From 20a518f3ac5f8a98689a05e829cbfee51b54fd79 Mon Sep 17 00:00:00 2001
From: alena <alena@cloud.com>
Date: Mon, 22 Aug 2011 10:49:15 -0700
Subject: [PATCH] Fixed security issue in listNetworks

---
 .../com/cloud/network/NetworkManagerImpl.java | 30 +++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 7ad105007ab..7b26338cfc3 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -1831,16 +1831,19 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         if (isSystem != null && isSystem && (accountName != null || domainId != null)) {
             throw new InvalidParameterValueException("System network belongs to system, account and domainId parameters can't be specified");
         }
+        
+        DomainVO domain = null;
+        if (domainId != null) {
+            domain = _domainDao.findById(domainId);
+            if (domain == null) {
+                throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist in the system");
+            }
+
+            _accountMgr.checkAccess(caller, domain);
+        }
 
         if (_accountMgr.isAdmin(caller.getType())) {
             if (domainId != null) {
-                DomainVO domain = _domainDao.findById(domainId);
-                if (domain == null) {
-                    throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist in the system");
-                }
-
-                _accountMgr.checkAccess(caller, domain);
-
                 if (accountName != null) {
                     Account owner = _accountMgr.getActiveAccount(accountName, domainId);
                     if (owner == null) {
@@ -1849,12 +1852,15 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                     accountId = owner.getId();
                 }
             }
-            DomainVO domain = _domainDao.findById(caller.getDomainId());
-            path = domain.getPath();
-
         } else {
             accountId = caller.getId();
         }
+        
+        path = _domainDao.findById(caller.getDomainId()).getPath();
+        
+        if (domainId == null) {
+            domainId = caller.getDomainId();
+        }
 
         if ((isSystem == null || !isSystem) && (isShared == null || isShared)) {
             sharedNetworkDomainId = domainId;
@@ -1896,8 +1902,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 networksToReturn.addAll(listDomainSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, path));
             }
 
-            //if domain id is specified - list only domain level networks
-            if (accountId != null || (domainId == null && accountName == null)) {
+            //if user requested only domain specific networks, don't return account/zone wide networks
+            if (!(isShared != null && isShared && cmd.getDomainId() != null) && (accountId != null || (domainId == null && accountName == null))) {
                 networksToReturn.addAll(listAccountSpecificAndZoneLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, accountId, path));
             }