[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] security: also parse user/group names instead of just IDs for DAC labels



The DAC driver is missing parsing of group and user names for DAC labels
and currently just parses uid and gid. This patch extends it to support
names, so the following security label definition is now valid:

  <seclabel type='static' model='dac' relabel='yes'>
      <label>qemu:qemu</label>
      <imagelabel>qemu:qemu</imagelabel>
  </seclabel>
---
 src/security/security_dac.c | 49 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 40 insertions(+), 9 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index be65d6e..7e11e31 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -66,28 +66,59 @@ void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
 }
 
 static
+int parseId(const char *str, unsigned int *id)
+{
+    char *endptr = NULL;
+
+    if (str == NULL || id == NULL)
+        return -1;
+
+    if (virStrToLong_ui(str, &endptr, 10, id) || endptr != NULL)
+        return -1;
+
+    return 0;
+}
+
+static
 int parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
 {
+    int rc = -1;
     unsigned int theuid;
     unsigned int thegid;
-    char *endptr = NULL;
+    char *sep = NULL;
+    char *tmp_label = NULL;
 
     if (label == NULL)
-        return -1;
+        goto done;
 
-    if (virStrToLong_ui(label, &endptr, 10, &theuid) ||
-        endptr == NULL || *endptr != ':') {
-        return -1;
-    }
+    tmp_label = strdup(label);
+    if (tmp_label == NULL)
+        goto done;
 
-    if (virStrToLong_ui(endptr + 1, NULL, 10, &thegid))
-        return -1;
+    sep = strchr(tmp_label, ':');
+    if (sep == NULL)
+        goto done;
+    *sep = '\0';
+
+    if (virGetUserID(tmp_label, &theuid) < 0 &&
+        parseId(tmp_label, &theuid) < 0)
+        goto done;
+
+    if (virGetGroupID(sep + 1, &thegid) < 0 &&
+        parseId(sep + 1, &thegid) < 0)
+        goto done;
 
     if (uidPtr)
         *uidPtr = theuid;
     if (gidPtr)
         *gidPtr = thegid;
-    return 0;
+
+    rc = 0;
+
+done:
+    VIR_FREE(tmp_label);
+
+    return rc;
 }
 
 /* returns 1 if label isn't found, 0 on success, -1 on error */
-- 
1.7.12


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]