From f7df9856842c8c3fd7d52828a33fe396e1a56bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 20 Dec 2019 16:02:49 +0000 Subject: [PATCH] src: switch from fnmatch to g_pattern_match_simple MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The g_pattern_match function_simple is an acceptably close approximation of fnmatch for libvirt's needs. In contrast to fnmatch(), the '/' character can be matched by the wildcards, there are no '[...]' character ranges and '*' and '?' can not be escaped to include them literally in a pattern. Reviewed-by: Fabiano FidĂȘncio Signed-off-by: Daniel P. BerrangĂ© --- src/qemu/qemu_firmware.c | 4 +--- src/remote/libvirtd.conf.in | 8 ++++++-- src/rpc/virnetsaslcontext.c | 11 +---------- src/rpc/virnettlscontext.c | 10 +--------- src/util/virlog.c | 5 ++--- tests/virconfdata/libvirtd.conf | 8 ++++++-- tests/virconfdata/libvirtd.out | 8 ++++++-- tools/virt-login-shell-helper.c | 5 ++--- 8 files changed, 25 insertions(+), 34 deletions(-) diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c index f62ce90ac9..6a76d355f5 100644 --- a/src/qemu/qemu_firmware.c +++ b/src/qemu/qemu_firmware.c @@ -20,8 +20,6 @@ #include -#include - #include "qemu_firmware.h" #include "qemu_interop_config.h" #include "configmake.h" @@ -921,7 +919,7 @@ qemuFirmwareMatchesMachineArch(const qemuFirmware *fw, continue; for (j = 0; j < fw->targets[i]->nmachines; j++) { - if (fnmatch(fw->targets[i]->machines[j], machine, 0) == 0) + if (g_pattern_match_simple(fw->targets[i]->machines[j], machine)) return true; } } diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in index f984ce0478..34741183cc 100644 --- a/src/remote/libvirtd.conf.in +++ b/src/remote/libvirtd.conf.in @@ -262,7 +262,9 @@ # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" # -# See the POSIX fnmatch function for the format of the wildcards. +# See the g_pattern_match function for the format of the wildcards: +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks @@ -288,7 +290,9 @@ # # "*@EXAMPLE.COM" # -# See the POSIX fnmatch function for the format of the wildcards. +# See the g_pattern_match function for the format of the wildcards. +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c index 01ff41b778..e7ed8f4390 100644 --- a/src/rpc/virnetsaslcontext.c +++ b/src/rpc/virnetsaslcontext.c @@ -20,8 +20,6 @@ #include -#include - #include "virnetsaslcontext.h" #include "virnetmessage.h" @@ -155,17 +153,10 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, } while (*wildcards) { - int rv = fnmatch(*wildcards, identity, 0); - if (rv == 0) { + if (g_pattern_match_simple(*wildcards, identity)) { ret = 1; goto cleanup; /* Successful match */ } - if (rv != FNM_NOMATCH) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Malformed TLS whitelist regular expression '%s'"), - *wildcards); - goto cleanup; - } wildcards++; } diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 08944f6771..44f0dfce77 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -21,7 +21,6 @@ #include #include -#include #include #include @@ -361,15 +360,8 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname, const char *const*wildcards) { while (*wildcards) { - int ret = fnmatch(*wildcards, dname, 0); - if (ret == 0) /* Successful match */ + if (g_pattern_match_simple(*wildcards, dname)) return 1; - if (ret != FNM_NOMATCH) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Malformed TLS whitelist regular expression '%s'"), - *wildcards); - return -1; - } wildcards++; } diff --git a/src/util/virlog.c b/src/util/virlog.c index 6bae56e2e3..aa98024e1c 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -36,7 +36,6 @@ #if HAVE_SYS_UN_H # include #endif -#include #include "virerror.h" #include "virlog.h" @@ -488,7 +487,7 @@ virLogSourceUpdate(virLogSourcePtr source) size_t i; for (i = 0; i < virLogNbFilters; i++) { - if (fnmatch(virLogFilters[i]->match, source->name, 0) == 0) { + if (g_pattern_match_simple(virLogFilters[i]->match, source->name)) { priority = virLogFilters[i]->priority; break; } @@ -1338,7 +1337,7 @@ virLogFilterNew(const char *match, return NULL; } - /* We must treat 'foo' as equiv to '*foo*' for fnmatch + /* We must treat 'foo' as equiv to '*foo*' for g_pattern_match * todo substring matches, so add 2 extra bytes */ if (VIR_ALLOC_N_QUIET(mdup, mlen + 3) < 0) diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.conf index 602aa08d92..791d6c972b 100644 --- a/tests/virconfdata/libvirtd.conf +++ b/tests/virconfdata/libvirtd.conf @@ -183,7 +183,9 @@ tls_no_verify_certificate = 1 # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" # -# See the POSIX fnmatch function for the format of the wildcards. +# See the g_pattern_match function for the format of the wildcards. +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks @@ -200,7 +202,9 @@ tls_allowed_dn_list = ["DN1", "DN2"] # # "*@EXAMPLE.COM" # -# See the POSIX fnmatch function for the format of the wildcards. +# See the g_pattern_match function for the format of the wildcards. +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out index d3f2bd20a7..cfdd23fd21 100644 --- a/tests/virconfdata/libvirtd.out +++ b/tests/virconfdata/libvirtd.out @@ -147,7 +147,9 @@ tls_no_verify_certificate = 1 # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" # -# See the POSIX fnmatch function for the format of the wildcards. +# See the g_pattern_match function for the format of the wildcards. +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks @@ -162,7 +164,9 @@ tls_allowed_dn_list = [ "DN1", "DN2" ] # # "*@EXAMPLE.COM" # -# See the POSIX fnmatch function for the format of the wildcards. +# See the g_pattern_match function for the format of the wildcards. +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html # # NB If this is an empty list, no client can connect, so comment out # entirely rather than using empty list to disable these checks diff --git a/tools/virt-login-shell-helper.c b/tools/virt-login-shell-helper.c index cdd64d9a59..d9db883ee6 100644 --- a/tools/virt-login-shell-helper.c +++ b/tools/virt-login-shell-helper.c @@ -19,7 +19,6 @@ */ #include -#include #include #include #include @@ -67,14 +66,14 @@ static int virLoginShellAllowedUser(virConfPtr conf, for (i = 0; i < ngroups; i++) { if (!(gname = virGetGroupName(groups[i]))) continue; - if (fnmatch(entry, gname, 0) == 0) { + if (g_pattern_match_simple(entry, gname)) { ret = 0; goto cleanup; } VIR_FREE(gname); } } else { - if (fnmatch(entry, name, 0) == 0) { + if (g_pattern_match_simple(entry, name)) { ret = 0; goto cleanup; }