[with_polkit=check])
with_polkit0=no
+with_dbus=no
with_polkit1=no
if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
dnl Check for new polkit first - just a binary
[use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
[use PolicyKit for UNIX socket access checks])
+ AC_DEFINE_UNQUOTED([HAVE_DBUS], 1,
+ [use DBus for PolicyKit])
old_CFLAGS=$CFLAGS
old_LIBS=$LIBS
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
fi
with_polkit0="yes"
+ with_dbus="yes"
fi
fi
fi
AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
+AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"])
AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
AC_SUBST([POLKIT_CFLAGS])
AC_SUBST([POLKIT_LIBS])
}
#endif
-#if HAVE_POLKIT0
- if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
- auth_unix_ro == REMOTE_AUTH_POLKIT) {
- DBusError derr;
-
- dbus_connection_set_change_sigpipe(FALSE);
- dbus_threads_init_default();
-
- dbus_error_init(&derr);
- server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
- if (!(server->sysbus)) {
- VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
- derr.message);
- dbus_error_free(&derr);
- goto error;
- }
- dbus_connection_set_exit_on_disconnect(server->sysbus, FALSE);
- }
-#endif
-
return 0;
error:
struct daemonConfig *config;
bool privileged = geteuid() == 0 ? true : false;
bool implicit_conf = false;
+ bool use_polkit_dbus;
struct option opts[] = {
{ "verbose", no_argument, &verbose, 1},
umask(old_umask);
}
+ use_polkit_dbus = config->auth_unix_rw == REMOTE_AUTH_POLKIT ||
+ config->auth_unix_ro == REMOTE_AUTH_POLKIT;
if (!(srv = virNetServerNew(config->min_workers,
config->max_workers,
config->max_clients,
config->mdns_adv ? config->mdns_name : NULL,
+ use_polkit_dbus,
remoteClientInitHook))) {
ret = VIR_DAEMON_ERR_INIT;
goto cleanup;
#include "command.h"
#include "intprops.h"
#include "virnetserverservice.h"
+#include "virnetserver.h"
#include "remote_protocol.h"
#include "qemu_protocol.h"
}
#elif HAVE_POLKIT0
static int
-remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthPolkit(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
memset(ident, 0, sizeof ident);
- virMutexLock(&server->lock);
- virMutexLock(&client->lock);
- virMutexUnlock(&server->lock);
+ virMutexLock(&priv->lock);
- action = client->readonly ?
+ action = virNetServerClientGetReadonly(client) ?
"org.libvirt.unix.monitor" :
"org.libvirt.unix.manage";
VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client));
- if (client->auth != REMOTE_AUTH_POLKIT) {
+ if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
VIR_ERROR(_("client tried invalid PolicyKit init request"));
goto authfail;
}
- if (qemudGetSocketIdentity(virNetServerClientGetFD(client), &callerUid, &callerPid) < 0) {
+ if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
VIR_ERROR(_("cannot get peer socket identity"));
goto authfail;
}
VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
dbus_error_init(&err);
- if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
+ if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server),
callerPid, &err))) {
VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message);
dbus_error_free(&err);
action, callerPid, callerUid,
polkit_result_to_string_representation(pkresult));
ret->complete = 1;
- client->auth = REMOTE_AUTH_NONE;
+ virNetServerClientSetIdentity(client, ident);
- virMutexUnlock(&client->lock);
+ virMutexUnlock(&priv->lock);
return 0;
error:
virNetError(VIR_ERR_AUTH_FAILED, "%s",
_("authentication failed"));
virNetMessageSaveError(rerr);
- virMutexUnlock(&client->lock);
+ virMutexUnlock(&priv->lock);
return -1;
authfail:
endif
libvirt_net_rpc_server_la_CFLAGS = \
$(AVAHI_CFLAGS) \
- $(AM_CFLAGS)
+ $(AM_CFLAGS) \
+ $(POLKIT_CFLAGS)
libvirt_net_rpc_server_la_LDFLAGS = \
$(AM_LDFLAGS) \
$(AVAHI_LIBS) \
+ $(POLKIT_LIBS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS)
libvirt_net_rpc_server_la_LIBADD = \
#if HAVE_AVAHI
# include "virnetservermdns.h"
#endif
+#if HAVE_DBUS
+# include <dbus/dbus.h>
+#endif
#define VIR_FROM_THIS VIR_FROM_RPC
#define virNetError(code, ...) \
virNetServerMDNSGroupPtr mdnsGroup;
#endif
+#if HAVE_DBUS
+ DBusConnection *sysbus;
+#endif
+
size_t nservices;
virNetServerServicePtr *services;
size_t max_workers,
size_t max_clients,
const char *mdnsGroupName,
+ bool connectDBus,
virNetServerClientInitHook clientInitHook)
{
virNetServerPtr srv;
}
#endif
+#if HAVE_DBUS
+ if (connectDBus) {
+ DBusError derr;
+
+ dbus_connection_set_change_sigpipe(FALSE);
+ dbus_threads_init_default();
+
+ dbus_error_init(&derr);
+ srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
+ if (!(srv->sysbus)) {
+ VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
+ derr.message);
+ dbus_error_free(&derr);
+ goto error;
+ }
+ dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE);
+ }
+#endif
+
if (virMutexInit(&srv->lock) < 0) {
virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
_("cannot initialize mutex"));
}
+#if HAVE_DBUS
+DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv)
+{
+ return srv->sysbus;
+}
+#endif
+
+
void virNetServerAutoShutdown(virNetServerPtr srv,
unsigned int timeout,
virNetServerAutoShutdownFunc func,
virNetServerUnlock(srv);
}
-
static sig_atomic_t sigErrors = 0;
static int sigLastErrno = 0;
static int sigWrite = -1;
VIR_FREE(srv->mdnsGroupName);
+#if HAVE_DBUS
+ if (srv->sysbus)
+ dbus_connection_unref(srv->sysbus);
+#endif
+
virNetServerUnlock(srv);
virMutexDestroy(&srv->lock);
VIR_FREE(srv);
# define __VIR_NET_SERVER_H__
# include <signal.h>
+# if HAVE_DBUS
+# include <dbus/dbus.h>
+# endif
# include "virnettlscontext.h"
# include "virnetserverprogram.h"
size_t max_workers,
size_t max_clients,
const char *mdnsGroupName,
+ bool connectDBus,
virNetServerClientInitHook clientInitHook);
typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque);
bool virNetServerIsPrivileged(virNetServerPtr srv);
+# if HAVE_DBUS
+DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv);
+# endif
+
void virNetServerAutoShutdown(virNetServerPtr srv,
unsigned int timeout,
virNetServerAutoShutdownFunc func,
projects / thirdparty / libvirt.git / commitdiff
