From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684638; cv=none; d=zoho.com; s=zohoarc; b=FbwEqLo3Rr7Jtpitl3eFhHo4KAfESWZ4v19wxljE05F0wXKT5XwWVQtY6DWFNjIKw2nFG/pj9LGO3PhHkd+h7Z2nKYrs5ETMOFD2nkeGAd4pBZtrxtaRKIFJaK2yYWD+gXEUkb/ERKgAPBNYOHNOeTAikrpQOPAEpfP+KHk65RE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684638; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=2Erq5byKYA4Q/3HCNVQnS5PhYDHrUoI/FxwPrbWEzbw=; b=dOm6R1oiNijdmhJ3QDAIEucGAVqw3aFVE3r26HRoMgVzQAp+Mcr0+XmOvKF1FafpHIbgsy7tf0WhzAW+0FzO6IlVX6m4/emNn5YVERQGUMFNrHWFnaiCzn2773o4YtpJktZ/pIWr2a45hQIWvsx/sElcT3w5VkUSYxJKstKGCsA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684638082662.9365076551434; Thu, 5 Sep 2019 04:57:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9C8E4308FBAF; Thu, 5 Sep 2019 11:57:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3C59E10002B8; Thu, 5 Sep 2019 11:57:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3B0A83CBF; Thu, 5 Sep 2019 11:57:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BuXZY030914 for ; Thu, 5 Sep 2019 07:56:33 -0400 Received: by smtp.corp.redhat.com (Postfix) id F31E360C5D; Thu, 5 Sep 2019 11:56:32 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6B86960BE1; Thu, 5 Sep 2019 11:56:32 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:19 +0100 Message-Id: <20190905115627.11493-2-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/9] api: introduce virConnectSetIdentity for passing uid, gid, selinux info X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 05 Sep 2019 11:57:16 +0000 (UTC) When using the fine grained access control mechanism for APIs, when a client connects to libvirtd, the latter will fetch the uid, gid, selinux info of the remote client on the UNIX domain socket. This is then used as the identity when checking ACLs. With the new split daemons things are a bit more complicated. The user can connect to virtproxyd, which in turn connects to virtqemud. When virtqemud requests the identity over the UNIX domain socket, it will get the identity that virtproxyd is running as, not the identity of the real end user/application. virproxyd knows what the real identity is, and needs to be able to forward this information to virtqemud. The virConnectSetIdentity API provides a mechanism for doing this. Obviously virtqemud should not accept such identity overrides from any client, it must only honour it from a trusted client, aka one running as the same uid/gid as itself. The typed parameters exposed in the API are the same as those currently supported by the internal virIdentity class, with a few small name changes. Signed-off-by: Daniel P. Berrang=C3=A9 --- include/libvirt/libvirt-host.h | 74 ++++++++++++++++++++++++++++++++++ src/driver-hypervisor.h | 7 ++++ src/libvirt-host.c | 51 +++++++++++++++++++++++ src/libvirt_public.syms | 4 ++ 4 files changed, 136 insertions(+) diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index 7debb5f829..be65b4686b 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -579,6 +579,80 @@ virConnectPtr virConnectOpenAuth (const= char *name, unsigned int flags); int virConnectRef (virConnectPtr conn); int virConnectClose (virConnectPtr conn); + +/** + * VIR_CONNECT_IDENTITY_USER_NAME: + * + * The operating system user name as VIR_TYPED_PARAM_STRING. + */ +# define VIR_CONNECT_IDENTITY_USER_NAME "user-name" + +/** + * VIR_CONNECT_IDENTITY_UNIX_USER_ID: + * + * The UNIX user ID as VIR_TYPED_PARAM_ULLONG. + */ +# define VIR_CONNECT_IDENTITY_UNIX_USER_ID "unix-user-id" + +/** + * VIR_CONNECT_IDENTITY_GROUP_NAME: + * + * The operating system group name as VIR_TYPED_PARAM_STRING. + */ +# define VIR_CONNECT_IDENTITY_GROUP_NAME "group-name" + +/** + * VIR_CONNECT_IDENTITY_UNIX_GROUP_ID: + * + * The UNIX group ID as VIR_TYPED_PARAM_ULLONG. + */ +# define VIR_CONNECT_IDENTITY_UNIX_GROUP_ID "unix-group-id" + +/** + * VIR_CONNECT_IDENTITY_PROCESS_ID: + * + * The operating system process ID as VIR_TYPED_PARAM_LLONG. + */ +# define VIR_CONNECT_IDENTITY_PROCESS_ID "process-id" + +/** + * VIR_CONNECT_IDENTITY_PROCESS_TIME: + * + * The operating system process start time as VIR_TYPED_PARAM_ULLONG. + * + * The units the time is measured in vary according to the + * host operating system. On Linux this is usually clock + * ticks (as reported in /proc/$PID/stat field 22). + */ +# define VIR_CONNECT_IDENTITY_PROCESS_TIME "process-time" + +/** + * VIR_CONNECT_IDENTITY_SASL_USER_NAME: + * + * The SASL authenticated username as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_SASL_USER_NAME "sasl-user-name" + +/** + * VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME: + * + * The TLS x509 certificate distinguished named as VIR_TYPED_PARAM_STRING + */ +# define VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME "x509-distinguished-= name" + +/** + * VIR_CONNECT_IDENTITY_SELINUX_CONTEXT: + * + * The application's SELinux context as VIR_TYPED_PARAM_STRING. + */ +# define VIR_CONNECT_IDENTITY_SELINUX_CONTEXT "selinux-context" + + +int virConnectSetIdentity (virConnectPtr conn, + virTypedParameterPtr para= ms, + int nparams, + unsigned int flags); + const char * virConnectGetType (virConnectPtr conn); int virConnectGetVersion (virConnectPtr conn, unsigned long *hvVer); diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index 58eb731e85..015b2cd01c 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -36,6 +36,12 @@ typedef virDrvOpenStatus typedef int (*virDrvConnectClose)(virConnectPtr conn); =20 +typedef int +(*virDrvConnectSetIdentity)(virConnectPtr conn, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef int (*virDrvConnectSupportsFeature)(virConnectPtr conn, int feature); @@ -1385,6 +1391,7 @@ struct _virHypervisorDriver { virDrvConnectURIProbe connectURIProbe; virDrvConnectOpen connectOpen; virDrvConnectClose connectClose; + virDrvConnectSetIdentity connectSetIdentity; virDrvConnectSupportsFeature connectSupportsFeature; virDrvConnectGetType connectGetType; virDrvConnectGetVersion connectGetVersion; diff --git a/src/libvirt-host.c b/src/libvirt-host.c index e5c4e5f72a..d7b1b82277 100644 --- a/src/libvirt-host.c +++ b/src/libvirt-host.c @@ -61,6 +61,57 @@ virConnectRef(virConnectPtr conn) } =20 =20 +/** + * virConnectSetIdentity: + * @conn: pointer to the hypervisor connection + * @params: parameters containing the identity attributes + * @nparams: size of @params array + * @flags: currently unused, pass 0 + * + * Override the default identity information associated with + * the connection. When connecting to a stateful driver over + * a UNIX socket, the daemon will interrogate the remote end + * of the UNIX socket to acquire the application's identity. + * This identity is used for the fine grained access control + * checks on API calls. + * + * There may be times when application is operating on behalf + * of a variety of users, and thus the identity that the + * application runs as is not appropriate for access control + * checks. In this case, if the application is considered + * trustworthy, it can supply alternative identity information. + * + * The driver may reject the request to change the identity + * on a connection if the application is not trustworthy. + * + * Returns: 0 if the identity change was accepted, -1 on error + */ +int +virConnectSetIdentity(virConnectPtr conn, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + VIR_DEBUG("conn=3D%p params=3D%p nparams=3D%d flags=3D0x%x", conn, par= ams, nparams, flags); + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + virResetLastError(); + + if (conn->driver->connectSetIdentity) { + int ret =3D conn->driver->connectSetIdentity(conn, params, nparams= , flags); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return -1; +} + + /* * Not for public use. This function is part of the internal * implementation of driver features in the remote case. diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 252f061ba3..40655fbbf5 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -857,4 +857,8 @@ LIBVIRT_5.7.0 { virDomainGetGuestInfo; } LIBVIRT_5.6.0; =20 +LIBVIRT_5.8.0 { + virConnectSetIdentity; +} LIBVIRT_5.7.0; + # .... define new API here using predicted next version number .... --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684672; cv=none; d=zoho.com; s=zohoarc; b=I88tBddOq7Ev9MrGSVZa6+efCSdubip3zk3a9K6ieSY5cM0wDkxHVrWMOumLdc+oVxjRwnsZDjbGgHosQnQDQJuS7aquZ8kpvW/4Ie0eiPOUnjuVr1mlAvYoeXa/zuXjLA03FxelBdJpVZwUyILC7F5PR07e3KcbPybsRBQQyz4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684672; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=lUNHyt15UMZHQNxXzYDpkfmfDVtCfG7QY31GYnEYWtc=; b=GI6JdBuhcnVDkx5PyRQE52qLqqVA1SJzjC4FQmpNO8zaB+BIXbtX4Raqkm5NBdcNBSCmVNB3dozgGf2HBN8XryNs9PCxZWoM8ZLQkoaAIQpdj7ioZ6leas6q3pmwFuclsc7nWA36KoX2rhe0IdjNNocnD5XKmUI50xInuBhbA24= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684672890428.14764017926643; Thu, 5 Sep 2019 04:57:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C09C688317; Thu, 5 Sep 2019 11:57:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 960755D9E1; Thu, 5 Sep 2019 11:57:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 565F9180221D; Thu, 5 Sep 2019 11:57:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BuXUU030924 for ; Thu, 5 Sep 2019 07:56:33 -0400 Received: by smtp.corp.redhat.com (Postfix) id E9D9560BE1; Thu, 5 Sep 2019 11:56:33 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 41B2460C18; Thu, 5 Sep 2019 11:56:33 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:20 +0100 Message-Id: <20190905115627.11493-3-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/9] util: change identity class attribute names X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 05 Sep 2019 11:57:52 +0000 (UTC) Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/access/viraccessdriverpolkit.c | 8 ++--- src/admin/admin_server.c | 6 ++-- src/libvirt_private.syms | 16 ++++----- src/rpc/virnetserverclient.c | 8 ++--- src/util/viridentity.c | 56 +++++++++++++++--------------- src/util/viridentity.h | 40 ++++++++++----------- tests/viridentitytest.c | 18 +++++----- tests/virnetserverclienttest.c | 4 +-- 8 files changed, 78 insertions(+), 78 deletions(-) diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdrive= rpolkit.c index b1473cd0a4..75dbf8a0fa 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -88,14 +88,14 @@ virAccessDriverPolkitGetCaller(const char *actionid, return -1; } =20 - if (virIdentityGetUNIXProcessID(identity, pid) < 0) { + if (virIdentityGetProcessID(identity, pid) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process ID available")); + _("No process ID