Include process start time when doing polkit checks

author Daniel P. Berrange <berrange@redhat.com>

Thu, 25 Apr 2013 16:05:00 +0000 (17:05 +0100)

committer Daniel P. Berrange <berrange@redhat.com>

Wed, 18 Sep 2013 16:14:23 +0000 (17:14 +0100)
author Daniel P. Berrange <berrange@redhat.com>
Thu, 25 Apr 2013 16:05:00 +0000 (17:05 +0100)
committer Daniel P. Berrange <berrange@redhat.com>
Wed, 18 Sep 2013 16:14:23 +0000 (17:14 +0100)
diff --git a/daemon/remote.c b/daemon/remote.c

index 37f998f7931e54020a6ba5cbe1852af7b100ad21..175df43d2b661a12ec44abceece7f7660e1317b0 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2372,6 +2372,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
      uid_t callerUid;
      gid_t callerGid;
      pid_t callerPid;
+    unsigned long long timestamp;
  
      /* If the client is root then we want to bypass the
       * policykit auth to avoid root being denied if
@@ -2379,7 +2380,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
       */
      if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
          if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
-                                              &callerPid) < 0) {
+                                              &callerPid, &timestamp) < 0) {
              /* Don't do anything on error - it'll be validated at next
               * phase of auth anyway */
              virResetLastError();
@@ -2805,6 +2806,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
      pid_t callerPid = -1;
      gid_t callerGid = -1;
      uid_t callerUid = -1;
+    unsigned long long timestamp;
      const char *action;
      int status = -1;
      char *ident = NULL;
@@ -2830,7 +2832,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
      }
  
      if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
-                                          &callerPid) < 0) {
+                                          &callerPid, &timestamp) < 0) {
          goto authfail;
      }
  
@@ -2838,7 +2840,11 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
               (long long) callerPid, callerUid);
  
      virCommandAddArg(cmd, "--process");
-    virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+    if (timestamp != 0) {
+        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+    } else {
+        virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+    }
      virCommandAddArg(cmd, "--allow-user-interaction");
  
      if (virAsprintf(&ident, "pid:%lld,uid:%d",
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms

index 96eea0a424930b1e823e7b656d79d9014ef13a4e..1b509526097d9f631d99f68370a97e5a5a5fb870 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1724,6 +1724,7 @@ virStorageFileResize;
  # util/virstring.h
  virStringFreeList;
  virStringJoin;
+virStringListLength;
  virStringSplit;
  
  
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c

index 97e5d749c2b1c0a9198c2a1d05803a46558c8dcd..bf0ee8124e705bf5d551ef46e29b77e0a3013505 100644 (file)
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -782,6 +782,7 @@ virLockDaemonClientNew(virNetServerClientPtr client,
      virLockDaemonClientPtr priv;
      uid_t clientuid;
      gid_t clientgid;
+    unsigned long long timestamp;
      bool privileged = opaque != NULL;
  
      if (VIR_ALLOC(priv) < 0) {
@@ -798,7 +799,8 @@ virLockDaemonClientNew(virNetServerClientPtr client,
      if (virNetServerClientGetUNIXIdentity(client,
                                            &clientuid,
                                            &clientgid,
-                                          &priv->clientPid) < 0)
+                                          &priv->clientPid,
+                                          &timestamp) < 0)
          goto error;
  
      VIR_DEBUG("New client pid %llu uid %llu",
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c

index 58fb0b4918f58c45d1b69afb13a0f5400fcc9706..b63ae300b6bb6b7cc0c897efc341a75d7e30e322 100644 (file)
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -634,12 +634,15 @@ bool virNetServerClientIsLocal(virNetServerClientPtr client)
  
