From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671672; cv=none; d=zoho.com; s=zohoarc; b=dkuE5X9eQP650qDf1gKaCn/4Xe0X79aW6oGxOJIc9pcYZ4hrH/c43bzG497r5mIUTYheD8Pv5q2aQcxVcSJwkD8qQQE/fHBwx2JbS4NGDEbEQ+XH+Q+u7cNkMqns+m02bPvhVDiD7K8xpmzcP1UkoMs1+ZYijKyhTBD0xLVMQnQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671672; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=cUtJ1zU92yciyInqi/M7Unzdh/nK8ftWnbD7XSuTcck=; b=Lr6dVQp7byYd4EwwRgnY4r/Q1VLyS1czlITy18ei0c6At1zB/aYkWGYjLUEER8SP3ZTLFodNF96ClA4oLxQfZboGPfZu9cTCWfxl1Vtw1Rwvv0zSOtr12oftfQYOi8b4t5xd3Q/k7uErp89LAFJBe1lEMNKmxztB6TSAts0S6Dk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671672444869.8611923643041; Thu, 1 Aug 2019 08:01:12 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 162BAB2DCD; Thu, 1 Aug 2019 15:01:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C488F614DD; Thu, 1 Aug 2019 15:01:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7823D180B536; Thu, 1 Aug 2019 15:01:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0n9o032095 for ; Thu, 1 Aug 2019 11:00:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1F16F19693; Thu, 1 Aug 2019 15:00:49 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 80A77196FE; Thu, 1 Aug 2019 15:00:48 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:03 +0100 Message-Id: <20190801150019.10519-2-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 01/17] tools: fix crash in virt-login-shell if config doesn't exist X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 01 Aug 2019 15:01:11 +0000 (UTC) If the 'allowed_users' config setting in virt-login-shell.conf does not exist, we dereference a NULL pointer resulting in a crash. We should check for this case and thus ensure the user is denied access gracefully. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tools/virt-login-shell.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index ee5c04f9c2..b906fa9ed6 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -54,7 +54,7 @@ static int virLoginShellAllowedUser(virConfPtr conf, goto cleanup; =20 =20 - for (entries =3D users; *entries; entries++) { + for (entries =3D users; entries && *entries; entries++) { char *entry =3D *entries; /* If string begins with a % this indicates a linux group. --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671657; cv=none; d=zoho.com; s=zohoarc; b=P8RzSX/2bhivYYJJ92edpsXb+Q50CHlTmUMwY1BveGadIJWLSqzWE114gaxLDVj1abfY3COZ+MJ2bAyL8B5RL7gv5g4aVPXPkrgEp3w+XTo4DnnZuICRGJjXFvv/d4drQhE8xJv7Fyv5adaXbVsQ55HuWTiL/ity2t3UHVGzYLQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671657; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=LNDMN/eLtQlJGY9dQETW+VzpfnEZ3O81BdTkpSw4WjQ=; b=nJ9HPrQ+okOUOqLP0IA95LWLyKumOdFvPoSEn4RtJUf1Gy0WMAQhAKtXU3gqKUBU21uCHiZbAgshxXIYC85TRCpBCmn0sEX7SsV71kkirgKC+jNjnE65ihIEOHg3zsCYSWXS8L10Vw+6ODnV6K6rIQSPPQzKxj2V5PIUalMb6hs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671657309757.5021674419993; Thu, 1 Aug 2019 08:00:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4374F8FAA0; Thu, 1 Aug 2019 15:00:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 89A976062A; Thu, 1 Aug 2019 15:00:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 78BB8180B536; Thu, 1 Aug 2019 15:00:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0nbn032106 for ; Thu, 1 Aug 2019 11:00:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id ED9D119693; Thu, 1 Aug 2019 15:00:49 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 605C5196FE; Thu, 1 Aug 2019 15:00:49 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:04 +0100 Message-Id: <20190801150019.10519-3-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 02/17] tools: fix double error reporting in virt-login-shell X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 01 Aug 2019 15:00:56 +0000 (UTC) The public API entry points will call virDispatchError which will print to stderr by default. We then jump to a cleanup path which calls virDispatchError again. We tried to stop the entry points printing to stderr, but incorrectly called virSetErrorFunc. It needs a real function that is a no-op, not a NULL function. Once we fix virSetErrorFunc, then we need to use fprintf in the cleanup path instead of virDispatchError. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tools/virt-login-shell.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index b906fa9ed6..8ffc72ab9a 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -143,6 +143,12 @@ show_version(void) } =20 =20 +static void +hideErrorFunc(void *opaque ATTRIBUTE_UNUSED, + virErrorPtr err ATTRIBUTE_UNUSED) +{ +} + int main(int argc, char **argv) { @@ -186,7 +192,7 @@ main(int argc, char **argv) return EXIT_CANCELED; } =20 - virSetErrorFunc(NULL, NULL); + virSetErrorFunc(NULL, hideErrorFunc); virSetErrorLogPriorityFunc(NULL); =20 progname =3D argv[0]; @@ -403,7 +409,7 @@ main(int argc, char **argv) =20 if (saved_err) { virSetError(saved_err); - virDispatchError(NULL); + fprintf(stderr, "%s: %s\n", argv[0], virGetLastErrorMessage()); } return ret; } --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564672059; cv=none; d=zoho.com; s=zohoarc; b=QKB/y8/eBN9EA4ho6ZLKIAtx6blh4yvANwcFiG4/Pp83qQ3CpWPg1f9fiblCdT4MT262XF67J/gXcieNx4tRo6KAlOpNtRF05+GfYaWlBVsBBopZWB5qm7rzar7uxgdqr+8s5fMkWmf44dkGcHjXBUL4NtzKO29IUiKYhwd/LtU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564672059; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=jdEJgEgmqxpwvqXjcV+SqQz4cJ42+IQ2V9Iy7xV86zM=; b=aBlIpCKKcRItyZin6+5Hbh24DYgQSrnQp190ZG6v+7t3MvqtKLEjwd+Pye27b+QSE0JTIqSFjEByzman080+4F3pDkidUgFbvW4W+hZ+8f60F+Y6XnBrWqVWHZ0t0iIBdUTEt0TdXD9Oa0+LvUEBWg9JstSgvVSuNqko/o/f1UY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564672059729810.8123060513818; Thu, 1 Aug 2019 08:07:39 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 084FF30C75D6; Thu, 1 Aug 2019 15:07:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0669E544E6; Thu, 1 Aug 2019 15:01:14 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9A5051802217; Thu, 1 Aug 2019 15:01:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0th6032123 for ; Thu, 1 Aug 2019 11:00:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id A2B4719934; Thu, 1 Aug 2019 15:00:55 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 142AA1992D; Thu, 1 Aug 2019 15:00:50 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:05 +0100 Message-Id: <20190801150019.10519-4-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 03/17] tools: rename source for virt-login-shell X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Thu, 01 Aug 2019 15:07:39 +0000 (UTC) We'll shortly be renaming the binary to virt-login-shell-helper and introducing a new tool as virt-login-shell. Renaming the source file first gives a much more usefull diff for the next commit. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tools/Makefile.am | 2 +- tools/{virt-login-shell.c =3D> virt-login-shell-helper.c} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename tools/{virt-login-shell.c =3D> virt-login-shell-helper.c} (99%) diff --git a/tools/Makefile.am b/tools/Makefile.am index 2807b9f6fd..125540d313 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -198,7 +198,7 @@ virt_host_validate_CFLAGS =3D \ # This we statically link to a library containing only the minimal # libvirt client code, not libvirt.so itself. virt_login_shell_SOURCES =3D \ - virt-login-shell.c + virt-login-shell-helper.c =20 virt_login_shell_LDFLAGS =3D \ $(AM_LDFLAGS) \ diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell-helper.c similarity index 99% rename from tools/virt-login-shell.c rename to tools/virt-login-shell-helper.c index 8ffc72ab9a..f06eb1464a 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell-helper.c @@ -1,5 +1,5 @@ /* - * virt-login-shell.c: a shell to connect to a container + * virt-login-shell-helper.c: a shell to connect to a container * * Copyright (C) 2013-2014 Red Hat, Inc. * --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671683; cv=none; d=zoho.com; s=zohoarc; b=AJE2SBiAOe5Jg+Gsrdxyox6IvjcZxO4uU+7EynV7Ntx1DZDYipUqOwMa3rB3w3iQxR05PaiLQpfzTdZCaGDVF8gcoIrP1wmIaqCVyh3edouMd1uiFkw1x2i1fgHYCNnDTB4ufmQubjb5GhseH/IW5lsLwItoTp4s5kCaaqbhhaY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671683; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=vmCVHtD/aWedxUAREO2lifgCcFk1BBvtFSNJGT01TIk=; b=QiMB+BWWYDzmEK9TBm2GtetapzC+1j50oP91mWW018EV+83//vgRxtNQExHthkReWyWx6bHNvJCFIs6khcJGimy02aB8/P57zwQTBlOvEsI3yhUt9kFLPqIwE068pWfmUr0DLH0Rrw3ux04KX89hckKEaTBBRC9/zHxg/ybDIQw= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671683620429.55284084634945; Thu, 1 Aug 2019 08:01:23 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4CCA730BCD03; Thu, 1 Aug 2019 15:01:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0836C1001925; Thu, 1 Aug 2019 15:01:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ABE9D1972E; Thu, 1 Aug 2019 15:01:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0usM032128 for ; Thu, 1 Aug 2019 11:00:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8579519694; Thu, 1 Aug 2019 15:00:56 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id E8D22196FF; Thu, 1 Aug 2019 15:00:55 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:06 +0100 Message-Id: <20190801150019.10519-5-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 04/17] tools: split virt-login-shell into two binaries X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 01 Aug 2019 15:01:22 +0000 (UTC) The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- .gitignore | 1 + cfg.mk | 10 ++-- libvirt.spec.in | 1 + tools/Makefile.am | 23 ++++----- tools/virt-login-shell-helper.c | 38 ++++++++++++--- tools/virt-login-shell.c | 84 +++++++++++++++++++++++++++++++++ 6 files changed, 134 insertions(+), 23 deletions(-) create mode 100644 tools/virt-login-shell.c diff --git a/.gitignore b/.gitignore index 727bfdb6ec..f3193173d6 100644 --- a/.gitignore +++ b/.gitignore @@ -183,6 +183,7 @@ /tests/test_conf /tools/libvirt-guests.sh /tools/virt-login-shell +/tools/virt-login-shell-helper /tools/virsh /tools/virsh-*-edit.c /tools/virt-admin diff --git a/cfg.mk b/cfg.mk index 694ce2076f..9130b4560b 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1203,7 +1203,7 @@ exclude_file_name_regexp--sc_avoid_write =3D \ =20 exclude_file_name_regexp--sc_bindtextdomain =3D .* =20 -exclude_file_name_regexp--sc_gettext_init =3D ^(tests|examples)/ +exclude_file_name_regexp--sc_gettext_init =3D ^((tests|examples)/|tools/vi= rt-login-shell.c) =20 exclude_file_name_regexp--sc_copyright_format =3D \ ^cfg\.mk$$ @@ -1229,7 +1229,7 @@ exclude_file_name_regexp--sc_prohibit_access_xok =3D \ ^(cfg\.mk|src/util/virutil\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_asprintf =3D \ - ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c$$) + ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c|tools/virt-login-shell\.c$$) =20 exclude_file_name_regexp--sc_prohibit_strdup =3D \ ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c$$) @@ -1256,7 +1256,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_= of_diagnostic =3D \ ^src/rpc/gendispatch\.pl$$ =20 exclude_file_name_regexp--sc_prohibit_nonreentrant =3D \ - ^((po|tests|examples)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/= util/genxdrstub\.pl$$) + ^((po|tests|examples)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/= util/genxdrstub\.pl|tools/virt-login-shell\.c$$) =20 exclude_file_name_regexp--sc_prohibit_select =3D \ ^cfg\.mk$$ @@ -1270,7 +1270,7 @@ exclude_file_name_regexp--sc_prohibit_raw_allocation = =3D \ exclude_file_name_regexp--sc_prohibit_readlink =3D \ ^src/(util/virutil|lxc/lxc_container)\.c$$ =20 -exclude_file_name_regexp--sc_prohibit_setuid =3D ^src/util/virutil\.c$$ +exclude_file_name_regexp--sc_prohibit_setuid =3D ^src/util/virutil\.c|tool= s/virt-login-shell\.c$$ =20 exclude_file_name_regexp--sc_prohibit_sprintf =3D \ ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$ @@ -1317,7 +1317,7 @@ exclude_file_name_regexp--sc_prohibit_unsigned_pid = =3D \ ^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|li= bvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.= c|tools/virsh-domain\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_getenv =3D \ - ^tests/.*\.[ch]$$ + ^tests/.*\.[ch]|tools/virt-login-shell\.c$$ =20 exclude_file_name_regexp--sc_avoid_attribute_unused_in_header =3D \ ^(src/util/virlog\.h|src/network/bridge_driver\.h)$$ diff --git a/libvirt.spec.in b/libvirt.spec.in index 045c0fed1a..6f96fbec33 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1847,6 +1847,7 @@ exit 0 %if %{with_lxc} %files login-shell %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell +%{_libexecdir}/virt-login-shell-helper %config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf %{_mandir}/man1/virt-login-shell.1* %endif diff --git a/tools/Makefile.am b/tools/Makefile.am index 125540d313..3d9461ba65 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -105,6 +105,7 @@ endif WITH_SANLOCK if WITH_LOGIN_SHELL conf_DATA +=3D virt-login-shell.conf bin_PROGRAMS +=3D virt-login-shell +libexec_PROGRAMS =3D virt-login-shell-helper man1_MANS +=3D virt-login-shell.1 endif WITH_LOGIN_SHELL =20 @@ -192,25 +193,25 @@ virt_host_validate_CFLAGS =3D \ $(AM_CFLAGS) \ $(NULL) =20 -# Since virt-login-shell will be setuid, we must do everything -# we can to avoid linking to other libraries. Many of them do -# unsafe things in functions marked __atttribute__((constructor)). -# This we statically link to a library containing only the minimal -# libvirt client code, not libvirt.so itself. +# virt-login-shell will be setuid, and must not link to anything +# except glibc. It wil scrub the environment and then invoke the +# real virt-login-shell-helper binary. virt_login_shell_SOURCES =3D \ + virt-login-shell.c + +virt_login_shell_helper_SOURCES =3D \ virt-login-shell-helper.c =20 -virt_login_shell_LDFLAGS =3D \ +virt_login_shell_helper_LDFLAGS =3D \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ $(NULL) -virt_login_shell_LDADD =3D \ - $(STATIC_BINARIES) \ - ../src/libvirt-setuid-rpc-client.la \ +virt_login_shell_helper_LDADD =3D \ + ../src/libvirt.la \ + ../src/libvirt-lxc.la \ ../gnulib/lib/libgnu.la =20 -virt_login_shell_CFLAGS =3D \ - -DLIBVIRT_SETUID_RPC_CLIENT \ +virt_login_shell_helper_CFLAGS =3D \ $(AM_CFLAGS) \ $(NULL) =20 diff --git a/tools/virt-login-shell-helper.c b/tools/virt-login-shell-helpe= r.c index f06eb1464a..8dc3bedaa0 100644 --- a/tools/virt-login-shell-helper.c +++ b/tools/virt-login-shell-helper.c @@ -157,8 +157,10 @@ main(int argc, char **argv) pid_t cpid =3D -1; int ret =3D EXIT_CANCELED; int status; - uid_t uid =3D getuid(); - gid_t gid =3D getgid(); + unsigned long long uidval; + unsigned long long gidval; + uid_t uid; + gid_t gid; char *name =3D NULL; char **shargv =3D NULL; size_t shargvlen =3D 0; @@ -199,6 +201,16 @@ main(int argc, char **argv) if (virGettextInitialize() < 0) return ret; =20 + if (geteuid() !=3D 0) { + fprintf(stderr, _("%s: must be run as root\n"), argv[0]); + return ret; + } + + if (getuid() !=3D 0) { + fprintf(stderr, _("%s: must not be run setuid root\n"), argv[0]); + return ret; + } + while ((arg =3D getopt_long(argc, argv, "hVc:", opt, &longindex)) !=3D= -1) { switch (arg) { case 'h': @@ -220,17 +232,29 @@ main(int argc, char **argv) } } =20 - if (argc > optind) { - virReportSystemError(EINVAL, _("%s takes no options"), progname); + if (optind !=3D (argc - 2)) { + virReportSystemError(EINVAL, _("%s expects UID and GID parameters"= ), progname); goto cleanup; } =20 - if (uid =3D=3D 0) { - virReportSystemError(EPERM, _("%s must be run by non root users"), - progname); + if (virStrToLong_ull(argv[optind], NULL, 10, &uidval) < 0 || + ((uid_t)uidval) !=3D uidval) { + virReportSystemError(EINVAL, _("%s cannot parse UID '%s'"), + progname, argv[optind]); goto cleanup; } =20 + optind++; + if (virStrToLong_ull(argv[optind], NULL, 10, &gidval) < 0 || + ((gid_t)gidval) !