mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-01 20:05:46 +00:00
src/util/virpolkit: convert to use GLib DBus
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
e8f00bc82c
commit
10926108f6
@ -28,7 +28,7 @@
|
|||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
#include "virprocess.h"
|
#include "virprocess.h"
|
||||||
#include "viralloc.h"
|
#include "viralloc.h"
|
||||||
#include "virdbus.h"
|
#include "virgdbus.h"
|
||||||
#include "virfile.h"
|
#include "virfile.h"
|
||||||
#include "virutil.h"
|
#include "virutil.h"
|
||||||
|
|
||||||
@ -63,80 +63,81 @@ int virPolkitCheckAuth(const char *actionid,
|
|||||||
const char **details,
|
const char **details,
|
||||||
bool allowInteraction)
|
bool allowInteraction)
|
||||||
{
|
{
|
||||||
DBusConnection *sysbus;
|
GDBusConnection *sysbus;
|
||||||
DBusMessage *reply = NULL;
|
GVariantBuilder builder;
|
||||||
char **retdetails = NULL;
|
GVariant *gprocess = NULL;
|
||||||
size_t nretdetails = 0;
|
GVariant *gdetails = NULL;
|
||||||
bool is_authorized;
|
g_autoptr(GVariant) message = NULL;
|
||||||
bool is_challenge;
|
g_autoptr(GVariant) reply = NULL;
|
||||||
|
g_autoptr(GVariantIter) iter = NULL;
|
||||||
|
char *retkey;
|
||||||
|
char *retval;
|
||||||
|
gboolean is_authorized;
|
||||||
|
gboolean is_challenge;
|
||||||
bool is_dismissed = false;
|
bool is_dismissed = false;
|
||||||
size_t i;
|
size_t i;
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
if (!(sysbus = virDBusGetSystemBus()))
|
if (!(sysbus = virGDBusGetSystemBus()))
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
VIR_INFO("Checking PID %lld running as %d",
|
VIR_INFO("Checking PID %lld running as %d",
|
||||||
(long long) pid, uid);
|
(long long) pid, uid);
|
||||||
|
|
||||||
if (virDBusCallMethod(sysbus,
|
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}"));
|
||||||
&reply,
|
g_variant_builder_add(&builder, "{sv}", "pid", g_variant_new_uint32(pid));
|
||||||
NULL,
|
g_variant_builder_add(&builder, "{sv}", "start-time", g_variant_new_uint64(startTime));
|
||||||
"org.freedesktop.PolicyKit1",
|
g_variant_builder_add(&builder, "{sv}", "uid", g_variant_new_int32(uid));
|
||||||
"/org/freedesktop/PolicyKit1/Authority",
|
gprocess = g_variant_builder_end(&builder);
|
||||||
"org.freedesktop.PolicyKit1.Authority",
|
|
||||||
"CheckAuthorization",
|
|
||||||
"(sa{sv})sa&{ss}us",
|
|
||||||
"unix-process",
|
|
||||||
3,
|
|
||||||
"pid", "u", (unsigned int)pid,
|
|
||||||
"start-time", "t", startTime,
|
|
||||||
"uid", "i", (int)uid,
|
|
||||||
actionid,
|
|
||||||
virStringListLength(details) / 2,
|
|
||||||
details,
|
|
||||||
allowInteraction,
|
|
||||||
"" /* cancellation ID */) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
if (virDBusMessageDecode(reply,
|
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
|
||||||
"(bba&{ss})",
|
for (i = 0; i < virStringListLength(details); i += 2)
|
||||||
&is_authorized,
|
g_variant_builder_add(&builder, "{ss}", details[i], details[i + 1]);
|
||||||
&is_challenge,
|
gdetails = g_variant_builder_end(&builder);
|
||||||
&nretdetails,
|
|
||||||
&retdetails) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
