External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-06 14:25:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
f3fa662353
libvirt/src/util/viridentity.c

535 lines
13 KiB
C
Raw Normal View History

Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
/*
* viridentity.c: helper APIs for managing user identities
*
* Copyright (C) 2012-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; If not, see
* <http://www.gnu.org/licenses/>.
*
*/
#include <config.h>
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
#include <unistd.h>
Fix typos s/HAVE_SELINUX/WITH_SELINUX/ The virNetSocket & virIdentity classes accidentally got some conditionals using HAVE_SELINUX instead of WITH_SELINUX. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-20 13:06:04 +00:00
#if WITH_SELINUX
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
# include <selinux/selinux.h>
#endif
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
#include "internal.h"
#include "viralloc.h"
#include "virerror.h"
#include "viridentity.h"
#include "virlog.h"
#include "virobject.h"
#include "virthread.h"
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
#include "virutil.h"
Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/*
2013-05-24 07:19:51 +00:00
#include "virstring.h"
Ensure system identity includes process start time The polkit access driver will want to use the process start time field. This was already set for network identities, but not for the system identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-28 14:22:05 +00:00
#include "virprocess.h"
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
#define VIR_FROM_THIS VIR_FROM_IDENTITY
Add virLogSource variables to all source files Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 12:16:17 +00:00
VIR_LOG_INIT("util.identity");
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
util: make generic identity accessors private Only expose the type safe getters/setters to other code in preparation for changing the internal storage of data. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 11:21:29 +00:00
typedef enum {
VIR_IDENTITY_ATTR_USER_NAME,
VIR_IDENTITY_ATTR_UNIX_USER_ID,
VIR_IDENTITY_ATTR_GROUP_NAME,
VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
VIR_IDENTITY_ATTR_PROCESS_ID,
VIR_IDENTITY_ATTR_PROCESS_TIME,
VIR_IDENTITY_ATTR_SASL_USER_NAME,
VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
VIR_IDENTITY_ATTR_LAST,
} virIdentityAttrType;
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
struct _virIdentity {
virObject parent;
char *attrs[VIR_IDENTITY_ATTR_LAST];
};
static virClassPtr virIdentityClass;
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
static virThreadLocal virIdentityCurrent;
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
static void virIdentityDispose(void *obj);
static int virIdentityOnceInit(void)
{
virobject: Introduce VIR_CLASS_NEW() macro So far we are repeating the following lines over and over: if (!(virSomeObjectClass = virClassNew(virClassForObject(), "virSomeObject", sizeof(virSomeObject), virSomeObjectDispose))) return -1; While this works, it is impossible to do some checking. Firstly, the class name (the 2nd argument) doesn't match the name in the code in all cases (the 3rd argument). Secondly, the current style is needlessly verbose. This commit turns example into following: if (!(VIR_CLASS_NEW(virSomeObject, virClassForObject))) return -1; Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-17 15:42:33 +00:00
if (!VIR_CLASS_NEW(virIdentity, virClassForObject()))
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
return -1;
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
if (virThreadLocalInit(&virIdentityCurrent,
(virThreadLocalCleanup)virObjectUnref) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot initialize thread local for current identity"));
return -1;
}
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
return 0;
}
Require a semicolon for VIR_ONCE_GLOBAL_INIT calls Missing semicolon at the end of macros can confuse some analyzers (like cppcheck <filename>). VIR_ONCE_GLOBAL_INIT is almost exclusively called without an ending semicolon, but let's standardize on using one like the other macros. Add a dummy struct definition at the end of the macro, so the compiler will require callers to add a semicolon. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-01-20 17:23:29 +00:00
VIR_ONCE_GLOBAL_INIT(virIdentity);
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
/**
* virIdentityGetCurrent:
*
* Get the current identity associated with this thread. The
* caller will own a reference to the returned identity, but
* must not modify the object in any way, other than to
* release the reference when done with virObjectUnref
*
* Returns: a reference to the current identity, or NULL
*/
virIdentityPtr virIdentityGetCurrent(void)
{
virIdentityPtr ident;
Fix initialization of virIdentityPtr thread locals Some code mistakenly called virIdentityOnceInit directly instead of virIdentityInitialize(). This meant that one-time initializer was run many times with predictably bad results.
