mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 22:55:23 +00:00
Add ACL checks into the secrets driver
Insert calls to the ACL checking APIs in all secrets driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
1eca3f5bdf
commit
15af5e5f70
@ -1276,7 +1276,9 @@ noinst_LTLIBRARIES += libvirt_driver_secret.la
|
|||||||
#libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la
|
#libvirt_la_BUILT_LIBADD += libvirt_driver_secret.la
|
||||||
endif
|
endif
|
||||||
libvirt_driver_secret_la_CFLAGS = \
|
libvirt_driver_secret_la_CFLAGS = \
|
||||||
-I$(top_srcdir)/src/conf $(AM_CFLAGS)
|
-I$(top_srcdir)/src/access \
|
||||||
|
-I$(top_srcdir)/src/conf \
|
||||||
|
$(AM_CFLAGS)
|
||||||
if WITH_DRIVER_MODULES
|
if WITH_DRIVER_MODULES
|
||||||
libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la
|
libvirt_driver_secret_la_LIBADD = ../gnulib/lib/libgnu.la
|
||||||
libvirt_driver_secret_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
|
libvirt_driver_secret_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
|
||||||
|
@ -42,6 +42,7 @@
|
|||||||
#include "virfile.h"
|
#include "virfile.h"
|
||||||
#include "configmake.h"
|
#include "configmake.h"
|
||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
|
#include "viraccessapicheck.h"
|
||||||
|
|
||||||
#define VIR_FROM_THIS VIR_FROM_SECRET
|
#define VIR_FROM_THIS VIR_FROM_SECRET
|
||||||
|
|
||||||
@ -559,6 +560,9 @@ secretConnectNumOfSecrets(virConnectPtr conn)
|
|||||||
int i;
|
int i;
|
||||||
virSecretEntryPtr secret;
|
virSecretEntryPtr secret;
|
||||||
|
|
||||||
|
if (virConnectNumOfSecretsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
secretDriverLock(driver);
|
secretDriverLock(driver);
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
@ -578,6 +582,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
|
|||||||
|
|
||||||
memset(uuids, 0, maxuuids * sizeof(*uuids));
|
memset(uuids, 0, maxuuids * sizeof(*uuids));
|
||||||
|
|
||||||
|
if (virConnectListSecretsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
secretDriverLock(driver);
|
secretDriverLock(driver);
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
@ -643,6 +650,9 @@ secretConnectListAllSecrets(virConnectPtr conn,
|
|||||||
|
|
||||||
virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
|
virCheckFlags(VIR_CONNECT_LIST_SECRETS_FILTERS_ALL, -1);
|
||||||
|
|
||||||
|
if (virConnectListAllSecretsEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
secretDriverLock(driver);
|
secretDriverLock(driver);
|
||||||
|
|
||||||
for (entry = driver->secrets; entry != NULL; entry = entry->next)
|
for (entry = driver->secrets; entry != NULL; entry = entry->next)
|
||||||
@ -725,6 +735,9 @@ secretLookupByUUID(virConnectPtr conn, const unsigned char *uuid)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virSecretLookupByUUIDEnsureACL(conn, secret->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virGetSecret(conn,
|
ret = virGetSecret(conn,
|
||||||
secret->def->uuid,
|
secret->def->uuid,
|
||||||
secret->def->usage_type,
|
secret->def->usage_type,
|
||||||
@ -752,6 +765,9 @@ secretLookupByUsage(virConnectPtr conn, int usageType, const char *usageID)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virSecretLookupByUsageEnsureACL(conn, secret->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virGetSecret(conn,
|
ret = virGetSecret(conn,
|
||||||
secret->def->uuid,
|
secret->def->uuid,
|
||||||
secret->def->usage_type,
|
secret->def->usage_type,
|
||||||
@ -781,6 +797,9 @@ secretDefineXML(virConnectPtr conn, const char *xml,
|
|||||||
|
|
||||||
secretDriverLock(driver);
|
secretDriverLock(driver);
|
||||||
|
|
||||||
|
if (virSecretDefineXMLEnsureACL(conn, new_attrs) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
secret = secretFindByUUID(driver, new_attrs->uuid);
|
secret = secretFindByUUID(driver, new_attrs->uuid);
|
||||||
if (secret == NULL) {
|
if (secret == NULL) {
|
||||||
/* No existing secret with same UUID, try look for matching usage instead */
|
/* No existing secret with same UUID, try look for matching usage instead */
|
||||||
@ -897,6 +916,9 @@ secretGetXMLDesc(virSecretPtr obj, unsigned int flags)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virSecretGetXMLDescEnsureACL(obj->conn, secret->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virSecretDefFormat(secret->def);
|
ret = virSecretDefFormat(secret->def);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -933,6 +955,9 @@ secretSetValue(virSecretPtr obj, const unsigned char *value,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virSecretSetValueEnsureACL(obj->conn, secret->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
old_value = secret->value;
|
old_value = secret->value;
|
||||||
old_value_size = secret->value_size;
|
old_value_size = secret->value_size;
|
||||||
|
|
||||||
@ -988,6 +1013,9 @@ secretGetValue(virSecretPtr obj, size_t *value_size, unsigned int flags,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virSecretGetValueEnsureACL(obj->conn, secret->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (secret->value == NULL) {
|
if (secret->value == NULL) {
|
||||||
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
||||||
virUUIDFormat(obj->uuid, uuidstr);
|
virUUIDFormat(obj->uuid, uuidstr);
|
||||||
@ -1034,6 +1062,9 @@ secretUndefine(virSecretPtr obj)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virSecretUndefineEnsureACL(obj->conn, secret->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!secret->def->ephemeral &&
|
if (!secret->def->ephemeral &&
|
||||||
secretDeleteSaved(driver, secret) < 0)
|
secretDeleteSaved(driver, secret) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
Loading…
Reference in New Issue
Block a user