for (i = 0; i < (nretdetails / 2); i++) {
|
message = g_variant_new("((s@a{sv})s@a{ss}us)",
|
||||||
if (STREQ(retdetails[(i * 2)], "polkit.dismissed") &&
|
"unix-process",
|
||||||
STREQ(retdetails[(i * 2) + 1], "true"))
|
gprocess,
|
||||||
|
actionid,
|
||||||
|
gdetails,
|
||||||
|
allowInteraction,
|
||||||
|
"" /* cancellation ID */);
|
||||||
|
|
||||||
|
if (virGDBusCallMethod(sysbus,
|
||||||
|
&reply,
|
||||||
|
NULL,
|
||||||
|
"org.freedesktop.PolicyKit1",
|
||||||
|
"/org/freedesktop/PolicyKit1/Authority",
|
||||||
|
"org.freedesktop.PolicyKit1.Authority",
|
||||||
|
"CheckAuthorization",
|
||||||
|
message) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
g_variant_get(reply, "((bba{ss}))", &is_authorized, &is_challenge, &iter);
|
||||||
|
|
||||||
|
while (g_variant_iter_loop(iter, "{ss}", &retkey, &retval)) {
|
||||||
|
if (STREQ(retkey, "polkit.dismissed") && STREQ(retval, "true"))
|
||||||
is_dismissed = true;
|
is_dismissed = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
VIR_DEBUG("is auth %d is challenge %d",
|
VIR_DEBUG("is auth %d is challenge %d",
|
||||||
is_authorized, is_challenge);
|
is_authorized, is_challenge);
|
||||||
|
|
||||||
if (is_authorized) {
|
if (is_authorized)
|
||||||
ret = 0;
|
return 0;
|
||||||
|
|
||||||
|
if (is_dismissed) {
|
||||||
|
virReportError(VIR_ERR_AUTH_CANCELLED, "%s",
|
||||||
|
_("user cancelled authentication process"));
|
||||||
|
} else if (is_challenge) {
|
||||||
|
virReportError(VIR_ERR_AUTH_UNAVAILABLE,
|
||||||
|
_("no polkit agent available to authenticate action '%s'"),
|
||||||
|
actionid);
|
||||||
} else {
|
} else {
|
||||||
ret = -2;
|
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
||||||
if (is_dismissed)
|
_("access denied by policy"));
|
||||||
virReportError(VIR_ERR_AUTH_CANCELLED, "%s",
|
|
||||||
_("user cancelled authentication process"));
|
|
||||||
else if (is_challenge)
|
|
||||||
virReportError(VIR_ERR_AUTH_UNAVAILABLE,
|
|
||||||
_("no polkit agent available to authenticate "
|
|
||||||
"action '%s'"),
|
|
||||||
actionid);
|
|
||||||
else
|
|
||||||
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
|
||||||
_("access denied by policy"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup:
|
return -2;
|
||||||
virStringListFreeCount(retdetails, nretdetails);
|
|
||||||
virDBusMessageUnref(reply);
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -365,11 +365,6 @@ if conf.has('WITH_DBUS')
|
|||||||
{ 'name': 'virsystemdtest', 'deps': [ dbus_dep ] },
|
{ 'name': 'virsystemdtest', 'deps': [ dbus_dep ] },
|
||||||
]
|
]
|
||||||
|
|
||||||
if conf.has('WITH_POLKIT')
|
|
||||||
tests += [
|
|
||||||
{ 'name': 'virpolkittest', 'deps': [ dbus_dep ] },
|
|
||||||
]
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
if conf.has('WITH_ESX')
|
if conf.has('WITH_ESX')
|
||||||
@ -446,6 +441,12 @@ if conf.has('WITH_OPENVZ')
|
|||||||
]
|
]
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
if conf.has('WITH_POLKIT')
|
||||||
|
tests += [
|
||||||
|
{ 'name': 'virpolkittest' },
|
||||||
|
]
|
||||||
|
endif
|
||||||
|
|
||||||
if conf.has('WITH_QEMU')
|
if conf.has('WITH_QEMU')
