2007-07-19 16:22:40 +00:00
|
|
|
/*
|
|
|
|
* utils.c: common, generic utility functions
|
|
|
|
*
|
2012-01-02 22:03:19 +00:00
|
|
|
* Copyright (C) 2006-2012 Red Hat, Inc.
|
2007-07-19 16:22:40 +00:00
|
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
|
|
* Copyright (C) 2006, 2007 Binary Karma
|
|
|
|
* Copyright (C) 2006 Shuveb Hussain
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 22:30:55 +00:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 10:06:23 +00:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2007-07-19 16:22:40 +00:00
|
|
|
*
|
|
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
* File created Jul 18, 2007 - Shuveb Hussain <shuveb@binarykarma.com>
|
|
|
|
*/
|
|
|
|
|
2008-01-29 18:15:54 +00:00
|
|
|
#include <config.h>
|
2007-12-03 16:19:41 +00:00
|
|
|
|
2007-07-19 16:22:40 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdarg.h>
|
2010-01-15 09:31:23 +00:00
|
|
|
#include <stdlib.h>
|
2007-07-19 16:22:40 +00:00
|
|
|
#include <unistd.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <errno.h>
|
2008-11-05 18:57:42 +00:00
|
|
|
#include <poll.h>
|
2007-12-03 14:30:46 +00:00
|
|
|
#include <sys/stat.h>
|
2011-05-10 18:42:59 +00:00
|
|
|
#include <sys/types.h>
|
2009-01-20 16:36:34 +00:00
|
|
|
#include <sys/ioctl.h>
|
2010-04-29 03:31:16 +00:00
|
|
|
#include <sys/wait.h>
|
2009-03-20 12:17:56 +00:00
|
|
|
#if HAVE_MMAP
|
2010-03-09 18:22:22 +00:00
|
|
|
# include <sys/mman.h>
|
2009-03-20 12:17:56 +00:00
|
|
|
#endif
|
2007-12-03 16:19:41 +00:00
|
|
|
#include <string.h>
|
2008-08-20 08:53:49 +00:00
|
|
|
#include <signal.h>
|
2010-09-22 18:08:58 +00:00
|
|
|
#include <termios.h>
|
2011-11-03 20:56:13 +00:00
|
|
|
#include <pty.h>
|
2012-08-11 19:13:00 +00:00
|
|
|
#include <locale.h>
|
2011-11-03 20:56:13 +00:00
|
|
|
|
2011-02-18 19:00:47 +00:00
|
|
|
#if HAVE_LIBDEVMAPPER_H
|
|
|
|
# include <libdevmapper.h>
|
|
|
|
#endif
|
2007-12-03 16:19:41 +00:00
|
|
|
|
2007-12-07 14:45:39 +00:00
|
|
|
#ifdef HAVE_PATHS_H
|
2010-03-09 18:22:22 +00:00
|
|
|
# include <paths.h>
|
2007-12-07 14:45:39 +00:00
|
|
|
#endif
|
2009-01-07 10:43:16 +00:00
|
|
|
#include <netdb.h>
|
2009-01-22 19:41:48 +00:00
|
|
|
#ifdef HAVE_GETPWUID_R
|
2010-03-09 18:22:22 +00:00
|
|
|
# include <pwd.h>
|
|
|
|
# include <grp.h>
|
2009-01-22 19:41:48 +00:00
|
|
|
#endif
|
2009-06-29 17:00:52 +00:00
|
|
|
#if HAVE_CAPNG
|
2010-03-09 18:22:22 +00:00
|
|
|
# include <cap-ng.h>
|
2009-06-29 17:00:52 +00:00
|
|
|
#endif
|
2010-04-23 09:34:17 +00:00
|
|
|
#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
|
2010-03-09 18:22:22 +00:00
|
|
|
# include <mntent.h>
|
Support configuration of huge pages in guests
Add option to domain XML for
<memoryBacking>
<hugepages/>
</memoryBacking>
* configure.in: Add check for mntent.h
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
Add 'hugetlbfs_mount' config parameter
* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
and pass it when hugepages are requested.
Load hugetlbfs_mount config parameter, search for mount if not given.
* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
Create directory for QEMU hugepage usage, chowning if required.
* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
helper API
* tests/qemuhelptest.c: Add -mem-path constants
* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
handling
* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
hugepage tests
2009-08-25 14:05:18 +00:00
|
|
|
#endif
|
2007-12-07 14:45:39 +00:00
|
|
|
|
2012-05-24 13:37:54 +00:00
|
|
|
#ifdef WIN32
|
2012-06-21 13:37:34 +00:00
|
|
|
# ifdef HAVE_WINSOCK2_H
|
|
|
|
# include <winsock2.h>
|
|
|
|
# endif
|
2012-05-24 13:37:54 +00:00
|
|
|
# include <windows.h>
|
|
|
|
# include <shlobj.h>
|
|
|
|
#endif
|
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
#include "c-ctype.h"
|
2010-06-28 21:06:36 +00:00
|
|
|
#include "dirname.h"
|
2008-11-04 22:30:33 +00:00
|
|
|
#include "virterror_internal.h"
|
2008-11-06 16:36:07 +00:00
|
|
|
#include "logging.h"
|
2007-07-19 16:22:40 +00:00
|
|
|
#include "buf.h"
|
2007-07-19 19:23:30 +00:00
|
|
|
#include "util.h"
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
#include "storage_file.h"
|
2008-05-29 19:20:22 +00:00
|
|
|
#include "memory.h"
|
2009-01-22 20:27:01 +00:00
|
|
|
#include "threads.h"
|
2010-04-29 03:36:03 +00:00
|
|
|
#include "verify.h"
|
2011-07-19 18:32:58 +00:00
|
|
|
#include "virfile.h"
|
2011-03-22 17:55:45 +00:00
|
|
|
#include "command.h"
|
2011-03-31 22:00:20 +00:00
|
|
|
#include "nonblocking.h"
|
2011-04-20 19:56:50 +00:00
|
|
|
#include "passfd.h"
|
2012-09-24 17:10:37 +00:00
|
|
|
#include "virprocess.h"
|
Move safewrite and saferead to a separate file.
We currently use safewrite from inside libvirt and don't want to publish
any such function name. However, we do want to use it in applications
like virsh, libvirtd and libvirt_proxy that link with libvirt. To that
end, this change moves that function definition (along with the nearly
identical saferead) into a new file, util-lib.c. To avoid maintaining
separate copies of even such small functions, we simply include that new
file from util.c. Then, the separate applications that need to use
safewrite simply compile and link with util-lib.c.
Of course, this does mean that each of those applications will
containing two copies of these functions. However, the functions
are so small that it's not worth worrying about that.
* src/util.c (saferead, safewrite): Move function definitions to
util-lib.c and include that .c file.
* src/util-lib.c (saferead, safewrite): New file. Functions from src/util.c
with slight change (s/int r =/ssize_t r =/) to reflect read/write return type.
* src/util-lib.h: Declare the two moved functions.
* src/util.h: Remove declarations. Include src/util-lib.h.
* proxy/Makefile.am (libvirt_proxy_SOURCES): Add src/util-lib.c.
* qemud/Makefile.am (libvirtd_SOURCES): Likewise.
* src/Makefile.am (virsh_SOURCES): Add util-lib.c. Remove some SP-before-TAB.
2008-02-22 15:53:13 +00:00
|
|
|
|
2008-08-20 08:53:49 +00:00
|
|
|
#ifndef NSIG
|
|
|
|
# define NSIG 32
|
|
|
|
#endif
|
|
|
|
|
2012-03-29 09:52:04 +00:00
|
|
|
verify(sizeof(gid_t) <= sizeof(unsigned int) &&
|
|
|
|
sizeof(uid_t) <= sizeof(unsigned int));
|
2010-04-29 03:36:03 +00:00
|
|
|
|
2009-01-20 17:13:33 +00:00
|
|
|
#define VIR_FROM_THIS VIR_FROM_NONE
|
2007-07-19 16:22:40 +00:00
|
|
|
|
2008-11-17 11:03:25 +00:00
|
|
|
/* Like read(), but restarts after EINTR */
|
2010-11-22 23:50:00 +00:00
|
|
|
ssize_t
|
|
|
|
saferead(int fd, void *buf, size_t count)
|
2008-11-17 11:03:25 +00:00
|
|
|
{
|
2010-11-22 23:50:00 +00:00
|
|
|
size_t nread = 0;
|
|
|
|
while (count > 0) {
|
|
|
|
ssize_t r = read(fd, buf, count);
|
|
|
|
if (r < 0 && errno == EINTR)
|
|
|
|
continue;
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return nread;
|
|
|
|
buf = (char *)buf + r;
|
|
|
|
count -= r;
|
|
|
|
nread += r;
|
|
|
|
}
|
|
|
|
return nread;
|
2008-11-17 11:03:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Like write(), but restarts after EINTR */
|
2010-11-22 23:50:00 +00:00
|
|
|
ssize_t
|
|
|
|
safewrite(int fd, const void *buf, size_t count)
|
2008-11-17 11:03:25 +00:00
|
|
|
{
|
2010-11-22 23:50:00 +00:00
|
|
|
size_t nwritten = 0;
|
|
|
|
while (count > 0) {
|
|
|
|
ssize_t r = write(fd, buf, count);
|
|
|
|
|
|
|
|
if (r < 0 && errno == EINTR)
|
|
|
|
continue;
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return nwritten;
|
|
|
|
buf = (const char *)buf + r;
|
|
|
|
count -= r;
|
|
|
|
nwritten += r;
|
|
|
|
}
|
|
|
|
return nwritten;
|
2008-11-17 11:03:25 +00:00
|
|
|
}
|
|
|
|
|
2009-03-20 12:17:56 +00:00
|
|
|
#ifdef HAVE_POSIX_FALLOCATE
|
2011-07-06 22:32:10 +00:00
|
|
|
int safezero(int fd, off_t offset, off_t len)
|
2009-03-20 12:17:56 +00:00
|
|
|
{
|
2011-06-14 08:07:39 +00:00
|
|
|
int ret = posix_fallocate(fd, offset, len);
|
|
|
|
if (ret == 0)
|
|
|
|
return 0;
|
|
|
|
errno = ret;
|
|
|
|
return -1;
|
2009-03-20 12:17:56 +00:00
|
|
|
}
|
|
|
|
#else
|
|
|
|
|
2010-03-09 18:22:22 +00:00
|
|
|
# ifdef HAVE_MMAP
|
2011-07-06 22:32:10 +00:00
|
|
|
int safezero(int fd, off_t offset, off_t len)
|
2009-03-20 12:17:56 +00:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
char *buf;
|
|
|
|
|
|
|
|
/* memset wants the mmap'ed file to be present on disk so create a
|
|
|
|
* sparse file
|
|
|
|
*/
|
2009-04-02 18:42:33 +00:00
|
|
|
r = ftruncate(fd, offset + len);
|
2009-03-20 12:17:56 +00:00
|
|
|
if (r < 0)
|
2010-03-02 15:11:24 +00:00
|
|
|
return -1;
|
2009-03-20 12:17:56 +00:00
|
|
|
|
|
|
|
buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, offset);
|
|
|
|
if (buf == MAP_FAILED)
|
2010-03-02 15:11:24 +00:00
|
|
|
return -1;
|
2009-03-20 12:17:56 +00:00
|
|
|
|
|
|
|
memset(buf, 0, len);
|
|
|
|
munmap(buf, len);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-03-09 18:22:22 +00:00
|
|
|
# else /* HAVE_MMAP */
|
2009-03-20 12:17:56 +00:00
|
|
|
|
2011-07-06 22:32:10 +00:00
|
|
|
int safezero(int fd, off_t offset, off_t len)
|
2009-03-20 12:17:56 +00:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
char *buf;
|
|
|
|
unsigned long long remain, bytes;
|
|
|
|
|
2009-04-02 18:42:33 +00:00
|
|
|
if (lseek(fd, offset, SEEK_SET) < 0)
|
2010-03-02 15:11:24 +00:00
|
|
|
return -1;
|
2009-04-02 18:42:33 +00:00
|
|
|
|
2009-03-20 12:17:56 +00:00
|
|
|
/* Split up the write in small chunks so as not to allocate lots of RAM */
|
|
|
|
remain = len;
|
|
|
|
bytes = 1024 * 1024;
|
|
|
|
|
|
|
|
r = VIR_ALLOC_N(buf, bytes);
|
2010-03-02 15:11:24 +00:00
|
|
|
if (r < 0) {
|
|
|
|
errno = ENOMEM;
|
|
|
|
return -1;
|
|
|
|
}
|
2009-03-20 12:17:56 +00:00
|
|
|
|
|
|
|
while (remain) {
|
|
|
|
if (bytes > remain)
|
|
|
|
bytes = remain;
|
|
|
|
|
2010-03-02 15:11:24 +00:00
|
|
|
r = safewrite(fd, buf, bytes);
|
2009-03-20 12:17:56 +00:00
|
|
|
if (r < 0) {
|
|
|
|
VIR_FREE(buf);
|
2010-03-02 15:11:24 +00:00
|
|
|
return -1;
|
2009-03-20 12:17:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* safewrite() guarantees all data will be written */
|
|
|
|
remain -= bytes;
|
|
|
|
}
|
|
|
|
VIR_FREE(buf);
|
|
|
|
return 0;
|
|
|
|
}
|
2010-03-09 18:22:22 +00:00
|
|
|
# endif /* HAVE_MMAP */
|
2009-03-20 12:17:56 +00:00
|
|
|
#endif /* HAVE_POSIX_FALLOCATE */
|
|
|
|
|
2008-08-20 19:42:36 +00:00
|
|
|
int virFileStripSuffix(char *str,
|
|
|
|
const char *suffix)
|
|
|
|
{
|
|
|
|
int len = strlen(str);
|
|
|
|
int suffixlen = strlen(suffix);
|
|
|
|
|
|
|
|
if (len < suffixlen)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!STREQ(str + len - suffixlen, suffix))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
str[len-suffixlen] = '\0';
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2008-11-05 18:22:10 +00:00
|
|
|
char *
|
|
|
|
virArgvToString(const char *const *argv)
|
|
|
|
{
|
|
|
|
int len, i;
|
|
|
|
char *ret, *p;
|
|
|
|
|
|
|
|
for (len = 1, i = 0; argv[i]; i++)
|
|
|
|
len += strlen(argv[i]) + 1;
|
|
|
|
|
|
|
|
if (VIR_ALLOC_N(ret, len) < 0)
|
|
|
|
return NULL;
|
|
|
|
p = ret;
|
|
|
|
|
|
|
|
for (i = 0; argv[i]; i++) {
|
|
|
|
if (i != 0)
|
|
|
|
*(p++) = ' ';
|
|
|
|
|
|
|
|
strcpy(p, argv[i]);
|
|
|
|
p += strlen(argv[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
*p = '\0';
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2010-11-08 16:32:02 +00:00
|
|
|
#ifndef WIN32
|
2009-01-20 16:36:34 +00:00
|
|
|
|
2011-03-26 11:19:28 +00:00
|
|
|
int virSetInherit(int fd, bool inherit) {
|
2011-07-07 17:57:43 +00:00
|
|
|
int fflags;
|
|
|
|
if ((fflags = fcntl(fd, F_GETFD)) < 0)
|
2007-07-19 16:22:40 +00:00
|
|
|
return -1;
|
2011-03-26 11:19:28 +00:00
|
|
|
if (inherit)
|
2011-07-07 17:57:43 +00:00
|
|
|
fflags &= ~FD_CLOEXEC;
|
2011-03-26 11:19:28 +00:00
|
|
|
else
|
2011-07-07 17:57:43 +00:00
|
|
|
fflags |= FD_CLOEXEC;
|
|
|
|
if ((fcntl(fd, F_SETFD, fflags)) < 0)
|
2007-07-19 16:22:40 +00:00
|
|
|
return -1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-11-08 16:32:02 +00:00
|
|
|
#else /* WIN32 */
|
2010-03-20 10:57:30 +00:00
|
|
|
|
2011-03-26 11:19:28 +00:00
|
|
|
int virSetInherit(int fd ATTRIBUTE_UNUSED, bool inherit ATTRIBUTE_UNUSED)
|
2010-03-20 10:57:30 +00:00
|
|
|
{
|
2012-10-09 20:49:46 +00:00
|
|
|
/* FIXME: Currently creating child processes is not supported on
|
|
|
|
* Win32, so there is no point in failing calls that are only relevant
|
|
|
|
* when creating child processes. So just pretend that we changed the
|
|
|
|
* inheritance property of the given fd as requested. */
|
|
|
|
return 0;
|
2010-03-20 10:57:30 +00:00
|
|
|
}
|
2007-12-07 14:45:39 +00:00
|
|
|
|
2011-05-10 18:42:59 +00:00
|
|
|
#endif /* WIN32 */
|
|
|
|
|
|
|
|
int virSetBlocking(int fd, bool blocking) {
|
2012-10-17 09:23:12 +00:00
|
|
|
return set_nonblocking_flag(fd, !blocking);
|
2008-11-07 16:43:23 +00:00
|
|
|
}
|
|
|
|
|
2011-05-10 18:42:59 +00:00
|
|
|
int virSetNonBlock(int fd) {
|
|
|
|
return virSetBlocking(fd, false);
|
2010-12-10 23:46:23 +00:00
|
|
|
}
|
|
|
|
|
2011-05-10 18:42:59 +00:00
|
|
|
int virSetCloseExec(int fd)
|
2010-10-27 09:25:23 +00:00
|
|
|
{
|
2011-05-10 18:42:59 +00:00
|
|
|
return virSetInherit(fd, false);
|
2010-10-27 09:25:23 +00:00
|
|
|
}
|
|
|
|
|
2010-05-03 23:05:44 +00:00
|
|
|
int
|
|
|
|
virPipeReadUntilEOF(int outfd, int errfd,
|
|
|
|
char **outbuf, char **errbuf) {
|
|
|
|
|
|
|
|
struct pollfd fds[2];
|
|
|
|
int i;
|
|
|
|
int finished[2];
|
|
|
|
|
|
|
|
fds[0].fd = outfd;
|
|
|
|
fds[0].events = POLLIN;
|
2010-08-12 20:30:11 +00:00
|
|
|
fds[0].revents = 0;
|
2010-05-03 23:05:44 +00:00
|
|
|
finished[0] = 0;
|
|
|
|
fds[1].fd = errfd;
|
|
|
|
fds[1].events = POLLIN;
|
2010-08-12 20:30:11 +00:00
|
|
|
fds[1].revents = 0;
|
2010-05-03 23:05:44 +00:00
|
|
|
finished[1] = 0;
|
|
|
|
|
2012-10-17 09:23:12 +00:00
|
|
|
while (!(finished[0] && finished[1])) {
|
2010-05-03 23:05:44 +00:00
|
|
|
|
|
|
|
if (poll(fds, ARRAY_CARDINALITY(fds), -1) < 0) {
|
|
|
|
if ((errno == EAGAIN) || (errno == EINTR))
|
|
|
|
continue;
|
|
|
|
goto pollerr;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_CARDINALITY(fds); ++i) {
|
|
|
|
char data[1024], **buf;
|
|
|
|
int got, size;
|
|
|
|
|
|
|
|
if (!(fds[i].revents))
|
|
|
|
continue;
|
|
|
|
else if (fds[i].revents & POLLHUP)
|
|
|
|
finished[i] = 1;
|
|
|
|
|
|
|
|
if (!(fds[i].revents & POLLIN)) {
|
|
|
|
if (fds[i].revents & POLLHUP)
|
|
|
|
continue;
|
|
|
|
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("Unknown poll response."));
|
2010-05-03 23:05:44 +00:00
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
got = read(fds[i].fd, data, sizeof(data));
|
|
|
|
|
2010-11-03 07:43:43 +00:00
|
|
|
if (got == sizeof(data))
|
|
|
|
finished[i] = 0;
|
|
|
|
|
2010-05-03 23:05:44 +00:00
|
|
|
if (got == 0) {
|
|
|
|
finished[i] = 1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (got < 0) {
|
|
|
|
if (errno == EINTR)
|
|
|
|
continue;
|
|
|
|
if (errno == EAGAIN)
|
|
|
|
break;
|
|
|
|
goto pollerr;
|
|
|
|
}
|
|
|
|
|
|
|
|
buf = ((fds[i].fd == outfd) ? outbuf : errbuf);
|
|
|
|
size = (*buf ? strlen(*buf) : 0);
|
|
|
|
if (VIR_REALLOC_N(*buf, size+got+1) < 0) {
|
|
|
|
virReportOOMError();
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
memmove(*buf+size, data, got);
|
|
|
|
(*buf)[size+got] = '\0';
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
|
|
|
|
pollerr:
|
|
|
|
virReportSystemError(errno,
|
|
|
|
"%s", _("poll error"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
VIR_FREE(*outbuf);
|
|
|
|
VIR_FREE(*errbuf);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2008-04-08 15:33:16 +00:00
|
|
|
/* Like gnulib's fread_file, but read no more than the specified maximum
|
|
|
|
number of bytes. If the length of the input is <= max_len, and
|
|
|
|
upon error while reading that data, it works just like fread_file. */
|
|
|
|
static char *
|
2012-10-17 09:23:12 +00:00
|
|
|
saferead_lim(int fd, size_t max_len, size_t *length)
|
2008-04-08 15:33:16 +00:00
|
|
|
{
|
|
|
|
char *buf = NULL;
|
|
|
|
size_t alloc = 0;
|
|
|
|
size_t size = 0;
|
|
|
|
int save_errno;
|
|
|
|
|
|
|
|
for (;;) {
|
2009-10-12 19:32:33 +00:00
|
|
|
int count;
|
|
|
|
int requested;
|
2008-04-08 15:33:16 +00:00
|
|
|
|
|
|
|
if (size + BUFSIZ + 1 > alloc) {
|
|
|
|
alloc += alloc / 2;
|
|
|
|
if (alloc < size + BUFSIZ + 1)
|
|
|
|
alloc = size + BUFSIZ + 1;
|
|
|
|
|
2008-06-19 14:30:52 +00:00
|
|
|
if (VIR_REALLOC_N(buf, alloc) < 0) {
|
2008-04-08 15:33:16 +00:00
|
|
|
save_errno = errno;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Ensure that (size + requested <= max_len); */
|
2012-10-17 09:23:12 +00:00
|
|
|
requested = MIN(size < max_len ? max_len - size : 0,
|
|
|
|
alloc - size - 1);
|
|
|
|
count = saferead(fd, buf + size, requested);
|
2008-04-08 15:33:16 +00:00
|
|
|
size += count;
|
|
|
|
|
|
|
|
if (count != requested || requested == 0) {
|
|
|
|
save_errno = errno;
|
2009-10-12 19:32:33 +00:00
|
|
|
if (count < 0)
|
2008-04-08 15:33:16 +00:00
|
|
|
break;
|
|
|
|
buf[size] = '\0';
|
|
|
|
*length = size;
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-12-09 23:00:50 +00:00
|
|
|
VIR_FREE(buf);
|
2008-04-08 15:33:16 +00:00
|
|
|
errno = save_errno;
|
|
|
|
return NULL;
|
|
|
|
}
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2009-10-12 19:32:33 +00:00
|
|
|
/* A wrapper around saferead_lim that maps a failure due to
|
2008-09-02 10:29:51 +00:00
|
|
|
exceeding the maximum size limitation to EOVERFLOW. */
|
2010-03-03 10:42:11 +00:00
|
|
|
int
|
|
|
|
virFileReadLimFD(int fd, int maxlen, char **buf)
|
2007-12-03 14:30:46 +00:00
|
|
|
{
|
2008-04-08 15:33:16 +00:00
|
|
|
size_t len;
|
2010-03-03 10:42:11 +00:00
|
|
|
char *s;
|
|
|
|
|
|
|
|
if (maxlen <= 0) {
|
|
|
|
errno = EINVAL;
|
|
|
|
return -1;
|
|
|
|
}
|
2012-10-17 09:23:12 +00:00
|
|
|
s = saferead_lim(fd, maxlen+1, &len);
|
2008-09-02 10:29:51 +00:00
|
|
|
if (s == NULL)
|
|
|
|
return -1;
|
|
|
|
if (len > maxlen || (int)len != len) {
|
|
|
|
VIR_FREE(s);
|
|
|
|
/* There was at least one byte more than MAXLEN.
