2012-01-20 17:49:32 +00:00
|
|
|
/*
|
|
|
|
* viridentity.c: helper APIs for managing user identities
|
|
|
|
*
|
|
|
|
* Copyright (C) 2012-2013 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; If not, see
|
|
|
|
* <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2013-03-06 11:00:16 +00:00
|
|
|
#include <unistd.h>
|
2013-03-20 13:06:04 +00:00
|
|
|
#if WITH_SELINUX
|
2013-03-06 11:00:16 +00:00
|
|
|
# include <selinux/selinux.h>
|
|
|
|
#endif
|
|
|
|
|
2012-01-20 17:49:32 +00:00
|
|
|
#include "internal.h"
|
|
|
|
#include "viralloc.h"
|
|
|
|
#include "virerror.h"
|
|
|
|
#include "viridentity.h"
|
|
|
|
#include "virlog.h"
|
|
|
|
#include "virobject.h"
|
|
|
|
#include "virthread.h"
|
2013-03-06 11:00:16 +00:00
|
|
|
#include "virutil.h"
|
2013-05-24 09:19:51 +02:00
|
|
|
#include "virstring.h"
|
2013-08-28 15:22:05 +01:00
|
|
|
#include "virprocess.h"
|
2019-07-26 16:36:29 +01:00
|
|
|
#include "virtypedparam.h"
|
2012-01-20 17:49:32 +00:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_IDENTITY
|
|
|
|
|
2014-02-28 12:16:17 +00:00
|
|
|
VIR_LOG_INIT("util.identity");
|
2012-01-20 17:49:32 +00:00
|
|
|
|
|
|
|
struct _virIdentity {
|
2019-09-19 15:38:03 +01:00
|
|
|
GObject parent;
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2019-07-26 16:27:25 +01:00
|
|
|
int nparams;
|
|
|
|
int maxparams;
|
|
|
|
virTypedParameterPtr params;
|
2012-01-20 17:49:32 +00:00
|
|
|
};
|
|
|
|
|
2019-09-19 15:38:03 +01:00
|
|
|
G_DEFINE_TYPE(virIdentity, vir_identity, G_TYPE_OBJECT)
|
|
|
|
|
2013-03-06 10:53:47 +00:00
|
|
|
static virThreadLocal virIdentityCurrent;
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2019-09-19 15:38:03 +01:00
|
|
|
static void virIdentityFinalize(GObject *obj);
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2019-09-19 15:38:03 +01:00
|
|
|
static void virIdentityCurrentCleanup(void *ident)
|
2012-01-20 17:49:32 +00:00
|
|
|
{
|
2019-09-19 15:38:03 +01:00
|
|
|
if (ident)
|
|
|
|
g_object_unref(ident);
|
|
|
|
}
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2019-09-19 15:38:03 +01:00
|
|
|
static int virIdentityOnceInit(void)
|
|
|
|
{
|
2013-03-06 10:53:47 +00:00
|
|
|
if (virThreadLocalInit(&virIdentityCurrent,
|
2019-09-19 15:38:03 +01:00
|
|
|
virIdentityCurrentCleanup) < 0) {
|
2013-03-06 10:53:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Cannot initialize thread local for current identity"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2012-01-20 17:49:32 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-01-20 12:23:29 -05:00
|
|
|
VIR_ONCE_GLOBAL_INIT(virIdentity);
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2019-09-19 15:38:03 +01:00
|
|
|
static void vir_identity_init(virIdentity *ident G_GNUC_UNUSED)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
static void vir_identity_class_init(virIdentityClass *klass)
|
|
|
|
{
|
|
|
|
GObjectClass *obj = G_OBJECT_CLASS(klass);
|
|
|
|
|
|
|
|
obj->finalize = virIdentityFinalize;
|
|
|
|
}
|
|
|
|
|
2013-03-06 10:53:47 +00:00
|
|
|
/**
|
|
|
|
* virIdentityGetCurrent:
|
|
|
|
*
|
|
|
|
* Get the current identity associated with this thread. The
|
|
|
|
* caller will own a reference to the returned identity, but
|
|
|
|
* must not modify the object in any way, other than to
|
2019-09-19 15:38:03 +01:00
|
|
|
* release the reference when done with g_object_unref
|
2013-03-06 10:53:47 +00:00
|
|
|
*
|
|
|
|
* Returns: a reference to the current identity, or NULL
|
|
|
|
*/
|
|
|
|
virIdentityPtr virIdentityGetCurrent(void)
|
|
|
|
{
|
|
|
|
virIdentityPtr ident;
|
|
|
|
|
2013-03-21 10:58:15 +00:00
|
|
|
if (virIdentityInitialize() < 0)
|
2013-03-06 10:53:47 +00:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
ident = virThreadLocalGet(&virIdentityCurrent);
|
2019-09-19 15:38:03 +01:00
|
|
|
if (ident)
|
|
|
|
g_object_ref(ident);
|
|
|
|
return ident;
|
2013-03-06 10:53:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* virIdentitySetCurrent:
|
|
|
|
*
|
|
|
|
* Set the new identity to be associated with this thread.