|
||||||
tests += [
|
tests += [
|
||||||
{ 'name': 'qemuagenttest', 'link_with': [ test_qemu_driver_lib, test_utils_qemu_monitor_lib ], 'link_whole': [ test_utils_qemu_lib ] },
|
{ 'name': 'qemuagenttest', 'link_with': [ test_qemu_driver_lib, test_utils_qemu_monitor_lib ], 'link_whole': [ test_utils_qemu_lib ] },
|
||||||
|
@ -22,10 +22,8 @@
|
|||||||
|
|
||||||
#if defined(__ELF__)
|
#if defined(__ELF__)
|
||||||
|
|
||||||
# include <dbus/dbus.h>
|
|
||||||
|
|
||||||
# include "virpolkit.h"
|
# include "virpolkit.h"
|
||||||
# include "virdbus.h"
|
# include "virgdbus.h"
|
||||||
# include "virlog.h"
|
# include "virlog.h"
|
||||||
# include "virmock.h"
|
# include "virmock.h"
|
||||||
# define VIR_FROM_THIS VIR_FROM_NONE
|
# define VIR_FROM_THIS VIR_FROM_NONE
|
||||||
@ -37,54 +35,43 @@ VIR_LOG_INIT("tests.systemdtest");
|
|||||||
# define THE_TIME 11011000001
|
# define THE_TIME 11011000001
|
||||||
# define THE_UID 1729
|
# define THE_UID 1729
|
||||||
|
|
||||||
VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
|
VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
|
||||||
DBusMessage *,
|
GVariant *,
|
||||||
DBusConnection *, connection,
|
GDBusConnection *, connection,
|
||||||
DBusMessage *, message,
|
const gchar *, bus_name,
|
||||||
int, timeout_milliseconds,
|
const gchar *, object_path,
|
||||||
DBusError *, error)
|
const gchar *, interface_name,
|
||||||
|
const gchar *, method_name,
|
||||||
|
GVariant *, parameters,
|
||||||
|
const GVariantType *, reply_type,
|
||||||
|
GDBusCallFlags, flags,
|
||||||
|
gint, timeout_msec,
|
||||||
|
GCancellable *, cancellable,
|
||||||
|
GError **, error)
|
||||||
{
|
{
|
||||||
DBusMessage *reply = NULL;
|
GVariant *reply = NULL;
|
||||||
const char *service = dbus_message_get_destination(message);
|
g_autoptr(GVariant) params = parameters;
|
||||||
const char *member = dbus_message_get_member(message);
|
|
||||||
|
|
||||||
VIR_MOCK_REAL_INIT(dbus_connection_send_with_reply_and_block);
|
VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
|
||||||
|
|
||||||
if (STREQ(service, "org.freedesktop.PolicyKit1") &&
|
if (STREQ(bus_name, "org.freedesktop.PolicyKit1") &&
|
||||||
STREQ(member, "CheckAuthorization")) {
|
STREQ(method_name, "CheckAuthorization")) {
|
||||||
|
g_autoptr(GVariantIter) iter = NULL;
|
||||||
|
GVariantBuilder builder;
|
||||||
char *type;
|
char *type;
|
||||||
char *pidkey;
|
|
||||||
unsigned int pidval;
|
|
||||||
char *timekey;
|
|
||||||
unsigned long long timeval;
|
|
||||||
char *uidkey;
|
|
||||||
int uidval;
|
|
||||||
char *actionid;
|
char *actionid;
|
||||||
char **details;
|
|
||||||
size_t detailslen;
|
|
||||||
int allowInteraction;
|
|
||||||
char *cancellationId;
|
|
||||||
const char **retdetails = NULL;
|
|
||||||
size_t retdetailslen = 0;
|
|
||||||
const char *retdetailscancelled[] = {
|
|
||||||
"polkit.dismissed", "true",
|
|
||||||
};
|
|
||||||
int is_authorized = 1;
|
int is_authorized = 1;
|
||||||
int is_challenge = 0;
|
int is_challenge = 0;
|
||||||
|
|
||||||
if (virDBusMessageDecode(message,
|
g_variant_get(params, "((&s@a{sv})&sa{ss}@u@s)",
|
||||||
"(sa{sv})sa&{ss}us",
