mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 15:27:47 +00:00
Add ACL checks into the nwfilter driver
Insert calls to the ACL checking APIs in all nwfilter driver entrypoints. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
20d8e1f1d7
commit
1eca3f5bdf
@ -1391,8 +1391,13 @@ noinst_LTLIBRARIES += libvirt_driver_nwfilter.la
|
|||||||
# Stateful, so linked to daemon instead
|
# Stateful, so linked to daemon instead
|
||||||
#libvirt_la_BUILT_LIBADD += libvirt_driver_nwfilter.la
|
#libvirt_la_BUILT_LIBADD += libvirt_driver_nwfilter.la
|
||||||
endif
|
endif
|
||||||
libvirt_driver_nwfilter_la_CFLAGS = $(LIBPCAP_CFLAGS) \
|
libvirt_driver_nwfilter_la_CFLAGS = \
|
||||||
-I$(top_srcdir)/src/conf $(LIBNL_CFLAGS) $(AM_CFLAGS) $(DBUS_CFLAGS)
|
$(LIBPCAP_CFLAGS) \
|
||||||
|
$(LIBNL_CFLAGS) \
|
||||||
|
$(DBUS_CFLAGS) \
|
||||||
|
-I$(top_srcdir)/src/access \
|
||||||
|
-I$(top_srcdir)/src/conf \
|
||||||
|
$(AM_CFLAGS)
|
||||||
libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS)
|
libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS)
|
||||||
libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS)
|
libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS)
|
||||||
if WITH_DRIVER_MODULES
|
if WITH_DRIVER_MODULES
|
||||||
|
@ -42,6 +42,7 @@
|
|||||||
#include "nwfilter_gentech_driver.h"
|
#include "nwfilter_gentech_driver.h"
|
||||||
#include "configmake.h"
|
#include "configmake.h"
|
||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
|
#include "viraccessapicheck.h"
|
||||||
|
|
||||||
#include "nwfilter_ipaddrmap.h"
|
#include "nwfilter_ipaddrmap.h"
|
||||||
#include "nwfilter_dhcpsnoop.h"
|
#include "nwfilter_dhcpsnoop.h"
|
||||||
@ -374,6 +375,9 @@ nwfilterLookupByUUID(virConnectPtr conn,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virNWFilterLookupByUUIDEnsureACL(conn, nwfilter->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
|
ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -400,6 +404,9 @@ nwfilterLookupByName(virConnectPtr conn,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virNWFilterLookupByNameEnsureACL(conn, nwfilter->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
|
ret = virGetNWFilter(conn, nwfilter->def->name, nwfilter->def->uuid);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -434,6 +441,10 @@ nwfilterClose(virConnectPtr conn) {
|
|||||||
static int
|
static int
|
||||||
nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
|
nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
|
||||||
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
|
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
|
||||||
|
|
||||||
|
if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
return driver->nwfilters.count;
|
return driver->nwfilters.count;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -445,6 +456,9 @@ nwfilterConnectListNWFilters(virConnectPtr conn,
|
|||||||
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
|
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
|
||||||
int got = 0, i;
|
int got = 0, i;
|
||||||
|
|
||||||
|
if (virConnectListNWFiltersEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
nwfilterDriverLock(driver);
|
nwfilterDriverLock(driver);
|
||||||
for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
|
for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
|
||||||
virNWFilterObjLock(driver->nwfilters.objs[i]);
|
virNWFilterObjLock(driver->nwfilters.objs[i]);
|
||||||
@ -481,6 +495,9 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn,
|
|||||||
|
|
||||||
virCheckFlags(0, -1);
|
virCheckFlags(0, -1);
|
||||||
|
|
||||||
|
if (virConnectListAllNWFiltersEnsureACL(conn) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
nwfilterDriverLock(driver);
|
nwfilterDriverLock(driver);
|
||||||
|
|
||||||
if (!filters) {
|
if (!filters) {
|
||||||
@ -537,6 +554,9 @@ nwfilterDefineXML(virConnectPtr conn,
|
|||||||
if (!(def = virNWFilterDefParseString(conn, xml)))
|
if (!(def = virNWFilterDefParseString(conn, xml)))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
|
if (virNWFilterDefineXMLEnsureACL(conn, def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def)))
|
if (!(nwfilter = virNWFilterObjAssignDef(conn, &driver->nwfilters, def)))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
@ -578,6 +598,9 @@ nwfilterUndefine(virNWFilterPtr obj) {
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virNWFilterUndefineEnsureACL(obj->conn, nwfilter->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) {
|
if (virNWFilterTestUnassignDef(obj->conn, nwfilter) < 0) {
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID,
|
virReportError(VIR_ERR_OPERATION_INVALID,
|
||||||
"%s",
|
"%s",
|
||||||
@ -626,6 +649,9 @@ nwfilterGetXMLDesc(virNWFilterPtr obj,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (virNWFilterGetXMLDescEnsureACL(obj->conn, nwfilter->def) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
ret = virNWFilterDefFormat(nwfilter->def);
|
ret = virNWFilterDefFormat(nwfilter->def);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
|
Loading…
Reference in New Issue
Block a user