External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 13:37:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix build when using polkit0

Browse Source 
V2: Remove policy kit references from virNetServer and use DBus APIs
    directly, if available.
This commit is contained in:
Jim Fehlig 2011-07-07 15:12:26 -06:00
parent 109efd7941
commit b8adfcc60c
6 changed files with 70 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
configure.ac
View File

@ -1010,6 +1010,7 @@ AC_ARG_WITH([polkit],
[with_polkit=check]) [with_polkit=check])
with_polkit0=no with_polkit0=no
with_dbus=no
with_polkit1=no with_polkit1=no
if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
dnl Check for new polkit first - just a binary dnl Check for new polkit first - just a binary
@ -1038,6 +1039,8 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
[use PolicyKit for UNIX socket access checks]) [use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1, AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
[use PolicyKit for UNIX socket access checks]) [use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([HAVE_DBUS], 1,
[use DBus for PolicyKit])
old_CFLAGS=$CFLAGS old_CFLAGS=$CFLAGS
old_LIBS=$LIBS old_LIBS=$LIBS
@ -1052,11 +1055,13 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program]) AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
fi fi
with_polkit0="yes" with_polkit0="yes"
with_dbus="yes"
fi fi
fi fi
fi fi
AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"])
AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
AC_SUBST([POLKIT_CFLAGS]) AC_SUBST([POLKIT_CFLAGS])
AC_SUBST([POLKIT_LIBS]) AC_SUBST([POLKIT_LIBS])

24
daemon/libvirtd.c
View File

@ -576,26 +576,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
} }
#endif #endif
#if HAVE_POLKIT0
if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
auth_unix_ro == REMOTE_AUTH_POLKIT) {
DBusError derr;
dbus_connection_set_change_sigpipe(FALSE);
dbus_threads_init_default();
dbus_error_init(&derr);
server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
if (!(server->sysbus)) {
VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
derr.message);
dbus_error_free(&derr);
goto error;
}
dbus_connection_set_exit_on_disconnect(server->sysbus, FALSE);
}
#endif
return 0; return 0;
error: error:
@ -1285,6 +1265,7 @@ int main(int argc, char **argv) {
struct daemonConfig *config; struct daemonConfig *config;
bool privileged = geteuid() == 0 ? true : false; bool privileged = geteuid() == 0 ? true : false;
bool implicit_conf = false; bool implicit_conf = false;
bool use_polkit_dbus;
struct option opts[] = { struct option opts[] = {
{ "verbose", no_argument, &verbose, 1}, { "verbose", no_argument, &verbose, 1},
@ -1445,10 +1426,13 @@ int main(int argc, char **argv) {
umask(old_umask); umask(old_umask);
} }
use_polkit_dbus = config->auth_unix_rw == REMOTE_AUTH_POLKIT ||
config->auth_unix_ro == REMOTE_AUTH_POLKIT;
if (!(srv = virNetServerNew(config->min_workers, if (!(srv = virNetServerNew(config->min_workers,
config->max_workers, config->max_workers,
config->max_clients, config->max_clients,
config->mdns_adv ? config->mdns_name : NULL, config->mdns_adv ? config->mdns_name : NULL,
use_polkit_dbus,
remoteClientInitHook))) { remoteClientInitHook))) {
ret = VIR_DAEMON_ERR_INIT; ret = VIR_DAEMON_ERR_INIT;
goto cleanup; goto cleanup;