available")); goto cleanup; } - if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) { + if (virIdentityGetProcessTime(identity, startTime) < 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process start time available")); + _("No process start time available")); goto cleanup; } if (virIdentityGetUNIXUserID(identity, uid) < 0) { diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c index f2a38f6dfa..80e5a36679 100644 --- a/src/admin/admin_server.c +++ b/src/admin/admin_server.c @@ -262,7 +262,7 @@ adminClientGetInfo(virNetServerClientPtr client, VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0) goto cleanup; =20 - if (virIdentityGetUNIXUserName(identity, &attr) < 0 || + if (virIdentityGetUserName(identity, &attr) < 0 || virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_NAME, attr) < 0) @@ -273,13 +273,13 @@ adminClientGetInfo(virNetServerClientPtr client, VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0) goto cleanup; =20 - if (virIdentityGetUNIXGroupName(identity, &attr) < 0 || + if (virIdentityGetGroupName(identity, &attr) < 0 || virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_GROUP_NAME, attr) < 0) goto cleanup; =20 - if (virIdentityGetUNIXProcessID(identity, &pid) < 0 || + if (virIdentityGetProcessID(identity, &pid) < 0 || virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0) goto cleanup; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a34d92f5ef..a46d9a9165 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2144,28 +2144,28 @@ virHostGetBootTime; # util/viridentity.h virIdentityGetAttr; virIdentityGetCurrent; +virIdentityGetGroupName; +virIdentityGetProcessID; +virIdentityGetProcessTime; virIdentityGetSASLUserName; virIdentityGetSELinuxContext; virIdentityGetSystem; virIdentityGetUNIXGroupID; -virIdentityGetUNIXGroupName; -virIdentityGetUNIXProcessID; -virIdentityGetUNIXProcessTime; virIdentityGetUNIXUserID; -virIdentityGetUNIXUserName; +virIdentityGetUserName; virIdentityGetX509DName; virIdentityIsEqual; virIdentityNew; virIdentitySetAttr; virIdentitySetCurrent; +virIdentitySetGroupName; +virIdentitySetProcessID; +virIdentitySetProcessTime; virIdentitySetSASLUserName; virIdentitySetSELinuxContext; virIdentitySetUNIXGroupID; -virIdentitySetUNIXGroupName; -virIdentitySetUNIXProcessID; -virIdentitySetUNIXProcessTime; virIdentitySetUNIXUserID; -virIdentitySetUNIXUserName; +virIdentitySetUserName; virIdentitySetX509DName; =20 =20 diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 410de253d2..1b96d0339b 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -779,21 +779,21 @@ virNetServerClientCreateIdentity(virNetServerClientPt= r client) =20 if (!(username =3D virGetUserName(uid))) goto error; - if (virIdentitySetUNIXUserName(ret, username) < 0) + if (virIdentitySetUserName(ret, username) < 0) goto error; if (virIdentitySetUNIXUserID(ret, uid) < 0) goto error; =20 if (!(groupname =3D virGetGroupName(gid))) goto error; - if (virIdentitySetUNIXGroupName(ret, groupname) < 0) + if (virIdentitySetGroupName(ret, groupname) < 0) goto error; if (virIdentitySetUNIXGroupID(ret, gid) < 0) goto error; =20 - if (virIdentitySetUNIXProcessID(ret, pid) < 0) + if (virIdentitySetProcessID(ret, pid) < 0) goto error; - if (virIdentitySetUNIXProcessTime(ret, timestamp) < 0) + if (virIdentitySetProcessTime(ret, timestamp) < 0) goto error; } =20 diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 4ceff3cb74..d920152c08 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -144,25 +144,25 @@ virIdentityPtr virIdentityGetSystem(void) if (!(ret =3D virIdentityNew())) goto error; =20 - if (virIdentitySetUNIXProcessID(ret, getpid()) < 0) + if (virIdentitySetProcessID(ret, getpid()) < 0) goto error; =20 if (virProcessGetStartTime(getpid(), &startTime) < 0) goto error; if (startTime !=3D 0 && - virIdentitySetUNIXProcessTime(ret, startTime) < 0) + virIdentitySetProcessTime(ret, startTime) < 0) goto error; =20 if (!(username =3D virGetUserName(geteuid()))) return ret; - if (virIdentitySetUNIXUserName(ret, username) < 0) + if (virIdentitySetUserName(ret, username) < 0) goto error; if (virIdentitySetUNIXUserID(ret, getuid()) < 0) goto error; =20 if (!(groupname =3D virGetGroupName(getegid()))) return ret; - if (virIdentitySetUNIXGroupName(ret, groupname) < 0) + if (virIdentitySetGroupName(ret, groupname) < 0) goto error; if (virIdentitySetUNIXGroupID(ret, getgid()) < 0) goto error; @@ -310,11 +310,11 @@ bool virIdentityIsEqual(virIdentityPtr identA, } =20 =20 -int virIdentityGetUNIXUserName(virIdentityPtr ident, - const char **username) +int virIdentityGetUserName(virIdentityPtr ident, + const char **username) { return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, username); } =20 @@ -342,11 +342,11 @@ int virIdentityGetUNIXUserID(virIdentityPtr ident, return 0; } =20 -int virIdentityGetUNIXGroupName(virIdentityPtr ident, - const char **groupname) +int virIdentityGetGroupName(virIdentityPtr ident, + const char **groupname) { return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, groupname); } =20 @@ -375,15 +375,15 @@ int virIdentityGetUNIXGroupID(virIdentityPtr ident, } =20 =20 -int virIdentityGetUNIXProcessID(virIdentityPtr ident, - pid_t *pid) +int virIdentityGetProcessID(virIdentityPtr ident, + pid_t *pid) { unsigned long long val; const char *processid; =20 *pid =3D 0; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, + VIR_IDENTITY_ATTR_PROCESS_ID, &processid) < 0) return -1; =20 @@ -399,12 +399,12 @@ int virIdentityGetUNIXProcessID(virIdentityPtr ident, } =20 =20 -int virIdentityGetUNIXProcessTime(virIdentityPtr ident, - unsigned long long *timestamp) +int virIdentityGetProcessTime(virIdentityPtr ident, + unsigned long long *timestamp) { const char *processtime; if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + VIR_IDENTITY_ATTR_PROCESS_TIME, &processtime) < 0) return -1; =20 @@ -445,11 +445,11 @@ int virIdentityGetSELinuxContext(virIdentityPtr ident, } =20 =20 -int virIdentitySetUNIXUserName(virIdentityPtr ident, - const char *username) +int virIdentitySetUserName(virIdentityPtr ident, + const char *username) { return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, username); } =20 @@ -468,11 +468,11 @@ int virIdentitySetUNIXUserID(virIdentityPtr ident, } =20 =20 -int virIdentitySetUNIXGroupName(virIdentityPtr ident, - const char *groupname) +int virIdentitySetGroupName(virIdentityPtr ident, + const char *groupname) { return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, groupname); } =20 @@ -491,8 +491,8 @@ int virIdentitySetUNIXGroupID(virIdentityPtr ident, } =20 =20 -int virIdentitySetUNIXProcessID(virIdentityPtr ident, - pid_t pid) +int virIdentitySetProcessID(virIdentityPtr ident, + pid_t pid) { VIR_AUTOFREE(char *) val =3D NULL; =20 @@ -500,13 +500,13 @@ int virIdentitySetUNIXProcessID(virIdentityPtr ident, return -1; =20 return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, + VIR_IDENTITY_ATTR_PROCESS_ID, val); } =20 =20 -int virIdentitySetUNIXProcessTime(virIdentityPtr ident, - unsigned long long timestamp) +int virIdentitySetProcessTime(virIdentityPtr ident, + unsigned long long timestamp) { VIR_AUTOFREE(char *) val =3D NULL; =20 @@ -514,7 +514,7 @@ int virIdentitySetUNIXProcessTime(virIdentityPtr ident, return -1; =20 return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + VIR_IDENTITY_ATTR_PROCESS_TIME, val); } =20 diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 0fde3207ca..e66e60dbf3 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -27,12 +27,12 @@ typedef struct _virIdentity virIdentity; typedef virIdentity *virIdentityPtr; =20 typedef enum { - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, VIR_IDENTITY_ATTR_UNIX_USER_ID, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + VIR_IDENTITY_ATTR_PROCESS_ID, + VIR_IDENTITY_ATTR_PROCESS_TIME, VIR_IDENTITY_ATTR_SASL_USER_NAME, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, VIR_IDENTITY_ATTR_SELINUX_CONTEXT, @@ -64,18 +64,18 @@ bool virIdentityIsEqual(virIdentityPtr identA, ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); =20 -int virIdentityGetUNIXUserName(virIdentityPtr ident, - const char **username); +int virIdentityGetUserName(virIdentityPtr ident, + const char **username); int virIdentityGetUNIXUserID(virIdentityPtr ident, uid_t *uid); -int virIdentityGetUNIXGroupName(virIdentityPtr ident, - const char **groupname); +int virIdentityGetGroupName(virIdentityPtr ident, + const char **groupname); int virIdentityGetUNIXGroupID(virIdentityPtr ident, gid_t *gid); -int virIdentityGetUNIXProcessID(virIdentityPtr ident, - pid_t *pid); -int virIdentityGetUNIXProcessTime(virIdentityPtr ident, - unsigned long long *timestamp); +int virIdentityGetProcessID(virIdentityPtr ident, + pid_t *pid); +int virIdentityGetProcessTime(virIdentityPtr ident, + unsigned long long *timestamp); int virIdentityGetSASLUserName(virIdentityPtr ident, const char **username); int virIdentityGetX509DName(virIdentityPtr ident, @@ -84,18 +84,18 @@ int virIdentityGetSELinuxContext(virIdentityPtr ident, const char **context); =20 =20 -int virIdentitySetUNIXUserName(virIdentityPtr ident, - const char *username); +int virIdentitySetUserName(virIdentityPtr ident, + const char *username); int virIdentitySetUNIXUserID(virIdentityPtr ident, uid_t uid); -int virIdentitySetUNIXGroupName(virIdentityPtr ident, - const char *groupname); +int virIdentitySetGroupName(virIdentityPtr ident, + const char *groupname); int virIdentitySetUNIXGroupID(virIdentityPtr ident, gid_t gid); -int virIdentitySetUNIXProcessID(virIdentityPtr ident, - pid_t pid); -int virIdentitySetUNIXProcessTime(virIdentityPtr ident, - unsigned long long timestamp); +int virIdentitySetProcessID(virIdentityPtr ident, + pid_t pid); +int virIdentitySetProcessTime(virIdentityPtr ident, + unsigned long long timestamp); int virIdentitySetSASLUserName(virIdentityPtr ident, const char *username); int virIdentitySetX509DName(virIdentityPtr ident, diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index b60d944d8e..17d6e5f3b3 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -46,12 +46,12 @@ static int testIdentityAttrs(const void *data ATTRIBUTE= _UNUSED) goto cleanup; =20 if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, "fred") < 0) goto cleanup; =20 if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, &val) < 0) goto cleanup; =20 @@ -61,7 +61,7 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_U= NUSED) } =20 if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, &val) < 0) goto cleanup; =20 @@ -71,14 +71,14 @@ static int testIdentityAttrs(const void *data ATTRIBUTE= _UNUSED) } =20 if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, "joe") !