Daniel P. Berrange wrote: > I'd like the virNetServer stuff to not have any mention of policy > kit in it. So rather than saying 'bool usePolkit', have a > 'bool connectDBus', and just remove those HAVE_POLKIT0 conditionals > so that the DBus API is always available in virNetServer. The changes > you made under daemon/ are all fine > The attached patch introduces a HAVE_DBUS conditional, which AFAICT is only used by polkit0 so is only set when polkit0 is detected during configure. Is this what you had in mind? Regards, Jim
>From c21f206a8196cef7657e30b9ee830bcc4bbfc3ff Mon Sep 17 00:00:00 2001 From: Jim Fehlig <jfehlig@xxxxxxxxxx> Date: Thu, 7 Jul 2011 15:12:26 -0600 Subject: [V2] Fix build when using polkit0 V2: Remove policy kit references from virNetServer and use DBus APIs directly, if available. --- configure.ac | 5 +++++ daemon/libvirtd.c | 24 ++++-------------------- daemon/remote.c | 21 ++++++++++----------- src/Makefile.am | 4 +++- src/rpc/virnetserver.c | 41 ++++++++++++++++++++++++++++++++++++++++- src/rpc/virnetserver.h | 8 ++++++++ 6 files changed, 70 insertions(+), 33 deletions(-) diff --git a/configure.ac b/configure.ac index ae747fb..e9d5be4 100644 --- a/configure.ac +++ b/configure.ac @@ -1010,6 +1010,7 @@ AC_ARG_WITH([polkit], [with_polkit=check]) with_polkit0=no +with_dbus=no with_polkit1=no if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then dnl Check for new polkit first - just a binary @@ -1038,6 +1039,8 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then [use PolicyKit for UNIX socket access checks]) AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1, [use PolicyKit for UNIX socket access checks]) + AC_DEFINE_UNQUOTED([HAVE_DBUS], 1, + [use DBus for PolicyKit]) old_CFLAGS=$CFLAGS old_LIBS=$LIBS @@ -1052,11 +1055,13 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program]) fi with_polkit0="yes" + with_dbus="yes" fi fi fi AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"]) +AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"]) AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"]) AC_SUBST([POLKIT_CFLAGS]) AC_SUBST([POLKIT_LIBS]) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index a4198d9..c7ee605 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -576,26 +576,6 @@ static int daemonSetupNetworking(virNetServerPtr srv, } #endif -#if HAVE_POLKIT0 - if (auth_unix_rw == REMOTE_AUTH_POLKIT || - auth_unix_ro == REMOTE_AUTH_POLKIT) { - DBusError derr; - - dbus_connection_set_change_sigpipe(FALSE); - dbus_threads_init_default(); - - dbus_error_init(&derr); - server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr); - if (!(server->sysbus)) { - VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"), - derr.message); - dbus_error_free(&derr); - goto error; - } - dbus_connection_set_exit_on_disconnect(server->sysbus, FALSE); - } -#endif - return 0; error: @@ -1285,6 +1265,7 @@ int main(int argc, char **argv) { struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; bool implicit_conf = false; + bool use_polkit_dbus; struct option opts[] = { { "verbose", no_argument, &verbose, 1}, @@ -1445,10 +1426,13 @@ int main(int argc, char **argv) { umask(old_umask); } + use_polkit_dbus = config->auth_unix_rw == REMOTE_AUTH_POLKIT || + config->auth_unix_ro == REMOTE_AUTH_POLKIT; if (!(srv = virNetServerNew(config->min_workers, config->max_workers, config->max_clients, config->mdns_adv ? config->mdns_name : NULL, + use_polkit_dbus, remoteClientInitHook))) { ret = VIR_DAEMON_ERR_INIT; goto cleanup; diff --git a/daemon/remote.c b/daemon/remote.c index a2e79ef..0172626 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -43,6 +43,7 @@ #include "command.h" #include "intprops.h" #include "virnetserverservice.h" +#include "virnetserver.h" #include "remote_protocol.h" #include "qemu_protocol.h" @@ -2115,7 +2116,7 @@ authdeny: } #elif HAVE_POLKIT0 static int -remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, +remoteDispatchAuthPolkit(virNetServerPtr server, virNetServerClientPtr client, virNetMessageHeaderPtr hdr ATTRIBUTE_UNUSED, virNetMessageErrorPtr rerr, @@ -2137,21 +2138,19 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, memset(ident, 0, sizeof ident); - virMutexLock(&server->lock); - virMutexLock(&client->lock); - virMutexUnlock(&server->lock); + virMutexLock(&priv->lock); - action = client->readonly ? + action = virNetServerClientGetReadonly(client) ? "org.libvirt.unix.monitor" : "org.libvirt.unix.manage"; VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client)); - if (client->auth != REMOTE_AUTH_POLKIT) { + if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) { VIR_ERROR(_("client tried invalid PolicyKit