21
daemon/remote.c
View File

@ -43,6 +43,7 @@
#include "command.h" #include "command.h"
#include "intprops.h" #include "intprops.h"
#include "virnetserverservice.h" #include "virnetserverservice.h"
#include "virnetserver.h"
#include "remote_protocol.h" #include "remote_protocol.h"
#include "qemu_protocol.h" #include "qemu_protocol.h"
@ -2115,7 +2116,7 @@ authdeny:
} }
#elif HAVE_POLKIT0 #elif HAVE_POLKIT0
static int static int
remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, remoteDispatchAuthPolkit(virNetServerPtr server,
virNetServerClientPtr client, virNetServerClientPtr client,
virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED, virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr, virNetMessageErrorPtr rerr,
@ -2137,21 +2138,19 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
memset(ident, 0, sizeof ident); memset(ident, 0, sizeof ident);
virMutexLock(&server->lock); virMutexLock(&priv->lock);
virMutexLock(&client->lock);
virMutexUnlock(&server->lock);
action = client->readonly ? action = virNetServerClientGetReadonly(client) ?
"org.libvirt.unix.monitor" : "org.libvirt.unix.monitor" :
"org.libvirt.unix.manage"; "org.libvirt.unix.manage";
VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client)); VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client));
if (client->auth != REMOTE_AUTH_POLKIT) { if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
VIR_ERROR(_("client tried invalid PolicyKit init request")); VIR_ERROR(_("client tried invalid PolicyKit init request"));
goto authfail; goto authfail;
} }
if (qemudGetSocketIdentity(virNetServerClientGetFD(client), &callerUid, &callerPid) < 0) { if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
VIR_ERROR(_("cannot get peer socket identity")); VIR_ERROR(_("cannot get peer socket identity"));
goto authfail; goto authfail;
} }
@ -2164,7 +2163,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
VIR_INFO("Checking PID %d running as %d", callerPid, callerUid); VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
dbus_error_init(&err); dbus_error_init(&err);
if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus, if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server),
callerPid, &err))) { callerPid, &err))) {
VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message); VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message);
dbus_error_free(&err); dbus_error_free(&err);
@ -2226,9 +2225,9 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
action, callerPid, callerUid, action, callerPid, callerUid,
polkit_result_to_string_representation(pkresult)); polkit_result_to_string_representation(pkresult));
ret->complete = 1; ret->complete = 1;
client->auth = REMOTE_AUTH_NONE; virNetServerClientSetIdentity(client, ident);
virMutexUnlock(&client->lock); virMutexUnlock(&priv->lock);
return 0; return 0;
error: error:
@ -2236,7 +2235,7 @@ error:
virNetError(VIR_ERR_AUTH_FAILED, "%s", virNetError(VIR_ERR_AUTH_FAILED, "%s",
_("authentication failed")); _("authentication failed"));
virNetMessageSaveError(rerr); virNetMessageSaveError(rerr);
virMutexUnlock(&client->lock); virMutexUnlock(&priv->lock);
return -1; return -1;
authfail: authfail:

4
src/Makefile.am
View File

@ -1270,10 +1270,12 @@ EXTRA_DIST += \
endif endif
libvirt_net_rpc_server_la_CFLAGS = \ libvirt_net_rpc_server_la_CFLAGS = \
$(AVAHI_CFLAGS) \ $(AVAHI_CFLAGS) \
$(AM_CFLAGS) $(AM_CFLAGS) \
$(POLKIT_CFLAGS)
libvirt_net_rpc_server_la_LDFLAGS = \ libvirt_net_rpc_server_la_LDFLAGS = \
$(AM_LDFLAGS) \ $(AM_LDFLAGS) \
$(AVAHI_LIBS) \ $(AVAHI_LIBS) \
$(POLKIT_LIBS) \
$(CYGWIN_EXTRA_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS) $(MINGW_EXTRA_LDFLAGS)
libvirt_net_rpc_server_la_LIBADD = \ libvirt_net_rpc_server_la_LIBADD = \

