From nobody Sun Feb 8 06:53:54 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1569337480; cv=none; d=zoho.com; s=zohoarc; b=G3s3KRgdFcNlFG0U3t6lpS53PRChJGkukMLeLtkC8S+gdlI+s9BTz+G3Mkdwlt/Xc8g7Zq884p7FeulOCpLPFiAzq+0klB0pQm3eXRP8czOD/EoqC74w8T2e26bs9n7Xx8vOxsZz609v/+6nTg3aGiyqiaeCYTTQtQtHN0YL5lw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569337480; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=/yaYMTuaJeBm44cRm1vJL+a/kYU/SRPXokKwqM/10RE=; b=bayQDXGVZng0DNpLIHCvRNKKVJn66TXD9jeJyMt0EyLwZ+b1jrKASrl8AL99JkUXF2uqdjBOgR805sf/bvepkD76hB7x6cvNngnFL65QV/ZcBZlgWATpowMvw+AAESkOYDL+XjhnOZBfBfx+xnLBM/PrjbWk9oygVv4g8giltLY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1569337480771400.0317366752755; Tue, 24 Sep 2019 08:04:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7F97110C094A; Tue, 24 Sep 2019 15:04:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4EC2A6012D; Tue, 24 Sep 2019 15:04:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0CCF9180BA9A; Tue, 24 Sep 2019 15:04:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x8OF4M33027898 for ; Tue, 24 Sep 2019 11:04:22 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5794E5D9DC; Tue, 24 Sep 2019 15:04:22 +0000 (UTC) Received: from catbus.gsslab.fab.redhat.com (dhcp-32.gsslab.fab.redhat.com [10.33.9.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id 75B9C5D9D5; Tue, 24 Sep 2019 15:04:15 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 24 Sep 2019 15:58:49 +0100 Message-Id: <20190924145903.17123-9-berrange@redhat.com> In-Reply-To: <20190924145903.17123-1-berrange@redhat.com> References: <20190924145903.17123-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 08/22] src: rewrite ACL permissions checker in Python X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.66]); Tue, 24 Sep 2019 15:04:39 +0000 (UTC) As part of an goal to eliminate Perl from libvirt build tools, rewrite the check-aclperms.pl tool in Python. This was a straight conversion, manually going line-by-line to change the syntax from Perl to Python. Thus the overall structure of the file and approach is the same. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/Makefile.am | 4 +-- src/check-aclperms.pl | 73 ---------------------------------------- src/check-aclperms.py | 78 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 75 deletions(-) delete mode 100755 src/check-aclperms.pl create mode 100755 src/check-aclperms.py diff --git a/src/Makefile.am b/src/Makefile.am index 2956e4bf35..71858ea07f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -358,11 +358,11 @@ check-aclrules: $(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES))) =20 check-aclperms: - $(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \ + $(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(srcdir)/check-aclperms.py \ $(srcdir)/access/viraccessperm.h \ $(srcdir)/access/viraccessperm.c =20 -EXTRA_DIST +=3D check-driverimpls.pl check-aclrules.pl check-aclperms.pl +EXTRA_DIST +=3D check-driverimpls.pl check-aclrules.pl check-aclperms.py =20 check-local: check-protocol check-symfile check-symsorting \ check-drivername check-driverimpls check-aclrules \ diff --git a/src/check-aclperms.pl b/src/check-aclperms.pl deleted file mode 100755 index 55b6598313..0000000000 --- a/src/check-aclperms.pl +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright (C) 2013 Red Hat, Inc. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see -# . -# -# This script just validates that the stringified version of -# a virAccessPerm enum matches the enum constant name. We do -# a lot of auto-generation of code, so when these don't match -# problems occur, preventing auth from succeeding at all. - -my $hdr =3D shift; -my $impl =3D shift; - -my %perms; - -my @perms; - -open HDR, $hdr or die "cannot read $hdr: $!"; - -while () { - if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) { - my $perm =3D $1; - - $perms{$perm} =3D 1 unless ($perm =3D~ /_LAST$/); - } -} - -close HDR; - - -open IMPL, $impl or die "cannot read $impl: $!"; - -my $group; -my $warned =3D 0; - -while (defined (my $line =3D )) { - if ($line =3D~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) { - $group =3D $1; - } elsif ($line =3D~ /"[_a-z]+"/) { - my @bits =3D split /,/, $line; - foreach my $bit (@bits) { - if ($bit =3D~ /"([_a-z]+)"/) { - my $perm =3D uc($group . "_" . $1); - if (!exists $perms{$perm}) { - print STDERR "Unknown perm string $1 for group $group\= n"; - $warned =3D 1; - } - delete $perms{$perm}; - } - } - } -} -close IMPL; - -foreach my $perm (keys %perms) { - print STDERR "Perm $perm had not string form\n"; - $warned =3D 1; -} - -exit $warned; diff --git a/src/check-aclperms.py b/src/check-aclperms.py new file mode 100755 index 0000000000..035c0f6999 --- /dev/null +++ b/src/check-aclperms.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python +# +# Copyright (C) 2013-2019 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# . +# +# This script just validates that the stringified version of +# a virAccessPerm enum matches the enum constant name. We do +# a lot of auto-generation of code, so when these don't match +# problems occur, preventing auth from succeeding at all. + +from __future__ import print_function + +import re +import sys + +if len(sys.argv) !=3D 3: + print("syntax: %s HEADER IMPL" % (sys.argv[0]), file=3Dsys.stderr) + sys.exit(1) + +hdr =3D sys.argv[1] +impl =3D sys.argv[2] + +perms =3D {} + +with open(hdr) as fh: + symprog =3D re.compile(r"^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$).*") + for line in fh: + symmatch =3D symprog.match(line) + if symmatch is not None: + perm =3D symmatch.group(1) + + if not perm.endswith("_LAST"): + perms[perm] =3D 1 + +warned =3D False + +with open(impl) as fh: + group =3D None + symlastprog =3D re.compile(r".*VIR_ACCESS_PERM_([_A-Z]+)_LAST.*") + alnumprog =3D re.compile(r'''.*"([_a-z]+)".*''') + + for line in fh: + symlastmatch =3D symlastprog.match(line) + if symlastmatch is not None: + group =3D symlastmatch.group(1) + elif alnumprog.match(line) is not None: + bits =3D line.split(",") + for bit in bits: + m =3D alnumprog.match(bit) + if m is not None: + perm =3D (group + "_" + m.group(1)).upper() + if perm not in perms: + print("Unknown perm string %s for group %s" % + (m.group(1), group), file=3Dsys.stderr) + warned =3D True + + del perms[perm] + +for perm in perms.keys(): + print("Perm %s had not string form" % perm, file=3Dsys.stderr) + warned =3D True + +if warned: + sys.exit(1) +sys.exit(0) --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list