|
|
|
|
Set errno accordingly. */
|
|
|
|
errno = EOVERFLOW;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
*buf = s;
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
2008-11-17 11:03:25 +00:00
|
|
|
int virFileReadAll(const char *path, int maxlen, char **buf)
|
2008-09-02 10:29:51 +00:00
|
|
|
{
|
2009-10-12 19:32:33 +00:00
|
|
|
int fd = open(path, O_RDONLY);
|
|
|
|
if (fd < 0) {
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno, _("Failed to open file '%s'"), path);
|
2008-09-02 10:29:51 +00:00
|
|
|
return -1;
|
2007-12-03 14:30:46 +00:00
|
|
|
}
|
|
|
|
|
2009-10-12 19:32:33 +00:00
|
|
|
int len = virFileReadLimFD(fd, maxlen, buf);
|
2010-11-09 20:48:48 +00:00
|
|
|
VIR_FORCE_CLOSE(fd);
|
2008-09-02 10:29:51 +00:00
|
|
|
if (len < 0) {
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno, _("Failed to read file '%s'"), path);
|
2008-09-02 10:29:51 +00:00
|
|
|
return -1;
|
2007-12-03 14:30:46 +00:00
|
|
|
}
|
|
|
|
|
2008-09-02 10:29:51 +00:00
|
|
|
return len;
|
2007-12-03 14:30:46 +00:00
|
|
|
}
|
|
|
|
|
2010-12-03 09:47:08 +00:00
|
|
|
/* Truncate @path and write @str to it. If @mode is 0, ensure that
|
|
|
|
@path exists; otherwise, use @mode if @path must be created.
|
2009-02-13 19:13:06 +00:00
|
|
|
Return 0 for success, nonzero for failure.
|
|
|
|
Be careful to preserve any errno value upon failure. */
|
2010-12-03 09:47:08 +00:00
|
|
|
int virFileWriteStr(const char *path, const char *str, mode_t mode)
|
2009-02-13 19:13:06 +00:00
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
|
2010-12-03 09:47:08 +00:00
|
|
|
if (mode)
|
|
|
|
fd = open(path, O_WRONLY|O_TRUNC|O_CREAT, mode);
|
|
|
|
else
|
|
|
|
fd = open(path, O_WRONLY|O_TRUNC);
|
|
|
|
if (fd == -1)
|
2009-02-13 19:13:06 +00:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (safewrite(fd, str, strlen(str)) < 0) {
|
2010-11-09 20:48:48 +00:00
|
|
|
VIR_FORCE_CLOSE(fd);
|
2009-02-13 19:13:06 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Use errno from failed close only if there was no write error. */
|
2010-11-09 20:48:48 +00:00
|
|
|
if (VIR_CLOSE(fd) != 0)
|
2009-02-13 19:13:06 +00:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2007-12-03 14:30:46 +00:00
|
|
|
int virFileMatchesNameSuffix(const char *file,
|
|
|
|
const char *name,
|
|
|
|
const char *suffix)
|
|
|
|
{
|
|
|
|
int filelen = strlen(file);
|
|
|
|
int namelen = strlen(name);
|
|
|
|
int suffixlen = strlen(suffix);
|
|
|
|
|
|
|
|
if (filelen == (namelen + suffixlen) &&
|
2008-05-14 19:51:24 +00:00
|
|
|
STREQLEN(file, name, namelen) &&
|
|
|
|
STREQLEN(file + namelen, suffix, suffixlen))
|
2007-12-03 14:30:46 +00:00
|
|
|
return 1;
|
|
|
|
else
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int virFileHasSuffix(const char *str,
|
|
|
|
const char *suffix)
|
|
|
|
{
|
|
|
|
int len = strlen(str);
|
|
|
|
int suffixlen = strlen(suffix);
|
|
|
|
|
|
|
|
if (len < suffixlen)
|
|
|
|
return 0;
|
|
|
|
|
2010-04-30 12:03:41 +00:00
|
|
|
return STRCASEEQ(str + len - suffixlen, suffix);
|
2007-12-03 14:30:46 +00:00
|
|
|
}
|
|
|
|
|
2010-11-08 16:32:02 +00:00
|
|
|
#define SAME_INODE(Stat_buf_1, Stat_buf_2) \
|
2008-08-12 17:38:08 +00:00
|
|
|
((Stat_buf_1).st_ino == (Stat_buf_2).st_ino \
|
|
|
|
&& (Stat_buf_1).st_dev == (Stat_buf_2).st_dev)
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2008-08-12 17:38:08 +00:00
|
|
|
/* Return nonzero if checkLink and checkDest
|
|
|
|
refer to the same file. Otherwise, return 0. */
|
2007-12-03 14:30:46 +00:00
|
|
|
int virFileLinkPointsTo(const char *checkLink,
|
|
|
|
const char *checkDest)
|
|
|
|
{
|
2008-08-12 17:38:08 +00:00
|
|
|
struct stat src_sb;
|
|
|
|
struct stat dest_sb;
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2012-10-17 09:23:12 +00:00
|
|
|
return (stat(checkLink, &src_sb) == 0
|
|
|
|
&& stat(checkDest, &dest_sb) == 0
|
|
|
|
&& SAME_INODE(src_sb, dest_sb));
|
2007-12-07 14:45:39 +00:00
|
|
|
}
|
|
|
|
|
2009-04-01 10:26:22 +00:00
|
|
|
|
|
|
|
|
2012-01-17 21:33:02 +00:00
|
|
|
static int
|
|
|
|
virFileResolveLinkHelper(const char *linkpath,
|
|
|
|
bool intermediatePaths,
|
|
|
|
char **resultpath)
|
2009-04-01 10:26:22 +00:00
|
|
|
{
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
*resultpath = NULL;
|
|
|
|
|
2010-06-28 21:06:36 +00:00
|
|
|
/* We don't need the full canonicalization of intermediate
|
|
|
|
* directories, if linkpath is absolute and the basename is
|
|
|
|
* already a non-symlink. */
|
2012-01-17 21:33:02 +00:00
|
|
|
if (IS_ABSOLUTE_FILE_NAME(linkpath) && !intermediatePaths) {
|
2010-06-28 21:06:36 +00:00
|
|
|
if (lstat(linkpath, &st) < 0)
|
2010-05-14 20:50:27 +00:00
|
|
|
return -1;
|
2010-06-28 21:06:36 +00:00
|
|
|
|
|
|
|
if (!S_ISLNK(st.st_mode)) {
|
|
|
|
if (!(*resultpath = strdup(linkpath)))
|
|
|
|
return -1;
|
|
|
|
return 0;
|
|
|
|
}
|
2009-04-01 10:26:22 +00:00
|
|
|
}
|
|
|
|
|
2010-06-28 21:06:36 +00:00
|
|
|
*resultpath = canonicalize_file_name(linkpath);
|
2009-04-01 10:26:22 +00:00
|
|
|
|
2009-12-15 07:27:53 +00:00
|
|
|
return *resultpath == NULL ? -1 : 0;
|
2009-04-01 10:26:22 +00:00
|
|
|
}
|
|
|
|
|
2012-01-17 21:33:02 +00:00
|
|
|
/*
|
|
|
|
* Attempt to resolve a symbolic link, returning an
|
|
|
|
* absolute path where only the last component is guaranteed
|
|
|
|
* not to be a symlink.
|
|
|
|
*
|
|
|
|
* Return 0 if path was not a symbolic, or the link was
|
|
|
|
* resolved. Return -1 with errno set upon error
|
|
|
|
*/
|
|
|
|
int virFileResolveLink(const char *linkpath,
|
|
|
|
char **resultpath)
|
|
|
|
{
|
|
|
|
return virFileResolveLinkHelper(linkpath, false, resultpath);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Attempt to resolve a symbolic link, returning an
|
|
|
|
* absolute path where every component is guaranteed
|
|
|
|
* not to be a symlink.
|
|
|
|
*
|
|
|
|
* Return 0 if path was not a symbolic, or the link was
|
|
|
|
* resolved. Return -1 with errno set upon error
|
|
|
|
*/
|
|
|
|
int virFileResolveAllLinks(const char *linkpath,
|
|
|
|
char **resultpath)
|
|
|
|
{
|
|
|
|
return virFileResolveLinkHelper(linkpath, true, resultpath);
|
|
|
|
}
|
2011-08-16 19:36:22 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Check whether the given file is a link.
|
|
|
|
* Returns 1 in case of the file being a link, 0 in case it is not
|
|
|
|
* a link and the negative errno in all other cases.
|
|
|
|
*/
|
|
|
|
int virFileIsLink(const char *linkpath)
|
|
|
|
{
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
if (lstat(linkpath, &st) < 0)
|
|
|
|
return -errno;
|
|
|
|
|
2012-03-22 11:33:35 +00:00
|
|
|
return S_ISLNK(st.st_mode) != 0;
|
2011-08-16 19:36:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-06-11 13:18:56 +00:00
|
|
|
/*
|
2011-01-12 16:12:24 +00:00
|
|
|
* Finds a requested executable file in the PATH env. e.g.:
|
2009-06-11 13:18:56 +00:00
|
|
|
* "kvm-img" will return "/usr/bin/kvm-img"
|
|
|
|
*
|
|
|
|
* You must free the result
|
|
|
|
*/
|
|
|
|
char *virFindFileInPath(const char *file)
|
|
|
|
{
|
2011-07-12 22:47:01 +00:00
|
|
|
char *path = NULL;
|
2011-01-12 16:12:24 +00:00
|
|
|
char *pathiter;
|
2009-06-11 13:18:56 +00:00
|
|
|
char *pathseg;
|
2011-01-12 16:12:24 +00:00
|
|
|
char *fullpath = NULL;
|
2009-06-11 13:18:56 +00:00
|
|
|
|
2010-01-25 15:01:15 +00:00
|
|
|
if (file == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
/* if we are passed an absolute path (starting with /), return a
|
2011-01-12 16:12:24 +00:00
|
|
|
* copy of that path, after validating that it is executable
|
2010-01-25 15:01:15 +00:00
|
|
|
*/
|
2011-01-12 16:12:24 +00:00
|
|
|
if (IS_ABSOLUTE_FILE_NAME(file)) {
|
|
|
|
if (virFileIsExecutable(file))
|
2010-01-25 15:01:15 +00:00
|
|
|
return strdup(file);
|
|
|
|
else
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2011-07-12 22:47:01 +00:00
|
|
|
/* If we are passed an anchored path (containing a /), then there
|
|
|
|
* is no path search - it must exist in the current directory
|
|
|
|
*/
|
|
|
|
if (strchr(file, '/')) {
|
|
|
|
if (virFileIsExecutable(file))
|
|
|
|
ignore_value(virFileAbsPath(file, &path));
|
|
|
|
return path;
|
|
|
|
}
|
|
|
|
|
2009-06-11 13:18:56 +00:00
|
|
|
/* copy PATH env so we can tweak it */
|
2010-06-10 19:52:33 +00:00
|
|
|
path = getenv("PATH");
|
|
|
|
|
2011-01-12 16:12:24 +00:00
|
|
|
if (path == NULL || (path = strdup(path)) == NULL)
|
2009-08-03 12:37:44 +00:00
|
|
|
return NULL;
|
2009-04-01 10:26:22 +00:00
|
|
|
|
2009-06-11 13:18:56 +00:00
|
|
|
/* for each path segment, append the file to search for and test for
|
|
|
|
* it. return it if found.
|
|
|
|
*/
|
2011-01-12 16:12:24 +00:00
|
|
|
pathiter = path;
|
|
|
|
while ((pathseg = strsep(&pathiter, ":")) != NULL) {
|
|
|
|
if (virAsprintf(&fullpath, "%s/%s", pathseg, file) < 0 ||
|
|
|
|
virFileIsExecutable(fullpath))
|
|
|
|
break;
|
|
|
|
VIR_FREE(fullpath);
|
2009-06-11 13:18:56 +00:00
|
|
|
}
|
|
|
|
|
2011-01-12 16:12:24 +00:00
|
|
|
VIR_FREE(path);
|
|
|
|
return fullpath;
|
2009-06-11 13:18:56 +00:00
|
|
|
}
|
2011-01-12 16:12:24 +00:00
|
|
|
|
2012-05-03 16:36:27 +00:00
|
|
|
bool virFileIsDir(const char *path)
|
|
|
|
{
|
|
|
|
struct stat s;
|
2012-10-17 09:23:12 +00:00
|
|
|
return (stat(path, &s) == 0) && S_ISDIR(s.st_mode);
|
2012-05-03 16:36:27 +00:00
|
|
|
}
|
|
|
|
|
2011-01-12 16:12:24 +00:00
|
|
|
bool virFileExists(const char *path)
|
2008-02-26 07:05:18 +00:00
|
|
|
{
|
2011-01-12 16:12:24 +00:00
|
|
|
return access(path, F_OK) == 0;
|
|
|
|
}
|
|
|
|
|
2011-03-18 20:22:19 +00:00
|
|
|
/* Check that a file is regular and has executable bits. If false is
|
|
|
|
* returned, errno is valid.
