Add ACL checks into the secrets driver

Insert calls to the ACL checking APIs in all secrets driver
entrypoints.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-04-23 11:56:22 +01:00
parent 1eca3f5bdf
commit 15af5e5f70
2 changed files with 34 additions and 1 deletions

View File

@ -1276,7 +1276,9 @@ noinst_LTLIBRARIES += libvirt_driver_secret.la
#libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la #libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la
endif endif
libvirt_driver_secret_la_CFLAGS = \ libvirt_driver_secret_la_CFLAGS = \
-I$(top_srcdir)/src/conf $(AM_CFLAGS) -I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \
$(AM_CFLAGS)
if WITH_DRIVER_MODULES if WITH_DRIVER_MODULES
libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la
libvirt_driver_secret_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS) libvirt_driver_secret_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)

View File

@ -42,6 +42,7 @@
#include "virfile.h" #include "virfile.h"
#include "configmake.h" #include "configmake.h"
#include "virstring.h" #include "virstring.h"
#include "viraccessapicheck.h"
#define VIR_FROM_THIS VIR_FROM_SECRET #define VIR_FROM_THIS VIR_FROM_SECRET
@ -559,6 +560,9 @@ secretConnectNumOfSecrets(virConnectPtr conn)
int i; int i;
virSecretEntryPtr secret; virSecretEntryPtr secret;
if (virConnectNumOfSecretsEnsureACL(conn) < 0)
return -1;
secretDriverLock(driver); secretDriverLock(driver);
i = 0; i = 0;
@ -578,6 +582,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
memset(uuids, 0, maxuuids * sizeof(*uuids)); memset(uuids, 0, maxuuids * sizeof(*uuids));
if (virConnectListSecretsEnsureACL(conn) < 0)
return -1;
secretDriverLock(driver); secretDriverLock(driver);
i = 0; i = 0;
@ -643,6 +650,9 @@ secretConnectListAllSecrets(virConnectPtr conn,
virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1); virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
if (virConnectListAllSecretsEnsureACL(conn) < 0)
return -1;
secretDriverLock(driver); secretDriverLock(driver);
for (entry = driver->secrets; entry != NULL; entry = entry->next) for (entry = driver->secrets; entry != NULL; entry = entry->next)
@ -725,6 +735,9 @@ secretLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
goto cleanup; goto cleanup;
} }
if (virSecretLookupByUUIDEnsureACL(conn, secret->def) < 0)
goto cleanup;
ret = virGetSecret(conn, ret = virGetSecret(conn,
secret->def->uuid, secret->def->uuid,
secret->def->usage_type, secret->def->usage_type,
@ -752,6 +765,9 @@ secretLookupByUsage(virConnectPtr conn, int usageType, const char *usageID)
goto cleanup; goto cleanup;
} }
if (virSecretLookupByUsageEnsureACL(conn, secret->def) < 0)
goto cleanup;
ret = virGetSecret(conn, ret = virGetSecret(conn,
secret->def->uuid, secret->def->uuid,
secret->def->usage_type, secret->def->usage_type,
@ -781,6 +797,9 @@ secretDefineXML(virConnectPtr conn, const char *xml,
secretDriverLock(driver); secretDriverLock(driver);
if (virSecretDefineXMLEnsureACL(conn, new_attrs) < 0)
goto cleanup;
secret = secretFindByUUID(driver, new_attrs->uuid); secret = secretFindByUUID(driver, new_attrs->uuid);
if (secret == NULL) { if (secret == NULL) {
/* No existing secret with same UUID, try look for matching usage instead */ /* No existing secret with same UUID, try look for matching usage instead */
@ -897,6 +916,9 @@ secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
goto cleanup; goto cleanup;
} }
if (virSecretGetXMLDescEnsureACL(obj->conn, secret->def) < 0)
goto cleanup;
ret = virSecretDefFormat(secret->def); ret = virSecretDefFormat(secret->def);
cleanup: cleanup:
@ -933,6 +955,9 @@ secretSetValue(virSecretPtr obj, const unsigned char *value,
goto cleanup; goto cleanup;
} }
if (virSecretSetValueEnsureACL(obj->conn, secret->def) < 0)
goto cleanup;
old_value = secret->value; old_value = secret->value;
old_value_size = secret->value_size; old_value_size = secret->value_size;
@ -988,6 +1013,9 @@ secretGetValue(virSecretPtr obj, size_t *value_size, unsigned int flags,
goto cleanup; goto cleanup;
} }
if (virSecretGetValueEnsureACL(obj->conn, secret->def) < 0)
goto cleanup;
if (secret->value == NULL) { if (secret->value == NULL) {
char uuidstr[VIR_UUID_STRING_BUFLEN]; char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(obj->uuid, uuidstr); virUUIDFormat(obj->uuid, uuidstr);
@ -1034,6 +1062,9 @@ secretUndefine(virSecretPtr obj)
goto cleanup; goto cleanup;
} }
if (virSecretUndefineEnsureACL(obj->conn, secret->def) < 0)
goto cleanup;
if (!secret->def->ephemeral && if (!secret->def->ephemeral &&
secretDeleteSaved(driver, secret) < 0) secretDeleteSaved(driver, secret) < 0)
goto cleanup; goto cleanup;