[PATCH v3 2/3] util: Introduce API's for Polkit text authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Introduce virPolkitAgentCreate and virPolkitAgentDestroy

virPolkitAgentCreate will run the polkit pkttyagent image as an asynchronous
command in order to handle the local agent authentication via stdin/stdout.
The code makes use of the pkttyagent --notify-fd mechanism to let it know
when the agent is successfully registered.

virPolkitAgentDestroy will close the command effectively reaping our
child process

Needed to move around or add the "#include vircommand.h" since,
virpolkit.h now uses it.

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 src/libvirt_private.syms |  2 ++
 src/util/virpolkit.c     | 77 +++++++++++++++++++++++++++++++++++++++++++++++-
 src/util/virpolkit.h     |  5 ++++
 tests/virpolkittest.c    |  1 +
 4 files changed, 84 insertions(+), 1 deletion(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 4cfaed5..8f2358f 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2029,6 +2029,8 @@ virPidFileWritePath;
 
 
 # util/virpolkit.h
+virPolkitAgentCreate;
+virPolkitAgentDestroy;
 virPolkitCheckAuth;
 
 
diff --git a/src/util/virpolkit.c b/src/util/virpolkit.c
index df707f1..6941d74 100644
--- a/src/util/virpolkit.c
+++ b/src/util/virpolkit.c
@@ -20,20 +20,22 @@
  */
 
 #include <config.h>
+#include <poll.h>
 
 #if WITH_POLKIT0
 # include <polkit/polkit.h>
 # include <polkit-dbus/polkit-dbus.h>
 #endif
 
-#include "virpolkit.h"
 #include "vircommand.h"
+#include "virpolkit.h"
 #include "virerror.h"
 #include "virlog.h"
 #include "virstring.h"
 #include "virprocess.h"
 #include "viralloc.h"
 #include "virdbus.h"
+#include "virfile.h"
 
 #define VIR_FROM_THIS VIR_FROM_POLKIT
 
@@ -136,6 +138,65 @@ int virPolkitCheckAuth(const char *actionid,
 }
 
 
+/* virPolkitAgentDestroy:
+ * @cmd: Pointer to the virCommandPtr created during virPolkitAgentCreate
+ *
+ * Destroy resources used by Polkit Agent
+ */
+void
+virPolkitAgentDestroy(virCommandPtr cmd)
+{
+    virCommandFree(cmd);
+}
+
+/* virPolkitAgentCreate:
+ *
+ * Allocate and setup a polkit agent
+ *
+ * Returns a virCommandPtr on success and NULL on failure
+ */
+virCommandPtr
+virPolkitAgentCreate(void)
+{
+    virCommandPtr cmd = virCommandNewArgList(PKTTYAGENT, "--process", NULL);
+    int pipe_fd[2] = {-1, -1};
+    struct pollfd pollfd;
+    int outfd = STDOUT_FILENO;
+    int errfd = STDERR_FILENO;
+
+    if (!isatty(STDIN_FILENO))
+        goto error;
+
+    if (pipe2(pipe_fd, 0) < 0)
+        goto error;
+
+    virCommandAddArgFormat(cmd, "%lld", (long long int) getpid());
+    virCommandAddArg(cmd, "--notify-fd");
+    virCommandAddArgFormat(cmd, "%d", pipe_fd[1]);
+    virCommandAddArg(cmd, "--fallback");
+    virCommandSetInputFD(cmd, STDIN_FILENO);
+    virCommandSetOutputFD(cmd, &outfd);
+    virCommandSetErrorFD(cmd, &errfd);
+    virCommandPassFD(cmd, pipe_fd[1], VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+    if (virCommandRunAsync(cmd, NULL) < 0)
+        goto error;
+
+    pollfd.fd = pipe_fd[0];
+    pollfd.events = POLLHUP;
+
+    if (poll(&pollfd, 1, -1) < 0)
+        goto error;
+
+    return cmd;
+
+ error:
+    VIR_FORCE_CLOSE(pipe_fd[0]);
+    VIR_FORCE_CLOSE(pipe_fd[1]);
+    virCommandFree(cmd);
+    return NULL;
+}
+
+
 #elif WITH_POLKIT0
 int virPolkitCheckAuth(const char *actionid,
                        pid_t pid,
@@ -254,4 +315,18 @@ int virPolkitCheckAuth(const char *actionid ATTRIBUTE_UNUSED,
 }
 
 
+void
+virPolkitAgentDestroy(virCommandPtr cmd ATTRIBUTE_UNUSED)
+{
+    return; /* do nothing */
+}
+
+
+virCommandPtr
+virPolkitAgentCreate(void)
+{
+    virReportError(VIR_ERR_AUTH_FAILED, "%s",
+                   _("polkit text authentication agent unavailable"));
+    return NULL;
+}
 #endif /* WITH_POLKIT1 */
diff --git a/src/util/virpolkit.h b/src/util/virpolkit.h
index 36122d0..f0aea37 100644
--- a/src/util/virpolkit.h
+++ b/src/util/virpolkit.h
@@ -24,6 +24,8 @@
 
 # include "internal.h"
 
+# define PKTTYAGENT "/usr/bin/pkttyagent"
+
 int virPolkitCheckAuth(const char *actionid,
                        pid_t pid,
                        unsigned long long startTime,
@@ -31,4 +33,7 @@ int virPolkitCheckAuth(const char *actionid,
                        const char **details,
                        bool allowInteraction);
 
+void virPolkitAgentDestroy(virCommandPtr cmd);
+virCommandPtr virPolkitAgentCreate(void);
+
 #endif /* __VIR_POLKIT_H__ */
diff --git a/tests/virpolkittest.c b/tests/virpolkittest.c
index 73f001b..b46e65f 100644
--- a/tests/virpolkittest.c
+++ b/tests/virpolkittest.c
@@ -27,6 +27,7 @@
 # include <stdlib.h>
 # include <dbus/dbus.h>
 
+# include "vircommand.h"
 # include "virpolkit.h"
 # include "virdbus.h"
 # include "virlog.h"
-- 
2.5.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]