External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-01 20:05:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

src/util/virpolkit: convert to use GLib DBus

Browse Source 
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Pavel Hrdina 2020-09-09 16:42:16 +02:00
parent e8f00bc82c
commit 10926108f6
3 changed files with 104 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
src/util/virpolkit.c
View File

@ -28,7 +28,7 @@
#include "virstring.h" #include "virstring.h"
#include "virprocess.h" #include "virprocess.h"
#include "viralloc.h" #include "viralloc.h"
#include "virdbus.h" #include "virgdbus.h"
#include "virfile.h" #include "virfile.h"
#include "virutil.h" #include "virutil.h"
@ -63,80 +63,81 @@ int virPolkitCheckAuth(const char *actionid,
const char **details, const char **details,
bool allowInteraction) bool allowInteraction)
{ {
DBusConnection *sysbus; GDBusConnection *sysbus;
DBusMessage *reply = NULL; GVariantBuilder builder;
char **retdetails = NULL; GVariant *gprocess = NULL;
size_t nretdetails = 0; GVariant *gdetails = NULL;
bool is_authorized; g_autoptr(GVariant) message = NULL;
bool is_challenge; g_autoptr(GVariant) reply = NULL;
g_autoptr(GVariantIter) iter = NULL;
char *retkey;
char *retval;
gboolean is_authorized;
gboolean is_challenge;
bool is_dismissed = false; bool is_dismissed = false;
size_t i; size_t i;
int ret = -1;
if (!(sysbus = virDBusGetSystemBus())) if (!(sysbus = virGDBusGetSystemBus()))
goto cleanup; return -1;
VIR_INFO("Checking PID %lld running as %d", VIR_INFO("Checking PID %lld running as %d",
(long long) pid, uid); (long long) pid, uid);
if (virDBusCallMethod(sysbus, g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}"));
&reply, g_variant_builder_add(&builder, "{sv}", "pid", g_variant_new_uint32(pid));
NULL, g_variant_builder_add(&builder, "{sv}", "start-time", g_variant_new_uint64(startTime));
"org.freedesktop.PolicyKit1", g_variant_builder_add(&builder, "{sv}", "uid", g_variant_new_int32(uid));
"/org/freedesktop/PolicyKit1/Authority", gprocess = g_variant_builder_end(&builder);
"org.freedesktop.PolicyKit1.Authority",
"CheckAuthorization",
"(sa{sv})sa&{ss}us",
"unix-process",
3,
"pid", "u", (unsigned int)pid,
"start-time", "t", startTime,
"uid", "i", (int)uid,
actionid,
virStringListLength(details) / 2,
details,
allowInteraction,
"" /* cancellation ID */) < 0)
goto cleanup;
if (virDBusMessageDecode(reply, g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
"(bba&{ss})", for (i = 0; i < virStringListLength(details); i += 2)
&is_authorized, g_variant_builder_add(&builder, "{ss}", details[i], details[i + 1]);
&is_challenge, gdetails = g_variant_builder_end(&builder);
&nretdetails,
&retdetails) < 0)
goto cleanup;
for (i = 0; i < (nretdetails / 2); i++) { message = g_variant_new("((s@a{sv})s@a{ss}us)",
if (STREQ(retdetails[(i * 2)], "polkit.dismissed") && "unix-process",
STREQ(retdetails[(i * 2) + 1], "true")) gprocess,
actionid,
gdetails,
allowInteraction,
"" /* cancellation ID */);
if (virGDBusCallMethod(sysbus,
&reply,
NULL,
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
"org.freedesktop.PolicyKit1.Authority",
"CheckAuthorization",
message) < 0)
return -1;
g_variant_get(reply, "((bba{ss}))", &is_authorized, &is_challenge, &iter);
while (g_variant_iter_loop(iter, "{ss}", &retkey, &retval)) {
if (STREQ(retkey, "polkit.dismissed") && STREQ(retval, "true"))
is_dismissed = true; is_dismissed = true;
} }
VIR_DEBUG("is auth %d is challenge %d", VIR_DEBUG("is auth %d is challenge %d",
is_authorized, is_challenge); is_authorized, is_challenge);
if (is_authorized) { if (is_authorized)
ret = 0; return 0;
if (is_dismissed) {
virReportError(VIR_ERR_AUTH_CANCELLED, "%s",
_("user cancelled authentication process"));
} else if (is_challenge) {
virReportError(VIR_ERR_AUTH_UNAVAILABLE,
_("no polkit agent available to authenticate action '%s'"),
actionid);
} else { } else {
ret = -2; virReportError(VIR_ERR_AUTH_FAILED, "%s",
if (is_dismissed) _("access denied by policy"));
virReportError(VIR_ERR_AUTH_CANCELLED, "%s",
_("user cancelled authentication process"));
else if (is_challenge)
virReportError(VIR_ERR_AUTH_UNAVAILABLE,
_("no polkit agent available to authenticate "
"action '%s'"),
actionid);
else
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("access denied by policy"));
} }
cleanup: return -2;
virStringListFreeCount(retdetails, nretdetails);
virDBusMessageUnref(reply);
return ret;
} }

11
tests/meson.build
View File

@ -365,11 +365,6 @@ if conf.has('WITH_DBUS')
{ 'name': 'virsystemdtest', 'deps': [ dbus_dep ] }, { 'name': 'virsystemdtest', 'deps': [ dbus_dep ] },
] ]
if conf.has('WITH_POLKIT')
tests += [
{ 'name': 'virpolkittest', 'deps': [ dbus_dep ] },
]
endif
endif endif
if conf.has('WITH_ESX') if conf.has('WITH_ESX')
@ -446,6 +441,12 @@ if conf.has('WITH_OPENVZ')
] ]
endif endif
if conf.has('WITH_POLKIT')
tests += [
{ 'name': 'virpolkittest' },
]
endif
if conf.has('WITH_QEMU') if conf.has('WITH_QEMU')
tests += [ tests += [
{ 'name': 'qemuagenttest', 'link_with': [ test_qemu_driver_lib, test_utils_qemu_monitor_lib ], 'link_whole': [ test_utils_qemu_lib ] }, { 'name': 'qemuagenttest', 'link_with': [ test_qemu_driver_lib, test_utils_qemu_monitor_lib ], 'link_whole': [ test_utils_qemu_lib ] },

