8:53 a.m.
The g_pattern_match function_simple is an acceptably close
approximation of fnmatch for libvirt's needs.
In contrast to fnmatch(), the '/' character can be matched
by the wildcards, there are no '[...]' character ranges and
'*' and '?' can not be escaped to include them literally in
a pattern.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_firmware.c | 4 +---
src/remote/libvirtd.conf.in | 8 ++++++--
src/rpc/virnetsaslcontext.c | 11 +----------
src/rpc/virnettlscontext.c | 10 +---------
src/util/virlog.c | 5 ++---
tests/virconfdata/libvirtd.conf | 8 ++++++--
tests/virconfdata/libvirtd.out | 8 ++++++--
tools/virt-login-shell-helper.c | 5 ++---
8 files changed, 25 insertions(+), 34 deletions(-)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index f62ce90ac9..6a76d355f5 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -20,8 +20,6 @@
#include <config.h>
-#include <fnmatch.h>
-
#include "qemu_firmware.h"
#include "qemu_interop_config.h"
#include "configmake.h"
@@ -921,7 +919,7 @@ qemuFirmwareMatchesMachineArch(const qemuFirmware *fw,
continue;
for (j = 0; j < fw->targets[i]->nmachines; j++) {
- if (fnmatch(fw->targets[i]->machines[j], machine, 0) == 0)
+ if (g_pattern_match_simple(fw->targets[i]->machines[j], machine))
return true;
}
}
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index f984ce0478..34741183cc 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -262,7 +262,9 @@
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
#
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards:
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching....
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
@@ -288,7 +290,9 @@
#
# "*(a)EXAMPLE.COM"
#
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching....
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
index 01ff41b778..e7ed8f4390 100644
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -20,8 +20,6 @@
#include <config.h>
-#include <fnmatch.h>
-
#include "virnetsaslcontext.h"
#include "virnetmessage.h"
@@ -155,17 +153,10 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
}
while (*wildcards) {
- int rv = fnmatch(*wildcards, identity, 0);
- if (rv == 0) {
+ if (g_pattern_match_simple(*wildcards, identity)) {
ret = 1;
goto cleanup; /* Successful match */
}
- if (rv != FNM_NOMATCH) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Malformed TLS whitelist regular expression
'%s'"),
- *wildcards);
- goto cleanup;
- }
wildcards++;
}
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 08944f6771..44f0dfce77 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -21,7 +21,6 @@
#include <config.h>
#include <unistd.h>
-#include <fnmatch.h>
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -361,15 +360,8 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname,
const char *const*wildcards)
{
while (*wildcards) {
- int ret = fnmatch(*wildcards, dname, 0);
- if (ret == 0) /* Successful match */
+ if (g_pattern_match_simple(*wildcards, dname))
return 1;
- if (ret != FNM_NOMATCH) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Malformed TLS whitelist regular expression
'%s'"),
- *wildcards);
- return -1;
- }
wildcards++;
}
diff --git a/src/util/virlog.c b/src/util/virlog.c
index 6bae56e2e3..aa98024e1c 100644
--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@@ -36,7 +36,6 @@
#if HAVE_SYS_UN_H
# include <sys/un.h>
#endif
-#include <fnmatch.h>
#include "virerror.h"
#include "virlog.h"
@@ -488,7 +487,7 @@ virLogSourceUpdate(virLogSourcePtr source)
size_t i;
for (i = 0; i < virLogNbFilters; i++) {
- if (fnmatch(virLogFilters[i]->match, source->name, 0) == 0) {
+ if (g_pattern_match_simple(virLogFilters[i]->match, source->name)) {
priority = virLogFilters[i]->priority;
break;
}
@@ -1338,7 +1337,7 @@ virLogFilterNew(const char *match,
return NULL;
}
- /* We must treat 'foo' as equiv to '*foo*' for fnmatch
+ /* We must treat 'foo' as equiv to '*foo*' for g_pattern_match
* todo substring matches, so add 2 extra bytes
*/
if (VIR_ALLOC_N_QUIET(mdup, mlen + 3) < 0)
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.conf
index 602aa08d92..791d6c972b 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -183,7 +183,9 @@ tls_no_verify_certificate = 1
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
#
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching....
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
@@ -200,7 +202,9 @@ tls_allowed_dn_list = ["DN1", "DN2"]
#
# "*(a)EXAMPLE.COM"
#
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching....
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index d3f2bd20a7..cfdd23fd21 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -147,7 +147,9 @@ tls_no_verify_certificate = 1
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
#
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching....
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
@@ -162,7 +164,9 @@ tls_allowed_dn_list = [ "DN1", "DN2" ]
#
# "*(a)EXAMPLE.COM"
#
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching....
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
diff --git a/tools/virt-login-shell-helper.c b/tools/virt-login-shell-helper.c
index 87735833d9..e3aefc2c06 100644
--- a/tools/virt-login-shell-helper.c
+++ b/tools/virt-login-shell-helper.c
@@ -19,7 +19,6 @@
*/
#include <config.h>
-#include <fnmatch.h>
#include <getopt.h>
#include <signal.h>
#include <stdarg.h>
@@ -67,14 +66,14 @@ static int virLoginShellAllowedUser(virConfPtr conf,
for (i = 0; i < ngroups; i++) {
if (!(gname = virGetGroupName(groups[i])))
continue;
- if (fnmatch(entry, gname, 0) == 0) {
+ if (g_pattern_match_simple(entry, gname)) {
ret = 0;
goto cleanup;
}
VIR_FREE(gname);
}
} else {
- if (fnmatch(entry, name, 0) == 0) {
+ if (g_pattern_match_simple(entry, name)) {
ret = 0;
goto cleanup;
}
--
2.24.1