
+ if (virNetworkSetAutostartEnsureACL(net->conn, network->def) < 0)
+ goto cleanup;
+
if (!network->persistent) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("cannot set autostart for transient
network"));
--
1.8.1.4