112
tests/virpolkittest.c
View File

@ -22,10 +22,8 @@
#if defined(__ELF__) #if defined(__ELF__)
# include <dbus/dbus.h>
# include "virpolkit.h" # include "virpolkit.h"
# include "virdbus.h" # include "virgdbus.h"
# include "virlog.h" # include "virlog.h"
# include "virmock.h" # include "virmock.h"
# define VIR_FROM_THIS VIR_FROM_NONE # define VIR_FROM_THIS VIR_FROM_NONE
@ -37,54 +35,43 @@ VIR_LOG_INIT("tests.systemdtest");
# define THE_TIME 11011000001 # define THE_TIME 11011000001
# define THE_UID 1729 # define THE_UID 1729
VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block, VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
DBusMessage *, GVariant *,
DBusConnection *, connection, GDBusConnection *, connection,
DBusMessage *, message, const gchar *, bus_name,
int, timeout_milliseconds, const gchar *, object_path,
DBusError *, error) const gchar *, interface_name,
const gchar *, method_name,
GVariant *, parameters,
const GVariantType *, reply_type,
GDBusCallFlags, flags,
gint, timeout_msec,
GCancellable *, cancellable,
GError **, error)
{ {
DBusMessage *reply = NULL; GVariant *reply = NULL;
const char *service = dbus_message_get_destination(message); g_autoptr(GVariant) params = parameters;
const char *member = dbus_message_get_member(message);
VIR_MOCK_REAL_INIT(dbus_connection_send_with_reply_and_block); VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
if (STREQ(service, "org.freedesktop.PolicyKit1") && if (STREQ(bus_name, "org.freedesktop.PolicyKit1") &&
STREQ(member, "CheckAuthorization")) { STREQ(method_name, "CheckAuthorization")) {
g_autoptr(GVariantIter) iter = NULL;
GVariantBuilder builder;
char *type; char *type;
char *pidkey;
unsigned int pidval;
char *timekey;
unsigned long long timeval;
char *uidkey;
int uidval;
char *actionid; char *actionid;
char **details;
size_t detailslen;
int allowInteraction;
char *cancellationId;
const char **retdetails = NULL;
size_t retdetailslen = 0;
const char *retdetailscancelled[] = {
"polkit.dismissed", "true",
};
int is_authorized = 1; int is_authorized = 1;
int is_challenge = 0; int is_challenge = 0;
if (virDBusMessageDecode(message, g_variant_get(params, "((&s@a{sv})&sa{ss}@u@s)",
"(sa{sv})sa&{ss}us", &type,
&type, NULL,
3, &actionid,
&pidkey, "u", &pidval, &iter,
&timekey, "t", &timeval, NULL,
&uidkey, "i", &uidval, NULL);
&actionid,
&detailslen, g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
&details,
&allowInteraction,
&cancellationId) < 0)
goto error;
if (STREQ(actionid, "org.libvirt.test.success")) { if (STREQ(actionid, "org.libvirt.test.success")) {
is_authorized = 1; is_authorized = 1;
@ -95,17 +82,15 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
} else if (STREQ(actionid, "org.libvirt.test.cancelled")) { } else if (STREQ(actionid, "org.libvirt.test.cancelled")) {
is_authorized = 0; is_authorized = 0;
is_challenge = 0; is_challenge = 0;
retdetails = retdetailscancelled; g_variant_builder_add(&builder, "{ss}", "polkit.dismissed", "true");
retdetailslen = G_N_ELEMENTS(retdetailscancelled) / 2;
} else if (STREQ(actionid, "org.libvirt.test.details")) { } else if (STREQ(actionid, "org.libvirt.test.details")) {
size_t i; char *key;
char *val;
is_authorized = 0; is_authorized = 0;
is_challenge = 0; is_challenge = 0;
for (i = 0; i < detailslen / 2; i++) {
if (STREQ(details[i * 2], while (g_variant_iter_loop(iter, "{ss}", &key, &val)) {
"org.libvirt.test.person") && if (STREQ(key, "org.libvirt.test.person") && STREQ(val, "Fred")) {
STREQ(details[(i * 2) + 1],
"Fred")) {
is_authorized = 1; is_authorized = 1;
is_challenge = 0; is_challenge = 0;
} }
@ -115,30 +100,13 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
is_challenge = 0; is_challenge = 0;
} }
VIR_FREE(type); reply = g_variant_new("((bb@a{ss}))", is_authorized, is_challenge,
VIR_FREE(pidkey); g_variant_builder_end(&builder));
VIR_FREE(timekey);
VIR_FREE(uidkey);
VIR_FREE(actionid);
VIR_FREE(cancellationId);
virStringListFreeCount(details, detailslen);
if (virDBusCreateReply(&reply,
"(bba&{ss})",
is_authorized,
is_challenge,
retdetailslen,
retdetails) < 0)
goto error;
} else { } else {
reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); reply = g_variant_new("()");
} }
return reply; return reply;
error:
virDBusMessageUnref(reply);
return NULL;
} }
@ -322,7 +290,7 @@ mymain(void)
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
} }
VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virdbus")) VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virgdbus"))
#else /* ! __ELF__ */ #else /* ! __ELF__ */
int int