[libvirt] [PATCH 1/3] Expose ownership ID parsing
Michal Privoznik
mprivozn at redhat.com
Wed Jul 24 08:56:55 UTC 2013
On 24.05.2013 22:25, Martin Kletzander wrote:
> Parsing 'user:group' is useful even outside the DAC security driver,
> so expose the most abstract function which has no DAC security driver
> bits in itself.
>
> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
> ---
> src/libvirt_private.syms | 1 +
> src/security/security_dac.c | 51 +++--------------------------------------
> src/util/virutil.c | 56 +++++++++++++++++++++++++++++++++++++++++++++
> src/util/virutil.h | 2 ++
> 4 files changed, 62 insertions(+), 48 deletions(-)
>
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 9d5f74b..1927451 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -1951,6 +1951,7 @@ virIsCapableVport;
> virIsDevMapperDevice;
> virManageVport;
> virParseNumber;
> +virParseOwnershipIds;
> virParseVersionString;
> virPipeReadUntilEOF;
> virReadFCHost;
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index b8d1a92..0264c28 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -33,6 +33,7 @@
> #include "virscsi.h"
> #include "virstoragefile.h"
> #include "virstring.h"
> +#include "virutil.h"
>
> #define VIR_FROM_THIS VIR_FROM_SECURITY
> #define SECURITY_DAC_NAME "dac"
> @@ -70,52 +71,6 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
> priv->dynamicOwnership = dynamicOwnership;
> }
>
> -static int
> -parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
> -{
> - int rc = -1;
> - uid_t theuid;
> - gid_t thegid;
> - char *tmp_label = NULL;
> - char *sep = NULL;
> - char *owner = NULL;
> - char *group = NULL;
> -
> - if (VIR_STRDUP(tmp_label, label) < 0)
> - goto cleanup;
> -
> - /* Split label */
> - sep = strchr(tmp_label, ':');
> - if (sep == NULL) {
> - virReportError(VIR_ERR_INVALID_ARG,
> - _("Missing separator ':' in DAC label \"%s\""),
> - label);
> - goto cleanup;
> - }
> - *sep = '\0';
> - owner = tmp_label;
> - group = sep + 1;
> -
> - /* Parse owner and group, error message is defined by
> - * virGetUserID or virGetGroupID.
> - */
> - if (virGetUserID(owner, &theuid) < 0 ||
> - virGetGroupID(group, &thegid) < 0)
> - goto cleanup;
> -
> - if (uidPtr)
> - *uidPtr = theuid;
> - if (gidPtr)
> - *gidPtr = thegid;
> -
> - rc = 0;
> -
> -cleanup:
> - VIR_FREE(tmp_label);
> -
> - return rc;
> -}
> -
> /* returns 1 if label isn't found, 0 on success, -1 on error */
> static int
> virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
> @@ -133,7 +88,7 @@ virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
> return 1;
> }
>
> - if (parseIds(seclabel->label, &uid, &gid) < 0)
> + if (virParseOwnershipIds(seclabel->label, &uid, &gid) < 0)
> return -1;
>
> if (uidPtr)
> @@ -194,7 +149,7 @@ virSecurityDACParseImageIds(virDomainDefPtr def,
> return 1;
> }
>
> - if (parseIds(seclabel->imagelabel, &uid, &gid) < 0)
> + if (virParseOwnershipIds(seclabel->imagelabel, &uid, &gid) < 0)
> return -1;
>
> if (uidPtr)
> diff --git a/src/util/virutil.c b/src/util/virutil.c
> index 028f1d1..450e5e3 100644
> --- a/src/util/virutil.c
> +++ b/src/util/virutil.c
> @@ -2071,3 +2071,59 @@ virCompareLimitUlong(unsigned long long a, unsigned long b)
>
> return -1;
> }
> +
> +/**
> + * virParseOwnershipIds:
> + *
> + * Parse the usual "uid:gid" ownership specification into uid_t and
> + * gid_t passed as parameters. NULL value for those parameters mean
> + * the information is not needed. Also, none of those values are
> + * changed in case of any error.
> + *
> + * Returns -1 on error, 0 otherwise.
> + */
> +int
> +virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
> +{
> + int rc = -1;
> + uid_t theuid;
> + gid_t thegid;
> + char *tmp_label = NULL;
> + char *sep = NULL;
> + char *owner = NULL;
> + char *group = NULL;
> +
> + if (VIR_STRDUP(tmp_label, label) < 0)
> + goto cleanup;
> +
> + /* Split label */
> + sep = strchr(tmp_label, ':');
> + if (sep == NULL) {
> + virReportError(VIR_ERR_INVALID_ARG,
> + _("Failed to parse uid and gid from '%s'"),
This is the only change to the original impl.
> + label);
> + goto cleanup;
> + }
> + *sep = '\0';
> + owner = tmp_label;
> + group = sep + 1;
> +
> + /* Parse owner and group, error message is defined by
> + * virGetUserID or virGetGroupID.
> + */
> + if (virGetUserID(owner, &theuid) < 0 ||
> + virGetGroupID(group, &thegid) < 0)
> + goto cleanup;
> +
> + if (uidPtr)
> + *uidPtr = theuid;
> + if (gidPtr)
> + *gidPtr = thegid;
> +
> + rc = 0;
> +
> +cleanup:
> + VIR_FREE(tmp_label);
> +
> + return rc;
> +}
> diff --git a/src/util/virutil.h b/src/util/virutil.h
> index 280a18d..0f6bcc1 100644
> --- a/src/util/virutil.h
> +++ b/src/util/virutil.h
> @@ -166,4 +166,6 @@ char *virFindFCHostCapableVport(const char *sysfs_prefix);
>
> int virCompareLimitUlong(unsigned long long a, unsigned long b);
>
> +int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
> +
> #endif /* __VIR_UTIL_H__ */
>
Michal
More information about the libvir-list
mailing list