Until now, "unix:" and "punix:" paths that are not absolute have
been considered relative to the current working directory. It
is more useful to consider them relative to the rundir, so this
commit makes that change to the C and Python implementations of
the stream code.
This commit also relaxes the whitelist check in the bridge code
so that any name that does not contain a "/" is considered OK.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
12 files changed:
- * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "packets.h"
#include "poll-loop.h"
#include "socket-util.h"
#include "packets.h"
#include "poll-loop.h"
#include "socket-util.h"
#include "util.h"
#include "stream-provider.h"
#include "stream-fd.h"
#include "util.h"
#include "stream-provider.h"
#include "stream-fd.h"
unix_open(const char *name, char *suffix, struct stream **streamp,
uint8_t dscp OVS_UNUSED)
{
unix_open(const char *name, char *suffix, struct stream **streamp,
uint8_t dscp OVS_UNUSED)
{
- const char *connect_path = suffix;
+ connect_path = abs_file_name(ovs_rundir(), suffix);
fd = make_unix_socket(SOCK_STREAM, true, NULL, connect_path);
fd = make_unix_socket(SOCK_STREAM, true, NULL, connect_path);
if (fd < 0) {
VLOG_DBG("%s: connection failed (%s)", connect_path, strerror(-fd));
if (fd < 0) {
VLOG_DBG("%s: connection failed (%s)", connect_path, strerror(-fd));
return new_fd_stream(name, fd, check_connection_completion(fd), streamp);
}
return new_fd_stream(name, fd, check_connection_completion(fd), streamp);
}
punix_open(const char *name OVS_UNUSED, char *suffix,
struct pstream **pstreamp, uint8_t dscp OVS_UNUSED)
{
punix_open(const char *name OVS_UNUSED, char *suffix,
struct pstream **pstreamp, uint8_t dscp OVS_UNUSED)
{
- fd = make_unix_socket(SOCK_STREAM, true, suffix, NULL);
+ bind_path = abs_file_name(ovs_rundir(), suffix);
+ fd = make_unix_socket(SOCK_STREAM, true, bind_path, NULL);
- VLOG_ERR("%s: binding failed: %s", suffix, strerror(errno));
+ VLOG_ERR("%s: binding failed: %s", bind_path, strerror(errno));
+ free(bind_path);
error = errno;
VLOG_ERR("%s: listen: %s", name, strerror(error));
close(fd);
error = errno;
VLOG_ERR("%s: listen: %s", name, strerror(error));
close(fd);
- return new_fd_pstream(name, fd, punix_accept, NULL,
- xstrdup(suffix), pstreamp);
+ return new_fd_pstream(name, fd, punix_accept, NULL, bind_path, pstreamp);
return errno.EAFNOSUPPORT, None
suffix = name.split(":", 1)[1]
return errno.EAFNOSUPPORT, None
suffix = name.split(":", 1)[1]
+ if name.startswith("unix:"):
+ suffix = ovs.util.abs_file_name(ovs.dirs.RUNDIR, suffix)
error, sock = cls._open(suffix, dscp)
if error:
return error, None
error, sock = cls._open(suffix, dscp)
if error:
return error, None
return errno.EAFNOSUPPORT, None
bind_path = name[6:]
return errno.EAFNOSUPPORT, None
bind_path = name[6:]
+ if name.startswith("punix:"):
+ bind_path = ovs.util.abs_file_name(ovs.dirs.RUNDIR, bind_path)
error, sock = ovs.socket_util.make_unix_socket(socket.SOCK_STREAM,
True, bind_path, None)
if error:
error, sock = ovs.socket_util.make_unix_socket(socket.SOCK_STREAM,
True, bind_path, None)
if error:
AT_SETUP([JSON-RPC request and successful reply - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_SETUP([JSON-RPC request and successful reply - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_SETUP([JSON-RPC request and error reply - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_SETUP([JSON-RPC request and error reply - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_SETUP([JSON-RPC notification - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_SETUP([JSON-RPC notification - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket])
AT_CHECK([test -s pid])
