mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-22 04:25:18 +00:00
Fix build when using polkit0
V2: Remove policy kit references from virNetServer and use DBus APIs directly, if available.
This commit is contained in:
parent
109efd7941
commit
b8adfcc60c
@ -1010,6 +1010,7 @@ AC_ARG_WITH([polkit],
|
|||||||
[with_polkit=check])
|
[with_polkit=check])
|
||||||
|
|
||||||
with_polkit0=no
|
with_polkit0=no
|
||||||
|
with_dbus=no
|
||||||
with_polkit1=no
|
with_polkit1=no
|
||||||
if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
|
if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
|
||||||
dnl Check for new polkit first - just a binary
|
dnl Check for new polkit first - just a binary
|
||||||
@ -1038,6 +1039,8 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
|
|||||||
[use PolicyKit for UNIX socket access checks])
|
[use PolicyKit for UNIX socket access checks])
|
||||||
AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
|
AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
|
||||||
[use PolicyKit for UNIX socket access checks])
|
[use PolicyKit for UNIX socket access checks])
|
||||||
|
AC_DEFINE_UNQUOTED([HAVE_DBUS], 1,
|
||||||
|
[use DBus for PolicyKit])
|
||||||
|
|
||||||
old_CFLAGS=$CFLAGS
|
old_CFLAGS=$CFLAGS
|
||||||
old_LIBS=$LIBS
|
old_LIBS=$LIBS
|
||||||
@ -1052,11 +1055,13 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
|
|||||||
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
|
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
|
||||||
fi
|
fi
|
||||||
with_polkit0="yes"
|
with_polkit0="yes"
|
||||||
|
with_dbus="yes"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
|
AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
|
||||||
AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
|
AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
|
||||||
|
AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"])
|
||||||
AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
|
AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
|
||||||
AC_SUBST([POLKIT_CFLAGS])
|
AC_SUBST([POLKIT_CFLAGS])
|
||||||
AC_SUBST([POLKIT_LIBS])
|
AC_SUBST([POLKIT_LIBS])
|
||||||
|
@ -576,26 +576,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if HAVE_POLKIT0
|
|
||||||
if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
|
|
||||||
auth_unix_ro == REMOTE_AUTH_POLKIT) {
|
|
||||||
DBusError derr;
|
|
||||||
|
|
||||||
dbus_connection_set_change_sigpipe(FALSE);
|
|
||||||
dbus_threads_init_default();
|
|
||||||
|
|
||||||
dbus_error_init(&derr);
|
|
||||||
server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
|
|
||||||
if (!(server->sysbus)) {
|
|
||||||
VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
|
|
||||||
derr.message);
|
|
||||||
dbus_error_free(&derr);
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
dbus_connection_set_exit_on_disconnect(server->sysbus, FALSE);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
@ -1285,6 +1265,7 @@ int main(int argc, char **argv) {
|
|||||||
struct daemonConfig *config;
|
struct daemonConfig *config;
|
||||||
bool privileged = geteuid() == 0 ? true : false;
|
bool privileged = geteuid() == 0 ? true : false;
|
||||||
bool implicit_conf = false;
|
bool implicit_conf = false;
|
||||||
|
bool use_polkit_dbus;
|
||||||
|
|
||||||
struct option opts[] = {
|
struct option opts[] = {
|
||||||
{ "verbose", no_argument, &verbose, 1},
|
{ "verbose", no_argument, &verbose, 1},
|
||||||