|
|
|
|
* The caller should not modify the passed identity after
|
|
|
|
* it has been set, other than to release its own reference.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, or -1 on error
|
|
|
|
*/
|
|
|
|
int virIdentitySetCurrent(virIdentityPtr ident)
|
|
|
|
{
|
2019-10-01 17:38:12 +01:00
|
|
|
g_autoptr(virIdentity) old = NULL;
|
2013-03-06 10:53:47 +00:00
|
|
|
|
2013-03-21 10:58:15 +00:00
|
|
|
if (virIdentityInitialize() < 0)
|
2013-03-06 10:53:47 +00:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
old = virThreadLocalGet(&virIdentityCurrent);
|
|
|
|
|
|
|
|
if (virThreadLocalSet(&virIdentityCurrent,
|
2019-09-19 15:38:03 +01:00
|
|
|
ident ? g_object_ref(ident) : NULL) < 0) {
|
2013-03-06 10:53:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Unable to set thread local identity"));
|
2019-09-19 15:38:03 +01:00
|
|
|
if (ident)
|
|
|
|
g_object_unref(ident);
|
2013-03-06 10:53:47 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2013-03-06 11:00:16 +00:00
|
|
|
/**
|
|
|
|
* virIdentityGetSystem:
|
|
|
|
*
|
|
|
|
* Returns an identity that represents the system itself.
|
|
|
|
* This is the identity that the process is running as
|
|
|
|
*
|
|
|
|
* Returns a reference to the system identity, or NULL
|
|
|
|
*/
|
|
|
|
virIdentityPtr virIdentityGetSystem(void)
|
|
|
|
{
|
2019-10-01 17:38:12 +01:00
|
|
|
g_autofree char *username = NULL;
|
|
|
|
g_autofree char *groupname = NULL;
|
2013-08-22 16:58:58 +01:00
|
|
|
unsigned long long startTime;
|
2019-10-01 17:38:12 +01:00
|
|
|
g_autoptr(virIdentity) ret = NULL;
|
2013-03-20 13:06:04 +00:00
|
|
|
#if WITH_SELINUX
|
2020-07-15 12:32:48 +02:00
|
|
|
char *con;
|
2013-03-06 11:00:16 +00:00
|
|
|
#endif
|
2013-06-24 14:47:31 +01:00
|
|
|
|
2013-08-22 16:58:58 +01:00
|
|
|
if (!(ret = virIdentityNew()))
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-03-06 11:00:16 +00:00
|
|
|
|
2019-07-26 11:59:15 +01:00
|
|
|
if (virIdentitySetProcessID(ret, getpid()) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-08-28 15:22:05 +01:00
|
|
|
|
2013-08-22 16:58:58 +01:00
|
|
|
if (virProcessGetStartTime(getpid(), &startTime) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-08-22 16:58:58 +01:00
|
|
|
if (startTime != 0 &&
|
2019-07-26 11:59:15 +01:00
|
|
|
virIdentitySetProcessTime(ret, startTime) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-08-28 15:22:05 +01:00
|
|
|
|
2013-10-09 12:13:45 +01:00
|
|
|
if (!(username = virGetUserName(geteuid())))
|
2018-07-13 23:25:09 +05:30
|
|
|
return ret;
|
2019-07-26 11:59:15 +01:00
|
|
|
if (virIdentitySetUserName(ret, username) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-08-22 16:58:58 +01:00
|
|
|
if (virIdentitySetUNIXUserID(ret, getuid()) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-08-22 16:00:01 +01:00
|
|
|
|
2013-10-09 12:13:45 +01:00
|
|
|
if (!(groupname = virGetGroupName(getegid())))
|
2018-07-13 23:25:09 +05:30
|
|
|
return ret;
|
2019-07-26 11:59:15 +01:00
|
|
|
if (virIdentitySetGroupName(ret, groupname) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-08-22 16:58:58 +01:00
|
|
|
if (virIdentitySetUNIXGroupID(ret, getgid()) < 0)
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2013-03-06 11:00:16 +00:00
|
|
|
|
2013-03-20 13:06:04 +00:00
|
|
|
#if WITH_SELINUX
|
2014-03-20 16:05:14 +01:00
|
|
|
if (is_selinux_enabled() > 0) {
|
2014-03-06 17:02:48 +11:00
|
|
|
if (getcon(&con) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to lookup SELinux process context"));
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2014-03-06 17:02:48 +11:00
|
|
|
}
|
2013-08-22 16:58:58 +01:00
|
|
|
if (virIdentitySetSELinuxContext(ret, con) < 0) {
|
2014-03-06 17:02:48 +11:00
