src: rewrite ACL permissions checker in Python

As part of a goal to eliminate Perl from libvirt build tools, rewrite the check-aclperms.pl tool in Python. This was a straight conversion, manually going line-by-line to change the syntax from Perl to Python. Thus the overall structure of the file and approach is the same. Tested-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-01-10 05:17:59 +03:00 · 2019-08-30 13:22:54 +01:00 · 2019-08-30 13:22:54 +01:00 · 312f232b17
commit 312f232b17
parent 2d6f543b06
4 changed files with 78 additions and 75 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -47,6 +47,7 @@ EXTRA_DIST = \
  AUTHORS.in \
  scripts/augeas-gentest.py \
  build-aux/check-spacing.pl \
  scripts/check-aclperms.py \
  scripts/header-ifdef.py \
  scripts/minimize-po.py \
  scripts/mock-noinline.py \
--- a/scripts/check-aclperms.py
+++ b/scripts/check-aclperms.py
@ -0,0 +1,75 @@
 #!/usr/bin/env python
 #
 # Copyright (C) 2013-2019 Red Hat, Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
 # License as published by the Free Software Foundation; either
 # version 2.1 of the License, or (at your option) any later version.
 #
 # This library is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
 #
 # This script just validates that the stringified version of
 # a virAccessPerm enum matches the enum constant name. We do
 # a lot of auto-generation of code, so when these don't match
 # problems occur, preventing auth from succeeding at all.
 from __future__ import print_function
 import re
 import sys
 if len(sys.argv) != 3:
    print("syntax: %s HEADER IMPL" % (sys.argv[0]), file=sys.stderr)
    sys.exit(1)
 hdr = sys.argv[1]
 impl = sys.argv[2]
 perms = {}
 with open(hdr) as fh:
    for line in fh:
        symmatch = re.search(r"^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)", line)
        if symmatch is not None:
            perm = symmatch.group(1)
            if not perm.endswith("_LAST"):
                perms[perm] = 1
 warned = False
 with open(impl) as fh:
    group = None
    for line in fh:
        symlastmatch = re.search(r"VIR_ACCESS_PERM_([_A-Z]+)_LAST", line)
        if symlastmatch is not None:
            group = symlastmatch.group(1)
        elif re.search(r'''"[_a-z]+"''', line) is not None:
            bits = line.split(",")
            for bit in bits:
                m = re.search(r'''"([_a-z]+)"''', bit)
                if m is not None:
                    perm = (group + "_" + m.group(1)).upper()
                    if perm not in perms:
                        print("Unknown perm string %s for group %s" %
                              (m.group(1), group), file=sys.stderr)
                        warned = True
                    del perms[perm]
 for perm in perms.keys():
    print("Perm %s had not string form" % perm, file=sys.stderr)
    warned = True
 if warned:
    sys.exit(1)
 sys.exit(0)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -350,11 +350,11 @@ check-aclrules:
 		$(STATEFUL_DRIVER_SOURCE_FILES)
 check-aclperms:
-	$(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-aclperms.py \
 		$(srcdir)/access/viraccessperm.h \
 		$(srcdir)/access/viraccessperm.c
-EXTRA_DIST += check-driverimpls.pl check-aclrules.pl check-aclperms.pl
+EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
 check-local: check-protocol check-symfile check-symsorting \
 	check-drivername check-driverimpls check-aclrules \
--- a/src/check-aclperms.pl
+++ b/src/check-aclperms.pl
@ -1,73 +0,0 @@
 #!/usr/bin/env perl
 #
 # Copyright (C) 2013 Red Hat, Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
 # License as published by the Free Software Foundation; either
 # version 2.1 of the License, or (at your option) any later version.
 #
 # This library is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
 #
 # This script just validates that the stringified version of
 # a virAccessPerm enum matches the enum constant name. We do
 # a lot of auto-generation of code, so when these don't match
 # problems occur, preventing auth from succeeding at all.
 my $hdr = shift;
 my $impl = shift;
 my %perms;
 my @perms;
 open HDR, $hdr or die "cannot read $hdr: $!";
 while (<HDR>) {
    if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) {
        my $perm = $1;
        $perms{$perm} = 1 unless ($perm =~ /_LAST$/);
    }
 }
 close HDR;
 open IMPL, $impl or die "cannot read $impl: $!";
 my $group;
 my $warned = 0;
 while (defined (my $line = <IMPL>)) {
    if ($line =~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) {
        $group = $1;
    } elsif ($line =~ /"[_a-z]+"/) {
        my @bits = split /,/, $line;
        foreach my $bit (@bits) {
            if ($bit =~ /"([_a-z]+)"/) {
                my $perm = uc($group . "_" . $1);
                if (!exists $perms{$perm}) {
                    print STDERR "Unknown perm string $1 for group $group\n";
                    $warned = 1;
                }
                delete $perms{$perm};
            }
        }
    }
 }
 close IMPL;
 foreach my $perm (keys %perms) {
    print STDERR "Perm $perm had not string form\n";
    $warned = 1;
 }
 exit $warned;