@ -1445,10 +1426,13 @@ int main(int argc, char **argv) {
|
|||||||
umask(old_umask);
|
umask(old_umask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
use_polkit_dbus = config->auth_unix_rw == REMOTE_AUTH_POLKIT ||
|
||||||
|
config->auth_unix_ro == REMOTE_AUTH_POLKIT;
|
||||||
if (!(srv = virNetServerNew(config->min_workers,
|
if (!(srv = virNetServerNew(config->min_workers,
|
||||||
config->max_workers,
|
config->max_workers,
|
||||||
config->max_clients,
|
config->max_clients,
|
||||||
config->mdns_adv ? config->mdns_name : NULL,
|
config->mdns_adv ? config->mdns_name : NULL,
|
||||||
|
use_polkit_dbus,
|
||||||
remoteClientInitHook))) {
|
remoteClientInitHook))) {
|
||||||
ret = VIR_DAEMON_ERR_INIT;
|
ret = VIR_DAEMON_ERR_INIT;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
@ -43,6 +43,7 @@
|
|||||||
#include "command.h"
|
#include "command.h"
|
||||||
#include "intprops.h"
|
#include "intprops.h"
|
||||||
#include "virnetserverservice.h"
|
#include "virnetserverservice.h"
|
||||||
|
#include "virnetserver.h"
|
||||||
|
|
||||||
#include "remote_protocol.h"
|
#include "remote_protocol.h"
|
||||||
#include "qemu_protocol.h"
|
#include "qemu_protocol.h"
|
||||||
@ -2115,7 +2116,7 @@ authdeny:
|
|||||||
}
|
}
|
||||||
#elif HAVE_POLKIT0
|
#elif HAVE_POLKIT0
|
||||||
static int
|
static int
|
||||||
remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
remoteDispatchAuthPolkit(virNetServerPtr server,
|
||||||
virNetServerClientPtr client,
|
virNetServerClientPtr client,
|
||||||
virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED,
|
virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED,
|
||||||
virNetMessageErrorPtr rerr,
|
virNetMessageErrorPtr rerr,
|
||||||
@ -2137,21 +2138,19 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
memset(ident, 0, sizeof ident);
|
memset(ident, 0, sizeof ident);
|
||||||
|
|
||||||
virMutexLock(&server->lock);
|
virMutexLock(&priv->lock);
|
||||||
virMutexLock(&client->lock);
|
|
||||||
virMutexUnlock(&server->lock);
|
|
||||||
|
|
||||||
action = client->readonly ?
|
action = virNetServerClientGetReadonly(client) ?
|
||||||
"org.libvirt.unix.monitor" :
|
"org.libvirt.unix.monitor" :
|
||||||
"org.libvirt.unix.manage";
|
"org.libvirt.unix.manage";
|
||||||
|
|
||||||
VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client));
|
VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client));
|
||||||
if (client->auth != REMOTE_AUTH_POLKIT) {
|
if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
|
||||||
VIR_ERROR(_("client tried invalid PolicyKit init request"));
|
VIR_ERROR(_("client tried invalid PolicyKit init request"));
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (qemudGetSocketIdentity(virNetServerClientGetFD(client), &callerUid, &callerPid) < 0) {
|
if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
|
||||||
VIR_ERROR(_("cannot get peer socket identity"));
|
VIR_ERROR(_("cannot get peer socket identity"));
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
@ -2164,7 +2163,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
|
VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
|
||||||
dbus_error_init(&err);
|
dbus_error_init(&err);
|
||||||
if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
|
if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server),
|
||||||
callerPid, &err))) {
|
callerPid, &err))) {
|
||||||
VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message);