|
|
|
freecon(con);
|
2019-10-01 17:38:12 +01:00
|
|
|
return NULL;
|
2014-03-06 17:02:48 +11:00
|
|
|
}
|
2013-05-24 09:19:51 +02:00
|
|
|
freecon(con);
|
2013-03-06 11:00:16 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2019-10-01 17:38:12 +01:00
|
|
|
return g_steal_pointer(&ret);
|
2013-03-06 11:00:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-01-20 17:49:32 +00:00
|
|
|
/**
|
|
|
|
* virIdentityNew:
|
|
|
|
*
|
|
|
|
* Creates a new empty identity object. After creating, one or
|
|
|
|
* more identifying attributes should be set on the identity.
|
|
|
|
*
|
|
|
|
* Returns: a new empty identity
|
|
|
|
*/
|
|
|
|
virIdentityPtr virIdentityNew(void)
|
|
|
|
{
|
2019-09-19 15:38:03 +01:00
|
|
|
return VIR_IDENTITY(g_object_new(VIR_TYPE_IDENTITY, NULL));
|
2012-01-20 17:49:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-09-19 15:38:03 +01:00
|
|
|
static void virIdentityFinalize(GObject *object)
|
2012-01-20 17:49:32 +00:00
|
|
|
{
|
2019-09-19 15:38:03 +01:00
|
|
|
virIdentityPtr ident = VIR_IDENTITY(object);
|
2012-01-20 17:49:32 +00:00
|
|
|
|
2019-07-26 16:27:25 +01:00
|
|
|
virTypedParamsFree(ident->params, ident->nparams);
|
2019-09-19 15:38:03 +01:00
|
|
|
|
|
|
|
G_OBJECT_CLASS(vir_identity_parent_class)->finalize(object);
|
2012-01-20 17:49:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentityGetUserName(virIdentityPtr ident,
|
|
|
|
const char **username)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
*username = NULL;
|
|
|
|
return virTypedParamsGetString(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_USER_NAME,
|
|
|
|
username);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2013-08-22 16:43:35 +01:00
|
|
|
int virIdentityGetUNIXUserID(virIdentityPtr ident,
|
|
|
|
uid_t *uid)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
unsigned long long val;
|
|
|
|
int rc;
|
2013-08-22 16:43:35 +01:00
|
|
|
|
|
|
|
*uid = -1;
|
2019-07-26 16:27:25 +01:00
|
|
|
rc = virTypedParamsGetULLong(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_USER_ID,
|
|
|
|
&val);
|
|
|
|
if (rc <= 0)
|
|
|
|
return rc;
|
2013-08-22 16:43:35 +01:00
|
|
|
|
|
|
|
*uid = (uid_t)val;
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
return 1;
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentityGetGroupName(virIdentityPtr ident,
|
|
|
|
const char **groupname)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
*groupname = NULL;
|
|
|
|
return virTypedParamsGetString(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_GROUP_NAME,
|
|
|
|
groupname);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2013-08-22 16:43:35 +01:00
|
|
|
int virIdentityGetUNIXGroupID(virIdentityPtr ident,
|
|
|
|
gid_t *gid)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
unsigned long long val;
|
|
|
|
int rc;
|
2013-08-22 16:43:35 +01:00
|
|
|
|
|
|
|
*gid = -1;
|
2019-07-26 16:27:25 +01:00
|
|
|
rc = virTypedParamsGetULLong(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_GROUP_ID,
|
|
|
|
&val);
|
|
|
|
if (rc <= 0)
|
|
|
|
return rc;
|
2013-08-22 16:43:35 +01:00
|
|
|
|
|
|
|
*gid = (gid_t)val;
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
return 1;
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentityGetProcessID(virIdentityPtr ident,
|
|
|
|
pid_t *pid)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
long long val;
|
|
|
|
int rc;
|
2013-08-22 16:43:35 +01:00
|
|
|
|
|
|
|
*pid = 0;
|
2019-07-26 16:27:25 +01:00
|
|
|
rc = virTypedParamsGetLLong(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_ID,
|
|
|
|
&val);
|
|
|
|
if (rc <= 0)
|
|
|
|
return rc;
|
2013-08-22 16:43:35 +01:00
|
|
|
|
|
|
|
*pid = (pid_t)val;
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
