Add access control filtering of secret objects

Ensure that all APIs which list secret objects filter them against the access control system. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Add access control filtering of secret objects
Ensure that all APIs which list secret objects filter them against the access control system. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
f02d6504 · Daniel P. Berrange · 323049a0 · f02d6504
隐藏空白更改
内联并排

Showing with 12 addition and 2 deletion

src/secret/secret_driver.c src/secret/secret_driver.c +12 -2

未找到文件。
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -566,8 +566,11 @@ secretConnectNumOfSecrets(virConnectPtr conn)
    secretDriverLock(driver);

    i = 0;
-    for (secret = driver->secrets; secret != NULL; secret = secret->next)
-        i++;
+    for (secret = driver->secrets; secret != NULL; secret = secret->next) {
+        if (virConnectNumOfSecretsCheckACL(conn,
+                                           secret->def))
+            i++;
+    }

    secretDriverUnlock(driver);
    return i;
@@ -590,6 +593,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
    i = 0;
    for (secret = driver->secrets; secret != NULL; secret = secret->next) {
        char *uuidstr;
+        if (!virConnectListSecretsCheckACL(conn,
+                                           secret->def))
+            continue;
        if (i == maxuuids)
            break;
        if (VIR_ALLOC_N(uuidstr, VIR_UUID_STRING_BUFLEN) < 0) {
@@ -666,6 +672,10 @@ secretConnectListAllSecrets(virConnectPtr conn,
    }

    for (entry = driver->secrets; entry != NULL; entry = entry->next) {
+        if (!virConnectListAllSecretsCheckACL(conn,
+                                              entry->def))
+            continue;
+
        /* filter by whether it's ephemeral */
        if (MATCH(VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL) &&
            !((MATCH(VIR_CONNECT_LIST_SECRETS_EPHEMERAL) &&