# When a daemon dies it deletes its pidfile, so make a copy.
AT_CHECK([$PYTHON $srcdir/test-jsonrpc.py --detach --pidfile=`pwd`/pid listen punix:socket])
AT_CHECK([test -s pid])
# When a daemon dies it deletes its pidfile, so make a copy.
AT_BANNER([JSON-RPC - C])
AT_SETUP([JSON-RPC request and successful reply])
AT_BANNER([JSON-RPC - C])
AT_SETUP([JSON-RPC request and successful reply])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_CLEANUP
AT_SETUP([JSON-RPC request and error reply])
AT_CLEANUP
AT_SETUP([JSON-RPC request and error reply])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket])
AT_CHECK([test -s pid])
AT_CHECK([kill -0 `cat pid`])
AT_CLEANUP
AT_SETUP([JSON-RPC notification])
AT_CLEANUP
AT_SETUP([JSON-RPC notification])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket])
AT_CHECK([test -s pid])
# When a daemon dies it deletes its pidfile, so make a copy.
AT_CHECK([test-jsonrpc --detach --no-chdir --pidfile="`pwd`"/pid listen punix:socket])
AT_CHECK([test -s pid])
# When a daemon dies it deletes its pidfile, so make a copy.
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb execute execution positive $5])
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb execute execution positive $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([test-ovsdb execute "`$2`" m4_foreach([txn], [$3], [ 'txn'])],
[0], [stdout], [])
AT_CHECK([perl $srcdir/uuidfilt.pl stdout], [0], [$4])
AT_CHECK([test-ovsdb execute "`$2`" m4_foreach([txn], [$3], [ 'txn'])],
[0], [stdout], [])
AT_CHECK([perl $srcdir/uuidfilt.pl stdout], [0], [$4])
AT_BANNER([OVSDB -- interface description language (IDL)])
AT_BANNER([OVSDB -- interface description language (IDL)])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
# OVSDB_CHECK_IDL_C(TITLE, [PRE-IDL-TXN], TRANSACTIONS, OUTPUT, [KEYWORDS],
# [FILTER])
#
# OVSDB_CHECK_IDL_C(TITLE, [PRE-IDL-TXN], TRANSACTIONS, OUTPUT, [KEYWORDS],
# [FILTER])
#
m4_define([OVSDB_CHECK_IDL_C],
[AT_SETUP([$1 - C])
AT_KEYWORDS([ovsdb server idl positive $5])
m4_define([OVSDB_CHECK_IDL_C],
[AT_SETUP([$1 - C])
AT_KEYWORDS([ovsdb server idl positive $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema],
[0], [stdout], [ignore])
AT_CHECK([ovsdb-server '-vPATTERN:console:ovsdb-server|%c|%m' --detach --no-chdir --pidfile="`pwd`"/pid --remote=punix:socket --unixctl="`pwd`"/unixctl db], [0], [ignore], [ignore])
AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema],
[0], [stdout], [ignore])
AT_CHECK([ovsdb-server '-vPATTERN:console:ovsdb-server|%c|%m' --detach --no-chdir --pidfile="`pwd`"/pid --remote=punix:socket --unixctl="`pwd`"/unixctl db], [0], [ignore], [ignore])
[AT_SETUP([$1 - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_KEYWORDS([ovsdb server idl positive Python $5])
[AT_SETUP([$1 - Python])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_KEYWORDS([ovsdb server idl positive Python $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema],
[0], [stdout], [ignore])
AT_CHECK([ovsdb-server '-vPATTERN:console:ovsdb-server|%c|%m' --detach --no-chdir --pidfile="`pwd`"/pid --remote=punix:socket --unixctl="`pwd`"/unixctl db], [0], [ignore], [ignore])
AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema],
[0], [stdout], [ignore])
AT_CHECK([ovsdb-server '-vPATTERN:console:ovsdb-server|%c|%m' --detach --no-chdir --pidfile="`pwd`"/pid --remote=punix:socket --unixctl="`pwd`"/unixctl db], [0], [ignore], [ignore])
[AT_SETUP([$1 - Python tcp])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_KEYWORDS([ovsdb server idl positive Python with tcp socket $5])
[AT_SETUP([$1 - Python tcp])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_KEYWORDS([ovsdb server idl positive Python with tcp socket $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema],
[0], [stdout], [ignore])
AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout])
AT_CHECK([ovsdb-tool create db $abs_srcdir/idltest.ovsschema],
[0], [stdout], [ignore])
AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout])
dnl
dnl Creates an empty database named $1.
