mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-13 19:25:13 +00:00
Expose ownership ID parsing
Parsing 'user:group' is useful even outside the DAC security driver, so expose the most abstract function which has no DAC security driver bits in itself.
This commit is contained in:
parent
3ceb4c7df6
commit
bba579b6e0
@ -2050,6 +2050,7 @@ virIsCapableVport;
|
|||||||
virIsDevMapperDevice;
|
virIsDevMapperDevice;
|
||||||
virManageVport;
|
virManageVport;
|
||||||
virParseNumber;
|
virParseNumber;
|
||||||
|
virParseOwnershipIds;
|
||||||
virParseVersionString;
|
virParseVersionString;
|
||||||
virPipeReadUntilEOF;
|
virPipeReadUntilEOF;
|
||||||
virReadFCHost;
|
virReadFCHost;
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
#include "virscsi.h"
|
#include "virscsi.h"
|
||||||
#include "virstoragefile.h"
|
#include "virstoragefile.h"
|
||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
|
#include "virutil.h"
|
||||||
|
|
||||||
#define VIR_FROM_THIS VIR_FROM_SECURITY
|
#define VIR_FROM_THIS VIR_FROM_SECURITY
|
||||||
#define SECURITY_DAC_NAME "dac"
|
#define SECURITY_DAC_NAME "dac"
|
||||||
@ -72,52 +73,6 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
|
|||||||
priv->dynamicOwnership = dynamicOwnership;
|
priv->dynamicOwnership = dynamicOwnership;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
|
||||||
parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
|
|
||||||
{
|
|
||||||
int rc = -1;
|
|
||||||
uid_t theuid;
|
|
||||||
gid_t thegid;
|
|
||||||
char *tmp_label = NULL;
|
|
||||||
char *sep = NULL;
|
|
||||||
char *owner = NULL;
|
|
||||||
char *group = NULL;
|
|
||||||
|
|
||||||
if (VIR_STRDUP(tmp_label, label) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
/* Split label */
|
|
||||||
sep = strchr(tmp_label, ':');
|
|
||||||
if (sep == NULL) {
|
|
||||||
virReportError(VIR_ERR_INVALID_ARG,
|
|
||||||
_("Missing separator ':' in DAC label \"%s\""),
|
|
||||||
label);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
*sep = '\0';
|
|
||||||
owner = tmp_label;
|
|
||||||
group = sep + 1;
|
|
||||||
|
|
||||||
/* Parse owner and group, error message is defined by
|
|
||||||
* virGetUserID or virGetGroupID.
|
|
||||||
*/
|
|
||||||
if (virGetUserID(owner, &theuid) < 0 ||
|
|
||||||
virGetGroupID(group, &thegid) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
if (uidPtr)
|
|
||||||
*uidPtr = theuid;
|
|
||||||
if (gidPtr)
|
|
||||||
*gidPtr = thegid;
|
|
||||||
|
|
||||||
rc = 0;
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
VIR_FREE(tmp_label);
|
|
||||||
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* returns 1 if label isn't found, 0 on success, -1 on error */
|
/* returns 1 if label isn't found, 0 on success, -1 on error */
|
||||||
static int
|
static int
|
||||||
virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
|
virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
|
||||||
@ -135,7 +90,7 @@ virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (parseIds(seclabel->label, &uid, &gid) < 0)
|
if (virParseOwnershipIds(seclabel->label, &uid, &gid) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (uidPtr)
|
if (uidPtr)
|
||||||
@ -206,7 +161,7 @@ virSecurityDACParseImageIds(virDomainDefPtr def,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (parseIds(seclabel->imagelabel, &uid, &gid) < 0)
|
if (virParseOwnershipIds(seclabel->imagelabel, &uid, &gid) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (uidPtr)
|
if (uidPtr)
|
||||||
|
@ -2017,3 +2017,59 @@ virCompareLimitUlong(unsigned long long a, unsigned long b)
|
|||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* virParseOwnershipIds:
|
||||||
|
*
|
||||||
|
* Parse the usual "uid:gid" ownership specification into uid_t and
|
||||||
|
* gid_t passed as parameters. NULL value for those parameters mean
|
||||||
|
* the information is not needed. Also, none of those values are
|
||||||
|
* changed in case of any error.
|
||||||
|
*
|
||||||
|
* Returns -1 on error, 0 otherwise.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
|
||||||
|
{
|
||||||
|
int rc = -1;
|
||||||
|
uid_t theuid;
|
||||||
|
gid_t thegid;
|
||||||
|
char *tmp_label = NULL;
|
||||||
|
char *sep = NULL;
|
||||||
|
char *owner = NULL;
|
||||||
|
char *group = NULL;
|
||||||
|
|
||||||
|
if (VIR_STRDUP(tmp_label, label) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
/* Split label */
|
||||||
|
sep = strchr(tmp_label, ':');
|
||||||
|
if (sep == NULL) {
|
||||||
|
virReportError(VIR_ERR_INVALID_ARG,
|
||||||
|
_("Failed to parse uid and gid from '%s'"),
|
||||||
|
label);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
*sep = '\0';
|
||||||
|
owner = tmp_label;
|
||||||
|
group = sep + 1;
|
||||||
|
|
||||||
|
/* Parse owner and group, error message is defined by
|
||||||
|
* virGetUserID or virGetGroupID.
|
||||||
|
*/
|
||||||
|
if (virGetUserID(owner, &theuid) < 0 ||
|
||||||
|
virGetGroupID(group, &thegid) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
if (uidPtr)
|
||||||
|
*uidPtr = theuid;
|
||||||
|
if (gidPtr)
|
||||||
|
*gidPtr = thegid;
|
||||||
|
|
||||||
|
rc = 0;
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
VIR_FREE(tmp_label);
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
@ -169,4 +169,6 @@ char *virFindFCHostCapableVport(const char *sysfs_prefix);
|
|||||||
|
|
||||||
int virCompareLimitUlong(unsigned long long a, unsigned long b);
|
int virCompareLimitUlong(unsigned long long a, unsigned long b);
|
||||||
|
|
||||||
|
int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
|
||||||
|
|
||||||
#endif /* __VIR_UTIL_H__ */
|
#endif /* __VIR_UTIL_H__ */
|
||||||
|
Loading…
Reference in New Issue
Block a user