=3D -1) { VIR_DEBUG("Unexpectedly overwrote attribute"); goto cleanup; } =20 if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, &val) < 0) goto cleanup; =20 @@ -111,7 +111,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE= _UNUSED) } =20 if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, "fred") < 0) goto cleanup; =20 @@ -121,7 +121,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE= _UNUSED) } =20 if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, "fred") < 0) goto cleanup; =20 @@ -131,11 +131,11 @@ static int testIdentityEqual(const void *data ATTRIBU= TE_UNUSED) } =20 if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, "flintstone") < 0) goto cleanup; if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, "flintstone") < 0) goto cleanup; =20 diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index 4d7c6555b9..5015273e55 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -86,7 +86,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUS= ED) } =20 if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_USER_NAME, &gotUsername) < 0) { fprintf(stderr, "Missing username in identity\n"); goto cleanup; @@ -110,7 +110,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UN= USED) } =20 if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_GROUP_NAME, &gotGroupname) < 0) { fprintf(stderr, "Missing groupname in identity\n"); goto cleanup; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684648; cv=none; d=zoho.com; s=zohoarc; b=FioLDSq6Zr6XnWLvH0bUPd5hDfJI/fcxjgQqfXrh3uyW7uDdqmaF5mPzidp3Lvh6zTUr5SgGo7aSvmRcxBDodsg+/GiQCNLgESyPnrVHLbWmVc+RGkapGtAtBhhhZ1GyvZZOUgRZyNgxlTU9Jbl6JUNZ5k5izMO+pObnJ04hHzY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684648; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=gAPcD7f+cauPWiQsgfByU5zIQhAPjRL5iXSxx/0+53o=; b=aq5H/Sso6Zv9fJ1ITlTgORWy272qhKunBpB/tRMnTPyq1rBBvyyy6CeLTI17qBgtr3ld9rwQ8ghuTOlxeDHW2jw9DA+JntjENu86YCRfR2VWT1UzZNVaIlbs/nZ1jqzOknq57YL1avaGTYk11Nbt/SapIiVSRBZ+KI42JO8vhmk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684648184715.2969253590938; Thu, 5 Sep 2019 04:57:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CCA12190C03F; Thu, 5 Sep 2019 11:57:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D6AA5D713; Thu, 5 Sep 2019 11:57:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0C84D1806B01; Thu, 5 Sep 2019 11:57:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BuY5L030929 for ; Thu, 5 Sep 2019 07:56:34 -0400 Received: by smtp.corp.redhat.com (Postfix) id DF57860C5E; Thu, 5 Sep 2019 11:56:34 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3713D60BE1; Thu, 5 Sep 2019 11:56:34 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:21 +0100 Message-Id: <20190905115627.11493-4-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Andrea Bolognani Subject: [libvirt] [PATCH 3/9] tests: fix debug messages wrt selinux context when test fails X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.70]); Thu, 05 Sep 2019 11:57:27 +0000 (UTC) Reviewed-by: Andrea Bolognani Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/viridentitytest.c | 3 ++- tests/virnetserverclienttest.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index 17d6e5f3b3..3c9eb8683a 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -187,7 +187,8 @@ static int testIdentityGetSystem(const void *data) goto cleanup; =20 if (STRNEQ_NULLABLE(val, context)) { - VIR_DEBUG("Unexpected SELinux context attribute"); + VIR_DEBUG("Want SELinux context '%s' got '%s'", + context, val); goto cleanup; } =20 diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index 5015273e55..aaecfe7987 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -140,8 +140,8 @@ static int testIdentity(const void *opaque ATTRIBUTE_UN= USED) goto cleanup; } if (STRNEQ_NULLABLE("foo_u:bar_r:wizz_t:s0-s0:c0.c1023", gotSELinuxCon= text)) { - fprintf(stderr, "Want groupname 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023= ' got '%s'\n", - NULLSTR(gotGroupID)); + fprintf(stderr, "Want SELinux context 'foo_u:bar_r:wizz_t:s0-s0:c0= .c1023' got '%s'\n", + NULLSTR(gotSELinuxContext)); goto cleanup; } =20 --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684651; cv=none; d=zoho.com; s=zohoarc; b=eUSfDqT8fXaSHaUg9l8WmEj25nA9+aWxK7Y8k+MVfSd/veJXXBg7xmZVpH1Fhdw+Tr9MiOXrAyTTdG5f1eVXHx9mmXha0fLppe5BMopxK5Kl4HFplB6PvZCcmurk9oyvSVfBVPiOlPqDZ25yw79S76MuOcc94gzOszlb82qilC4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684651; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=pPEkAMMEQYvER733hi0z+LTqVppiC/2M21OI8imc/e4=; b=KagNuOk8oD0y6VkdChjaxCbFMI4ucu9zkOf9A7fwHd7TyEdUH1LzCAmURqf0zlw7j54Sl4HpkvGjS2fFFUUcuMFLiZrWU447p1mhKvfNFG3yPXR5eDPNhVCESfZImjVvpWbSkriC0sX2DE0Huy5O2MqsT3LSTpbhjFaT8qWO8fM= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684651835623.63818229029; Thu, 5 Sep 2019 04:57:31 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 856533082B41; Thu, 5 Sep 2019 11:57:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 59CFA19C6A; Thu, 5 Sep 2019 11:57:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 14706C593; Thu, 5 Sep 2019 11:57:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BuZAn030935 for ; Thu, 5 Sep 2019 07:56:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id D280960BE1; Thu, 5 Sep 2019 11:56:35 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2BABF60C18; Thu, 5 Sep 2019 11:56:35 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:22 +0100 Message-Id: <20190905115627.11493-5-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Andrea Bolognani Subject: [libvirt] [PATCH 4/9] util: make generic identity accessors private X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Thu, 05 Sep 2019 11:57:31 +0000 (UTC) Only expose the type safe getters/setters to other code in preparation for changing the internal storage of data. Reviewed-by: Andrea Bolognani Signed-off-by: Daniel P. Berrang=C3=A9 --- src/libvirt_private.syms | 2 -- src/util/viridentity.c | 28 +++++++++++++++++----- src/util/viridentity.h | 25 ------------------- tests/viridentitytest.c | 44 +++++++++------------------------- tests/virnetserverclienttest.c | 36 ++++++++++------------------ 5 files changed, 46 insertions(+), 89 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a46d9a9165..108a8ef736 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2142,7 +2142,6 @@ virHostGetBootTime; =20 =20 # util/viridentity.h -virIdentityGetAttr; virIdentityGetCurrent; virIdentityGetGroupName; virIdentityGetProcessID; @@ -2156,7 +2155,6 @@ virIdentityGetUserName; virIdentityGetX509DName; virIdentityIsEqual; virIdentityNew; -virIdentitySetAttr; virIdentitySetCurrent; virIdentitySetGroupName; virIdentitySetProcessID; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index d920152c08..abb486c87f 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -41,6 +41,20 @@ =20 VIR_LOG_INIT("util.identity"); =20 +typedef enum { + VIR_IDENTITY_ATTR_USER_NAME, + VIR_IDENTITY_ATTR_UNIX_USER_ID, + VIR_IDENTITY_ATTR_GROUP_NAME, + VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + VIR_IDENTITY_ATTR_PROCESS_ID, + VIR_IDENTITY_ATTR_PROCESS_TIME, + VIR_IDENTITY_ATTR_SASL_USER_NAME, + VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, + VIR_IDENTITY_ATTR_SELINUX_CONTEXT, + + VIR_IDENTITY_ATTR_LAST, +} virIdentityAttrType; + struct _virIdentity { virObject parent; =20 @@ -233,9 +247,10 @@ static void virIdentityDispose(void *object) * * Returns: 0 on success, or -1 on error */ -int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) +static int +virIdentitySetAttr(virIdentityPtr ident, + unsigned int attr, + const char *value) { int ret =3D -1; VIR_DEBUG("ident=3D%p attribute=3D%u value=3D%s", ident, attr, value); @@ -269,9 +284,10 @@ int virIdentitySetAttr(virIdentityPtr ident, * * Returns 0 on success, -1 on error */ -int virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) +static int +virIdentityGetAttr(virIdentityPtr ident, + unsigned int attr, + const char **value) { VIR_DEBUG("ident=3D%p attribute=3D%d value=3D%p", ident, attr, value); =20 diff --git a/src/util/viridentity.h b/src/util/viridentity.h index e66e60dbf3..e243284cd5 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -26,20 +26,6 @@ typedef struct _virIdentity virIdentity; typedef virIdentity *virIdentityPtr; =20 -typedef enum { - VIR_IDENTITY_ATTR_USER_NAME, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - VIR_IDENTITY_ATTR_GROUP_NAME, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - VIR_IDENTITY_ATTR_PROCESS_ID, - VIR_IDENTITY_ATTR_PROCESS_TIME, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - - VIR_IDENTITY_ATTR_LAST, -} virIdentityAttrType; - virIdentityPtr virIdentityGetCurrent(void); int virIdentitySetCurrent(virIdentityPtr ident); =20 @@ -47,17 +33,6 @@ virIdentityPtr virIdentityGetSystem(void); =20 virIdentityPtr virIdentityNew(void); =20 -int virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(3); - -int virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(3); =20 bool virIdentityIsEqual(virIdentityPtr identA, virIdentityPtr identB) diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index 3c9eb8683a..cdf5325b4c 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -45,14 +45,10 @@ static int testIdentityAttrs(const void *data ATTRIBUTE= _UNUSED) if (!(ident =3D virIdentityNew())) goto cleanup; =20 - if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - "fred") < 0) + if (virIdentitySetUserName(ident, "fred") < 0) goto cleanup; =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - &val) < 0) + if (virIdentityGetUserName(ident, &val) < 0) goto cleanup; =20 if (STRNEQ_NULLABLE(val, "fred")) { @@ -60,9 +56,7 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_U= NUSED) goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_GROUP_NAME, - &val) < 0) + if (virIdentityGetGroupName(ident, &val) < 0) goto cleanup; =20 if (val !=3D NULL) { @@ -70,16 +64,12 @@ static int testIdentityAttrs(const void *data ATTRIBUTE= _UNUSED) goto cleanup; } =20 - if (virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - "joe") !