[libvirt] [PATCH 2/2] security: update user and group parsing in security_dac.c
Peter Krempa
pkrempa at redhat.com
Mon Oct 8 12:11:26 UTC 2012
On 10/06/12 04:52, Marcelo Cerri wrote:
> The functions virGetUserID and virGetGroupID are now able to parse
> user/group names and IDs in a similar way to coreutils' chown. So, user
> and group parsing in security_dac can be simplified.
> ---
> src/security/security_dac.c | 40 ++++++++++------------------------------
> 1 file changed, 10 insertions(+), 30 deletions(-)
>
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index a427e9d..e976144 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -95,39 +95,19 @@ int parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
> group = sep + 1;
>
> /* Parse owner */
> - if (*owner == '+') {
> - if (virStrToLong_ui(++owner, NULL, 10, &theuid) < 0) {
> - virReportError(VIR_ERR_INVALID_ARG,
> - _("Invalid uid \"%s\" in DAC label \"%s\""),
> - owner, label);
> - goto cleanup;
> - }
> - } else {
> - if (virGetUserID(owner, &theuid) < 0 &&
> - virStrToLong_ui(owner, NULL, 10, &theuid) < 0) {
> - virReportError(VIR_ERR_INVALID_ARG,
> - _("Invalid owner \"%s\" in DAC label \"%s\""),
> - owner, label);
> - goto cleanup;
> - }
> + if (virGetUserID(owner, &theuid) < 0) {
> + virReportError(VIR_ERR_INVALID_ARG,
> + _("Invalid owner \"%s\" in DAC label \"%s\""),
> + owner, label);
> + goto cleanup;
> }
>
> /* Parse group */
> - if (*group == '+') {
> - if (virStrToLong_ui(++group, NULL, 10, &thegid) < 0) {
> - virReportError(VIR_ERR_INVALID_ARG,
> - _("Invalid gid \"%s\" in DAC label \"%s\""),
> - group, label);
> - goto cleanup;
> - }
> - } else {
> - if (virGetGroupID(group, &thegid) < 0 &&
> - virStrToLong_ui(group, NULL, 10, &thegid) < 0) {
> - virReportError(VIR_ERR_INVALID_ARG,
> - _("Invalid group \"%s\" in DAC label \"%s\""),
> - group, label);
> - goto cleanup;
> - }
> + if (virGetGroupID(group, &thegid) < 0) {
> + virReportError(VIR_ERR_INVALID_ARG,
> + _("Invalid group \"%s\" in DAC label \"%s\""),
> + group, label);
Hm, this will mask the errors from virGetGroupID that might be useful.
Should we remove this message in favor of the underlying messages or
have this that has more relevant information where to find the issue but
maybe mask the reason?
Any opinions?
> + goto cleanup;
> }
>
> if (uidPtr)
>
Peter
More information about the libvir-list
mailing list