  
  int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
-                                      uid_t *uid, gid_t *gid, pid_t *pid)
+                                      uid_t *uid, gid_t *gid, pid_t *pid,
+                                      unsigned long long *timestamp)
  {
      int ret = -1;
      virObjectLock(client);
      if (client->sock)
-        ret = virNetSocketGetUNIXIdentity(client->sock, uid, gid, pid);
+        ret = virNetSocketGetUNIXIdentity(client->sock,
+                                          uid, gid, pid,
+                                          timestamp);
      virObjectUnlock(client);
      return ret;
  }
@@ -649,6 +652,7 @@ static virIdentityPtr
  virNetServerClientCreateIdentity(virNetServerClientPtr client)
  {
      char *processid = NULL;
+    char *processtime = NULL;
      char *username = NULL;
      char *groupname = NULL;
  #if WITH_SASL
@@ -662,15 +666,23 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
          gid_t gid;
          uid_t uid;
          pid_t pid;
-        if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid) < 0)
+        unsigned long long timestamp;
+        if (virNetSocketGetUNIXIdentity(client->sock,
+                                        &uid, &gid, &pid,
+                                        &timestamp) < 0)
              goto cleanup;
  
          if (!(username = virGetUserName(uid)))
              goto cleanup;
          if (!(groupname = virGetGroupName(gid)))
              goto cleanup;
-        if (virAsprintf(&processid, "%lld",
-                        (long long)pid) < 0) {
+        if (virAsprintf(&processid, "%llu",
+                        (unsigned long long)pid) < 0) {
+            virReportOOMError();
+            goto cleanup;
+        }
+        if (virAsprintf(&processtime, "%llu",
+                        timestamp) < 0) {
              virReportOOMError();
              goto cleanup;
          }
@@ -720,6 +732,11 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
                             VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
                             processid) < 0)
          goto error;
+    if (processtime &&
+        virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
+                           processtime) < 0)
+        goto error;
  #if HAVE_SASL
      if (saslname &&
          virIdentitySetAttr(ret,
@@ -742,6 +759,7 @@ cleanup:
      VIR_FREE(username);
      VIR_FREE(groupname);
      VIR_FREE(processid);
+    VIR_FREE(processtime);
      VIR_FREE(seccontext);
  #if HAVE_SASL
      VIR_FREE(saslname);
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h

index b3b8df0bf963b7febd277649b35820c9417b4e74..2a64d45ef8b74b64d44b0905f264b73e707a9918 100644 (file)
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -99,7 +99,8 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client);
  bool virNetServerClientIsLocal(virNetServerClientPtr client);
  
  int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
-                                      uid_t *uid, gid_t *gid, pid_t *pid);
+                                      uid_t *uid, gid_t *gid, pid_t *pid,
+                                      unsigned long long *timestamp);
  
  int virNetServerClientGetSecurityContext(virNetServerClientPtr client,
                                           char **context);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c

index c4fd9ee98157369cd8819d8e3252c8664bdb81b1..08d236ca37c7782407e6c1dcd10c1634ae27cc35 100644 (file)
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -1103,31 +1103,41 @@ int virNetSocketGetPort(virNetSocketPtr sock)
  int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
                                  uid_t *uid,
                                  gid_t *gid,
-                                pid_t *pid)
+                                pid_t *pid,
+                                unsigned long long *timestamp)
  {
      struct ucred cr;
      socklen_t cr_len = sizeof(cr);
+    int ret = -1;
+
      virObjectLock(sock);
  
      if (getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
          virReportSystemError(errno, "%s",
                               _("Failed to get client socket identity"));
-        virObjectUnlock(sock);
-        return -1;
+        goto cleanup;
      }
  
+    if (virProcessGetStartTime(cr.pid, timestamp) < 0)
+        goto cleanup;
+
      *pid = cr.pid;
      *uid = cr.uid;
      *gid = cr.gid;
  
