1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 21:34:54 +03:00

Fix naming of permission for detecting storage pools

The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum
constant had its string format be 'detect_storage_pool',
note the missing trailing 's'. This prevent the ACL
check from ever succeeding. Fix this and add a simple
test script to validate this problem of matching names.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-09-12 14:35:45 +01:00
parent 1c7037cff4
commit 935e7d02cf
3 changed files with 81 additions and 2 deletions

View File

@ -528,10 +528,16 @@ check-aclrules:
$(REMOTE_PROTOCOL) \
$(addprefix $(srcdir)/,$(filter-out /%,$(STATEFUL_DRIVER_SOURCE_FILES)))
check-aclperms:
$(AM_V_GEN)$(PERL) $(srcdir)/check-aclperms.pl \
$(srcdir)/access/viraccessperm.h \
$(srcdir)/access/viraccessperm.c
EXTRA_DIST += check-driverimpls.pl check-aclrules.pl
check-local: check-protocol check-symfile check-symsorting \
check-drivername check-driverimpls check-aclrules
check-drivername check-driverimpls check-aclrules \
check-aclperms
.PHONY: check-protocol $(PROTOCOL_STRUCTS:structs=struct)
# Mock driver, covering domains, storage, networks, etc

View File

@ -30,7 +30,7 @@ VIR_ENUM_IMPL(virAccessPermConnect,
"search_storage_pools", "search_node_devices",
"search_interfaces", "search_secrets",
"search_nwfilters",
"detect_storage_pool", "pm_control",
"detect_storage_pools", "pm_control",
"interface_transaction");
VIR_ENUM_IMPL(virAccessPermDomain,

73
src/check-aclperms.pl Executable file
View File

@ -0,0 +1,73 @@
#!/usr/bin/perl
#
# Copyright (C) 2013 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# This script just validates that the stringified version of
# a virAccessPerm enum matches the enum constant name. We do
# a lot of auto-generation of code, so when these don't match
# problems occur, preventing auth from succeeding at all.
my $hdr = shift;
my $impl = shift;
my %perms;
my @perms;
open HDR, $hdr or die "cannot read $hdr: $!";
while (<HDR>) {
if (/^\s+VIR_ACCESS_PERM_([_A-Z]+)(,?|\s|$)/) {
my $perm = $1;
$perms{$perm} = 1 unless ($perm =~ /_LAST$/);
}
}
close HDR;
open IMPL, $impl or die "cannot read $impl: $!";
my $group;
my $warned = 0;
while (defined (my $line = <IMPL>)) {
if ($line =~ /VIR_ACCESS_PERM_([_A-Z]+)_LAST/) {
$group = $1;
} elsif ($line =~ /"[_a-z]+"/) {
my @bits = split /,/, $line;
foreach my $bit (@bits) {
if ($bit =~ /"([_a-z]+)"/) {
my $perm = uc($group . "_" . $1);
if (!exists $perms{$perm}) {
print STDERR "Unknown perm string $1 for group $group\n";
$warned = 1;
}
delete $perms{$perm};
}
}
}
}
close IMPL;
foreach my $perm (keys %perms) {
print STDERR "Perm $perm had not string form\n";
$warned = 1;
}
exit $warned;