return 0;
}
+#if HAVE_POLKIT
+int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
+#ifdef SO_PEERCRED
+ struct ucred cr;
+ unsigned int cr_len = sizeof (cr);
+
+ if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
+ qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
+ strerror(errno));
+ return -1;
+ }
+
+ *pid = cr.pid;
+ *uid = cr.uid;
+#else
+ /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
+#error "UNIX socket credentials not supported/implemented on this platform yet..."
+#endif
+ return 0;
+}
+#endif
+
static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
int fd;
struct sockaddr_storage addr;
memcpy (&client->addr, &addr, sizeof addr);
client->addrlen = addrlen;
+#if HAVE_POLKIT
+ /* Only do policy checks for non-root - allow root user
+ through with no checks, as a fail-safe - root can easily
+ change policykit policy anyway, so its pointless trying
+ to restrict root */
+ if (client->auth == REMOTE_AUTH_POLKIT) {
+ uid_t uid;
+ pid_t pid;
+
+ if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
+ goto cleanup;
+
+ /* Cient is running as root, so disable auth */
+ if (uid == 0) {
+ qemudLog(QEMUD_INFO, _("Turn off polkit auth for privileged client %d"), pid);
+ client->auth = REMOTE_AUTH_NONE;
+ }
+ }
+#endif
+
if (client->type != QEMUD_SOCK_TYPE_TLS) {
client->mode = QEMUD_MODE_RX_HEADER;
client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
#if HAVE_POLKIT
-static int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
-#ifdef SO_PEERCRED
- struct ucred cr;
- unsigned int cr_len = sizeof (cr);
-
- if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
- qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
- strerror(errno));
- return -1;
- }
-
- *pid = cr.pid;
- *uid = cr.uid;
-#else
- /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
-#error "UNIX socket credentials not supported/implemented on this platform yet..."
-#endif
- return 0;
-}
-
-
static int
remoteDispatchAuthPolkit (struct qemud_server *server ATTRIBUTE_UNUSED,
struct qemud_client *client,
{
pid_t callerPid;
uid_t callerUid;
+ PolKitCaller *pkcaller = NULL;
+ PolKitAction *pkaction = NULL;
+ PolKitContext *pkcontext = NULL;
+ PolKitError *pkerr = NULL;
+ PolKitResult pkresult;
+ DBusError err;
+ const char *action = client->readonly ?
+ "org.libvirt.unix.monitor" :
+ "org.libvirt.unix.manage";
REMOTE_DEBUG("Start PolicyKit auth %d", client->fd);
if (client->auth != REMOTE_AUTH_POLKIT) {
return -2;
}
- /* Only do policy checks for non-root - allow root user
- through with no checks, as a fail-safe - root can easily
- change policykit policy anyway, so its pointless trying
- to restrict root */
- if (callerUid == 0) {
- qemudLog(QEMUD_INFO, _("Allowing PID %d running as root"), callerPid);
- ret->complete = 1;
- client->auth = REMOTE_AUTH_NONE;
- } else {
- PolKitCaller *pkcaller = NULL;
- PolKitAction *pkaction = NULL;
- PolKitContext *pkcontext = NULL;
- PolKitError *pkerr = NULL;
- PolKitResult pkresult;
- DBusError err;
- const char *action = client->readonly ?