+    ret = 0;
+
+cleanup:
      virObjectUnlock(sock);
-    return 0;
+    return ret;
  }
  #elif defined(LOCAL_PEERCRED)
+
  int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
                                  uid_t *uid,
                                  gid_t *gid,
-                                pid_t *pid)
+                                pid_t *pid,
+                                unsigned long long *timestamp ATTRIBUTE_UNUSED)
  {
      struct xucred cr;
      socklen_t cr_len = sizeof(cr);
@@ -1151,7 +1161,8 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
  int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
                                  uid_t *uid ATTRIBUTE_UNUSED,
                                  gid_t *gid ATTRIBUTE_UNUSED,
-                                pid_t *pid ATTRIBUTE_UNUSED)
+                                pid_t *pid ATTRIBUTE_UNUSED,
+                                unsigned long long *timestamp ATTRIBUTE_UNUSED)
  {
      /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
      virReportSystemError(ENOSYS, "%s",
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h

index 7392c722bf33e9336d81e2acca7988fc9b2290fc..a0536f262ddaee7a31e4778e146e49d8c23b1c60 100644 (file)
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -113,7 +113,8 @@ int virNetSocketGetPort(virNetSocketPtr sock);
  int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
                                  uid_t *uid,
                                  gid_t *gid,
-                                pid_t *pid);
+                                pid_t *pid,
+                                unsigned long long *timestamp);
  int virNetSocketGetSecurityContext(virNetSocketPtr sock,
                                     char **context);
  
diff --git a/src/util/viridentity.h b/src/util/viridentity.h

index 39ab20ef9ee62eadd0a6f993c00671cc77052255..78680b51d3de58a4f1ffb3a7dc26c879a14d3f79 100644 (file)
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -31,6 +31,7 @@ typedef enum {
        VIR_IDENTITY_ATTR_UNIX_USER_NAME,
        VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
        VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+      VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
        VIR_IDENTITY_ATTR_SASL_USER_NAME,
        VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
        VIR_IDENTITY_ATTR_SECURITY_CONTEXT,
diff --git a/src/util/virprocess.c b/src/util/virprocess.c

index a492bd11f77103b3bb5f37773010faf1fadadfb6..4202d9c5d7c69feeec3f7679eb49d4a8c921e7b6 100644 (file)
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -29,12 +29,20 @@
  #include <sys/wait.h>
  #include <sched.h>
  
+#ifdef __FreeBSD__
+# include <sys/param.h>
+# include <sys/sysctl.h>
+# include <sys/user.h>
+#endif
+
+#include "viratomic.h"
  #include "virprocess.h"
  #include "virerror.h"
  #include "viralloc.h"
  #include "virfile.h"
  #include "virlog.h"
  #include "virutil.h"
+#include "virstring.h"
  
  #define VIR_FROM_THIS VIR_FROM_NONE
  
@@ -605,3 +613,112 @@ int virProcessSetNamespaces(size_t nfdlist ATTRIBUTE_UNUSED,
      return -1;
  }
  #endif /* ! HAVE_SETNS */
+
+#ifdef __linux__
+/*
+ * Port of code from polkitunixprocess.c under terms
+ * of the LGPLv2+
+ */
+int virProcessGetStartTime(pid_t pid,
+                           unsigned long long *timestamp)
+{
+    char *filename = NULL;
+    char *buf = NULL;
+    char *tmp;
+    int ret = -1;
+    int len;
+    char **tokens = NULL;
+
+    if (virAsprintf(&filename, "/proc/%llu/stat",
+                    (unsigned long long)pid) < 0) {
+        virReportOOMError();
+        return -1;
+    }
+
+    if ((len = virFileReadAll(filename, 1024, &buf)) < 0)
+        goto cleanup;
+
+    /* start time is the token at index 19 after the '(process name)' entry - since only this
+     * field can contain the ')' character, search backwards for this to avoid malicious
+     * processes trying to fool us
+     */
+
+    if (!(tmp = strrchr(buf, ')'))) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Cannot find start time in %s"),
+                       filename);
+        goto cleanup;
+    }
+    tmp += 2; /* skip ') ' */
+    if ((tmp - buf) >= len) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Cannot find start time in %s"),
+                       filename);
+        goto cleanup;
+    }
+
+    tokens = virStringSplit(tmp, " ", 0);
+
+    if (virStringListLength(tokens) < 20) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Cannot find start time in %s"),
+                       filename);
+        goto cleanup;
+    }
+
+    if (virStrToLong_ull(tokens[19],
+                         NULL,
+                         10,
+                         timestamp) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Cannot parse start time %s in %s"),
+                       tokens[19], filename);
+        goto cleanup;
+    }
+
+    ret = 0;
+
+cleanup:
+    virStringFreeList(tokens);
+    VIR_FREE(filename);
+    VIR_FREE(buf);
+    return ret;
+}
+#elif defined(__FreeBSD__)
+int virProcessGetStartTime(pid_t pid,
+                           unsigned long long *timestamp)
+{
+    struct kinfo_proc p;
+    int mib[4];
+    size_t len = 4;
+
+    sysctlnametomib("kern.proc.pid", mib, &len);
+
+    len = sizeof(struct kinfo_proc);
+    mib[3] = pid;
+
+    if (sysctl(mib, 4, &p, &len, NULL, 0) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Unable to query process ID start time"));
+        return -1;
+    }
+
+    *timestamp = (unsigned long long)p.ki_start.tv_sec;
+
+    return 0;
+
+}
+#else
+int virProcessGetStartTime(pid_t pid,
+                           unsigned long long *timestamp)
+{
+    static int warned = 0;
+    if (virAtomicIntInc(&warned) == 1) {
+        VIR_WARN("Process start time of pid %llu not available on this platform",
+                 (unsigned long long)pid);
+        warned = true;
+    }
+    *timestamp = 0;
+    return 0;
+}
+#endif
diff --git a/src/util/virprocess.h b/src/util/virprocess.h