=3D -1) { + if (virIdentitySetUserName(ident, "joe") >=3D 0) { VIR_DEBUG("Unexpectedly overwrote attribute"); goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - &val) < 0) + if (virIdentityGetUserName(ident, &val) < 0) goto cleanup; =20 if (STRNEQ_NULLABLE(val, "fred")) { @@ -110,9 +100,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE= _UNUSED) goto cleanup; } =20 - if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_USER_NAME, - "fred") < 0) + if (virIdentitySetUserName(identa, "fred") < 0) goto cleanup; =20 if (virIdentityIsEqual(identa, identb)) { @@ -120,9 +108,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE= _UNUSED) goto cleanup; } =20 - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_USER_NAME, - "fred") < 0) + if (virIdentitySetUserName(identb, "fred") < 0) goto cleanup; =20 if (!virIdentityIsEqual(identa, identb)) { @@ -130,13 +116,9 @@ static int testIdentityEqual(const void *data ATTRIBUT= E_UNUSED) goto cleanup; } =20 - if (virIdentitySetAttr(identa, - VIR_IDENTITY_ATTR_GROUP_NAME, - "flintstone") < 0) + if (virIdentitySetGroupName(identa, "flintstone") < 0) goto cleanup; - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_GROUP_NAME, - "flintstone") < 0) + if (virIdentitySetGroupName(identb, "flintstone") < 0) goto cleanup; =20 if (!virIdentityIsEqual(identa, identb)) { @@ -144,9 +126,7 @@ static int testIdentityEqual(const void *data ATTRIBUTE= _UNUSED) goto cleanup; } =20 - if (virIdentitySetAttr(identb, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - "fred@FLINTSTONE.COM") < 0) + if (virIdentitySetSASLUserName(identb, "fred@FLINTSTONE.COM") < 0) goto cleanup; =20 if (virIdentityIsEqual(identa, identb)) { @@ -181,9 +161,7 @@ static int testIdentityGetSystem(const void *data) goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - &val) < 0) + if (virIdentityGetSELinuxContext(ident, &val) < 0) goto cleanup; =20 if (STRNEQ_NULLABLE(val, context)) { diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index aaecfe7987..3cd76f42ff 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -53,9 +53,9 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUS= ED) virNetServerClientPtr client =3D NULL; virIdentityPtr ident =3D NULL; const char *gotUsername =3D NULL; - const char *gotUserID =3D NULL; + uid_t gotUserID; const char *gotGroupname =3D NULL; - const char *gotGroupID =3D NULL; + gid_t gotGroupID; const char *gotSELinuxContext =3D NULL; =20 if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) { @@ -85,9 +85,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUS= ED) goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - &gotUsername) < 0) { + if (virIdentityGetUserName(ident, &gotUsername) < 0) { fprintf(stderr, "Missing username in identity\n"); goto cleanup; } @@ -97,21 +95,17 @@ static int testIdentity(const void *opaque ATTRIBUTE_UN= USED) goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - &gotUserID) < 0) { + if (virIdentityGetUNIXUserID(ident, &gotUserID) < 0) { fprintf(stderr, "Missing user ID in identity\n"); goto cleanup; } - if (STRNEQ_NULLABLE("666", gotUserID)) { - fprintf(stderr, "Want username '666' got '%s'\n", - NULLSTR(gotUserID)); + if (666 !=3D gotUserID) { + fprintf(stderr, "Want username '666' got '%llu'\n", + (unsigned long long)gotUserID); goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_GROUP_NAME, - &gotGroupname) < 0) { + if (virIdentityGetGroupName(ident, &gotGroupname) < 0) { fprintf(stderr, "Missing groupname in identity\n"); goto cleanup; } @@ -121,21 +115,17 @@ static int testIdentity(const void *opaque ATTRIBUTE_= UNUSED) goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - &gotGroupID) < 0) { + if (virIdentityGetUNIXGroupID(ident, &gotGroupID) < 0) { fprintf(stderr, "Missing group ID in identity\n"); goto cleanup; } - if (STRNEQ_NULLABLE("7337", gotGroupID)) { - fprintf(stderr, "Want groupname '7337' got '%s'\n", - NULLSTR(gotGroupID)); + if (7337 !=3D gotGroupID) { + fprintf(stderr, "Want groupname '7337' got '%llu'\n", + (unsigned long long)gotGroupID); goto cleanup; } =20 - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - &gotSELinuxContext) < 0) { + if (virIdentityGetSELinuxContext(ident, &gotSELinuxContext) < 0) { fprintf(stderr, "Missing SELinux context in identity\n"); goto cleanup; } --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684724; cv=none; d=zoho.com; s=zohoarc; b=NuPcoWRG3GdZcUre02R74J3J/YSeoQ8Q9EDz3EWA73Yf9Z51OmTv1KZlXJ3Diukghf0Xrj4D2qF4BH/ZgsOhav5Z30c4pGv2lO+bETqbSEfr75JNSWfBs4owgMYr585tqxnLjP0IauR5IvfVbtRNxvqAHL3JzX7g9uUrIeUiYmA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684724; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=LMHyYnCNtW7tS4E7MdmT2bswdlbWQkOPm/iKHxAc4Gc=; b=DRtL5S1Pm6aEqICBvZvmJQO/mEVeWLm+G3C/AJAqVqnwBnsiHc+AHycbxTGeoGmXAd2rJbTG2GN7zmgWhS8s/o88Y7DiAO1vR1EzHNig0MCNwY6Xpy1cmhmpP5GHX+9HK9nZh+lSAnRPcq27ci4gcenGgLRkGEKRLbpg+Os7kqk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684724725432.04984899756323; Thu, 5 Sep 2019 04:58:44 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 011FB301D678; Thu, 5 Sep 2019 11:58:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CB01619C77; Thu, 5 Sep 2019 11:58:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8D82024F33; Thu, 5 Sep 2019 11:58:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BuaQl030949 for ; Thu, 5 Sep 2019 07:56:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id A8A9B60C5D; Thu, 5 Sep 2019 11:56:36 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2052060BE1; Thu, 5 Sep 2019 11:56:35 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:23 +0100 Message-Id: <20190905115627.11493-6-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 5/9] util: removed unused virIdentityIsEqual method X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Thu, 05 Sep 2019 11:58:43 +0000 (UTC) It is simpler to remove this unused method than to rewrite it using typed parameters in the next patch. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/libvirt_private.syms | 1 - src/util/viridentity.c | 29 -------------------- src/util/viridentity.h | 6 ---- tests/viridentitytest.c | 59 ---------------------------------------- 4 files changed, 95 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 108a8ef736..fec1787497 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2153,7 +2153,6 @@ virIdentityGetUNIXGroupID; virIdentityGetUNIXUserID; virIdentityGetUserName; virIdentityGetX509DName; -virIdentityIsEqual; virIdentityNew; virIdentitySetCurrent; virIdentitySetGroupName; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index abb486c87f..55312fc0a0 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -297,35 +297,6 @@ virIdentityGetAttr(virIdentityPtr ident, } =20 =20 -/** - * virIdentityIsEqual: - * @identA: the first identity - * @identB: the second identity - * - * Compares every attribute in @identA and @identB - * to determine if they refer to the same identity - * - * Returns true if they are equal, false if not equal - */ -bool virIdentityIsEqual(virIdentityPtr identA, - virIdentityPtr identB) -{ - bool ret =3D false; - size_t i; - VIR_DEBUG("identA=3D%p identB=3D%p", identA, identB); - - for (i =3D 0; i < VIR_IDENTITY_ATTR_LAST; i++) { - if (STRNEQ_NULLABLE(identA->attrs[i], - identB->attrs[i])) - goto cleanup; - } - - ret =3D true; - cleanup: - return ret; -} - - int virIdentityGetUserName(virIdentityPtr ident, const char **username) { diff --git a/src/util/viridentity.h b/src/util/viridentity.h index e243284cd5..805ad3ea4d 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -33,12 +33,6 @@ virIdentityPtr virIdentityGetSystem(void); =20 virIdentityPtr virIdentityNew(void); =20 - -bool virIdentityIsEqual(virIdentityPtr identA, - virIdentityPtr identB) - ATTRIBUTE_NONNULL(1) - ATTRIBUTE_NONNULL(2); - int virIdentityGetUserName(virIdentityPtr ident, const char **username); int virIdentityGetUNIXUserID(virIdentityPtr ident, diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index cdf5325b4c..d76c779dd5 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -84,63 +84,6 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_= UNUSED) } =20 =20 -static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED) -{ - int ret =3D -1; - virIdentityPtr identa =3D NULL; - virIdentityPtr identb =3D NULL; - - if (!(identa =3D virIdentityNew())) - goto cleanup; - if (!(identb =3D virIdentityNew())) - goto cleanup; - - if (!virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Empty identities were not equal"); - goto cleanup; - } - - if (virIdentitySetUserName(identa, "fred") < 0) - goto cleanup; - - if (virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Mis-matched identities should not be equal"); - goto cleanup; - } - - if (virIdentitySetUserName(identb, "fred") < 0) - goto cleanup; - - if (!virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Matched identities were not equal"); - goto cleanup; - } - - if (virIdentitySetGroupName(identa, "flintstone") < 0) - goto cleanup; - if (virIdentitySetGroupName(identb, "flintstone") < 0) - goto cleanup; - - if (!virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Matched identities were not equal"); - goto cleanup; - } - - if (virIdentitySetSASLUserName(identb, "fred@FLINTSTONE.COM") < 0) - goto cleanup; - - if (virIdentityIsEqual(identa, identb)) { - VIR_DEBUG("Mis-matched identities should not be equal"); - goto cleanup; - } - - ret =3D 0; - cleanup: - virObjectUnref(identa); - virObjectUnref(identb); - return ret; -} - static int testIdentityGetSystem(const void *data) { const char *context =3D data; @@ -204,8 +147,6 @@ mymain(void) =20 if (virTestRun("Identity attributes ", testIdentityAttrs, NULL) < 0) ret =3D -1; - if (virTestRun("Identity equality ", testIdentityEqual, NULL) < 0) - ret =3D -1; if (virTestRun("Setting fake SELinux context ", testSetFakeSELinuxCont= ext, context) < 0) ret =3D -1; if (virTestRun("System identity (fake SELinux enabled) ", testIdentity= GetSystem, context) < 0) --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684727; cv=none; d=zoho.com; s=zohoarc; b=HI/S1JHyoDMuQzko/4cWpEJWlVn+vJzPXi+rKgl6Li7fDqRAfqJICaXsSlg5qMZjmvgRy+GySeJCW8/fIamp1pWkPZQNCu8olZgKkVpCoDj0TbF3zn26hnC0esI4uPy2YHuwi+ikemXKszMc1OU7lR83fFI0KFII0nZ+496Dq8o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684727; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=M2MymHBj99PV2eNaU0Kb7yFX9FgcyFk93LM2UMWbU/E=; b=bxcFD7mWhXIxeJil5XxZYoYOvZRoSSMqIV2H9MPcyrko9t5SFw+QpuPESejzkmB2C7M1aFgfmAsfg1yMnK+UxYDjB6M8z1eqvSlSMp28+uSKTqydH3q5yCv1tjmHkypYxSXXih5g6eqzdnDFj8PHUyn0hVBQLjgKn2mgYKVaRv0= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684727871485.68514496140426; Thu, 5 Sep 2019 04:58:47 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A8FC58830E; Thu, 5 Sep 2019 11:58:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7877E60623; Thu, 5 Sep 2019 11:58:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 18464180B536; Thu, 5 Sep 2019 11:58:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85Bubs2030957 for ; Thu, 5 Sep 2019 07:56:37 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7BB6F60C5E; Thu, 5 Sep 2019 11:56:37 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id E8EE860C18; Thu, 5 Sep 2019 11:56:36 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:24 +0100 Message-Id: <20190905115627.11493-7-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 6/9] util: sanitize return values for virIdentity getters X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 05 Sep 2019 11:58:47 +0000 (UTC) The virIdentity getters are unusual in that they return -1 to indicate "not found" and don't report any error. Change them to return -1 for real errors, 0 for not found, and 1 for success. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/access/viraccessdriverpolkit.c | 18 +++- src/admin/admin_server.c | 52 ++++++---- src/util/viridentity.c | 156 ++++++++++++++++++++--------- tests/viridentitytest.c | 31 ++++-- tests/virnetserverclienttest.c | 10 +- 5 files changed, 180 insertions(+), 87 deletions(-) diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdrive= rpolkit.c index 75dbf8a0fa..e61ac6fa19 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -80,6 +80,7 @@ virAccessDriverPolkitGetCaller(const char *actionid, { virIdentityPtr identity =3D virIdentityGetCurrent(); int ret =3D -1; + int rc; =20 if (!identity) { virAccessError(VIR_ERR_ACCESS_DENIED, @@ -88,17 +89,28 @@ virAccessDriverPolkitGetCaller(const char *actionid, return -1; } =20 - if (virIdentityGetProcessID(identity, pid) < 0) { + if ((rc =3D virIdentityGetProcessID(identity, pid)) < 0) + goto cleanup; + + if (rc =3D=3D 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No process ID available")); goto cleanup; } - if (virIdentityGetProcessTime(identity, startTime) < 0) { + + if ((rc =3D virIdentityGetProcessTime(identity, startTime)) < 0) + goto cleanup; + + if (rc =3D=3D 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No process start time available")); goto cleanup; } - if (virIdentityGetUNIXUserID(identity, uid) < 0) { + + if ((rc =3D virIdentityGetUNIXUserID(identity, uid)) < 0) + goto cleanup; + + if (rc =3D=3D 0) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No UNIX caller UID available")); goto cleanup; diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c index 80e5a36679..248df3f795 100644 --- a/src/admin/admin_server.c +++ b/src/admin/admin_server.c @@ -222,6 +222,7 @@ adminClientGetInfo(virNetServerClientPtr client, const char *attr =3D NULL; virTypedParameterPtr tmpparams =3D NULL; virIdentityPtr identity =3D NULL; + int rc; =20 virCheckFlags(0, -1); =20 @@ -234,11 +235,12 @@ adminClientGetInfo(virNetServerClientPtr client, readonly) < 0) goto cleanup; =20 - if (virIdentityGetSASLUserName(identity, &attr) < 0 || - (attr && - virTypedParamsAddString(&tmpparams, nparams, &maxparams, - VIR_CLIENT_INFO_SASL_USER_NAME, - attr) < 0)) + if ((rc =3D virIdentityGetSASLUserName(identity, &attr)) < 0) + goto cleanup; + if (rc =3D=3D 1 && + virTypedParamsAddString(&tmpparams, nparams, &maxparams, + VIR_CLIENT_INFO_SASL_USER_NAME, + attr) < 0) goto cleanup; =20 if (!virNetServerClientIsLocal(client)) { @@ -247,48 +249,60 @@ adminClientGetInfo(virNetServerClientPtr client, sock_addr) < 0) goto cleanup; =20 - if (virIdentityGetX509DName(identity, &attr) < 0 || - (attr && - virTypedParamsAddString(&tmpparams, nparams, &maxparams, - VIR_CLIENT_INFO_X509_DISTINGUISHED_NA= ME, - attr) < 0)) + if ((rc =3D virIdentityGetX509DName(identity, &attr)) < 0) + goto cleanup; + if (rc =3D=3D 1 && + virTypedParamsAddString(&tmpparams, nparams, &maxparams, + VIR_CLIENT_INFO_X509_DISTINGUISHED_NAM= E, + attr) < 0) goto cleanup; } else { pid_t pid; uid_t uid; gid_t gid; - if (virIdentityGetUNIXUserID(identity, &uid) < 0 || + if ((rc =3D virIdentityGetUNIXUserID(identity, &uid)) < 0) + goto cleanup; + if (rc =3D=3D 1 && virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0) goto cleanup; =20 - if (virIdentityGetUserName(identity, &attr) < 0 || + if ((rc =3D virIdentityGetUserName(identity, &attr)) < 0) + goto cleanup; + if (rc =3D=3D 1 && virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_USER_NAME, attr) < 0) goto cleanup; =20 - if (virIdentityGetUNIXGroupID(identity, &gid) < 0 || + if ((rc =3D virIdentityGetUNIXGroupID(identity, &gid)) < 0) + goto cleanup; + if (rc =3D=3D 1 && virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0) goto cleanup; =20 - if (virIdentityGetGroupName(identity, &attr) < 0 || + if ((rc =3D virIdentityGetGroupName(identity, &attr)) < 0) + goto cleanup; + if (rc =3D=3D 1 && virTypedParamsAddString(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_GROUP_NAME, attr) < 0) goto cleanup; =20 - if (virIdentityGetProcessID(identity, &pid) < 0 || + if ((rc =3D virIdentityGetProcessID(identity, &pid)) < 0) + goto cleanup; + if (rc =3D=3D 1 && virTypedParamsAddInt(&tmpparams, nparams, &maxparams, VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0) goto cleanup; } =20 - if (virIdentityGetSELinuxContext(identity, &attr) < 0 || - (attr && - virTypedParamsAddString(&tmpparams, nparams, &maxparams, - VIR_CLIENT_INFO_SELINUX_CONTEXT, attr) < 0= )) + if ((rc =3D virIdentityGetSELinuxContext(identity, &attr)) < 0) + goto cleanup; + if (rc =3D=3D 1 && + virTypedParamsAddString(&tmpparams, nparams, &maxparams, + VIR_CLIENT_INFO_SELINUX_CONTEXT, attr) < 0) goto cleanup; =20 *params =3D tmpparams; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 55312fc0a0..964a33d339 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -281,10 +281,8 @@ virIdentitySetAttr(virIdentityPtr ident, * with the identifying attribute @attr in @ident. If * @attr is not set, then it will simply be initialized * to NULL and considered as a successful read - * - * Returns 0 on success, -1 on error */ -static int +static void virIdentityGetAttr(virIdentityPtr ident, unsigned int attr, const char **value) @@ -292,20 +290,29 @@ virIdentityGetAttr(virIdentityPtr ident, VIR_DEBUG("ident=3D%p attribute=3D%d value=3D%p", ident, attr, value); =20 *value =3D ident->attrs[attr]; - - return 0; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetUserName(virIdentityPtr ident, const char **username) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - username); + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_USER_NAME, + username); + + if (!*username) + return 0; + + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetUNIXUserID(virIdentityPtr ident, uid_t *uid) { @@ -313,31 +320,44 @@ int virIdentityGetUNIXUserID(virIdentityPtr ident, const char *userid; =20 *uid =3D -1; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - &userid) < 0) - return -1; - + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_UNIX_USER_ID, + &userid); if (!userid) - return -1; + return 0; =20 - if (virStrToLong_i(userid, NULL, 10, &val) < 0) + if (virStrToLong_i(userid, NULL, 10, &val) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot parse user ID '%s'"), userid); return -1; + } =20 *uid =3D (uid_t)val; =20 - return 0; + return 1; } =20 + +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetGroupName(virIdentityPtr ident, const char **groupname) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_GROUP_NAME, - groupname); + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_GROUP_NAME, + groupname); + + if (!*groupname) + return 0; + + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetUNIXGroupID(virIdentityPtr ident, gid_t *gid) { @@ -345,23 +365,28 @@ int virIdentityGetUNIXGroupID(virIdentityPtr ident, const char *groupid; =20 *gid =3D -1; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - &groupid) < 0) - return -1; + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + &groupid); =20 if (!groupid) - return -1; + return 0; =20 - if (virStrToLong_i(groupid, NULL, 10, &val) < 0) + if (virStrToLong_i(groupid, NULL, 10, &val) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot parse group ID '%s'"), groupid); return -1; + } =20 *gid =3D (gid_t)val; =20 - return 0; + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetProcessID(virIdentityPtr ident, pid_t *pid) { @@ -369,66 +394,99 @@ int virIdentityGetProcessID(virIdentityPtr ident, const char *processid; =20 *pid =3D 0; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_PROCESS_ID, - &processid) < 0) - return -1; + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_PROCESS_ID, + &processid); =20 if (!processid) - return -1; + return 0; =20 - if (virStrToLong_ull(processid, NULL, 10, &val) < 0) + if (virStrToLong_ull(processid, NULL, 10, &val) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot parse process ID '%s'"), processid); return -1; + } =20 *pid =3D (pid_t)val; =20 - return 0; + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetProcessTime(virIdentityPtr ident, unsigned long long *timestamp) { const char *processtime; - if (virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_PROCESS_TIME, - &processtime) < 0) - return -1; + + *timestamp =3D 0; + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_PROCESS_TIME, + &processtime); =20 if (!processtime) - return -1; + return 0; =20 - if (virStrToLong_ull(processtime, NULL, 10, timestamp) < 0) + if (virStrToLong_ull(processtime, NULL, 10, timestamp) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot parse process time '%s'"), processtime); return -1; + } =20 - return 0; + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetSASLUserName(virIdentityPtr ident, const char **username) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - username); + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_SASL_USER_NAME, + username); + + if (!*username) + return 0; + + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetX509DName(virIdentityPtr ident, const char **dname) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - dname); + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, + dname); + + if (!*dname) + return 0; + + return 1; } =20 =20 +/* + * Returns: 0 if not present, 1 if present, -1 on error + */ int virIdentityGetSELinuxContext(virIdentityPtr ident, const char **context) { - return virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - context); + virIdentityGetAttr(ident, + VIR_IDENTITY_ATTR_SELINUX_CONTEXT, + context); + + if (!*context) + return 0; + + return 1; } =20 =20 diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c index d76c779dd5..1eadd6173a 100644 --- a/tests/viridentitytest.c +++ b/tests/viridentitytest.c @@ -41,6 +41,7 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_U= NUSED) int ret =3D -1; virIdentityPtr ident; const char *val; + int rc; =20 if (!