|
2011-01-12 16:12:24 +00:00
|
|
|
*
|
|
|
|
* Note: In the presence of ACLs, this may return true for a file that
|
|
|
|
* would actually fail with EACCES for a given user, or false for a
|
|
|
|
* file that the user could actually execute, but setups with ACLs
|
|
|
|
* that weird are unusual. */
|
|
|
|
bool
|
|
|
|
virFileIsExecutable(const char *file)
|
|
|
|
{
|
|
|
|
struct stat sb;
|
2008-02-26 07:05:18 +00:00
|
|
|
|
2011-01-12 16:12:24 +00:00
|
|
|
/* We would also want to check faccessat if we cared about ACLs,
|
|
|
|
* but we don't. */
|
2011-03-18 20:22:19 +00:00
|
|
|
if (stat(file, &sb) < 0)
|
|
|
|
return false;
|
|
|
|
if (S_ISREG(sb.st_mode) && (sb.st_mode & 0111) != 0)
|
|
|
|
return true;
|
|
|
|
errno = S_ISDIR(sb.st_mode) ? EISDIR : EACCES;
|
|
|
|
return false;
|
2008-02-26 07:05:18 +00:00
|
|
|
}
|
|
|
|
|
2010-11-08 16:32:02 +00:00
|
|
|
#ifndef WIN32
|
2011-10-17 16:00:28 +00:00
|
|
|
/* Check that a file is accessible under certain
|
|
|
|
* user & gid.
|
|
|
|
* @mode can be F_OK, or a bitwise combination of R_OK, W_OK, and X_OK.
|
|
|
|
* see 'man access' for more details.
|
|
|
|
* Returns 0 on success, -1 on fail with errno set.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virFileAccessibleAs(const char *path, int mode,
|
|
|
|
uid_t uid, gid_t gid)
|
|
|
|
{
|
|
|
|
pid_t pid = 0;
|
|
|
|
int status, ret = 0;
|
|
|
|
int forkRet = 0;
|
|
|
|
|
|
|
|
if (uid == getuid() &&
|
|
|
|
gid == getgid())
|
|
|
|
return access(path, mode);
|
|
|
|
|
|
|
|
forkRet = virFork(&pid);
|
|
|
|
|
|
|
|
if (pid < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pid) { /* parent */
|
2012-09-24 16:59:31 +00:00
|
|
|
if (virProcessWait(pid, &status) < 0) {
|
|
|
|
/* virProcessWait() already
|
2011-10-17 16:00:28 +00:00
|
|
|
* reported error */
|
2012-09-24 16:59:31 +00:00
|
|
|
return -1;
|
2011-10-17 16:00:28 +00:00
|
|
|
}
|
|
|
|
|
2012-03-08 10:27:57 +00:00
|
|
|
if (!WIFEXITED(status)) {
|
|
|
|
errno = EINTR;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2012-02-22 08:55:27 +00:00
|
|
|
if (status) {
|
2012-03-08 10:27:57 +00:00
|
|
|
errno = WEXITSTATUS(status);
|
2012-02-22 08:55:27 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
2011-10-17 16:00:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* child.
|
|
|
|
* Return positive value here. Parent
|
|
|
|
* will change it to negative one. */
|
|
|
|
|
|
|
|
if (forkRet < 0) {
|
|
|
|
ret = errno;
|
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virSetUIDGID(uid, gid) < 0) {
|
|
|
|
ret = errno;
|
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (access(path, mode) < 0)
|
|
|
|
ret = errno;
|
|
|
|
|
|
|
|
childerror:
|
|
|
|
if ((ret & 0xFF) != ret) {
|
|
|
|
VIR_WARN("unable to pass desired return value %d", ret);
|
|
|
|
ret = 0xFF;
|
|
|
|
}
|
|
|
|
|
|
|
|
_exit(ret);
|
|
|
|
}
|
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* virFileOpenForceOwnerMode() - an internal utility function called
|
|
|
|
* only by virFileOpenAs(). Sets the owner and mode of the file
|
|
|
|
* opened as "fd" if it's not correct AND the flags say it should be
|
|
|
|
* forced. */
|
2011-03-22 19:15:44 +00:00
|
|
|
static int
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
virFileOpenForceOwnerMode(const char *path, int fd, mode_t mode,
|
|
|
|
uid_t uid, gid_t gid, unsigned int flags)
|
2011-03-22 19:15:44 +00:00
|
|
|
{
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
int ret = 0;
|
|
|
|
struct stat st;
|
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (!(flags & (VIR_FILE_OPEN_FORCE_OWNER | VIR_FILE_OPEN_FORCE_MODE)))
|
|
|
|
return 0;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (fstat(fd, &st) == -1) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno, _("stat of '%s' failed"), path);
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
return ret;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* NB: uid:gid are never "-1" (default) at this point - the caller
|
|
|
|
* has always changed -1 to the value of get[gu]id().
|
|
|
|
*/
|
|
|
|
if ((flags & VIR_FILE_OPEN_FORCE_OWNER) &&
|
|
|
|
((st.st_uid != uid) || (st.st_gid != gid)) &&
|
|
|
|
(fchown(fd, uid, gid) < 0)) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
virReportSystemError(errno,
|
|
|
|
_("cannot chown '%s' to (%u, %u)"),
|
|
|
|
path, (unsigned int) uid,
|
|
|
|
(unsigned int) gid);
|
|
|
|
return ret;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if ((flags & VIR_FILE_OPEN_FORCE_MODE) &&
|
|
|
|
((mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
|
|
|
|
(st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO))) &&
|
|
|
|
(fchmod(fd, mode) < 0)) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno,
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
_("cannot set mode of '%s' to %04o"),
|
|
|
|
path, mode);
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
return ret;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* virFileOpenForked() - an internal utility function called only by
|
|
|
|
* virFileOpenAs(). It forks, then the child does setuid+setgid to
|
|
|
|
* given uid:gid and attempts to open the file, while the parent just
|
|
|
|
* calls recvfd to get the open fd back from the child. returns the
|
|
|
|
* fd, or -errno if there is an error. */
|
|
|
|
static int
|
|
|
|
virFileOpenForked(const char *path, int openflags, mode_t mode,
|
|
|
|
uid_t uid, gid_t gid, unsigned int flags)
|
2011-03-22 19:15:44 +00:00
|
|
|
{
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
pid_t pid;
|
|
|
|
int waitret, status, ret = 0;
|
2011-03-03 15:50:19 +00:00
|
|
|
int fd = -1;
|
|
|
|
int pair[2] = { -1, -1 };
|
|
|
|
int forkRet;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
|
|
|
/* parent is running as root, but caller requested that the
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
* file be opened as some other user and/or group). The
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
* following dance avoids problems caused by root-squashing
|
|
|
|
* NFS servers. */
|
|
|
|
|
2011-03-04 00:02:22 +00:00
|
|
|
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) < 0) {
|
|
|
|
ret = -errno;
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("failed to create socket needed for '%s'"),
|
|
|
|
path);
|
|
|
|
return ret;
|
2011-03-03 15:50:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
forkRet = virFork(&pid);
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (pid < 0)
|
|
|
|
return -errno;
|
2010-02-03 16:19:39 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (pid == 0) {
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* child */
|
2011-03-04 00:02:22 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
VIR_FORCE_CLOSE(pair[0]); /* preserves errno */
|
|
|
|
if (forkRet < 0) {
|
|
|
|
/* error encountered and logged in virFork() after the fork. */
|
|
|
|
ret = -errno;
|
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* set desired uid/gid, then attempt to create the file */
|
2011-03-04 00:02:22 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (virSetUIDGID(uid, gid) < 0) {
|
2011-03-04 00:02:22 +00:00
|
|
|
ret = -errno;
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
goto childerror;
|
2011-03-04 00:02:22 +00:00
|
|
|
}
|
2011-03-03 15:50:19 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if ((fd = open(path, openflags, mode)) < 0) {
|
2010-07-19 23:25:58 +00:00
|
|
|
ret = -errno;
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno,
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
_("child process failed to create file '%s'"),
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
path);
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* File is successfully open. Set permissions if requested. */
|
|
|
|
ret = virFileOpenForceOwnerMode(path, fd, mode, uid, gid, flags);
|
|
|
|
if (ret < 0)
|
|
|
|
goto childerror;
|
|
|
|
|
|
|
|
do {
|
|
|
|
ret = sendfd(pair[1], fd);
|
|
|
|
} while (ret < 0 && errno == EINTR);
|
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
ret = -errno;
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("child process failed to send fd to parent"));
|
|
|
|
goto childerror;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
|
|
|
|
childerror:
|
|
|
|
/* ret tracks -errno on failure, but exit value must be positive.
|
|
|
|
* If the child exits with EACCES, then the parent tries again. */
|
|
|
|
/* XXX This makes assumptions about errno being < 255, which is
|
|
|
|
* not true on Hurd. */
|
|
|
|
VIR_FORCE_CLOSE(pair[1]);
|
|
|
|
if (ret < 0) {
|
2011-04-20 19:56:50 +00:00
|
|
|
VIR_FORCE_CLOSE(fd);
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
ret = -ret;
|
|
|
|
if ((ret & 0xff) != ret) {
|
|
|
|
VIR_WARN("unable to pass desired return value %d", ret);
|
|
|
|
ret = 0xff;
|
|
|
|
}
|
|
|
|
_exit(ret);
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* parent */
|
2010-02-18 21:20:07 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
VIR_FORCE_CLOSE(pair[1]);
|
2010-02-18 21:20:07 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
do {
|
|
|
|
fd = recvfd(pair[0], 0);
|
|
|
|
} while (fd < 0 && errno == EINTR);
|
|
|
|
VIR_FORCE_CLOSE(pair[0]); /* NB: this preserves errno */
|
|
|
|
|
|
|
|
if (fd < 0 && errno != EACCES) {
|
2011-03-03 15:50:19 +00:00
|
|
|
ret = -errno;
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
while (waitpid(pid, NULL, 0) == -1 && errno == EINTR);
|
|
|
|
return ret;
|
2010-02-18 21:20:07 +00:00
|
|
|
}
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* wait for child to complete, and retrieve its exit code */
|
|
|
|
while ((waitret = waitpid(pid, &status, 0) == -1)
|
|
|
|
&& (errno == EINTR));
|
|
|
|
if (waitret == -1) {
|
2010-07-19 23:25:58 +00:00
|
|
|
ret = -errno;
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
virReportSystemError(errno,
|
|
|
|
_("failed to wait for child creating '%s'"),
|
|
|
|
path);
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
return ret;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (!WIFEXITED(status) || (ret = -WEXITSTATUS(status)) == -EACCES ||
|
|
|
|
fd == -1) {
|
|
|
|
/* fall back to the simpler method, which works better in
|
|
|
|
* some cases */
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
if (flags & VIR_FILE_OPEN_NOFORK) {
|
|
|
|
/* If we had already tried opening w/o fork+setuid and
|
|
|
|
* failed, no sense trying again. Just set return the
|
|
|
|
* original errno that we got at that time (by
|
|
|
|
* definition, always either EACCES or EPERM - EACCES
|
|
|
|
* is close enough).
|
|
|
|
*/
|
|
|
|
return -EACCES;
|
|
|
|
}
|
|
|
|
if ((fd = open(path, openflags, mode)) < 0)
|
|
|
|
return -errno;
|
|
|
|
ret = virFileOpenForceOwnerMode(path, fd, mode, uid, gid, flags);
|
|
|
|
if (ret < 0) {
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return fd;
|
|
|
|
}
|
2011-07-14 03:04:16 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/**
|
|
|
|
* virFileOpenAs:
|
|
|
|
* @path: file to open or create
|
|
|
|
* @openflags: flags to pass to open
|
|
|
|
* @mode: mode to use on creation or when forcing permissions
|
|
|
|
* @uid: uid that should own file on creation
|
|
|
|
* @gid: gid that should own file
|
|
|
|
* @flags: bit-wise or of VIR_FILE_OPEN_* flags
|
|
|
|
*
|
|
|
|
* Open @path, and return an fd to the open file. @openflags contains
|
|
|
|
* the flags normally passed to open(2), while those in @flags are
|
|
|
|
* used internally. If @flags includes VIR_FILE_OPEN_NOFORK, then try
|
|
|
|
* opening the file while executing with the current uid:gid
|
|
|
|
* (i.e. don't fork+setuid+setgid before the call to open()). If
|
|
|
|
* @flags includes VIR_FILE_OPEN_FORK, then try opening the file while
|
|
|
|
* the effective user id is @uid (by forking a child process); this
|
|
|
|
* allows one to bypass root-squashing NFS issues; NOFORK is always
|
|
|
|
* tried before FORK (the absence of both flags is treated identically
|
|
|
|
* to (VIR_FILE_OPEN_NOFORK | VIR_FILE_OPEN_FORK)). If @flags includes
|
|
|
|
* VIR_FILE_OPEN_FORCE_OWNER, then ensure that @path is owned by
|
|
|
|
* uid:gid before returning (even if it already existed with a
|
|
|
|
* different owner). If @flags includes VIR_FILE_OPEN_FORCE_MODE,
|
|
|
|
* ensure it has those permissions before returning (again, even if
|
|
|
|
* the file already existed with different permissions). The return
|
|
|
|
* value (if non-negative) is the file descriptor, left open. Returns
|
|
|
|
* -errno on failure. */
|
|
|
|
int
|
|
|
|
virFileOpenAs(const char *path, int openflags, mode_t mode,
|
|
|
|
uid_t uid, gid_t gid, unsigned int flags)
|
|
|
|
{
|
|
|
|
int ret = 0, fd = -1;
|
2011-03-03 15:50:19 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* allow using -1 to mean "current value" */
|
|
|
|
if (uid == (uid_t) -1)
|
2012-06-21 06:58:03 +00:00
|
|
|
uid = getuid();
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (gid == (gid_t) -1)
|
2012-06-21 06:58:03 +00:00
|
|
|
gid = getgid();
|
2011-03-03 15:50:19 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* treat absence of both flags as presence of both for simpler
|
|
|
|
* calling. */
|
|
|
|
if (!(flags & (VIR_FILE_OPEN_NOFORK|VIR_FILE_OPEN_FORK)))
|
2012-06-21 06:58:03 +00:00
|
|
|
flags |= VIR_FILE_OPEN_NOFORK|VIR_FILE_OPEN_FORK;
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
|
|
|
|
if ((flags & VIR_FILE_OPEN_NOFORK)
|
|
|
|
|| (getuid() != 0)
|
|
|
|
|| ((uid == 0) && (gid == 0))) {
|
|
|
|
|
|
|
|
if ((fd = open(path, openflags, mode)) < 0) {
|
|
|
|
ret = -errno;
|
|
|
|
} else {
|
|
|
|
ret = virFileOpenForceOwnerMode(path, fd, mode, uid, gid, flags);
|
|
|
|
if (ret < 0)
|
|
|
|
goto error;
|
|
|
|
}
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
2011-03-03 15:50:19 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
/* If we either 1) didn't try opening as current user at all, or
|
|
|
|
* 2) failed, and errno/virStorageFileIsSharedFS indicate we might
|
|
|
|
* be successful if we try as a different uid, then try doing
|
|
|
|
* fork+setuid+setgid before opening.
|
|
|
|
*/
|
|
|
|
if ((fd < 0) && (flags & VIR_FILE_OPEN_FORK)) {
|
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
/* An open(2) that failed due to insufficient permissions
|
|
|
|
* could return one or the other of these depending on OS
|
|
|
|
* version and circumstances. Any other errno indicates a
|
|
|
|
* problem that couldn't be remedied by fork+setuid
|
|
|
|
* anyway. */
|
|
|
|
if (ret != -EACCES && ret != -EPERM)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
/* On Linux we can also verify the FS-type of the
|
|
|
|
* directory. (this is a NOP on other platforms). */
|
|
|
|
switch (virStorageFileIsSharedFS(path)) {
|
|
|
|
case 1:
|
|
|
|
/* it was on a network share, so we'll re-try */
|
|
|
|
break;
|
|
|
|
case -1:
|
|
|
|
/* failure detecting fstype */
|
2012-04-01 09:23:56 +00:00
|
|
|
virReportSystemError(errno, _("couldn't determine fs type "
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
"of mount containing '%s'"), path);
|
|
|
|
goto error;
|
|
|
|
case 0:
|
|
|
|
default:
|
|
|
|
/* file isn't on a recognized network FS */
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* passed all prerequisites - retry the open w/fork+setuid */
|
|
|
|
if ((fd = virFileOpenForked(path, openflags, mode, uid, gid, flags)) < 0) {
|
|
|
|
ret = fd;
|
|
|
|
fd = -1;
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* File is successfully opened */
|
|
|
|
|
|
|
|
return fd;
|
|
|
|
|
|
|
|
error:
|
|
|
|
if (fd < 0) {
|
|
|
|
/* whoever failed the open last has already set ret = -errno */
|
|
|
|
virReportSystemError(-ret, openflags & O_CREAT
|
|
|
|
? _("failed to create file '%s'")
|
|
|
|
: _("failed to open file '%s'"),
|
|
|
|
path);
|
|
|
|
} else {
|
|
|
|
/* some other failure after the open succeeded */
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* return -errno on failure, or 0 on success */
|
|
|
|
static int virDirCreateNoFork(const char *path, mode_t mode, uid_t uid, gid_t gid,
|
|
|
|
unsigned int flags) {
|
|
|
|
int ret = 0;
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
if ((mkdir(path, mode) < 0)
|
|
|
|
&& !((errno == EEXIST) && (flags & VIR_DIR_CREATE_ALLOW_EXIST))) {
|
|
|
|
ret = -errno;
|
|
|
|
virReportSystemError(errno, _("failed to create directory '%s'"),
|
|
|
|
path);
|
|
|
|
goto error;
|
2011-03-02 23:25:57 +00:00
|
|
|
}
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
util: refactor virFileOpenAs
virFileOpenAs previously would only try opening a file as the current
user, or as a different user, but wouldn't try both methods in a
single call. This made it cumbersome to use as a replacement for
open(2). Additionally, it had a lot of historical baggage that led to
it being difficult to understand.
This patch refactors virFileOpenAs in the following ways:
* reorganize the code so that everything dealing with both the parent
and child sides of the "fork+setuid+setgid+open" method are in a
separate function. This makes the public function easier to understand.
* Allow a single call to virFileOpenAs() to first attempt the open as
the current user, and if that fails to automatically re-try after
doing fork+setuid (if deemed appropriate, i.e. errno indicates it
would now be successful, and the file is on a networkFS). This makes
it possible (in many, but possibly not all, cases) to drop-in
virFileOpenAs() as a replacement for open(2).
(NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
without forking, then again with forking. That unfortunately can't
be changed without at least some discussion of the ramifications,
because the requested file permissions are different in each case,
which is something that a single call to virFileOpenAs() can't deal
with.)
* Add a flag so that any fchown() of the file to a different uid:gid
is explicitly requested when the function is called, rather than it
being implied by the presence of the O_CREAT flag. This just makes
for less subtle surprises to consumers. (Commit
b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
before forcing ownership. This patch just makes that restriction
more explicit.)
* If either the uid or gid is specified as "-1", virFileOpenAs will
interpret this to mean "the current [gu]id".
All current consumers of virFileOpenAs should retain their present
behavior (after a few minor changes to their setup code and
arguments).