|
VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message);
|
||||||
dbus_error_free(&err);
|
dbus_error_free(&err);
|
||||||
@ -2226,9 +2225,9 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
|||||||
action, callerPid, callerUid,
|
action, callerPid, callerUid,
|
||||||
polkit_result_to_string_representation(pkresult));
|
polkit_result_to_string_representation(pkresult));
|
||||||
ret->complete = 1;
|
ret->complete = 1;
|
||||||
client->auth = REMOTE_AUTH_NONE;
|
virNetServerClientSetIdentity(client, ident);
|
||||||
|
|
||||||
virMutexUnlock(&client->lock);
|
virMutexUnlock(&priv->lock);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
@ -2236,7 +2235,7 @@ error:
|
|||||||
virNetError(VIR_ERR_AUTH_FAILED, "%s",
|
virNetError(VIR_ERR_AUTH_FAILED, "%s",
|
||||||
_("authentication failed"));
|
_("authentication failed"));
|
||||||
virNetMessageSaveError(rerr);
|
virNetMessageSaveError(rerr);
|
||||||
virMutexUnlock(&client->lock);
|
virMutexUnlock(&priv->lock);
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
authfail:
|
authfail:
|
||||||
|
@ -1270,10 +1270,12 @@ EXTRA_DIST += \
|
|||||||
endif
|
endif
|
||||||
libvirt_net_rpc_server_la_CFLAGS = \
|
libvirt_net_rpc_server_la_CFLAGS = \
|
||||||
$(AVAHI_CFLAGS) \
|
$(AVAHI_CFLAGS) \
|
||||||
$(AM_CFLAGS)
|
$(AM_CFLAGS) \
|
||||||
|
$(POLKIT_CFLAGS)
|
||||||
libvirt_net_rpc_server_la_LDFLAGS = \
|
libvirt_net_rpc_server_la_LDFLAGS = \
|
||||||
$(AM_LDFLAGS) \
|
$(AM_LDFLAGS) \
|
||||||
$(AVAHI_LIBS) \
|
$(AVAHI_LIBS) \
|
||||||
|
$(POLKIT_LIBS) \
|
||||||
$(CYGWIN_EXTRA_LDFLAGS) \
|
$(CYGWIN_EXTRA_LDFLAGS) \
|
||||||
$(MINGW_EXTRA_LDFLAGS)
|
$(MINGW_EXTRA_LDFLAGS)
|
||||||
libvirt_net_rpc_server_la_LIBADD = \
|
libvirt_net_rpc_server_la_LIBADD = \
|
||||||
|
@ -39,6 +39,9 @@
|
|||||||
#if HAVE_AVAHI
|
#if HAVE_AVAHI
|
||||||
# include "virnetservermdns.h"
|
# include "virnetservermdns.h"
|
||||||
#endif
|
#endif
|
||||||
|
#if HAVE_DBUS
|
||||||
|
# include <dbus/dbus.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#define VIR_FROM_THIS VIR_FROM_RPC
|
#define VIR_FROM_THIS VIR_FROM_RPC
|
||||||
#define virNetError(code, ...) \
|
#define virNetError(code, ...) \
|
||||||
@ -84,6 +87,10 @@ struct _virNetServer {
|
|||||||
virNetServerMDNSGroupPtr mdnsGroup;
|
virNetServerMDNSGroupPtr mdnsGroup;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if HAVE_DBUS
|
||||||
|
DBusConnection *sysbus;
|
||||||
|
#endif
|
||||||
|
|
||||||
size_t nservices;
|
size_t nservices;
|
||||||
virNetServerServicePtr *services;
|
virNetServerServicePtr *services;
|
||||||
|
|
||||||
@ -270,6 +277,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
|
|||||||
size_t max_workers,
|
size_t max_workers,
|
||||||
size_t max_clients,
|
size_t max_clients,
|
||||||
const char *mdnsGroupName,
|
const char *mdnsGroupName,
|
||||||
|
bool connectDBus,
|
||||||
virNetServerClientInitHook clientInitHook)
|
virNetServerClientInitHook clientInitHook)
|
||||||
{
|
{
|
||||||
virNetServerPtr srv;
|
virNetServerPtr srv;
|
||||||
@ -306,6 +314,25 @@ virNetServerPtr virNetServerNew(size_t min_workers,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if HAVE_DBUS
|
||||||
|
if (connectDBus) {
|
||||||
|
DBusError derr;
|
||||||
|
|
||||||
|
dbus_connection_set_change_sigpipe(FALSE);
|
||||||
|
dbus_threads_init_default();
|
||||||
|
|
||||||
|
dbus_error_init(&derr);
|
||||||
|
srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
|
||||||
