External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 21:55:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Also retrieve GID from SO_PEERCRED

Browse Source 
* daemon/remote.c, src/rpc/virnetserverclient.c,
  src/rpc/virnetserverclient.h, src/rpc/virnetsocket.c,
  src/rpc/virnetsocket.h: Add gid parameter
This commit is contained in:
Daniel P. Berrange 2011-12-16 00:18:22 +00:00
parent 4c82f09ef0
commit 59cf039815
5 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
daemon/remote.c
View File

@ -2030,6 +2030,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
int rv = -1;
int auth = virNetServerClientGetAuth(client);
uid_t callerUid;
gid_t callerGid;
pid_t callerPid;
/* If the client is root then we want to bypass the
@ -2037,7 +2038,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
* some piece of polkit isn't present/running
*/
if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
/* Don't do anything on error - it'll be validated at next
* phase of auth anyway */
virResetLastError();
@ -2463,6 +2464,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
remote_auth_polkit_ret *ret)
{
pid_t callerPid = -1;
gid_t callerGid = -1;
uid_t callerUid = -1;
const char *action;
int status = -1;
@ -2493,7 +2495,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
goto authfail;
}
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
goto authfail;
}
@ -2563,6 +2565,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
remote_auth_polkit_ret *ret)
{
pid_t callerPid;
gid_t callerGid;
uid_t callerUid;
PolKitCaller *pkcaller = NULL;
PolKitAction *pkaction = NULL;
@ -2590,7 +2593,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
goto authfail;
}
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
VIR_ERROR(_("cannot get peer socket identity"));
goto authfail;
}

4
src/rpc/virnetserverclient.c
View File

@ -448,12 +448,12 @@ int virNetServerClientGetFD(virNetServerClientPtr client)
}
int virNetServerClientGetLocalIdentity(virNetServerClientPtr client,
uid_t *uid, pid_t *pid)
uid_t *uid, gid_t *gid, pid_t *pid)
{
int ret = -1;
virNetServerClientLock(client);
if (client->sock)
ret = virNetSocketGetLocalIdentity(client->sock, uid, pid);
ret = virNetSocketGetLocalIdentity(client->sock, uid, gid, pid);
virNetServerClientUnlock(client);
return ret;
}

2
src/rpc/virnetserverclient.h
View File

@ -71,7 +71,7 @@ int virNetServerClientSetIdentity(virNetServerClientPtr client,
const char *virNetServerClientGetIdentity(virNetServerClientPtr client);
int virNetServerClientGetLocalIdentity(virNetServerClientPtr client,
uid_t *uid, pid_t *pid);
uid_t *uid, gid_t *gid, pid_t *pid);
void virNetServerClientRef(virNetServerClientPtr client);

3
src/rpc/virnetsocket.c
View File

@ -826,6 +826,7 @@ int virNetSocketGetPort(virNetSocketPtr sock)
#ifdef SO_PEERCRED
int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
uid_t *uid,
gid_t *gid,
pid_t *pid)
{
struct ucred cr;
@ -841,6 +842,7 @@ int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
*pid = cr.pid;
*uid = cr.uid;
*gid = cr.gid;
virMutexUnlock(&sock->lock);
return 0;
@ -848,6 +850,7 @@ int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
#else
int virNetSocketGetLocalIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
uid_t *uid ATTRIBUTE_UNUSED,
gid_t *gid ATTRIBUTE_UNUSED,
pid_t *pid ATTRIBUTE_UNUSED)
{
/* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/

1
src/rpc/virnetsocket.h
View File

@ -88,6 +88,7 @@ int virNetSocketGetPort(virNetSocketPtr sock);
int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
uid_t *uid,
gid_t *gid,
pid_t *pid);
int virNetSocketSetBlocking(virNetSocketPtr sock,