Re: [PATCH 1/3] Expose ownership ID parsing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24.05.2013 22:25, Martin Kletzander wrote:
> Parsing 'user:group' is useful even outside the DAC security driver,
> so expose the most abstract function which has no DAC security driver
> bits in itself.
> 
> Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
> ---
>  src/libvirt_private.syms    |  1 +
>  src/security/security_dac.c | 51 +++--------------------------------------
>  src/util/virutil.c          | 56 +++++++++++++++++++++++++++++++++++++++++++++
>  src/util/virutil.h          |  2 ++
>  4 files changed, 62 insertions(+), 48 deletions(-)
> 
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 9d5f74b..1927451 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -1951,6 +1951,7 @@ virIsCapableVport;
>  virIsDevMapperDevice;
>  virManageVport;
>  virParseNumber;
> +virParseOwnershipIds;
>  virParseVersionString;
>  virPipeReadUntilEOF;
>  virReadFCHost;
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index b8d1a92..0264c28 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -33,6 +33,7 @@
>  #include "virscsi.h"
>  #include "virstoragefile.h"
>  #include "virstring.h"
> +#include "virutil.h"
> 
>  #define VIR_FROM_THIS VIR_FROM_SECURITY
>  #define SECURITY_DAC_NAME "dac"
> @@ -70,52 +71,6 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
>      priv->dynamicOwnership = dynamicOwnership;
>  }
> 
> -static int
> -parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
> -{
> -    int rc = -1;
> -    uid_t theuid;
> -    gid_t thegid;
> -    char *tmp_label = NULL;
> -    char *sep = NULL;
> -    char *owner = NULL;
> -    char *group = NULL;
> -
> -    if (VIR_STRDUP(tmp_label, label) < 0)
> -        goto cleanup;
> -
> -    /* Split label */
> -    sep = strchr(tmp_label, ':');
> -    if (sep == NULL) {
> -        virReportError(VIR_ERR_INVALID_ARG,
> -                       _("Missing separator ':' in DAC label \"%s\""),
> -                       label);
> -        goto cleanup;
> -    }
> -    *sep = '\0';
> -    owner = tmp_label;
> -    group = sep + 1;
> -
> -    /* Parse owner and group, error message is defined by
> -     * virGetUserID or virGetGroupID.
> -     */
> -    if (virGetUserID(owner, &theuid) < 0 ||
> -        virGetGroupID(group, &thegid) < 0)
> -        goto cleanup;
> -
> -    if (uidPtr)
> -        *uidPtr = theuid;
> -    if (gidPtr)
> -        *gidPtr = thegid;
> -
> -    rc = 0;
> -
> -cleanup:
> -    VIR_FREE(tmp_label);
> -
> -    return rc;
> -}
> -
>  /* returns 1 if label isn't found, 0 on success, -1 on error */
>  static int
>  virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
> @@ -133,7 +88,7 @@ virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
>          return 1;
>      }
> 
> -    if (parseIds(seclabel->label, &uid, &gid) < 0)
> +    if (virParseOwnershipIds(seclabel->label, &uid, &gid) < 0)
>          return -1;
> 
>      if (uidPtr)
> @@ -194,7 +149,7 @@ virSecurityDACParseImageIds(virDomainDefPtr def,
>          return 1;
>      }
> 
> -    if (parseIds(seclabel->imagelabel, &uid, &gid) < 0)
> +    if (virParseOwnershipIds(seclabel->imagelabel, &uid, &gid) < 0)
>          return -1;
> 
>      if (uidPtr)
> diff --git a/src/util/virutil.c b/src/util/virutil.c
> index 028f1d1..450e5e3 100644
> --- a/src/util/virutil.c
> +++ b/src/util/virutil.c
> @@ -2071,3 +2071,59 @@ virCompareLimitUlong(unsigned long long a, unsigned long b)
> 
>      return -1;
>  }
> +
> +/**
> + * virParseOwnershipIds:
> + *
> + * Parse the usual "uid:gid" ownership specification into uid_t and
> + * gid_t passed as parameters.  NULL value for those parameters mean
> + * the information is not needed.  Also, none of those values are
> + * changed in case of any error.
> + *
> + * Returns -1 on error, 0 otherwise.
> + */
> +int
> +virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
> +{
> +    int rc = -1;
> +    uid_t theuid;
> +    gid_t thegid;
> +    char *tmp_label = NULL;
> +    char *sep = NULL;
> +    char *owner = NULL;
> +    char *group = NULL;
> +
> +    if (VIR_STRDUP(tmp_label, label) < 0)
> +        goto cleanup;
> +
> +    /* Split label */
> +    sep = strchr(tmp_label, ':');
> +    if (sep == NULL) {
> +        virReportError(VIR_ERR_INVALID_ARG,
> +                       _("Failed to parse uid and gid from '%s'"),

This is the only change to the original impl.

> +                       label);
> +        goto cleanup;
> +    }
> +    *sep = '\0';
> +    owner = tmp_label;
> +    group = sep + 1;
> +
> +    /* Parse owner and group, error message is defined by
> +     * virGetUserID or virGetGroupID.
> +     */
> +    if (virGetUserID(owner, &theuid) < 0 ||
> +        virGetGroupID(group, &thegid) < 0)
> +        goto cleanup;
> +
> +    if (uidPtr)
> +        *uidPtr = theuid;
> +    if (gidPtr)
> +        *gidPtr = thegid;
> +
> +    rc = 0;
> +
> +cleanup:
> +    VIR_FREE(tmp_label);
> +
> +    return rc;
> +}
> diff --git a/src/util/virutil.h b/src/util/virutil.h
> index 280a18d..0f6bcc1 100644
> --- a/src/util/virutil.h
> +++ b/src/util/virutil.h
> @@ -166,4 +166,6 @@ char *virFindFCHostCapableVport(const char *sysfs_prefix);
> 
>  int virCompareLimitUlong(unsigned long long a, unsigned long b);
> 
> +int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
> +
>  #endif /* __VIR_UTIL_H__ */
> 

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]