mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
Add access control filtering of nwfilter objects
Ensure that all APIs which list nwfilter objects filter them against the access control system. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
f02d65041c
commit
70b1573fc1
@ -441,11 +441,21 @@ nwfilterClose(virConnectPtr conn) {
|
|||||||
static int
|
static int
|
||||||
nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
|
nwfilterConnectNumOfNWFilters(virConnectPtr conn) {
|
||||||
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
|
virNWFilterDriverStatePtr driver = conn->nwfilterPrivateData;
|
||||||
|
int i, n;
|
||||||
|
|
||||||
if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
|
if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
return driver->nwfilters.count;
|
n = 0;
|
||||||
|
for (i = 0; i < driver->nwfilters.count; i++) {
|
||||||
|
virNWFilterObjPtr obj = driver->nwfilters.objs[i];
|
||||||
|
virNWFilterObjLock(obj);
|
||||||
|
if (virConnectNumOfNWFiltersCheckACL(conn, obj->def))
|
||||||
|
n++;
|
||||||
|
virNWFilterObjUnlock(obj);
|
||||||
|
}
|
||||||
|
|
||||||
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -461,13 +471,16 @@ nwfilterConnectListNWFilters(virConnectPtr conn,
|
|||||||
|
|
||||||
nwfilterDriverLock(driver);
|
nwfilterDriverLock(driver);
|
||||||
for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
|
for (i = 0; i < driver->nwfilters.count && got < nnames; i++) {
|
||||||
virNWFilterObjLock(driver->nwfilters.objs[i]);
|
virNWFilterObjPtr obj = driver->nwfilters.objs[i];
|
||||||
if (VIR_STRDUP(names[got], driver->nwfilters.objs[i]->def->name) < 0) {
|
virNWFilterObjLock(obj);
|
||||||
virNWFilterObjUnlock(driver->nwfilters.objs[i]);
|
if (virConnectListNWFiltersCheckACL(conn, obj->def)) {
|
||||||
goto cleanup;
|
if (VIR_STRDUP(names[got], obj->def->name) < 0) {
|
||||||
|
virNWFilterObjUnlock(obj);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
got++;
|
||||||
}
|
}
|
||||||
got++;
|
virNWFilterObjUnlock(obj);
|
||||||
virNWFilterObjUnlock(driver->nwfilters.objs[i]);
|
|
||||||
}
|
}
|
||||||
nwfilterDriverUnlock(driver);
|
nwfilterDriverUnlock(driver);
|
||||||
return got;
|
return got;
|
||||||
@ -513,13 +526,15 @@ nwfilterConnectListAllNWFilters(virConnectPtr conn,
|
|||||||
for (i = 0; i < driver->nwfilters.count; i++) {
|
for (i = 0; i < driver->nwfilters.count; i++) {
|
||||||
obj = driver->nwfilters.objs[i];
|
obj = driver->nwfilters.objs[i];
|
||||||
virNWFilterObjLock(obj);
|
virNWFilterObjLock(obj);
|
||||||
if (!(filter = virGetNWFilter(conn, obj->def->name,
|
if (virConnectListAllNWFiltersCheckACL(conn, obj->def)) {
|
||||||
obj->def->uuid))) {
|
if (!(filter = virGetNWFilter(conn, obj->def->name,
|
||||||
virNWFilterObjUnlock(obj);
|
obj->def->uuid))) {
|
||||||
goto cleanup;
|
virNWFilterObjUnlock(obj);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
tmp_filters[nfilters++] = filter;
|
||||||
}
|
}
|
||||||
virNWFilterObjUnlock(obj);
|
virNWFilterObjUnlock(obj);
|
||||||
tmp_filters[nfilters++] = filter;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
*filters = tmp_filters;
|
*filters = tmp_filters;
|
||||||
|
Loading…
Reference in New Issue
Block a user