From f02d65041cdf6dace1257e802bfc65c226d6b2ca Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Thu, 27 Jun 2013 12:12:30 +0100 Subject: [PATCH] Add access control filtering of secret objects Ensure that all APIs which list secret objects filter them against the access control system. Signed-off-by: Daniel P. Berrange --- src/secret/secret_driver.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index fbe49d704f..71b3fe752b 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -566,8 +566,11 @@ secretConnectNumOfSecrets(virConnectPtr conn) secretDriverLock(driver); i = 0; - for (secret = driver->secrets; secret != NULL; secret = secret->next) - i++; + for (secret = driver->secrets; secret != NULL; secret = secret->next) { + if (virConnectNumOfSecretsCheckACL(conn, + secret->def)) + i++; + } secretDriverUnlock(driver); return i; @@ -590,6 +593,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids) i = 0; for (secret = driver->secrets; secret != NULL; secret = secret->next) { char *uuidstr; + if (!virConnectListSecretsCheckACL(conn, + secret->def)) + continue; if (i == maxuuids) break; if (VIR_ALLOC_N(uuidstr, VIR_UUID_STRING_BUFLEN) < 0) { @@ -666,6 +672,10 @@ secretConnectListAllSecrets(virConnectPtr conn, } for (entry = driver->secrets; entry != NULL; entry = entry->next) { + if (!virConnectListAllSecretsCheckACL(conn, + entry->def)) + continue; + /* filter by whether it's ephemeral */ if (MATCH(VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL) && !((MATCH(VIR_CONNECT_LIST_SECRETS_EPHEMERAL) && -- GitLab