[libvirt] [PATCH 6/8] Add access control filtering of nwfilter objects

Thursday, 27 June 2013

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt;

Ensure that all APIs which list nwfilter objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt;
---
 src/nwfilter/nwfilter_driver.c | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 7e8e202..0fbc940 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -441,11 +441,21 @@ nwfilterClose(virConnectPtr conn) {
 static int
 nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
     virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
+    int i, n;
 
     if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
         return -1;
 
-    return driver->nwfilters.count;
+    n = 0;
+    for (i = 0; i < driver->nwfilters.count; i++) {
+        virNWFilterObjPtr obj = driver->nwfilters.objs[i];
+        virNWFilterObjLock(obj);
+        if (virConnectNumOfNWFiltersCheckACL(conn, obj->def))
+            n++;
+        virNWFilterObjUnlock(obj);
+    }
+
+    return n;
 }
 
 
@@ -461,13 +471,16 @@ nwfilterConnectListNWFilters(virConnectPtr conn,
 
     nwfilterDriverLock(driver);
     for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
-        virNWFilterObjLock(driver->nwfilters.objs[i]);
-        if (VIR_STRDUP(names[got], driver->nwfilters.objs[i]->def->name) < 0)
{
-             virNWFilterObjUnlock(driver->nwfilters.objs[i]);
-             goto cleanup;
+        virNWFilterObjPtr obj = driver->nwfilters.objs[i];
+        virNWFilterObjLock(obj);
+        if (virConnectListNWFiltersCheckACL(conn, obj->def)) {
+            if (VIR_STRDUP(names[got], obj->def->name) < 0) {
+                virNWFilterObjUnlock(obj);
+                goto cleanup;
+            }
+            got++;
         }
-        got++;
-        virNWFilterObjUnlock(driver->nwfilters.objs[i]);
+        virNWFilterObjUnlock(obj);
     }
     nwfilterDriverUnlock(driver);
     return got;
@@ -513,13 +526,15 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn,
     for (i = 0; i < driver->nwfilters.count; i++) {
         obj = driver->nwfilters.objs[i];
         virNWFilterObjLock(obj);
-        if (!(filter = virGetNWFilter(conn, obj->def->name,
-                                      obj->def->uuid))) {
-            virNWFilterObjUnlock(obj);
-            goto cleanup;
+        if (virConnectListAllNWFiltersCheckACL(conn, obj->def)) {
+            if (!(filter = virGetNWFilter(conn, obj->def->name,
+                                          obj->def->uuid))) {
+                virNWFilterObjUnlock(obj);
+                goto cleanup;
+            }
+            tmp_filters[nfilters++] = filter;
         }
         virNWFilterObjUnlock(obj);
-        tmp_filters[nfilters++] = filter;
     }
 
     *filters = tmp_filters;
-- 
1.8.1.4


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 6/8] Add access control filtering of nwfilter objects