External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-11-03 11:51:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
ebb921cb37
libvirt/tests/virpolkittest.c

305 lines
8.2 KiB
C
Raw Normal View History

Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
/*
polkit: Adjust message when authentication agent isn't found When there isn't a ssh -X type session running and a user has not been added to the libvirt group, attempts to run 'virsh -c qemu:///system' commands from an otherwise unprivileged user will fail with rather generic or opaque error message: "error: authentication failed: no agent is available to authenticate" This patch will adjust the error code and message to help reflect the situation that the problem is the requested mechanism is UNAVAILABLE and a slightly more descriptive error. The result on a failure then becomes: "error: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'" A bit more history on this - at one time a failure generated the following type message when running the 'pkcheck' as a subprocess: "error: authentication failed: polkit\56retains_authorization_after_challenge=1 Authorization requires authentication but no agent is available." but, a patch was generated to adjust the error message to help provide more details about what failed. This was pushed as commit id '96a108c99'. That patch prepended a "polkit: " to the output. It really didn't solve the problem, but gave a hint. After some time it was deemed using DBus API calls directly was a better way to go (since pkcheck calls them anyway). So, commit id '1b854c76' (more or less) copied the code from remoteDispatchAuthPolkit and adjusted it. Then commit id 'c7542573' adjusted the remote.c code to call the new API (virPolkitCheckAuth). Finally, commit id '308c0c5a' altered the code to call DBus APIs directly. In doing so, it reverted the failing error message to the generic message that would have been received from DBus anyway.
2016-01-14 19:34:28 +00:00
* Copyright (C) 2013, 2014, 2016 Red Hat, Inc.
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include "testutils.h"
tests: enable virpolkittest on any ELF platform This tests uses preload, which should work on any ELF-based platform (and indeed it passes on Linux, GNU/kFreeBSD, and FreeBSD). Also remove the WITH_DBUS conditional, as the test is already built based on that conditional.
2016-11-28 13:47:30 +00:00
#if defined(__ELF__)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
# include "virpolkit.h"
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
# include "virgdbus.h"
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
# include "virlog.h"
# include "virmock.h"
# define VIR_FROM_THIS VIR_FROM_NONE
VIR_LOG_INIT("tests.systemdtest");
/* Some interesting numbers */
# define THE_PID 1458
# define THE_TIME 11011000001
# define THE_UID 1729
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
GVariant *,
GDBusConnection *, connection,
const gchar *, bus_name,
const gchar *, object_path,
const gchar *, interface_name,
const gchar *, method_name,
GVariant *, parameters,
const GVariantType *, reply_type,
GDBusCallFlags, flags,
gint, timeout_msec,
GCancellable *, cancellable,
GError **, error)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
GVariant *reply = NULL;
g_autoptr(GVariant) params = parameters;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
tests: fix incorrect free of GVariant in our GLib mock functions GLib implementation of g_dbus_connection_call_sync() calls g_variant_ref_sink() on the passed @parameters to make sure they have proper reference. If the original reference is floating the g_dbus_connection_call_sync() consumes it, but if it's normal reference it will just add another one. Our mock functions were only freeing the @parameters which is incorrect and doesn't reflect how the real implementation works. Reported-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-10-02 10:11:45 +00:00
if (params)
g_variant_ref_sink(params);
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
if (STREQ(bus_name, "org.freedesktop.PolicyKit1") &&
STREQ(method_name, "CheckAuthorization")) {
g_autoptr(GVariantIter) iter = NULL;
GVariantBuilder builder;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
char *type;
char *actionid;
int is_authorized = 1;
int is_challenge = 0;
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
g_variant_get(params, "((&s@a{sv})&sa{ss}@u@s)",
&type,
NULL,
&actionid,
&iter,
NULL,
NULL);
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
if (STREQ(actionid, "org.libvirt.test.success")) {
is_authorized = 1;
is_challenge = 0;
} else if (STREQ(actionid, "org.libvirt.test.challenge")) {
is_authorized = 0;
is_challenge = 1;
} else if (STREQ(actionid, "org.libvirt.test.cancelled")) {
is_authorized = 0;
is_challenge = 0;
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
g_variant_builder_add(&builder, "{ss}", "polkit.dismissed", "true");
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
} else if (STREQ(actionid, "org.libvirt.test.details")) {
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
char *key;
char *val;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
is_authorized = 0;
is_challenge = 0;
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
while (g_variant_iter_loop(iter, "{ss}", &key, &val)) {
if (STREQ(key, "org.libvirt.test.person") && STREQ(val, "Fred")) {
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
is_authorized = 1;
is_challenge = 0;
}
}
} else {
is_authorized = 0;
is_challenge = 0;
}
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
reply = g_variant_new("((bb@a{ss}))", is_authorized, is_challenge,
g_variant_builder_end(&builder));
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
} else {
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
reply = g_variant_new("()");
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
return reply;
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
static int testPolkitAuthSuccess(const void *opaque G_GNUC_UNUSED)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
if (virPolkitCheckAuth("org.libvirt.test.success",
THE_PID,
THE_TIME,
THE_UID,
NULL,
true) < 0)
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return 0;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
static int testPolkitAuthDenied(const void *opaque G_GNUC_UNUSED)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
int rv;
virErrorPtr err;
rv = virPolkitCheckAuth("org.libvirt.test.deny",
THE_PID,
THE_TIME,
THE_UID,
NULL,
true);
if (rv == 0) {
fprintf(stderr, "Unexpected auth success\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
} else if (rv != -2) {
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
err = virGetLastError();
if (!err || !strstr(err->message,
_("access denied by policy"))) {
fprintf(stderr, "Incorrect error response\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return 0;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
static int testPolkitAuthChallenge(const void *opaque G_GNUC_UNUSED)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
