External/libvirt
1
0
Fork 0
Code

Convert callers to use typesafe APIs for getting identity attrs

Browse Source 
Convert virAccessDriverPolkitFormatProcess to use typesafe API
for getting process ID attribute.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-08-22 17:02:40 +01:00
parent 5282ed8d1c
commit 64a5dc1b6a
1 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/access/viraccessdriverpolkit.c
View File

@ -75,9 +75,9 @@ static char *
virAccessDriverPolkitFormatProcess(const char *actionid) virAccessDriverPolkitFormatProcess(const char *actionid)
{ {
virIdentityPtr identity = virIdentityGetCurrent(); virIdentityPtr identity = virIdentityGetCurrent();
const char *callerPid = NULL; pid_t pid;
const char *callerTime = NULL; unsigned long long startTime;
const char *callerUid = NULL; uid_t uid;
char *ret = NULL; char *ret = NULL;
#ifndef PKCHECK_SUPPORTS_UID #ifndef PKCHECK_SUPPORTS_UID
static bool polkitInsecureWarned; static bool polkitInsecureWarned;
@ -89,39 +89,35 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
actionid); actionid);
return NULL; return NULL;
} }
if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0) if (virIdentityGetUNIXProcessID(identity, &pid) < 0)
goto cleanup; goto cleanup;
if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0) if (virIdentityGetUNIXProcessTime(identity, &startTime) < 0)
goto cleanup; goto cleanup;
if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0) if (virIdentityGetUNIXUserID(identity, &uid) < 0)
goto cleanup; goto cleanup;
if (!callerPid) { if (!pid) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX process ID available")); _("No UNIX process ID available"));
goto cleanup; goto cleanup;
} }
if (!callerTime) { if (!startTime) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX process start time available")); _("No UNIX process start time available"));
goto cleanup; goto cleanup;
} }
if (!callerUid) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX caller UID available"));
goto cleanup;
}
#ifdef PKCHECK_SUPPORTS_UID #ifdef PKCHECK_SUPPORTS_UID
if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0) if (virAsprintf(&ret, "%llu,%llu,%llu",
(unsigned long long)pid, startTime, (unsigned long long)uid) < 0)
goto cleanup; goto cleanup;
#else #else
if (!polkitInsecureWarned) { if (!polkitInsecureWarned) {
VIR_WARN("No support for caller UID with pkcheck. " VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
"This deployment is known to be insecure.");
polkitInsecureWarned = true; polkitInsecureWarned = true;
} }
if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0) if (virAsprintf(&ret, "%llu,%llu",
(unsigned long long)pid, startTime) < 0)
goto cleanup; goto cleanup;
#endif #endif