External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-05 22:05:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add access control filtering of secret objects

Browse Source 
Ensure that all APIs which list secret objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-06-27 12:12:30 +01:00
parent 323049a089
commit f02d65041c
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/secret/secret_driver.c
View File

@ -566,8 +566,11 @@ secretConnectNumOfSecrets(virConnectPtr conn)
secretDriverLock(driver);
i = 0;
for (secret = driver->secrets; secret != NULL; secret = secret->next)
i++;
for (secret = driver->secrets; secret != NULL; secret = secret->next) {
if (virConnectNumOfSecretsCheckACL(conn,
secret->def))
i++;
}
secretDriverUnlock(driver);
return i;
@ -590,6 +593,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
i = 0;
for (secret = driver->secrets; secret != NULL; secret = secret->next) {
char *uuidstr;
if (!virConnectListSecretsCheckACL(conn,
secret->def))
continue;
if (i == maxuuids)
break;
if (VIR_ALLOC_N(uuidstr, VIR_UUID_STRING_BUFLEN) < 0) {
@ -666,6 +672,10 @@ secretConnectListAllSecrets(virConnectPtr conn,
}
for (entry = driver->secrets; entry != NULL; entry = entry->next) {
if (!virConnectListAllSecretsCheckACL(conn,
entry->def))
continue;
/* filter by whether it's ephemeral */
if (MATCH(VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL) &&
!((MATCH(VIR_CONNECT_LIST_SECRETS_EPHEMERAL) &&