m4_define([OVSDB_INIT],
dnl
dnl Creates an empty database named $1.
m4_define([OVSDB_INIT],
+ [OVS_RUNDIR=`pwd`; export OVS_RUNDIR
+ AT_CHECK(
[ovsdb-tool create $1 $abs_top_srcdir/vswitchd/vswitch.ovsschema],
[0], [stdout], [ignore])
AT_CHECK(
[ovsdb-tool create $1 $abs_top_srcdir/vswitchd/vswitch.ovsschema],
[0], [stdout], [ignore])
AT_CHECK(
m4_define([OVSDB_CHECK_MONITOR],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server monitor positive $9])
m4_define([OVSDB_CHECK_MONITOR],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server monitor positive $9])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
$2 > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
m4_foreach([txn], [$3],
$2 > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
m4_foreach([txn], [$3],
# TITLE is provided to AT_SETUP and KEYWORDS to AT_KEYWORDS.
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
# TITLE is provided to AT_SETUP and KEYWORDS to AT_KEYWORDS.
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_KEYWORDS([ovsdb server positive unix $5])
$2 > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
AT_KEYWORDS([ovsdb server positive unix $5])
$2 > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
\f
AT_SETUP([truncating corrupted database log])
AT_KEYWORDS([ovsdb server positive unix])
\f
AT_SETUP([truncating corrupted database log])
AT_KEYWORDS([ovsdb server positive unix])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
dnl Do one transaction and save the output.
ordinal_schema > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
dnl Do one transaction and save the output.
AT_SETUP([truncating database log with bad transaction])
AT_KEYWORDS([ovsdb server positive unix])
AT_SETUP([truncating database log with bad transaction])
AT_KEYWORDS([ovsdb server positive unix])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
dnl Do one transaction and save the output.
ordinal_schema > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
dnl Do one transaction and save the output.
AT_SETUP([ovsdb-client get-schema-version])
AT_KEYWORDS([ovsdb server positive])
AT_SETUP([ovsdb-client get-schema-version])
AT_KEYWORDS([ovsdb server positive])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema
AT_CHECK([ovsdb-tool create db schema], [0], [ignore], [ignore])
AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --unixctl="`pwd`"/unixctl --remote=punix:socket db], [0], [ignore], [ignore])
ordinal_schema > schema
AT_CHECK([ovsdb-tool create db schema], [0], [ignore], [ignore])
AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --unixctl="`pwd`"/unixctl --remote=punix:socket db], [0], [ignore], [ignore])
AT_SETUP([database multiplexing implementation])
AT_KEYWORDS([ovsdb server positive])
AT_SETUP([database multiplexing implementation])
AT_KEYWORDS([ovsdb server positive])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema1
constraint_schema > schema2
AT_CHECK([ovsdb-tool create db1 schema1], [0], [ignore], [ignore])
ordinal_schema > schema1
constraint_schema > schema2
AT_CHECK([ovsdb-tool create db1 schema1], [0], [ignore], [ignore])
AT_SETUP([compacting online])
AT_KEYWORDS([ovsdb server compact])
AT_SETUP([compacting online])
AT_KEYWORDS([ovsdb server compact])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema
dnl Make sure that "ovsdb-tool create" works with a dangling symlink for
dnl the database and the lockfile, creating the target of each symlink rather
ordinal_schema > schema
dnl Make sure that "ovsdb-tool create" works with a dangling symlink for
dnl the database and the lockfile, creating the target of each symlink rather
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server positive ssl $5])
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server positive ssl $5])
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