2012-01-13 20:26:45 +00:00
|
|
|
if (stat(path, &st) == -1) {
|
|
|
|
ret = -errno;
|
|
|
|
virReportSystemError(errno, _("stat of '%s' failed"), path);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
if (((st.st_uid != uid) || (st.st_gid != gid))
|
|
|
|
&& (chown(path, uid, gid) < 0)) {
|
|
|
|
ret = -errno;
|
|
|
|
virReportSystemError(errno, _("cannot chown '%s' to (%u, %u)"),
|
|
|
|
path, (unsigned int) uid, (unsigned int) gid);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
|
|
|
|
&& (chmod(path, mode) < 0)) {
|
|
|
|
ret = -errno;
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("cannot set mode of '%s' to %04o"),
|
|
|
|
path, mode);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return ret;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
|
|
|
|
2010-07-19 23:48:59 +00:00
|
|
|
/* return -errno on failure, or 0 on success */
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
int virDirCreate(const char *path, mode_t mode,
|
|
|
|
uid_t uid, gid_t gid, unsigned int flags) {
|
|
|
|
struct stat st;
|
|
|
|
pid_t pid;
|
|
|
|
int waitret;
|
|
|
|
int status, ret = 0;
|
|
|
|
|
2012-06-21 07:11:20 +00:00
|
|
|
/* allow using -1 to mean "current value" */
|
|
|
|
if (uid == (uid_t) -1)
|
|
|
|
uid = getuid();
|
|
|
|
if (gid == (gid_t) -1)
|
|
|
|
gid = getgid();
|
|
|
|
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
if ((!(flags & VIR_DIR_CREATE_AS_UID))
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|| (getuid() != 0)
|
|
|
|
|| ((uid == 0) && (gid == 0))
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
|| ((flags & VIR_DIR_CREATE_ALLOW_EXIST) && (stat(path, &st) >= 0))) {
|
|
|
|
return virDirCreateNoFork(path, mode, uid, gid, flags);
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
|
|
|
|
2010-02-18 21:20:07 +00:00
|
|
|
int forkRet = virFork(&pid);
|
2010-02-03 16:19:39 +00:00
|
|
|
|
|
|
|
if (pid < 0) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pid) { /* parent */
|
|
|
|
/* wait for child to complete, and retrieve its exit code */
|
|
|
|
while ((waitret = waitpid(pid, &status, 0) == -1) && (errno == EINTR));
|
|
|
|
if (waitret == -1) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno,
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
_("failed to wait for child creating '%s'"),
|
|
|
|
path);
|
|
|
|
goto parenterror;
|
|
|
|
}
|
2011-03-22 17:55:45 +00:00
|
|
|
if (!WIFEXITED(status) || (ret = -WEXITSTATUS(status)) == -EACCES) {
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
/* fall back to the simpler method, which works better in
|
|
|
|
* some cases */
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
return virDirCreateNoFork(path, mode, uid, gid, flags);
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
|
|
|
parenterror:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2010-02-18 21:20:07 +00:00
|
|
|
/* child */
|
|
|
|
|
|
|
|
if (forkRet < 0) {
|
|
|
|
/* error encountered and logged in virFork() after the fork. */
|
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* set desired uid/gid, then attempt to create the directory */
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
2011-05-22 14:05:07 +00:00
|
|
|
if (virSetUIDGID(uid, gid) < 0) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
if (mkdir(path, mode) < 0) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
|
|
|
if (ret != -EACCES) {
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
/* in case of EACCES, the parent will retry */
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno, _("child failed to create directory '%s'"),
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
path);
|
|
|
|
}
|
|
|
|
goto childerror;
|
|
|
|
}
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
/* check if group was set properly by creating after
|
|
|
|
* setgid. If not, try doing it with chown */
|
|
|
|
if (stat(path, &st) == -1) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
virReportSystemError(errno,
|
|
|
|
_("stat of '%s' failed"), path);
|
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
if ((st.st_gid != gid) && (chown(path, -1, gid) < 0)) {
|
2010-07-19 23:48:59 +00:00
|
|
|
ret = -errno;
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
virReportSystemError(errno,
|
|
|
|
_("cannot chown '%s' to group %u"),
|
2010-04-29 03:36:03 +00:00
|
|
|
path, (unsigned int) gid);
|
Rename virFileCreate to virFileOperation, add hook function
It turns out it is also useful to be able to perform other operations
on a file created while running as a different uid (eg, write things
to that file), and possibly to do this to a file that already
exists. This patch adds an optional hook function to the renamed (for
more accuracy of purpose) virFileOperation; the hook will be called
after the file has been opened (possibly created) and gid/mode
checked/set, before closing it.
As with the other operations on the file, if the VIR_FILE_OP_AS_UID
flag is set, this hook function will be called in the context of a
child process forked from the process that called virFileOperation.
The implication here is that, while all data in memory is available to
this hook function, any modification to that data will not be seen by
the caller - the only indication in memory of what happened in the
hook will be the return value (which the hook should set to 0 on
success, or one of the standard errno values on failure).
Another piece of making the function more flexible was to add an
"openflags" argument. This arg should contain exactly the flags to be
passed to open(2), eg O_RDWR | O_EXCL, etc.
In the process of adding the hook to virFileOperation, I also realized
that the bits to fix up file owner/group/mode settings after creation
were being done in the parent process, which could fail, so I moved
them to the child process where they should be.
* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
and redo flags in virDirCreate
* storage/storage_backend.c, storage/storage_backend_fs.c: update the
calls to virFileOperation/virDirCreate to reflect changes in the API,
but don't yet take advantage of the hook.
2010-02-19 16:43:22 +00:00
|
|
|
goto childerror;
|
|
|
|
}
|
|
|
|
if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
|
|
|
|
&& chmod(path, mode) < 0) {
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("cannot set mode of '%s' to %04o"),
|
|
|
|
path, mode);
|
|
|
|
goto childerror;
|
|
|
|
}
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
childerror:
|
|
|
|
_exit(ret);
|
|
|
|
}
|
|
|
|
|
2010-11-08 16:32:02 +00:00
|
|
|
#else /* WIN32 */
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
2011-10-17 16:00:28 +00:00
|
|
|
int
|
|
|
|
virFileAccessibleAs(const char *path,
|
|
|
|
int mode,
|
|
|
|
uid_t uid ATTRIBUTE_UNUSED,
|
2011-10-27 08:25:02 +00:00
|
|
|
gid_t gid ATTRIBUTE_UNUSED)
|
2011-10-17 16:00:28 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
VIR_WARN("Ignoring uid/gid due to WIN32");
|
|
|
|
|
|
|
|
return access(path, mode);
|
|
|
|
}
|
|
|
|
|
2010-07-19 23:25:58 +00:00
|
|
|
/* return -errno on failure, or 0 on success */
|
2011-03-22 19:15:44 +00:00
|
|
|
int virFileOpenAs(const char *path ATTRIBUTE_UNUSED,
|
|
|
|
int openflags ATTRIBUTE_UNUSED,
|
|
|
|
mode_t mode ATTRIBUTE_UNUSED,
|
|
|
|
uid_t uid ATTRIBUTE_UNUSED,
|
|
|
|
gid_t gid ATTRIBUTE_UNUSED,
|
2011-07-07 17:57:43 +00:00
|
|
|
unsigned int flags_unused ATTRIBUTE_UNUSED)
|
2010-03-17 15:36:08 +00:00
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virFileOpenAs is not implemented for WIN32"));
|
2010-03-17 15:36:08 +00:00
|
|
|
|
2011-03-03 15:50:19 +00:00
|
|
|
return -ENOSYS;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
|
|
|
|
2010-03-17 15:36:08 +00:00
|
|
|
int virDirCreate(const char *path ATTRIBUTE_UNUSED,
|
|
|
|
mode_t mode ATTRIBUTE_UNUSED,
|
|
|
|
uid_t uid ATTRIBUTE_UNUSED,
|
|
|
|
gid_t gid ATTRIBUTE_UNUSED,
|
2011-07-07 17:57:43 +00:00
|
|
|
unsigned int flags_unused ATTRIBUTE_UNUSED)
|
2010-03-17 15:36:08 +00:00
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virDirCreate is not implemented for WIN32"));
|
2010-03-17 15:36:08 +00:00
|
|
|
|
2011-03-03 15:50:19 +00:00
|
|
|
return -ENOSYS;
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
}
|
2010-11-08 16:32:02 +00:00
|
|
|
#endif /* WIN32 */
|
New utility functions virFileCreate and virDirCreate
These functions create a new file or directory with the given
uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
forking a new process, calling setuid/setgid in the new process, and
then creating the file. This is better than simply calling open then
fchown, because in the latter case, a root-squashing nfs server would
create the new file as user nobody, then refuse to allow fchown.
If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
creating the file/dir, then chowning is is used. This gives better
results in cases where the parent directory isn't on a root-squashing
NFS server, but doesn't give permission for the specified uid/gid to
create files. (Note that if the fork/setuid method fails to create the
file due to access privileges, the parent process will make a second
attempt using this simpler method.)
If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
existing file/directory will not cause an error; in this case, the
function will simply set the permissions of the file/directory to
those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
existing file/directory is considered (and reported as) an error.
Return from both of these functions is 0 on success, or the value of
errno if there was a failure.
* src/util/util.[ch]: add the 2 new util functions
2010-01-20 23:33:43 +00:00
|
|
|
|
2012-07-10 11:24:04 +00:00
|
|
|
static int virFileMakePathHelper(char *path, mode_t mode)
|
2011-07-05 21:02:53 +00:00
|
|
|
{
|
2007-12-03 14:30:46 +00:00
|
|
|
struct stat st;
|
2011-07-06 13:39:21 +00:00
|
|
|
char *p;
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2012-10-20 21:11:31 +00:00
|
|
|
VIR_DEBUG("path=%s mode=0%o", path, mode);
|
|
|
|
|
2011-07-06 13:39:21 +00:00
|
|
|
if (stat(path, &st) >= 0) {
|
|
|
|
if (S_ISDIR(st.st_mode))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
errno = ENOTDIR;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (errno != ENOENT)
|
2011-07-05 21:02:53 +00:00
|
|
|
return -1;
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2011-07-05 21:02:53 +00:00
|
|
|
if ((p = strrchr(path, '/')) == NULL) {
|
|
|
|
errno = EINVAL;
|
|
|
|
return -1;
|
|
|
|
}
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2010-01-26 13:47:02 +00:00
|
|
|
if (p != path) {
|
2008-08-28 22:40:50 +00:00
|
|
|
*p = '\0';
|
2011-07-05 21:02:53 +00:00
|
|
|
|
2012-07-10 11:24:04 +00:00
|
|
|
if (virFileMakePathHelper(path, mode) < 0)
|
2011-07-05 21:02:53 +00:00
|
|
|
return -1;
|
|
|
|
|
2010-01-26 13:47:02 +00:00
|
|
|
*p = '/';
|
2008-08-28 22:40:50 +00:00
|
|
|
}
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2012-07-10 11:24:04 +00:00
|
|
|
if (mkdir(path, mode) < 0 && errno != EEXIST)
|
2011-07-05 21:02:53 +00:00
|
|
|
return -1;
|
|
|
|
|
2007-12-03 14:30:46 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-07-05 21:02:53 +00:00
|
|
|
/**
|
|
|
|
* Creates the given directory with mode 0777 if it's not already existing.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, or -1 if an error occurred (in which case, errno
|
|
|
|
* is set appropriately).
|
|
|
|
*/
|
2010-01-26 13:47:02 +00:00
|
|
|
int virFileMakePath(const char *path)
|
2012-07-10 11:24:04 +00:00
|
|
|
{
|
|
|
|
return virFileMakePathWithMode(path, 0777);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
virFileMakePathWithMode(const char *path,
|
|
|
|
mode_t mode)
|
2010-01-26 13:47:02 +00:00
|
|
|
{
|
2011-07-05 21:02:53 +00:00
|
|
|
int ret = -1;
|
2011-07-06 13:39:21 +00:00
|
|
|
char *tmp;
|
2010-01-26 13:47:02 +00:00
|
|
|
|
2011-07-06 13:39:21 +00:00
|
|
|
if ((tmp = strdup(path)) == NULL)
|
2010-01-26 13:47:02 +00:00
|
|
|
goto cleanup;
|
2011-07-05 21:02:53 +00:00
|
|
|
|
2012-07-10 11:24:04 +00:00
|
|
|
ret = virFileMakePathHelper(tmp, mode);
|
2010-01-26 13:47:02 +00:00
|
|
|
|
|
|
|
cleanup:
|
2011-07-06 13:39:21 +00:00
|
|
|
VIR_FREE(tmp);
|
2011-07-05 21:02:53 +00:00
|
|
|
return ret;
|
2010-01-26 13:47:02 +00:00
|
|
|
}
|
|
|
|
|
2011-04-03 09:21:14 +00:00
|
|
|
/* Build up a fully qualified path for a config file to be
|
2007-12-03 14:30:46 +00:00
|
|
|
* associated with a persistent guest or network */
|
2011-04-03 09:21:14 +00:00
|
|
|
char *
|
|
|
|
virFileBuildPath(const char *dir, const char *name, const char *ext)
|
2007-12-03 14:30:46 +00:00
|
|
|
{
|
2011-04-03 09:21:14 +00:00
|
|
|
char *path;
|
2007-12-03 14:30:46 +00:00
|
|
|
|
2011-04-03 09:21:14 +00:00
|
|
|
if (ext == NULL) {
|
|
|
|
if (virAsprintf(&path, "%s/%s", dir, name) < 0) {
|
2011-04-24 09:48:00 +00:00
|
|
|
virReportOOMError();
|
2011-04-03 09:21:14 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (virAsprintf(&path, "%s/%s%s", dir, name, ext) < 0) {
|
2011-04-24 09:48:00 +00:00
|
|
|
virReportOOMError();
|
2011-04-03 09:21:14 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return path;
|
2007-12-03 14:30:46 +00:00
|
|
|
}
|
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
/* Open a non-blocking master side of a pty. If ttyName is not NULL,
|
|
|
|
* then populate it with the name of the slave. If rawmode is set,
|
|
|
|
* also put the master side into raw mode before returning. */
|
2011-10-20 09:02:27 +00:00
|
|
|
#ifndef WIN32
|
2008-08-13 10:52:15 +00:00
|
|
|
int virFileOpenTty(int *ttymaster,
|
|
|
|
char **ttyName,
|
|
|
|
int rawmode)
|
|
|
|
{
|
2011-11-03 20:56:13 +00:00
|
|
|
/* XXX A word of caution - on some platforms (Solaris and HP-UX),
|
|
|
|
* additional ioctl() calls are needs after opening the slave
|
|
|
|
* before it will cause isatty() to return true. Should we make
|
|
|
|
* virFileOpenTty also return the opened slave fd, so the caller
|
|
|
|
* doesn't have to worry about that mess? */
|
|
|
|
int ret = -1;
|
|
|
|
int slave = -1;
|
|
|
|
char *name = NULL;
|
|
|
|
|
|
|
|
/* Unfortunately, we can't use the name argument of openpty, since
|
|
|
|
* there is no guarantee on how large the buffer has to be.
|
|
|
|
* Likewise, we can't use the termios argument: we have to use
|
|
|
|
* read-modify-write since there is no portable way to initialize
|
|
|
|
* a struct termios without use of tcgetattr. */
|
|
|
|
if (openpty(ttymaster, &slave, NULL, NULL, NULL) < 0)
|
|
|
|
return -1;
|
2008-08-13 10:52:15 +00:00
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
/* What a shame that openpty cannot atomically set FD_CLOEXEC, but
|
|
|
|
* that using posix_openpt/grantpt/unlockpt/ptsname is not
|
|
|
|
* thread-safe, and that ptsname_r is not portable. */
|
|
|
|
if (virSetNonBlock(*ttymaster) < 0 ||
|
|
|
|
virSetCloseExec(*ttymaster) < 0)
|
2008-08-13 10:52:15 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
/* While Linux supports tcgetattr on either the master or the
|
|
|
|
* slave, Solaris requires it to be on the slave. */
|
2008-08-13 10:52:15 +00:00
|
|
|
if (rawmode) {
|
|
|
|
struct termios ttyAttr;
|
2011-11-03 20:56:13 +00:00
|
|
|
if (tcgetattr(slave, &ttyAttr) < 0)
|
2008-08-13 10:52:15 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
cfmakeraw(&ttyAttr);
|
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
if (tcsetattr(slave, TCSADRAIN, &ttyAttr) < 0)
|
2008-08-13 10:52:15 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
/* ttyname_r on the slave is required by POSIX, while ptsname_r on
|
|
|
|
* the master is a glibc extension, and the POSIX ptsname is not
|
|
|
|
* thread-safe. Since openpty gave us both descriptors, guess
|
|
|
|
* which way we will determine the name? :) */
|
2008-08-13 10:52:15 +00:00
|
|
|
if (ttyName) {
|
2011-11-03 20:56:13 +00:00
|
|
|
/* Initial guess of 64 is generally sufficient; rely on ERANGE
|
|
|
|
* to tell us if we need to grow. */
|
|
|
|
size_t len = 64;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (VIR_ALLOC_N(name, len) < 0)
|
2008-08-13 10:52:15 +00:00
|
|
|
goto cleanup;
|
2011-04-03 09:21:27 +00:00
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
while ((rc = ttyname_r(slave, name, len)) == ERANGE) {
|
|
|
|
if (VIR_RESIZE_N(name, len, len, len) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
if (rc != 0) {
|
|
|
|
errno = rc;
|
2011-04-03 09:21:27 +00:00
|
|
|
goto cleanup;
|
2011-08-02 22:21:37 +00:00
|
|
|
}
|
2011-11-03 20:56:13 +00:00
|
|
|
*ttyName = name;
|
|
|
|
name = NULL;
|
2008-08-13 10:52:15 +00:00
|
|
|
}
|
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
ret = 0;
|
2008-08-13 10:52:15 +00:00
|
|
|
|
|
|
|
cleanup:
|
2011-11-03 20:56:13 +00:00
|
|
|
if (ret != 0)
|
2010-11-09 20:48:48 +00:00
|
|
|
VIR_FORCE_CLOSE(*ttymaster);
|
2011-11-03 20:56:13 +00:00
|
|
|
VIR_FORCE_CLOSE(slave);
|
|
|
|
VIR_FREE(name);
|
2008-08-13 10:52:15 +00:00
|
|
|
|
2011-11-03 20:56:13 +00:00
|
|
|
return ret;
|
2008-08-13 10:52:15 +00:00
|
|
|
}
|
2011-10-20 09:02:27 +00:00
|
|
|
#else /* WIN32 */
|
|
|
|
int virFileOpenTty(int *ttymaster ATTRIBUTE_UNUSED,
|
|
|
|
char **ttyName ATTRIBUTE_UNUSED,
|
|
|
|
int rawmode ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
/* mingw completely lacks pseudo-terminals, and the gnulib
|
|
|
|
* replacements are not (yet) license compatible. */
|
|
|
|
errno = ENOSYS;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif /* WIN32 */
|
2008-08-13 10:52:15 +00:00
|
|
|
|
2012-05-24 13:37:54 +00:00
|
|
|
bool virFileIsAbsPath(const char *path)
|
|
|
|
{
|
|
|
|
if (!path)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (VIR_FILE_IS_DIR_SEPARATOR(path[0]))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
#ifdef WIN32
|
|
|
|
if (c_isalpha(path[0]) &&
|
|
|
|
path[1] == ':' &&
|
|
|
|
VIR_FILE_IS_DIR_SEPARATOR(path[2]))
|
|
|
|
return true;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
const char *virFileSkipRoot(const char *path)
|
|
|
|
{
|
|
|
|
#ifdef WIN32
|
|
|
|
/* Skip \\server\share or //server/share */
|
|
|
|
if (VIR_FILE_IS_DIR_SEPARATOR(path[0]) &&
|
|
|
|
VIR_FILE_IS_DIR_SEPARATOR(path[1]) &&
|
|
|
|
path[2] &&
|
|
|
|
!VIR_FILE_IS_DIR_SEPARATOR(path[2]))
|
|
|
|
{
|
|
|
|
const char *p = strchr(path + 2, VIR_FILE_DIR_SEPARATOR);
|
|
|
|
const char *q = strchr(path + 2, '/');
|
|
|
|
|
|
|
|
if (p == NULL || (q != NULL && q < p))
|
|
|
|
p = q;
|
|
|
|
|
|
|
|
if (p && p > path + 2 && p[1]) {
|
|
|
|
path = p + 1;
|
|
|
|
|
|
|
|
while (path[0] &&
|
|
|
|
!VIR_FILE_IS_DIR_SEPARATOR(path[0]))
|
|
|
|
path++;
|
|
|
|
|
|
|
|
/* Possibly skip a backslash after the share name */
|
|
|
|
if (VIR_FILE_IS_DIR_SEPARATOR(path[0]))
|
|
|
|
path++;
|
|
|
|
|
|
|
|
return path;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Skip initial slashes */
|
|
|
|
if (VIR_FILE_IS_DIR_SEPARATOR(path[0])) {
|
|
|
|
while (VIR_FILE_IS_DIR_SEPARATOR(path[0]))
|
|
|
|
path++;
|
|
|
|
|
|
|
|
return path;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef WIN32
|
|
|
|
/* Skip X:\ */
|
|
|
|
if (c_isalpha(path[0]) &&
|
|
|
|
path[1] == ':' &&
|
|
|
|
VIR_FILE_IS_DIR_SEPARATOR(path[2]))
|
|
|
|
return path + 3;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return path;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2009-10-08 14:55:58 +00:00
|
|
|
/*
|
2011-04-28 14:14:09 +00:00
|
|
|
* Creates an absolute path for a potentially relative path.
