Commit Graph

13 Commits

Author SHA1 Message Date
Ján Tomko
faf6edfa74 json: do not call json_tokener_free with NULL
Add an error message for the rare case if json_tokener_new
fails (allocation failure) and guard any use of json_tokener_free
where tok might be NULL (this was possible in libvirt-nss
when the json file could not be opened).

https://gitlab.com/libvirt/libvirt/-/issues/581

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Simon Pilkington
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
2024-11-04 12:15:10 +01:00
Ján Tomko
a8d828c88b nss: convert findLeases to use json-c
While the parsing is still done by 1K buffers, the results
are no longer filtered during the parsing, but the whole JSON
has to live in memory at once, which was also the case before
the NSS plugin dropped its dependency on libvirt_util.

Also, the new parser might be more forgiving of missing elements.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2024-09-24 08:24:00 +02:00
Michal Privoznik
7f463b4c0d nss: Compare hostname case insensitive
There are some tools that convert hostname to lowercase before
resolving it (e.g. ssh). In a way it makes sense because DNS is
case insensitive and in case of ssh the lowercase version is then
used to find matching record in its config file. However, our NSS
module performs case sensitive comparison, which makes it useless
with ssh. Just consider a machine named FooBar.

Therefore, switch to case insensitive string comparison.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1777873
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-05-27 13:43:14 +02:00
Michal Privoznik
7f93905e45 nss: handle leases with infinite expiry time
After v6.3.0-rc1~64 a lease can have infinite expiry time. This
means that the expiration time will appear as a value of zero.
Do the expiration check only if the expiration time is not zero.

Fixes: 97a0aa2467
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-04 15:33:31 +01:00
Michal Privoznik
de1ac5930a Don't pass NULL to yajl_free()
Unfortunately, yajl_free() is not NOP on NULL. It really does
expect a valid pointer. Therefore, check whether the pointer we
want to pass to it is NULL or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-03-30 16:11:13 +02:00
Michal Privoznik
d7dd4e1f89 nss: Don't fail on empty files
Before we rewrote nss plugin so that it doesn't use libvirt's
internal functions it used virLeaseReadCustomLeaseFile() to parse
.status files. After the rewrite it's using read() + yajl_parse()
+ yajl_complete_parse(). There's one catch though,
virLeaseReadCustomLeaseFile() skipped over empty files.

An empty .status file is created when a network is started. This
is because we configure dnsmasq to use our leasehelper. So the
first thing it does it calls it as follows:

  DNSMASQ_INTERFACE=virbr0 /usr/libexec/libvirt_leaseshelper init

which causes the leasehelper to create empty virbr0.status file.
If there is only one libvirt network then that is no problem -
there are no other .status files to parse anyway. But if there
are two or more networks then the first empty .status file causes
whole parsing process and subsequently the whole name lookup
process to fail.

Fixes: v5.7.0-rc1~343

Reported-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-11-28 15:37:41 +01:00
Michal Privoznik
b62ef64216 nss: Compare addresses iff their family matches
When parsing leases file, appendAddr() is called to append parsed
tuple (address, expiry time, family) into an array. Whilst doing
so, the array is searched for possible duplicate. This is done by
comparing each item of the array by passed @family: if @family is
AF_INET then the item is viewed as IPv4 address. Similarly, if
@family is AF_INET6 then the item is viewed as IPv6 address. This
is not exactly right - the array can contain addresses of both
families and thus the address family of each item of the array
must be considered.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-09-30 12:25:26 +02:00
Michal Privoznik
0dc84c347a nss: Don't leak memory on parse error
If yajl_parse() fails, we try to print an error message. For
that, yajl_get_error() is used. However, its documentation say
that caller is also responsible for freeing the memory it
allocates by using yajl_free_error().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 12:17:19 +02:00
Michal Privoznik
8be0ab638d nss: Don't stop parsing on unexpected key
Due to latest rewrite of NSS module, we are doing yajl parsing
ourselves. This means, we had to introduce couple of callback
that yajl calls. According to its documentation, a callback can
cancel parsing if it returns a zero value. Well, we do just that
in the string callback (findLeasesParserString()). If the JSON
file we are parsing contains a key that we are not interested in,
zero is returned meaning stop all parsing. This is not correct,
because the JSON file can contain some other keys which are not
harmful for our address translation (e.g. 'client-id').

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 12:17:19 +02:00
Daniel P. Berrangé
8242ce4f45 tools: avoid accidentally using files from gnulib
The AM_CPPFLAGS setting includes the gnulib headers, which
means we can get some replacement functions defined. Since
virt-login-shell and the NSS module intentionally don't link
to gnulib, these replacement functions causes link failures.

This was seen cross-compiling on Debian for example:

virt-login-shell.o: In function `main':
/builds/libvirt/libvirt/build/tools/../../tools/virt-login-shell.c:81: undefined reference to `rpl_strerror'
/builds/libvirt/libvirt/build/tools/../../tools/virt-login-shell.c:66: undefined reference to `rpl_strerror'
/builds/libvirt/libvirt/build/tools/../../tools/virt-login-shell.c:75: undefined reference to `rpl_strerror'

The only way to avoid these replacement gnulib headers is
to drop the -Ignulib/lib flags. We do still want to use
gnulib for configmake.h and intprops.h, but those can be
included via their full path.

We must also stop using internal.h, since that expects
-Ignulib/lib to be on the include path in order to resolve
the verify.h header.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-08 13:32:02 +01:00
Daniel P. Berrangé
8ee34c4ca8 nss: remove last usages of libvirt headers
Use the plain libc APIs to avoid a dependancy on the main libvirt
code from the nss module.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-07 16:54:02 +01:00
Daniel P. Berrangé
bb7c531911 nss: directly use getnameinfo/getaddrinfo
Use the plain libc socket APIs to avoid a dependancy on the main
libvirt code from the nss module.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-07 16:54:02 +01:00
Daniel P. Berrangé
18a4b2479a nss: custom parser for loading .leases file
The .leases file is currently loaded using the virLease class,
which in turn uses the virJSON parsing code. This pulls in a
heap of libvirt code (logging, hash tables, etc) which we do
not wish to depend on.

This uses the yajl parser code directly, so the only dep is
yajl and plain libc functions.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-07 16:54:02 +01:00