return 1;
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentityGetProcessTime(virIdentityPtr ident,
|
|
|
|
unsigned long long *timestamp)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-08-07 16:30:57 +01:00
|
|
|
*timestamp = 0;
|
2019-07-26 16:27:25 +01:00
|
|
|
return virTypedParamsGetULLong(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_TIME,
|
|
|
|
timestamp);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2013-08-22 16:43:35 +01:00
|
|
|
int virIdentityGetSASLUserName(virIdentityPtr ident,
|
|
|
|
const char **username)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
*username = NULL;
|
|
|
|
return virTypedParamsGetString(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_SASL_USER_NAME,
|
|
|
|
username);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2013-08-22 16:43:35 +01:00
|
|
|
int virIdentityGetX509DName(virIdentityPtr ident,
|
|
|
|
const char **dname)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
*dname = NULL;
|
|
|
|
return virTypedParamsGetString(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME,
|
|
|
|
dname);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-08-07 16:30:57 +01:00
|
|
|
/*
|
|
|
|
* Returns: 0 if not present, 1 if present, -1 on error
|
|
|
|
*/
|
2013-08-22 16:43:35 +01:00
|
|
|
int virIdentityGetSELinuxContext(virIdentityPtr ident,
|
|
|
|
const char **context)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
*context = NULL;
|
|
|
|
return virTypedParamsGetString(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
|
|
|
|
context);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentitySetUserName(virIdentityPtr ident,
|
|
|
|
const char *username)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_USER_NAME)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return virTypedParamsAddString(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_USER_NAME,
|
|
|
|
username);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virIdentitySetUNIXUserID(virIdentityPtr ident,
|
|
|
|
uid_t uid)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_USER_ID)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
2013-08-22 16:43:35 +01:00
|
|
|
return -1;
|
2019-07-26 16:27:25 +01:00
|
|
|
}
|
2018-07-13 23:25:09 +05:30
|
|
|
|
2019-07-26 16:27:25 +01:00
|
|
|
return virTypedParamsAddULLong(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_USER_ID,
|
|
|
|
uid);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentitySetGroupName(virIdentityPtr ident,
|
|
|
|
const char *groupname)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_GROUP_NAME)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return virTypedParamsAddString(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_GROUP_NAME,
|
|
|
|
groupname);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virIdentitySetUNIXGroupID(virIdentityPtr ident,
|
|
|
|
gid_t gid)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_GROUP_ID)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
2013-08-22 16:43:35 +01:00
|
|
|
return -1;
|
2019-07-26 16:27:25 +01:00
|
|
|
}
|
2018-07-13 23:25:09 +05:30
|
|
|
|
2019-07-26 16:27:25 +01:00
|
|
|
return virTypedParamsAddULLong(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_GROUP_ID,
|
|
|
|
gid);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentitySetProcessID(virIdentityPtr ident,
|
|
|
|
pid_t pid)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_ID)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
2013-08-22 16:43:35 +01:00
|
|
|
return -1;
|
2019-07-26 16:27:25 +01:00
|
|
|
}
|
2018-07-13 23:25:09 +05:30
|
|
|
|
2019-07-26 16:27:25 +01:00
|
|
|
return virTypedParamsAddLLong(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_ID,
