mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 21:34:54 +03:00
Fix naming of permission for detecting storage pools
The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum constant had its string format be 'detect_storage_pool', note the missing trailing 's'. This prevent the ACL check from ever succeeding. Fix this and add a simple test script to validate this problem of matching names. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
1c7037cff4
commit
935e7d02cf
@ -528,10 +528,16 @@ check-aclrules:
|
||||
$(REMOTE_PROTOCOL) \
|
||||
$(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES)))
|
||||
|
||||
check-aclperms:
|
||||
$(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \
|
||||
$(srcdir)/access/viraccessperm.h \
|
||||
$(srcdir)/access/viraccessperm.c
|
||||
|
||||
EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
|
||||
|
||||
check-local: check-protocol check-symfile check-symsorting \
|
||||
check-drivername check-driverimpls check-aclrules
|
||||
check-drivername check-driverimpls check-aclrules \
|
||||
check-aclperms
|
||||
.PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct)
|
||||
|
||||
# Mock driver, covering domains, storage, networks, etc
|
||||
|
@ -30,7 +30,7 @@ VIR_ENUM_IMPL(virAccessPermConnect,
|
||||
"search_storage_pools", "search_node_devices",
|
||||
"search_interfaces", "search_secrets",
|
||||
"search_nwfilters",
|
||||
"detect_storage_pool", "pm_control",
|
||||
"detect_storage_pools", "pm_control",
|
||||
"interface_transaction");
|
||||
|
||||
VIR_ENUM_IMPL(virAccessPermDomain,
|
||||
|
73
src/check-aclperms.pl
Executable file
73
src/check-aclperms.pl
Executable file
@ -0,0 +1,73 @@
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# Copyright (C) 2013 Red Hat, Inc.
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2.1 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# This script just validates that the stringified version of
|
||||
# a virAccessPerm enum matches the enum constant name. We do
|
||||
# a lot of auto-generation of code, so when these don't match
|
||||
# problems occur, preventing auth from succeeding at all.
|
||||
|
||||
my $hdr = shift;
|
||||
my $impl = shift;
|
||||
|
||||
my %perms;
|
||||
|
||||
my @perms;
|
||||
|
||||
open HDR, $hdr or die "cannot read $hdr: $!";
|
||||
|
||||
while (<HDR>) {
|
||||
if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) {
|
||||
my $perm = $1;
|
||||
|
||||
$perms{$perm} = 1 unless ($perm =~ /_LAST$/);
|
||||
}
|
||||
}
|
||||
|
||||
close HDR;
|
||||
|
||||
|
||||
open IMPL, $impl or die "cannot read $impl: $!";
|
||||
|
||||
my $group;
|
||||
my $warned = 0;
|
||||
|
||||
while (defined (my $line = <IMPL>)) {
|
||||
if ($line =~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) {
|
||||
$group = $1;
|
||||
} elsif ($line =~ /"[_a-z]+"/) {
|
||||
my @bits = split /,/, $line;
|
||||
foreach my $bit (@bits) {
|
||||
if ($bit =~ /"([_a-z]+)"/) {
|
||||
my $perm = uc($group . "_" . $1);
|
||||
if (!exists $perms{$perm}) {
|
||||
print STDERR "Unknown perm string $1 for group $group\n";
|
||||
$warned = 1;
|
||||
}
|
||||
delete $perms{$perm};
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
close IMPL;
|
||||
|
||||
foreach my $perm (keys %perms) {
|
||||
print STDERR "Perm $perm had not string form\n";
|
||||
$warned = 1;
|
||||
}
|
||||
|
||||
exit $warned;
|
Loading…
Reference in New Issue
Block a user