Misc error reporting and checking fixes to authorization objects

-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl+1GDUACgkQvobrtBUQ T9/P/g/9GzZdihsBMvd65LRPzz94iVoPLENQdeJsxq2ioeU9NA4HzkvSXpZCr8+4 bdu7Yvu76xQN1O5mlUeMo6tAXQHxKpW/PSo+bQIp7Pfu05YaYyuyuSJxsYBRdfcs d3TKHmyqOekVYbZiKbma52+pzZ2oVV1iyaHi9CQIB2W5RPBbPn4dNJxu7gDlG124 gdrDlUr0a79rbke+bBXYjSiHvo7Fmc3eMxvBsRupej3RCQNQ57xxOo7JBq3SdhQB EuzOdNfQUjVeaA9FPSCVv2rhuUAyJY/M3XThKoNxzvkhVSHMdD97QyT4+QOOLSkB zZFE7dG9zju5d3feXhj377jP1c5TRfbEnLVVi8Zh9oDnMELM/Lgwg5KisOcEHaSq CREgXxkvH2VI1f3b/eMz/DckXLn52G0kUfiY2KIzwapObJMlohOfDy7c0K/SZ0oG /ZuCNtxoYtKg/5W3/VsOsSLo9jjjnuJxGHb4uIf1Wz2Fm8P71xfLnX0w3o+VCVgH /KkafYAAg0xFnlf8M+K7+ei+VeQIb4y3RrAqCyH0CMalfS2EuoYrxLJ2HucBiGaG fFn9B550r4vSyZOwOnNWKXX/I21l//1UFKsODJTBYBTfPna+gu+D/JXzu2E+hJeE K+WfSJJlVtzCXFC53cJGOlQYdcX3gh6UAdMeTFcN8wFitQz+kDI= =2PYf -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-fixes-pull-request' into staging Misc error reporting and checking fixes to authorization objects # gpg: Signature made Wed 18 Nov 2020 12:48:53 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-fixes-pull-request: authz-simple: Check that 'identity' property is set authz-pam: Check that 'service' property is set authz-list-file: Improve an error message authz-list-file: Fix file read error handling Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-18 13:42:42 +00:00 · 2020-11-18 13:42:42 +00:00 · b696f2c6ba
parent 269ff671c5 c2aa8a3d7e
commit b696f2c6ba
3 changed files with 25 additions and 1 deletions
--- a/authz/listfile.c
+++ b/authz/listfile.c
@ -73,7 +73,8 @@ qauthz_list_file_load(QAuthZListFile *fauthz, Error **errp)

    pdict = qobject_to(QDict, obj);
    if (!pdict) {
-        error_setg(errp, QERR_INVALID_PARAMETER_TYPE, "obj", "dict");
+        error_setg(errp, "File '%s' must contain a JSON object",
+                   fauthz->filename);
        goto cleanup;
    }

@ -128,6 +129,9 @@ qauthz_list_file_complete(UserCreatable *uc, Error **errp)
    }

    fauthz->list = qauthz_list_file_load(fauthz, errp);
+    if (!fauthz->list) {
+        return;
+    }

    if (!fauthz->refresh) {
        return;
--- a/authz/pamacct.c
+++ b/authz/pamacct.c
@ -84,6 +84,12 @@ qauthz_pam_prop_get_service(Object *obj,
 static void
 qauthz_pam_complete(UserCreatable *uc, Error **errp)
 {
+    QAuthZPAM *pauthz = QAUTHZ_PAM(uc);
+
+    if (!pauthz->service) {
+        error_setg(errp, "The 'service' property must be set");
+        return;
+    }
 }


--- a/authz/simple.c
+++ b/authz/simple.c
@ -65,11 +65,25 @@ qauthz_simple_finalize(Object *obj)
 }


+static void
+qauthz_simple_complete(UserCreatable *uc, Error **errp)
+{
+    QAuthZSimple *sauthz = QAUTHZ_SIMPLE(uc);
+
+    if (!sauthz->identity) {
+        error_setg(errp, "The 'identity' property must be set");
+        return;
+    }
+}
+
+
 static void
 qauthz_simple_class_init(ObjectClass *oc, void *data)
 {
    QAuthZClass *authz = QAUTHZ_CLASS(oc);
+    UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);

+    ucc->complete = qauthz_simple_complete;
    authz->is_allowed = qauthz_simple_is_allowed;

    object_class_property_add_str(oc, "identity",