12:11 p.m.
We'll shortly be exposing the identity as virTypedParameter in the
public header, so it simplifies life to use that as the internal
representation too.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt_private.syms | 1 -
src/util/viridentity.c | 385 ++++++++++++++++++---------------------
src/util/viridentity.h | 6 -
tests/viridentitytest.c | 62 +------
4 files changed, 180 insertions(+), 274 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c7fb8c94e4..d42a939f5d 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2147,7 +2147,6 @@ virIdentityGetSASLUserName;
virIdentityGetSELinuxContext;
virIdentityGetSystem;
virIdentityGetX509DName;
-virIdentityIsEqual;
virIdentityNew;
virIdentitySetCurrent;
virIdentitySetOSGroupID;
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index fe0c416bba..5324400650 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -41,24 +41,12 @@
VIR_LOG_INIT("util.identity");
-typedef enum {
- VIR_IDENTITY_ATTR_OS_USER_NAME,
- VIR_IDENTITY_ATTR_OS_USER_ID,
- VIR_IDENTITY_ATTR_OS_GROUP_NAME,
- VIR_IDENTITY_ATTR_OS_GROUP_ID,
- VIR_IDENTITY_ATTR_OS_PROCESS_ID,
- VIR_IDENTITY_ATTR_OS_PROCESS_TIME,
- VIR_IDENTITY_ATTR_SASL_USER_NAME,
- VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
- VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
-
- VIR_IDENTITY_ATTR_LAST,
-} virIdentityAttrType;
-
struct _virIdentity {
virObject parent;
- char *attrs[VIR_IDENTITY_ATTR_LAST];
+ int nparams;
+ int maxparams;
+ virTypedParameterPtr params;
};
static virClassPtr virIdentityClass;
@@ -188,6 +176,7 @@ virIdentityPtr virIdentityGetSystem(void)
_("Unable to lookup SELinux process
context"));
return ret;
}
+ VIR_DEBUG("Set con %s", con);
if (virIdentitySetSELinuxContext(ret, con) < 0) {
freecon(con);
goto error;
@@ -229,131 +218,38 @@ virIdentityPtr virIdentityNew(void)
static void virIdentityDispose(void *object)
{
virIdentityPtr ident = object;
- size_t i;
- for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++)
- VIR_FREE(ident->attrs[i]);
-}
-
-
-/**
- * virIdentitySetAttr:
- * @ident: the identity to modify
- * @attr: the attribute type to set
- * @value: the identifying value to associate with @attr
- *
- * Sets an identifying attribute @attr on @ident. Each
- * @attr type can only be set once.
- *
- * Returns: 0 on success, or -1 on error
- */
-static int
-virIdentitySetAttr(virIdentityPtr ident,
- unsigned int attr,
- const char *value)
-{
- int ret = -1;
- VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value);
-
- if (ident->attrs[attr]) {
- virReportError(VIR_ERR_OPERATION_DENIED, "%s",
- _("Identity attribute is already set"));
- goto cleanup;
- }
-
- if (VIR_STRDUP(ident->attrs[attr], value) < 0)
- goto cleanup;
-
- ret = 0;
-
- cleanup:
- return ret;
-}
-
-
-/**
- * virIdentityGetAttr:
- * @ident: the identity to query
- * @attr: the attribute to read
- * @value: filled with the attribute value
- *
- * Fills @value with a pointer to the value associated
- * with the identifying attribute @attr in @ident. If
- * @attr is not set, then it will simply be initialized
- * to NULL and considered as a successful read
- *
- * Returns 0 on success, -1 on error
- */
-static int
-virIdentityGetAttr(virIdentityPtr ident,
- unsigned int attr,
- const char **value)
-{
- VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value);
-
- *value = ident->attrs[attr];
-
- return 0;
-}
-
-
-/**
- * virIdentityIsEqual:
- * @identA: the first identity
- * @identB: the second identity
- *
- * Compares every attribute in @identA and @identB
- * to determine if they refer to the same identity
- *
- * Returns true if they are equal, false if not equal
- */
-bool virIdentityIsEqual(virIdentityPtr identA,
- virIdentityPtr identB)
-{