2013-03-21 10:58:15 +00:00
if (virIdentityInitialize() < 0)
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
return NULL;
ident = virThreadLocalGet(&virIdentityCurrent);
return virObjectRef(ident);
}
/**
* virIdentitySetCurrent:
*
* Set the new identity to be associated with this thread.
* The caller should not modify the passed identity after
* it has been set, other than to release its own reference.
*
* Returns 0 on success, or -1 on error
*/
int virIdentitySetCurrent(virIdentityPtr ident)
{
virIdentityPtr old;
Fix initialization of virIdentityPtr thread locals Some code mistakenly called virIdentityOnceInit directly instead of virIdentityInitialize(). This meant that one-time initializer was run many times with predictably bad results.
2013-03-21 10:58:15 +00:00
if (virIdentityInitialize() < 0)
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
return -1;
old = virThreadLocalGet(&virIdentityCurrent);
if (virThreadLocalSet(&virIdentityCurrent,
virObjectRef(ident)) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Unable to set thread local identity"));
util: identity: Harden virIdentitySetCurrent() Don't unref the old identity unless we set the new one correctly and unref the new one on failure to set it so that we don't leak any references or use invalid pointers.
2015-03-25 07:25:45 +00:00
virObjectUnref(ident);
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
return -1;
}
util: identity: Harden virIdentitySetCurrent() Don't unref the old identity unless we set the new one correctly and unref the new one on failure to set it so that we don't leak any references or use invalid pointers.
2015-03-25 07:25:45 +00:00
virObjectUnref(old);
Add APIs for associating a virIdentityPtr with the current thread To allow any internal API to get the current identity, add APIs to associate a virIdentityPtr with the current thread, via a thread local Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 10:53:47 +00:00
return 0;
}
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
/**
* virIdentityGetSystem:
*
* Returns an identity that represents the system itself.
* This is the identity that the process is running as
*
* Returns a reference to the system identity, or NULL
*/
virIdentityPtr virIdentityGetSystem(void)
{
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
VIR_AUTOFREE(char *) username = NULL;
VIR_AUTOFREE(char *) groupname = NULL;
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
unsigned long long startTime;
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
virIdentityPtr ret = NULL;
Fix typos s/HAVE_SELINUX/WITH_SELINUX/ The virNetSocket & virIdentity classes accidentally got some conditionals using HAVE_SELINUX instead of WITH_SELINUX. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-20 13:06:04 +00:00
#if WITH_SELINUX
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
security_context_t con;
#endif
Set process ID in system identity When creating a virIdentityPtr for the system identity, include the current process ID as an attribute.
2013-06-24 13:47:31 +00:00
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
if (!(ret = virIdentityNew()))
goto error;
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
if (virIdentitySetProcessID(ret, getpid()) < 0)
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
goto error;
Ensure system identity includes process start time The polkit access driver will want to use the process start time field. This was already set for network identities, but not for the system identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-28 14:22:05 +00:00
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
if (virProcessGetStartTime(getpid(), &startTime) < 0)
goto error;
if (startTime != 0 &&
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
virIdentitySetProcessTime(ret, startTime) < 0)
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
goto error;
Ensure system identity includes process start time The polkit access driver will want to use the process start time field. This was already set for network identities, but not for the system identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-28 14:22:05 +00:00
Remove (nearly) all use of getuid()/getgid() Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-09 11:13:45 +00:00
if (!(username = virGetUserName(geteuid())))
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return ret;
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
if (virIdentitySetUserName(ret, username) < 0)
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
goto error;
if (virIdentitySetUNIXUserID(ret, getuid()) < 0)
