[PATCH v4 08/26] src: rewrite ACL permissions checker in Python

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As part of an goal to eliminate Perl from libvirt build tools,
rewrite the check-aclperms.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 Makefile.am               |  1 +
 scripts/check-aclperms.py | 75 +++++++++++++++++++++++++++++++++++++++
 src/Makefile.am           |  4 +--
 src/check-aclperms.pl     | 73 -------------------------------------
 4 files changed, 78 insertions(+), 75 deletions(-)
 create mode 100755 scripts/check-aclperms.py
 delete mode 100755 src/check-aclperms.pl

diff --git a/Makefile.am b/Makefile.am
index 6a0f24e917..79a74c639d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -46,6 +46,7 @@ EXTRA_DIST = \
   README.md \
   AUTHORS.in \
   scripts/augeas-gentest.py \
+  scripts/check-aclperms.py \
   scripts/check-spacing.py \
   scripts/header-ifdef.py \
   scripts/minimize-po.py \
diff --git a/scripts/check-aclperms.py b/scripts/check-aclperms.py
new file mode 100755
index 0000000000..b1084a3758
--- /dev/null
+++ b/scripts/check-aclperms.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2013-2019 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# This script just validates that the stringified version of
+# a virAccessPerm enum matches the enum constant name. We do
+# a lot of auto-generation of code, so when these don't match
+# problems occur, preventing auth from succeeding at all.
+
+from __future__ import print_function
+
+import re
+import sys
+
+if len(sys.argv) != 3:
+    print("syntax: %s HEADER IMPL" % (sys.argv[0]), file=sys.stderr)
+    sys.exit(1)
+
+hdr = sys.argv[1]
+impl = sys.argv[2]
+
+perms = {}
+
+with open(hdr) as fh:
+    for line in fh:
+        symmatch = re.search(r"^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)", line)
+        if symmatch is not None:
+            perm = symmatch.group(1)
+
+            if not perm.endswith("_LAST"):
+                perms[perm] = 1
+
+warned = False
+
+with open(impl) as fh:
+    group = None
+
+    for line in fh:
+        symlastmatch = re.search(r"VIR_ACCESS_PERM_([_A-Z]+)_LAST", line)
+        if symlastmatch is not None:
+            group = symlastmatch.group(1)
+        elif re.search(r'''"[_a-z]+"''', line) is not None:
+            bits = line.split(",")
+            for bit in bits:
+                m = re.search(r'''"([_a-z]+)"''', bit)
+                if m is not None:
+                    perm = (group + "_" + m.group(1)).upper()
+                    if perm not in perms:
+                        print("Unknown perm string %s for group %s" %
+                              (m.group(1), group), file=sys.stderr)
+                        warned = True
+
+                    del perms[perm]
+
+for perm in perms.keys():
+    print("Perm %s had not string form" % perm, file=sys.stderr)
+    warned = True
+
+if warned:
+    sys.exit(1)
+sys.exit(0)
diff --git a/src/Makefile.am b/src/Makefile.am
index 0f6a61347c..6ef0b8ed69 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -357,11 +357,11 @@ check-aclrules:
 		$(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES)))
 
 check-aclperms:
-	$(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-aclperms.py \
 		$(srcdir)/access/viraccessperm.h \
 		$(srcdir)/access/viraccessperm.c
 
-EXTRA_DIST += check-driverimpls.pl check-aclrules.pl check-aclperms.pl
+EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
 
 check-local: check-protocol check-symfile check-symsorting \
 	check-drivername check-driverimpls check-aclrules \
diff --git a/src/check-aclperms.pl b/src/check-aclperms.pl
deleted file mode 100755
index 55b6598313..0000000000
--- a/src/check-aclperms.pl
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# This script just validates that the stringified version of
-# a virAccessPerm enum matches the enum constant name. We do
-# a lot of auto-generation of code, so when these don't match
-# problems occur, preventing auth from succeeding at all.
-
-my $hdr = shift;
-my $impl = shift;
-
-my %perms;
-
-my @perms;
-
-open HDR, $hdr or die "cannot read $hdr: $!";
-
-while (<HDR>) {
-    if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) {
-        my $perm = $1;
-
-        $perms{$perm} = 1 unless ($perm =~ /_LAST$/);
-    }
-}
-
-close HDR;
-
-
-open IMPL, $impl or die "cannot read $impl: $!";
-
-my $group;
-my $warned = 0;
-
-while (defined (my $line = <IMPL>)) {
-    if ($line =~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) {
-        $group = $1;
-    } elsif ($line =~ /"[_a-z]+"/) {
-        my @bits = split /,/, $line;
-        foreach my $bit (@bits) {
-            if ($bit =~ /"([_a-z]+)"/) {
-                my $perm = uc($group . "_" . $1);
-                if (!exists $perms{$perm}) {
-                    print STDERR "Unknown perm string $1 for group $group\n";
-                    $warned = 1;
-                }
-                delete $perms{$perm};
-            }
-        }
-    }
-}
-close IMPL;
-
-foreach my $perm (keys %perms) {
-    print STDERR "Perm $perm had not string form\n";
-    $warned = 1;
-}
-
-exit $warned;
-- 
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux