From: Pavithra Ramesh Date: Fri, 8 Feb 2013 20:37:18 +0000 (-0800) Subject: stream-unix: Use rundir as root for relative paths. X-Git-Tag: sliver-openvswitch-1.10.90-1~11^2~61 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;ds=sidebyside;h=2c487bc808ba6a4a297523f2c6b78ca3e358073a;p=sliver-openvswitch.git stream-unix: Use rundir as root for relative paths. Until now, "unix:" and "punix:" paths that are not absolute have been considered relative to the current working directory. It is more useful to consider them relative to the rundir, so this commit makes that change to the C and Python implementations of the stream code. This commit also relaxes the whitelist check in the bridge code so that any name that does not contain a "/" is considered OK. Signed-off-by: Pavithra Ramesh Signed-off-by: Ben Pfaff --- diff --git a/lib/stream-unix.c b/lib/stream-unix.c index 6ed7648bc..dbee135d9 100644 --- a/lib/stream-unix.c +++ b/lib/stream-unix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc. + * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ #include "packets.h" #include "poll-loop.h" #include "socket-util.h" +#include "dirs.h" #include "util.h" #include "stream-provider.h" #include "stream-fd.h" @@ -42,15 +43,19 @@ static int unix_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp OVS_UNUSED) { - const char *connect_path = suffix; + char *connect_path; int fd; + connect_path = abs_file_name(ovs_rundir(), suffix); fd = make_unix_socket(SOCK_STREAM, true, NULL, connect_path); + if (fd < 0) { VLOG_DBG("%s: connection failed (%s)", connect_path, strerror(-fd)); + free(connect_path); return -fd; } + free(connect_path); return new_fd_stream(name, fd, check_connection_completion(fd), streamp); } @@ -76,11 +81,14 @@ static int punix_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp, uint8_t dscp OVS_UNUSED) { + char *bind_path; int fd, error; - fd = make_unix_socket(SOCK_STREAM, true, suffix, NULL); + bind_path = abs_file_name(ovs_rundir(), suffix); + fd = make_unix_socket(SOCK_STREAM, true, bind_path, NULL); if (fd < 0) { - VLOG_ERR("%s: binding failed: %s", suffix, strerror(errno)); + VLOG_ERR("%s: binding failed: %s", bind_path, strerror(errno)); + free(bind_path); return errno; } @@ -88,11 +96,11 @@ punix_open(const char *name OVS_UNUSED, char *suffix, error = errno; VLOG_ERR("%s: listen: %s", name, strerror(error)); close(fd); + free(bind_path); return error; } - return new_fd_pstream(name, fd, punix_accept, NULL, - xstrdup(suffix), pstreamp); + return new_fd_pstream(name, fd, punix_accept, NULL, bind_path, pstreamp); } static int diff --git a/python/ovs/stream.py b/python/ovs/stream.py index c640ebf55..fb083eeeb 100644 --- a/python/ovs/stream.py +++ b/python/ovs/stream.py @@ -107,6 +107,8 @@ class Stream(object): return errno.EAFNOSUPPORT, None suffix = name.split(":", 1)[1] + if name.startswith("unix:"): + suffix = ovs.util.abs_file_name(ovs.dirs.RUNDIR, suffix) error, sock = cls._open(suffix, dscp) if error: return error, None @@ -282,6 +284,8 @@ class PassiveStream(object): return errno.EAFNOSUPPORT, None bind_path = name[6:] + if name.startswith("punix:"): + bind_path = ovs.util.abs_file_name(ovs.dirs.RUNDIR, bind_path) error, sock = ovs.socket_util.make_unix_socket(socket.SOCK_STREAM, True, bind_path, None) if error: diff --git a/tests/jsonrpc-py.at b/tests/jsonrpc-py.at index 3d3bd3b10..026d49aac 100644 --- a/tests/jsonrpc-py.at +++ b/tests/jsonrpc-py.at @@ -2,6 +2,7 @@ AT_BANNER([JSON-RPC - Python]) AT_SETUP([JSON-RPC request and successful reply - Python]) AT_SKIP_IF([test $HAVE_PYTHON = no]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket]) AT_CHECK([test -s pid]) AT_CHECK([kill -0 `cat pid`]) @@ -14,6 +15,7 @@ AT_CLEANUP AT_SETUP([JSON-RPC request and error reply - Python]) AT_SKIP_IF([test $HAVE_PYTHON = no]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket]) AT_CHECK([test -s pid]) AT_CHECK([kill -0 `cat pid`]) @@ -26,6 +28,7 @@ AT_CLEANUP AT_SETUP([JSON-RPC notification - Python]) AT_SKIP_IF([test $HAVE_PYTHON = no]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket]) AT_CHECK([test -s pid]) # When a daemon dies it deletes its pidfile, so make a copy. diff --git a/tests/jsonrpc.at b/tests/jsonrpc.at index 2a7f91b4f..664debe55 100644 --- a/tests/jsonrpc.at +++ b/tests/jsonrpc.at @@ -1,6 +1,7 @@ AT_BANNER([JSON-RPC - C]) AT_SETUP([JSON-RPC request and successful reply]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket]) AT_CHECK([test -s pid]) AT_CHECK([kill -0 `cat pid`]) @@ -12,6 +13,7 @@ AT_CHECK([kill `cat pid`]) AT_CLEANUP AT_SETUP([JSON-RPC request and error reply]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket]) AT_CHECK([test -s pid]) AT_CHECK([kill -0 `cat pid`]) @@ -23,6 +25,7 @@ AT_CHECK([kill `cat pid`]) AT_CLEANUP AT_SETUP([JSON-RPC notification]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket]) AT_CHECK([test -s pid]) # When a daemon dies it deletes its pidfile, so make a copy. diff --git a/tests/ovsdb-execution.at b/tests/ovsdb-execution.at index 6a3b5d157..eec2a04cd 100644 --- a/tests/ovsdb-execution.at +++ b/tests/ovsdb-execution.at @@ -138,6 +138,7 @@ m4_divert_pop([PREPARE_TESTS]) m4_define([OVSDB_CHECK_EXECUTION], [AT_SETUP([$1]) AT_KEYWORDS([ovsdb execute execution positive $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([test-ovsdb execute "`$2`" m4_foreach([txn], [$3], [ 'txn'])], [0], [stdout], []) AT_CHECK([perl $srcdir/uuidfilt.pl stdout], [0], [$4]) diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at index ce220107a..3c32e2f56 100644 --- a/tests/ovsdb-idl.at +++ b/tests/ovsdb-idl.at @@ -1,5 +1,6 @@ AT_BANNER([OVSDB -- interface description language (IDL)]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR # OVSDB_CHECK_IDL_C(TITLE, [PRE-IDL-TXN], TRANSACTIONS, OUTPUT, [KEYWORDS], # [FILTER]) # @@ -19,6 +20,7 @@ AT_BANNER([OVSDB -- interface description language (IDL)]) m4_define([OVSDB_CHECK_IDL_C], [AT_SETUP([$1 - C]) AT_KEYWORDS([ovsdb server idl positive $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema], [0], [stdout], [ignore]) AT_CHECK([ovsdb-server '-vPATTERN:console:ovsdb-server|%c|%m' --detach --no-chdir --pidfile="`pwd`"/pid --remote=punix:socket --unixctl="`pwd`"/unixctl db], [0], [ignore], [ignore]) @@ -36,6 +38,7 @@ m4_define([OVSDB_CHECK_IDL_PY], [AT_SETUP([$1 - Python]) AT_SKIP_IF([test $HAVE_PYTHON = no]) AT_KEYWORDS([ovsdb server idl positive Python $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema], [0], [stdout], [ignore]) AT_CHECK([ovsdb-server '-vPATTERN:console:ovsdb-server|%c|%m' --detach --no-chdir --pidfile="`pwd`"/pid --remote=punix:socket --unixctl="`pwd`"/unixctl db], [0], [ignore], [ignore]) @@ -53,6 +56,7 @@ m4_define([OVSDB_CHECK_IDL_TCP_PY], [AT_SETUP([$1 - Python tcp]) AT_SKIP_IF([test $HAVE_PYTHON = no]) AT_KEYWORDS([ovsdb server idl positive Python with tcp socket $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema], [0], [stdout], [ignore]) AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout]) diff --git a/tests/ovsdb-macros.at b/tests/ovsdb-macros.at index c1aa619c3..2aa752b04 100644 --- a/tests/ovsdb-macros.at +++ b/tests/ovsdb-macros.at @@ -2,7 +2,8 @@ dnl OVSDB_INIT([$1]) dnl dnl Creates an empty database named $1. m4_define([OVSDB_INIT], - [AT_CHECK( + [OVS_RUNDIR=`pwd`; export OVS_RUNDIR + AT_CHECK( [ovsdb-tool create $1 $abs_top_srcdir/vswitchd/vswitch.ovsschema], [0], [stdout], [ignore]) AT_CHECK( diff --git a/tests/ovsdb-monitor.at b/tests/ovsdb-monitor.at index 167b44c35..aff585426 100644 --- a/tests/ovsdb-monitor.at +++ b/tests/ovsdb-monitor.at @@ -19,6 +19,7 @@ AT_BANNER([OVSDB -- ovsdb-server monitors]) m4_define([OVSDB_CHECK_MONITOR], [AT_SETUP([$1]) AT_KEYWORDS([ovsdb server monitor positive $9]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR $2 > schema AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore]) m4_foreach([txn], [$3], diff --git a/tests/ovsdb-server.at b/tests/ovsdb-server.at index 6dcf2f5ef..62eae3824 100644 --- a/tests/ovsdb-server.at +++ b/tests/ovsdb-server.at @@ -21,6 +21,7 @@ m4_define([OVSDB_SERVER_SHUTDOWN], # TITLE is provided to AT_SETUP and KEYWORDS to AT_KEYWORDS. m4_define([OVSDB_CHECK_EXECUTION], [AT_SETUP([$1]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_KEYWORDS([ovsdb server positive unix $5]) $2 > schema AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore]) @@ -39,6 +40,7 @@ EXECUTION_EXAMPLES AT_SETUP([truncating corrupted database log]) AT_KEYWORDS([ovsdb server positive unix]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore]) dnl Do one transaction and save the output. @@ -85,6 +87,7 @@ AT_CLEANUP