goto error;
Also store user & group ID values in virIdentity Future improvements to the polkit code will require access to the numeric user ID, not merely user name. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:00:01 +00:00
Remove (nearly) all use of getuid()/getgid() Most of the usage of getuid()/getgid() is in cases where we are considering what privileges we have. As such the code should be using the effective IDs, not real IDs. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-09 11:13:45 +00:00
if (!(groupname = virGetGroupName(getegid())))
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return ret;
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
if (virIdentitySetGroupName(ret, groupname) < 0)
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
goto error;
if (virIdentitySetUNIXGroupID(ret, getgid()) < 0)
goto error;
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
Fix typos s/HAVE_SELINUX/WITH_SELINUX/ The virNetSocket & virIdentity classes accidentally got some conditionals using HAVE_SELINUX instead of WITH_SELINUX. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-20 13:06:04 +00:00
#if WITH_SELINUX
is_selinux_enabled() returns -1 on error, account for this. Per the documentation, is_selinux_enabled() returns -1 on error. Account for this. Previously when -1 was being returned the condition would still be true. I was noticing this because on my system that has selinux disabled I was getting this in the libvirt.log every 5 seconds: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument With this patch applied, I no longer get these messages every 5 seconds. I am submitting this in case its deemed useful for inclusion. Anyone have any comments on this change? This is a patch off current master. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-20 15:05:14 +00:00
if (is_selinux_enabled() > 0) {
virIdentityGetSystem: don't fail if SELinux is disabled If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-06 06:02:48 +00:00
if (getcon(&con) < 0) {
virReportSystemError(errno, "%s",
_("Unable to lookup SELinux process context"));
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return ret;
virIdentityGetSystem: don't fail if SELinux is disabled If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-06 06:02:48 +00:00
}
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
if (virIdentitySetSELinuxContext(ret, con) < 0) {
virIdentityGetSystem: don't fail if SELinux is disabled If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-06 06:02:48 +00:00
freecon(con);
Convert callers to use typesafe APIs for setting identity attrs Update virNetServerClientCreateIdentity and virIdentityGetSystem to use the new typesafe APIs for setting identity attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:58:58 +00:00
goto error;
virIdentityGetSystem: don't fail if SELinux is disabled If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-06 06:02:48 +00:00
}
Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/*
2013-05-24 07:19:51 +00:00
freecon(con);
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
}
#endif
return ret;
Indent top-level labels by one space in src/util/
2014-03-25 06:53:22 +00:00
error:
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
virObjectUnref(ret);
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return NULL;
Add API to get the system identity If no user identity is available, some operations may wish to use the system identity. ie the identity of the current process itself. Add an API to get such an identity. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-06 11:00:16 +00:00
}
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
/**
* virIdentityNew:
*
* Creates a new empty identity object. After creating, one or
* more identifying attributes should be set on the identity.
*
* Returns: a new empty identity
*/
virIdentityPtr virIdentityNew(void)
{
virIdentityPtr ident;
if (virIdentityInitialize() < 0)
return NULL;
if (!(ident = virObjectNew(virIdentityClass)))
return NULL;
return ident;
}
static void virIdentityDispose(void *object)
{
virIdentityPtr ident = object;
size_t i;
src/utils: Remove the whitespace before ";"
2013-05-21 07:58:16 +00:00
for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++)
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
VIR_FREE(ident->attrs[i]);
}
/**
* virIdentitySetAttr:
* @ident: the identity to modify
* @attr: the attribute type to set
* @value: the identifying value to associate with @attr
*
* Sets an identifying attribute @attr on @ident. Each
* @attr type can only be set once.