$2 > schema
AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout])
SSL_PORT=`cat stdout`
$2 > schema
AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout])
SSL_PORT=`cat stdout`
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server positive tcp $5])
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server positive tcp $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
$2 > schema
AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout])
TCP_PORT=`cat stdout`
$2 > schema
AT_CHECK([perl $srcdir/choose-port.pl], [0], [stdout])
TCP_PORT=`cat stdout`
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server positive transient $5])
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb server positive transient $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
$2 > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
m4_foreach([txn], [$3],
$2 > schema
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
m4_foreach([txn], [$3],
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb file positive $5])
m4_define([OVSDB_CHECK_EXECUTION],
[AT_SETUP([$1])
AT_KEYWORDS([ovsdb file positive $5])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
$2 > schema
touch .db.~lock~
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
$2 > schema
touch .db.~lock~
AT_CHECK([ovsdb-tool create db schema], [0], [stdout], [ignore])
AT_SETUP([ovsdb-tool compact])
AT_KEYWORDS([ovsdb file positive])
AT_SETUP([ovsdb-tool compact])
AT_KEYWORDS([ovsdb file positive])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema
dnl Make sure that "ovsdb-tool create" works with a dangling symlink,
dnl creating the target of the symlink rather than replacing the symlink
ordinal_schema > schema
dnl Make sure that "ovsdb-tool create" works with a dangling symlink,
dnl creating the target of the symlink rather than replacing the symlink
AT_SETUP([ovsdb-tool convert -- removing a column])
AT_KEYWORDS([ovsdb file positive])
AT_SETUP([ovsdb-tool convert -- removing a column])
AT_KEYWORDS([ovsdb file positive])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
ordinal_schema > schema
AT_DATA([new-schema],
[[{"name": "ordinals",
ordinal_schema > schema
AT_DATA([new-schema],
[[{"name": "ordinals",
AT_SETUP([ovsdb-tool convert -- adding a column])
AT_KEYWORDS([ovsdb file positive])
AT_SETUP([ovsdb-tool convert -- adding a column])
AT_KEYWORDS([ovsdb file positive])
+OVS_RUNDIR=`pwd`; export OVS_RUNDIR
AT_DATA([schema],
[[{"name": "ordinals",
"tables": {
AT_DATA([schema],
[[{"name": "ordinals",
"tables": {
[send-short-hello],
[send-invalid-version-hello]],
[AT_SETUP([$1 vconn - m4_bpatsubst(testname, [-], [ ])])
[send-short-hello],
[send-invalid-version-hello]],
[AT_SETUP([$1 vconn - m4_bpatsubst(testname, [-], [ ])])
+ OVS_RUNDIR=`pwd`; export OVS_RUNDIR
m4_if([$1], [ssl], [
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
AT_CHECK([cp $abs_top_builddir/tests/testpki*.pem .])])
m4_if([$1], [ssl], [
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
AT_CHECK([cp $abs_top_builddir/tests/testpki*.pem .])])
if (!strncmp(c->target, "unix:", 5)) {
/* Connect to a listening socket */
whitelist = xasprintf("unix:%s/", ovs_rundir());
if (!strncmp(c->target, "unix:", 5)) {
/* Connect to a listening socket */
whitelist = xasprintf("unix:%s/", ovs_rundir());
- if (!equal_pathnames(c->target, whitelist,
- strlen(whitelist))) {
+ if (strchr(c->target, '/') &&
+ !equal_pathnames(c->target, whitelist,
+ strlen(whitelist))) {
+ /* Absolute path specified, but not in ovs_rundir */
VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
"controller \"%s\" due to possibility for "
"remote exploit. Instead, specify socket "
VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
"controller \"%s\" due to possibility for "
"remote exploit. Instead, specify socket "