- "org.libvirt.unix.monitor" :
- "org.libvirt.unix.manage";
-
- qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
- callerPid, callerUid);
- dbus_error_init(&err);
- if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
- callerPid, &err))) {
- qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
- err.message);
- dbus_error_free(&err);
- remoteDispatchFailAuth(client, req);
- return -2;
- }
+ qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
+ callerPid, callerUid);
+ dbus_error_init(&err);
+ if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
+ callerPid, &err))) {
+ qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
+ err.message);
+ dbus_error_free(&err);
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
- if (!(pkaction = polkit_action_new())) {
- qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
- strerror(errno));
- polkit_caller_unref(pkcaller);
- remoteDispatchFailAuth(client, req);
- return -2;
- }
- polkit_action_set_action_id(pkaction, action);
-
- if (!(pkcontext = polkit_context_new()) ||
- !polkit_context_init(pkcontext, &pkerr)) {
- qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
- (pkerr ? polkit_error_get_error_message(pkerr)
- : strerror(errno)));
- if (pkerr)
- polkit_error_free(pkerr);
- polkit_caller_unref(pkcaller);
- polkit_action_unref(pkaction);
- dbus_error_free(&err);
- remoteDispatchFailAuth(client, req);
- return -2;
- }
+ if (!(pkaction = polkit_action_new())) {
+ qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
+ strerror(errno));
+ polkit_caller_unref(pkcaller);
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
+ polkit_action_set_action_id(pkaction, action);
+
+ if (!(pkcontext = polkit_context_new()) ||
+ !polkit_context_init(pkcontext, &pkerr)) {
+ qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
+ (pkerr ? polkit_error_get_error_message(pkerr)
+ : strerror(errno)));
+ if (pkerr)
+ polkit_error_free(pkerr);
+ polkit_caller_unref(pkcaller);
+ polkit_action_unref(pkaction);
+ dbus_error_free(&err);
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
#if HAVE_POLKIT_CONTEXT_IS_CALLER_AUTHORIZED
- pkresult = polkit_context_is_caller_authorized(pkcontext,
- pkaction,
- pkcaller,
- 0,
- &pkerr);
- if (pkerr && polkit_error_is_set(pkerr)) {
- qemudLog(QEMUD_ERR,
- _("Policy kit failed to check authorization %d %s"),
- polkit_error_get_error_code(pkerr),
- polkit_error_get_error_message(pkerr));
- remoteDispatchFailAuth(client, req);
- return -2;
- }
+ pkresult = polkit_context_is_caller_authorized(pkcontext,
+ pkaction,
+ pkcaller,
+ 0,
+ &pkerr);
+ if (pkerr && polkit_error_is_set(pkerr)) {
+ qemudLog(QEMUD_ERR,
+ _("Policy kit failed to check authorization %d %s"),
+ polkit_error_get_error_code(pkerr),
+ polkit_error_get_error_message(pkerr));
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
#else
- pkresult = polkit_context_can_caller_do_action(pkcontext,
- pkaction,
- pkcaller);
+ pkresult = polkit_context_can_caller_do_action(pkcontext,
+ pkaction,
+ pkcaller);
#endif
- polkit_context_unref(pkcontext);
- polkit_caller_unref(pkcaller);
- polkit_action_unref(pkaction);
- if (pkresult != POLKIT_RESULT_YES) {
- qemudLog(QEMUD_ERR,
- _("Policy kit denied action %s from pid %d, uid %d,"
- " result: %s\n"),
- action, callerPid, callerUid,
- polkit_result_to_string_representation(pkresult));
- remoteDispatchFailAuth(client, req);
- return -2;
- }
- qemudLog(QEMUD_INFO,
- _("Policy allowed action %s from pid %d, uid %d, result %s"),
+ polkit_context_unref(pkcontext);
+ polkit_caller_unref(pkcaller);
+ polkit_action_unref(pkaction);
+ if (pkresult != POLKIT_RESULT_YES) {
+ qemudLog(QEMUD_ERR,
+ _("Policy kit denied action %s from pid %d, uid %d,"
+ " result: %s\n"),
action, callerPid, callerUid,
polkit_result_to_string_representation(pkresult));
- ret->complete = 1;
- client->auth = REMOTE_AUTH_NONE;
+ remoteDispatchFailAuth(client, req);
+ return -2;
}
+ qemudLog(QEMUD_INFO,
+ _("Policy allowed action %s from pid %d, uid %d, result %s"),
+ action, callerPid, callerUid,
+ polkit_result_to_string_representation(pkresult));
+ ret->complete = 1;
+ client->auth = REMOTE_AUTH_NONE;
return 0;
}
projects / thirdparty / libvirt.git / commitdiff