|
if (!(srv->sysbus)) {
|
||||||
|
VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
|
||||||
|
derr.message);
|
||||||
|
dbus_error_free(&derr);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (virMutexInit(&srv->lock) < 0) {
|
if (virMutexInit(&srv->lock) < 0) {
|
||||||
virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
|
virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
_("cannot initialize mutex"));
|
_("cannot initialize mutex"));
|
||||||
@ -363,6 +390,14 @@ bool virNetServerIsPrivileged(virNetServerPtr srv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#if HAVE_DBUS
|
||||||
|
DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv)
|
||||||
|
{
|
||||||
|
return srv->sysbus;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
void virNetServerAutoShutdown(virNetServerPtr srv,
|
void virNetServerAutoShutdown(virNetServerPtr srv,
|
||||||
unsigned int timeout,
|
unsigned int timeout,
|
||||||
virNetServerAutoShutdownFunc func,
|
virNetServerAutoShutdownFunc func,
|
||||||
@ -377,7 +412,6 @@ void virNetServerAutoShutdown(virNetServerPtr srv,
|
|||||||
virNetServerUnlock(srv);
|
virNetServerUnlock(srv);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static sig_atomic_t sigErrors = 0;
|
static sig_atomic_t sigErrors = 0;
|
||||||
static int sigLastErrno = 0;
|
static int sigLastErrno = 0;
|
||||||
static int sigWrite = -1;
|
static int sigWrite = -1;
|
||||||
@ -747,6 +781,11 @@ void virNetServerFree(virNetServerPtr srv)
|
|||||||
|
|
||||||
VIR_FREE(srv->mdnsGroupName);
|
VIR_FREE(srv->mdnsGroupName);
|
||||||
|
|
||||||
|
#if HAVE_DBUS
|
||||||
|
if (srv->sysbus)
|
||||||
|
dbus_connection_unref(srv->sysbus);
|
||||||
|
#endif
|
||||||
|
|
||||||
virNetServerUnlock(srv);
|
virNetServerUnlock(srv);
|
||||||
virMutexDestroy(&srv->lock);
|
virMutexDestroy(&srv->lock);
|
||||||
VIR_FREE(srv);
|
VIR_FREE(srv);
|
||||||
|
@ -25,6 +25,9 @@
|
|||||||
# define __VIR_NET_SERVER_H__
|
# define __VIR_NET_SERVER_H__
|
||||||
|
|
||||||
# include <signal.h>
|
# include <signal.h>
|
||||||
|
# if HAVE_DBUS
|
||||||
|
# include <dbus/dbus.h>
|
||||||
|
# endif
|
||||||
|
|
||||||
# include "virnettlscontext.h"
|
# include "virnettlscontext.h"
|
||||||
# include "virnetserverprogram.h"
|
# include "virnetserverprogram.h"
|
||||||
@ -38,6 +41,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
|
|||||||
size_t max_workers,
|
size_t max_workers,
|
||||||
size_t max_clients,
|
size_t max_clients,
|
||||||
const char *mdnsGroupName,
|
const char *mdnsGroupName,
|
||||||
|
bool connectDBus,
|
||||||
virNetServerClientInitHook clientInitHook);
|
virNetServerClientInitHook clientInitHook);
|
||||||
|
|
||||||
typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque);
|
typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque);
|
||||||
@ -46,6 +50,10 @@ void virNetServerRef(virNetServerPtr srv);
|
|||||||
|
|
||||||
bool virNetServerIsPrivileged(virNetServerPtr srv);
|
bool virNetServerIsPrivileged(virNetServerPtr srv);
|
||||||
|
|
||||||
|
# if HAVE_DBUS
|
||||||
|
DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv);
|
||||||
|
# endif
|
||||||
|
|
||||||
void virNetServerAutoShutdown(virNetServerPtr srv,
|
void virNetServerAutoShutdown(virNetServerPtr srv,
|
||||||
unsigned int timeout,
|
unsigned int timeout,
|
||||||
virNetServerAutoShutdownFunc func,
|
virNetServerAutoShutdownFunc func,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user