[libvirt] [PATCH v4 04/13] _virConnectCredential: turn @prompt into char *

Eric Blake eblake at redhat.com
Mon May 20 23:24:43 UTC 2013 

On 05/20/2013 11:55 AM, Michal Privoznik wrote:
> Currently, @prompt member within _virConnectCredential struct is const
> char. This violates const correctness as we are not just strdup()-ing
> the value, we are even changing it (e.g. in virNetSSHKbIntCb()).
> ---
>  include/libvirt/libvirt.h.in | 2 +-
>  src/remote/remote_driver.c   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

I am not comfortable with this one.  This is an API change that WILL
cause compilation to fail on anyone that compiled against the old type.

> 
> diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
> index 1804c93..1bd3d1a 100644
> --- a/include/libvirt/libvirt.h.in
> +++ b/include/libvirt/libvirt.h.in
> @@ -1294,7 +1294,7 @@ typedef enum {
>  
>  struct _virConnectCredential {
>      int type; /* One of virConnectCredentialType constants */
> -    const char *prompt; /* Prompt to show to user */
> +    char *prompt; /* Prompt to show to user */

Is the USER allowed to change prompt?  Or is the only place where it is
changed our internal code?

>      const char *challenge; /* Additional challenge to show */
>      const char *defresult; /* Optional default result */
>      char *result; /* Result to be filled with user response (or defresult) */

Remember, the user WILL be changing result.

> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 13212d0..97be2a0 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -3733,7 +3733,7 @@ static int remoteAuthMakeCredentials(sasl_interact_t *interact,
>          }
>          if (interact[*ncred].challenge)
>              (*cred)[*ncred].challenge = interact[ninteract].challenge;
> -        (*cred)[*ncred].prompt = interact[ninteract].prompt;
> +        (*cred)[*ncred].prompt = (char *) interact[ninteract].prompt;

I'm still not convinced this is right.  Is casting away const
sufficient, or should we be strdup'ing here?

>          if (interact[*ncred].defresult)
>              (*cred)[*ncred].defresult = interact[ninteract].defresult;
>          (*cred)[*ncred].result = NULL;
> 

I'd really like someone else to weigh in on this one.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130520/63b5f1e2/attachment-0001.sig>

More information about the libvir-list mailing list