src: switch from fnmatch to g_pattern_match_simple

The g_pattern_match function_simple is an acceptably close approximation of fnmatch for libvirt's needs. In contrast to fnmatch(), the '/' character can be matched by the wildcards, there are no '[...]' character ranges and '*' and '?' can not be escaped to include them literally in a pattern. Reviewed-by: N Fabiano Fidêncio <fidencio@redhat.com> Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>

src: switch from fnmatch to g_pattern_match_simple
The g_pattern_match function_simple is an acceptably close approximation of fnmatch for libvirt's needs. In contrast to fnmatch(), the '/' character can be matched by the wildcards, there are no '[...]' character ranges and '*' and '?' can not be escaped to include them literally in a pattern. Reviewed-by: N Fabiano Fidêncio <fidencio@redhat.com> Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>
f7df9856 · Daniel P. Berrangé · d0312c58 · f7df9856 · f7df9856 · f7df9856
8 changed file
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -20,8 +20,6 @@

 #include <config.h>

-#include <fnmatch.h>
-
 #include "qemu_firmware.h"
 #include "qemu_interop_config.h"
 #include "configmake.h"
@@ -921,7 +919,7 @@ qemuFirmwareMatchesMachineArch(const qemuFirmware *fw,
            continue;

        for (j = 0; j < fw->targets[i]->nmachines; j++) {
-            if (fnmatch(fw->targets[i]->machines[j], machine, 0) == 0)
+            if (g_pattern_match_simple(fw->targets[i]->machines[j], machine))
                return true;
        }
    }

--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -262,7 +262,9 @@
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards:
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
@@ -288,7 +290,9 @@
 #
 #    "*@EXAMPLE.COM"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks

--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -20,8 +20,6 @@

 #include <config.h>

-#include <fnmatch.h>
-
 #include "virnetsaslcontext.h"
 #include "virnetmessage.h"

@@ -155,17 +153,10 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
    }

    while (*wildcards) {
-        int rv = fnmatch(*wildcards, identity, 0);
-        if (rv == 0) {
+        if (g_pattern_match_simple(*wildcards, identity)) {
            ret = 1;
            goto cleanup; /* Successful match */
        }
-        if (rv != FNM_NOMATCH) {
-            virReportError(VIR_ERR_INTERNAL_ERROR,
-                           _("Malformed TLS whitelist regular expression '%s'"),
-                           *wildcards);
-            goto cleanup;
-        }

        wildcards++;
    }

--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -21,7 +21,6 @@
 #include <config.h>

 #include <unistd.h>
-#include <fnmatch.h>

 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
@@ -361,15 +360,8 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname,
                                     const char *const*wildcards)
 {
    while (*wildcards) {
-        int ret = fnmatch(*wildcards, dname, 0);
-        if (ret == 0) /* Successful match */
+        if (g_pattern_match_simple(*wildcards, dname))
            return 1;
-        if (ret != FNM_NOMATCH) {
-            virReportError(VIR_ERR_INTERNAL_ERROR,
-                           _("Malformed TLS whitelist regular expression '%s'"),
-                           *wildcards);
-            return -1;
-        }

        wildcards++;
    }

--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@@ -36,7 +36,6 @@
 #if HAVE_SYS_UN_H
 # include <sys/un.h>
 #endif
-#include <fnmatch.h>

 #include "virerror.h"
 #include "virlog.h"
@@ -488,7 +487,7 @@ virLogSourceUpdate(virLogSourcePtr source)
        size_t i;

        for (i = 0; i < virLogNbFilters; i++) {
-            if (fnmatch(virLogFilters[i]->match, source->name, 0) == 0) {
+            if (g_pattern_match_simple(virLogFilters[i]->match, source->name)) {
                priority = virLogFilters[i]->priority;
                break;
            }
@@ -1338,7 +1337,7 @@ virLogFilterNew(const char *match,
        return NULL;
    }

-    /* We must treat 'foo' as equiv to '*foo*' for fnmatch
+    /* We must treat 'foo' as equiv to '*foo*' for g_pattern_match
     * todo substring matches, so add 2 extra bytes
     */
    if (VIR_ALLOC_N_QUIET(mdup, mlen + 3) < 0)

--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -183,7 +183,9 @@ tls_no_verify_certificate = 1
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
@@ -200,7 +202,9 @@ tls_allowed_dn_list = ["DN1", "DN2"]
 #
 #    "*@EXAMPLE.COM"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks

--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -147,7 +147,9 @@ tls_no_verify_certificate = 1
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
@@ -162,7 +164,9 @@ tls_allowed_dn_list = [ "DN1", "DN2" ]
 #
 #    "*@EXAMPLE.COM"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
+#
+# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks

--- a/tools/virt-login-shell-helper.c
+++ b/tools/virt-login-shell-helper.c
@@ -19,7 +19,6 @@
 */
 #include <config.h>

-#include <fnmatch.h>
 #include <getopt.h>
 #include <signal.h>
 #include <stdarg.h>
@@ -67,14 +66,14 @@ static int virLoginShellAllowedUser(virConfPtr conf,
            for (i = 0; i < ngroups; i++) {
                if (!(gname = virGetGroupName(groups[i])))
                    continue;
-                if (fnmatch(entry, gname, 0) == 0) {
+                if (g_pattern_match_simple(entry, gname)) {
                    ret = 0;
                    goto cleanup;
                }
                VIR_FREE(gname);
            }
        } else {
-            if (fnmatch(entry, name, 0) == 0) {
+            if (g_pattern_match_simple(entry, name)) {
                ret = 0;
                goto cleanup;
            }