AT_SETUP([truncating database log with bad transaction]) AT_KEYWORDS([ovsdb server positive unix]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore]) dnl Do one transaction and save the output. @@ -132,6 +135,7 @@ AT_CLEANUP AT_SETUP([ovsdb-client get-schema-version]) AT_KEYWORDS([ovsdb server positive]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema AT_CHECK([ovsdb-tool create db schema], [0], [ignore], [ignore]) AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --unixctl="`pwd`"/unixctl --remote=punix:socket db], [0], [ignore], [ignore]) @@ -142,6 +146,7 @@ AT_CLEANUP AT_SETUP([database multiplexing implementation]) AT_KEYWORDS([ovsdb server positive]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema1 constraint_schema > schema2 AT_CHECK([ovsdb-tool create db1 schema1], [0], [ignore], [ignore]) @@ -280,6 +285,7 @@ AT_CLEANUP AT_SETUP([compacting online]) AT_KEYWORDS([ovsdb server compact]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema dnl Make sure that "ovsdb-tool create" works with a dangling symlink for dnl the database and the lockfile, creating the target of each symlink rather @@ -430,6 +436,7 @@ m4_define([OVSDB_CHECK_EXECUTION], [AT_SETUP([$1]) AT_KEYWORDS([ovsdb server positive ssl $5]) AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR $2 > schema AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout]) SSL_PORT=`cat stdout` @@ -479,6 +486,7 @@ AT_CLEANUP]) m4_define([OVSDB_CHECK_EXECUTION], [AT_SETUP([$1]) AT_KEYWORDS([ovsdb server positive tcp $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR $2 > schema AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout]) TCP_PORT=`cat stdout` @@ -519,6 +527,7 @@ AT_BANNER([OVSDB -- transactions on transient ovsdb-server]) m4_define([OVSDB_CHECK_EXECUTION], [AT_SETUP([$1]) AT_KEYWORDS([ovsdb server positive transient $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR $2 > schema AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore]) m4_foreach([txn], [$3], diff --git a/tests/ovsdb-tool.at b/tests/ovsdb-tool.at index e4f4a29e9..286d70083 100644 --- a/tests/ovsdb-tool.at +++ b/tests/ovsdb-tool.at @@ -16,6 +16,7 @@ AT_BANNER([OVSDB -- ovsdb-tool]) m4_define([OVSDB_CHECK_EXECUTION], [AT_SETUP([$1]) AT_KEYWORDS([ovsdb file positive $5]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR $2 > schema touch .db.~lock~ AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore]) @@ -48,6 +49,7 @@ AT_CLEANUP AT_SETUP([ovsdb-tool compact]) AT_KEYWORDS([ovsdb file positive]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema dnl Make sure that "ovsdb-tool create" works with a dangling symlink, dnl creating the target of the symlink rather than replacing the symlink @@ -155,6 +157,7 @@ AT_CLEANUP AT_SETUP([ovsdb-tool convert -- removing a column]) AT_KEYWORDS([ovsdb file positive]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR ordinal_schema > schema AT_DATA([new-schema], [[{"name": "ordinals", @@ -218,6 +221,7 @@ AT_CLEANUP AT_SETUP([ovsdb-tool convert -- adding a column]) AT_KEYWORDS([ovsdb file positive]) +OVS_RUNDIR=`pwd`; export OVS_RUNDIR AT_DATA([schema], [[{"name": "ordinals", "tables": { diff --git a/tests/vconn.at b/tests/vconn.at index ae095b00b..359f97adf 100644 --- a/tests/vconn.at +++ b/tests/vconn.at @@ -11,6 +11,7 @@ m4_define([TEST_VCONN_CLASS], [send-short-hello], [send-invalid-version-hello]], [AT_SETUP([$1 vconn - m4_bpatsubst(testname, [-], [ ])]) + OVS_RUNDIR=`pwd`; export OVS_RUNDIR m4_if([$1], [ssl], [ AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) AT_CHECK([cp $abs_top_builddir/tests/testpki*.pem .])]) diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index f5a436659..fdd7c6406 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -2799,8 +2799,10 @@ bridge_configure_remotes(struct bridge *br, if (!strncmp(c->target, "unix:", 5)) { /* Connect to a listening socket */ whitelist = xasprintf("unix:%s/", ovs_rundir()); - if (!equal_pathnames(c->target, whitelist, - strlen(whitelist))) { + if (strchr(c->target, '/') && + !equal_pathnames(c->target, whitelist, + strlen(whitelist))) { + /* Absolute path specified, but not in ovs_rundir */ VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket " "controller \"%s\" due to possibility for " "remote exploit. Instead, specify socket "