External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-05 22:05:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add access control filtering of nwfilter objects

Browse Source 
Ensure that all APIs which list nwfilter objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-06-27 12:18:33 +01:00
parent f02d65041c
commit 70b1573fc1
1 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/nwfilter/nwfilter_driver.c
View File

@ -441,11 +441,21 @@ nwfilterClose(virConnectPtr conn) {
static int static int
nwfilterConnectNumOfNWFilters(virConnectPtr conn) { nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData; virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
int i, n;
if (virConnectNumOfNWFiltersEnsureACL(conn) < 0) if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
return -1; return -1;
return driver->nwfilters.count; n = 0;
for (i = 0; i < driver->nwfilters.count; i++) {
virNWFilterObjPtr obj = driver->nwfilters.objs[i];
virNWFilterObjLock(obj);
if (virConnectNumOfNWFiltersCheckACL(conn, obj->def))
n++;
virNWFilterObjUnlock(obj);
}
return n;
} }
@ -461,13 +471,16 @@ nwfilterConnectListNWFilters(virConnectPtr conn,
nwfilterDriverLock(driver); nwfilterDriverLock(driver);
for (i = 0; i < driver->nwfilters.count && got < nnames; i++) { for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
virNWFilterObjLock(driver->nwfilters.objs[i]); virNWFilterObjPtr obj = driver->nwfilters.objs[i];
if (VIR_STRDUP(names[got], driver->nwfilters.objs[i]->def->name) < 0) { virNWFilterObjLock(obj);
virNWFilterObjUnlock(driver->nwfilters.objs[i]); if (virConnectListNWFiltersCheckACL(conn, obj->def)) {
goto cleanup; if (VIR_STRDUP(names[got], obj->def->name) < 0) {
virNWFilterObjUnlock(obj);
goto cleanup;
}
got++;
} }
got++; virNWFilterObjUnlock(obj);
virNWFilterObjUnlock(driver->nwfilters.objs[i]);
} }
nwfilterDriverUnlock(driver); nwfilterDriverUnlock(driver);
return got; return got;
@ -513,13 +526,15 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn,
for (i = 0; i < driver->nwfilters.count; i++) { for (i = 0; i < driver->nwfilters.count; i++) {
obj = driver->nwfilters.objs[i]; obj = driver->nwfilters.objs[i];
virNWFilterObjLock(obj); virNWFilterObjLock(obj);
if (!(filter = virGetNWFilter(conn, obj->def->name, if (virConnectListAllNWFiltersCheckACL(conn, obj->def)) {
obj->def->uuid))) { if (!(filter = virGetNWFilter(conn, obj->def->name,
virNWFilterObjUnlock(obj); obj->def->uuid))) {
goto cleanup; virNWFilterObjUnlock(obj);
goto cleanup;
}
tmp_filters[nfilters++] = filter;
} }
virNWFilterObjUnlock(obj); virNWFilterObjUnlock(obj);
tmp_filters[nfilters++] = filter;
} }
*filters = tmp_filters; *filters = tmp_filters;