- bool ret = false;
- size_t i;
- VIR_DEBUG("identA=%p identB=%p", identA, identB);
-
- for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++) {
- if (STRNEQ_NULLABLE(identA->attrs[i],
- identB->attrs[i]))
- goto cleanup;
- }
-
- ret = true;
- cleanup:
- return ret;
+ virTypedParamsFree(ident->params, ident->nparams);
}
int virIdentityGetOSUserName(virIdentityPtr ident,
const char **username)
{
- return virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_OS_USER_NAME,
- username);
+ return virTypedParamsGetString(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_USER_NAME,
+ username);
}
int virIdentityGetOSUserID(virIdentityPtr ident,
uid_t *uid)
{
- int val;
- const char *userid;
+ unsigned long long val;
+ int ret;
*uid = -1;
- if (virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_OS_USER_ID,
- &userid) < 0)
- return -1;
-
- if (!userid)
- return -1;
- if (virStrToLong_i(userid, NULL, 10, &val) < 0)
+ ret = virTypedParamsGetULLong(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_USER_ID,
+ &val);
+ if (ret < 0)
return -1;
- *uid = (uid_t)val;
+ if (ret == 1)
+ *uid = (uid_t)val;
return 0;
}
@@ -361,31 +257,32 @@ int virIdentityGetOSUserID(virIdentityPtr ident,
int virIdentityGetOSGroupName(virIdentityPtr ident,
const char **groupname)
{
- return virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_OS_GROUP_NAME,
- groupname);
+ *groupname = NULL;
+ if (virTypedParamsGetString(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_GROUP_NAME,
+ groupname) < 0)
+ return -1;
+ return 0;
}
int virIdentityGetOSGroupID(virIdentityPtr ident,
gid_t *gid)
{
- int val;
- const char *groupid;
+ int ret;
+ unsigned long long val;
*gid = -1;
- if (virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_OS_GROUP_ID,
- &groupid) < 0)
+ ret = virTypedParamsGetULLong(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_GROUP_ID,
+ &val);
+ if (ret < 0)
return -1;
- if (!groupid)
- return -1;
-
- if (virStrToLong_i(groupid, NULL, 10, &val) < 0)
- return -1;
-
- *gid = (gid_t)val;
+ if (ret == 1)
+ *gid = (gid_t)val;
return 0;
}
@@ -394,22 +291,19 @@ int virIdentityGetOSGroupID(virIdentityPtr ident,
int virIdentityGetOSProcessID(virIdentityPtr ident,
pid_t *pid)
{
- unsigned long long val;
- const char *processid;
+ int ret;
+ long long val;
*pid = 0;
- if (virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_OS_PROCESS_ID,
- &processid) < 0)
- return -1;
-
- if (!processid)
+ ret = virTypedParamsGetLLong(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_PROCESS_ID,
+ &val);
+ if (ret < 0)
return -1;
- if (virStrToLong_ull(processid, NULL, 10, &val) < 0)
- return -1;
-
- *pid = (pid_t)val;
+ if (ret == 1)
+ *pid = (gid_t)val;
return 0;
}
@@ -418,16 +312,11 @@ int virIdentityGetOSProcessID(virIdentityPtr ident,
int virIdentityGetOSProcessTime(virIdentityPtr ident,
unsigned long long *timestamp)
{
- const char *processtime;
- if (virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_OS_PROCESS_TIME,
- &processtime) < 0)
- return -1;
-
- if (!processtime)
- return -1;
-
- if (virStrToLong_ull(processtime, NULL, 10, timestamp) < 0)
+ *timestamp = 0;
+ if (virTypedParamsGetULLong(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_PROCESS_TIME,
+ timestamp) < 0)
return -1;
return 0;
@@ -437,101 +326,153 @@ int virIdentityGetOSProcessTime(virIdentityPtr ident,
int virIdentityGetSASLUserName(virIdentityPtr ident,
const char **username)
{
- return virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_SASL_USER_NAME,
- username);
+ *username = NULL;
+ if (virTypedParamsGetString(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_SASL_USER_NAME,
+ username) < 0)
+ return -1;
+ return 0;
}
int virIdentityGetX509DName(virIdentityPtr ident,
