Skip to content

Commit

Permalink
sys: do not show filtered mounts on internal/ui/mounts (#6412)
Browse files Browse the repository at this point in the history
  • Loading branch information
@calvn @briankassouf
calvn authored and briankassouf committed Mar 14, 2019
1 parent d946ceb commit c695f93
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions vault/logical_system.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2899,6 +2899,14 @@ func (b *SystemBackend) pathInternalUIMountsRead(ctx context.Context, req *logic

b.Core.mountsLock.RLock()
for _, entry := range b.Core.mounts.Entries {
filtered, err := b.Core.checkReplicatedFiltering(ctx, entry, "")
if err != nil {
return nil, err
}
if filtered {
continue
}

if ns.ID == entry.NamespaceID && hasAccess(ctx, entry) {
if isAuthed {
// If this is an authed request return all the mount info
Expand All @@ -2916,6 +2924,14 @@ func (b *SystemBackend) pathInternalUIMountsRead(ctx context.Context, req *logic

b.Core.authLock.RLock()
for _, entry := range b.Core.auth.Entries {
filtered, err := b.Core.checkReplicatedFiltering(ctx, entry, credentialRoutePrefix)
if err != nil {
return nil, err
}
if filtered {
continue
}

if ns.ID == entry.NamespaceID && hasAccess(ctx, entry) {
if isAuthed {
// If this is an authed request return all the mount info
Expand Down Expand Up @@ -2955,6 +2971,14 @@ func (b *SystemBackend) pathInternalUIMountRead(ctx context.Context, req *logica
return errResp, logical.ErrPermissionDenied
}

filtered, err := b.Core.checkReplicatedFiltering(ctx, me, "")
if err != nil {
return nil, err
}
if filtered {
return errResp, logical.ErrPermissionDenied
}

resp := &logical.Response{
Data: mountInfo(me),
}
Expand Down

0 comments on commit c695f93

Please sign in to comment.