|
2009-10-08 14:55:58 +00:00
|
|
|
* Return 0 if the path was not relative, or on success.
|
|
|
|
* Return -1 on error.
|
|
|
|
*
|
|
|
|
* You must free the result.
|
|
|
|
*/
|
|
|
|
int virFileAbsPath(const char *path, char **abspath)
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
|
|
|
|
if (path[0] == '/') {
|
2011-02-22 17:08:12 +00:00
|
|
|
if (!(*abspath = strdup(path)))
|
|
|
|
return -1;
|
2009-10-08 14:55:58 +00:00
|
|
|
} else {
|
|
|
|
buf = getcwd(NULL, 0);
|
|
|
|
if (buf == NULL)
|
2011-02-22 17:08:12 +00:00
|
|
|
return -1;
|
2009-10-08 14:55:58 +00:00
|
|
|
|
2011-02-22 17:08:12 +00:00
|
|
|
if (virAsprintf(abspath, "%s/%s", buf, path) < 0) {
|
2009-10-08 14:55:58 +00:00
|
|
|
VIR_FREE(buf);
|
2011-02-22 17:08:12 +00:00
|
|
|
return -1;
|
2009-10-08 14:55:58 +00:00
|
|
|
}
|
2011-02-22 17:08:12 +00:00
|
|
|
VIR_FREE(buf);
|
2009-10-08 14:55:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2008-08-13 10:52:15 +00:00
|
|
|
|
2010-05-20 15:41:31 +00:00
|
|
|
/* Remove spurious / characters from a path. The result must be freed */
|
|
|
|
char *
|
|
|
|
virFileSanitizePath(const char *path)
|
|
|
|
{
|
|
|
|
const char *cur = path;
|
|
|
|
char *cleanpath;
|
|
|
|
int idx = 0;
|
|
|
|
|
|
|
|
cleanpath = strdup(path);
|
|
|
|
if (!cleanpath) {
|
|
|
|
virReportOOMError();
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Need to sanitize:
|
|
|
|
* // -> //
|
|
|
|
* /// -> /
|
|
|
|
* /../foo -> /../foo
|
|
|
|
* /foo///bar/ -> /foo/bar
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Starting with // is valid posix, but ///foo == /foo */
|
|
|
|
if (cur[0] == '/' && cur[1] == '/' && cur[2] != '/') {
|
|
|
|
idx = 2;
|
|
|
|
cur += 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Sanitize path in place */
|
|
|
|
while (*cur != '\0') {
|
|
|
|
if (*cur != '/') {
|
|
|
|
cleanpath[idx++] = *cur++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Skip all extra / */
|
|
|
|
while (*++cur == '/')
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Don't add a trailing / */
|
|
|
|
if (idx != 0 && *cur == '\0')
|
|
|
|
break;
|
|
|
|
|
|
|
|
cleanpath[idx++] = '/';
|
|
|
|
}
|
|
|
|
cleanpath[idx] = '\0';
|
|
|
|
|
|
|
|
return cleanpath;
|
|
|
|
}
|
|
|
|
|
2008-02-08 09:15:16 +00:00
|
|
|
/* Like strtol, but produce an "int" result, and check more carefully.
|
|
|
|
Return 0 upon success; return -1 to indicate failure.
|
|
|
|
When END_PTR is NULL, the byte after the final valid digit must be NUL.
|
|
|
|
Otherwise, it's like strtol and lets the caller check any suffix for
|
|
|
|
validity. This function is careful to return -1 when the string S
|
|
|
|
represents a number that is not representable as an "int". */
|
|
|
|
int
|
2008-11-17 11:03:25 +00:00
|
|
|
virStrToLong_i(char const *s, char **end_ptr, int base, int *result)
|
2008-02-08 09:15:16 +00:00
|
|
|
{
|
|
|
|
long int val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtol(s, &p, base); /* exempt from syntax-check */
|
2008-02-08 09:15:16 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s || (int) val != val);
|
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Just like virStrToLong_i, above, but produce an "unsigned int" value. */
|
|
|
|
int
|
|
|
|
virStrToLong_ui(char const *s, char **end_ptr, int base, unsigned int *result)
|
|
|
|
{
|
|
|
|
unsigned long int val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtoul(s, &p, base); /* exempt from syntax-check */
|
2008-02-08 09:15:16 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s || (unsigned int) val != val);
|
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-01-13 22:09:18 +00:00
|
|
|
/* Just like virStrToLong_i, above, but produce a "long" value. */
|
|
|
|
int
|
|
|
|
virStrToLong_l(char const *s, char **end_ptr, int base, long *result)
|
|
|
|
{
|
|
|
|
long int val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtol(s, &p, base); /* exempt from syntax-check */
|
2011-01-13 22:09:18 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s);
|
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Just like virStrToLong_i, above, but produce an "unsigned long" value. */
|
|
|
|
int
|
|
|
|
virStrToLong_ul(char const *s, char **end_ptr, int base, unsigned long *result)
|
|
|
|
{
|
|
|
|
unsigned long int val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtoul(s, &p, base); /* exempt from syntax-check */
|
2011-01-13 22:09:18 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s);
|
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Just like virStrToLong_i, above, but produce a "long long" value. */
|
2008-02-08 09:15:16 +00:00
|
|
|
int
|
|
|
|
virStrToLong_ll(char const *s, char **end_ptr, int base, long long *result)
|
|
|
|
{
|
|
|
|
long long val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtoll(s, &p, base); /* exempt from syntax-check */
|
2012-04-18 23:16:29 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s);
|
2008-02-08 09:15:16 +00:00
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Just like virStrToLong_i, above, but produce an "unsigned long long" value. */
|
|
|
|
int
|
2008-11-17 11:03:25 +00:00
|
|
|
virStrToLong_ull(char const *s, char **end_ptr, int base, unsigned long long *result)
|
2008-02-08 09:15:16 +00:00
|
|
|
{
|
|
|
|
unsigned long long val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtoull(s, &p, base); /* exempt from syntax-check */
|
2012-04-18 23:16:29 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s);
|
2008-02-08 09:15:16 +00:00
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
2008-02-27 04:35:08 +00:00
|
|
|
|
2009-07-09 13:11:21 +00:00
|
|
|
int
|
|
|
|
virStrToDouble(char const *s,
|
|
|
|
char **end_ptr,
|
|
|
|
double *result)
|
|
|
|
{
|
|
|
|
double val;
|
|
|
|
char *p;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
errno = 0;
|
2012-04-19 00:06:59 +00:00
|
|
|
val = strtod(s, &p); /* exempt from syntax-check */
|
2009-07-09 13:11:21 +00:00
|
|
|
err = (errno || (!end_ptr && *p) || p == s);
|
|
|
|
if (end_ptr)
|
|
|
|
*end_ptr = p;
|
|
|
|
if (err)
|
|
|
|
return -1;
|
|
|
|
*result = val;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-08-27 21:13:45 +00:00
|
|
|
/* Convert C from hexadecimal character to integer. */
|
|
|
|
int
|
|
|
|
virHexToBin(unsigned char c)
|
|
|
|
{
|
|
|
|
switch (c) {
|
|
|
|
default: return c - '0';
|
|
|
|
case 'a': case 'A': return 10;
|
|
|
|
case 'b': case 'B': return 11;
|
|
|
|
case 'c': case 'C': return 12;
|
|
|
|
case 'd': case 'D': return 13;
|
|
|
|
case 'e': case 'E': return 14;
|
|
|
|
case 'f': case 'F': return 15;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-03-05 16:28:59 +00:00
|
|
|
/* Scale an integer VALUE in-place by an optional case-insensitive
|
|
|
|
* SUFFIX, defaulting to SCALE if suffix is NULL or empty (scale is
|
|
|
|
* typically 1 or 1024). Recognized suffixes include 'b' or 'bytes',
|
|
|
|
* as well as power-of-two scaling via binary abbreviations ('KiB',
|
|
|
|
* 'MiB', ...) or their one-letter counterpart ('k', 'M', ...), and
|
|
|
|
* power-of-ten scaling via SI abbreviations ('KB', 'MB', ...).
|
|
|
|
* Ensure that the result does not exceed LIMIT. Return 0 on success,
|
|
|
|
* -1 with error message raised on failure. */
|
|
|
|
int
|
|
|
|
virScaleInteger(unsigned long long *value, const char *suffix,
|
|
|
|
unsigned long long scale, unsigned long long limit)
|
|
|
|
{
|
|
|
|
if (!suffix || !*suffix) {
|
|
|
|
if (!scale) {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("invalid scale %llu"), scale);
|
2012-03-05 16:28:59 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
suffix = "";
|
|
|
|
} else if (STRCASEEQ(suffix, "b") || STRCASEEQ(suffix, "byte") ||
|
|
|
|
STRCASEEQ(suffix, "bytes")) {
|
|
|
|
scale = 1;
|
|
|
|
} else {
|
|
|
|
int base;
|
|
|
|
|
|
|
|
if (!suffix[1] || STRCASEEQ(suffix + 1, "iB")) {
|
|
|
|
base = 1024;
|
|
|
|
} else if (c_tolower(suffix[1]) == 'b' && !suffix[2]) {
|
|
|
|
base = 1000;
|
|
|
|
} else {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INVALID_ARG,
|
2012-03-05 16:28:59 +00:00
|
|
|
_("unknown suffix '%s'"), suffix);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
scale = 1;
|
|
|
|
switch (c_tolower(*suffix)) {
|
|
|
|
case 'e':
|
|
|
|
scale *= base;
|
|
|
|
/* fallthrough */
|
|
|
|
case 'p':
|
|
|
|
scale *= base;
|
|
|
|
/* fallthrough */
|
|
|
|
case 't':
|
|
|
|
scale *= base;
|
|
|
|
/* fallthrough */
|
|
|
|
case 'g':
|
|
|
|
scale *= base;
|
|
|
|
/* fallthrough */
|
|
|
|
case 'm':
|
|
|
|
scale *= base;
|
|
|
|
/* fallthrough */
|
|
|
|
case 'k':
|
|
|
|
scale *= base;
|
|
|
|
break;
|
|
|
|
default:
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INVALID_ARG,
|
|
|
|
_("unknown suffix '%s'"), suffix);
|
2012-03-05 16:28:59 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (*value && *value >= (limit / scale)) {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_OVERFLOW, _("value too large: %llu%s"),
|
|
|
|
*value, suffix);
|
2012-03-05 16:28:59 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
*value *= scale;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-02-27 04:35:08 +00:00
|
|
|
/**
|
|
|
|
* virSkipSpaces:
|
|
|
|
* @str: pointer to the char pointer used
|
|
|
|
*
|
|
|
|
* Skip potential blanks, this includes space tabs, line feed,
|
2011-06-29 17:30:43 +00:00
|
|
|
* carriage returns.
|
2008-02-27 04:35:08 +00:00
|
|
|
*/
|
|
|
|
void
|
|
|
|
virSkipSpaces(const char **str)
|
|
|
|
{
|
|
|
|
const char *cur = *str;
|
|
|
|
|
2011-06-29 17:30:43 +00:00
|
|
|
while (c_isspace(*cur))
|
|
|
|
cur++;
|
|
|
|
*str = cur;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* virSkipSpacesAndBackslash:
|
|
|
|
* @str: pointer to the char pointer used
|
|
|
|
*
|
|
|
|
* Like virSkipSpaces, but also skip backslashes erroneously emitted
|
|
|
|
* by xend
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
virSkipSpacesAndBackslash(const char **str)
|
|
|
|
{
|
|
|
|
const char *cur = *str;
|
|
|
|
|
|
|
|
while (c_isspace(*cur) || *cur == '\\')
|
2008-02-27 04:35:08 +00:00
|
|
|
cur++;
|
|
|
|
*str = cur;
|
|
|
|
}
|
|
|
|
|
2011-06-29 17:47:08 +00:00
|
|
|
/**
|
|
|
|
* virTrimSpaces:
|
|
|
|
* @str: string to modify to remove all trailing spaces
|
|
|
|
* @endp: track the end of the string
|
|
|
|
*
|
|
|
|
* If @endp is NULL on entry, then all spaces prior to the trailing
|
|
|
|
* NUL in @str are removed, by writing NUL into the appropriate
|
|
|
|
* location. If @endp is non-NULL but points to a NULL pointer,
|
|
|
|
* then all spaces prior to the trailing NUL in @str are removed,
|
|
|
|
* NUL is written to the new string end, and endp is set to the
|
|
|
|
* location of the (new) string end. If @endp is non-NULL and
|
|
|
|
* points to a non-NULL pointer, then that pointer is used as
|
|
|
|
* the end of the string, endp is set to the (new) location, but
|
|
|
|
* no NUL pointer is written into the string.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
virTrimSpaces(char *str, char **endp)
|
|
|
|
{
|
|
|
|
char *end;
|
|
|
|
|
|
|
|
if (!endp || !*endp)
|
|
|
|
end = str + strlen(str);
|
|
|
|
else
|
|
|
|
end = *endp;
|
|
|
|
while (end > str && c_isspace(end[-1]))
|
|
|
|
end--;
|
|
|
|
if (endp) {
|
|
|
|
if (!*endp)
|
|
|
|
*end = '\0';
|
|
|
|
*endp = end;
|
|
|
|
} else {
|
|
|
|
*end = '\0';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* virSkipSpacesBackwards:
|
|
|
|
* @str: start of string
|
|
|
|
* @endp: on entry, *endp must be NULL or a location within @str, on exit,
|
|
|
|
* will be adjusted to skip trailing spaces, or to NULL if @str had nothing
|
|
|
|
* but spaces.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
virSkipSpacesBackwards(const char *str, char **endp)
|
|
|
|
{
|
|
|
|
/* Casting away const is safe, since virTrimSpaces does not
|
|
|
|
* modify string with this particular usage. */
|
|
|
|
char *s = (char*) str;
|
|
|
|
|
|
|
|
if (!*endp)
|
|
|
|
*endp = s + strlen(s);
|
|
|
|
virTrimSpaces(s, endp);
|
|
|
|
if (s == *endp)
|
|
|
|
*endp = NULL;
|
|
|
|
}
|
|
|
|
|
2008-02-27 04:35:08 +00:00
|
|
|
/**
|
|
|
|
* virParseNumber:
|
|
|
|
* @str: pointer to the char pointer used
|
|
|
|
*
|
|
|
|
* Parse an unsigned number
|
|
|
|
*
|
|
|
|
* Returns the unsigned number or -1 in case of error. @str will be
|
|
|
|
* updated to skip the number.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virParseNumber(const char **str)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
const char *cur = *str;
|
|
|
|
|
|
|
|
if ((*cur < '0') || (*cur > '9'))
|
2012-03-22 11:33:35 +00:00
|
|
|
return -1;
|
2008-02-27 04:35:08 +00:00
|
|
|
|
start using c-ctype functions
Up to now, we've been avoiding ctype functions like isspace, isdigit,
etc. because they are locale-dependent. Now that we have the c-ctype
functions, we can start using *them*, to make the code more readable
with changes like these:
- /* This may not work on EBCDIC. */
- if ((*p >= 'a' && *p <= 'z') ||
- (*p >= 'A' && *p <= 'Z') ||
- (*p >= '0' && *p <= '9'))
+ if (c_isalnum(*p))
- while ((*cur >= '0') && (*cur <= '9')) {
+ while (c_isdigit(*cur)) {
Also, some macros in conf.c used names that conflicted with
standard meaning of "BLANK" and "SPACE", so I've adjusted them
to be in line with the definition of e.g., isblank.
In addition, I've wrapped those statement macros with do {...} while (0),
so that we can't forget the ";" after a use. There was one like that
already (fixed below). The missing semicolon would mess up automatic
indenting.