init request")); goto authfail; } - if (qemudGetSocketIdentity(virNetServerClientGetFD(client), &callerUid, &callerPid) < 0) { + if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) { VIR_ERROR(_("cannot get peer socket identity")); goto authfail; } @@ -2164,7 +2163,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, VIR_INFO("Checking PID %d running as %d", callerPid, callerUid); dbus_error_init(&err); - if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus, + if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server), callerPid, &err))) { VIR_ERROR(_("Failed to lookup policy kit caller: %s"), err.message); dbus_error_free(&err); @@ -2226,9 +2225,9 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, action, callerPid, callerUid, polkit_result_to_string_representation(pkresult)); ret->complete = 1; - client->auth = REMOTE_AUTH_NONE; + virNetServerClientSetIdentity(client, ident); - virMutexUnlock(&client->lock); + virMutexUnlock(&priv->lock); return 0; error: @@ -2236,7 +2235,7 @@ error: virNetError(VIR_ERR_AUTH_FAILED, "%s", _("authentication failed")); virNetMessageSaveError(rerr); - virMutexUnlock(&client->lock); + virMutexUnlock(&priv->lock); return -1; authfail: diff --git a/src/Makefile.am b/src/Makefile.am index cd8a7e9..a3ee8ba 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1268,10 +1268,12 @@ EXTRA_DIST += \ endif libvirt_net_rpc_server_la_CFLAGS = \ $(AVAHI_CFLAGS) \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(POLKIT_CFLAGS) libvirt_net_rpc_server_la_LDFLAGS = \ $(AM_LDFLAGS) \ $(AVAHI_LIBS) \ + $(POLKIT_LIBS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) libvirt_net_rpc_server_la_LIBADD = \ diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 5e1719b..94d46f6 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -39,6 +39,9 @@ #if HAVE_AVAHI # include "virnetservermdns.h" #endif +#if HAVE_DBUS +# include <dbus/dbus.h> +#endif #define VIR_FROM_THIS VIR_FROM_RPC #define virNetError(code, ...) \ @@ -84,6 +87,10 @@ struct _virNetServer { virNetServerMDNSGroupPtr mdnsGroup; #endif +#if HAVE_DBUS + DBusConnection *sysbus; +#endif + size_t nservices; virNetServerServicePtr *services; @@ -270,6 +277,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, size_t max_clients, const char *mdnsGroupName, + bool connectDBus, virNetServerClientInitHook clientInitHook) { virNetServerPtr srv; @@ -306,6 +314,25 @@ virNetServerPtr virNetServerNew(size_t min_workers, } #endif +#if HAVE_DBUS + if (connectDBus) { + DBusError derr; + + dbus_connection_set_change_sigpipe(FALSE); + dbus_threads_init_default(); + + dbus_error_init(&derr); + srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr); + if (!(srv->sysbus)) { + VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"), + derr.message); + dbus_error_free(&derr); + goto error; + } + dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE); + } +#endif + if (virMutexInit(&srv->lock) < 0) { virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); @@ -363,6 +390,14 @@ bool virNetServerIsPrivileged(virNetServerPtr srv) } +#if HAVE_DBUS +DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv) +{ + return srv->sysbus; +} +#endif + + void virNetServerAutoShutdown(virNetServerPtr srv, unsigned int timeout, virNetServerAutoShutdownFunc func, @@ -377,7 +412,6 @@ void virNetServerAutoShutdown(virNetServerPtr srv, virNetServerUnlock(srv); } - static sig_atomic_t sigErrors = 0; static int sigLastErrno = 0; static int sigWrite = -1; @@ -747,6 +781,11 @@ void virNetServerFree(virNetServerPtr srv) VIR_FREE(srv->mdnsGroupName); +#if HAVE_DBUS + if (srv->sysbus) + dbus_connection_unref(srv->sysbus); +#endif + virNetServerUnlock(srv); virMutexDestroy(&srv->lock); VIR_FREE(srv); diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index 6e7a21b..810d8a3 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -25,6 +25,9 @@ # define __VIR_NET_SERVER_H__ # include <signal.h> +# if HAVE_DBUS +# include <dbus/dbus.h> +# endif # include "virnettlscontext.h" # include "virnetserverprogram.h" @@ -38,6 +41,7 @@ virNetServerPtr virNetServerNew(size_t min_workers, size_t max_workers, size_t max_clients, const char *mdnsGroupName, + bool connectDBus, virNetServerClientInitHook clientInitHook); typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque); @@ -46,6 +50,10 @@ void virNetServerRef(virNetServerPtr srv); bool virNetServerIsPrivileged(virNetServerPtr srv); +# if HAVE_DBUS +DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv); +# endif + void virNetServerAutoShutdown(virNetServerPtr srv, unsigned int timeout, virNetServerAutoShutdownFunc func, -- 1.7.5.4
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list