From nobody Tue Nov 26 13:20:17 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1573483513; cv=none; d=zoho.com; s=zohoarc; b=gxe0cWo/SvANGMiLbWcc9fVJOVhPswShF6jAxh9Sf2ZL6+FZAe/cBaiuNits6gQVdg+JyXaEmc/OX9nPGGY1H807PQJi3LfDzS+yIW+pB/gsCYCfdnaYpEFTDDRx1AenOmnogmuCDLb2mOIU0VzMxGx+09g6RmLC4myt6B2dV8I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1573483513; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=1AB4y2pqo4URgIchFFb7V5CWnMhEvCvcwNdmiRePSSA=; b=faL9jj+JSfm07GLjAf1Gs6AD4cGFNqE7MlthYNo619SIZt2KJBYQkEn6QRpmTNpEvW4rHSb3z4y9KhaHxcomcbnk4Ydo9z2A8XQPGS0RmoCR4n+XTGIG4b6wmJjHQOQQvO2Tqr4ukzm77EVlsJ9mF7/kJ0VcFvzFD/HeAQblcKo= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1573483513345659.6757302061385; Mon, 11 Nov 2019 06:45:13 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-87-1ga6FySEMmWEsG7q-d-j6g-1; Mon, 11 Nov 2019 09:45:06 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 98B1E18B9FBE; Mon, 11 Nov 2019 14:45:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6E20F5DA7D; Mon, 11 Nov 2019 14:45:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 31CD918034EA; Mon, 11 Nov 2019 14:45:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xABEisM2020371 for ; Mon, 11 Nov 2019 09:44:54 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1C0815DD73; Mon, 11 Nov 2019 14:44:54 +0000 (UTC) Received: from catbus.gsslab.fab.redhat.com (dhcp-32.gsslab.fab.redhat.com [10.33.9.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8167A5D9C9; Mon, 11 Nov 2019 14:44:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573483512; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1AB4y2pqo4URgIchFFb7V5CWnMhEvCvcwNdmiRePSSA=; b=A2yBOCLoP0vVTXCOqqABTRhPava0A95+5RUAy2D9iXElP7ZdGI0qRmat7j/7w5s3vUiPZQ +zJzn60UUUZmVR9l1SGNnp6uqG25ri1wJLayPDN3FdeQkLo5fpvpJv7MTYzsqKhu4G9WPP gVPzqitRYV8n8rYH7uJ+x1B9XRLBijs= From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Mon, 11 Nov 2019 14:38:08 +0000 Message-Id: <20191111143826.16050-6-berrange@redhat.com> In-Reply-To: <20191111143826.16050-1-berrange@redhat.com> References: <20191111143826.16050-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v5 05/23] src: rewrite ACL permissions checker in Python X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 1ga6FySEMmWEsG7q-d-j6g-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" As part of an goal to eliminate Perl from libvirt build tools, rewrite the check-aclperms.pl tool in Python. This was a straight conversion, manually going line-by-line to change the syntax from Perl to Python. Thus the overall structure of the file and approach is the same. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: J=C3=A1n Tomko Tested-by: Cole Robinson --- Makefile.am | 1 + scripts/check-aclperms.py | 75 +++++++++++++++++++++++++++++++++++++++ src/Makefile.am | 4 +-- src/check-aclperms.pl | 73 ------------------------------------- 4 files changed, 78 insertions(+), 75 deletions(-) create mode 100755 scripts/check-aclperms.py delete mode 100755 src/check-aclperms.pl diff --git a/Makefile.am b/Makefile.am index 6cccbf38da..ab9d09fcd4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -46,6 +46,7 @@ EXTRA_DIST =3D \ README.md \ AUTHORS.in \ scripts/augeas-gentest.py \ + scripts/check-aclperms.py \ scripts/check-spacing.py \ scripts/header-ifdef.py \ scripts/minimize-po.py \ diff --git a/scripts/check-aclperms.py b/scripts/check-aclperms.py new file mode 100755 index 0000000000..b1084a3758 --- /dev/null +++ b/scripts/check-aclperms.