* src/buf.c (virBufferURIEncodeString):
* src/conf.c (IS_EOL, SKIP_BLANKS_AND_EOL, SKIP_BLANKS)
(virConfParseLong, virConfParseValue, virConfParseName)
(virConfParseSeparator, virConfParseStatement, IS_BLANK, IS_CHAR)
(IS_DIGIT, IS_SPACE, SKIP_SPACES):
* src/nodeinfo.c:
* src/qemu_conf.c (qemudParseInterfaceXML):
* src/qemu_driver.c (qemudDomainBlockStats):
* src/sexpr.c:
* src/stats_linux.c:
* src/util.c (virParseNumber, virDiskNameToIndex):
* src/uuid.c (hextobin, virUUIDParse):
* src/virsh.c:
* src/xml.c (parseCpuNumber, virParseCpuSet):
2008-05-16 09:37:44 +00:00
|
|
|
while (c_isdigit(*cur)) {
|
2008-02-27 04:35:08 +00:00
|
|
|
unsigned int c = *cur - '0';
|
|
|
|
|
|
|
|
if ((ret > INT_MAX / 10) ||
|
|
|
|
((ret == INT_MAX / 10) && (c > INT_MAX % 10)))
|
2012-03-22 11:33:35 +00:00
|
|
|
return -1;
|
2008-02-27 04:35:08 +00:00
|
|
|
ret = ret * 10 + c;
|
|
|
|
cur++;
|
|
|
|
}
|
|
|
|
*str = cur;
|
2012-03-22 11:33:35 +00:00
|
|
|
return ret;
|
2008-02-27 04:35:08 +00:00
|
|
|
}
|
2008-02-08 09:15:16 +00:00
|
|
|
|
2010-03-30 14:15:13 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* virParseVersionString:
|
|
|
|
* @str: const char pointer to the version string
|
|
|
|
* @version: unsigned long pointer to output the version number
|
2011-07-01 13:23:02 +00:00
|
|
|
* @allowMissing: true to treat 3 like 3.0.0, false to error out on
|
|
|
|
* missing minor or micro
|
2010-03-30 14:15:13 +00:00
|
|
|
*
|
|
|
|
* Parse an unsigned version number from a version string. Expecting
|
|
|
|
* 'major.minor.micro' format, ignoring an optional suffix.
|
|
|
|
*
|
|
|
|
* The major, minor and micro numbers are encoded into a single version number:
|
|
|
|
*
|
|
|
|
* 1000000 * major + 1000 * minor + micro
|
|
|
|
*
|
|
|
|
* Returns the 0 for success, -1 for error.
|
|
|
|
*/
|
|
|
|
int
|
2011-07-01 13:23:02 +00:00
|
|
|
virParseVersionString(const char *str, unsigned long *version,
|
|
|
|
bool allowMissing)
|
2010-03-30 14:15:13 +00:00
|
|
|
{
|
2011-07-01 10:40:21 +00:00
|
|
|
unsigned int major, minor = 0, micro = 0;
|
2010-03-30 14:15:13 +00:00
|
|
|
char *tmp;
|
|
|
|
|
2011-07-01 10:40:21 +00:00
|
|
|
if (virStrToLong_ui(str, &tmp, 10, &major) < 0)
|
2010-03-30 14:15:13 +00:00
|
|
|
return -1;
|
|
|
|
|
2011-07-01 13:23:02 +00:00
|
|
|
if (!allowMissing && *tmp != '.')
|
|
|
|
return -1;
|
|
|
|
|
2011-07-01 10:40:21 +00:00
|
|
|
if ((*tmp == '.') && virStrToLong_ui(tmp + 1, &tmp, 10, &minor) < 0)
|
2010-03-30 14:15:13 +00:00
|
|
|
return -1;
|
|
|
|
|
2011-07-01 13:23:02 +00:00
|
|
|
if (!allowMissing && *tmp != '.')
|
|
|
|
return -1;
|
|
|
|
|
2011-07-01 10:40:21 +00:00
|
|
|
if ((*tmp == '.') && virStrToLong_ui(tmp + 1, &tmp, 10, µ) < 0)
|
2010-03-30 14:15:13 +00:00
|
|
|
return -1;
|
|
|
|
|
2011-07-01 13:23:02 +00:00
|
|
|
if (major > UINT_MAX / 1000000 || minor > 999 || micro > 999)
|
|
|
|
return -1;
|
|
|
|
|
2010-03-30 14:15:13 +00:00
|
|
|
*version = 1000000 * major + 1000 * minor + micro;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-11-22 23:39:47 +00:00
|
|
|
/**
|
|
|
|
* virVasprintf
|
|
|
|
*
|
|
|
|
* like glibc's vasprintf but makes sure *strp == NULL on failure
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virVasprintf(char **strp, const char *fmt, va_list list)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if ((ret = vasprintf(strp, fmt, list)) == -1)
|
|
|
|
*strp = NULL;
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2008-12-15 20:09:29 +00:00
|
|
|
/**
|
|
|
|
* virAsprintf
|
|
|
|
*
|
2008-12-23 13:03:29 +00:00
|
|
|
* like glibc's_asprintf but makes sure *strp == NULL on failure
|
2008-12-15 20:09:29 +00:00
|
|
|
*/
|
2008-12-17 17:22:43 +00:00
|
|
|
int
|
2008-12-15 20:09:29 +00:00
|
|
|
virAsprintf(char **strp, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
2010-11-22 23:39:47 +00:00
|
|
|
ret = virVasprintf(strp, fmt, ap);
|
2008-12-15 20:09:29 +00:00
|
|
|
va_end(ap);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2009-08-03 12:37:44 +00:00
|
|
|
/**
|
|
|
|
* virStrncpy
|
|
|
|
*
|
|
|
|
* A safe version of strncpy. The last parameter is the number of bytes
|
|
|
|
* available in the destination string, *not* the number of bytes you want
|
|
|
|
* to copy. If the destination is not large enough to hold all n of the
|
|
|
|
* src string bytes plus a \0, NULL is returned and no data is copied.
|
|
|
|
* If the destination is large enough to hold the n bytes plus \0, then the
|
|
|
|
* string is copied and a pointer to the destination string is returned.
|
|
|
|
*/
|
|
|
|
char *
|
|
|
|
virStrncpy(char *dest, const char *src, size_t n, size_t destbytes)
|
|
|
|
{
|
|
|
|
char *ret;
|
|
|
|
|
|
|
|
if (n > (destbytes - 1))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
ret = strncpy(dest, src, n);
|
|
|
|
/* strncpy NULL terminates iff the last character is \0. Therefore
|
|
|
|
* force the last byte to be \0
|
|
|
|
*/
|
|
|
|
dest[n] = '\0';
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* virStrcpy
|
|
|
|
*
|
|
|
|
* A safe version of strcpy. The last parameter is the number of bytes
|
|
|
|
* available in the destination string, *not* the number of bytes you want
|
|
|
|
* to copy. If the destination is not large enough to hold all n of the
|
|
|
|
* src string bytes plus a \0, NULL is returned and no data is copied.
|
|
|
|
* If the destination is large enough to hold the source plus \0, then the
|
|
|
|
* string is copied and a pointer to the destination string is returned.
|
|
|
|
*/
|
|
|
|
char *
|
|
|
|
virStrcpy(char *dest, const char *src, size_t destbytes)
|
|
|
|
{
|
|
|
|
return virStrncpy(dest, src, strlen(src), destbytes);
|
|
|
|
}
|
|
|
|
|
2008-06-24 15:00:15 +00:00
|
|
|
int virEnumFromString(const char *const*types,
|
|
|
|
unsigned int ntypes,
|
|
|
|
const char *type)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
2009-06-22 16:37:52 +00:00
|
|
|
if (!type)
|
|
|
|
return -1;
|
|
|
|
|
2008-06-24 15:00:15 +00:00
|
|
|
for (i = 0 ; i < ntypes ; i++)
|
|
|
|
if (STREQ(types[i], type))
|
|
|
|
return i;
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2012-08-11 19:13:00 +00:00
|
|
|
/* In case thread-safe locales are available */
|
|
|
|
#if HAVE_NEWLOCALE
|
|
|
|
|
|
|
|
static locale_t virLocale;
|
|
|
|
|
|
|
|
static int
|
|
|
|
virLocaleOnceInit(void)
|
|
|
|
{
|
|
|
|
virLocale = newlocale(LC_ALL_MASK, "C", (locale_t)0);
|
|
|
|
if (!virLocale)
|
|
|
|
return -1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_ONCE_GLOBAL_INIT(virLocale)
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/**
|
|
|
|
* virDoubleToStr
|
|
|
|
*
|
|
|
|
* converts double to string with C locale (thread-safe).
|
|
|
|
*
|
|
|
|
* Returns -1 on error, size of the string otherwise.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virDoubleToStr(char **strp, double number)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
#if HAVE_NEWLOCALE
|
|
|
|
|
|
|
|
locale_t old_loc;
|
|
|
|
|
|
|
|
if (virLocaleInitialize() < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
old_loc = uselocale(virLocale);
|
|
|
|
ret = virAsprintf(strp, "%lf", number);
|
|
|
|
uselocale(old_loc);
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
char *radix, *tmp;
|
|
|
|
struct lconv *lc;
|
|
|
|
|
2012-08-14 10:12:38 +00:00
|
|
|
if ((ret = virAsprintf(strp, "%lf", number) < 0))
|
2012-08-11 19:13:00 +00:00
|
|
|
goto error;
|
|
|
|
|
|
|
|
lc = localeconv();
|
|
|
|
radix = lc->decimal_point;
|
|
|
|
tmp = strstr(*strp, radix);
|
|
|
|
if (tmp) {
|
|
|
|
*tmp = '.';
|
|
|
|
if (strlen(radix) > 1)
|
2012-08-14 10:12:38 +00:00
|
|
|
memmove(tmp + 1, tmp + strlen(radix), strlen(*strp) - (tmp - *strp));
|
2012-08-11 19:13:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* HAVE_NEWLOCALE */
|
|
|
|
error:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-09-25 17:31:01 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Format @val as a base-10 decimal number, in the
|
|
|
|
* buffer @buf of size @buflen. To allocate a suitable
|
|
|
|
* sized buffer, the INT_BUFLEN(int) macro should be
|
|
|
|
* used
|
|
|
|
*
|
|
|
|
* Returns pointer to start of the number in @buf
|
|
|
|
*/
|
|
|
|
char *
|
|
|
|
virFormatIntDecimal(char *buf, size_t buflen, int val)
|
|
|
|
{
|
|
|
|
char *p = buf + buflen - 1;
|
|
|
|
*p = '\0';
|
|
|
|
if (val >= 0) {
|
|
|
|
do {
|
|
|
|
*--p = '0' + (val % 10);
|
|
|
|
val /= 10;
|
|
|
|
} while (val != 0);
|
|
|
|
} else {
|
|
|
|
do {
|
|
|
|
*--p = '0' - (val % 10);
|
|
|
|
val /= 10;
|
|
|
|
} while (val != 0);
|
|
|
|
*--p = '-';
|
|
|
|
}
|
|
|
|
return p;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-06-24 15:00:15 +00:00
|
|
|
const char *virEnumToString(const char *const*types,
|
|
|
|
unsigned int ntypes,
|
|
|
|
int type)
|
|
|
|
{
|
|
|
|
if (type < 0 || type >= ntypes)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return types[type];
|
|
|
|
}
|
|
|
|
|
2010-03-19 17:26:09 +00:00
|
|
|
/* Translates a device name of the form (regex) /^[fhv]d[a-z]+[0-9]*$/
|
|
|
|
* into the corresponding index (e.g. sda => 0, hdz => 25, vdaa => 26)
|
|
|
|
* Note that any trailing string of digits is simply ignored.
|
2008-05-09 16:41:19 +00:00
|
|
|
* @param name The name of the device
|
|
|
|
* @return name's index, or -1 on failure
|
|
|
|
*/
|
|
|
|
int virDiskNameToIndex(const char *name) {
|
|
|
|
const char *ptr = NULL;
|
|
|
|
int idx = 0;
|
2010-08-10 11:46:46 +00:00
|
|
|
static char const* const drive_prefix[] = {"fd", "hd", "vd", "sd", "xvd", "ubd"};
|
2008-05-15 16:05:41 +00:00
|
|
|
unsigned int i;
|
2008-05-09 16:41:19 +00:00
|
|
|
|
2008-05-15 16:05:41 +00:00
|
|
|
for (i = 0; i < ARRAY_CARDINALITY(drive_prefix); i++) {
|
|
|
|
if (STRPREFIX(name, drive_prefix[i])) {
|
|
|
|
ptr = name + strlen(drive_prefix[i]);
|
2008-05-09 16:41:19 +00:00
|
|
|
break;
|
2008-05-15 16:05:41 +00:00
|
|
|
}
|
2008-05-09 16:41:19 +00:00
|
|
|
}
|
|
|
|
|
2008-05-15 16:05:41 +00:00
|
|
|
if (!ptr)
|
2008-05-09 16:41:19 +00:00
|
|
|
return -1;
|
|
|
|
|
2008-10-10 08:37:35 +00:00
|
|
|
for (i = 0; *ptr; i++) {
|
start using c-ctype functions
Up to now, we've been avoiding ctype functions like isspace, isdigit,
etc. because they are locale-dependent. Now that we have the c-ctype
functions, we can start using *them*, to make the code more readable
with changes like these:
- /* This may not work on EBCDIC. */
- if ((*p >= 'a' && *p <= 'z') ||
- (*p >= 'A' && *p <= 'Z') ||
- (*p >= '0' && *p <= '9'))
+ if (c_isalnum(*p))
- while ((*cur >= '0') && (*cur <= '9')) {
+ while (c_isdigit(*cur)) {
Also, some macros in conf.c used names that conflicted with
standard meaning of "BLANK" and "SPACE", so I've adjusted them
to be in line with the definition of e.g., isblank.
In addition, I've wrapped those statement macros with do {...} while (0),
so that we can't forget the ";" after a use. There was one like that
already (fixed below). The missing semicolon would mess up automatic
indenting.
* src/buf.c (virBufferURIEncodeString):
* src/conf.c (IS_EOL, SKIP_BLANKS_AND_EOL, SKIP_BLANKS)
(virConfParseLong, virConfParseValue, virConfParseName)
(virConfParseSeparator, virConfParseStatement, IS_BLANK, IS_CHAR)
(IS_DIGIT, IS_SPACE, SKIP_SPACES):
* src/nodeinfo.c:
* src/qemu_conf.c (qemudParseInterfaceXML):
* src/qemu_driver.c (qemudDomainBlockStats):
* src/sexpr.c:
* src/stats_linux.c:
* src/util.c (virParseNumber, virDiskNameToIndex):
* src/uuid.c (hextobin, virUUIDParse):
* src/virsh.c:
* src/xml.c (parseCpuNumber, virParseCpuSet):
2008-05-16 09:37:44 +00:00
|
|
|
if (!c_islower(*ptr))
|
2010-03-19 17:26:09 +00:00
|
|
|
break;
|
2008-05-09 16:41:19 +00:00
|
|
|
|
2012-11-22 14:56:08 +00:00
|
|
|
idx = (idx + (i < 1 ? 0 : 1)) * 26;
|
2008-05-09 16:41:19 +00:00
|
|
|
idx += *ptr - 'a';
|
|
|
|
ptr++;
|
|
|
|
}
|
|
|
|
|
2010-03-19 17:26:09 +00:00
|
|
|
/* Count the trailing digits. */
|
|
|
|
size_t n_digits = strspn(ptr, "0123456789");
|
|
|
|
if (ptr[n_digits] != '\0')
|
|
|
|
return -1;
|
|
|
|
|
2008-05-09 16:41:19 +00:00
|
|
|
return idx;
|
|
|
|
}
|
2009-01-06 17:46:46 +00:00
|
|
|
|
2009-12-03 16:17:40 +00:00
|
|
|
char *virIndexToDiskName(int idx, const char *prefix)
|
|
|
|
{
|
|
|
|
char *name = NULL;
|
|
|
|
int i, k, offset;
|
|
|
|
|
|
|
|
if (idx < 0) {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("Disk index %d is negative"), idx);
|
2009-12-03 16:17:40 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0, k = idx; k >= 0; ++i, k = k / 26 - 1) { }
|
|
|
|
|
|
|
|
offset = strlen(prefix);
|
|
|
|
|
|
|
|
if (VIR_ALLOC_N(name, offset + i + 1)) {
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2009-12-03 16:17:40 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
strcpy(name, prefix);
|
|
|
|
name[offset + i] = '\0';
|
|
|
|
|
|
|
|
for (i = i - 1, k = idx; k >= 0; --i, k = k / 26 - 1) {
|
|
|
|
name[offset + i] = 'a' + (k % 26);
|
|
|
|
}
|
|
|
|
|
|
|
|
return name;
|
|
|
|
}
|
|
|
|
|
2009-01-07 10:43:16 +00:00
|
|
|
#ifndef AI_CANONIDN
|
2010-03-09 18:22:22 +00:00
|
|
|
# define AI_CANONIDN 0
|
2009-01-07 10:43:16 +00:00
|
|
|
#endif
|
|
|
|
|
2010-05-20 17:16:30 +00:00
|
|
|
/* Who knew getting a hostname could be so delicate. In Linux (and Unices
|
|
|
|
* in general), many things depend on "hostname" returning a value that will
|
|
|
|
* resolve one way or another. In the modern world where networks frequently
|
|
|
|
* come and go this is often being hard-coded to resolve to "localhost". If
|
|
|
|
* it *doesn't* resolve to localhost, then we would prefer to have the FQDN.
|
|
|
|
* That leads us to 3 possibilities:
|
|
|
|
*
|
|
|
|
* 1) gethostname() returns an FQDN (not localhost) - we return the string
|
|
|
|
* as-is, it's all of the information we want
|
|
|
|
* 2) gethostname() returns "localhost" - we return localhost; doing further
|
|
|
|
* work to try to resolve it is pointless
|
|
|
|
* 3) gethostname() returns a shortened hostname - in this case, we want to
|
|
|
|
* try to resolve this to a fully-qualified name. Therefore we pass it
|
|
|
|
* to getaddrinfo(). There are two possible responses:
|
|
|
|
* a) getaddrinfo() resolves to a FQDN - return the FQDN
|
2011-10-14 14:25:50 +00:00
|
|
|
* b) getaddrinfo() fails or resolves to localhost - in this case, the
|
2011-10-13 14:19:37 +00:00
|
|
|
* data we got from gethostname() is actually more useful than what
|
|
|
|
* we got from getaddrinfo(). Return the value from gethostname()
|
|
|
|
* and hope for the best.
|
2010-05-20 17:16:30 +00:00
|
|
|
*/
|
|
|
|
char *virGetHostname(virConnectPtr conn ATTRIBUTE_UNUSED)
|
2009-01-07 10:43:16 +00:00
|
|
|
{
|
|
|
|
int r;
|
|
|
|
char hostname[HOST_NAME_MAX+1], *result;
|
2010-05-20 17:16:30 +00:00
|
|
|
struct addrinfo hints, *info;
|
2009-01-07 10:43:16 +00:00
|
|
|
|
2012-10-17 09:23:12 +00:00
|
|
|
r = gethostname(hostname, sizeof(hostname));
|
2009-10-23 17:01:22 +00:00
|
|
|
if (r == -1) {
|
2010-02-04 20:02:58 +00:00
|
|
|
virReportSystemError(errno,
|
|
|
|
"%s", _("failed to determine host name"));
|
2009-01-07 10:43:16 +00:00
|
|
|
return NULL;
|
2009-10-23 17:01:22 +00:00
|
|
|
}
|
2009-01-07 10:43:16 +00:00
|
|
|
NUL_TERMINATE(hostname);
|
|
|
|
|
2010-05-20 17:16:30 +00:00
|
|
|
if (STRPREFIX(hostname, "localhost") || strchr(hostname, '.')) {
|
|
|
|
/* in this case, gethostname returned localhost (meaning we can't
|
|
|
|
* do any further canonicalization), or it returned an FQDN (and
|
|
|
|
* we don't need to do any further canonicalization). Return the
|
|
|
|
* string as-is; it's up to callers to check whether "localhost"
|
|
|
|
* is allowed.