int rv;
virErrorPtr err;
rv = virPolkitCheckAuth("org.libvirt.test.challenge",
THE_PID,
THE_TIME,
THE_UID,
NULL,
true);
if (rv == 0) {
fprintf(stderr, "Unexpected auth success\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
} else if (rv != -2) {
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
err = virGetLastError();
polkit: Adjust message when authentication agent isn't found When there isn't a ssh -X type session running and a user has not been added to the libvirt group, attempts to run 'virsh -c qemu:///system' commands from an otherwise unprivileged user will fail with rather generic or opaque error message: "error: authentication failed: no agent is available to authenticate" This patch will adjust the error code and message to help reflect the situation that the problem is the requested mechanism is UNAVAILABLE and a slightly more descriptive error. The result on a failure then becomes: "error: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'" A bit more history on this - at one time a failure generated the following type message when running the 'pkcheck' as a subprocess: "error: authentication failed: polkit\56retains_authorization_after_challenge=1 Authorization requires authentication but no agent is available." but, a patch was generated to adjust the error message to help provide more details about what failed. This was pushed as commit id '96a108c99'. That patch prepended a "polkit: " to the output. It really didn't solve the problem, but gave a hint. After some time it was deemed using DBus API calls directly was a better way to go (since pkcheck calls them anyway). So, commit id '1b854c76' (more or less) copied the code from remoteDispatchAuthPolkit and adjusted it. Then commit id 'c7542573' adjusted the remote.c code to call the new API (virPolkitCheckAuth). Finally, commit id '308c0c5a' altered the code to call DBus APIs directly. In doing so, it reverted the failing error message to the generic message that would have been received from DBus anyway.
2016-01-14 19:34:28 +00:00
if (!err || err->domain != VIR_FROM_POLKIT ||
err->code != VIR_ERR_AUTH_UNAVAILABLE ||
!strstr(err->message, _("no polkit agent available to authenticate"))) {
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
fprintf(stderr, "Incorrect error response\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return 0;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
static int testPolkitAuthCancelled(const void *opaque G_GNUC_UNUSED)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
int rv;
virErrorPtr err;
rv = virPolkitCheckAuth("org.libvirt.test.cancelled",
THE_PID,
THE_TIME,
THE_UID,
NULL,
true);
if (rv == 0) {
fprintf(stderr, "Unexpected auth success\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
} else if (rv != -2) {
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
err = virGetLastError();
if (!err || !strstr(err->message,
_("user cancelled authentication process"))) {
fprintf(stderr, "Incorrect error response\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return 0;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
static int testPolkitAuthDetailsSuccess(const void *opaque G_GNUC_UNUSED)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
const char *details[] = {
"org.libvirt.test.person", "Fred",
NULL,
};
if (virPolkitCheckAuth("org.libvirt.test.details",
THE_PID,
THE_TIME,
THE_UID,
details,
true) < 0)
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return 0;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
static int testPolkitAuthDetailsDenied(const void *opaque G_GNUC_UNUSED)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
{
int rv;
virErrorPtr err;
const char *details[] = {
"org.libvirt.test.person", "Joe",
NULL,
};
rv = virPolkitCheckAuth("org.libvirt.test.details",
THE_PID,
THE_TIME,
THE_UID,
details,
true);
if (rv == 0) {
fprintf(stderr, "Unexpected auth success\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
} else if (rv != -2) {
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
err = virGetLastError();
if (!err || !strstr(err->message,
_("access denied by policy"))) {
fprintf(stderr, "Incorrect error response\n");
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return -1;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
tests: remove unneeded cleanup labels Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-11-12 20:46:29 +00:00
return 0;
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
}
static int
mymain(void)
{
int ret = 0;
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("Polkit auth success ", testPolkitAuthSuccess, NULL) < 0)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
ret = -1;
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("Polkit auth deny ", testPolkitAuthDenied, NULL) < 0)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
ret = -1;
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("Polkit auth challenge ", testPolkitAuthChallenge, NULL) < 0)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
ret = -1;
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("Polkit auth cancel ", testPolkitAuthCancelled, NULL) < 0)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
ret = -1;
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("Polkit auth details success ", testPolkitAuthDetailsSuccess, NULL) < 0)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
ret = -1;
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("Polkit auth details deny ", testPolkitAuthDetailsDenied, NULL) < 0)
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
ret = -1;
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
src/util/virpolkit: convert to use GLib DBus Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-09-09 14:42:16 +00:00
VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virgdbus"))
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
tests: enable virpolkittest on any ELF platform This tests uses preload, which should work on any ELF-based platform (and indeed it passes on Linux, GNU/kFreeBSD, and FreeBSD). Also remove the WITH_DBUS conditional, as the test is already built based on that conditional.
2016-11-28 13:47:30 +00:00
#else /* ! __ELF__ */
Convert polkit code to use DBus API instead of CLI helper Spawning the pkcheck program every time a permission check is required is hugely expensive on CPU. The pkcheck program is just a dumb wrapper for the DBus API, so rewrite the code to use the DBus API directly. This also simplifies error handling a bit. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-10 13:52:48 +00:00
int
main(void)
{
return EXIT_AM_SKIP;
}
tests: enable virpolkittest on any ELF platform This tests uses preload, which should work on any ELF-based platform (and indeed it passes on Linux, GNU/kFreeBSD, and FreeBSD). Also remove the WITH_DBUS conditional, as the test is already built based on that conditional.
2016-11-28 13:47:30 +00:00
#endif /* ! __ELF__ */
Reference in New Issue Copy Permalink