const char **dname)
{
- return virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
- dname);
+ *dname = NULL;
+ if (virTypedParamsGetString(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME,
+ dname) < 0)
+ return -1;
+ return 0;
}
int virIdentityGetSELinuxContext(virIdentityPtr ident,
const char **context)
{
- return virIdentityGetAttr(ident,
- VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
- context);
+ *context = NULL;
+ if (virTypedParamsGetString(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
+ context) < 0)
+ return -1;
+ return 0;
}
int virIdentitySetOSUserName(virIdentityPtr ident,
const char *username)
{
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_OS_USER_NAME,
- username);
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_USER_NAME)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
+ return -1;
+ }
+
+ return virTypedParamsAddString(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_OS_USER_NAME,
+ username);
}
int virIdentitySetOSUserID(virIdentityPtr ident,
uid_t uid)
{
- VIR_AUTOFREE(char *) val = NULL;
-
- if (virAsprintf(&val, "%d", (int)uid) < 0)
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_USER_ID)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
return -1;
+ }
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_OS_USER_ID,
- val);
+ return virTypedParamsAddULLong(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_OS_USER_ID,
+ uid);
}
int virIdentitySetOSGroupName(virIdentityPtr ident,
const char *groupname)
{
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_OS_GROUP_NAME,
- groupname);
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_GROUP_NAME)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
+ return -1;
+ }
+
+ return virTypedParamsAddString(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_OS_GROUP_NAME,
+ groupname);
}
int virIdentitySetOSGroupID(virIdentityPtr ident,
gid_t gid)
{
- VIR_AUTOFREE(char *) val = NULL;
-
- if (virAsprintf(&val, "%d", (int)gid) < 0)
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_GROUP_ID)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
return -1;
+ }
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_OS_GROUP_ID,
- val);
+ return virTypedParamsAddULLong(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_OS_GROUP_ID,
+ gid);
}
int virIdentitySetOSProcessID(virIdentityPtr ident,
pid_t pid)
{
- VIR_AUTOFREE(char *) val = NULL;
-
- if (virAsprintf(&val, "%lld", (long long) pid) < 0)
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_PROCESS_ID)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
return -1;
+ }
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_OS_PROCESS_ID,
- val);
+ return virTypedParamsAddLLong(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_OS_PROCESS_ID,
+ pid);
}
int virIdentitySetOSProcessTime(virIdentityPtr ident,
unsigned long long timestamp)
{
- VIR_AUTOFREE(char *) val = NULL;
-
- if (virAsprintf(&val, "%llu", timestamp) < 0)
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_OS_PROCESS_TIME)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
return -1;
+ }
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_OS_PROCESS_TIME,
- val);
+ return virTypedParamsAddULLong(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_OS_PROCESS_TIME,
+ timestamp);
}
@@ -539,25 +480,55 @@ int virIdentitySetOSProcessTime(virIdentityPtr ident,
int virIdentitySetSASLUserName(virIdentityPtr ident,
const char *username)
{
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_SASL_USER_NAME,
- username);
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_SASL_USER_NAME)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
+ return -1;
+ }
+