(ident =3D virIdentityNew())) goto cleanup; @@ -48,18 +49,18 @@ static int testIdentityAttrs(const void *data ATTRIBUTE= _UNUSED) if (virIdentitySetUserName(ident, "fred") < 0) goto cleanup; =20 - if (virIdentityGetUserName(ident, &val) < 0) + if ((rc =3D virIdentityGetUserName(ident, &val)) < 0) goto cleanup; =20 - if (STRNEQ_NULLABLE(val, "fred")) { + if (STRNEQ_NULLABLE(val, "fred") || rc !=3D 1) { VIR_DEBUG("Expected 'fred' got '%s'", NULLSTR(val)); goto cleanup; } =20 - if (virIdentityGetGroupName(ident, &val) < 0) + if ((rc =3D virIdentityGetGroupName(ident, &val)) < 0) goto cleanup; =20 - if (val !=3D NULL) { + if (val !=3D NULL || rc !=3D 0) { VIR_DEBUG("Unexpected groupname attribute"); goto cleanup; } @@ -69,10 +70,10 @@ static int testIdentityAttrs(const void *data ATTRIBUTE= _UNUSED) goto cleanup; } =20 - if (virIdentityGetUserName(ident, &val) < 0) + if ((rc =3D virIdentityGetUserName(ident, &val)) < 0) goto cleanup; =20 - if (STRNEQ_NULLABLE(val, "fred")) { + if (STRNEQ_NULLABLE(val, "fred") || rc !=3D 1) { VIR_DEBUG("Expected 'fred' got '%s'", NULLSTR(val)); goto cleanup; } @@ -90,6 +91,7 @@ static int testIdentityGetSystem(const void *data) int ret =3D -1; virIdentityPtr ident =3D NULL; const char *val; + int rc; =20 #if !WITH_SELINUX if (context) { @@ -104,13 +106,20 @@ static int testIdentityGetSystem(const void *data) goto cleanup; } =20 - if (virIdentityGetSELinuxContext(ident, &val) < 0) + if ((rc =3D virIdentityGetSELinuxContext(ident, &val)) < 0) goto cleanup; =20 - if (STRNEQ_NULLABLE(val, context)) { - VIR_DEBUG("Want SELinux context '%s' got '%s'", - context, val); - goto cleanup; + if (context =3D=3D NULL) { + if (val !=3D NULL || rc !=3D 0) { + VIR_DEBUG("Unexpected SELinux context %s", NULLSTR(val)); + goto cleanup; + } + } else { + if (STRNEQ_NULLABLE(val, context) || rc !=3D 1) { + VIR_DEBUG("Want SELinux context '%s' got '%s'", + context, val); + goto cleanup; + } } =20 ret =3D 0; diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c index 3cd76f42ff..d094de9840 100644 --- a/tests/virnetserverclienttest.c +++ b/tests/virnetserverclienttest.c @@ -85,7 +85,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUS= ED) goto cleanup; } =20 - if (virIdentityGetUserName(ident, &gotUsername) < 0) { + if (virIdentityGetUserName(ident, &gotUsername) <=3D 0) { fprintf(stderr, "Missing username in identity\n"); goto cleanup; } @@ -95,7 +95,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUS= ED) goto cleanup; } =20 - if (virIdentityGetUNIXUserID(ident, &gotUserID) < 0) { + if (virIdentityGetUNIXUserID(ident, &gotUserID) <=3D 0) { fprintf(stderr, "Missing user ID in identity\n"); goto cleanup; } @@ -105,7 +105,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UN= USED) goto cleanup; } =20 - if (virIdentityGetGroupName(ident, &gotGroupname) < 0) { + if (virIdentityGetGroupName(ident, &gotGroupname) <=3D 0) { fprintf(stderr, "Missing groupname in identity\n"); goto cleanup; } @@ -115,7 +115,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UN= USED) goto cleanup; } =20 - if (virIdentityGetUNIXGroupID(ident, &gotGroupID) < 0) { + if (virIdentityGetUNIXGroupID(ident, &gotGroupID) <=3D 0) { fprintf(stderr, "Missing group ID in identity\n"); goto cleanup; } @@ -125,7 +125,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UN= USED) goto cleanup; } =20 - if (virIdentityGetSELinuxContext(ident, &gotSELinuxContext) < 0) { + if (virIdentityGetSELinuxContext(ident, &gotSELinuxContext) <=3D 0) { fprintf(stderr, "Missing SELinux context in identity\n"); goto cleanup; } --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684655; cv=none; d=zoho.com; s=zohoarc; b=HOVZiNS26bby3+TJzNiSVovF6HHWHN9iprlg5hSsKDMDAKdlqKo1xZxxzRlVe43RFiFtxmLOz3HLOAVmDT7jLaPweHOAFHR+q/TbgjUCzasTAYKsYyUB8B594SpTJ7YOzBopHIaqDKpPPGpjCAzAJdudsYierkNopdWstSpdPiQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684655; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=CYVSjPyY5Zd+GmpBcdUVWEGGXAvr+44xg7+LojCE0Lk=; b=BT9dz4ziuRgPB/mKlztOjqGSge/XeVo4twTgaUCJPjFP4M39KJ1F1EdqAbZGMl0iKrZMKK+xt6F3OTJLJYOSon1zzAtxCGjPKp6B3kJqW3N2o2OS0ywvbPX2RFEyOCnM+MAyb28ZJvDDOGrVGEQDVOxn4jwRdWb/T3o2/LDSjnQ= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15676846555617.053107995176106; Thu, 5 Sep 2019 04:57:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7BA3918C8900; Thu, 5 Sep 2019 11:57:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 54B156060D; Thu, 5 Sep 2019 11:57:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 16A662551E; Thu, 5 Sep 2019 11:57:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BucqM030969 for ; Thu, 5 Sep 2019 07:56:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 52C4B60C5D; Thu, 5 Sep 2019 11:56:38 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id BF89160C18; Thu, 5 Sep 2019 11:56:37 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:25 +0100 Message-Id: <20190905115627.11493-8-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 7/9] util: store identity attrs as virTypedParameter internally X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.70]); Thu, 05 Sep 2019 11:57:34 +0000 (UTC) We'll shortly be exposing the identity as virTypedParameter in the public header, so it simplifies life to use that as the internal representation too. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/util/viridentity.c | 377 ++++++++++++++++++----------------------- 1 file changed, 166 insertions(+), 211 deletions(-) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 964a33d339..30621ca2a4 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -41,24 +41,12 @@ =20 VIR_LOG_INIT("util.identity"); =20 -typedef enum { - VIR_IDENTITY_ATTR_USER_NAME, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - VIR_IDENTITY_ATTR_GROUP_NAME, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - VIR_IDENTITY_ATTR_PROCESS_ID, - VIR_IDENTITY_ATTR_PROCESS_TIME, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - - VIR_IDENTITY_ATTR_LAST, -} virIdentityAttrType; - struct _virIdentity { virObject parent; =20 - char *attrs[VIR_IDENTITY_ATTR_LAST]; + int nparams; + int maxparams; + virTypedParameterPtr params; }; =20 static virClassPtr virIdentityClass; @@ -229,67 +217,8 @@ virIdentityPtr virIdentityNew(void) static void virIdentityDispose(void *object) { virIdentityPtr ident =3D object; - size_t i; - - for (i =3D 0; i < VIR_IDENTITY_ATTR_LAST; i++) - VIR_FREE(ident->attrs[i]); -} - - -/** - * virIdentitySetAttr: - * @ident: the identity to modify - * @attr: the attribute type to set - * @value: the identifying value to associate with @attr - * - * Sets an identifying attribute @attr on @ident. Each - * @attr type can only be set once. - * - * Returns: 0 on success, or -1 on error - */ -static int -virIdentitySetAttr(virIdentityPtr ident, - unsigned int attr, - const char *value) -{ - int ret =3D -1; - VIR_DEBUG("ident=3D%p attribute=3D%u value=3D%s", ident, attr, value); - - if (ident->attrs[attr]) { - virReportError(VIR_ERR_OPERATION_DENIED, "%s", - _("Identity attribute is already set")); - goto cleanup; - } - - if (VIR_STRDUP(ident->attrs[attr], value) < 0) - goto cleanup; =20 - ret =3D 0; - - cleanup: - return ret; -} - - -/** - * virIdentityGetAttr: - * @ident: the identity to query - * @attr: the attribute to read - * @value: filled with the attribute value - * - * Fills @value with a pointer to the value associated - * with the identifying attribute @attr in @ident. If - * @attr is not set, then it will simply be initialized - * to NULL and considered as a successful read - */ -static void -virIdentityGetAttr(virIdentityPtr ident, - unsigned int attr, - const char **value) -{ - VIR_DEBUG("ident=3D%p attribute=3D%d value=3D%p", ident, attr, value); - - *value =3D ident->attrs[attr]; + virTypedParamsFree(ident->params, ident->nparams); } =20 =20 @@ -299,14 +228,11 @@ virIdentityGetAttr(virIdentityPtr ident, int virIdentityGetUserName(virIdentityPtr ident, const char **username) { - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - username); - - if (!*username) - return 0; - - return 1; + *username =3D NULL; + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_USER_NAME, + username); } =20 =20 @@ -316,21 +242,16 @@ int virIdentityGetUserName(virIdentityPtr ident, int virIdentityGetUNIXUserID(virIdentityPtr ident, uid_t *uid) { - int val; - const char *userid; + unsigned long long val; + int rc; =20 *uid =3D -1; - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - &userid); - if (!userid) - return 0; - - if (virStrToLong_i(userid, NULL, 10, &val) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse user ID '%s'"), userid); - return -1; - } + rc =3D virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_UNIX_USER_ID, + &val); + if (rc <=3D 0) + return rc; =20 *uid =3D (uid_t)val; =20 @@ -344,14 +265,11 @@ int virIdentityGetUNIXUserID(virIdentityPtr ident, int virIdentityGetGroupName(virIdentityPtr ident, const char **groupname) { - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_GROUP_NAME, - groupname); - - if (!*groupname) - return 0; - - return 1; + *groupname =3D NULL; + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_GROUP_NAME, + groupname); } =20 =20 @@ -361,22 +279,16 @@ int virIdentityGetGroupName(virIdentityPtr ident, int virIdentityGetUNIXGroupID(virIdentityPtr ident, gid_t *gid) { - int val; - const char *groupid; + unsigned long long val; + int rc; =20 *gid =3D -1; - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - &groupid); - - if (!groupid) - return 0; - - if (virStrToLong_i(groupid, NULL, 10, &val) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse group ID '%s'"), groupid); - return -1; - } + rc =3D virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_UNIX_GROUP_ID, + &val); + if (rc <=3D 0) + return rc; =20 *gid =3D (gid_t)val; =20 @@ -390,22 +302,16 @@ int virIdentityGetUNIXGroupID(virIdentityPtr ident, int virIdentityGetProcessID(virIdentityPtr ident, pid_t *pid) { - unsigned long long val; - const char *processid; + long long val; + int rc; =20 *pid =3D 0; - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_PROCESS_ID, - &processid); - - if (!processid) - return 0; - - if (virStrToLong_ull(processid, NULL, 10, &val) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse process ID '%s'"), processid); - return -1; - } + rc =3D virTypedParamsGetLLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_PROCESS_ID, + &val); + if (rc <=3D 0) + return rc; =20 *pid =3D (pid_t)val; =20 @@ -419,23 +325,11 @@ int virIdentityGetProcessID(virIdentityPtr ident, int virIdentityGetProcessTime(virIdentityPtr ident, unsigned long long *timestamp) { - const char *processtime; - *timestamp =3D 0; - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_PROCESS_TIME, - &processtime); - - if (!processtime) - return 0; - - if (virStrToLong_ull(processtime, NULL, 10, timestamp) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse process time '%s'"), processtime); - return -1; - } - - return 1; + return virTypedParamsGetULLong(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_PROCESS_TIME, + timestamp); } =20 =20 @@ -445,14 +339,11 @@ int virIdentityGetProcessTime(virIdentityPtr ident, int virIdentityGetSASLUserName(virIdentityPtr ident, const char **username) { - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - username); - - if (!