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python +# +# Copyright (C) 2013-2019 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# . +# +# This script just validates that the stringified version of +# a virAccessPerm enum matches the enum constant name. We do +# a lot of auto-generation of code, so when these don't match +# problems occur, preventing auth from succeeding at all. + +from __future__ import print_function + +import re +import sys + +if len(sys.argv) !=3D 3: + print("syntax: %s HEADER IMPL" % (sys.argv[0]), file=3Dsys.stderr) + sys.exit(1) + +hdr =3D sys.argv[1] +impl =3D sys.argv[2] + +perms =3D {} + +with open(hdr) as fh: + for line in fh: + symmatch =3D re.search(r"^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)", = line) + if symmatch is not None: + perm =3D symmatch.group(1) + + if not perm.endswith("_LAST"): + perms[perm] =3D 1 + +warned =3D False + +with open(impl) as fh: + group =3D None + + for line in fh: + symlastmatch =3D re.search(r"VIR_ACCESS_PERM_([_A-Z]+)_LAST", line) + if symlastmatch is not None: + group =3D symlastmatch.group(1) + elif re.search(r'''"[_a-z]+"''', line) is not None: + bits =3D line.split(",") + for bit in bits: + m =3D re.search(r'''"([_a-z]+)"''', bit) + if m is not None: + perm =3D (group + "_" + m.group(1)).upper() + if perm not in perms: + print("Unknown perm string %s for group %s" % + (m.group(1), group), file=3Dsys.stderr) + warned =3D True + + del perms[perm] + +for perm in perms.keys(): + print("Perm %s had not string form" % perm, file=3Dsys.stderr) + warned =3D True + +if warned: + sys.exit(1) +sys.exit(0) diff --git a/src/Makefile.am b/src/Makefile.am index 9b0a46702b..318dd6c20f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -353,11 +353,11 @@ check-aclrules: $(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES))) =20 check-aclperms: - $(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \ + $(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-aclperms.py \ $(srcdir)/access/viraccessperm.h \ $(srcdir)/access/viraccessperm.c =20 -EXTRA_DIST +=3D check-driverimpls.pl check-aclrules.pl check-aclperms.pl +EXTRA_DIST +=3D check-driverimpls.pl check-aclrules.pl =20 check-local: check-protocol check-symfile check-symsorting \ check-drivername check-driverimpls check-aclrules \ diff --git a/src/check-aclperms.pl b/src/check-aclperms.pl deleted file mode 100755 index 55b6598313..0000000000 --- a/src/check-aclperms.pl +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright (C) 2013 Red Hat, Inc. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see -# . -# -# This script just validates that the stringified version of -# a virAccessPerm enum matches the enum constant name. We do -# a lot of auto-generation of code, so when these don't match -# problems occur, preventing auth from succeeding at all. - -my $hdr =3D shift; -my $impl =3D shift; - -my %perms; - -my @perms; - -open HDR, $hdr or die "cannot read $hdr: $!"; - -while () { - if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) { - my $perm =3D $1; - - $perms{$perm} =3D 1 unless ($perm =3D~ /_LAST$/); - } -} - -close HDR; - - -open IMPL, $impl or die "cannot read $impl: $!"; - -my $group; -my $warned =3D 0; - -while (defined (my $line =3D )) { - if ($line =3D~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) { - $group =3D $1; - } elsif ($line =3D~ /"[_a-z]+"/) { - my @bits =3D split /,/, $line; - foreach my $bit (@bits) { - if ($bit =3D~ /"([_a-z]+)"/) { - my $perm =3D uc($group . "_" . $1); - if (!exists $perms{$perm}) { - print STDERR "Unknown perm string $1 for group $group\= n"; - $warned =3D 1; - } - delete $perms{$perm}; - } - } - } -} -close IMPL; - -foreach my $perm (keys %perms) { - print STDERR "Perm $perm had not string form\n"; - $warned =3D 1; -} - -exit $warned; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list