/*
* virpolkit.c: helpers for using polkit APIs
*
* Copyright (C) 2013, 2014, 2016 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* .
*
*/
#include
#include
#include "virpolkit.h"
#include "virerror.h"
#include "virlog.h"
#include "virstring.h"
#include "virprocess.h"
#include "viralloc.h"
#include "virgdbus.h"
#include "virfile.h"
#include "virutil.h"
#define VIR_FROM_THIS VIR_FROM_POLKIT
VIR_LOG_INIT("util.polkit");
#if WITH_POLKIT
# include
struct _virPolkitAgent {
virCommandPtr cmd;
};
/*
* virPolkitCheckAuth:
* @actionid: permission to check
* @pid: client process ID
* @startTime: process start time, or 0
* @uid: client process user ID
* @details: NULL terminated (key, value) pair list
* @allowInteraction: true if auth prompts are allowed
*
* Check if a client is authenticated with polkit
*
* Returns 0 on success, -1 on failure, -2 on auth denied
*/
int virPolkitCheckAuth(const char *actionid,
pid_t pid,
unsigned long long startTime,
uid_t uid,
const char **details,
bool allowInteraction)
{
GDBusConnection *sysbus;
GVariantBuilder builder;
GVariant *gprocess = NULL;
GVariant *gdetails = NULL;
g_autoptr(GVariant) message = NULL;
g_autoptr(GVariant) reply = NULL;
g_autoptr(GVariantIter) iter = NULL;
char *retkey;
char *retval;
gboolean is_authorized;
gboolean is_challenge;
bool is_dismissed = false;
size_t i;
if (!(sysbus = virGDBusGetSystemBus()))
return -1;
VIR_INFO("Checking PID %lld running as %d",
(long long) pid, uid);
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}"));
g_variant_builder_add(&builder, "{sv}", "pid", g_variant_new_uint32(pid));
g_variant_builder_add(&builder, "{sv}", "start-time", g_variant_new_uint64(startTime));
g_variant_builder_add(&builder, "{sv}", "uid", g_variant_new_int32(uid));
gprocess = g_variant_builder_end(&builder);
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
for (i = 0; i < virStringListLength(details); i += 2)
g_variant_builder_add(&builder, "{ss}", details[i], details[i + 1]);
gdetails = g_variant_builder_end(&builder);
message = g_variant_new("((s@a{sv})s@a{ss}us)",
"unix-process",
gprocess,
actionid,
gdetails,
allowInteraction,
"" /* cancellation ID */);
if (virGDBusCallMethod(sysbus,
&reply,
NULL,
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
"org.freedesktop.PolicyKit1.Authority",
"CheckAuthorization",
message) < 0)
return -1;
g_variant_get(reply, "((bba{ss}))", &is_authorized, &is_challenge, &iter);
while (g_variant_iter_loop(iter, "{ss}", &retkey, &retval)) {
if (STREQ(retkey, "polkit.dismissed") && STREQ(retval, "true"))
is_dismissed = true;
}
VIR_DEBUG("is auth %d is challenge %d",
is_authorized, is_challenge);
if (is_authorized)
return 0;
if (is_dismissed) {
virReportError(VIR_ERR_AUTH_CANCELLED, "%s",
_("user cancelled authentication process"));
} else if (is_challenge) {
virReportError(VIR_ERR_AUTH_UNAVAILABLE,
_("no polkit agent available to authenticate action '%s'"),
actionid);
} else {
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("access denied by policy"));
}
return -2;
}
/* virPolkitAgentDestroy:
* @cmd: Pointer to the virCommandPtr created during virPolkitAgentCreate
*
* Destroy resources used by Polkit Agent
*/
void
virPolkitAgentDestroy(virPolkitAgentPtr agent)
{
if (!agent)
return;
virCommandFree(agent->cmd);
VIR_FREE(agent);
}
/* virPolkitAgentCreate:
*
* Allocate and setup a polkit agent
*
* Returns a virCommandPtr on success and NULL on failure
*/
virPolkitAgentPtr
virPolkitAgentCreate(void)
{
virPolkitAgentPtr agent = NULL;
int pipe_fd[2] = {-1, -1};
struct pollfd pollfd;
int outfd = STDOUT_FILENO;
int errfd = STDERR_FILENO;
if (!isatty(STDIN_FILENO))
goto error;
if (virPipe(pipe_fd) < 0)
goto error;
if (VIR_ALLOC(agent) < 0)
goto error;
agent->cmd = virCommandNewArgList(PKTTYAGENT, "--process", NULL);
virCommandAddArgFormat(agent->cmd, "%lld", (long long int) getpid());
virCommandAddArg(agent->cmd, "--notify-fd");
virCommandAddArgFormat(agent->cmd, "%d", pipe_fd[1]);
virCommandAddArg(agent->cmd, "--fallback");
virCommandSetInputFD(agent->cmd, STDIN_FILENO);
virCommandSetOutputFD(agent->cmd, &outfd);
virCommandSetErrorFD(agent->cmd, &errfd);
virCommandPassFD(agent->cmd, pipe_fd[1], VIR_COMMAND_PASS_FD_CLOSE_PARENT);
pipe_fd[1] = -1;
if (virCommandRunAsync(agent->cmd, NULL) < 0)
goto error;
pollfd.fd = pipe_fd[0];
pollfd.events = POLLHUP;
if (poll(&pollfd, 1, -1) < 0)
goto error;
return agent;
error:
VIR_FORCE_CLOSE(pipe_fd[0]);
VIR_FORCE_CLOSE(pipe_fd[1]);
virPolkitAgentDestroy(agent);
return NULL;
}
#else /* ! WITH_POLKIT */
int virPolkitCheckAuth(const char *actionid G_GNUC_UNUSED,
pid_t pid G_GNUC_UNUSED,
unsigned long long startTime G_GNUC_UNUSED,
uid_t uid G_GNUC_UNUSED,
const char **details G_GNUC_UNUSED,
bool allowInteraction G_GNUC_UNUSED)
{
VIR_ERROR(_("Polkit auth attempted, even though polkit is not available"));
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("authentication failed"));
return -1;
}
void
virPolkitAgentDestroy(virPolkitAgentPtr agent G_GNUC_UNUSED)
{
return; /* do nothing */
}
virPolkitAgentPtr
virPolkitAgentCreate(void)
{
virReportError(VIR_ERR_AUTH_FAILED, "%s",
_("polkit text authentication agent unavailable"));
return NULL;
}
#endif /* WITH_POLKIT */