=3D gidval) { + virReportSystemError(EINVAL, _("%s cannot parse GID '%s'"), + progname, argv[optind]); + goto cleanup; + } + + uid =3D (uid_t)uidval; + gid =3D (gid_t)gidval; + name =3D virGetUserName(uid); if (!name) goto cleanup; diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c new file mode 100644 index 0000000000..41d0b349aa --- /dev/null +++ b/tools/virt-login-shell.c @@ -0,0 +1,84 @@ +/* + * virt-login-shell.c: a setuid shell to connect to a container + * + * Copyright (C) 2019 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "configmake.h" +#include "intprops.h" + +int main(int argc, char **argv) { + char uidstr[INT_BUFSIZE_BOUND(uid_t)]; + char gidstr[INT_BUFSIZE_BOUND(gid_t)]; + const char *const newargv[] =3D { + LIBEXECDIR "/virt-login-shell-helper", + uidstr, + gidstr, + NULL, + }; + char *newenv[] =3D { + NULL, + NULL, + }; + char *term =3D getenv("TERM"); + + if (getuid() =3D=3D 0 || getgid() =3D=3D 0) { + fprintf(stderr, "%s: must not be run as root\n", argv[0]); + exit(EXIT_FAILURE); + } + + if (geteuid() !=3D 0) { + fprintf(stderr, "%s: must be run as setuid root\n", argv[0]); + exit(EXIT_FAILURE); + } + + if (argc !=3D 1) { + fprintf(stderr, "%s: no arguments expected\n", argv[0]); + exit(EXIT_FAILURE); + } + + if (term && + asprintf(&(newenv[0]), "TERM=3D%s", term) < 0) { + fprintf(stderr, "%s: cannot set TERM env variable: %s\n", + argv[0], strerror(errno)); + exit(EXIT_FAILURE); + } + + assert(snprintf(uidstr, sizeof(uidstr), "%d", getuid()) < sizeof(uidst= r)); + assert(snprintf(gidstr, sizeof(gidstr), "%d", getgid()) < sizeof(gidst= r)); + + if (setuid(0) < 0) { + fprintf(stderr, "%s: unable to set real UID to root: %s\n", + argv[0], strerror(errno)); + exit(EXIT_FAILURE); + } + + execve(newargv[0], (char *const*)newargv, newenv); + fprintf(stderr, "%s: failed to run %s/virt-login-shell-helper: %s\n", + argv[0], LIBEXECDIR, strerror(errno)); + exit(EXIT_FAILURE); +} --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671671; cv=none; d=zoho.com; s=zohoarc; b=bHxTj9/n6B6WuDHnnZImO0yjfAKQ/dDQCCzOnSjn6BYsjqpqQkWMFw4yNT0J+NTzsqw1aP020QG8999W1hB0hx9HMdG1xHnTb4182MKzlWi4662tGDDWesSAFXw2qNFBxpft8TTT4Y6lvOHmcc/fXRmEafk4I8HcVtJYwe+j9zo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671671; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=XBzNMnc7c1wqwf+bjHolwCMZ2rOajl31lHf0ysRwIAc=; b=XtBwGJeqOm5o+xO+MRYRAOz5ImodITmTbDmZsj5NoG7Yd9yic9Wz8t4tbwcQikMXFLfOCF1s/cU7b7I/SspK1bEd/KmviwxzPf6QuE/6MtHay5tZoT+lqNDeTdVqO6Yuh4I7aoltbk69+SEmXYBCydWrFK3Jgu5ZP4hTU3dkDJg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671671034324.38644695948085; Thu, 1 Aug 2019 08:01:11 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6307530C26BC; Thu, 1 Aug 2019 15:01:07 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0BF83196FF; Thu, 1 Aug 2019 15:01:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A3FAA19730; Thu, 1 Aug 2019 15:01:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0vav032137 for ; Thu, 1 Aug 2019 11:00:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6ED1419696; Thu, 1 Aug 2019 15:00:57 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id CB44619694; Thu, 1 Aug 2019 15:00:56 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:07 +0100 Message-Id: <20190801150019.10519-6-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 05/17] build: drop libvirt setuid library build X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Thu, 01 Aug 2019 15:01:09 +0000 (UTC) The virt-login-shell setuid program is now a tiny piece of code that only uses standard libc functions, and santizes the execution environment before invoking the real virt-login-shell-helper. The latter is thus able to use the normal libvirt.so build, allowing us to delete the special cut down setuid library build. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- config-post.h | 34 +++------------ configure.ac | 3 -- src/Makefile.am | 101 --------------------------------------------- src/libvirt.c | 32 ++++++-------- src/util/virfile.c | 2 +- 5 files changed, 19 insertions(+), 153 deletions(-) diff --git a/config-post.h b/config-post.h index 093f84a7ce..a11f9c83d6 100644 --- a/config-post.h +++ b/config-post.h @@ -17,39 +17,15 @@ */ =20 /* - * Since virt-login-shell will be setuid, we must do everything - * we can to avoid linking to other libraries. Many of them do - * unsafe things in functions marked __attribute__((constructor)). + * The NSS module can be loaded into any binary and thus we want + * to minimize what code is liable to be run. Especiall we need + * to minimize use of any 3rd party libraries which have + * __attribute__((constructor)) functions. + * * The only way to avoid such deps is to re-compile the * functions with the code in question disabled, and for that we * must override the main config.h rules. Hence this file :-( */ - -#ifdef LIBVIRT_SETUID_RPC_CLIENT -# undef HAVE_LIBNL -# undef HAVE_LIBNL3 -# undef HAVE_LIBSASL2 -# undef HAVE_SYS_ACL_H -# undef WITH_CAPNG -# undef WITH_CURL -# undef WITH_DBUS -# undef WITH_DEVMAPPER -# undef WITH_DTRACE_PROBES -# undef WITH_GNUTLS -# undef WITH_LIBSSH -# undef WITH_MACVTAP -# undef WITH_NUMACTL -# undef WITH_SASL -# undef WITH_SSH2 -# undef WITH_SYSTEMD_DAEMON -# undef WITH_VIRTUALPORT -# undef WITH_YAJL -#endif - -/* - * With the NSS module it's the same story as virt-login-shell. See the - * explanation above. - */ #ifdef LIBVIRT_NSS # undef HAVE_LIBNL # undef HAVE_LIBNL3 diff --git a/configure.ac b/configure.ac index d18d427695..3f1124609d 100644 --- a/configure.ac +++ b/configure.ac @@ -512,9 +512,6 @@ dnl AC_CHECK_HEADERS([linux/kvm.h]) =20 =20 -AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell= " !=3D "nono"]) - - dnl dnl check for kernel headers required by src/bridge.c dnl diff --git a/src/Makefile.am b/src/Makefile.am index 4a8cae11dc..8ca714dd34 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -647,107 +647,6 @@ libvirt_lxc_la_LDFLAGS =3D \ libvirt_lxc_la_CFLAGS =3D $(AM_CFLAGS) libvirt_lxc_la_LIBADD =3D libvirt.la $(CYGWIN_EXTRA_LIBADD) =20 -# Since virt-login-shell will be setuid, we must do everything -# we can to avoid linking to other libraries. Many of them do -# unsafe things in functions marked __attribute__((constructor)). -# This library is built to include the bare minimum required to -# have a RPC client for local UNIX socket access only. We use -# the ../config-post.h header to disable all external deps that -# we don't want -if WITH_SETUID_RPC_CLIENT -noinst_LTLIBRARIES +=3D libvirt-setuid-rpc-client.la - -libvirt_setuid_rpc_client_la_SOURCES =3D \ - util/viralloc.c \ - util/virarch.c \ - util/viratomic.c \ - util/viratomic.h \ - util/virautoclean.h \ - util/virbitmap.c \ - util/virbuffer.c \ - util/vircgroup.c \ - util/vircgroupbackend.c \ - util/vircgroupv1.c \ - util/vircgroupv2.c \ - util/vircommand.c \ - util/virconf.c \ - util/virdbus.c \ - util/virenum.c \ - util/virerror.c \ - util/virevent.c \ - util/vireventpoll.c \ - util/virfile.c \ - util/virgettext.c \ - util/virhash.c \ - util/virhashcode.c \ - util/virhostcpu.c \ - util/virjson.c \ - util/virlog.c \ - util/virobject.c \ - util/virpidfile.c \ - util/virprocess.c \ - util/virrandom.c \ - util/virsocketaddr.c \ - util/virstring.c \ - util/virsystemd.c \ - util/virtime.c \ - util/virthread.c \ - util/virthreadjob.c \ - util/virtypedparam.c \ - util/viruri.c \ - util/virutil.c \ - util/viruuid.c \ - conf/domain_event.c \ - conf/network_event.c \ - conf/object_event.c \ - conf/storage_event.c \ - conf/node_device_event.c \ - conf/secret_event.c \ - rpc/virnetsocket.c \ - rpc/virnetsocket.h \ - rpc/virnetmessage.h \ - rpc/virnetmessage.c \ - rpc/virkeepalive.c \ - rpc/virkeepalive.h \ - rpc/virnetclient.c \ - rpc/virnetclientprogram.c \ - rpc/virnetclientstream.c \ - rpc/virnetprotocol.c \ - remote/remote_driver.c \ - remote/remote_protocol.c \ - remote/qemu_protocol.c \ - remote/lxc_protocol.c \ - datatypes.c \ - libvirt.c \ - libvirt-domain.c \ - libvirt-domain-checkpoint.c \ - libvirt-domain-snapshot.c \ - libvirt-host.c \ - libvirt-interface.c \ - libvirt-network.c \ - libvirt-nodedev.c \ - libvirt-nwfilter.c \ - libvirt-secret.c \ - libvirt-storage.c \ - libvirt-stream.c \ - libvirt-lxc.c \ - $(NULL) - -libvirt_setuid_rpc_client_la_LDFLAGS =3D \ - $(AM_LDFLAGS) \ - $(LIBXML_LIBS) \ - $(SECDRIVER_LIBS) \ - $(NULL) -libvirt_setuid_rpc_client_la_CFLAGS =3D \ - -DLIBVIRT_SETUID_RPC_CLIENT \ - -I$(srcdir)/conf \ - -I$(srcdir)/rpc \ - $(AM_CFLAGS) \ - $(SECDRIVER_CFLAGS) \ - $(XDR_CFLAGS) \ - $(NULL) -endif WITH_SETUID_RPC_CLIENT - EXTRA_DIST +=3D $(SYSCONF_FILES) =20 install-sysconfig: diff --git a/src/libvirt.c b/src/libvirt.c index f0a768fc7e..489785cec4 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -280,43 +280,37 @@ virGlobalInit(void) goto error; #endif /* HAVE_LIBINTL_H */ =20 - /* - * Note we must avoid everything except 'remote' driver - * for virt-login-shell usage - */ -#ifndef LIBVIRT_SETUID_RPC_CLIENT /* * Note that the order is important: the first ones have a higher * priority when calling virConnectOpen. */ -# ifdef WITH_TEST +#ifdef WITH_TEST if (testRegister() =3D=3D -1) goto error; -# endif -# ifdef WITH_OPENVZ +#endif +#ifdef WITH_OPENVZ if (openvzRegister() =3D=3D -1) goto error; -# endif -# ifdef WITH_VMWARE +#endif +#ifdef WITH_VMWARE if (vmwareRegister() =3D=3D -1) goto error; -# endif -# ifdef WITH_PHYP +#endif +#ifdef WITH_PHYP if (phypRegister() =3D=3D -1) goto error; -# endif -# ifdef WITH_ESX +#endif +#ifdef WITH_ESX if (esxRegister() =3D=3D -1) goto error; -# endif -# ifdef WITH_HYPERV +#endif +#ifdef WITH_HYPERV if (hypervRegister() =3D=3D -1) goto error; -# endif -# ifdef WITH_XENAPI +#endif +#ifdef WITH_XENAPI if (xenapiRegister() =3D=3D -1) goto error; -# endif #endif #ifdef WITH_REMOTE if (remoteRegister() =3D=3D -1) diff --git a/src/util/virfile.c b/src/util/virfile.c index 082aac12c8..775192ff00 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -632,7 +632,7 @@ int virFileUpdatePerm(const char *path, =20 =20 #if defined(__linux__) && HAVE_DECL_LO_FLAGS_AUTOCLEAR && \ - !defined(LIBVIRT_SETUID_RPC_CLIENT) && !defined(LIBVIRT_NSS) + !defined(LIBVIRT_NSS) =20 # if HAVE_DECL_LOOP_CTL_GET_FREE =20 --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671687; cv=none; d=zoho.com; s=zohoarc; b=dMhCa+TLughDimlHWoVPXKpOJP44T7qqm9yCBNuO4eSV43eJB6aYWfsZoDubeotpdaWAdMC7viAXPMUAi5BSFfbKAzp96IyUBBRDvDgAPMYe7VzhjasnJICWhsHitIiOLRO7CxCRXIplHI6fn7qY2umIy3d5tciHcoBccvgXccc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671687; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=zrxYyf/ldnJRAtdzKcXDdOqLevHALlVA4RJ4UaNG9uo=; b=L3rxrnqpXJzAObCyyrdeK95KioH15lpJy9501CG7CQy8tD1Z4nEg6Pg0K/1h/HH1lYYVyAXA3PIKeL8yIA1G4T3wVGMa2IfI7fRCOCUYQM7DEvc/ZQWH0zpCoRQve0PvkY1+VDE5l+NWfI+Sq7R0YOjiBS7gCNvjUpH6v4oXRkc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671687976790.4918135920916; Thu, 1 Aug 2019 08:01:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A50A52E95AD; Thu, 1 Aug 2019 15:01:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6CF8C10002C2; Thu, 1 Aug 2019 15:01:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 26FA019737; Thu, 1 Aug 2019 15:01:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0wvw032143 for ; Thu, 1 Aug 2019 11:00:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id 52781196FE; Thu, 1 Aug 2019 15:00:58 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id B711119694; Thu, 1 Aug 2019 15:00:57 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:08 +0100 Message-Id: <20190801150019.10519-7-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 06/17] util: get rid of virIsSUID method X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 01 Aug 2019 15:01:27 +0000 (UTC) Now that none of the libvirt.so code will ever run in a setuid context, we can remove the virIsSUID() method. The global initializer function can just inline the check itself. The new inlined check is slightly stronger as it also looks for a setgid situation. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/libvirt.c | 13 +++---------- src/libvirt_private.syms | 1 - src/remote/remote_driver.c | 23 +++-------------------- src/util/virlog.c | 9 --------- src/util/virutil.c | 12 ------------ src/util/virutil.h | 1 - 6 files changed, 6 insertions(+), 53 deletions(-) diff --git a/src/libvirt.c b/src/libvirt.c index 489785cec4..161001bf48 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -250,13 +250,12 @@ virGlobalInit(void) virErrorInitialize() < 0) goto error; =20 -#ifndef LIBVIRT_SETUID_RPC_CLIENT - if (virIsSUID()) { + if (getuid() !=3D geteuid() || + getgid() !=3D getegid()) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("libvirt.so is not safe to use from setuid progra= ms")); + _("libvirt.so is not safe to use from setuid/setgid= programs")); goto error; } -#endif =20 virLogSetFromEnv(); =20 @@ -844,12 +843,6 @@ virConnectOpenInternal(const char *name, if (name && name[0] =3D=3D '\0') name =3D NULL; =20 - if (!name && virIsSUID()) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("An explicit URI must be provided when setuid")); - goto failed; - } - /* Convert xen -> xen:///system for back compat */ if (name && STRCASEEQ(name, "xen")) name =3D "xen:///system"; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c323f679b3..8f344a07ee 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3295,7 +3295,6 @@ virHostGetDRMRenderNode; virHostHasIOMMU; virIndexToDiskName; virIsDevMapperDevice; -virIsSUID; virMemoryLimitIsSet; virMemoryLimitTruncate; virMemoryMaxValue; diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 72c2336b7a..5e6007d468 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -853,21 +853,6 @@ doRemoteOpen(virConnectPtr conn, transport =3D trans_unix; } =20 - /* - * We don't want to be executing external programs in setuid mode, - * so this rules out 'ext' and 'ssh' transports. Exclude libssh - * and tls too, since we're not confident the libraries are safe - * for setuid usage. Just allow UNIX sockets, since that does - * not require any external libraries or command execution - */ - if (virIsSUID() && - transport !=3D trans_unix) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Only Unix socket URI transport is allowed in set= uid mode")); - return VIR_DRV_OPEN_ERROR; - } - - /* Remote server defaults to "localhost" if not specified. */ if (conn->uri && conn->uri->port !=3D 0) { if (virAsprintf(&port, "%d", conn->uri->port) < 0) @@ -1353,8 +1338,7 @@ remoteConnectOpen(virConnectPtr conn, * transport is listed, or transport is unix, * and uid is unprivileged then auto-spawn a daemon. */ - if (!virIsSUID() && - !conn->uri->server && + if (!conn->uri->server && (transport =3D=3D NULL || STREQ(transport, "unix")) && (!autostart || STRNEQ(autostart, "0"))) { @@ -1372,9 +1356,8 @@ remoteConnectOpen(virConnectPtr conn, if (geteuid() > 0) { VIR_DEBUG("Auto-spawn user daemon instance"); rflags |=3D VIR_DRV_OPEN_REMOTE_USER; - if (!virIsSUID() && - (!autostart || - STRNEQ(autostart, "0"))) + if (!autostart || + STRNEQ(autostart, "0")) rflags |=3D VIR_DRV_OPEN_REMOTE_AUTOSTART; } } diff --git a/src/util/virlog.c b/src/util/virlog.c index da433878df..6a2229ae2b 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -1588,7 +1588,6 @@ virLogParseOutput(const char *src) size_t count =3D 0; virLogPriority prio; int dest; - bool isSUID =3D virIsSUID(); =20 VIR_DEBUG("output=3D%s", src); =20 @@ -1626,14 +1625,6 @@ virLogParseOutput(const char *src) goto cleanup; } =20 - /* if running with setuid, only 'stderr' is allowed */ - if (isSUID && dest !=3D VIR_LOG_TO_STDERR) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Running with SUID permits only destination of ty= pe " - "'stderr'")); - goto cleanup; - } - switch ((virLogDestination) dest) { case VIR_LOG_TO_STDERR: ret =3D virLogNewOutputToStderr(prio); diff --git a/src/util/virutil.c b/src/util/virutil.c index 84ccc1a546..4e0dbe15c4 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1750,18 +1750,6 @@ const char *virGetEnvAllowSUID(const char *name) return getenv(name); /* exempt from syntax-check */ } =20 - -/** - * virIsSUID: - * Return a true value if running setuid. Does not - * check for elevated capabilities bits. - */ -bool virIsSUID(void) -{ - return getuid() !