[libvirt] [PATCH v2 10/24] src: rewrite ACL permissions checker in Python
Daniel P. Berrangé
berrange at redhat.com
Wed Sep 11 16:23:19 UTC 2019
As part of an goal to eliminate Perl from libvirt build tools,
rewrite the check-aclperms.pl tool in Python.
This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.
Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
src/Makefile.am | 4 +--
src/check-aclperms.pl | 73 ----------------------------------------
src/check-aclperms.py | 77 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 79 insertions(+), 75 deletions(-)
delete mode 100755 src/check-aclperms.pl
create mode 100755 src/check-aclperms.py
diff --git a/src/Makefile.am b/src/Makefile.am
index 7a4de2aa53..c441525b7d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -359,11 +359,11 @@ check-aclrules:
$(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES)))
check-aclperms:
- $(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \
+ $(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(srcdir)/check-aclperms.py \
$(srcdir)/access/viraccessperm.h \
$(srcdir)/access/viraccessperm.c
-EXTRA_DIST += check-driverimpls.pl check-aclrules.pl check-aclperms.pl
+EXTRA_DIST += check-driverimpls.pl check-aclrules.pl check-aclperms.py
check-local: check-protocol check-symfile check-symsorting \
check-drivername check-driverimpls check-aclrules \
diff --git a/src/check-aclperms.pl b/src/check-aclperms.pl
deleted file mode 100755
index 55b6598313..0000000000
--- a/src/check-aclperms.pl
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library. If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# This script just validates that the stringified version of
-# a virAccessPerm enum matches the enum constant name. We do
-# a lot of auto-generation of code, so when these don't match
-# problems occur, preventing auth from succeeding at all.
-
-my $hdr = shift;
-my $impl = shift;
-
-my %perms;
-
-my @perms;
-
-open HDR, $hdr or die "cannot read $hdr: $!";
-
-while (<HDR>) {
- if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) {
- my $perm = $1;
-
- $perms{$perm} = 1 unless ($perm =~ /_LAST$/);
- }
-}
-
-close HDR;
-
-
-open IMPL, $impl or die "cannot read $impl: $!";
-
-my $group;
-my $warned = 0;
-
-while (defined (my $line = <IMPL>)) {
- if ($line =~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) {
- $group = $1;
- } elsif ($line =~ /"[_a-z]+"/) {
- my @bits = split /,/, $line;
- foreach my $bit (@bits) {
- if ($bit =~ /"([_a-z]+)"/) {
- my $perm = uc($group . "_" . $1);
- if (!exists $perms{$perm}) {
- print STDERR "Unknown perm string $1 for group $group\n";
- $warned = 1;
- }
- delete $perms{$perm};
- }
- }
- }
-}
-close IMPL;
-
-foreach my $perm (keys %perms) {
- print STDERR "Perm $perm had not string form\n";
- $warned = 1;
-}
-
-exit $warned;
diff --git a/src/check-aclperms.py b/src/check-aclperms.py
new file mode 100755
index 0000000000..ace6ab6757
--- /dev/null
+++ b/src/check-aclperms.py
@@ -0,0 +1,77 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2013-2019 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# This script just validates that the stringified version of
+# a virAccessPerm enum matches the enum constant name. We do
+# a lot of auto-generation of code, so when these don't match
+# problems occur, preventing auth from succeeding at all.
+
+from __future__ import print_function
+
+import re
+import sys
+
+if len(sys.argv) != 3:
+ print("syntax: %s HEADER IMPL" % (sys.argv[0]), file=sys.stderr)
+ sys.exit(1)
+
+hdr = sys.argv[1]
+impl = sys.argv[2]
+
+perms = {}
+
+with open(hdr) as fh:
+ symprog = re.compile(r"^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$).*")
+ for line in fh:
+ symmatch = symprog.match(line)
+ if symmatch is not None:
+ perm = symmatch.group(1)
+
+ if not perm.endswith("_LAST"):
+ perms[perm] = 1
+
+warned = False
+
+with open(impl) as fh:
+ group = None
+ symlastprog = re.compile(r".*VIR_ACCESS_PERM_([_A-Z]+)_LAST.*")
+ alnumprog = re.compile(r'''.*"([_a-z]+)".*''')
+
+ for line in fh:
+ symlastmatch = symlastprog.match(line)
+ if symlastmatch is not None:
+ group = symlastmatch.group(1)
+ elif alnumprog.match(line) is not None:
+ bits = line.split(",")
+ for bit in bits:
+ m = alnumprog.match(bit)
+ if m is not None:
+ perm = (group + "_" + m.group(1)).upper()
+ if perm not in perms:
+ print("Unknown perm string %s for group %s" % (m.group(1), group), file=sys.stderr)
+ warned = True
+
+ del perms[perm]
+
+for perm in perms.keys():
+ print("Perm %s had not string form" % perm, file=sys.stderr)
+ warned = True
+
+if warned:
+ sys.exit(1)
+sys.exit(0)
--
2.21.0
More information about the libvir-list
mailing list