*username) - return 0; - - return 1; + *username =3D NULL; + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SASL_USER_NAME, + username); } =20 =20 @@ -462,14 +353,11 @@ int virIdentityGetSASLUserName(virIdentityPtr ident, int virIdentityGetX509DName(virIdentityPtr ident, const char **dname) { - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - dname); - - if (!*dname) - return 0; - - return 1; + *dname =3D NULL; + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED= _NAME, + dname); } =20 =20 @@ -479,88 +367,125 @@ int virIdentityGetX509DName(virIdentityPtr ident, int virIdentityGetSELinuxContext(virIdentityPtr ident, const char **context) { - virIdentityGetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - context); - - if (!*context) - return 0; - - return 1; + *context =3D NULL; + return virTypedParamsGetString(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, + context); } =20 =20 int virIdentitySetUserName(virIdentityPtr ident, const char *username) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_USER_NAME, - username); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_USER_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_USER_NAME, + username); } =20 =20 int virIdentitySetUNIXUserID(virIdentityPtr ident, uid_t uid) { - VIR_AUTOFREE(char *) val =3D NULL; - - if (virAsprintf(&val, "%d", (int)uid) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_UNIX_USER_ID)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } =20 - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_USER_ID, - val); + return virTypedParamsAddULLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_UNIX_USER_ID, + uid); } =20 =20 int virIdentitySetGroupName(virIdentityPtr ident, const char *groupname) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_GROUP_NAME, - groupname); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_GROUP_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_GROUP_NAME, + groupname); } =20 =20 int virIdentitySetUNIXGroupID(virIdentityPtr ident, gid_t gid) { - VIR_AUTOFREE(char *) val =3D NULL; - - if (virAsprintf(&val, "%d", (int)gid) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_UNIX_GROUP_ID)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } =20 - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - val); + return virTypedParamsAddULLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_UNIX_GROUP_ID, + gid); } =20 =20 int virIdentitySetProcessID(virIdentityPtr ident, pid_t pid) { - VIR_AUTOFREE(char *) val =3D NULL; - - if (virAsprintf(&val, "%lld", (long long) pid) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_PROCESS_ID)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } =20 - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_PROCESS_ID, - val); + return virTypedParamsAddLLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_PROCESS_ID, + pid); } =20 =20 int virIdentitySetProcessTime(virIdentityPtr ident, unsigned long long timestamp) { - VIR_AUTOFREE(char *) val =3D NULL; - - if (virAsprintf(&val, "%llu", timestamp) < 0) + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_PROCESS_TIME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); return -1; + } =20 - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_PROCESS_TIME, - val); + return virTypedParamsAddULLong(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_PROCESS_TIME, + timestamp); } =20 =20 @@ -568,25 +493,55 @@ int virIdentitySetProcessTime(virIdentityPtr ident, int virIdentitySetSASLUserName(virIdentityPtr ident, const char *username) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_SASL_USER_NAME, - username); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SASL_USER_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_SASL_USER_NAME, + username); } =20 =20 int virIdentitySetX509DName(virIdentityPtr ident, const char *dname) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, - dname); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED= _NAME, + dname); } =20 =20 int virIdentitySetSELinuxContext(virIdentityPtr ident, const char *context) { - return virIdentitySetAttr(ident, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, - context); + if (virTypedParamsGet(ident->params, + ident->nparams, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT)) { + virReportError(VIR_ERR_OPERATION_DENIED, "%s", + _("Identity attribute is already set")); + return -1; + } + + return virTypedParamsAddString(&ident->params, + &ident->nparams, + &ident->maxparams, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, + context); } --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684661; cv=none; d=zoho.com; s=zohoarc; b=D9zjpK/DG868N93fJwklX7qHhsVA6Dfcw62+4eijgpwXEHpJAxf96+F/AC0L9asKM4VE7C00cDyuKzOP8Wjqj9Qogt+l5ao6Gfo3CeGRP1imrYxTAMJ/ly7tjlif6YG23KeRI5K3DDVgTCR6ByTQ8PHuA+Al1axstEJ1yXKp9kw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684661; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=T1zj8l0yVM/HsudhHqX2NMwJQ+UyJXmRALf/oKqt0iM=; b=N0ZDLsVUf35c46CqJ7DhHpmwFUIL2VyGqxV6LjvpaI5lfJld+7mU6LYEy3G9jkt/TbD4K8/y9MzxHo1crn/HaDFDTPrJbnuaCJGxtCfRABgJMG9HYFOWcIOfRDKRGzhwflqDz/xJj4vUylzDRpim89AzD8ZIfxK2KrvSrm4T4/4= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684661855501.11863763880046; Thu, 5 Sep 2019 04:57:41 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 897B718B3D89; Thu, 5 Sep 2019 11:57:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6088360C5D; Thu, 5 Sep 2019 11:57:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 23EF324F2F; Thu, 5 Sep 2019 11:57:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85BudJY030977 for ; Thu, 5 Sep 2019 07:56:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 27FF660C5D; Thu, 5 Sep 2019 11:56:39 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9409160C18; Thu, 5 Sep 2019 11:56:38 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:26 +0100 Message-Id: <20190905115627.11493-9-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 8/9] util: allow identity to be imported/exported as typed parameters X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.63]); Thu, 05 Sep 2019 11:57:41 +0000 (UTC) Add ability to import/export all the parameters associated with an identity, so that they can be exposed via the public API. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/libvirt_private.syms | 2 ++ src/util/viridentity.c | 56 ++++++++++++++++++++++++++++++++++++++++ src/util/viridentity.h | 8 ++++++ 3 files changed, 66 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index fec1787497..a406aef0ae 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2144,6 +2144,7 @@ virHostGetBootTime; # util/viridentity.h virIdentityGetCurrent; virIdentityGetGroupName; +virIdentityGetParameters; virIdentityGetProcessID; virIdentityGetProcessTime; virIdentityGetSASLUserName; @@ -2156,6 +2157,7 @@ virIdentityGetX509DName; virIdentityNew; virIdentitySetCurrent; virIdentitySetGroupName; +virIdentitySetParameters; virIdentitySetProcessID; virIdentitySetProcessTime; virIdentitySetSASLUserName; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 30621ca2a4..22e2644c19 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -36,6 +36,7 @@ #include "virutil.h" #include "virstring.h" #include "virprocess.h" +#include "virtypedparam.h" =20 #define VIR_FROM_THIS VIR_FROM_IDENTITY =20 @@ -545,3 +546,58 @@ int virIdentitySetSELinuxContext(virIdentityPtr ident, VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, context); } + + +int virIdentitySetParameters(virIdentityPtr ident, + virTypedParameterPtr params, + int nparams) +{ + if (virTypedParamsValidate(params, nparams, + VIR_CONNECT_IDENTITY_USER_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_UNIX_USER_ID, + VIR_TYPED_PARAM_ULLONG, + VIR_CONNECT_IDENTITY_GROUP_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_UNIX_GROUP_ID, + VIR_TYPED_PARAM_ULLONG, + VIR_CONNECT_IDENTITY_PROCESS_ID, + VIR_TYPED_PARAM_LLONG, + VIR_CONNECT_IDENTITY_PROCESS_TIME, + VIR_TYPED_PARAM_ULLONG, + VIR_CONNECT_IDENTITY_SASL_USER_NAME, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAM= E, + VIR_TYPED_PARAM_STRING, + VIR_CONNECT_IDENTITY_SELINUX_CONTEXT, + VIR_TYPED_PARAM_STRING, + NULL) < 0) + return -1; + + virTypedParamsFree(ident->params, ident->nparams); + ident->params =3D NULL; + ident->nparams =3D 0; + ident->maxparams =3D 0; + if (virTypedParamsCopy(&ident->params, params, nparams) < 0) + return -1; + ident->nparams =3D nparams; + ident->maxparams =3D nparams; + + return 0; +} + + +int virIdentityGetParameters(virIdentityPtr ident, + virTypedParameterPtr *params, + int *nparams) +{ + *params =3D NULL; + *nparams =3D 0; + + if (virTypedParamsCopy(params, ident->params, ident->nparams) < 0) + return -1; + + *nparams =3D ident->nparams; + + return 0; +} diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 805ad3ea4d..861ecca736 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -71,3 +71,11 @@ int virIdentitySetX509DName(virIdentityPtr ident, const char *dname); int virIdentitySetSELinuxContext(virIdentityPtr ident, const char *context); + +int virIdentitySetParameters(virIdentityPtr ident, + virTypedParameterPtr params, + int nparams); + +int virIdentityGetParameters(virIdentityPtr ident, + virTypedParameterPtr *params, + int *nparams); --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 15:12:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567684676; cv=none; d=zoho.com; s=zohoarc; b=mT+F1Upoilh2lGhgDAhb3QGsJN2/xw//Zg1NN2ycdNt/oJVop41n8ti1NYoEd8eqaHiRxqiH+RDV6rcLnp+oIqqz2n4VXjsPyqFZvNZHXMvU6BKQ+RXAwCbpQYJxG79OO3hP8QzH9QOYhAS75me3mnMlA48ZoIhsgl+A68Rf1Qg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567684676; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=yqSCDuR2MILCwyfMGVASTiBBN7sIjKhbBBkPIjZrbLw=; b=Aohh67hNelq7jizSRryOcAZnB8/yUwjHvKIFgFcsWsEu5fi4TYeLztHSfAh6W3W2sx8pUSoLa9vD6mBjHHVR8wK201BAF0UwChZV+rzRwGifnxcux7f8KR+5iUt/BOx8/OYg/uf9eekFitKLuk0PdoFcoA3tfb3GRXvuuU8dhJ0= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567684676362598.7696109509285; Thu, 5 Sep 2019 04:57:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2A712308AA11; Thu, 5 Sep 2019 11:57:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 06F795D71C; Thu, 5 Sep 2019 11:57:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C0F8F180221F; Thu, 5 Sep 2019 11:57:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x85Buflt030999 for ; Thu, 5 Sep 2019 07:56:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id E6E4960C5E; Thu, 5 Sep 2019 11:56:41 +0000 (UTC) Received: from dhcp-17-64.lcy.redhat.com (unknown [10.42.17.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5FF2C60C18; Thu, 5 Sep 2019 11:56:39 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 5 Sep 2019 12:56:27 +0100 Message-Id: <20190905115627.11493-10-berrange@redhat.com> In-Reply-To: <20190905115627.11493-1-berrange@redhat.com> References: <20190905115627.11493-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 9/9] remote: pass identity across to newly opened daemons X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 05 Sep 2019 11:57:55 +0000 (UTC) When opening a connection to a second driver inside the daemon, we must ensure the identity of the current user is passed across. This allows the second daemon to perform access control checks against the real end users, instead of against the libvirt daemon that's proxying across the API calls. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik to the whole patchset. --- src/libvirt_remote.syms | 1 + src/remote/remote_daemon_dispatch.c | 112 +++++++++++++++++++++++++--- src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 16 +++- src/remote_protocol-structs | 8 ++ src/rpc/virnetserverclient.c | 12 +++ src/rpc/virnetserverclient.h | 2 + 7 files changed, 139 insertions(+), 13 deletions(-) diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms index 3307d74324..0493467f46 100644 --- a/src/libvirt_remote.syms +++ b/src/libvirt_remote.syms @@ -178,6 +178,7 @@ virNetServerClientSetAuthLocked; virNetServerClientSetAuthPendingLocked; virNetServerClientSetCloseHook; virNetServerClientSetDispatcher; +virNetServerClientSetIdentity; virNetServerClientSetQuietEOF; virNetServerClientSetReadonly; virNetServerClientStartKeepAlive; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon= _dispatch.c index ecde959088..dbd2985c38 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -51,6 +51,7 @@ #include "virpolkit.h" #include "virthreadjob.h" #include "configmake.h" +#include "access/viraccessapicheck.h" =20 #define VIR_FROM_THIS VIR_FROM_RPC =20 @@ -1945,10 +1946,16 @@ static void remoteClientCloseFunc(virNetServerClien= tPtr client) static int remoteOpenConn(const char *uri, bool readonly, + bool preserveIdentity, virConnectPtr *conn) { - VIR_DEBUG("Getting secondary uri=3D%s readonly=3D%d conn=3D%p", - NULLSTR(uri), readonly, conn); + virTypedParameterPtr params =3D NULL; + int nparams =3D 0; + int ret =3D -1; + + VIR_DEBUG("Getting secondary uri=3D%s readonly=3D%d preserveIdent=3D%d= conn=3D%p", + NULLSTR(uri), readonly, preserveIdentity, conn); + if (*conn) return 0; =20 @@ -1957,16 +1964,43 @@ remoteOpenConn(const char *uri, return -1; } =20 + if (preserveIdentity) { + VIR_AUTOUNREF(virIdentityPtr) ident =3D NULL; + + if (!(ident =3D virIdentityGetCurrent())) + return -1; + + if (virIdentityGetParameters(ident, ¶ms, &nparams) < 0) + goto error; + } + VIR_DEBUG("Opening driver %s", uri); if (readonly) *conn =3D virConnectOpenReadOnly(uri); else *conn =3D virConnectOpen(uri); if (!*conn) - return -1; + goto error; VIR_DEBUG("Opened driver %p", *conn); =20 - return 0; + if (preserveIdentity) { + if (virConnectSetIdentity(*conn, params, nparams, 0) < 0) + goto error; + + VIR_DEBUG("Forwarded current identity to secondary driver"); + } + + ret =3D 0; + cleanup: + virTypedParamsFree(params, nparams); + return ret; + + error: + if (*conn) { + virConnectClose(*conn); + *conn =3D NULL; + } + goto cleanup; } =20 =20 @@ -1993,6 +2027,7 @@ remoteGetInterfaceConn(virNetServerClientPtr client) =20 if (remoteOpenConn(priv->interfaceURI, priv->readonly, + true, &priv->interfaceConn) < 0) return NULL; =20 @@ -2008,6 +2043,7 @@ remoteGetNetworkConn(virNetServerClientPtr client) =20 if (remoteOpenConn(priv->networkURI, priv->readonly, + true, &priv->networkConn) < 0) return NULL; =20 @@ -2023,6 +2059,7 @@ remoteGetNodeDevConn(virNetServerClientPtr client) =20 if (remoteOpenConn(priv->nodedevURI, priv->readonly, + true, &priv->nodedevConn) < 0) return NULL; =20 @@ -2038,6 +2075,7 @@ remoteGetNWFilterConn(virNetServerClientPtr client) =20 if (remoteOpenConn(priv->nwfilterURI, priv->readonly, + true, &priv->nwfilterConn) < 0) return NULL; =20 @@ -2053,6 +2091,7 @@ remoteGetSecretConn(virNetServerClientPtr client) =20 if (remoteOpenConn(priv->secretURI, priv->readonly, + true, &priv->secretConn) < 0) return NULL; =20 @@ -2068,6 +2107,7 @@ remoteGetStorageConn(virNetServerClientPtr client) =20 if (remoteOpenConn(priv->storageURI, priv->readonly, + true, &priv->storageConn) < 0) return NULL; =20 @@ -2237,6 +2277,7 @@ remoteDispatchConnectOpen(virNetServerPtr server ATTR= IBUTE_UNUSED, #ifdef MODULE_NAME const char *type =3D NULL; #endif /* !MODULE_NAME */ + bool preserveIdentity =3D false; =20 VIR_DEBUG("priv=3D%p conn=3D%p", priv, priv->conn); virMutexLock(&priv->lock); @@ -2264,16 +2305,16 @@ remoteDispatchConnectOpen(virNetServerPtr server AT= TRIBUTE_UNUSED, =20 name =3D probeduri; } -#endif + + preserveIdentity =3D true; +#endif /* VIRTPROXYD */ =20 VIR_DEBUG("Opening driver %s", name); - if (priv->readonly) { - if (!(priv->conn =3D virConnectOpenReadOnly(name))) - goto cleanup; - } else { - if (!(priv->conn =3D virConnectOpen(name))) - goto cleanup; - } + if (remoteOpenConn(name, + priv->readonly, + preserveIdentity, + &priv->conn) < 0) + goto cleanup; VIR_DEBUG("Opened %p", priv->conn); =20 #ifdef MODULE_NAME @@ -2384,6 +2425,53 @@ remoteDispatchConnectClose(virNetServerPtr server AT= TRIBUTE_UNUSED, } =20 =20 +static int +remoteDispatchConnectSetIdentity(virNetServerPtr server ATTRIBUTE_UNUSED, + virNetServerClientPtr client, + virNetMessagePtr msg ATTRIBUTE_UNUSED, + virNetMessageErrorPtr rerr, + remote_connect_set_identity_args *args) +{ + virTypedParameterPtr params =3D NULL; + int nparams =3D 0; + int rv =3D -1; + virConnectPtr conn =3D remoteGetHypervisorConn(client); + VIR_AUTOUNREF(virIdentityPtr) ident =3D NULL; + if (!conn) + goto cleanup; + + VIR_DEBUG("Received forwarded identity"); + if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->param= s.params_val, + args->params.params_len, + REMOTE_CONNECT_IDENTITY_PARAMS_MAX, + ¶ms, + &nparams) < 0) + goto cleanup; + + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + if (virConnectSetIdentityEnsureACL(conn) < 0) + goto cleanup; + + if (!(ident =3D virIdentityNew())) + goto cleanup; + + if (virIdentitySetParameters(ident, params, nparams) < 0) + goto cleanup; + + virNetServerClientSetIdentity(client, ident); + + rv =3D 0; + + cleanup: + virTypedParamsFree(params, nparams); + if (rv < 0) + virNetMessageSaveError(rerr); + return rv; +} + + + static int remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUS= ED, virNetServerClientPtr client, diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 2b86f55035..8789c5da00 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8507,6 +8507,7 @@ static virHypervisorDriver hypervisor_driver =3D { .name =3D "remote", .connectOpen =3D remoteConnectOpen, /* 0.3.0 */ .connectClose =3D remoteConnectClose, /* 0.3.0 */ + .connectSetIdentity =3D remoteConnectSetIdentity, /* 5.8.0 */ .connectSupportsFeature =3D remoteConnectSupportsFeature, /* 0.3.0 */ .connectGetType =3D remoteConnectGetType, /* 0.3.0 */ .connectGetVersion =3D remoteConnectGetVersion, /* 0.3.0 */ diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 75c2bc69ff..f4e3392212 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -53,6 +53,9 @@ typedef string remote_nonnull_string; /* A long string, which may be NULL. */ typedef remote_nonnull_string *remote_string; =20 +/* Upper limit on identity parameters */ +const REMOTE_CONNECT_IDENTITY_PARAMS_MAX =3D 20; + /* Upper limit on lists of domains. */ const REMOTE_DOMAIN_LIST_MAX =3D 16384; =20 @@ -3736,6 +3739,11 @@ struct remote_domain_get_guest_info_ret { remote_typed_param params; }; =20 +struct remote_connect_set_identity_args { + remote_typed_param params; + unsigned int flags; +}; + /*----- Protocol. -----*/ =20 /* Define the program number, protocol version and procedure numbers here.= */ @@ -6603,5 +6611,11 @@ enum remote_procedure { * @generate: none * @acl: domain:write */ - REMOTE_PROC_DOMAIN_GET_GUEST_INFO =3D 418 + REMOTE_PROC_DOMAIN_GET_GUEST_INFO =3D 418, + + /** + * @generate: client + * @acl: connect:write + */ + REMOTE_PROC_CONNECT_SET_IDENTITY =3D 419 }; diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index 616c3d5d52..71169c4148 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -3115,6 +3115,13 @@ struct remote_domain_get_guest_info_ret { u_int params_len; remote_typed_param * params_val; } params; +} +struct remote_connect_set_identity_args { + struct { + u_int params_len; + remote_typed_param * params_val; + } params; + u_int flags; }; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN =3D 1, @@ -3535,4 +3542,5 @@ enum remote_procedure { REMOTE_PROC_DOMAIN_CHECKPOINT_GET_PARENT =3D 416, REMOTE_PROC_DOMAIN_CHECKPOINT_DELETE =3D 417, REMOTE_PROC_DOMAIN_GET_GUEST_INFO =3D 418, + REMOTE_PROC_CONNECT_SET_IDENTITY =3D 419, }; diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 1b96d0339b..171ee636dd 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -844,6 +844,18 @@ virIdentityPtr virNetServerClientGetIdentity(virNetSer= verClientPtr client) } =20 =20 +void virNetServerClientSetIdentity(virNetServerClientPtr client, + virIdentityPtr identity) +{ + virObjectLock(client); + virObjectUnref(client->identity); + client->identity =3D identity; + if (client->identity) + virObjectRef(client->identity); + virObjectUnlock(client); +} + + int virNetServerClientGetSELinuxContext(virNetServerClientPtr client, char **context) { diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index 1b01bedbcb..1c520fef6b 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -123,6 +123,8 @@ int virNetServerClientGetSELinuxContext(virNetServerCli= entPtr client, char **context); =20 virIdentityPtr virNetServerClientGetIdentity(virNetServerClientPtr client); +void virNetServerClientSetIdentity(virNetServerClientPtr client, + virIdentityPtr identity); =20 void *virNetServerClientGetPrivateData(virNetServerClientPtr client); =20 --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list