index 53475d3cc3ff3410d6c13f6c9cfe0dd427616ba0..149d451a61f010dc6b1b7dd3e47e35790320dc86 100644 (file)
--- a/src/util/virprocess.h
+++ b/src/util/virprocess.h
@@ -47,6 +47,9 @@ int virProcessGetAffinity(pid_t pid,
                            virBitmapPtr *map,
                            int maxcpu);
  
+int virProcessGetStartTime(pid_t pid,
+                           unsigned long long *timestamp);
+
  int virProcessGetNamespaces(pid_t pid,
                              size_t *nfdlist,
                              int **fdlist);
diff --git a/src/util/virstring.c b/src/util/virstring.c

index 0420ca37f9d2fcc5829a06a2fa1ec270f73deee6..1fc24de9a184c9f8933ff673f550fbe61d17f23e 100644 (file)
--- a/src/util/virstring.c
+++ b/src/util/virstring.c
@@ -166,3 +166,13 @@ void virStringFreeList(char **strings)
      }
      VIR_FREE(strings);
  }
+
+size_t virStringListLength(char **strings)
+{
+    size_t i = 0;
+
+    while (strings && strings[i])
+        i++;
+
+    return i;
+}
diff --git a/src/util/virstring.h b/src/util/virstring.h

index a569fe080a6262e5af1b49452646a8b2b2a72f3b..8d1995a48b88586deeb3b3e8c029a22544784b84 100644 (file)
--- a/src/util/virstring.h
+++ b/src/util/virstring.h
@@ -35,4 +35,8 @@ char *virStringJoin(const char **strings,
  
  void virStringFreeList(char **strings);
  
+bool virStringArrayHasString(char **strings, const char *needle);
+
+size_t virStringListLength(char **strings);
+
  #endif /* __VIR_STRING_H__ */
author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 25 Apr 2013 16:05:00 +0000 (17:05 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Wed, 18 Sep 2013 16:14:23 +0000 (17:14 +0100)
daemon/remote.c		patch \| blob \| blame \| history
src/libvirt_private.syms		patch \| blob \| blame \| history
src/locking/lock_daemon.c		patch \| blob \| blame \| history
src/rpc/virnetserverclient.c		patch \| blob \| blame \| history
src/rpc/virnetserverclient.h		patch \| blob \| blame \| history
src/rpc/virnetsocket.c		patch \| blob \| blame \| history
src/rpc/virnetsocket.h		patch \| blob \| blame \| history
src/util/viridentity.h		patch \| blob \| blame \| history
src/util/virprocess.c		patch \| blob \| blame \| history
src/util/virprocess.h		patch \| blob \| blame \| history
src/util/virstring.c		patch \| blob \| blame \| history
src/util/virstring.h		patch \| blob \| blame \| history