=3D geteuid(); -} - - static time_t selfLastChanged; =20 time_t virGetSelfLastChanged(void) diff --git a/src/util/virutil.h b/src/util/virutil.h index 7ea702f27a..52d0c33773 100644 --- a/src/util/virutil.h +++ b/src/util/virutil.h @@ -143,7 +143,6 @@ int virParseOwnershipIds(const char *label, uid_t *uidP= tr, gid_t *gidPtr); =20 const char *virGetEnvBlockSUID(const char *name); const char *virGetEnvAllowSUID(const char *name); -bool virIsSUID(void); =20 =20 time_t virGetSelfLastChanged(void); --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671675; cv=none; d=zoho.com; s=zohoarc; b=iP7ge+Lr4bS0QCo70SLz9Y8mUsrOhPQ2mlL6ipbX22271xbed2HVasGnIYUg4jSwrRo713HUpuyZI6oCkpLGnfGKXbJD0t5gksjdgAWAqWk6/7DGxwDtCCg0vOO+6OUKzfTYfgoq1mNBlssp2s2LaVp2Lm8tj8hquMELi0x/14o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671675; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=STt7M9QzbS8LWu9b2jDWzukbfx74j0siBWuG5Y9XJc8=; b=GSoPNEjgnj24sRFajbZaQJqiN+naJnAOaP9efWrhicat9m5u2oZwrCvU3eFkqVNTJybXkrjhCpW0pZQMHkNLmZc9/UeXWCxo/rQdfHDKYYgUqvvMn9pO9X3D59j6OfwUB0U1E20NwsRLNhGItKlw2kkFYoVlGoMSb795IEIgrkQ= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671675284625.0923415680066; Thu, 1 Aug 2019 08:01:15 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 71EF33CA2C; Thu, 1 Aug 2019 15:01:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3A39F5DD7C; Thu, 1 Aug 2019 15:01:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D206E18005C7; Thu, 1 Aug 2019 15:01:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F0x3Q032158 for ; Thu, 1 Aug 2019 11:00:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id 360FA196FE; Thu, 1 Aug 2019 15:00:59 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 99E9E1992D; Thu, 1 Aug 2019 15:00:58 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:09 +0100 Message-Id: <20190801150019.10519-8-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 07/17] util: simplify virCommand APIs for env passthrough. X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 01 Aug 2019 15:01:14 +0000 (UTC) Now that 100% of libvirt code is forbidden in a SUID environment, we no longer need to worry about whether env variables are trustworthy or not. The virt-login-shell setuid program, which does not link to any libvirt code, will purge all environment variables, except $TERM, before invoking the virt-login-shell-helper program which uses libvirt. Thus we only need one API for env passthrough in virCommand. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/libvirt_private.syms | 3 +-- src/lxc/lxc_process.c | 2 +- src/qemu/qemu_command.c | 8 +++---- src/rpc/virnetsocket.c | 16 +++++++------- src/util/vircommand.c | 46 ++++++++-------------------------------- src/util/vircommand.h | 8 ++----- tests/commandtest.c | 8 +++---- 7 files changed, 29 insertions(+), 62 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 8f344a07ee..983fe93d99 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1709,8 +1709,7 @@ virCommandAddArgSet; virCommandAddEnvBuffer; virCommandAddEnvFormat; virCommandAddEnvPair; -virCommandAddEnvPassAllowSUID; -virCommandAddEnvPassBlockSUID; +virCommandAddEnvPass; virCommandAddEnvPassCommon; virCommandAddEnvString; virCommandAddEnvXDG; diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 714eef20c8..a1d028b2e6 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -936,7 +936,7 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver, cmd =3D virCommandNew(vm->def->emulator); =20 /* The controller may call ip command, so we have to retain PATH. */ - virCommandAddEnvPassBlockSUID(cmd, "PATH", "/bin:/usr/bin"); + virCommandAddEnvPass(cmd, "PATH"); =20 virCommandAddEnvFormat(cmd, "LIBVIRT_DEBUG=3D%d", virLogGetDefaultPriority()); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fee51158a9..f4b7e25cdf 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -8074,8 +8074,8 @@ qemuBuildGraphicsSDLCommandLine(virQEMUDriverConfigPt= r cfg ATTRIBUTE_UNUSED, * use QEMU's host audio drivers, possibly SDL too * User can set these two before starting libvirtd */ - virCommandAddEnvPassBlockSUID(cmd, "QEMU_AUDIO_DRV", NULL); - virCommandAddEnvPassBlockSUID(cmd, "SDL_AUDIODRIVER", NULL); + virCommandAddEnvPass(cmd, "QEMU_AUDIO_DRV"); + virCommandAddEnvPass(cmd, "SDL_AUDIODRIVER"); =20 virCommandAddArg(cmd, "-display"); virBufferAddLit(&opt, "sdl"); @@ -8230,7 +8230,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPt= r cfg, * security issues and might not work when using VNC. */ if (cfg->vncAllowHostAudio) - virCommandAddEnvPassBlockSUID(cmd, "QEMU_AUDIO_DRV", NULL); + virCommandAddEnvPass(cmd, "QEMU_AUDIO_DRV"); else virCommandAddEnvString(cmd, "QEMU_AUDIO_DRV=3Dnone"); =20 @@ -10685,7 +10685,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, virCommandAddArg(cmd, "none"); =20 if (cfg->nogfxAllowHostAudio) - virCommandAddEnvPassBlockSUID(cmd, "QEMU_AUDIO_DRV", NULL); + virCommandAddEnvPass(cmd, "QEMU_AUDIO_DRV"); else virCommandAddEnvString(cmd, "QEMU_AUDIO_DRV=3Dnone"); } diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 3282bc0817..ebd304707a 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -141,9 +141,9 @@ static int virNetSocketForkDaemon(const char *binary) NULL); =20 virCommandAddEnvPassCommon(cmd); - virCommandAddEnvPassBlockSUID(cmd, "XDG_CACHE_HOME", NULL); - virCommandAddEnvPassBlockSUID(cmd, "XDG_CONFIG_HOME", NULL); - virCommandAddEnvPassBlockSUID(cmd, "XDG_RUNTIME_DIR", NULL); + virCommandAddEnvPass(cmd, "XDG_CACHE_HOME"); + virCommandAddEnvPass(cmd, "XDG_CONFIG_HOME"); + virCommandAddEnvPass(cmd, "XDG_RUNTIME_DIR"); virCommandClearCaps(cmd); virCommandDaemonize(cmd); ret =3D virCommandRun(cmd, NULL); @@ -873,11 +873,11 @@ int virNetSocketNewConnectSSH(const char *nodename, =20 cmd =3D virCommandNew(binary ? binary : "ssh"); virCommandAddEnvPassCommon(cmd); - virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL); - virCommandAddEnvPassBlockSUID(cmd, "SSH_AUTH_SOCK", NULL); - virCommandAddEnvPassBlockSUID(cmd, "SSH_ASKPASS", NULL); - virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL); - virCommandAddEnvPassBlockSUID(cmd, "XAUTHORITY", NULL); + virCommandAddEnvPass(cmd, "KRB5CCNAME"); + virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK"); + virCommandAddEnvPass(cmd, "SSH_ASKPASS"); + virCommandAddEnvPass(cmd, "DISPLAY"); + virCommandAddEnvPass(cmd, "XAUTHORITY"); virCommandClearCaps(cmd); =20 if (service) diff --git a/src/util/vircommand.c b/src/util/vircommand.c index 2df71014f8..ea9a9fd622 100644 --- a/src/util/vircommand.c +++ b/src/util/vircommand.c @@ -1410,17 +1410,15 @@ virCommandAddEnvBuffer(virCommandPtr cmd, virBuffer= Ptr buf) =20 =20 /** - * virCommandAddEnvPassAllowSUID: + * virCommandAddEnvPass: * @cmd: the command to modify * @name: the name to look up in current environment * * Pass an environment variable to the child * using current process' value - * - * Allow to be passed even if setuid */ void -virCommandAddEnvPassAllowSUID(virCommandPtr cmd, const char *name) +virCommandAddEnvPass(virCommandPtr cmd, const char *name) { const char *value; if (!cmd || cmd->has_error) @@ -1432,32 +1430,6 @@ virCommandAddEnvPassAllowSUID(virCommandPtr cmd, con= st char *name) } =20 =20 -/** - * virCommandAddEnvPassBlockSUID: - * @cmd: the command to modify - * @name: the name to look up in current environment - * @defvalue: value to return if running setuid, may be NULL - * - * Pass an environment variable to the child - * using current process' value. - * - * Do not pass if running setuid - */ -void -virCommandAddEnvPassBlockSUID(virCommandPtr cmd, const char *name, const c= har *defvalue) -{ - const char *value; - if (!cmd || cmd->has_error) - return; - - value =3D virGetEnvBlockSUID(name); - if (!value) - value =3D defvalue; - if (value) - virCommandAddEnvPair(cmd, name, value); -} - - /** * virCommandAddEnvPassCommon: * @cmd: the command to modify @@ -1478,13 +1450,13 @@ virCommandAddEnvPassCommon(virCommandPtr cmd) =20 virCommandAddEnvPair(cmd, "LC_ALL", "C"); =20 - virCommandAddEnvPassBlockSUID(cmd, "LD_PRELOAD", NULL); - virCommandAddEnvPassBlockSUID(cmd, "LD_LIBRARY_PATH", NULL); - virCommandAddEnvPassBlockSUID(cmd, "PATH", "/bin:/usr/bin"); - virCommandAddEnvPassBlockSUID(cmd, "HOME", NULL); - virCommandAddEnvPassAllowSUID(cmd, "USER"); - virCommandAddEnvPassAllowSUID(cmd, "LOGNAME"); - virCommandAddEnvPassBlockSUID(cmd, "TMPDIR", NULL); + virCommandAddEnvPass(cmd, "LD_PRELOAD"); + virCommandAddEnvPass(cmd, "LD_LIBRARY_PATH"); + virCommandAddEnvPass(cmd, "PATH"); + virCommandAddEnvPass(cmd, "HOME"); + virCommandAddEnvPass(cmd, "USER"); + virCommandAddEnvPass(cmd, "LOGNAME"); + virCommandAddEnvPass(cmd, "TMPDIR"); } =20 =20 diff --git a/src/util/vircommand.h b/src/util/vircommand.h index 74574e3fb1..1a7158d4c1 100644 --- a/src/util/vircommand.h +++ b/src/util/vircommand.h @@ -110,12 +110,8 @@ void virCommandAddEnvString(virCommandPtr cmd, void virCommandAddEnvBuffer(virCommandPtr cmd, virBufferPtr buf); =20 -void virCommandAddEnvPassBlockSUID(virCommandPtr cmd, - const char *name, - const char *defvalue) ATTRIBUTE_NONNULL= (2); - -void virCommandAddEnvPassAllowSUID(virCommandPtr cmd, - const char *name) ATTRIBUTE_NONNULL(2); +void virCommandAddEnvPass(virCommandPtr cmd, + const char *name) ATTRIBUTE_NONNULL(2); =20 void virCommandAddEnvPassCommon(virCommandPtr cmd); =20 diff --git a/tests/commandtest.c b/tests/commandtest.c index d7ab588969..a382bb6dd2 100644 --- a/tests/commandtest.c +++ b/tests/commandtest.c @@ -305,8 +305,8 @@ static int test6(const void *unused ATTRIBUTE_UNUSED) { virCommandPtr cmd =3D virCommandNew(abs_builddir "/commandhelper"); =20 - virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL); - virCommandAddEnvPassBlockSUID(cmd, "DOESNOTEXIST", NULL); + virCommandAddEnvPass(cmd, "DISPLAY"); + virCommandAddEnvPass(cmd, "DOESNOTEXIST"); =20 if (virCommandRun(cmd, NULL) < 0) { printf("Cannot run child %s\n", virGetLastErrorMessage()); @@ -329,8 +329,8 @@ static int test7(const void *unused ATTRIBUTE_UNUSED) virCommandPtr cmd =3D virCommandNew(abs_builddir "/commandhelper"); =20 virCommandAddEnvPassCommon(cmd); - virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL); - virCommandAddEnvPassBlockSUID(cmd, "DOESNOTEXIST", NULL); + virCommandAddEnvPass(cmd, "DISPLAY"); + virCommandAddEnvPass(cmd, "DOESNOTEXIST"); =20 if (virCommandRun(cmd, NULL) < 0) { printf("Cannot run child %s\n", virGetLastErrorMessage()); --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671678; cv=none; d=zoho.com; s=zohoarc; b=bz74C8VUZjbJI4mXCdV5cdRGB9V/npfARUZ3hPBdLolbC3ZCnNn/hFpUJfOW8W8TZtFkWX7xSJfmN+jHZz5MH6uqj4OB3+ebTXeqr6iiMHGl3099kzapc91HCuZc3yFPbZqd3N3iEDzBmbjAeayNi71RXME35b9I1UHobJE6R1o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671678; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=5Br+lcSEtfrgOwR5dAH876+aLXdF39jnbRIMxvBeYjc=; b=DJxLQCPVoxpk2P3S5hQdwIUukz7y5fXxoeAk7Se+m9u3sE1O2VEzYGsEB4wG9AL9O6QYCaBRPbGb9SbN0KOCwEBo3cmaGDHl7S6VAL0us+A87Gsu+b7lZSuxoskv3AatVeEtlzeUps9kCUhytdvIoSGci2RyjphB3QdFsXpdJmc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671678924796.6427169379592; Thu, 1 Aug 2019 08:01:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F39D47DCC4; Thu, 1 Aug 2019 15:01:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C101E10002C2; Thu, 1 Aug 2019 15:01:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6C52119731; Thu, 1 Aug 2019 15:01:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F102x032164 for ; Thu, 1 Aug 2019 11:01:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3DD171992D; Thu, 1 Aug 2019 15:01:00 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7D905196FE; Thu, 1 Aug 2019 15:00:59 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:10 +0100 Message-Id: <20190801150019.10519-9-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 08/17] util: get rid of virGetEnv{Allow, Block}SUID functions X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 01 Aug 2019 15:01:18 +0000 (UTC) Now that 100% of libvirt code is forbidden in a SUID environment, we no longer need to worry about whether env variables are trustworthy or not. The virt-login-shell setuid program, which does not link to any libvirt code, will purge all environment variables, except $TERM, before invoking the virt-login-shell-helper program which uses libvirt. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- cfg.mk | 9 --------- src/libvirt-admin.c | 2 +- src/libvirt.c | 2 +- src/libvirt_private.syms | 2 -- src/network/leaseshelper.c | 14 ++++++------- src/qemu/qemu_firmware.c | 2 +- src/remote/remote_driver.c | 2 +- src/rpc/virnetlibsshsession.c | 2 +- src/rpc/virnettlscontext.c | 2 +- src/util/virauth.c | 2 +- src/util/vircommand.c | 2 +- src/util/virfile.c | 4 ++-- src/util/virlease.c | 4 ++-- src/util/virlog.c | 6 +++--- src/util/virsystemd.c | 8 ++++---- src/util/virutil.c | 36 ++++----------------------------- src/util/virutil.h | 3 --- src/vbox/vbox_XPCOMCGlue.c | 2 +- src/vbox/vbox_common.c | 2 +- tools/virsh.c | 2 +- tools/virt-login-shell-helper.c | 4 ++-- tools/vsh.c | 12 +++++------ 22 files changed, 41 insertions(+), 83 deletions(-) diff --git a/cfg.mk b/cfg.mk index 9130b4560b..ec09550b49 100644 --- a/cfg.mk +++ b/cfg.mk @@ -855,12 +855,6 @@ sc_prohibit_unbounded_arrays_in_rpc: halt=3D'Arrays in XDR must have a upper limit set for ' \ $(_sc_search_regexp) =20 -sc_prohibit_getenv: - @prohibit=3D'\b(secure_)?getenv *\(' \ - exclude=3D'exempt from syntax-check' \ - halt=3D'Use virGetEnv{Allow,Block}SUID instead of getenv' \ - $(_sc_search_regexp) - sc_prohibit_atoi: @prohibit=3D'\bato(i|f|l|ll|q) *\(' \ halt=3D'Use virStrToLong* instead of atoi, atol, atof, atoq, atoll' \ @@ -1316,9 +1310,6 @@ exclude_file_name_regexp--sc_prohibit_int_ijk =3D \ exclude_file_name_regexp--sc_prohibit_unsigned_pid =3D \ ^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|li= bvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.= c|tools/virsh-domain\.c)$$ =20 -exclude_file_name_regexp--sc_prohibit_getenv =3D \ - ^tests/.*\.[ch]|tools/virt-login-shell\.c$$ - exclude_file_name_regexp--sc_avoid_attribute_unused_in_header =3D \ ^(src/util/virlog\.h|src/network/bridge_driver\.h)$$ =20 diff --git a/src/libvirt-admin.c b/src/libvirt-admin.c index 74dedf64d8..4ae50b188f 100644 --- a/src/libvirt-admin.c +++ b/src/libvirt-admin.c @@ -169,7 +169,7 @@ getSocketPath(virURIPtr uri) static int virAdmGetDefaultURI(virConfPtr conf, char **uristr) { - const char *defname =3D virGetEnvAllowSUID("LIBVIRT_ADMIN_DEFAULT_URI"= ); + const char *defname =3D getenv("LIBVIRT_ADMIN_DEFAULT_URI"); if (defname && *defname) { if (VIR_STRDUP(*uristr, defname) < 0) return -1; diff --git a/src/libvirt.c b/src/libvirt.c index 161001bf48..768ad348c7 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -774,7 +774,7 @@ virConnectGetDefaultURI(virConfPtr conf, char **name) { int ret =3D -1; - const char *defname =3D virGetEnvBlockSUID("LIBVIRT_DEFAULT_URI"); + const char *defname =3D getenv("LIBVIRT_DEFAULT_URI"); if (defname && *defname) { VIR_DEBUG("Using LIBVIRT_DEFAULT_URI '%s'", defname); if (VIR_STRDUP(*name, defname) < 0) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 983fe93d99..12c506a87a 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3270,8 +3270,6 @@ virFormatIntDecimal; virFormatIntPretty; virGetDeviceID; virGetDeviceUnprivSGIO; -virGetEnvAllowSUID; -virGetEnvBlockSUID; virGetGroupID; virGetGroupList; virGetGroupName; diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c index 2a10fbf33a..481f29aa59 100644 --- a/src/network/leaseshelper.c +++ b/src/network/leaseshelper.c @@ -86,10 +86,10 @@ main(int argc, char **argv) const char *ip =3D NULL; const char *mac =3D NULL; const char *leases_str =3D NULL; - const char *iaid =3D virGetEnvAllowSUID("DNSMASQ_IAID"); - const char *clientid =3D virGetEnvAllowSUID("DNSMASQ_CLIENT_ID"); - const char *interface =3D virGetEnvAllowSUID("DNSMASQ_INTERFACE"); - const char *hostname =3D virGetEnvAllowSUID("DNSMASQ_SUPPLIED_HOSTNAME= "); + const char *iaid =3D getenv("DNSMASQ_IAID"); + const char *clientid =3D getenv("DNSMASQ_CLIENT_ID"); + const char *interface =3D getenv("DNSMASQ_INTERFACE"); + const char *hostname =3D getenv("DNSMASQ_SUPPLIED_HOSTNAME"); char *server_duid =3D NULL; int action =3D -1; int pid_file_fd =3D -1; @@ -131,7 +131,7 @@ main(int argc, char **argv) * events for expired leases. So, libvirtd sets another env var for th= is * purpose */ if (!interface && - !(interface =3D virGetEnvAllowSUID("VIR_BRIDGE_NAME"))) + !