*
* Returns: 0 on success, or -1 on error
*/
util: make generic identity accessors private Only expose the type safe getters/setters to other code in preparation for changing the internal storage of data. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 11:21:29 +00:00
static int
virIdentitySetAttr(virIdentityPtr ident,
unsigned int attr,
const char *value)
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
{
int ret = -1;
VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value);
if (ident->attrs[attr]) {
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
util: Fix misaligned arguments and misaligned conditions for [if|while|...] This patch just fixes misaligned arguments and misaligned conditions of src/util/*.c. Signed-off-by: Shi Lei <shi_lei@massclouds.com>
2018-09-19 08:38:14 +00:00
_("Identity attribute is already set"));
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
goto cleanup;
}
Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/*
2013-05-24 07:19:51 +00:00
if (VIR_STRDUP(ident->attrs[attr], value) < 0)
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
goto cleanup;
ret = 0;
Indent top-level labels by one space in src/util/
2014-03-25 06:53:22 +00:00
cleanup:
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
return ret;
}
/**
* virIdentityGetAttr:
* @ident: the identity to query
* @attr: the attribute to read
* @value: filled with the attribute value
*
* Fills @value with a pointer to the value associated
* with the identifying attribute @attr in @ident. If
* @attr is not set, then it will simply be initialized
* to NULL and considered as a successful read
*
* Returns 0 on success, -1 on error
*/
util: make generic identity accessors private Only expose the type safe getters/setters to other code in preparation for changing the internal storage of data. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 11:21:29 +00:00
static int
virIdentityGetAttr(virIdentityPtr ident,
unsigned int attr,
const char **value)
Define internal APIs for managing identities Introduce a local object virIdentity for managing security attributes used to form a client application's identity. Instances of this object are intended to be used as if they were immutable, once created & populated with attributes Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-01-20 17:49:32 +00:00
{
VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value);
*value = ident->attrs[attr];
return 0;
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentityGetUserName(virIdentityPtr ident,
const char **username)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
return virIdentityGetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_USER_NAME,
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
username);
}
int virIdentityGetUNIXUserID(virIdentityPtr ident,
uid_t *uid)
{
int val;
const char *userid;
*uid = -1;
if (virIdentityGetAttr(ident,
VIR_IDENTITY_ATTR_UNIX_USER_ID,
&userid) < 0)
return -1;
if (!userid)
return -1;
if (virStrToLong_i(userid, NULL, 10, &val) < 0)
return -1;
*uid = (uid_t)val;
return 0;
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentityGetGroupName(virIdentityPtr ident,
const char **groupname)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
return virIdentityGetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_GROUP_NAME,
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
groupname);
}
int virIdentityGetUNIXGroupID(virIdentityPtr ident,
gid_t *gid)
{
int val;
const char *groupid;
*gid = -1;
if (virIdentityGetAttr(ident,
VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
&groupid) < 0)
return -1;
if (!groupid)
return -1;
if (virStrToLong_i(groupid, NULL, 10, &val) < 0)
return -1;
*gid = (gid_t)val;
return 0;
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentityGetProcessID(virIdentityPtr ident,
pid_t *pid)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
unsigned long long val;
const char *processid;
*pid = 0;
if (virIdentityGetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_PROCESS_ID,
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
&processid) < 0)
return -1;
if (!processid)
return -1;
if (virStrToLong_ull(processid, NULL, 10, &val) < 0)
return -1;
*pid = (pid_t)val;
return 0;
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentityGetProcessTime(virIdentityPtr ident,
unsigned long long *timestamp)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
const char *processtime;
if (virIdentityGetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_PROCESS_TIME,
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
&processtime) < 0)
return -1;
if (!processtime)
return -1;
if (virStrToLong_ull(processtime, NULL, 10, timestamp) < 0)
return -1;
return 0;
}
int virIdentityGetSASLUserName(virIdentityPtr ident,
const char **username)
{
return virIdentityGetAttr(ident,
VIR_IDENTITY_ATTR_SASL_USER_NAME,
username);
}
int virIdentityGetX509DName(virIdentityPtr ident,
const char **dname)
{
return virIdentityGetAttr(ident,
VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
dname);
}
int virIdentityGetSELinuxContext(virIdentityPtr ident,
const char **context)
{
return virIdentityGetAttr(ident,
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
context);
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentitySetUserName(virIdentityPtr ident,
const char *username)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
return virIdentitySetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_USER_NAME,