|
|
|
|
*/
|
|
|
|
result = strdup(hostname);
|
|
|
|
goto check_and_return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* otherwise, it's a shortened, non-localhost, hostname. Attempt to
|
|
|
|
* canonicalize the hostname by running it through getaddrinfo
|
|
|
|
*/
|
|
|
|
|
2009-01-07 10:43:16 +00:00
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
|
|
hints.ai_flags = AI_CANONNAME|AI_CANONIDN;
|
|
|
|
hints.ai_family = AF_UNSPEC;
|
|
|
|
r = getaddrinfo(hostname, NULL, &hints, &info);
|
2009-10-23 17:01:22 +00:00
|
|
|
if (r != 0) {
|
2011-10-13 14:19:37 +00:00
|
|
|
VIR_WARN("getaddrinfo failed for '%s': %s",
|
|
|
|
hostname, gai_strerror(r));
|
|
|
|
result = strdup(hostname);
|
|
|
|
goto check_and_return;
|
2009-10-23 17:01:22 +00:00
|
|
|
}
|
2010-02-19 15:15:21 +00:00
|
|
|
|
2010-04-07 15:23:24 +00:00
|
|
|
/* Tell static analyzers about getaddrinfo semantics. */
|
2012-10-17 09:23:12 +00:00
|
|
|
sa_assert(info);
|
2010-04-07 15:23:24 +00:00
|
|
|
|
2010-05-20 17:16:30 +00:00
|
|
|
if (info->ai_canonname == NULL ||
|
|
|
|
STRPREFIX(info->ai_canonname, "localhost"))
|
|
|
|
/* in this case, we tried to canonicalize and we ended up back with
|
|
|
|
* localhost. Ignore the canonicalized name and just return the
|
|
|
|
* original hostname
|
|
|
|
*/
|
|
|
|
result = strdup(hostname);
|
|
|
|
else
|
|
|
|
/* Caller frees this string. */
|
2012-10-17 09:23:12 +00:00
|
|
|
result = strdup(info->ai_canonname);
|
2010-02-19 15:15:21 +00:00
|
|
|
|
2010-05-20 17:16:30 +00:00
|
|
|
freeaddrinfo(info);
|
2009-01-07 10:43:16 +00:00
|
|
|
|
2010-05-20 17:16:30 +00:00
|
|
|
check_and_return:
|
|
|
|
if (result == NULL)
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2009-01-07 10:43:16 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2009-01-22 19:41:48 +00:00
|
|
|
#ifdef HAVE_GETPWUID_R
|
2009-07-10 10:40:04 +00:00
|
|
|
enum {
|
|
|
|
VIR_USER_ENT_DIRECTORY,
|
|
|
|
VIR_USER_ENT_NAME,
|
|
|
|
};
|
|
|
|
|
2010-02-04 20:02:58 +00:00
|
|
|
static char *virGetUserEnt(uid_t uid,
|
2009-07-10 10:40:04 +00:00
|
|
|
int field)
|
2009-01-22 19:41:48 +00:00
|
|
|
{
|
|
|
|
char *strbuf;
|
|
|
|
char *ret;
|
|
|
|
struct passwd pwbuf;
|
2009-01-30 15:43:05 +00:00
|
|
|
struct passwd *pw = NULL;
|
2010-01-28 12:37:05 +00:00
|
|
|
long val = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
|
|
size_t strbuflen = val;
|
2011-05-16 21:37:15 +00:00
|
|
|
int rc;
|
2010-01-28 12:37:05 +00:00
|
|
|
|
2011-05-16 21:37:15 +00:00
|
|
|
/* sysconf is a hint; if it fails, fall back to a reasonable size */
|
|
|
|
if (val < 0)
|
|
|
|
strbuflen = 1024;
|
2009-01-22 19:41:48 +00:00
|
|
|
|
|
|
|
if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2009-01-22 19:41:48 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2009-01-30 15:43:05 +00:00
|
|
|
/*
|
|
|
|
* From the manpage (terrifying but true):
|
|
|
|
*
|
|
|
|
* ERRORS
|
|
|
|
* 0 or ENOENT or ESRCH or EBADF or EPERM or ...
|
|
|
|
* The given name or uid was not found.
|
|
|
|
*/
|
2011-05-16 21:37:15 +00:00
|
|
|
while ((rc = getpwuid_r(uid, &pwbuf, strbuf, strbuflen, &pw)) == ERANGE) {
|
|
|
|
if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0) {
|
|
|
|
virReportOOMError();
|
|
|
|
VIR_FREE(strbuf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (rc != 0 || pw == NULL) {
|
|
|
|
virReportSystemError(rc,
|
2010-04-29 03:36:03 +00:00
|
|
|
_("Failed to find user record for uid '%u'"),
|
|
|
|
(unsigned int) uid);
|
2009-01-22 19:41:48 +00:00
|
|
|
VIR_FREE(strbuf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2009-07-10 10:40:04 +00:00
|
|
|
if (field == VIR_USER_ENT_DIRECTORY)
|
|
|
|
ret = strdup(pw->pw_dir);
|
|
|
|
else
|
|
|
|
ret = strdup(pw->pw_name);
|
2009-01-22 19:41:48 +00:00
|
|
|
|
|
|
|
VIR_FREE(strbuf);
|
|
|
|
if (!ret)
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2009-01-22 19:41:48 +00:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2009-07-15 21:25:01 +00:00
|
|
|
|
2011-12-16 00:55:19 +00:00
|
|
|
static char *virGetGroupEnt(gid_t gid)
|
|
|
|
{
|
|
|
|
char *strbuf;
|
|
|
|
char *ret;
|
|
|
|
struct group grbuf;
|
|
|
|
struct group *gr = NULL;
|
|
|
|
long val = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
|
|
size_t strbuflen = val;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
/* sysconf is a hint; if it fails, fall back to a reasonable size */
|
|
|
|
if (val < 0)
|
|
|
|
strbuflen = 1024;
|
|
|
|
|
|
|
|
if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
|
|
|
|
virReportOOMError();
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* From the manpage (terrifying but true):
|
|
|
|
*
|
|
|
|
* ERRORS
|
|
|
|
* 0 or ENOENT or ESRCH or EBADF or EPERM or ...
|
|
|
|
* The given name or gid was not found.
|
|
|
|
*/
|
|
|
|
while ((rc = getgrgid_r(gid, &grbuf, strbuf, strbuflen, &gr)) == ERANGE) {
|
|
|
|
if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0) {
|
|
|
|
virReportOOMError();
|
|
|
|
VIR_FREE(strbuf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (rc != 0 || gr == NULL) {
|
|
|
|
virReportSystemError(rc,
|
|
|
|
_("Failed to find group record for gid '%u'"),
|
|
|
|
(unsigned int) gid);
|
|
|
|
VIR_FREE(strbuf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = strdup(gr->gr_name);
|
|
|
|
|
|
|
|
VIR_FREE(strbuf);
|
|
|
|
if (!ret)
|
|
|
|
virReportOOMError();
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-05-24 12:29:42 +00:00
|
|
|
char *virGetUserDirectory(void)
|
2009-07-10 10:40:04 +00:00
|
|
|
{
|
2012-05-24 12:29:42 +00:00
|
|
|
return virGetUserEnt(geteuid(), VIR_USER_ENT_DIRECTORY);
|
2009-07-10 10:40:04 +00:00
|
|
|
}
|
|
|
|
|
2012-05-24 12:29:42 +00:00
|
|
|
static char *virGetXDGDirectory(const char *xdgenvname, const char *xdgdefdir)
|
2012-05-03 16:36:27 +00:00
|
|
|
{
|
2012-05-24 12:29:42 +00:00
|
|
|
const char *path = getenv(xdgenvname);
|
2012-05-03 16:36:27 +00:00
|
|
|
char *ret = NULL;
|
2012-05-24 12:29:42 +00:00
|
|
|
char *home = virGetUserEnt(geteuid(), VIR_USER_ENT_DIRECTORY);
|
2012-05-03 16:36:27 +00:00
|
|
|
|
|
|
|
if (path && path[0]) {
|
2012-05-15 15:49:26 +00:00
|
|
|
if (virAsprintf(&ret, "%s/libvirt", path) < 0)
|
2012-05-03 16:36:27 +00:00
|
|
|
goto no_memory;
|
|
|
|
} else {
|
2012-05-15 15:49:26 +00:00
|
|
|
if (virAsprintf(&ret, "%s/%s/libvirt", home, xdgdefdir) < 0)
|
2012-05-03 16:36:27 +00:00
|
|
|
goto no_memory;
|
|
|
|
}
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
VIR_FREE(home);
|
|
|
|
return ret;
|
|
|
|
no_memory:
|
|
|
|
virReportOOMError();
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2012-05-24 12:29:42 +00:00
|
|
|
char *virGetUserConfigDirectory(void)
|
2012-05-03 16:36:27 +00:00
|
|
|
{
|
2012-05-24 12:29:42 +00:00
|
|
|
return virGetXDGDirectory("XDG_CONFIG_HOME", ".config");
|
2012-05-03 16:36:27 +00:00
|
|
|
}
|
|
|
|
|
2012-05-24 12:29:42 +00:00
|
|
|
char *virGetUserCacheDirectory(void)
|
2012-05-03 16:36:27 +00:00
|
|
|
{
|
2012-05-24 12:29:42 +00:00
|
|
|
return virGetXDGDirectory("XDG_CACHE_HOME", ".cache");
|
2012-05-03 16:36:27 +00:00
|
|
|
}
|
|
|
|
|
2012-05-24 12:29:42 +00:00
|
|
|
char *virGetUserRuntimeDirectory(void)
|
2012-05-03 16:36:27 +00:00
|
|
|
{
|
2012-05-24 12:29:42 +00:00
|
|
|
const char *path = getenv("XDG_RUNTIME_DIR");
|
2012-05-03 16:36:27 +00:00
|
|
|
|
|
|
|
if (!path || !path[0]) {
|
2012-05-24 12:29:42 +00:00
|
|
|
return virGetUserCacheDirectory();
|
2012-05-03 16:36:27 +00:00
|
|
|
} else {
|
|
|
|
char *ret;
|
|
|
|
|
2012-05-15 15:49:26 +00:00
|
|
|
if (virAsprintf(&ret, "%s/libvirt", path) < 0) {
|
2012-05-03 16:36:27 +00:00
|
|
|
virReportOOMError();
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-02-04 22:41:52 +00:00
|
|
|
char *virGetUserName(uid_t uid)
|
2009-07-10 10:40:04 +00:00
|
|
|
{
|
2010-02-04 20:02:58 +00:00
|
|
|
return virGetUserEnt(uid, VIR_USER_ENT_NAME);
|
2009-07-10 10:40:04 +00:00
|
|
|
}
|
|
|
|
|
2011-12-16 00:55:19 +00:00
|
|
|
char *virGetGroupName(gid_t gid)
|
|
|
|
{
|
|
|
|
return virGetGroupEnt(gid);
|
|
|
|
}
|
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
/* Search in the password database for a user id that matches the user name
|
|
|
|
* `name`. Returns 0 on success, -1 on failure or 1 if name cannot be found.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
virGetUserIDByName(const char *name, uid_t *uid)
|
2009-07-15 21:25:01 +00:00
|
|
|
{
|
2012-10-08 20:37:01 +00:00
|
|
|
char *strbuf = NULL;
|
2009-07-15 21:25:01 +00:00
|
|
|
struct passwd pwbuf;
|
|
|
|
struct passwd *pw = NULL;
|
2010-02-01 20:45:06 +00:00
|
|
|
long val = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
|
|
size_t strbuflen = val;
|
2011-05-16 21:37:15 +00:00
|
|
|
int rc;
|
2012-10-08 20:37:01 +00:00
|
|
|
int ret = -1;
|
2010-02-01 20:45:06 +00:00
|
|
|
|
2011-05-16 21:37:15 +00:00
|
|
|
/* sysconf is a hint; if it fails, fall back to a reasonable size */
|
|
|
|
if (val < 0)
|
|
|
|
strbuflen = 1024;
|
2009-07-15 21:25:01 +00:00
|
|
|
|
|
|
|
if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2012-10-08 20:37:01 +00:00
|
|
|
goto cleanup;
|
2009-07-15 21:25:01 +00:00
|
|
|
}
|
|
|
|
|
2011-05-16 21:37:15 +00:00
|
|
|
while ((rc = getpwnam_r(name, &pwbuf, strbuf, strbuflen, &pw)) == ERANGE) {
|
|
|
|
if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0) {
|
|
|
|
virReportOOMError();
|
2012-10-08 20:37:01 +00:00
|
|
|
goto cleanup;
|
2011-05-16 21:37:15 +00:00
|
|
|
}
|
|
|
|
}
|
2012-10-08 20:37:01 +00:00
|
|
|
|
|
|
|
if (!pw) {
|
2012-12-11 20:26:52 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
char buf[1024];
|
|
|
|
/* log the possible error from getpwnam_r. Unfortunately error
|
|
|
|
* reporting from this function is bad and we can't really
|
|
|
|
* rely on it, so we just report that the user wasn't found */
|
2012-12-12 13:19:03 +00:00
|
|
|
VIR_WARN("User record for user '%s' was not found: %s",
|
2012-12-11 20:26:52 +00:00
|
|
|
name, virStrerror(rc, buf, sizeof(buf)));
|
|
|
|
}
|
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
ret = 1;
|
|
|
|
goto cleanup;
|
2009-07-15 21:25:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
*uid = pw->pw_uid;
|
2012-10-08 20:37:01 +00:00
|
|
|
ret = 0;
|
2009-07-15 21:25:01 +00:00
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
cleanup:
|
2009-07-15 21:25:01 +00:00
|
|
|
VIR_FREE(strbuf);
|
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
return ret;
|
2009-07-15 21:25:01 +00:00
|
|
|
}
|
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
/* Try to match a user id based on `user`. The default behavior is to parse
|
|
|
|
* `user` first as a user name and then as a user id. However if `user`
|
|
|
|
* contains a leading '+', the rest of the string is always parsed as a uid.
|
|
|
|
*
|
|
|
|
* Returns 0 on success and -1 otherwise.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virGetUserID(const char *user, uid_t *uid)
|
|
|
|
{
|
|
|
|
unsigned int uint_uid;
|
|
|
|
|
|
|
|
if (*user == '+') {
|
|
|
|
user++;
|
|
|
|
} else {
|
|
|
|
int rc = virGetUserIDByName(user, uid);
|
|
|
|
if (rc <= 0)
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virStrToLong_ui(user, NULL, 10, &uint_uid) < 0 ||
|
|
|
|
((uid_t) uint_uid) != uint_uid) {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG, _("Failed to parse user '%s'"),
|
|
|
|
user);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*uid = uint_uid;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2009-07-15 21:25:01 +00:00
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
/* Search in the group database for a group id that matches the group name
|
|
|
|
* `name`. Returns 0 on success, -1 on failure or 1 if name cannot be found.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
virGetGroupIDByName(const char *name, gid_t *gid)
|
2009-07-15 21:25:01 +00:00
|
|
|
{
|
2012-10-08 20:37:01 +00:00
|
|
|
char *strbuf = NULL;
|
2009-07-15 21:25:01 +00:00
|
|
|
struct group grbuf;
|
|
|
|
struct group *gr = NULL;
|
2010-02-01 20:45:06 +00:00
|
|
|
long val = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
|
|
size_t strbuflen = val;
|
2011-05-16 21:37:15 +00:00
|
|
|
int rc;
|
2012-10-08 20:37:01 +00:00
|
|
|
int ret = -1;
|
2010-02-01 20:45:06 +00:00
|
|
|
|
2011-05-16 21:37:15 +00:00
|
|
|
/* sysconf is a hint; if it fails, fall back to a reasonable size */
|
|
|
|
if (val < 0)
|
|
|
|
strbuflen = 1024;
|
2009-07-15 21:25:01 +00:00
|
|
|
|
|
|
|
if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
|
2010-02-04 18:19:08 +00:00
|
|
|
virReportOOMError();
|
2012-10-08 20:37:01 +00:00
|
|
|
goto cleanup;
|
2009-07-15 21:25:01 +00:00
|
|
|
}
|
|
|
|
|
2011-05-16 21:37:15 +00:00
|
|
|
while ((rc = getgrnam_r(name, &grbuf, strbuf, strbuflen, &gr)) == ERANGE) {
|
|
|
|
if (VIR_RESIZE_N(strbuf, strbuflen, strbuflen, strbuflen) < 0) {
|
|
|
|
virReportOOMError();
|
2012-10-08 20:37:01 +00:00
|
|
|
goto cleanup;
|
2011-05-16 21:37:15 +00:00
|
|
|
}
|
|
|
|
}
|
2012-10-08 20:37:01 +00:00
|
|
|
|
|
|
|
if (!gr) {
|
2012-12-11 20:26:52 +00:00
|
|
|
if (rc != 0) {
|
|
|
|
char buf[1024];
|
|
|
|
/* log the possible error from getgrnam_r. Unfortunately error
|
|
|
|
* reporting from this function is bad and we can't really
|
|
|
|
* rely on it, so we just report that the user wasn't found */
|
2012-12-12 13:19:03 +00:00
|
|
|
VIR_WARN("Group record for user '%s' was not found: %s",
|
2012-12-11 20:26:52 +00:00
|
|
|
name, virStrerror(rc, buf, sizeof(buf)));
|
|
|
|
}
|
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
ret = 1;
|
|
|
|
goto cleanup;
|
2009-07-15 21:25:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
*gid = gr->gr_gid;
|
2012-10-08 20:37:01 +00:00
|
|
|
ret = 0;
|
2009-07-15 21:25:01 +00:00
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
cleanup:
|
2009-07-15 21:25:01 +00:00
|
|
|
VIR_FREE(strbuf);
|
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
return ret;
|
2009-07-15 21:25:01 +00:00
|
|
|
}
|
2010-03-17 00:06:31 +00:00
|
|
|
|
2012-10-08 20:37:01 +00:00
|
|
|
/* Try to match a group id based on `group`. The default behavior is to parse
|
|
|
|
* `group` first as a group name and then as a group id. However if `group`
|
|
|
|
* contains a leading '+', the rest of the string is always parsed as a guid.