(interface =3D getenv("VIR_BRIDGE_NAME"))) goto cleanup; =20 ip =3D argv[3]; @@ -148,11 +148,11 @@ main(int argc, char **argv) =20 /* Check if it is an IPv6 lease */ if (iaid) { - mac =3D virGetEnvAllowSUID("DNSMASQ_MAC"); + mac =3D getenv("DNSMASQ_MAC"); clientid =3D argv[2]; } =20 - if (VIR_STRDUP(server_duid, virGetEnvAllowSUID("DNSMASQ_SERVER_DUID"))= < 0) + if (VIR_STRDUP(server_duid, getenv("DNSMASQ_SERVER_DUID")) < 0) goto cleanup; =20 if (virAsprintf(&custom_lease_file, diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c index bf29b10b9a..983a7c83b2 100644 --- a/src/qemu/qemu_firmware.c +++ b/src/qemu/qemu_firmware.c @@ -986,7 +986,7 @@ qemuFirmwareFetchConfigs(char ***firmwares, * much sense to parse files in root's home directory. It * makes sense only for session daemon which runs under * regular user. */ - if (VIR_STRDUP(xdgConfig, virGetEnvBlockSUID("XDG_CONFIG_HOME")) <= 0) + if (VIR_STRDUP(xdgConfig, getenv("XDG_CONFIG_HOME")) < 0) return -1; =20 if (!xdgConfig) { diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 5e6007d468..76ea49ed8e 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1297,7 +1297,7 @@ remoteConnectOpen(virConnectPtr conn, struct private_data *priv; int ret =3D VIR_DRV_OPEN_ERROR; int rflags =3D 0; - const char *autostart =3D virGetEnvBlockSUID("LIBVIRT_AUTOSTART"); + const char *autostart =3D getenv("LIBVIRT_AUTOSTART"); char *driver =3D NULL; char *transport =3D NULL; =20 diff --git a/src/rpc/virnetlibsshsession.c b/src/rpc/virnetlibsshsession.c index 093ac29071..62cbe1e06a 100644 --- a/src/rpc/virnetlibsshsession.c +++ b/src/rpc/virnetlibsshsession.c @@ -172,7 +172,7 @@ virNetLibsshSessionOnceInit(void) ssh_set_log_level(TRACE_LIBSSH); #endif =20 - dbgLevelStr =3D virGetEnvAllowSUID("LIBVIRT_LIBSSH_DEBUG"); + dbgLevelStr =3D getenv("LIBVIRT_LIBSSH_DEBUG"); if (dbgLevelStr && virStrToLong_i(dbgLevelStr, NULL, 10, &dbgLevel) >=3D 0) ssh_set_log_level(dbgLevel); diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 4adc409c0b..416c8308ed 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -1439,7 +1439,7 @@ void virNetTLSSessionDispose(void *obj) void virNetTLSInit(void) { const char *gnutlsdebug; - if ((gnutlsdebug =3D virGetEnvAllowSUID("LIBVIRT_GNUTLS_DEBUG")) !=3D = NULL) { + if ((gnutlsdebug =3D getenv("LIBVIRT_GNUTLS_DEBUG")) !=3D NULL) { int val; if (virStrToLong_i(gnutlsdebug, NULL, 10, &val) < 0) val =3D 10; diff --git a/src/util/virauth.c b/src/util/virauth.c index e5994cbb7c..9de3996e92 100644 --- a/src/util/virauth.c +++ b/src/util/virauth.c @@ -42,7 +42,7 @@ virAuthGetConfigFilePathURI(virURIPtr uri, char **path) { size_t i; - const char *authenv =3D virGetEnvBlockSUID("LIBVIRT_AUTH_FILE"); + const char *authenv =3D getenv("LIBVIRT_AUTH_FILE"); VIR_AUTOFREE(char *) userdir =3D NULL; =20 *path =3D NULL; diff --git a/src/util/vircommand.c b/src/util/vircommand.c index ea9a9fd622..79e1e87964 100644 --- a/src/util/vircommand.c +++ b/src/util/vircommand.c @@ -1424,7 +1424,7 @@ virCommandAddEnvPass(virCommandPtr cmd, const char *n= ame) if (!cmd || cmd->has_error) return; =20 - value =3D virGetEnvAllowSUID(name); + value =3D getenv(name); if (value) virCommandAddEnvPair(cmd, name, value); } diff --git a/src/util/virfile.c b/src/util/virfile.c index 775192ff00..7667c16d27 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -1674,7 +1674,7 @@ virFindFileInPath(const char *file) } =20 /* copy PATH env so we can tweak it */ - origpath =3D virGetEnvBlockSUID("PATH"); + origpath =3D getenv("PATH"); if (!origpath) origpath =3D "/bin:/usr/bin"; =20 @@ -1735,7 +1735,7 @@ virFileFindResourceFull(const char *filename, const char *envname) { char *ret =3D NULL; - const char *envval =3D envname ? virGetEnvBlockSUID(envname) : NULL; + const char *envval =3D envname ? getenv(envname) : NULL; const char *path; =20 if (!prefix) diff --git a/src/util/virlease.c b/src/util/virlease.c index 93ca72e3af..87e9a3ce88 100644 --- a/src/util/virlease.c +++ b/src/util/virlease.c @@ -213,13 +213,13 @@ virLeaseNew(virJSONValuePtr *lease_ret, const char *server_duid) { VIR_AUTOPTR(virJSONValue) lease_new =3D NULL; - const char *exptime_tmp =3D virGetEnvAllowSUID("DNSMASQ_LEASE_EXPIRES"= ); + const char *exptime_tmp =3D getenv("DNSMASQ_LEASE_EXPIRES"); long long expirytime =3D 0; VIR_AUTOFREE(char *) exptime =3D NULL; =20 /* In case hostname is still unknown, use the last known one */ if (!hostname) - hostname =3D virGetEnvAllowSUID("DNSMASQ_OLD_HOSTNAME"); + hostname =3D getenv("DNSMASQ_OLD_HOSTNAME"); =20 if (!mac) return 0; diff --git a/src/util/virlog.c b/src/util/virlog.c index 6a2229ae2b..4c76fbc5a4 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -1308,13 +1308,13 @@ virLogSetFromEnv(void) if (virLogInitialize() < 0) return; =20 - debugEnv =3D virGetEnvAllowSUID("LIBVIRT_DEBUG"); + debugEnv =3D getenv("LIBVIRT_DEBUG"); if (debugEnv && *debugEnv) virLogSetDefaultPriority(virLogParseDefaultPriority(debugEnv)); - debugEnv =3D virGetEnvAllowSUID("LIBVIRT_LOG_FILTERS"); + debugEnv =3D getenv("LIBVIRT_LOG_FILTERS"); if (debugEnv && *debugEnv) virLogSetFilters(debugEnv); - debugEnv =3D virGetEnvAllowSUID("LIBVIRT_LOG_OUTPUTS"); + debugEnv =3D getenv("LIBVIRT_LOG_OUTPUTS"); if (debugEnv && *debugEnv) virLogSetOutputs(debugEnv); } diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c index 1cb8874403..26b751311f 100644 --- a/src/util/virsystemd.c +++ b/src/util/virsystemd.c @@ -509,7 +509,7 @@ virSystemdNotifyStartup(void) .msg_iovlen =3D 1, }; =20 - if (!(path =3D virGetEnvBlockSUID("NOTIFY_SOCKET"))) { + if (!(path =3D getenv("NOTIFY_SOCKET"))) { VIR_DEBUG("Skipping systemd notify, not requested"); return; } @@ -798,7 +798,7 @@ virSystemdGetListenFDs(void) =20 VIR_DEBUG("Setting up networking from caller"); =20 - if (!(pidstr =3D virGetEnvAllowSUID("LISTEN_PID"))) { + if (!(pidstr =3D getenv("LISTEN_PID"))) { VIR_DEBUG("No LISTEN_PID from caller"); return 0; } @@ -814,7 +814,7 @@ virSystemdGetListenFDs(void) return 0; } =20 - if (!(fdstr =3D virGetEnvAllowSUID("LISTEN_FDS"))) { + if (!(fdstr =3D getenv("LISTEN_FDS"))) { VIR_DEBUG("No LISTEN_FDS from caller"); return 0; } @@ -866,7 +866,7 @@ virSystemdActivationNew(virSystemdActivationMap *map, if (!(act->fds =3D virHashCreate(10, virSystemdActivationEntryFree))) goto error; =20 - fdnames =3D virGetEnvAllowSUID("LISTEN_FDNAMES"); + fdnames =3D getenv("LISTEN_FDNAMES"); if (fdnames) { if (virSystemdActivationInitFromNames(act, nfds, fdnames) < 0) goto error; diff --git a/src/util/virutil.c b/src/util/virutil.c index 4e0dbe15c4..89d2cf011f 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -739,7 +739,7 @@ char *virGetUserShell(uid_t uid) =20 static char *virGetXDGDirectory(const char *xdgenvname, const char *xdgdef= dir) { - const char *path =3D virGetEnvBlockSUID(xdgenvname); + const char *path =3D getenv(xdgenvname); char *ret =3D NULL; char *home =3D NULL; =20 @@ -767,7 +767,7 @@ char *virGetUserCacheDirectory(void) =20 char *virGetUserRuntimeDirectory(void) { - const char *path =3D virGetEnvBlockSUID("XDG_RUNTIME_DIR"); + const char *path =3D getenv("XDG_RUNTIME_DIR"); =20 if (!path || !path[0]) { return virGetUserCacheDirectory(); @@ -1137,7 +1137,7 @@ virGetUserDirectoryByUID(uid_t uid ATTRIBUTE_UNUSED) const char *dir; char *ret; =20 - dir =3D virGetEnvBlockSUID("HOME"); + dir =3D getenv("HOME"); =20 /* Only believe HOME if it is an absolute path and exists */ if (dir) { @@ -1157,7 +1157,7 @@ virGetUserDirectoryByUID(uid_t uid ATTRIBUTE_UNUSED) =20 if (!dir) /* USERPROFILE is probably the closest equivalent to $HOME? */ - dir =3D virGetEnvBlockSUID("USERPROFILE"); + dir =3D getenv("USERPROFILE"); =20 if (VIR_STRDUP(ret, dir) < 0) return NULL; @@ -1722,34 +1722,6 @@ virParseOwnershipIds(const char *label, uid_t *uidPt= r, gid_t *gidPtr) return rc; } =20 - -/** - * virGetEnvBlockSUID: - * @name: the environment variable name - * - * Obtain an environment variable which is unsafe to - * use when running setuid. If running setuid, a NULL - * value will be returned - */ -const char *virGetEnvBlockSUID(const char *name) -{ - return secure_getenv(name); /* exempt from syntax-check */ -} - - -/** - * virGetEnvAllowSUID: - * @name: the environment variable name - * - * Obtain an environment variable which is safe to - * use when running setuid. The value will be returned - * even when running setuid - */ -const char *virGetEnvAllowSUID(const char *name) -{ - return getenv(name); /* exempt from syntax-check */ -} - static time_t selfLastChanged; =20 time_t virGetSelfLastChanged(void) diff --git a/src/util/virutil.h b/src/util/virutil.h index 52d0c33773..b64a85f49e 100644 --- a/src/util/virutil.h +++ b/src/util/virutil.h @@ -141,9 +141,6 @@ char *virGetUnprivSGIOSysfsPath(const char *path, =20 int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr); =20 -const char *virGetEnvBlockSUID(const char *name); -const char *virGetEnvAllowSUID(const char *name); - =20 time_t virGetSelfLastChanged(void); void virUpdateSelfLastChanged(const char *path); diff --git a/src/vbox/vbox_XPCOMCGlue.c b/src/vbox/vbox_XPCOMCGlue.c index 2a054f02d6..72ae49b6b2 100644 --- a/src/vbox/vbox_XPCOMCGlue.c +++ b/src/vbox/vbox_XPCOMCGlue.c @@ -190,7 +190,7 @@ VBoxCGlueInit(unsigned int *version) "/usr/local/lib/VirtualBox", "/Applications/VirtualBox.app/Contents/MacOS" }; - const char *home =3D virGetEnvBlockSUID("VBOX_APP_HOME"); + const char *home =3D getenv("VBOX_APP_HOME"); =20 /* If the user specifies the location, try only that. */ if (home !=3D NULL) { diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c index 8a912da50c..6a4ef01e64 100644 --- a/src/vbox/vbox_common.c +++ b/src/vbox/vbox_common.c @@ -3558,7 +3558,7 @@ vboxDumpDisplay(virDomainDefPtr def, vboxDriverPtr da= ta, IMachine *machine) =20 graphics->type =3D VIR_DOMAIN_GRAPHICS_TYPE_DESKTOP; if (VIR_STRDUP(graphics->data.desktop.display, - virGetEnvBlockSUID("DISPLAY")) < 0) + getenv("DISPLAY")) < 0) goto cleanup; } =20 diff --git a/tools/virsh.c b/tools/virsh.c index f09ce1ec98..692a1ff16d 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -913,7 +913,7 @@ main(int argc, char **argv) =20 if (!ctl->connname) ctl->connname =3D vshStrdup(ctl, - virGetEnvBlockSUID("VIRSH_DEFAULT_CONNEC= T_URI")); + getenv("VIRSH_DEFAULT_CONNECT_URI")); =20 if (!ctl->imode) { ret =3D vshCommandRun(ctl, ctl->cmd); diff --git a/tools/virt-login-shell-helper.c b/tools/virt-login-shell-helpe= r.c index 8dc3bedaa0..d062c07a27 100644 --- a/tools/virt-login-shell-helper.c +++ b/tools/virt-login-shell-helper.c @@ -372,8 +372,8 @@ main(int argc, char **argv) =20 /* We're duping the string because the clearenv() * call will shortly release the pointer we get - * back from virGetEnvAllowSUID() right here */ - if (VIR_STRDUP(term, virGetEnvAllowSUID("TERM")) < 0) + * back from getenv() right here */ + if (VIR_STRDUP(term, getenv("TERM")) < 0) goto cleanup; =20 /* A fork is required to create new process in correct pid namespace. = */ diff --git a/tools/vsh.c b/tools/vsh.c index 5de082cb34..9bdd90e362 100644 --- a/tools/vsh.c +++ b/tools/vsh.c @@ -2429,7 +2429,7 @@ vshEditWriteToTempFile(vshControl *ctl, const char *d= oc) int fd; char ebuf[1024]; =20 - tmpdir =3D virGetEnvBlockSUID("TMPDIR"); + tmpdir =3D getenv("TMPDIR"); if (!tmpdir) tmpdir =3D "/tmp"; if (virAsprintf(&ret, "%s/virshXXXXXX.xml", tmpdir) < 0) { vshError(ctl, "%s", _("out of memory")); @@ -2476,9 +2476,9 @@ vshEditFile(vshControl *ctl, const char *filename) int outfd =3D STDOUT_FILENO; int errfd =3D STDERR_FILENO; =20 - editor =3D virGetEnvBlockSUID("VISUAL"); + editor =3D getenv("VISUAL"); if (!editor) - editor =3D virGetEnvBlockSUID("EDITOR"); + editor =3D getenv("EDITOR"); if (!editor) editor =3D DEFAULT_EDITOR; =20 @@ -2956,7 +2956,7 @@ vshReadlineInit(vshControl *ctl) goto cleanup; =20 /* Limit the total size of the history buffer */ - if ((histsize_str =3D virGetEnvBlockSUID(histsize_env))) { + if ((histsize_str =3D getenv(histsize_env))) { if (virStrToLong_i(histsize_str, NULL, 10, &max_history) < 0) { vshError(ctl, _("Bad $%s value."), histsize_env); goto cleanup; @@ -3072,7 +3072,7 @@ vshInitDebug(vshControl *ctl) return -1; =20 /* log level not set from commandline, check env variable */ - debugEnv =3D virGetEnvAllowSUID(env); + debugEnv =3D getenv(env); if (debugEnv) { int debug; if (virStrToLong_i(debugEnv, NULL, 10, &debug) < 0 || @@ -3091,7 +3091,7 @@ vshInitDebug(vshControl *ctl) return -1; =20 /* log file not set from cmdline */ - debugEnv =3D virGetEnvBlockSUID(env); + debugEnv =3D getenv(env); if (debugEnv && *debugEnv) { ctl->logfile =3D vshStrdup(ctl, debugEnv); vshOpenLogFile(ctl); --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671683; cv=none; d=zoho.com; s=zohoarc; b=DgF/83Wge37HhFYEsn4ENHCA8nMBnQyAUNrabWvMmEjOcVH1A36vs/jEqg3FVc8k9/2qG8cKuSSsqxG3S4o4Tf9HkxMpo80N4WuV1b94N7tDkXuxrB76pXnaPxggQuIlV4PxOyQ4TXB9d/6LLiTVPzqTyxIXv2Q3GnNRxQDOaus= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671683; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Do7+vNGLdf9paXfFhpyf8rIOnBzxnjOVlUOQ7qBPh20=; b=fGKDawIgpLmvRxZpz/pP8hETDAnq20/FTrzTfHdA2jKoDa/Bz90/k3Y2vd45w5BRgQ1z+osyWtpLP/Punw7ZedQ/EAT3u2HpbN7y6oyYZUXdsQ1TdgjDj7yxybkeYvTTsDxt7OCwulXAKuPk6RAo+JzpYbsYggEclYZsq50eNyY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671683971209.52253465370325; Thu, 1 Aug 2019 08:01:23 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2235D369CC; Thu, 1 Aug 2019 15:01:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E186610002BA; Thu, 1 Aug 2019 15:01:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 80DDA180BAA1; Thu, 1 Aug 2019 15:01:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1Hq1032209 for ; Thu, 1 Aug 2019 11:01:17 -0400 Received: by smtp.corp.redhat.com (Postfix) id CE65B19696; Thu, 1 Aug 2019 15:01:17 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3C556196FF; Thu, 1 Aug 2019 15:01:00 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:11 +0100 Message-Id: <20190801150019.10519-10-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 09/17] nss: remove use for virDir helper APIs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 01 Aug 2019 15:01:22 +0000 (UTC) Use the plain libc APIs to avoid a dependancy on the main libvirt code from the nss module. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- cfg.mk | 2 +- tools/nss/libvirt_nss.c | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cfg.mk b/cfg.mk index ec09550b49..f2b326ec94 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1338,7 +1338,7 @@ exclude_file_name_regexp--sc_prohibit_always-defined_= macros =3D \ ^tests/virtestmock.c$$ =20 exclude_file_name_regexp--sc_prohibit_readdir =3D \ - ^tests/(.*mock|virfilewrapper)\.c$$ + ^(tests/(.*mock|virfilewrapper)\.c|tools/nss/libvirt_nss\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_cross_inclusion =3D \ ^(src/util/virclosecallbacks\.h|src/util/virhostdev\.h)$$ diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 519046a4e0..f50dec48ba 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -281,7 +281,8 @@ findLease(const char *name, goto cleanup; } =20 - if (virDirOpenQuiet(&dir, leaseDir) < 0) { + dir =3D opendir(leaseDir); + if (!dir) { ERROR("Failed to open dir '%s'", leaseDir); goto cleanup; } @@ -292,7 +293,7 @@ findLease(const char *name, } =20 DEBUG("Dir: %s", leaseDir); - while ((ret =3D virDirRead(dir, &entry, leaseDir)) > 0) { + while ((entry =3D readdir(dir)) !=3D NULL) { char *path; =20 if (virStringHasSuffix(entry->d_name, ".status")) { @@ -324,8 +325,11 @@ findLease(const char *name, nMacmaps++; VIR_FREE(path); } + + errno =3D 0; } - VIR_DIR_CLOSE(dir); + closedir(dir); + dir =3D NULL; =20 nleases =3D virJSONValueArraySize(leases_array); DEBUG("Read %zd leases", nleases); @@ -363,7 +367,8 @@ findLease(const char *name, =20 cleanup: *errnop =3D errno; - VIR_DIR_CLOSE(dir); + if (dir) + closedir(dir); while (nMacmaps) virObjectUnref(macmaps[--nMacmaps]); return ret; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671688; cv=none; d=zoho.com; s=zohoarc; b=OWNpr3BfYdd1sXg6dMtLn1lGCho97wYYOD+tAhdqgMehpaV+h8NqzXyHueIJiPzMp19HNwNUDuGvCL/uYhMH6Pj6Zfp86wa1tAJcYKPFQx+ZslJW87mbY/CXaKFxfYToVpgV+Q+fJU1NUWfgBTmkP9h1vVRpvPCH82q7oZZUeBw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671688; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=njqYxykufmVpOziVDkMRRBp7jqH6o+pxvHocOe1+zdE=; b=ZEzzRUdOJR91I1VNqgIJTDlHEt7f0xTwlwkFzUKufK1a3SK5Vu4KMfQq+oPzA0BU7ob6mQ5R+9I1y9kLuEwTCeT+pA3bVO3GNG7fY/f/b7tgFh3LkBLi1xQg3sCimlJjL5SmBExOtApnBfkZClVv/uafwMkUb66hf64PV4E9nfs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671688478738.1565402351965; Thu, 1 Aug 2019 08:01:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9E3B63065451; Thu, 1 Aug 2019 15:01:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B7E8614DB; Thu, 1 Aug 2019 15:01:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2598419734; Thu, 1 Aug 2019 15:01:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1I9V032214 for ; Thu, 1 Aug 2019 11:01:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id B16ED1969D; Thu, 1 Aug 2019 15:01:18 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2290E19696; Thu, 1 Aug 2019 15:01:17 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:12 +0100 Message-Id: <20190801150019.10519-11-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 10/17] nss: remove use for virString helper APIs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 01 Aug 2019 15:01:27 +0000 (UTC) Use the plain libc APIs to avoid a dependancy on the main libvirt code from the nss module. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tools/nss/libvirt_nss.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index f50dec48ba..d057827ebc 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -41,7 +41,6 @@ #include "virfile.h" #include "virtime.h" #include "virerror.h" -#include "virstring.h" #include "virsocketaddr.h" #include "configmake.h" #include "virmacmap.h" @@ -193,13 +192,20 @@ findLeaseInJSON(leaseAddress **tmpAddress, } =20 if (macs) { + const char **macstmp =3D macs; const char *macAddr; + bool match =3D false; =20 macAddr =3D virJSONValueObjectGetString(lease, "mac-address"); if (!macAddr) continue; =20 - if (!virStringListHasString(macs, macAddr)) + while (*macstmp && !match) { + if (STREQ(*macstmp, macAddr)) + match =3D true; + macstmp++; + } + if (!match) continue; } else { const char *lease_name; @@ -295,8 +301,9 @@ findLease(const char *name, DEBUG("Dir: %s", leaseDir); while ((entry =3D readdir(dir)) !=3D NULL) { char *path; + size_t dlen =3D strlen(entry->d_name); =20 - if (virStringHasSuffix(entry->d_name, ".status")) { + if (dlen >=3D 7 && STREQ(entry->d_name + dlen - 7, ".status")) { if (!(path =3D virFileBuildPath(leaseDir, entry->d_name, NULL)= )) goto cleanup; =20 @@ -307,7 +314,7 @@ findLease(const char *name, goto cleanup; } VIR_FREE(path); - } else if (virStringHasSuffix(entry->d_name, ".macs")) { + } else if (dlen >=3D 5 && STREQ(entry->d_name + dlen - 5, ".macs")= ) { if (!(path =3D virFileBuildPath(leaseDir, entry->d_name, NULL)= )) goto cleanup; =20 --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671693; cv=none; d=zoho.com; s=zohoarc; b=JMi63kWfRv5QxNFcN5rCF52FI4E4Ao8PKCLa2dGsqvn1fCUfxF/xytmg7cTzjrnOZu8sYcOWBUnhFiGj9nC7jw3/M8t7lEnE8dsYHgEP2ut+s25nhdU2rmjQOOdU7rWTtGpLhYx7yGCGUJNMVBCdN+MqZsIepL01j+um+DRfi0I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671693; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=NF5yquwlMm5JmrpIabh4BF1FMyyeaLvsmSDdnjLDEfc=; b=QSSa3ecFo9g/iHw42Jl2K2LQLQUFS0DdEedhSPnL7xpHbRXzhug4ujVzfmWzqMU6k+8VBw5fmfpSsBMD3b2zhy4Al+Zxr4bGud6P4/S0gsG4OPIWF3LE9AKBkYPLuDC1QSj3Y2Ui2EZfLkeHuVEi2VgdSn6jXbZEFTqZ3ZBIkvs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671693100478.43956885999285; Thu, 1 Aug 2019 08:01:33 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1559330BC5F1; Thu, 1 Aug 2019 15:01:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CFC0F6031A; Thu, 1 Aug 2019 15:01:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 786A4149E2; Thu, 1 Aug 2019 15:01:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1JAb032220 for ; Thu, 1 Aug 2019 11:01:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 97CA319696; Thu, 1 Aug 2019 15:01:19 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0655A19698; Thu, 1 Aug 2019 15:01:18 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:13 +0100 Message-Id: <20190801150019.10519-12-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 11/17] nss: remove use for virFile helper APIs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 01 Aug 2019 15:01:32 +0000 (UTC) Use the plain libc APIs to avoid a dependancy on the main libvirt code from the nss module. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- cfg.mk | 2 +- tools/nss/libvirt_nss.c | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/cfg.mk b/cfg.mk index f2b326ec94..f4cd215abc 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1223,7 +1223,7 @@ exclude_file_name_regexp--sc_prohibit_access_xok =3D \ ^(cfg\.mk|src/util/virutil\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_asprintf =3D \ - ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c|tools/virt-login-shell\.c$$) + ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$) =20 exclude_file_name_regexp--sc_prohibit_strdup =3D \ ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c$$) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index d057827ebc..ed2ad956e9 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -38,7 +38,6 @@ =20 #include "virlease.h" #include "viralloc.h" -#include "virfile.h" #include "virtime.h" #include "virerror.h" #include "virsocketaddr.h" @@ -304,7 +303,7 @@ findLease(const char *name, size_t dlen =3D strlen(entry->d_name); =20 if (dlen >=3D 7 && STREQ(entry->d_name + dlen - 7, ".status")) { - if (!(path =3D virFileBuildPath(leaseDir, entry->d_name, NULL)= )) + if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) goto cleanup; =20 DEBUG("Processing %s", path); @@ -315,7 +314,7 @@ findLease(const char *name, } VIR_FREE(path); } else if (dlen >=3D 5 && STREQ(entry->d_name + dlen - 5, ".macs")= ) { - if (!(path =3D virFileBuildPath(leaseDir, entry->d_name, NULL)= )) + if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) goto cleanup; =20 if (VIR_REALLOC_N_QUIET(macmaps, nMacmaps + 1) < 0) { --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671696; cv=none; d=zoho.com; s=zohoarc; b=i7ow/uF8GTjzG+qF0Xy1ZVsrgo/T5VUvePqWDvyJxf7MH8y2wUO+c6ceN+08tPqwhLOG+KqF4mm7lQ8UQ+wW/i4+bcFH8cKDLtw9R6sjflrHFI7Q65jCxSgp8d3zo4oP541n1Z1Cryrw3nDZYz7LmiLdSdWKfs5z4dxF7/qGqNo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671696; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=adS025Vj4/Lit4sF0HOIyWZJGEbTUwF0xQkIZ6pR79M=; b=YDWHbrLmWJw85zkJeWEo5IEH4sSxAibTzgyStRJFnUZXnQyHWyqMJGcpkHVs0gYyBQsJcbmuA4yJy4fRNBk2blIeFTNQ5Nnnl06jdkZW2t1SnNL+P2MM2HgT5C0ufQsiyZaXXcAma9L9LcNdRaIN8h+UmizFCfvF1FYZs2VtqKs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 156467169690950.40424606537988; Thu, 1 Aug 2019 08:01:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 649D169EE1; Thu, 1 Aug 2019 15:01:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2B18D614DB; Thu, 1 Aug 2019 15:01:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CFE2F149E5; Thu, 1 Aug 2019 15:01:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1KIn032235 for ; Thu, 1 Aug 2019 11:01:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7D61C196FE; Thu, 1 Aug 2019 15:01:20 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id DED81196FF; Thu, 1 Aug 2019 15:01:19 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:14 +0100 Message-Id: <20190801150019.10519-13-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 12/17] nss: refactor code for processing mac addresses X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 01 Aug 2019 15:01:36 +0000 (UTC) Build a list of mac addresses immediately, so that later code searching for leases can be simplified and avoid needing to use the virMacMap object. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- cfg.mk | 4 +-- tools/nss/libvirt_nss.c | 73 ++++++++++++++++++++++++----------------- 2 files changed, 45 insertions(+), 32 deletions(-) diff --git a/cfg.mk b/cfg.mk index f4cd215abc..8c352d7b9a 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1226,7 +1226,7 @@ exclude_file_name_regexp--sc_prohibit_asprintf =3D \ ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$) =20 exclude_file_name_regexp--sc_prohibit_strdup =3D \ - ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c$$) + ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss\.c$$) =20 exclude_file_name_regexp--sc_prohibit_close =3D \ (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\= .c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c))$$) @@ -1259,7 +1259,7 @@ exclude_file_name_regexp--sc_prohibit_canonicalize_fi= le_name =3D \ ^(cfg\.mk|tests/virfilemock\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_raw_allocation =3D \ - ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(secu= rityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src= /packet-libvirt\.c)$$ + ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(secu= rityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src= /packet-libvirt\.c|tools/nss/libvirt_nss\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_readlink =3D \ ^src/(util/virutil|lxc/lxc_container)\.c$$ diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index ed2ad956e9..a849b8e5f7 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -274,8 +274,10 @@ findLease(const char *name, ssize_t nleases; VIR_AUTOFREE(leaseAddress *) tmpAddress =3D NULL; size_t ntmpAddress =3D 0; - VIR_AUTOFREE(virMacMapPtr *) macmaps =3D NULL; - size_t nMacmaps =3D 0; + virMacMapPtr map =3D NULL; + char **macs =3D NULL; + size_t nmacs =3D 0; + size_t i; =20 *address =3D NULL; *naddress =3D 0; @@ -313,23 +315,43 @@ findLease(const char *name, goto cleanup; } VIR_FREE(path); +#if defined(LIBVIRT_NSS_GUEST) } else if (dlen >=3D 5 && STREQ(entry->d_name + dlen - 5, ".macs")= ) { + const char * const *newmacs; if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) goto cleanup; =20 - if (VIR_REALLOC_N_QUIET(macmaps, nMacmaps + 1) < 0) { - VIR_FREE(path); - goto cleanup; - } - DEBUG("Processing %s", path); - if (!(macmaps[nMacmaps] =3D virMacMapNew(path))) { + if (!(map =3D virMacMapNew(path))) { ERROR("Unable to parse %s", path); VIR_FREE(path); goto cleanup; } - nMacmaps++; VIR_FREE(path); + + DEBUG("Looking up macs in %p for %s", map, name); + newmacs =3D virMacMapLookup(map, name); + for (i =3D 0; newmacs && newmacs[i] !=3D NULL; i++) + ; + + DEBUG("Got %zu macs", i); + if (i > 0) { + if (VIR_REALLOC_N_QUIET(macs, nmacs + i + 1) < 0) + goto cleanup; + + for (i =3D 0; newmacs[i] !=3D NULL; i++) { + char *macdup; + if (!(macdup =3D strdup(newmacs[i]))) + goto cleanup; + DEBUG("Capture mac %s", macdup); + macs[nmacs++] =3D macdup; + } + macs[nmacs] =3D NULL; + } + + virObjectUnref(map); + map =3D NULL; +#endif /* LIBVIRT_NSS_GUEST */ } =20 errno =3D 0; @@ -340,29 +362,18 @@ findLease(const char *name, nleases =3D virJSONValueArraySize(leases_array); DEBUG("Read %zd leases", nleases); =20 -#if !defined(LIBVIRT_NSS_GUEST) +#if defined(LIBVIRT_NSS_GUEST) + DEBUG("Finding with %zu macs", nmacs); + if (!nmacs) + goto cleanup; +#endif + if (findLeaseInJSON(&tmpAddress, &ntmpAddress, leases_array, nleases, - name, NULL, af, found) < 0) + name, (const char**)macs, af, found) < 0) goto cleanup; =20 -#else /* defined(LIBVIRT_NSS_GUEST) */ - - size_t i; - for (i =3D 0; i < nMacmaps; i++) { - const char **macs =3D (const char **) virMacMapLookup(macmaps[i], = name); - - if (!macs) - continue; - - if (findLeaseInJSON(&tmpAddress, &ntmpAddress, - leases_array, nleases, - name, macs, af, found) < 0) - goto cleanup; - } - -#endif /* defined(LIBVIRT_NSS_GUEST) */ - + DEBUG("Found %zu addresses", ntmpAddress); sortAddr(tmpAddress, ntmpAddress); =20 VIR_STEAL_PTR(*address, tmpAddress); @@ -372,11 +383,13 @@ findLease(const char *name, ret =3D 0; =20 cleanup: + virObjectUnref(map); *errnop =3D errno; + for (i =3D 0; i < nmacs; i++) + free(macs[i]); + free(macs); if (dir) closedir(dir); - while (nMacmaps) - virObjectUnref(macmaps[--nMacmaps]); return ret; } =20 --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671692; cv=none; d=zoho.com; s=zohoarc; b=aWIXNMMUt4UT3SpeomhU9FKb8hEJjPy7K5wkl9SVrjMVJ/tSQWV/cz968WoLSmy1e/8A3Z000sjoOoD4LyCpymUyxRTWydi9SnRiUlR/hpgCIE2TcLn7iKzrfYEMQeL6CbtDjfxVKIerp3bZ04s4i2jljFEVpIxElsjNddo9n18= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671692; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=iHTfqY4jCd+IlAY9p+oVHqVWjV/+32jSp4nTInwVrKo=; b=XAMppdmCVV0P9gMnGJ48sPOcre0YsuGtV830uizzBzoFcWdePez943krFkIEVJ9jmGUNjZ8dTbZySswj6zFk7XH0jifk2tH/iyTwWad0Uexkqs2VHAohSny7UVm+d9LPlwk5OezCuA03LY6psqdp2pZp28Y3cPiZAd1szI8gHLc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671692749839.2799188140204; Thu, 1 Aug 2019 08:01:32 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C3038A3ECA; Thu, 1 Aug 2019 15:01:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8A6415DD9A; Thu, 1 Aug 2019 15:01:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 42DD9180BAA8; Thu, 1 Aug 2019 15:01:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1LiC032240 for ; Thu, 1 Aug 2019 11:01:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id 60EFD196FF; Thu, 1 Aug 2019 15:01:21 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id C1F8419697; Thu, 1 Aug 2019 15:01:20 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:15 +0100 Message-Id: <20190801150019.10519-14-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 13/17] nss: custom parser for loading .macs file X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 01 Aug 2019 15:01:31 +0000 (UTC) The .macs file is currently loaded using the virMacMap class, which in turn uses the virJSON parsing code. This pulls in a heap of libvirt code (logging, hash tables, objects, etc) which we do not wish to depend on. This uses the yajl parser code directly, so the only dep is yajl and plain libc functions. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- cfg.mk | 6 +- tools/Makefile.am | 6 +- tools/nss/libvirt_nss.c | 70 ++------- tools/nss/libvirt_nss.h | 23 +++ tools/nss/libvirt_nss_macs.c | 289 +++++++++++++++++++++++++++++++++++ tools/nss/libvirt_nss_macs.h | 27 ++++ 6 files changed, 360 insertions(+), 61 deletions(-) create mode 100644 tools/nss/libvirt_nss_macs.c create mode 100644 tools/nss/libvirt_nss_macs.h diff --git a/cfg.mk b/cfg.mk index 8c352d7b9a..33bf29c5b0 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1226,10 +1226,10 @@ exclude_file_name_regexp--sc_prohibit_asprintf =3D \ ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$) =20 exclude_file_name_regexp--sc_prohibit_strdup =3D \ - ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss\.c$$) + ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss_macs\.c$$) =20 exclude_file_name_regexp--sc_prohibit_close =3D \ - (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\= .c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c))$$) + (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\= .c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libv= irt_nss_macs\.c)$$) =20 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF =3D \ (^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|= \.diff|tests/virconfdata/no-newline\.conf$$) @@ -1259,7 +1259,7 @@ exclude_file_name_regexp--sc_prohibit_canonicalize_fi= le_name =3D \ ^(cfg\.mk|tests/virfilemock\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_raw_allocation =3D \ - ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(secu= rityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src= /packet-libvirt\.c|tools/nss/libvirt_nss\.c)$$ + ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(secu= rityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src= /packet-libvirt\.c|tools/nss/libvirt_nss(_macs)?