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
username);
}
int virIdentitySetUNIXUserID(virIdentityPtr ident,
uid_t uid)
{
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
VIR_AUTOFREE(char *) val = NULL;
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
if (virAsprintf(&val, "%d", (int)uid) < 0)
return -1;
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return virIdentitySetAttr(ident,
util: Fix misaligned arguments and misaligned conditions for [if|while|...] This patch just fixes misaligned arguments and misaligned conditions of src/util/*.c. Signed-off-by: Shi Lei <shi_lei@massclouds.com>
2018-09-19 08:38:14 +00:00
VIR_IDENTITY_ATTR_UNIX_USER_ID,
val);
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentitySetGroupName(virIdentityPtr ident,
const char *groupname)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
return virIdentitySetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_GROUP_NAME,
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
groupname);
}
int virIdentitySetUNIXGroupID(virIdentityPtr ident,
gid_t gid)
{
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
VIR_AUTOFREE(char *) val = NULL;
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
if (virAsprintf(&val, "%d", (int)gid) < 0)
return -1;
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return virIdentitySetAttr(ident,
util: Fix misaligned arguments and misaligned conditions for [if|while|...] This patch just fixes misaligned arguments and misaligned conditions of src/util/*.c. Signed-off-by: Shi Lei <shi_lei@massclouds.com>
2018-09-19 08:38:14 +00:00
VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
val);
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentitySetProcessID(virIdentityPtr ident,
pid_t pid)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
VIR_AUTOFREE(char *) val = NULL;
src: Treat PID as signed This initially started as a fix of some debug printing in virCgroupDetect. However it turned out that other places suffer from the similar problem. While dealing with pids, esp. in cases where we cannot use pid_t for ABI stability reasons, we often chose an unsigned integer type. This makes no sense as pid_t is signed. Also, new syntax-check rule is introduced so we won't repeat this mistake. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-10-06 14:54:41 +00:00
if (virAsprintf(&val, "%lld", (long long) pid) < 0)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
return -1;
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return virIdentitySetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_PROCESS_ID,
util: Fix misaligned arguments and misaligned conditions for [if|while|...] This patch just fixes misaligned arguments and misaligned conditions of src/util/*.c. Signed-off-by: Shi Lei <shi_lei@massclouds.com>
2018-09-19 08:38:14 +00:00
val);
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
}
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
int virIdentitySetProcessTime(virIdentityPtr ident,
unsigned long long timestamp)
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
{
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
VIR_AUTOFREE(char *) val = NULL;
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
if (virAsprintf(&val, "%llu", timestamp) < 0)
return -1;
util: identity: use VIR_AUTOFREE instead of VIR_FREE for scalar types By making use of GNU C's cleanup attribute handled by the VIR_AUTOFREE macro for declaring scalar variables, majority of the VIR_FREE calls can be dropped, which in turn leads to getting rid of most of our cleanup sections. Signed-off-by: Sukrit Bhatnagar <skrtbhtngr@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-07-13 17:55:09 +00:00
return virIdentitySetAttr(ident,
util: change identity class attribute names Remove the "UNIX" tag from the names for user name, group name, process ID and process time, since these attributes are all usable for non-UNIX platforms like Windows. User ID and group ID are left with a "UNIX" tag, since there's no equivalent on Windows. The closest equivalent concept on Windows, SID, is a struct containing a number of integer fields, which is commonly represented in string format instead. This would require a separate attribute, and is left for a future exercise, since the daemons are not currently built on Windows anyway. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 10:59:15 +00:00
VIR_IDENTITY_ATTR_PROCESS_TIME,
util: Fix misaligned arguments and misaligned conditions for [if|while|...] This patch just fixes misaligned arguments and misaligned conditions of src/util/*.c. Signed-off-by: Shi Lei <shi_lei@massclouds.com>
2018-09-19 08:38:14 +00:00
val);
Add typesafe APIs for virIdentity attributes Instead of requiring the caller to format to/from strings, add typesafe APIs todo this work. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-22 15:43:35 +00:00
}
int virIdentitySetSASLUserName(virIdentityPtr ident,
const char *username)
{
return virIdentitySetAttr(ident,
VIR_IDENTITY_ATTR_SASL_USER_NAME,
username);
}
int virIdentitySetX509DName(virIdentityPtr ident,
const char *dname)
{
return virIdentitySetAttr(ident,
VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
dname);
}
int virIdentitySetSELinuxContext(virIdentityPtr ident,
const char *context)
{
return virIdentitySetAttr(ident,
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
context);
}
Reference in New Issue Copy Permalink