shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 06:50:22 +03:00
Code Releases Activity

Expose ownership ID parsing

Browse Source 
Parsing 'user:group' is useful even outside the DAC security driver,
so expose the most abstract function which has no DAC security driver
bits in itself.
This commit is contained in:
Martin Kletzander 2013-05-24 17:35:01 +02:00
parent 3ceb4c7df6
commit bba579b6e0
4 changed files with 62 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libvirt_private.syms
View File

@ -2050,6 +2050,7 @@ virIsCapableVport;
virIsDevMapperDevice;
virManageVport;
virParseNumber;
virParseOwnershipIds;
virParseVersionString;
virPipeReadUntilEOF;
virReadFCHost;

51
src/security/security_dac.c
View File

@ -33,6 +33,7 @@
#include "virscsi.h"
#include "virstoragefile.h"
#include "virstring.h"
#include "virutil.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_DAC_NAME "dac"
@ -72,52 +73,6 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
priv->dynamicOwnership = dynamicOwnership;
}
static int
parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
{
int rc = -1;
uid_t theuid;
gid_t thegid;
char *tmp_label = NULL;
char *sep = NULL;
char *owner = NULL;
char *group = NULL;
if (VIR_STRDUP(tmp_label, label) < 0)
goto cleanup;
/* Split label */
sep = strchr(tmp_label, ':');
if (sep == NULL) {
virReportError(VIR_ERR_INVALID_ARG,
_("Missing separator ':' in DAC label \"%s\""),
label);
goto cleanup;
}
*sep = '\0';
owner = tmp_label;
group = sep + 1;
/* Parse owner and group, error message is defined by
* virGetUserID or virGetGroupID.
*/
if (virGetUserID(owner, &theuid) < 0 ||
virGetGroupID(group, &thegid) < 0)
goto cleanup;
if (uidPtr)
*uidPtr = theuid;
if (gidPtr)
*gidPtr = thegid;
rc = 0;
cleanup:
VIR_FREE(tmp_label);
return rc;
}
/* returns 1 if label isn't found, 0 on success, -1 on error */
static int
virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
@ -135,7 +90,7 @@ virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
return 1;
}
if (parseIds(seclabel->label, &uid, &gid) < 0)
if (virParseOwnershipIds(seclabel->label, &uid, &gid) < 0)
return -1;
if (uidPtr)
@ -206,7 +161,7 @@ virSecurityDACParseImageIds(virDomainDefPtr def,
return 1;
}
if (parseIds(seclabel->imagelabel, &uid, &gid) < 0)
if (virParseOwnershipIds(seclabel->imagelabel, &uid, &gid) < 0)
return -1;
if (uidPtr)

56
src/util/virutil.c
View File

@ -2017,3 +2017,59 @@ virCompareLimitUlong(unsigned long long a, unsigned long b)
return -1;
}
/**
* virParseOwnershipIds:
*
* Parse the usual "uid:gid" ownership specification into uid_t and
* gid_t passed as parameters. NULL value for those parameters mean
* the information is not needed. Also, none of those values are
* changed in case of any error.
*
* Returns -1 on error, 0 otherwise.
*/
int
virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
{
int rc = -1;
uid_t theuid;
gid_t thegid;
char *tmp_label = NULL;
char *sep = NULL;
char *owner = NULL;
char *group = NULL;
if (VIR_STRDUP(tmp_label, label) < 0)
goto cleanup;
/* Split label */
sep = strchr(tmp_label, ':');
if (sep == NULL) {
virReportError(VIR_ERR_INVALID_ARG,
_("Failed to parse uid and gid from '%s'"),
label);
goto cleanup;
}
*sep = '\0';
owner = tmp_label;
group = sep + 1;
/* Parse owner and group, error message is defined by
* virGetUserID or virGetGroupID.
*/
if (virGetUserID(owner, &theuid) < 0 ||
virGetGroupID(group, &thegid) < 0)
goto cleanup;
if (uidPtr)
*uidPtr = theuid;
if (gidPtr)
*gidPtr = thegid;
rc = 0;
cleanup:
VIR_FREE(tmp_label);
return rc;
}

2
src/util/virutil.h
View File

@ -169,4 +169,6 @@ char *virFindFCHostCapableVport(const char *sysfs_prefix);
int virCompareLimitUlong(unsigned long long a, unsigned long b);
int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
#endif /* __VIR_UTIL_H__ */