\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_readlink =3D \ ^src/(util/virutil|lxc/lxc_container)\.c$$ diff --git a/tools/Makefile.am b/tools/Makefile.am index 3d9461ba65..eee4226231 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -507,11 +507,15 @@ nss_libnss_libvirt_la_LIBADD =3D \ =20 noinst_LTLIBRARIES +=3D nss/libnss_libvirt_guest_impl.la nss_libnss_libvirt_guest_impl_la_SOURCES =3D \ - $(LIBVIRT_NSS_SOURCES) + $(LIBVIRT_NSS_SOURCES) \ + nss/libvirt_nss_macs.h \ + nss/libvirt_nss_macs.c \ + $(NULL) =20 nss_libnss_libvirt_guest_impl_la_CFLAGS =3D \ -DLIBVIRT_NSS \ -DLIBVIRT_NSS_GUEST \ + $(YAJL_CFLAGS) \ $(AM_CFLAGS) \ $(NULL) =20 diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index a849b8e5f7..b3756b984a 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -39,32 +39,12 @@ #include "virlease.h" #include "viralloc.h" #include "virtime.h" -#include "virerror.h" #include "virsocketaddr.h" #include "configmake.h" -#include "virmacmap.h" -#include "virobject.h" - -#if 0 -# define ERROR(...) \ -do { \ - char ebuf[1024]; \ - fprintf(stderr, "ERROR %s:%d : ", __FUNCTION__, __LINE__); \ - fprintf(stderr, __VA_ARGS__); \ - fprintf(stderr, " : %s\n", virStrerror(errno, ebuf, sizeof(ebuf))); \ - fprintf(stderr, "\n"); \ -} while (0) - -# define DEBUG(...) \ -do { \ - fprintf(stderr, "DEBUG %s:%d : ", __FUNCTION__, __LINE__); \ - fprintf(stderr, __VA_ARGS__); \ - fprintf(stderr, "\n"); \ -} while (0) -#else -# define ERROR(...) do { } while (0) -# define DEBUG(...) do { } while (0) -#endif + +#if defined(LIBVIRT_NSS_GUEST) +# include "libvirt_nss_macs.h" +#endif /* !LIBVIRT_NSS_GUEST */ =20 #define LEASEDIR LOCALSTATEDIR "/lib/libvirt/dnsmasq/" =20 @@ -169,10 +149,12 @@ findLeaseInJSON(leaseAddress **tmpAddress, size_t nleases, const char *name, const char **macs, + size_t nmacs, int af, bool *found) { size_t i; + size_t j; long long expirytime; time_t currtime; =20 @@ -191,7 +173,6 @@ findLeaseInJSON(leaseAddress **tmpAddress, } =20 if (macs) { - const char **macstmp =3D macs; const char *macAddr; bool match =3D false; =20 @@ -199,10 +180,9 @@ findLeaseInJSON(leaseAddress **tmpAddress, if (!macAddr) continue; =20 - while (*macstmp && !match) { - if (STREQ(*macstmp, macAddr)) + for (j =3D 0; j < nmacs && !match; j++) { + if (STREQ(macs[j], macAddr)) match =3D true; - macstmp++; } if (!match) continue; @@ -274,7 +254,6 @@ findLease(const char *name, ssize_t nleases; VIR_AUTOFREE(leaseAddress *) tmpAddress =3D NULL; size_t ntmpAddress =3D 0; - virMacMapPtr map =3D NULL; char **macs =3D NULL; size_t nmacs =3D 0; size_t i; @@ -317,40 +296,15 @@ findLease(const char *name, VIR_FREE(path); #if defined(LIBVIRT_NSS_GUEST) } else if (dlen >=3D 5 && STREQ(entry->d_name + dlen - 5, ".macs")= ) { - const char * const *newmacs; if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) goto cleanup; =20 DEBUG("Processing %s", path); - if (!(map =3D virMacMapNew(path))) { - ERROR("Unable to parse %s", path); + if (findMACs(path, name, &macs, &nmacs) < 0) { VIR_FREE(path); goto cleanup; } VIR_FREE(path); - - DEBUG("Looking up macs in %p for %s", map, name); - newmacs =3D virMacMapLookup(map, name); - for (i =3D 0; newmacs && newmacs[i] !=3D NULL; i++) - ; - - DEBUG("Got %zu macs", i); - if (i > 0) { - if (VIR_REALLOC_N_QUIET(macs, nmacs + i + 1) < 0) - goto cleanup; - - for (i =3D 0; newmacs[i] !=3D NULL; i++) { - char *macdup; - if (!(macdup =3D strdup(newmacs[i]))) - goto cleanup; - DEBUG("Capture mac %s", macdup); - macs[nmacs++] =3D macdup; - } - macs[nmacs] =3D NULL; - } - - virObjectUnref(map); - map =3D NULL; #endif /* LIBVIRT_NSS_GUEST */ } =20 @@ -366,11 +320,14 @@ findLease(const char *name, DEBUG("Finding with %zu macs", nmacs); if (!nmacs) goto cleanup; + for (i =3D 0; i < nmacs; i++) + DEBUG(" %s", macs[i]); #endif =20 if (findLeaseInJSON(&tmpAddress, &ntmpAddress, leases_array, nleases, - name, (const char**)macs, af, found) < 0) + name, (const char**)macs, nmacs, + af, found) < 0) goto cleanup; =20 DEBUG("Found %zu addresses", ntmpAddress); @@ -383,7 +340,6 @@ findLease(const char *name, ret =3D 0; =20 cleanup: - virObjectUnref(map); *errnop =3D errno; for (i =3D 0; i < nmacs; i++) free(macs[i]); diff --git a/tools/nss/libvirt_nss.h b/tools/nss/libvirt_nss.h index 75a2e4fd93..6e4be125d2 100644 --- a/tools/nss/libvirt_nss.h +++ b/tools/nss/libvirt_nss.h @@ -28,6 +28,29 @@ #include #include =20 + +#if 0 +# include "virerror.h" +# define ERROR(...) \ +do { \ + char ebuf[1024]; \ + fprintf(stderr, "ERROR %s:%d : ", __FUNCTION__, __LINE__); \ + fprintf(stderr, __VA_ARGS__); \ + fprintf(stderr, " : %s\n", virStrerror(errno, ebuf, sizeof(ebuf))); \ + fprintf(stderr, "\n"); \ +} while (0) + +# define DEBUG(...) \ +do { \ + fprintf(stderr, "DEBUG %s:%d : ", __FUNCTION__, __LINE__); \ + fprintf(stderr, __VA_ARGS__); \ + fprintf(stderr, "\n"); \ +} while (0) +#else +# define ERROR(...) do { } while (0) +# define DEBUG(...) do { } while (0) +#endif + #if !defined(LIBVIRT_NSS_GUEST) # define NSS_NAME(s) _nss_libvirt_##s##_r #else diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c new file mode 100644 index 0000000000..0d0b6b1eaa --- /dev/null +++ b/tools/nss/libvirt_nss_macs.c @@ -0,0 +1,289 @@ +/* + * libvirt_nss_macs.c: Name Service Switch plugin MAC file parser + * + * Copyright (C) 2019 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include +#include +#include +#include + +#include +#include + +#include "internal.h" + +#include "libvirt_nss.h" +#include "libvirt_nss_macs.h" + +enum { + FIND_MACS_STATE_START, + FIND_MACS_STATE_LIST, + FIND_MACS_STATE_ENTRY, + FIND_MACS_STATE_ENTRY_MACS, +}; + +typedef struct { + const char *name; + char ***macs; + size_t *nmacs; + int state; + + char *key; + struct { + char *name; + char **macs; + size_t nmacs; + } entry; +} findMACsParser; + + +static int +findMACsParserString(void *ctx, + const unsigned char *stringVal, + size_t stringLen) +{ + findMACsParser *parser =3D ctx; + + DEBUG("Parse string state=3D%d '%.*s' (map key '%s')", + parser->state, (int)stringLen, (const char *)stringVal, + NULLSTR(parser->key)); + if (!parser->key) + return 0; + + if (parser->state =3D=3D FIND_MACS_STATE_ENTRY) { + if (STRNEQ(parser->key, "domain")) + return 0; + + if (!(parser->entry.name =3D strndup((char *)stringVal, stringLen)= )) + return 0; + } else if (parser->state =3D=3D FIND_MACS_STATE_ENTRY_MACS) { + char **macs; + if (STRNEQ(parser->key, "macs")) + return 0; + + if (!(macs =3D realloc(parser->entry.macs, + sizeof(char *) * (parser->entry.nmacs + 1)))) + return 0; + + parser->entry.macs =3D macs; + if (!(macs[parser->entry.nmacs++] =3D strndup((char *)stringVal, s= tringLen))) + return 0; + } else { + return 0; + } + return 1; +} + + +static int +findMACsParserMapKey(void *ctx, + const unsigned char *stringVal, + size_t stringLen) +{ + findMACsParser *parser =3D ctx; + + DEBUG("Parse map key state=3D%d '%.*s'", + parser->state, (int)stringLen, (const char *)stringVal); + + free(parser->key); + if (!(parser->key =3D strndup((char *)stringVal, stringLen))) + return 0; + + return 1; +} + + +static int +findMACsParserStartMap(void *ctx) +{ + findMACsParser *parser =3D ctx; + + DEBUG("Parse start map state=3D%d", parser->state); + + if (parser->state !=3D FIND_MACS_STATE_LIST) + return 0; + + free(parser->key); + parser->key =3D NULL; + parser->state =3D FIND_MACS_STATE_ENTRY; + + return 1; +} + + +static int +findMACsParserEndMap(void *ctx) +{ + findMACsParser *parser =3D ctx; + size_t i; + + DEBUG("Parse end map state=3D%d", parser->state); + + if (parser->entry.name =3D=3D NULL) + return 0; + + if (parser->state !=3D FIND_MACS_STATE_ENTRY) + return 0; + + if (STREQ(parser->entry.name, parser->name)) { + char **macs =3D realloc(*parser->macs, + sizeof(char *) * ((*parser->nmacs) + parser-= >entry.nmacs)); + if (!macs) + return 0; + + *parser->macs =3D macs; + for (i =3D 0; i < parser->entry.nmacs; i++) + (*parser->macs)[(*parser->nmacs)++] =3D parser->entry.macs[i]; + } else { + for (i =3D 0; i < parser->entry.nmacs; i++) + free(parser->entry.macs[i]); + } + free(parser->entry.macs); + parser->entry.macs =3D NULL; + parser->entry.nmacs =3D 0; + + parser->state =3D FIND_MACS_STATE_LIST; + + return 1; +} + + +static int +findMACsParserStartArray(void *ctx) +{ + findMACsParser *parser =3D ctx; + + DEBUG("Parse start array state=3D%d", parser->state); + + if (parser->state =3D=3D FIND_MACS_STATE_START) + parser->state =3D FIND_MACS_STATE_LIST; + else if (parser->state =3D=3D FIND_MACS_STATE_ENTRY) + parser->state =3D FIND_MACS_STATE_ENTRY_MACS; + else + return 0; + + return 1; +} + + +static int +findMACsParserEndArray(void *ctx) +{ + findMACsParser *parser =3D ctx; + + DEBUG("Parse end array state=3D%d", parser->state); + + if (parser->state =3D=3D FIND_MACS_STATE_LIST) + parser->state =3D FIND_MACS_STATE_START; + else if (parser->state =3D=3D FIND_MACS_STATE_ENTRY_MACS) + parser->state =3D FIND_MACS_STATE_ENTRY; + else + return 0; + + return 1; +} + + +int +findMACs(const char *file, + const char *name, + char ***macs, + size_t *nmacs) +{ + int fd =3D -1; + int ret =3D -1; + const yajl_callbacks parserCallbacks =3D { + NULL, /* null */ + NULL, /* bool */ + NULL, /* integer */ + NULL, /* double */ + NULL, /* number */ + findMACsParserString, + findMACsParserStartMap, + findMACsParserMapKey, + findMACsParserEndMap, + findMACsParserStartArray, + findMACsParserEndArray, + }; + findMACsParser parserState =3D { + .name =3D name, + .macs =3D macs, + .nmacs =3D nmacs, + }; + yajl_handle parser; + char line[1024]; + size_t i; + int rv; + + if ((fd =3D open(file, O_RDONLY)) < 0) { + ERROR("Cannot open %s", file); + goto cleanup; + } + + parser =3D yajl_alloc(&parserCallbacks, NULL, &parserState); + if (!parser) { + ERROR("Unable to create JSON parser"); + goto cleanup; + } + + while (1) { + rv =3D read(fd, line, sizeof(line)); + if (rv < 0) + goto cleanup; + if (rv =3D=3D 0) + break; + + if (yajl_parse(parser, (const unsigned char *)line, rv) !=3D + yajl_status_ok) { + ERROR("Parse failed %s", + yajl_get_error(parser, 1, + (const unsigned char*)line, rv)); + goto cleanup; + } + } + + if (yajl_complete_parse(parser) !=3D yajl_status_ok) { + ERROR("Parse failed %s", + yajl_get_error(parser, 1, NULL, 0)); + goto cleanup; + } + + ret =3D 0; + + cleanup: + if (ret !=3D 0) { + for (i =3D 0; i < *nmacs; i++) { + char *mac =3D (*macs)[i]; + free(mac); + } + free(*macs); + *macs =3D NULL; + *nmacs =3D 0; + } + for (i =3D 0; i < parserState.entry.nmacs; i++) + free(parserState.entry.macs[i]); + free(parserState.entry.macs); + free(parserState.entry.name); + free(parserState.key); + if (fd !=3D -1) + close(fd); + return ret; +} diff --git a/tools/nss/libvirt_nss_macs.h b/tools/nss/libvirt_nss_macs.h new file mode 100644 index 0000000000..c504a8cf1f --- /dev/null +++ b/tools/nss/libvirt_nss_macs.h @@ -0,0 +1,27 @@ +/* + * libvirt_nss_macs.h: Name Service Switch plugin MAC file parser + * + * Copyright (C) 2019 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#pragma once + +int +findMACs(const char *file, + const char *name, + char ***macs, + size_t *nmacs); --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671685; cv=none; d=zoho.com; s=zohoarc; b=SDiVH/k8U7zICj53LjOAWFLV4+yb6USDYracM6sPKBcj5qm/gkniZVQjlB1hCLBDhVGjnQr/igspy/RrnVMVn3YkZ3vpC4Ya8eQ9l+oWTL7Kw2ePPYkXV9XRPX1MaMCCkrj065D8vse0W+2LDCEKm3v1k3bvk382gdfF/0HRpOE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671685; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Uoe/BpQ7j9U46qBB4VTyj74L4jjEgOUyUiVex/xCweI=; b=bBfooiv7W9cIZP4VM0fx61F00blAkg30PIVZX2HqVP2Z7J8UrhuFxCuqL4GW4c4ylwGhz9HyWV54xX0kwlj7+ofG0gWd3KdLaHeD6kUFk+j3orymDfsflh1RGGL4NiEmJbie/WRUMZIZaQe4SSSFUtupGoKNtOHaNMCXt84dFTc= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671685133389.32103860220775; Thu, 1 Aug 2019 08:01:25 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DB20DEE59F; Thu, 1 Aug 2019 15:01:23 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9879960FA9; Thu, 1 Aug 2019 15:01:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 31E0F180BAA3; Thu, 1 Aug 2019 15:01:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1MSE032245 for ; Thu, 1 Aug 2019 11:01:22 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4363119698; Thu, 1 Aug 2019 15:01:22 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id A68CC196FF; Thu, 1 Aug 2019 15:01:21 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:16 +0100 Message-Id: <20190801150019.10519-15-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 14/17] nss: custom parser for loading .leases file X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 01 Aug 2019 15:01:24 +0000 (UTC) The .leases file is currently loaded using the virLease class, which in turn uses the virJSON parsing code. This pulls in a heap of libvirt code (logging, hash tables, etc) which we do not wish to depend on. This uses the yajl parser code directly, so the only dep is yajl and plain libc functions. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- cfg.mk | 6 +- tools/Makefile.am | 6 +- tools/nss/libvirt_nss.c | 207 +++-------------- tools/nss/libvirt_nss_leases.c | 399 +++++++++++++++++++++++++++++++++ tools/nss/libvirt_nss_leases.h | 40 ++++ tools/nss/libvirt_nss_macs.c | 4 +- tools/nss/libvirt_nss_macs.h | 2 + 7 files changed, 481 insertions(+), 183 deletions(-) create mode 100644 tools/nss/libvirt_nss_leases.c create mode 100644 tools/nss/libvirt_nss_leases.h diff --git a/cfg.mk b/cfg.mk index 33bf29c5b0..cc1f79a051 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1226,10 +1226,10 @@ exclude_file_name_regexp--sc_prohibit_asprintf =3D \ ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vi= rcgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$) =20 exclude_file_name_regexp--sc_prohibit_strdup =3D \ - ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss_macs\.c$$) + ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup= )mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss_(leases|macs)\.c$$) =20 exclude_file_name_regexp--sc_prohibit_close =3D \ - (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\= .c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libv= irt_nss_macs\.c)$$) + (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\= .c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libv= irt_nss_(leases|macs)\.c)$$) =20 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF =3D \ (^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|= \.diff|tests/virconfdata/no-newline\.conf$$) @@ -1259,7 +1259,7 @@ exclude_file_name_regexp--sc_prohibit_canonicalize_fi= le_name =3D \ ^(cfg\.mk|tests/virfilemock\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_raw_allocation =3D \ - ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(secu= rityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src= /packet-libvirt\.c|tools/nss/libvirt_nss(_macs)?\.c)$$ + ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(secu= rityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src= /packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c)$$ =20 exclude_file_name_regexp--sc_prohibit_readlink =3D \ ^src/(util/virutil|lxc/lxc_container)\.c$$ diff --git a/tools/Makefile.am b/tools/Makefile.am index eee4226231..61812a2cb1 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -476,7 +476,10 @@ endif ! WITH_BSD_NSS =20 LIBVIRT_NSS_SOURCES =3D \ nss/libvirt_nss.c \ - nss/libvirt_nss.h + nss/libvirt_nss.h \ + nss/libvirt_nss_leases.c \ + nss/libvirt_nss_leases.h \ + $(NULL) =20 if WITH_NSS noinst_LTLIBRARIES +=3D nss/libnss_libvirt_impl.la @@ -485,6 +488,7 @@ nss_libnss_libvirt_impl_la_SOURCES =3D \ =20 nss_libnss_libvirt_impl_la_CFLAGS =3D \ -DLIBVIRT_NSS \ + $(YAJL_CFLAGS) \ $(AM_CFLAGS) \ $(NULL) =20 diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index b3756b984a..47d2ba9435 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -36,12 +36,13 @@ # include #endif =20 -#include "virlease.h" #include "viralloc.h" #include "virtime.h" #include "virsocketaddr.h" #include "configmake.h" =20 +#include "libvirt_nss_leases.h" + #if defined(LIBVIRT_NSS_GUEST) # include "libvirt_nss_macs.h" #endif /* !LIBVIRT_NSS_GUEST */ @@ -51,13 +52,6 @@ #define LIBVIRT_ALIGN(x) (((x) + __SIZEOF_POINTER__ - 1) & ~(__SIZEOF_POIN= TER__ - 1)) #define FAMILY_ADDRESS_SIZE(family) ((family) =3D=3D AF_INET6 ? 16 : 4) =20 -typedef struct { - unsigned char addr[16]; - int af; - long long expirytime; -} leaseAddress; - - static int leaseAddressSorter(const void *a, const void *b) @@ -77,147 +71,6 @@ sortAddr(leaseAddress *tmpAddress, } =20 =20 -static int -appendAddr(const char *name ATTRIBUTE_UNUSED, - leaseAddress **tmpAddress, - size_t *ntmpAddress, - virJSONValuePtr lease, - int af) -{ - const char *ipAddr; - virSocketAddr sa; - int family; - long long expirytime; - size_t i; - - if (!(ipAddr =3D virJSONValueObjectGetString(lease, "ip-address"))) { - ERROR("ip-address field missing for %s", name); - return -1; - } - - DEBUG("IP address: %s", ipAddr); - - if (virSocketAddrParse(&sa, ipAddr, AF_UNSPEC) < 0) { - ERROR("Unable to parse %s", ipAddr); - return -1; - } - - family =3D VIR_SOCKET_ADDR_FAMILY(&sa); - if (af !=3D AF_UNSPEC && af !