From b8adfcc60ccf4a2fabcac3692a958d2c063d8336 Mon Sep 17 00:00:00 2001 From: Jim Fehlig Date: Thu, 7 Jul 2011 15:12:26 -0600 Subject: [PATCH] Fix build when using polkit0 V2: Remove policy kit references from virNetServer and use DBus APIs directly, if available. --- configure.ac | 5 +++++ daemon/libvirtd.c | 24 ++++-------------------- daemon/remote.c | 21 ++++++++++----------- src/Makefile.am | 4 +++- src/rpc/virnetserver.c | 41 ++++++++++++++++++++++++++++++++++++++++- src/rpc/virnetserver.h | 8 ++++++++ 6 files changed, 70 insertions(+), 33 deletions(-) diff --git a/configure.ac b/configure.ac index ae747fb248..e9d5be4858 100644 --- a/configure.ac +++ b/configure.ac @@ -1010,6 +1010,7 @@ AC_ARG_WITH([polkit], [with_polkit=check]) with_polkit0=no +with_dbus=no with_polkit1=no if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then dnl Check for new polkit first - just a binary @@ -1038,6 +1039,8 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then [use PolicyKit for UNIX socket access checks]) AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1, [use PolicyKit for UNIX socket access checks]) + AC_DEFINE_UNQUOTED([HAVE_DBUS], 1, + [use DBus for PolicyKit]) old_CFLAGS=$CFLAGS old_LIBS=$LIBS @@ -1052,11 +1055,13 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program]) fi with_polkit0="yes" + with_dbus="yes" fi fi fi AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"]) +AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"]) AC_SUBST([POLKIT_CFLAGS]) AC_SUBST([POLKIT_LIBS]) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 97db69691c..259fcc4ed3 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -576,26 +576,6 @@ static int daemonSetupNetworking(virNetServerPtr srv, } #endif -#if HAVE_POLKIT0 - if (auth_unix_rw == REMOTE_AUTH_POLKIT || - auth_unix_ro == REMOTE_AUTH_POLKIT) { - DBusError derr; - - dbus_connection_set_change_sigpipe(FALSE); - dbus_threads_init_default(); - - dbus_error_init(&derr); - server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr); - if (!(server->sysbus)) { - VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"), - derr.message); - dbus_error_free(&derr); - goto error; - } - dbus_connection_set_exit_on_disconnect(server->sysbus, FALSE); - } -#endif - return 0; error: @@ -1285,6 +1265,7 @@ int main(int argc, char **argv) { struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; bool implicit_conf = false; + bool use_polkit_dbus; struct option opts[] = { { "verbose", no_argument, &verbose, 1}, @@ -1445,10 +1426,13 @@ int main(int argc, char **argv) { umask(old_umask); } + use_polkit_dbus = config->auth_unix_rw == REMOTE_AUTH_POLKIT || + config->auth_unix_ro == REMOTE_AUTH_POLKIT; if (!(srv = virNetServerNew(config->min_workers, config->max_workers, config->max_clients, config->mdns_adv ? config->mdns_name : NULL, + use_polkit_dbus, remoteClientInitHook))) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; diff --git a/daemon/remote.c b/daemon/remote.c index a2e79efa99..0172626e18 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -43,6 +43,7 @@ #include "command.h" #include "intprops.h" #include "virnetserverservice.h" +#include "virnetserver.h" #include "remote_protocol.h" #include "qemu_protocol.h" @@ -2115,7 +2116,7 @@ authdeny: } #elif HAVE_POLKIT0 static int -remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthPolkit(virNetServerPtr server, virNetServerClientPtr client, virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -2137,21 +2138,19 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, memset(ident, 0, sizeof ident); - virMutexLock(&server->lock); - virMutexLock(&client->lock); - virMutexUnlock(&server->lock); + virMutexLock(&priv->lock); - action = client->readonly ? + action = virNetServerClientGetReadonly(client) ? "org.libvirt.unix.monitor" : "org.libvirt.unix.manage"; VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client)); - if (client->auth != REMOTE_AUTH_POLKIT) { + if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) { VIR_ERROR(_("client tried invalid PolicyKit init request")); goto authfail; } - if (qemudGetSocketIdentity(virNetServerClientGetFD(client), &callerUid, &callerPid) < 0) { + if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) { VIR_ERROR(_("cannot get peer socket identity")); goto authfail; } @@ -2164,7 +2163,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, VIR_INFO("Checking PID %d running as %d", callerPid, callerUid); dbus_error_init(&err); - if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus, + if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server), callerPid, &err))) { VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message); dbus_error_free(&err); @@ -2226,9 +2225,9 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, action, callerPid, callerUid, polkit_result_to_string_representation(pkresult)); ret->complete = 1; - client->auth = REMOTE_AUTH_NONE; + virNetServerClientSetIdentity(client, ident); - virMutexUnlock(&client->lock); + virMutexUnlock(&priv->lock); return 0; error: @@ -2236,7 +2235,7 @@ error: virNetError(VIR_ERR_AUTH_FAILED, "%s", _("authentication failed")); virNetMessageSaveError(rerr); - virMutexUnlock(&client->lock); + virMutexUnlock(&priv->lock); return -1; authfail: diff --git a/src/Makefile.am b/src/Makefile.am index cb4b2273f8..4dd9359141 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1270,10 +1270,12 @@ EXTRA_DIST += \ endif libvirt_net_rpc_server_la_CFLAGS = \ $(AVAHI_CFLAGS) \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(POLKIT_CFLAGS) libvirt_net_rpc_server_la_LDFLAGS = \ $(AM_LDFLAGS) \ $(AVAHI_LIBS) \ + $(POLKIT_LIBS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) libvirt_net_rpc_server_la_LIBADD = \ diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 5e1719bec5..94d46f60a1 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -39,6 +39,9 @@ #if HAVE_AVAHI # include "virnetservermdns.h" #endif +#if HAVE_DBUS +# include +#endif #define VIR_FROM_THIS VIR_FROM_RPC #define virNetError(code, ...) \ @@ -84,6 +87,10 @@ struct _virNetServer { virNetServerMDNSGroupPtr mdnsGroup; #endif +#if HAVE_DBUS + DBusConnection *sysbus; +#endif + size_t nservices; virNetServerServicePtr *services; @@ -270,6 +277,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, size_t max_clients, const char *mdnsGroupName, + bool connectDBus, virNetServerClientInitHook clientInitHook) { virNetServerPtr srv; @@ -306,6 +314,25 @@ virNetServerPtr virNetServerNew(size_t min_workers, } #endif +#if HAVE_DBUS + if (connectDBus) { + DBusError derr; + + dbus_connection_set_change_sigpipe(FALSE); + dbus_threads_init_default(); + + dbus_error_init(&derr); + srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr); + if (!(srv->sysbus)) { + VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"), + derr.message); + dbus_error_free(&derr); + goto error; + } + dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE); + } +#endif + if (virMutexInit(&srv->lock) < 0) { virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); @@ -363,6 +390,14 @@ bool virNetServerIsPrivileged(virNetServerPtr srv) } +#if HAVE_DBUS +DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv) +{ + return srv->sysbus; +} +#endif + + void virNetServerAutoShutdown(virNetServerPtr srv, unsigned int timeout, virNetServerAutoShutdownFunc func, @@ -377,7 +412,6 @@ void virNetServerAutoShutdown(virNetServerPtr srv, virNetServerUnlock(srv); } - static sig_atomic_t sigErrors = 0; static int sigLastErrno = 0; static int sigWrite = -1; @@ -747,6 +781,11 @@ void virNetServerFree(virNetServerPtr srv) VIR_FREE(srv->mdnsGroupName); +#if HAVE_DBUS + if (srv->sysbus) + dbus_connection_unref(srv->sysbus); +#endif + virNetServerUnlock(srv); virMutexDestroy(&srv->lock); VIR_FREE(srv); diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 6e7a21b6ff..810d8a3a96 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -25,6 +25,9 @@ # define __VIR_NET_SERVER_H__ # include +# if HAVE_DBUS +# include +# endif # include "virnettlscontext.h" # include "virnetserverprogram.h" @@ -38,6 +41,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, size_t max_clients, const char *mdnsGroupName, + bool connectDBus, virNetServerClientInitHook clientInitHook); typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque); @@ -46,6 +50,10 @@ void virNetServerRef(virNetServerPtr srv); bool virNetServerIsPrivileged(virNetServerPtr srv); +# if HAVE_DBUS +DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv); +# endif + void virNetServerAutoShutdown(virNetServerPtr srv, unsigned int timeout, virNetServerAutoShutdownFunc func,