|
|
|
|
*
|
|
|
|
* Returns 0 on success and -1 otherwise.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virGetGroupID(const char *group, gid_t *gid)
|
|
|
|
{
|
|
|
|
unsigned int uint_gid;
|
|
|
|
|
|
|
|
if (*group == '+') {
|
|
|
|
group++;
|
|
|
|
} else {
|
|
|
|
int rc = virGetGroupIDByName(group, gid);
|
|
|
|
if (rc <= 0)
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virStrToLong_ui(group, NULL, 10, &uint_gid) < 0 ||
|
|
|
|
((gid_t) uint_gid) != uint_gid) {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG, _("Failed to parse group '%s'"),
|
|
|
|
group);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*gid = uint_gid;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2010-12-23 06:44:02 +00:00
|
|
|
|
|
|
|
/* Set the real and effective uid and gid to the given values, and call
|
|
|
|
* initgroups so that the process has all the assumed group membership of
|
2011-05-22 14:16:44 +00:00
|
|
|
* that uid. return 0 on success, -1 on failure (the original system error
|
|
|
|
* remains in errno).
|
2010-12-23 06:44:02 +00:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
virSetUIDGID(uid_t uid, gid_t gid)
|
|
|
|
{
|
2011-05-22 14:16:44 +00:00
|
|
|
int err;
|
2012-08-28 14:51:05 +00:00
|
|
|
char *buf = NULL;
|
2011-05-22 14:16:44 +00:00
|
|
|
|
2010-12-23 06:44:02 +00:00
|
|
|
if (gid > 0) {
|
|
|
|
if (setregid(gid, gid) < 0) {
|
2011-05-22 14:16:44 +00:00
|
|
|
virReportSystemError(err = errno,
|
2011-01-03 22:26:33 +00:00
|
|
|
_("cannot change to '%d' group"),
|
|
|
|
(unsigned int) gid);
|
2011-05-22 14:16:44 +00:00
|
|
|
goto error;
|
2010-12-23 06:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (uid > 0) {
|
|
|
|
# ifdef HAVE_INITGROUPS
|
|
|
|
struct passwd pwd, *pwd_result;
|
|
|
|
size_t bufsize;
|
2011-05-16 21:37:15 +00:00
|
|
|
int rc;
|
2010-12-23 06:44:02 +00:00
|
|
|
|
|
|
|
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
|
|
if (bufsize == -1)
|
|
|
|
bufsize = 16384;
|
|
|
|
|
|
|
|
if (VIR_ALLOC_N(buf, bufsize) < 0) {
|
|
|
|
virReportOOMError();
|
2011-05-22 14:16:44 +00:00
|
|
|
err = ENOMEM;
|
|
|
|
goto error;
|
2010-12-23 06:44:02 +00:00
|
|
|
}
|
2011-05-16 21:37:15 +00:00
|
|
|
while ((rc = getpwuid_r(uid, &pwd, buf, bufsize,
|
|
|
|
&pwd_result)) == ERANGE) {
|
|
|
|
if (VIR_RESIZE_N(buf, bufsize, bufsize, bufsize) < 0) {
|
|
|
|
virReportOOMError();
|
2011-05-22 14:16:44 +00:00
|
|
|
err = ENOMEM;
|
|
|
|
goto error;
|
2011-05-16 21:37:15 +00:00
|
|
|
}
|
|
|
|
}
|
2012-08-28 14:51:05 +00:00
|
|
|
|
|
|
|
if (rc) {
|
2011-05-22 14:16:44 +00:00
|
|
|
virReportSystemError(err = rc, _("cannot getpwuid_r(%d)"),
|
2011-01-03 22:26:33 +00:00
|
|
|
(unsigned int) uid);
|
2011-05-22 14:16:44 +00:00
|
|
|
goto error;
|
2010-12-23 06:44:02 +00:00
|
|
|
}
|
2012-08-28 14:51:05 +00:00
|
|
|
|
|
|
|
if (!pwd_result) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("getpwuid_r failed to retrieve data "
|
|
|
|
"for uid '%d'"),
|
|
|
|
(unsigned int) uid);
|
|
|
|
err = EINVAL;
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2010-12-23 06:44:02 +00:00
|
|
|
if (initgroups(pwd.pw_name, pwd.pw_gid) < 0) {
|
2011-05-22 14:16:44 +00:00
|
|
|
virReportSystemError(err = errno,
|
2010-12-23 06:44:02 +00:00
|
|
|
_("cannot initgroups(\"%s\", %d)"),
|
2011-01-03 22:26:33 +00:00
|
|
|
pwd.pw_name, (unsigned int) pwd.pw_gid);
|
2011-05-22 14:16:44 +00:00
|
|
|
goto error;
|
2010-12-23 06:44:02 +00:00
|
|
|
}
|
|
|
|
# endif
|
|
|
|
if (setreuid(uid, uid) < 0) {
|
2011-05-22 14:16:44 +00:00
|
|
|
virReportSystemError(err = errno,
|
2011-01-03 22:26:33 +00:00
|
|
|
_("cannot change to uid to '%d'"),
|
|
|
|
(unsigned int) uid);
|
2011-05-22 14:16:44 +00:00
|
|
|
goto error;
|
2010-12-23 06:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
2012-08-28 14:51:05 +00:00
|
|
|
|
|
|
|
VIR_FREE(buf);
|
2010-12-23 06:44:02 +00:00
|
|
|
return 0;
|
2011-05-22 14:16:44 +00:00
|
|
|
|
|
|
|
error:
|
2012-08-28 14:51:05 +00:00
|
|
|
VIR_FREE(buf);
|
2011-05-22 14:16:44 +00:00
|
|
|
errno = err;
|
|
|
|
return -1;
|
2010-12-23 06:44:02 +00:00
|
|
|
}
|
|
|
|
|
2012-05-24 13:37:54 +00:00
|
|
|
#else /* ! HAVE_GETPWUID_R */
|
|
|
|
|
|
|
|
# ifdef WIN32
|
|
|
|
/* These methods are adapted from GLib2 under terms of LGPLv2+ */
|
|
|
|
static int
|
|
|
|
virGetWin32SpecialFolder(int csidl, char **path)
|
|
|
|
{
|
|
|
|
char buf[MAX_PATH+1];
|
|
|
|
LPITEMIDLIST pidl = NULL;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
*path = NULL;
|
|
|
|
|
|
|
|
if (SHGetSpecialFolderLocation(NULL, csidl, &pidl) == S_OK) {
|
|
|
|
if (SHGetPathFromIDList(pidl, buf)) {
|
|
|
|
if (!(*path = strdup(buf))) {
|
|
|
|
virReportOOMError();
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
CoTaskMemFree(pidl);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
virGetWin32DirectoryRoot(char **path)
|
|
|
|
{
|
|
|
|
char windowsdir[MAX_PATH];
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
*path = NULL;
|
|
|
|
|
|
|
|
if (GetWindowsDirectory(windowsdir, ARRAY_CARDINALITY(windowsdir)))
|
|
|
|
{
|
|
|
|
const char *tmp;
|
|
|
|
/* Usually X:\Windows, but in terminal server environments
|
|
|
|
* might be an UNC path, AFAIK.
|
|
|
|
*/
|
|
|
|
tmp = virFileSkipRoot(windowsdir);
|
|
|
|
if (VIR_FILE_IS_DIR_SEPARATOR(tmp[-1]) &&
|
|
|
|
tmp[-2] != ':')
|
|
|
|
tmp--;
|
|
|
|
|
|
|
|
windowsdir[tmp - windowsdir] = '\0';
|
|
|
|
} else {
|
|
|
|
strcpy(windowsdir, "C:\\");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(*path = strdup(windowsdir))) {
|
|
|
|
virReportOOMError();
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
char *
|
|
|
|
virGetUserDirectory(void)
|
|
|
|
{
|
|
|
|
const char *dir;
|
|
|
|
char *ret;
|
|
|
|
|
|
|
|
dir = getenv("HOME");
|
|
|
|
|
|
|
|
/* Only believe HOME if it is an absolute path and exists */
|
|
|
|
if (dir) {
|
|
|
|
if (!virFileIsAbsPath(dir) ||
|
|
|
|
!virFileExists(dir))
|
|
|
|
dir = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* In case HOME is Unix-style (it happens), convert it to
|
|
|
|
* Windows style.
|
|
|
|
*/
|
|
|
|
if (dir) {
|
|
|
|
char *p;
|
2012-10-17 09:23:12 +00:00
|
|
|
while ((p = strchr(dir, '/')) != NULL)
|
2012-05-24 13:37:54 +00:00
|
|
|
*p = '\\';
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!dir)
|
|
|
|
/* USERPROFILE is probably the closest equivalent to $HOME? */
|
|
|
|
dir = getenv("USERPROFILE");
|
|
|
|
|
|
|
|
if (dir) {
|
|
|
|
if (!(ret = strdup(dir))) {
|
|
|
|
virReportOOMError();
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!ret &&
|
|
|
|
virGetWin32SpecialFolder(CSIDL_PROFILE, &ret) < 0)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (!ret &&
|
|
|
|
virGetWin32DirectoryRoot(&ret) < 0)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (!ret) {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Unable to determine home directory"));
|
2012-05-24 13:37:54 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virGetUserConfigDirectory(void)
|
|
|
|
{
|
|
|
|
char *ret;
|
|
|
|
if (virGetWin32SpecialFolder(CSIDL_LOCAL_APPDATA, &ret) < 0)
|
|
|
|
return NULL;
|
2010-03-17 00:06:31 +00:00
|
|
|
|
2012-05-24 13:37:54 +00:00
|
|
|
if (!ret) {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Unable to determine config directory"));
|
2012-05-24 13:37:54 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virGetUserCacheDirectory(void)
|
|
|
|
{
|
|
|
|
char *ret;
|
|
|
|
if (virGetWin32SpecialFolder(CSIDL_INTERNET_CACHE, &ret) < 0)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (!ret) {
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Unable to determine config directory"));
|
2012-05-24 13:37:54 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virGetUserRuntimeDirectory(void)
|
|
|
|
{
|
|
|
|
return virGetUserCacheDirectory();
|
|
|
|
}
|
|
|
|
# else /* !HAVE_GETPWUID_R && !WIN32 */
|
2010-03-17 00:06:31 +00:00
|
|
|
char *
|
2012-05-24 12:29:42 +00:00
|
|
|
virGetUserDirectory(void)
|
2010-03-17 00:06:31 +00:00
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetUserDirectory is not available"));
|
2010-03-17 00:06:31 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-05-24 13:37:54 +00:00
|
|
|
char *
|
|
|
|
virGetUserConfigDirectory(void)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetUserConfigDirectory is not available"));
|
2012-05-24 13:37:54 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virGetUserCacheDirectory(void)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetUserCacheDirectory is not available"));
|
2012-05-24 13:37:54 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virGetUserRuntimeDirectory(void)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetUserRuntimeDirectory is not available"));
|
2012-05-24 13:37:54 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
# endif /* ! HAVE_GETPWUID_R && ! WIN32 */
|
|
|
|
|
2010-03-17 00:06:31 +00:00
|
|
|
char *
|
|
|
|
virGetUserName(uid_t uid ATTRIBUTE_UNUSED)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetUserName is not available"));
|
2010-03-17 00:06:31 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
int virGetUserID(const char *name ATTRIBUTE_UNUSED,
|
|
|
|
uid_t *uid ATTRIBUTE_UNUSED)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetUserID is not available"));
|
2010-03-17 00:06:31 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virGetGroupID(const char *name ATTRIBUTE_UNUSED,
|
|
|
|
gid_t *gid ATTRIBUTE_UNUSED)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetGroupID is not available"));
|
2010-03-17 00:06:31 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2010-12-23 06:44:02 +00:00
|
|
|
|
|
|
|
int
|
|
|
|
virSetUIDGID(uid_t uid ATTRIBUTE_UNUSED,
|
|
|
|
gid_t gid ATTRIBUTE_UNUSED)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virSetUIDGID is not available"));
|
2010-12-23 06:44:02 +00:00
|
|
|
return -1;
|
|
|
|
}
|
2012-01-25 18:54:43 +00:00
|
|
|
|
|
|
|
char *
|
|
|
|
virGetGroupName(gid_t gid ATTRIBUTE_UNUSED)
|
|
|
|
{
|
2012-07-18 10:26:24 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"%s", _("virGetGroupName is not available"));
|
2012-01-25 18:54:43 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
2010-03-17 00:06:31 +00:00
|
|
|
#endif /* HAVE_GETPWUID_R */
|
Support configuration of huge pages in guests
Add option to domain XML for
<memoryBacking>
<hugepages/>
</memoryBacking>
* configure.in: Add check for mntent.h
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
Add 'hugetlbfs_mount' config parameter
* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
and pass it when hugepages are requested.
Load hugetlbfs_mount config parameter, search for mount if not given.
* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
Create directory for QEMU hugepage usage, chowning if required.
* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
helper API
* tests/qemuhelptest.c: Add -mem-path constants
* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
handling
* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
hugepage tests
2009-08-25 14:05:18 +00:00
|
|
|
|
|
|
|
|
2010-04-23 09:34:17 +00:00
|
|
|
#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
|
Support configuration of huge pages in guests
Add option to domain XML for
<memoryBacking>
<hugepages/>
</memoryBacking>
* configure.in: Add check for mntent.h
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
Add 'hugetlbfs_mount' config parameter
* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
and pass it when hugepages are requested.
Load hugetlbfs_mount config parameter, search for mount if not given.
* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
Create directory for QEMU hugepage usage, chowning if required.
* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
helper API
* tests/qemuhelptest.c: Add -mem-path constants
* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
handling
* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
hugepage tests
2009-08-25 14:05:18 +00:00
|
|
|
/* search /proc/mounts for mount point of *type; return pointer to
|
|
|
|
* malloc'ed string of the path if found, otherwise return NULL
|
|
|
|
* with errno set to an appropriate value.
|
|
|
|
*/
|
|
|
|
char *virFileFindMountPoint(const char *type)
|
|
|
|
{
|
|
|
|
FILE *f;
|
|
|
|
struct mntent mb;
|
|
|
|
char mntbuf[1024];
|
|
|
|
char *ret = NULL;
|
|
|
|
|
|
|
|
f = setmntent("/proc/mounts", "r");
|
|
|
|
if (!f)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
while (getmntent_r(f, &mb, mntbuf, sizeof(mntbuf))) {
|
|
|
|
if (STREQ(mb.mnt_type, type)) {
|
|
|
|
ret = strdup(mb.mnt_dir);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!ret)
|
|
|
|
errno = ENOENT;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
endmntent(f);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2010-03-17 00:06:31 +00:00
|
|
|
|
2010-04-23 09:34:17 +00:00
|
|
|
#else /* defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R */
|
2010-03-17 00:06:31 +00:00
|
|
|
|
|
|
|
char *
|
|
|
|
virFileFindMountPoint(const char *type ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
errno = ENOSYS;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2010-04-23 09:34:17 +00:00
|
|
|
#endif /* defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R */
|
2009-09-10 13:21:10 +00:00
|
|
|
|
2010-11-08 16:32:02 +00:00
|
|
|
#if defined(UDEVADM) || defined(UDEVSETTLE)
|
2010-02-04 22:41:52 +00:00
|
|
|
void virFileWaitForDevices(void)
|
2009-09-10 13:21:10 +00:00
|
|
|
{
|
2010-11-08 16:32:02 +00:00
|
|
|
# ifdef UDEVADM
|
2009-09-10 13:21:10 +00:00
|
|
|
const char *const settleprog[] = { UDEVADM, "settle", NULL };
|
2010-11-08 16:32:02 +00:00
|
|
|
# else
|
2009-09-10 13:21:10 +00:00
|
|
|
const char *const settleprog[] = { UDEVSETTLE, NULL };
|
2010-11-08 16:32:02 +00:00
|
|
|
# endif
|
2009-09-10 13:21:10 +00:00
|
|
|
int exitstatus;
|
|
|
|
|
|
|
|
if (access(settleprog[0], X_OK) != 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* NOTE: we ignore errors here; this is just to make sure that any device
|
|
|
|
* nodes that are being created finish before we try to scan them.
|
|
|
|
* If this fails for any reason, we still have the backup of polling for
|
|
|
|
* 5 seconds for device nodes.
|
|
|
|
*/
|
2010-02-04 22:41:52 +00:00
|
|
|
if (virRun(settleprog, &exitstatus) < 0)
|
2009-10-16 10:09:13 +00:00
|
|
|
{}
|
2009-09-10 13:21:10 +00:00
|
|
|
}
|
2010-11-08 16:32:02 +00:00
|
|
|
#else
|
2010-02-04 22:41:52 +00:00
|
|
|
void virFileWaitForDevices(void) {}
|
2009-09-10 13:21:10 +00:00
|
|
|
#endif
|
2009-11-12 21:48:24 +00:00
|
|
|
|
|
|
|
int virBuildPathInternal(char **path, ...)
|
|
|
|
{
|
|
|
|
char *path_component = NULL;
|
|
|
|
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
|
|
|
va_list ap;
|
|
|
|
int ret = 0;
|
|
|
|
|
2010-05-04 22:07:18 +00:00
|
|
|
va_start(ap, path);
|
2009-11-12 21:48:24 +00:00
|
|
|
|
|
|
|
path_component = va_arg(ap, char *);
|
|
|
|
virBufferAdd(&buf, path_component, -1);
|
|
|
|
|
|
|
|
while ((path_component = va_arg(ap, char *)) != NULL)
|
|
|
|
{
|
|
|
|
virBufferAddChar(&buf, '/');
|
|
|
|
virBufferAdd(&buf, path_component, -1);
|
|
|
|
}
|
|
|
|
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
*path = virBufferContentAndReset(&buf);
|
|
|
|
if (*path == NULL) {
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2010-11-01 04:17:14 +00:00
|
|
|
|
2011-02-18 19:00:47 +00:00
|
|
|
#if HAVE_LIBDEVMAPPER_H
|
2011-02-17 07:29:07 +00:00
|
|
|
bool
|
2011-09-16 12:05:58 +00:00
|
|
|
virIsDevMapperDevice(const char *dev_name)
|
2011-02-17 07:29:07 +00:00
|
|
|
{
|
|
|
|
struct stat buf;
|
|
|
|
|
2011-09-16 12:05:58 +00:00
|
|
|
if (!stat(dev_name, &buf) &&
|
2011-02-17 07:29:07 +00:00
|
|
|
S_ISBLK(buf.st_mode) &&
|
|
|
|
dm_is_dm_major(major(buf.st_rdev)))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2011-02-18 19:00:47 +00:00
|
|
|
#else
|
2011-09-16 12:05:58 +00:00
|
|
|
bool virIsDevMapperDevice(const char *dev_name ATTRIBUTE_UNUSED)
|
2011-02-18 19:00:47 +00:00
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
#endif
|
2012-09-11 08:57:02 +00:00
|
|
|
|
|
|
|
bool
|
|
|
|
virValidateWWN(const char *wwn) {
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; wwn[i]; i++)
|
|
|
|
if (!c_isxdigit(wwn[i]))
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (i != 16 || wwn[i]) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Malformed wwn: %s"));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2012-12-06 10:23:02 +00:00
|
|
|
|
|
|
|
bool
|
|
|
|
virStrIsPrint(const char *str)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; str[i]; i++)
|
|
|
|
if (!c_isprint(str[i]))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|