=3D family) { - DEBUG("Skipping address which family is %d, %d requested", family,= af); - return 0; - } - - if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expirytime)= < 0) { - /* A lease cannot be present without expiry-time */ - ERROR("expiry-time field missing for %s", name); - return -1; - } - - for (i =3D 0; i < *ntmpAddress; i++) { - if (memcmp((*tmpAddress)[i].addr, - (family =3D=3D AF_INET ? - (void *) &sa.data.inet4.sin_addr.s_addr : - (void *) &sa.data.inet6.sin6_addr.s6_addr), - FAMILY_ADDRESS_SIZE(family)) =3D=3D 0) { - DEBUG("IP address already in the list"); - return 0; - } - } - - if (VIR_REALLOC_N_QUIET(*tmpAddress, *ntmpAddress + 1) < 0) { - ERROR("Out of memory"); - return -1; - } - - (*tmpAddress)[*ntmpAddress].expirytime =3D expirytime; - (*tmpAddress)[*ntmpAddress].af =3D family; - memcpy((*tmpAddress)[*ntmpAddress].addr, - (family =3D=3D AF_INET ? - (void *) &sa.data.inet4.sin_addr.s_addr : - (void *) &sa.data.inet6.sin6_addr.s6_addr), - FAMILY_ADDRESS_SIZE(family)); - (*ntmpAddress)++; - return 0; -} - - -static int -findLeaseInJSON(leaseAddress **tmpAddress, - size_t *ntmpAddress, - virJSONValuePtr leases_array, - size_t nleases, - const char *name, - const char **macs, - size_t nmacs, - int af, - bool *found) -{ - size_t i; - size_t j; - long long expirytime; - time_t currtime; - - if ((currtime =3D time(NULL)) =3D=3D (time_t) - 1) { - ERROR("Failed to get current system time"); - return -1; - } - - for (i =3D 0; i < nleases; i++) { - virJSONValuePtr lease =3D virJSONValueArrayGet(leases_array, i); - - if (!lease) { - /* This should never happen (TM) */ - ERROR("Unable to get element %zu of %zu", i, nleases); - return -1; - } - - if (macs) { - const char *macAddr; - bool match =3D false; - - macAddr =3D virJSONValueObjectGetString(lease, "mac-address"); - if (!macAddr) - continue; - - for (j =3D 0; j < nmacs && !match; j++) { - if (STREQ(macs[j], macAddr)) - match =3D true; - } - if (!match) - continue; - } else { - const char *lease_name; - - lease_name =3D virJSONValueObjectGetString(lease, "hostname"); - - if (STRNEQ_NULLABLE(name, lease_name)) - continue; - } - - if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expiryt= ime) < 0) { - /* A lease cannot be present without expiry-time */ - ERROR("expiry-time field missing for %s", name); - return -1; - } - - /* Do not report expired lease */ - if (expirytime < (long long) currtime) { - DEBUG("Skipping expired lease for %s", name); - continue; - } - - DEBUG("Found record for %s", name); - *found =3D true; - - if (appendAddr(name, tmpAddress, ntmpAddress, lease, af) < 0) - return -1; - } - - return 0; -} - - /** * findLease: * @name: domain name to lookup @@ -250,13 +103,12 @@ findLease(const char *name, int ret =3D -1; const char *leaseDir =3D LEASEDIR; struct dirent *entry; - VIR_AUTOPTR(virJSONValue) leases_array =3D NULL; - ssize_t nleases; - VIR_AUTOFREE(leaseAddress *) tmpAddress =3D NULL; - size_t ntmpAddress =3D 0; + char **leaseFiles =3D NULL; + size_t nleaseFiles =3D 0; char **macs =3D NULL; size_t nmacs =3D 0; size_t i; + time_t now; =20 *address =3D NULL; *naddress =3D 0; @@ -273,27 +125,21 @@ findLease(const char *name, goto cleanup; } =20 - if (!(leases_array =3D virJSONValueNewArray())) { - ERROR("Failed to create json array"); - goto cleanup; - } - DEBUG("Dir: %s", leaseDir); while ((entry =3D readdir(dir)) !=3D NULL) { char *path; size_t dlen =3D strlen(entry->d_name); =20 if (dlen >=3D 7 && STREQ(entry->d_name + dlen - 7, ".status")) { + char **tmpLease; if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) goto cleanup; =20 - DEBUG("Processing %s", path); - if (virLeaseReadCustomLeaseFile(leases_array, path, NULL, NULL= ) < 0) { - ERROR("Unable to parse %s", path); - VIR_FREE(path); + tmpLease =3D realloc(leaseFiles, sizeof(char *) * (nleaseFiles= + 1)); + if (!tmpLease) goto cleanup; - } - VIR_FREE(path); + leaseFiles =3D tmpLease; + leaseFiles[nleaseFiles++] =3D path; #if defined(LIBVIRT_NSS_GUEST) } else if (dlen >=3D 5 && STREQ(entry->d_name + dlen - 5, ".macs")= ) { if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) @@ -313,9 +159,6 @@ findLease(const char *name, closedir(dir); dir =3D NULL; =20 - nleases =3D virJSONValueArraySize(leases_array); - DEBUG("Read %zd leases", nleases); - #if defined(LIBVIRT_NSS_GUEST) DEBUG("Finding with %zu macs", nmacs); if (!nmacs) @@ -324,26 +167,38 @@ findLease(const char *name, DEBUG(" %s", macs[i]); #endif =20 - if (findLeaseInJSON(&tmpAddress, &ntmpAddress, - leases_array, nleases, - name, (const char**)macs, nmacs, - af, found) < 0) + if ((now =3D time(NULL)) =3D=3D (time_t)-1) { + DEBUG("Failed to get time"); goto cleanup; + } =20 - DEBUG("Found %zu addresses", ntmpAddress); - sortAddr(tmpAddress, ntmpAddress); + for (i =3D 0; i < nleaseFiles; i++) { + if (findLeases(leaseFiles[i], + name, macs, nmacs, + af, now, + address, naddress, + found) < 0) + goto cleanup; + } =20 - VIR_STEAL_PTR(*address, tmpAddress); - *naddress =3D ntmpAddress; - ntmpAddress =3D 0; + DEBUG("Found %zu addresses", *naddress); + sortAddr(*address, *naddress); =20 ret =3D 0; =20 cleanup: *errnop =3D errno; + for (i =3D 0; i < nleaseFiles; i++) + free(leaseFiles[i]); + free(leaseFiles); for (i =3D 0; i < nmacs; i++) free(macs[i]); free(macs); + if (ret < 0) { + free(*address); + *address =3D NULL; + *naddress =3D 0; + } if (dir) closedir(dir); return ret; diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c new file mode 100644 index 0000000000..44089af313 --- /dev/null +++ b/tools/nss/libvirt_nss_leases.c @@ -0,0 +1,399 @@ +/* + * libvirt_nss_leases.c: Name Service Switch plugin lease file parser + * + * Copyright (C) 2019 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include +#include +#include +#include + +#include +#include + +#include "libvirt_nss_leases.h" +#include "libvirt_nss.h" +#include "virsocketaddr.h" +#include "viralloc.h" + +enum { + FIND_LEASES_STATE_START, + FIND_LEASES_STATE_LIST, + FIND_LEASES_STATE_ENTRY, +}; + + +typedef struct { + const char *name; + char **macs; + size_t nmacs; + int state; + unsigned long long now; + int af; + bool *found; + leaseAddress **addrs; + size_t *naddrs; + + char *key; + struct { + unsigned long long expiry; + char *ipaddr; + char *macaddr; + char *hostname; + } entry; +} findLeasesParser; + + +static int +appendAddr(const char *name ATTRIBUTE_UNUSED, + leaseAddress **tmpAddress, + size_t *ntmpAddress, + const char *ipAddr, + long long expirytime, + int af) +{ + virSocketAddr sa; + int family; + size_t i; + + DEBUG("IP address: %s", ipAddr); + if (virSocketAddrParse(&sa, ipAddr, AF_UNSPEC) < 0) { + ERROR("Unable to parse %s", ipAddr); + return -1; + } + + family =3D VIR_SOCKET_ADDR_FAMILY(&sa); + if (af !=3D AF_UNSPEC && af !=3D family) { + DEBUG("Skipping address which family is %d, %d requested", family,= af); + return 0; + } + + for (i =3D 0; i < *ntmpAddress; i++) { + if (family =3D=3D AF_INET) { + if (memcmp((*tmpAddress)[i].addr, + &sa.data.inet4.sin_addr.s_addr, + sizeof(sa.data.inet4.sin_addr.s_addr)) =3D=3D 0) { + DEBUG("IP address already in the list"); + return 0; + } + } else { + if (memcmp((*tmpAddress)[i].addr, + &sa.data.inet6.sin6_addr.s6_addr, + sizeof(sa.data.inet6.sin6_addr.s6_addr)) =3D=3D 0) { + DEBUG("IP address already in the list"); + return 0; + } + } + } + + if (VIR_REALLOC_N_QUIET(*tmpAddress, *ntmpAddress + 1) < 0) { + ERROR("Out of memory"); + return -1; + } + + (*tmpAddress)[*ntmpAddress].expirytime =3D expirytime; + (*tmpAddress)[*ntmpAddress].af =3D family; + if (family =3D=3D AF_INET) + memcpy((*tmpAddress)[*ntmpAddress].addr, + &sa.data.inet4.sin_addr.s_addr, + sizeof(sa.data.inet4.sin_addr.s_addr)); + else + memcpy((*tmpAddress)[*ntmpAddress].addr, + &sa.data.inet6.sin6_addr.s6_addr, + sizeof(sa.data.inet6.sin6_addr.s6_addr)); + (*ntmpAddress)++; + return 0; +} + + +static int +findLeasesParserInteger(void *ctx, + long long val) +{ + findLeasesParser *parser =3D ctx; + + DEBUG("Parse int state=3D%d '%lld' (map key '%s')", + parser->state, val, NULLSTR(parser->key)); + if (!parser->key) + return 0; + + if (parser->state =3D=3D FIND_LEASES_STATE_ENTRY) { + if (STRNEQ(parser->key, "expiry-time")) + return 0; + + parser->entry.expiry =3D val; + } else { + return 0; + } + return 1; +} + + +static int +findLeasesParserString(void *ctx, + const unsigned char *stringVal, + size_t stringLen) +{ + findLeasesParser *parser =3D ctx; + + DEBUG("Parse string state=3D%d '%.*s' (map key '%s')", + parser->state, (int)stringLen, (const char *)stringVal, + NULLSTR(parser->key)); + if (!parser->key) + return 0; + + if (parser->state =3D=3D FIND_LEASES_STATE_ENTRY) { + if (STREQ(parser->key, "ip-address")) { + if (!(parser->entry.ipaddr =3D strndup((char *)stringVal, stri= ngLen))) + return 0; + } else if (STREQ(parser->key, "mac-address")) { + if (!(parser->entry.macaddr =3D strndup((char *)stringVal, str= ingLen))) + return 0; + } else if (STREQ(parser->key, "hostname")) { + if (!(parser->entry.hostname =3D strndup((char *)stringVal, st= ringLen))) + return 0; + } else { + return 0; + } + } else { + return 0; + } + return 1; +} + + +static int +findLeasesParserMapKey(void *ctx, + const unsigned char *stringVal, + size_t stringLen) +{ + findLeasesParser *parser =3D ctx; + + DEBUG("Parse map key state=3D%d '%.*s'", + parser->state, (int)stringLen, (const char *)stringVal); + + free(parser->key); + if (!(parser->key =3D strndup((char *)stringVal, stringLen))) + return 0; + + return 1; +} + + +static int +findLeasesParserStartMap(void *ctx) +{ + findLeasesParser *parser =3D ctx; + + DEBUG("Parse start map state=3D%d", parser->state); + + if (parser->state !=3D FIND_LEASES_STATE_LIST) + return 0; + + free(parser->key); + parser->key =3D NULL; + parser->state =3D FIND_LEASES_STATE_ENTRY; + + return 1; +} + + +static int +findLeasesParserEndMap(void *ctx) +{ + findLeasesParser *parser =3D ctx; + size_t i; + bool found =3D false; + + DEBUG("Parse end map state=3D%d", parser->state); + + if (parser->entry.macaddr =3D=3D NULL) + return 0; + + if (parser->state !=3D FIND_LEASES_STATE_ENTRY) + return 0; + + if (parser->nmacs) { + DEBUG("Check %zu macs", parser->nmacs); + for (i =3D 0; i < parser->nmacs && !found; i++) { + DEBUG("Check mac '%s' vs '%s'", parser->macs[i], NULLSTR(parse= r->entry.macaddr)); + if (STREQ_NULLABLE(parser->macs[i], parser->entry.macaddr)) + found =3D true; + } + } else { + DEBUG("Check name '%s' vs '%s'", parser->name, NULLSTR(parser->ent= ry.hostname)); + if (STREQ_NULLABLE(parser->name, parser->entry.hostname)) + found =3D true; + } + DEBUG("Found %d", found); + if (parser->entry.expiry < parser->now) { + DEBUG("Entry expired at %llu vs now %llu", + parser->entry.expiry, parser->now); + found =3D false; + } + if (!parser->entry.ipaddr) + found =3D false; + + if (found) { + *parser->found =3D true; + + if (appendAddr(parser->name, + parser->addrs, parser->naddrs, + parser->entry.ipaddr, + parser->entry.expiry, + parser->af) < 0) + return 0; + } + + free(parser->entry.macaddr); + free(parser->entry.ipaddr); + free(parser->entry.hostname); + parser->entry.macaddr =3D NULL; + parser->entry.ipaddr =3D NULL; + parser->entry.hostname =3D NULL; + + parser->state =3D FIND_LEASES_STATE_LIST; + + return 1; +} + + +static int +findLeasesParserStartArray(void *ctx) +{ + findLeasesParser *parser =3D ctx; + + DEBUG("Parse start array state=3D%d", parser->state); + + if (parser->state =3D=3D FIND_LEASES_STATE_START) { + parser->state =3D FIND_LEASES_STATE_LIST; + } else { + return 0; + } + + return 1; +} + + +static int +findLeasesParserEndArray(void *ctx) +{ + findLeasesParser *parser =3D ctx; + + DEBUG("Parse end array state=3D%d", parser->state); + + if (parser->state =3D=3D FIND_LEASES_STATE_LIST) + parser->state =3D FIND_LEASES_STATE_START; + else + return 0; + + return 1; +} + + +int +findLeases(const char *file, + const char *name, + char **macs, + size_t nmacs, + int af, + time_t now, + leaseAddress **addrs, + size_t *naddrs, + bool *found) +{ + int fd =3D -1; + int ret =3D -1; + const yajl_callbacks parserCallbacks =3D { + NULL, /* null */ + NULL, /* bool */ + findLeasesParserInteger, + NULL, /* double */ + NULL, /* number */ + findLeasesParserString, + findLeasesParserStartMap, + findLeasesParserMapKey, + findLeasesParserEndMap, + findLeasesParserStartArray, + findLeasesParserEndArray, + }; + findLeasesParser parserState =3D { + .name =3D name, + .macs =3D macs, + .nmacs =3D nmacs, + .af =3D af, + .now =3D now, + .found =3D found, + .addrs =3D addrs, + .naddrs =3D naddrs, + }; + yajl_handle parser; + char line[1024]; + int rv; + + if ((fd =3D open(file, O_RDONLY)) < 0) { + ERROR("Cannot open %s", file); + goto cleanup; + } + + parser =3D yajl_alloc(&parserCallbacks, NULL, &parserState); + if (!parser) { + ERROR("Unable to create JSON parser"); + goto cleanup; + } + + while (1) { + rv =3D read(fd, line, sizeof(line)); + if (rv < 0) + goto cleanup; + if (rv =3D=3D 0) + break; + + if (yajl_parse(parser, (const unsigned char *)line, rv) !=3D + yajl_status_ok) { + ERROR("Parse failed %s", + yajl_get_error(parser, 1, + (const unsigned char*)line, rv)); + goto cleanup; + } + } + + if (yajl_complete_parse(parser) !=3D yajl_status_ok) { + ERROR("Parse failed %s", + yajl_get_error(parser, 1, NULL, 0)); + goto cleanup; + } + + ret =3D 0; + + cleanup: + if (ret !=3D 0) { + free(*addrs); + *addrs =3D NULL; + *naddrs =3D 0; + } + free(parserState.entry.ipaddr); + free(parserState.entry.macaddr); + free(parserState.entry.hostname); + free(parserState.key); + if (fd !=3D -1) + close(fd); + return ret; +} diff --git a/tools/nss/libvirt_nss_leases.h b/tools/nss/libvirt_nss_leases.h new file mode 100644 index 0000000000..e213681e46 --- /dev/null +++ b/tools/nss/libvirt_nss_leases.h @@ -0,0 +1,40 @@ +/* + * libvirt_nss_leases.h: Name Service Switch plugin lease file parser + * + * Copyright (C) 2019 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#pragma once + +#include "internal.h" + +typedef struct { + unsigned char addr[16]; + int af; + long long expirytime; +} leaseAddress; + +int +findLeases(const char *file, + const char *name, + char **macs, + size_t nmacs, + int af, + time_t now, + leaseAddress **addrs, + size_t *naddrs, + bool *found); diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c index 0d0b6b1eaa..9fe5b83e86 100644 --- a/tools/nss/libvirt_nss_macs.c +++ b/tools/nss/libvirt_nss_macs.c @@ -28,10 +28,8 @@ #include #include =20 -#include "internal.h" - -#include "libvirt_nss.h" #include "libvirt_nss_macs.h" +#include "libvirt_nss.h" =20 enum { FIND_MACS_STATE_START, diff --git a/tools/nss/libvirt_nss_macs.h b/tools/nss/libvirt_nss_macs.h index c504a8cf1f..64e291f549 100644 --- a/tools/nss/libvirt_nss_macs.h +++ b/tools/nss/libvirt_nss_macs.h @@ -20,6 +20,8 @@ =20 #pragma once =20 +#include "internal.h" + int findMACs(const char *file, const char *name, --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671689; cv=none; d=zoho.com; s=zohoarc; b=AXrRw2ENEs7Dn6Rq4Wv2tXZpXpffC71TnUt3IudlarCG9z/v8vMeBRbRrh5zede6EbYbMrCU/FTIGf4OST7fe1mJ3BRm0LotkjaquXdcN3W8Hm4rmVhkDMrIvOCWUKxhSlWNcjBs3xb3V2ZQs1DNNSDV8ysM9ikZEqEe8yAPv40= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671689; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=al0wOHIHU7Qoq6IKNTmfqotp4sCVf/Ga3HAbjEyTN9k=; b=lXvAcodEoIDcckMVCxlWSr0x4PtL35kRWpbFxdixg6G6mqEFPChImbxHItt5WdLvQNMbMvEUZAhWUW/9wxce4TFY9srEujvK+FE+e1nwD+aqU8rDtNipT97xjMHd+o0R6gznlwh0VVqEV+I1IUDEAws1Hkhz3/MyKGeckV9Y8Vs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671689415995.5965463295402; Thu, 1 Aug 2019 08:01:29 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 25E70F0D12; Thu, 1 Aug 2019 15:01:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DFD2160A9F; Thu, 1 Aug 2019 15:01:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8B6131973C; Thu, 1 Aug 2019 15:01:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1ND6032251 for ; Thu, 1 Aug 2019 11:01:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2546919698; Thu, 1 Aug 2019 15:01:23 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 886DD19697; Thu, 1 Aug 2019 15:01:22 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:17 +0100 Message-Id: <20190801150019.10519-16-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 15/17] nss: directly use getnameinfo/getaddrinfo X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 01 Aug 2019 15:01:28 +0000 (UTC) Use the plain libc socket APIs to avoid a dependancy on the main libvirt code from the nss module. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tools/nss/libvirt_nss.c | 36 ++++++++++++++++------ tools/nss/libvirt_nss_leases.c | 56 +++++++++++++++++++++++++--------- 2 files changed, 69 insertions(+), 23 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 47d2ba9435..2719e19cda 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -38,7 +38,6 @@ =20 #include "viralloc.h" #include "virtime.h" -#include "virsocketaddr.h" #include "configmake.h" =20 #include "libvirt_nss_leases.h" @@ -474,25 +473,45 @@ aiforaf(const char *name, int af, struct addrinfo *pa= i, struct addrinfo **aip) =20 addrList =3D resolved.h_addr_list; while (*addrList) { - virSocketAddr sa; - char *ipAddr =3D NULL; + union { + struct sockaddr sa; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + } sa; + socklen_t salen; void *address =3D *addrList; + char host[NI_MAXHOST]; + char port[NI_MAXSERV]; =20 memset(&sa, 0, sizeof(sa)); if (resolved.h_addrtype =3D=3D AF_INET) { - virSocketAddrSetIPv4AddrNetOrder(&sa, *((uint32_t *) address)); + sa.sin.sin_family =3D AF_INET; + memcpy(&sa.sin.sin_addr.s_addr, + address, + FAMILY_ADDRESS_SIZE(AF_INET)); + salen =3D sizeof(sa.sin); } else { - virSocketAddrSetIPv6AddrNetOrder(&sa, address); + sa.sin6.sin6_family =3D AF_INET6; + memcpy(&sa.sin6.sin6_addr.s6_addr, + address, + FAMILY_ADDRESS_SIZE(AF_INET6)); + salen =3D sizeof(sa.sin6); } =20 - ipAddr =3D virSocketAddrFormat(&sa); + if ((err =3D getnameinfo(&sa.sa, salen, + host, sizeof(host), + port, sizeof(port), + NI_NUMERICHOST | NI_NUMERICSERV)) !=3D 0) { + ERROR("Cannot convert socket address to string: %s", + gai_strerror(err)); + continue; + } =20 hints =3D *pai; hints.ai_flags =3D AI_NUMERICHOST; hints.ai_family =3D af; =20 - if (getaddrinfo(ipAddr, NULL, &hints, &res0)) { - VIR_FREE(ipAddr); + if (getaddrinfo(host, NULL, &hints, &res0)) { addrList++; continue; } @@ -504,7 +523,6 @@ aiforaf(const char *name, int af, struct addrinfo *pai,= struct addrinfo **aip) while ((*aip)->ai_next) *aip =3D (*aip)->ai_next; =20 - VIR_FREE(ipAddr); addrList++; } } diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c index 44089af313..803b14cc55 100644 --- a/tools/nss/libvirt_nss_leases.c +++ b/tools/nss/libvirt_nss_leases.c @@ -30,7 +30,6 @@ =20 #include "libvirt_nss_leases.h" #include "libvirt_nss.h" -#include "virsocketaddr.h" #include "viralloc.h" =20 enum { @@ -69,18 +68,47 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, long long expirytime, int af) { - virSocketAddr sa; int family; size_t i; + struct addrinfo hints =3D {0}; + struct addrinfo *res =3D NULL; + union { + struct sockaddr sa; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + } sa; + unsigned char addr[16]; + int err; =20 DEBUG("IP address: %s", ipAddr); - if (virSocketAddrParse(&sa, ipAddr, AF_UNSPEC) < 0) { - ERROR("Unable to parse %s", ipAddr); + + hints.ai_family =3D AF_UNSPEC; + hints.ai_flags =3D AI_NUMERICHOST; + + if ((err =3D getaddrinfo(ipAddr, NULL, &hints, &res)) !=3D 0) { + ERROR("Cannot parse socket address '%s': %s", + ipAddr, gai_strerror(err)); + return -1; + } + + if (!res) { + ERROR("No resolved address for '%s'", ipAddr); return -1; } + family =3D res->ai_family; + memcpy(&sa, res->ai_addr, res->ai_addrlen); + freeaddrinfo(res); + + if (family =3D=3D AF_INET) { + memcpy(addr, &sa.sin.sin_addr, sizeof(sa.sin.sin_addr)); + } else if (family =3D=3D AF_INET6) { + memcpy(addr, &sa.sin6.sin6_addr, sizeof(sa.sin6.sin6_addr)); + } else { + DEBUG("Skipping unexpected family %d", family); + return 0; + } =20 - family =3D VIR_SOCKET_ADDR_FAMILY(&sa); - if (af !=3D AF_UNSPEC && af !=3D family) { + if (af !=3D AF_UNSPEC && af !=3D family) { DEBUG("Skipping address which family is %d, %d requested", family,= af); return 0; } @@ -88,15 +116,15 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, for (i =3D 0; i < *ntmpAddress; i++) { if (family =3D=3D AF_INET) { if (memcmp((*tmpAddress)[i].addr, - &sa.data.inet4.sin_addr.s_addr, - sizeof(sa.data.inet4.sin_addr.s_addr)) =3D=3D 0) { + &sa.sin.sin_addr, + sizeof(sa.sin.sin_addr)) =3D=3D 0) { DEBUG("IP address already in the list"); return 0; } } else { if (memcmp((*tmpAddress)[i].addr, - &sa.data.inet6.sin6_addr.s6_addr, - sizeof(sa.data.inet6.sin6_addr.s6_addr)) =3D=3D 0) { + &sa.sin6.sin6_addr, + sizeof(sa.sin6.sin6_addr)) =3D=3D 0) { DEBUG("IP address already in the list"); return 0; } @@ -112,12 +140,12 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, (*tmpAddress)[*ntmpAddress].af =3D family; if (family =3D=3D AF_INET) memcpy((*tmpAddress)[*ntmpAddress].addr, - &sa.data.inet4.sin_addr.s_addr, - sizeof(sa.data.inet4.sin_addr.s_addr)); + &sa.sin.sin_addr, + sizeof(sa.sin.sin_addr)); else memcpy((*tmpAddress)[*ntmpAddress].addr, - &sa.data.inet6.sin6_addr.s6_addr, - sizeof(sa.data.inet6.sin6_addr.s6_addr)); + &sa.sin6.sin6_addr, + sizeof(sa.sin6.sin6_addr)); (*ntmpAddress)++; return 0; } --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671701; cv=none; d=zoho.com; s=zohoarc; b=ay5ePZHigDZfF/wnKLXVSKBM5J1XtDUe5b3GIzVQxppvDpyULqg1HTu4SDShPrPZ1Zp0pgYSrrqHrlotKtvpapDhrgtw/1vfgYw45MnOTPR8ZBYbubDzTla2iWqMhaTLHmm6HkY/ZWIyM3fkvwd/qFPoAAcCZPuxqXB+OQkXQp8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671701; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=zf0L8/HqFUPSI1RMZJao/NoiooWldypLCPg+lD1Q6Nc=; b=TwI+AkV56e1Q2MLeUB+vDDgTLWfqbp9NxZqrjDgAPs/e8P2Pa2tHyRUdmAPIxRYyb92/eBFZ+6ijBTqHl4/dLFXXHZxTQ3yHnp4DmBV9tj9EpECPDr++wP33zqOz102cGDwOBxI9uhVX1hwq9cYhZgMxK1eQYlSPSSwtGsoecKo= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671701953778.8340180189349; Thu, 1 Aug 2019 08:01:41 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 69A7B30860DF; Thu, 1 Aug 2019 15:01:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 23050196FF; Thu, 1 Aug 2019 15:01:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C47FC1806B00; Thu, 1 Aug 2019 15:01:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1OZj032280 for ; Thu, 1 Aug 2019 11:01:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id 04D7919697; Thu, 1 Aug 2019 15:01:24 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6B6EE196FE; Thu, 1 Aug 2019 15:01:23 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:18 +0100 Message-Id: <20190801150019.10519-17-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 16/17] nss: remove last usages of libvirt headers X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Thu, 01 Aug 2019 15:01:41 +0000 (UTC) Use the plain libc APIs to avoid a dependancy on the main libvirt code from the nss module. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tools/nss/libvirt_nss.c | 16 +++++++++++----- tools/nss/libvirt_nss.h | 5 +++-- tools/nss/libvirt_nss_leases.c | 6 ++++-- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 2719e19cda..a9814cf0dc 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -31,13 +31,15 @@ #include #include #include +#include +#include +#include + =20 #if defined(HAVE_BSD_NSS) # include #endif =20 -#include "viralloc.h" -#include "virtime.h" #include "configmake.h" =20 #include "libvirt_nss_leases.h" @@ -146,10 +148,10 @@ findLease(const char *name, =20 DEBUG("Processing %s", path); if (findMACs(path, name, &macs, &nmacs) < 0) { - VIR_FREE(path); + free(path); goto cleanup; } - VIR_FREE(path); + free(path); #endif /* LIBVIRT_NSS_GUEST */ } =20 @@ -243,7 +245,7 @@ NSS_NAME(gethostbyname3)(const char *name, int af, stru= ct hostent *result, { enum nss_status ret =3D NSS_STATUS_UNAVAIL; char *r_name, **r_aliases, *r_addr, *r_addr_next, **r_addr_list; - VIR_AUTOFREE(leaseAddress *) addr =3D NULL; + leaseAddress *addr =3D NULL; size_t naddr, i; bool found =3D false; size_t nameLen, need, idx =3D 0; @@ -259,6 +261,7 @@ NSS_NAME(gethostbyname3)(const char *name, int af, stru= ct hostent *result, af =3D AF_INET; =20 if ((r =3D findLease(name, af, &addr, &naddr, &found, errnop)) < 0) { + free(addr); /* Error occurred. Return immediately. */ if (*errnop =3D=3D EAGAIN) { *herrnop =3D TRY_AGAIN; @@ -273,11 +276,13 @@ NSS_NAME(gethostbyname3)(const char *name, int af, st= ruct hostent *result, /* NOT found */ *errnop =3D ESRCH; *herrnop =3D HOST_NOT_FOUND; + free(addr); return NSS_STATUS_NOTFOUND; } else if (!naddr) { /* Found, but no data */ *errnop =3D ENXIO; *herrnop =3D NO_DATA; + free(addr); return NSS_STATUS_UNAVAIL; } =20 @@ -349,6 +354,7 @@ NSS_NAME(gethostbyname3)(const char *name, int af, stru= ct hostent *result, =20 ret =3D NSS_STATUS_SUCCESS; cleanup: + free(addr); return ret; } =20 diff --git a/tools/nss/libvirt_nss.h b/tools/nss/libvirt_nss.h index 6e4be125d2..fa4ff892c6 100644 --- a/tools/nss/libvirt_nss.h +++ b/tools/nss/libvirt_nss.h @@ -30,13 +30,14 @@ =20 =20 #if 0 -# include "virerror.h" +# include # define ERROR(...) \ do { \ char ebuf[1024]; \ + strerror_r(errno, ebuf, sizeof(ebuf)); \ fprintf(stderr, "ERROR %s:%d : ", __FUNCTION__, __LINE__); \ fprintf(stderr, __VA_ARGS__); \ - fprintf(stderr, " : %s\n", virStrerror(errno, ebuf, sizeof(ebuf))); \ + fprintf(stderr, " : %s\n", ebuf); \ fprintf(stderr, "\n"); \ } while (0) =20 diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c index 803b14cc55..ddd50288d2 100644 --- a/tools/nss/libvirt_nss_leases.c +++ b/tools/nss/libvirt_nss_leases.c @@ -30,7 +30,6 @@ =20 #include "libvirt_nss_leases.h" #include "libvirt_nss.h" -#include "viralloc.h" =20 enum { FIND_LEASES_STATE_START, @@ -79,6 +78,7 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, } sa; unsigned char addr[16]; int err; + leaseAddress *newAddr; =20 DEBUG("IP address: %s", ipAddr); =20 @@ -131,10 +131,12 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, } } =20 - if (VIR_REALLOC_N_QUIET(*tmpAddress, *ntmpAddress + 1) < 0) { + newAddr =3D realloc(*tmpAddress, sizeof(*newAddr) * (*ntmpAddress + 1)= ); + if (!newAddr) { ERROR("Out of memory"); return -1; } + *tmpAddress =3D newAddr; =20 (*tmpAddress)[*ntmpAddress].expirytime =3D expirytime; (*tmpAddress)[*ntmpAddress].af =3D family; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun May 5 00:58:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564671698; cv=none; d=zoho.com; s=zohoarc; b=k/BTBLuuZEi3t8ZQgm/H7UpEuBV00RTJ3IFlQI6LWL1kS9uykXFLwnpFmQnLx5DqOqp4REqoY1HtgH+lK7pEG6bP3KOi50SfJMBHE/c1DXUwjAZ+jlZ9pHRR8uuTszeP5RHvCAsV6nKQTcs5mfeBWry4x9B3frDz2UX/WUajUc0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564671698; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=sqzL+r1u0ivaUvFrcrD/Nxgmas3+7hwt/d8ZLBQy9RA=; b=eihMcfk4Z16rOsyefNIN1S3hQ9uSrSPqL64crJ6B8uW/UOeACYyt2q8ZlhsVsjdEJ8si/VI2TJgRkr7yV9XauF/d5yZQG5FIb+yHsKiWngCmcAPvNKt0TKIGM+lbBWtWklsHcnruFe0Rr1ehTmQziM/SGPUrNRo2YBg5vkha0RA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1564671698581618.4484294707598; Thu, 1 Aug 2019 08:01:38 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DAFF03073832; Thu, 1 Aug 2019 15:01:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A5FFB614DD; Thu, 1 Aug 2019 15:01:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 57C4D149E6; Thu, 1 Aug 2019 15:01:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x71F1ODc032293 for ; Thu, 1 Aug 2019 11:01:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id DA71C19697; Thu, 1 Aug 2019 15:01:24 +0000 (UTC) Received: from domokun.gsslab.fab.redhat.com (dhcp-94.gsslab.fab.redhat.com [10.33.9.94]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4B6D0196FE; Thu, 1 Aug 2019 15:01:24 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 1 Aug 2019 16:00:19 +0100 Message-Id: <20190801150019.10519-18-berrange@redhat.com> In-Reply-To: <20190801150019.10519-1-berrange@redhat.com> References: <20190801150019.10519-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 17/17] nss: only link to yajl library and nothing else X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 01 Aug 2019 15:01:36 +0000 (UTC) Now that the code does not refer to any libvirt headers, except internal.h macros, it does not need to link to any libvirt code, nor gnulib either. The only thing it needs is yajl. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- config-post.h | 30 ------------------- src/Makefile.am | 73 ---------------------------------------------- src/util/virfile.c | 3 +- tools/Makefile.am | 8 ++--- 4 files changed, 5 insertions(+), 109 deletions(-) diff --git a/config-post.h b/config-post.h index a11f9c83d6..38baeefdff 100644 --- a/config-post.h +++ b/config-post.h @@ -16,36 +16,6 @@ * . */ =20 -/* - * The NSS module can be loaded into any binary and thus we want - * to minimize what code is liable to be run. Especiall we need - * to minimize use of any 3rd party libraries which have - * __attribute__((constructor)) functions. - * - * The only way to avoid such deps is to re-compile the - * functions with the code in question disabled, and for that we - * must override the main config.h rules. Hence this file :-( - */ -#ifdef LIBVIRT_NSS -# undef HAVE_LIBNL -# undef HAVE_LIBNL3 -# undef HAVE_LIBSASL2 -# undef HAVE_SYS_ACL_H -# undef WITH_CAPNG -# undef WITH_CURL -# undef WITH_DEVMAPPER -# undef WITH_DTRACE_PROBES -# undef WITH_GNUTLS -# undef WITH_LIBSSH -# undef WITH_MACVTAP -# undef WITH_NUMACTL -# undef WITH_SASL -# undef WITH_SSH2 -# undef WITH_VIRTUALPORT -# undef WITH_SECDRIVER_SELINUX -# undef WITH_SECDRIVER_APPARMOR -#endif /* LIBVIRT_NSS */ - #ifndef __GNUC__ # error "Libvirt requires GCC >=3D 4.4, or CLang" #endif diff --git a/src/Makefile.am b/src/Makefile.am index 8ca714dd34..f111b2a1b4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -767,79 +767,6 @@ libvirt_iohelper_CFLAGS =3D \ endif WITH_LIBVIRTD =20 =20 - -if WITH_NSS -noinst_LTLIBRARIES +=3D libvirt-nss.la - -libvirt_nss_la_SOURCES =3D \ - util/viralloc.c \ - util/viralloc.h \ - util/viratomic.c \ - util/viratomic.h \ - util/virautoclean.h \ - util/virbitmap.c \ - util/virbitmap.h \ - util/virbuffer.c \ - util/virbuffer.h \ - util/vircommand.c \ - util/vircommand.h \ - util/virenum.c \ - util/virenum.h \ - util/virerror.c \ - util/virerror.h \ - util/virfile.c \ - util/virfile.h \ - util/virhash.c \ - util/virhash.h \ - util/virhashcode.c \ - util/virhashcode.h \ - util/virjson.c \ - util/virjson.h \ - util/virkmod.c \ - util/virkmod.h \ - util/virlease.c \ - util/virlease.h \ - util/virlog.c \ - util/virlog.h \ - util/virmacmap.c \ - util/virmacmap.h \ - util/virobject.c \ - util/virobject.h \ - util/virpidfile.c \ - util/virpidfile.h \ - util/virprocess.c \ - util/virprocess.h \ - util/virrandom.c \ - util/virrandom.h \ - util/virsocketaddr.c \ - util/virsocketaddr.h \ - util/virstring.c \ - util/virstring.h \ - util/virthread.c \ - util/virthread.h \ - util/virthreadjob.c \ - util/virthreadjob.h \ - util/virtime.c \ - util/virtime.h \ - util/virutil.c \ - util/virutil.h \ - $(NULL) - -libvirt_nss_la_CFLAGS =3D \ - -DLIBVIRT_NSS \ - $(AM_CFLAGS) \ - $(YAJL_CFLAGS) \ - $(NULL) -libvirt_nss_la_LDFLAGS =3D \ - $(AM_LDFLAGS) \ - $(NULL) - -libvirt_nss_la_LIBADD =3D \ - $(YAJL_LIBS) \ - $(NULL) -endif WITH_NSS - - install-data-local: $(INSTALL_DATA_LOCAL) \ $(INSTALL_DATA_DIRS:%=3Dinstall-data-%) $(MKDIR_P) "$(DESTDIR)$(localstatedir)/cache/libvirt" diff --git a/src/util/virfile.c b/src/util/virfile.c index 7667c16d27..81a3c096eb 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -631,8 +631,7 @@ int virFileUpdatePerm(const char *path, } =20 =20 -#if defined(__linux__) && HAVE_DECL_LO_FLAGS_AUTOCLEAR && \ - !defined(LIBVIRT_NSS) +#if defined(__linux__) && HAVE_DECL_LO_FLAGS_AUTOCLEAR =20 # if HAVE_DECL_LOOP_CTL_GET_FREE =20 diff --git a/tools/Makefile.am b/tools/Makefile.am index 61812a2cb1..09cada949b 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -493,8 +493,8 @@ nss_libnss_libvirt_impl_la_CFLAGS =3D \ $(NULL) =20 nss_libnss_libvirt_impl_la_LIBADD =3D \ - ../gnulib/lib/libgnu.la \ - ../src/libvirt-nss.la + $(YAJL_LIBS) \ + $(NULL) =20 nss_libnss_libvirt_la_SOURCES =3D nss_libnss_libvirt_la_LDFLAGS =3D \ @@ -524,8 +524,8 @@ nss_libnss_libvirt_guest_impl_la_CFLAGS =3D \ $(NULL) =20 nss_libnss_libvirt_guest_impl_la_LIBADD =3D \ - ../gnulib/lib/libgnu.la \ - ../src/libvirt-nss.la + $(YAJL_LIBS) \ + $(NULL) =20 nss_libnss_libvirt_guest_la_SOURCES =3D nss_libnss_libvirt_guest_la_LDFLAGS =3D \ --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list