|
|
|
|
pid);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-07-26 11:59:15 +01:00
|
|
|
int virIdentitySetProcessTime(virIdentityPtr ident,
|
|
|
|
unsigned long long timestamp)
|
2013-08-22 16:43:35 +01:00
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_TIME)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
2013-08-22 16:43:35 +01:00
|
|
|
return -1;
|
2019-07-26 16:27:25 +01:00
|
|
|
}
|
2018-07-13 23:25:09 +05:30
|
|
|
|
2019-07-26 16:27:25 +01:00
|
|
|
return virTypedParamsAddULLong(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_TIME,
|
|
|
|
timestamp);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int virIdentitySetSASLUserName(virIdentityPtr ident,
|
|
|
|
const char *username)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_SASL_USER_NAME)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return virTypedParamsAddString(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_SASL_USER_NAME,
|
|
|
|
username);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virIdentitySetX509DName(virIdentityPtr ident,
|
|
|
|
const char *dname)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return virTypedParamsAddString(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME,
|
|
|
|
dname);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virIdentitySetSELinuxContext(virIdentityPtr ident,
|
|
|
|
const char *context)
|
|
|
|
{
|
2019-07-26 16:27:25 +01:00
|
|
|
if (virTypedParamsGet(ident->params,
|
|
|
|
ident->nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_SELINUX_CONTEXT)) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
|
|
_("Identity attribute is already set"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return virTypedParamsAddString(&ident->params,
|
|
|
|
&ident->nparams,
|
|
|
|
&ident->maxparams,
|
|
|
|
VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
|
|
|
|
context);
|
2013-08-22 16:43:35 +01:00
|
|
|
}
|
2019-07-26 16:36:29 +01:00
|
|
|
|
|
|
|
|
|
|
|
int virIdentitySetParameters(virIdentityPtr ident,
|
|
|
|
virTypedParameterPtr params,
|
|
|
|
int nparams)
|
|
|
|
{
|
|
|
|
if (virTypedParamsValidate(params, nparams,
|
|
|
|
VIR_CONNECT_IDENTITY_USER_NAME,
|
|
|
|
VIR_TYPED_PARAM_STRING,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_USER_ID,
|
|
|
|
VIR_TYPED_PARAM_ULLONG,
|
|
|
|
VIR_CONNECT_IDENTITY_GROUP_NAME,
|
|
|
|
VIR_TYPED_PARAM_STRING,
|
|
|
|
VIR_CONNECT_IDENTITY_UNIX_GROUP_ID,
|
|
|
|
VIR_TYPED_PARAM_ULLONG,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_ID,
|
|
|
|
VIR_TYPED_PARAM_LLONG,
|
|
|
|
VIR_CONNECT_IDENTITY_PROCESS_TIME,
|
|
|
|
VIR_TYPED_PARAM_ULLONG,
|
|
|
|
VIR_CONNECT_IDENTITY_SASL_USER_NAME,
|
|
|
|
VIR_TYPED_PARAM_STRING,
|
|
|
|
VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME,
|
|
|
|
VIR_TYPED_PARAM_STRING,
|
|
|
|
VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
|
|
|
|
VIR_TYPED_PARAM_STRING,
|
|
|
|
NULL) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
virTypedParamsFree(ident->params, ident->nparams);
|
|
|
|
ident->params = NULL;
|
|
|
|
ident->nparams = 0;
|
|
|
|
ident->maxparams = 0;
|
|
|
|
if (virTypedParamsCopy(&ident->params, params, nparams) < 0)
|
|
|
|
return -1;
|
|
|
|
ident->nparams = nparams;
|
|
|
|
ident->maxparams = nparams;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virIdentityGetParameters(virIdentityPtr ident,
|
|
|
|
virTypedParameterPtr *params,
|
|
|
|
int *nparams)
|
|
|
|
{
|
|
|
|
*params = NULL;
|
|
|
|
*nparams = 0;
|
|
|
|
|
|
|
|
if (virTypedParamsCopy(params, ident->params, ident->nparams) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
*nparams = ident->nparams;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|