41
src/rpc/virnetserver.c
View File

@ -39,6 +39,9 @@
#if HAVE_AVAHI #if HAVE_AVAHI
# include "virnetservermdns.h" # include "virnetservermdns.h"
#endif #endif
#if HAVE_DBUS
# include <dbus/dbus.h>
#endif
#define VIR_FROM_THIS VIR_FROM_RPC #define VIR_FROM_THIS VIR_FROM_RPC
#define virNetError(code, ...) \ #define virNetError(code, ...) \
@ -84,6 +87,10 @@ struct _virNetServer {
virNetServerMDNSGroupPtr mdnsGroup; virNetServerMDNSGroupPtr mdnsGroup;
#endif #endif
#if HAVE_DBUS
DBusConnection *sysbus;
#endif
size_t nservices; size_t nservices;
virNetServerServicePtr *services; virNetServerServicePtr *services;
@ -270,6 +277,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
size_t max_workers, size_t max_workers,
size_t max_clients, size_t max_clients,
const char *mdnsGroupName, const char *mdnsGroupName,
bool connectDBus,
virNetServerClientInitHook clientInitHook) virNetServerClientInitHook clientInitHook)
{ {
virNetServerPtr srv; virNetServerPtr srv;
@ -306,6 +314,25 @@ virNetServerPtr virNetServerNew(size_t min_workers,
} }
#endif #endif
#if HAVE_DBUS
if (connectDBus) {
DBusError derr;
dbus_connection_set_change_sigpipe(FALSE);
dbus_threads_init_default();
dbus_error_init(&derr);
srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
if (!(srv->sysbus)) {
VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
derr.message);
dbus_error_free(&derr);
goto error;
}
dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE);
}
#endif
if (virMutexInit(&srv->lock) < 0) { if (virMutexInit(&srv->lock) < 0) {
virNetError(VIR_ERR_INTERNAL_ERROR, "%s", virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
_("cannot initialize mutex")); _("cannot initialize mutex"));
@ -363,6 +390,14 @@ bool virNetServerIsPrivileged(virNetServerPtr srv)
} }
#if HAVE_DBUS
DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv)
{
return srv->sysbus;
}
#endif
void virNetServerAutoShutdown(virNetServerPtr srv, void virNetServerAutoShutdown(virNetServerPtr srv,
unsigned int timeout, unsigned int timeout,
virNetServerAutoShutdownFunc func, virNetServerAutoShutdownFunc func,
@ -377,7 +412,6 @@ void virNetServerAutoShutdown(virNetServerPtr srv,
virNetServerUnlock(srv); virNetServerUnlock(srv);
} }
static sig_atomic_t sigErrors = 0; static sig_atomic_t sigErrors = 0;
static int sigLastErrno = 0; static int sigLastErrno = 0;
static int sigWrite = -1; static int sigWrite = -1;
@ -747,6 +781,11 @@ void virNetServerFree(virNetServerPtr srv)
VIR_FREE(srv->mdnsGroupName); VIR_FREE(srv->mdnsGroupName);
#if HAVE_DBUS
if (srv->sysbus)
dbus_connection_unref(srv->sysbus);
#endif
virNetServerUnlock(srv); virNetServerUnlock(srv);
virMutexDestroy(&srv->lock); virMutexDestroy(&srv->lock);
VIR_FREE(srv); VIR_FREE(srv);

8
src/rpc/virnetserver.h
View File

@ -25,6 +25,9 @@
# define __VIR_NET_SERVER_H__ # define __VIR_NET_SERVER_H__
# include <signal.h> # include <signal.h>
# if HAVE_DBUS
# include <dbus/dbus.h>
# endif
# include "virnettlscontext.h" # include "virnettlscontext.h"
# include "virnetserverprogram.h" # include "virnetserverprogram.h"
@ -38,6 +41,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
size_t max_workers, size_t max_workers,
size_t max_clients, size_t max_clients,
const char *mdnsGroupName, const char *mdnsGroupName,
bool connectDBus,
virNetServerClientInitHook clientInitHook); virNetServerClientInitHook clientInitHook);
typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque); typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque);
@ -46,6 +50,10 @@ void virNetServerRef(virNetServerPtr srv);
bool virNetServerIsPrivileged(virNetServerPtr srv); bool virNetServerIsPrivileged(virNetServerPtr srv);
# if HAVE_DBUS
DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv);
# endif
void virNetServerAutoShutdown(virNetServerPtr srv, void virNetServerAutoShutdown(virNetServerPtr srv,
unsigned int timeout, unsigned int timeout,
virNetServerAutoShutdownFunc func, virNetServerAutoShutdownFunc func,