|
&type,
|
||||||
&type,
|
NULL,
|
||||||
3,
|
&actionid,
|
||||||
&pidkey, "u", &pidval,
|
&iter,
|
||||||
&timekey, "t", &timeval,
|
NULL,
|
||||||
&uidkey, "i", &uidval,
|
NULL);
|
||||||
&actionid,
|
|
||||||
&detailslen,
|
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
|
||||||
&details,
|
|
||||||
&allowInteraction,
|
|
||||||
&cancellationId) < 0)
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (STREQ(actionid, "org.libvirt.test.success")) {
|
if (STREQ(actionid, "org.libvirt.test.success")) {
|
||||||
is_authorized = 1;
|
is_authorized = 1;
|
||||||
@ -95,17 +82,15 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
|
|||||||
} else if (STREQ(actionid, "org.libvirt.test.cancelled")) {
|
} else if (STREQ(actionid, "org.libvirt.test.cancelled")) {
|
||||||
is_authorized = 0;
|
is_authorized = 0;
|
||||||
is_challenge = 0;
|
is_challenge = 0;
|
||||||
retdetails = retdetailscancelled;
|
g_variant_builder_add(&builder, "{ss}", "polkit.dismissed", "true");
|
||||||
retdetailslen = G_N_ELEMENTS(retdetailscancelled) / 2;
|
|
||||||
} else if (STREQ(actionid, "org.libvirt.test.details")) {
|
} else if (STREQ(actionid, "org.libvirt.test.details")) {
|
||||||
size_t i;
|
char *key;
|
||||||
|
char *val;
|
||||||
is_authorized = 0;
|
is_authorized = 0;
|
||||||
is_challenge = 0;
|
is_challenge = 0;
|
||||||
for (i = 0; i < detailslen / 2; i++) {
|
|
||||||
if (STREQ(details[i * 2],
|
while (g_variant_iter_loop(iter, "{ss}", &key, &val)) {
|
||||||
"org.libvirt.test.person") &&
|
if (STREQ(key, "org.libvirt.test.person") && STREQ(val, "Fred")) {
|
||||||
STREQ(details[(i * 2) + 1],
|
|
||||||
"Fred")) {
|
|
||||||
is_authorized = 1;
|
is_authorized = 1;
|
||||||
is_challenge = 0;
|
is_challenge = 0;
|
||||||
}
|
}
|
||||||
@ -115,30 +100,13 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
|
|||||||
is_challenge = 0;
|
is_challenge = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
VIR_FREE(type);
|
reply = g_variant_new("((bb@a{ss}))", is_authorized, is_challenge,
|
||||||
VIR_FREE(pidkey);
|
g_variant_builder_end(&builder));
|
||||||
VIR_FREE(timekey);
|
|
||||||
VIR_FREE(uidkey);
|
|
||||||
VIR_FREE(actionid);
|
|
||||||
VIR_FREE(cancellationId);
|
|
||||||
virStringListFreeCount(details, detailslen);
|
|
||||||
|
|
||||||
if (virDBusCreateReply(&reply,
|
|
||||||
"(bba&{ss})",
|
|
||||||
is_authorized,
|
|
||||||
is_challenge,
|
|
||||||
retdetailslen,
|
|
||||||
retdetails) < 0)
|
|
||||||
goto error;
|
|
||||||
} else {
|
} else {
|
||||||
reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN);
|
reply = g_variant_new("()");
|
||||||
}
|
}
|
||||||
|
|
||||||
return reply;
|
return reply;
|
||||||
|
|
||||||
error:
|
|
||||||
virDBusMessageUnref(reply);
|
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -322,7 +290,7 @@ mymain(void)
|
|||||||
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
|
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virdbus"))
|
VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virgdbus"))
|
||||||
|
|
||||||
#else /* ! __ELF__ */
|
#else /* ! __ELF__ */
|
||||||
int
|
int
|
||||||
|
Loading…
Reference in New Issue
Block a user