+ return virTypedParamsAddString(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_SASL_USER_NAME,
+ username);
}
int virIdentitySetX509DName(virIdentityPtr ident,
const char *dname)
{
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
- dname);
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
+ return -1;
+ }
+
+ return virTypedParamsAddString(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME,
+ dname);
}
int virIdentitySetSELinuxContext(virIdentityPtr ident,
const char *context)
{
- return virIdentitySetAttr(ident,
- VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
- context);
+ if (virTypedParamsGet(ident->params,
+ ident->nparams,
+ VIR_CONNECT_IDENTITY_SELINUX_CONTEXT)) {
+ virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+ _("Identity attribute is already set"));
+ return -1;
+ }
+
+ return virTypedParamsAddString(&ident->params,
+ &ident->nparams,
+ &ident->maxparams,
+ VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
+ context);
}
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 0925b740d9..6dc0393810 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -33,12 +33,6 @@ virIdentityPtr virIdentityGetSystem(void);
virIdentityPtr virIdentityNew(void);
-
-bool virIdentityIsEqual(virIdentityPtr identA,
- virIdentityPtr identB)
- ATTRIBUTE_NONNULL(1)
- ATTRIBUTE_NONNULL(2);
-
int virIdentityGetOSUserName(virIdentityPtr ident,
const char **username);
int virIdentityGetOSUserID(virIdentityPtr ident,
diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c
index e57b68ec43..ba85c90d6c 100644
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@@ -85,63 +85,6 @@ static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED)
}
-static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED)
-{
- int ret = -1;
- virIdentityPtr identa = NULL;
- virIdentityPtr identb = NULL;
-
- if (!(identa = virIdentityNew()))
- goto cleanup;
- if (!(identb = virIdentityNew()))
- goto cleanup;
-
- if (!virIdentityIsEqual(identa, identb)) {
- VIR_DEBUG("Empty identities were not equal");
- goto cleanup;
- }
-
- if (virIdentitySetOSUserName(identa, "fred") < 0)
- goto cleanup;
-
- if (virIdentityIsEqual(identa, identb)) {
- VIR_DEBUG("Mis-matched identities should not be equal");
- goto cleanup;
- }
-
- if (virIdentitySetOSUserName(identb, "fred") < 0)
- goto cleanup;
-
- if (!virIdentityIsEqual(identa, identb)) {
- VIR_DEBUG("Matched identities were not equal");
- goto cleanup;
- }
-
- if (virIdentitySetOSGroupName(identa, "flintstone") < 0)
- goto cleanup;
- if (virIdentitySetOSGroupName(identb, "flintstone") < 0)
- goto cleanup;
-
- if (!virIdentityIsEqual(identa, identb)) {
- VIR_DEBUG("Matched identities were not equal");
- goto cleanup;
- }
-
- if (virIdentitySetSASLUserName(identb, "fred(a)FLINTSTONE.COM") < 0)
- goto cleanup;
-
- if (virIdentityIsEqual(identa, identb)) {
- VIR_DEBUG("Mis-matched identities should not be equal");
- goto cleanup;
- }
-
- ret = 0;
- cleanup:
- virObjectUnref(identa);
- virObjectUnref(identb);
- return ret;
-}
-
static int testIdentityGetSystem(const void *data)
{
const char *context = data;
@@ -166,7 +109,8 @@ static int testIdentityGetSystem(const void *data)
goto cleanup;
if (STRNEQ_NULLABLE(val, context)) {
- VIR_DEBUG("Unexpected SELinux context attribute");
+ VIR_DEBUG("Unexpected SELinux context attribute '%s' !=
'%s'",
+ val, context);
goto cleanup;
}
@@ -204,8 +148,6 @@ mymain(void)
if (virTestRun("Identity attributes ", testIdentityAttrs, NULL) < 0)
ret = -1;
- if (virTestRun("Identity equality ", testIdentityEqual, NULL) < 0)
- ret = -1;
if (virTestRun("Setting fake SELinux context ", testSetFakeSELinuxContext,
context) < 0)
ret = -1;
if (virTestRun("System identity (fake SELinux enabled) ",
testIdentityGetSystem, context) < 0)
--
2.21.0