Re: [PATCH] Fix build when using polkit0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel P. Berrange wrote:
> I'd like the virNetServer stuff to not have any mention of policy
> kit in it. So rather than saying 'bool usePolkit', have a
> 'bool connectDBus', and just remove those HAVE_POLKIT0 conditionals
> so that the DBus API is always available in virNetServer. The changes
> you made under daemon/ are all fine
>   

The attached patch introduces a HAVE_DBUS conditional, which AFAICT is
only used by polkit0 so is only set when polkit0 is detected during
configure.  Is this what you had in mind?

Regards,
Jim

>From c21f206a8196cef7657e30b9ee830bcc4bbfc3ff Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@xxxxxxxxxx>
Date: Thu, 7 Jul 2011 15:12:26 -0600
Subject: [V2] Fix build when using polkit0

V2: Remove policy kit references from virNetServer and use DBus APIs
    directly, if available.
---
 configure.ac           |    5 +++++
 daemon/libvirtd.c      |   24 ++++--------------------
 daemon/remote.c        |   21 ++++++++++-----------
 src/Makefile.am        |    4 +++-
 src/rpc/virnetserver.c |   41 ++++++++++++++++++++++++++++++++++++++++-
 src/rpc/virnetserver.h |    8 ++++++++
 6 files changed, 70 insertions(+), 33 deletions(-)

diff --git a/configure.ac b/configure.ac
index ae747fb..e9d5be4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1010,6 +1010,7 @@ AC_ARG_WITH([polkit],
   [with_polkit=check])
 
 with_polkit0=no
+with_dbus=no
 with_polkit1=no
 if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
   dnl Check for new polkit first - just a binary
@@ -1038,6 +1039,8 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
         [use PolicyKit for UNIX socket access checks])
       AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
         [use PolicyKit for UNIX socket access checks])
+      AC_DEFINE_UNQUOTED([HAVE_DBUS], 1,
+        [use DBus for PolicyKit])
 
       old_CFLAGS=$CFLAGS
       old_LIBS=$LIBS
@@ -1052,11 +1055,13 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
         AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
       fi
       with_polkit0="yes"
+      with_dbus="yes"
     fi
   fi
 fi
 AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
 AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
+AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"])
 AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
 AC_SUBST([POLKIT_CFLAGS])
 AC_SUBST([POLKIT_LIBS])
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index a4198d9..c7ee605 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -576,26 +576,6 @@ static int daemonSetupNetworking(virNetServerPtr srv,
     }
 #endif
 
-#if HAVE_POLKIT0
-    if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
-        auth_unix_ro == REMOTE_AUTH_POLKIT) {
-        DBusError derr;
-
-        dbus_connection_set_change_sigpipe(FALSE);
-        dbus_threads_init_default();
-
-        dbus_error_init(&derr);
-        server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
-        if (!(server->sysbus)) {
-            VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
-                      derr.message);
-            dbus_error_free(&derr);
-            goto error;
-        }
-        dbus_connection_set_exit_on_disconnect(server->sysbus, FALSE);
-    }
-#endif
-
     return 0;
 
 error:
@@ -1285,6 +1265,7 @@ int main(int argc, char **argv) {
     struct daemonConfig *config;
     bool privileged = geteuid() == 0 ? true : false;
     bool implicit_conf = false;
+    bool use_polkit_dbus;
 
     struct option opts[] = {
         { "verbose", no_argument, &verbose, 1},
@@ -1445,10 +1426,13 @@ int main(int argc, char **argv) {
         umask(old_umask);
     }
 
+    use_polkit_dbus = config->auth_unix_rw == REMOTE_AUTH_POLKIT ||
+            config->auth_unix_ro == REMOTE_AUTH_POLKIT;
     if (!(srv = virNetServerNew(config->min_workers,
                                 config->max_workers,
                                 config->max_clients,
                                 config->mdns_adv ? config->mdns_name : NULL,
+                                use_polkit_dbus,
                                 remoteClientInitHook))) {
         ret = VIR_DAEMON_ERR_INIT;
         goto cleanup;
diff --git a/daemon/remote.c b/daemon/remote.c
index a2e79ef..0172626 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -43,6 +43,7 @@
 #include "command.h"
 #include "intprops.h"
 #include "virnetserverservice.h"
+#include "virnetserver.h"
 
 #include "remote_protocol.h"
 #include "qemu_protocol.h"
@@ -2115,7 +2116,7 @@ authdeny:
 }
 #elif HAVE_POLKIT0
 static int
-remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthPolkit(virNetServerPtr server,
                          virNetServerClientPtr client,
                          virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED,
                          virNetMessageErrorPtr rerr,
@@ -2137,21 +2138,19 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
 
     memset(ident, 0, sizeof ident);
 
-    virMutexLock(&server->lock);
-    virMutexLock(&client->lock);
-    virMutexUnlock(&server->lock);
+    virMutexLock(&priv->lock);
 
-    action = client->readonly ?
+    action = virNetServerClientGetReadonly(client) ?
         "org.libvirt.unix.monitor" :
         "org.libvirt.unix.manage";
 
     VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client));
-    if (client->auth != REMOTE_AUTH_POLKIT) {
+    if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
         VIR_ERROR(_("client tried invalid PolicyKit init request"));
         goto authfail;
     }
 
-    if (qemudGetSocketIdentity(virNetServerClientGetFD(client), &callerUid, &callerPid) < 0) {
+    if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
         VIR_ERROR(_("cannot get peer socket identity"));
         goto authfail;
     }
@@ -2164,7 +2163,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
 
     VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
     dbus_error_init(&err);
-    if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
+    if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server),
                                                 callerPid, &err))) {
         VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message);
         dbus_error_free(&err);
@@ -2226,9 +2225,9 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
              action, callerPid, callerUid,
              polkit_result_to_string_representation(pkresult));
     ret->complete = 1;
-    client->auth = REMOTE_AUTH_NONE;
+    virNetServerClientSetIdentity(client, ident);
 
-    virMutexUnlock(&client->lock);
+    virMutexUnlock(&priv->lock);
     return 0;
 
 error:
@@ -2236,7 +2235,7 @@ error:
     virNetError(VIR_ERR_AUTH_FAILED, "%s",
                 _("authentication failed"));
     virNetMessageSaveError(rerr);
-    virMutexUnlock(&client->lock);
+    virMutexUnlock(&priv->lock);
     return -1;
 
 authfail:
diff --git a/src/Makefile.am b/src/Makefile.am
index cd8a7e9..a3ee8ba 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1268,10 +1268,12 @@ EXTRA_DIST += \
 endif
 libvirt_net_rpc_server_la_CFLAGS = \
 			$(AVAHI_CFLAGS) \
-			$(AM_CFLAGS)
+			$(AM_CFLAGS) \
+			$(POLKIT_CFLAGS)
 libvirt_net_rpc_server_la_LDFLAGS = \
 			$(AM_LDFLAGS) \
 			$(AVAHI_LIBS) \
+			$(POLKIT_LIBS) \
 			$(CYGWIN_EXTRA_LDFLAGS) \
 			$(MINGW_EXTRA_LDFLAGS)
 libvirt_net_rpc_server_la_LIBADD = \
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 5e1719b..94d46f6 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -39,6 +39,9 @@
 #if HAVE_AVAHI
 # include "virnetservermdns.h"
 #endif
+#if HAVE_DBUS
+# include <dbus/dbus.h>
+#endif
 
 #define VIR_FROM_THIS VIR_FROM_RPC
 #define virNetError(code, ...)                                    \
@@ -84,6 +87,10 @@ struct _virNetServer {
     virNetServerMDNSGroupPtr mdnsGroup;
 #endif
 
+#if HAVE_DBUS
+    DBusConnection *sysbus;
+#endif
+
     size_t nservices;
     virNetServerServicePtr *services;
 
@@ -270,6 +277,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
                                 size_t max_workers,
                                 size_t max_clients,
                                 const char *mdnsGroupName,
+                                bool connectDBus,
                                 virNetServerClientInitHook clientInitHook)
 {
     virNetServerPtr srv;
@@ -306,6 +314,25 @@ virNetServerPtr virNetServerNew(size_t min_workers,
     }
 #endif
 
+#if HAVE_DBUS
+    if (connectDBus) {
+        DBusError derr;
+
+        dbus_connection_set_change_sigpipe(FALSE);
+        dbus_threads_init_default();
+
+        dbus_error_init(&derr);
+        srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
+        if (!(srv->sysbus)) {
+            VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
+                      derr.message);
+            dbus_error_free(&derr);
+            goto error;
+        }
+        dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE);
+    }
+#endif
+
     if (virMutexInit(&srv->lock) < 0) {
         virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
                     _("cannot initialize mutex"));
@@ -363,6 +390,14 @@ bool virNetServerIsPrivileged(virNetServerPtr srv)
 }
 
 
+#if HAVE_DBUS
+DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv)
+{
+    return srv->sysbus;
+}
+#endif
+
+
 void virNetServerAutoShutdown(virNetServerPtr srv,
                               unsigned int timeout,
                               virNetServerAutoShutdownFunc func,
@@ -377,7 +412,6 @@ void virNetServerAutoShutdown(virNetServerPtr srv,
     virNetServerUnlock(srv);
 }
 
-
 static sig_atomic_t sigErrors = 0;
 static int sigLastErrno = 0;
 static int sigWrite = -1;
@@ -747,6 +781,11 @@ void virNetServerFree(virNetServerPtr srv)
 
     VIR_FREE(srv->mdnsGroupName);
 
+#if HAVE_DBUS
+    if (srv->sysbus)
+        dbus_connection_unref(srv->sysbus);
+#endif
+
     virNetServerUnlock(srv);
     virMutexDestroy(&srv->lock);
     VIR_FREE(srv);
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index 6e7a21b..810d8a3 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -25,6 +25,9 @@
 # define __VIR_NET_SERVER_H__
 
 # include <signal.h>
+# if HAVE_DBUS
+#  include <dbus/dbus.h>
+# endif
 
 # include "virnettlscontext.h"
 # include "virnetserverprogram.h"
@@ -38,6 +41,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
                                 size_t max_workers,
                                 size_t max_clients,
                                 const char *mdnsGroupName,
+                                bool connectDBus,
                                 virNetServerClientInitHook clientInitHook);
 
 typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque);
@@ -46,6 +50,10 @@ void virNetServerRef(virNetServerPtr srv);
 
 bool virNetServerIsPrivileged(virNetServerPtr srv);
 
+# if HAVE_DBUS
+DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv);
+# endif
+
 void virNetServerAutoShutdown(virNetServerPtr srv,
                               unsigned int timeout,
                               virNetServerAutoShutdownFunc func,
-- 
1.7.5.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]