mirror of https://gitee.com/openkylin/libvirt.git
build: allow for 64-bit pid in daemon
Convert daemon code to handle 64-bit pid_t (even though at the moment, it is not compiled on mingw). * daemon/remote.c (remoteDispatchAuthList) (remoteDispatchAuthPolkit): Print pid_t via %lld.
This commit is contained in:
Eric Blake
parent
8dd623b980
commit
7033c5f20d
|
|
@ -2039,20 +2039,22 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
|
||||||
* some piece of polkit isn't present/running
|
* some piece of polkit isn't present/running
|
||||||
*/
|
*/
|
||||||
if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
|
if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
|
||||||
if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
|
if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
|
||||||
|
&callerPid) < 0) {
|
||||||
/* Don't do anything on error - it'll be validated at next
|
/* Don't do anything on error - it'll be validated at next
|
||||||
* phase of auth anyway */
|
* phase of auth anyway */
|
||||||
virResetLastError();
|
virResetLastError();
|
||||||
} else if (callerUid == 0) {
|
} else if (callerUid == 0) {
|
||||||
char ident[100];
|
char *ident;
|
||||||
rv = snprintf(ident, sizeof ident, "pid:%d,uid:%d", callerPid, callerUid);
|
if (virAsprintf(&ident, "pid:%lld,uid:%d",
|
||||||
if (rv > 0 || rv < sizeof ident) {
|
(long long) callerPid, callerUid) == 0) {
|
||||||
VIR_INFO("Bypass polkit auth for privileged client %s",
|
VIR_INFO("Bypass polkit auth for privileged client %s",
|
||||||
ident);
|
ident);
|
||||||
if (virNetServerClientSetIdentity(client, ident) < 0)
|
if (virNetServerClientSetIdentity(client, ident) < 0)
|
||||||
virResetLastError();
|
virResetLastError();
|
||||||
else
|
else
|
||||||
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
|
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
|
||||||
|
VIR_FREE(ident);
|
||||||
}
|
}
|
||||||
rv = -1;
|
rv = -1;
|
||||||
}
|
}
|
||||||
|
|
@ -2491,13 +2493,15 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
|
|
||||||
VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
|
VIR_INFO("Checking PID %lld running as %d",
|
||||||
|
(long long) callerPid, callerUid);
|
||||||
|
|
||||||
virCommandAddArg(cmd, "--process");
|
virCommandAddArg(cmd, "--process");
|
||||||
virCommandAddArgFormat(cmd, "%d", callerPid);
|
virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
|
||||||
virCommandAddArg(cmd, "--allow-user-interaction");
|
virCommandAddArg(cmd, "--allow-user-interaction");
|
||||||
|
|
||||||
if (virAsprintf(&ident, "pid:%d,uid:%d", callerPid, callerUid) < 0) {
|
if (virAsprintf(&ident, "pid:%lld,uid:%d",
|
||||||
|
(long long) callerPid, callerUid) < 0) {
|
||||||
virReportOOMError();
|
virReportOOMError();
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
|
|
@ -2507,16 +2511,16 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
||||||
|
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
char *tmp = virCommandTranslateStatus(status);
|
char *tmp = virCommandTranslateStatus(status);
|
||||||
VIR_ERROR(_("Policy kit denied action %s from pid %d, uid %d: %s"),
|
VIR_ERROR(_("Policy kit denied action %s from pid %lld, uid %d: %s"),
|
||||||
action, callerPid, callerUid, NULLSTR(tmp));
|
action, (long long) callerPid, callerUid, NULLSTR(tmp));
|
||||||
VIR_FREE(tmp);
|
VIR_FREE(tmp);
|
||||||
goto authdeny;
|
goto authdeny;
|
||||||
}
|
}
|
||||||
PROBE(RPC_SERVER_CLIENT_AUTH_ALLOW,
|
PROBE(RPC_SERVER_CLIENT_AUTH_ALLOW,
|
||||||
"client=%p auth=%d identity=%s",
|
"client=%p auth=%d identity=%s",
|
||||||
client, REMOTE_AUTH_POLKIT, ident);
|
client, REMOTE_AUTH_POLKIT, ident);
|
||||||
VIR_INFO("Policy allowed action %s from pid %d, uid %d",
|
VIR_INFO("Policy allowed action %s from pid %lld, uid %d",
|
||||||
action, callerPid, callerUid);
|
action, (long long) callerPid, callerUid);
|
||||||
ret->complete = 1;
|
ret->complete = 1;
|
||||||
|
|
||||||
virNetServerClientSetIdentity(client, ident);
|
virNetServerClientSetIdentity(client, ident);
|
||||||
|
|
@ -2566,7 +2570,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
|
||||||
PolKitResult pkresult;
|
PolKitResult pkresult;
|
||||||
DBusError err;
|
DBusError err;
|
||||||
const char *action;
|
const char *action;
|
||||||
char ident[100];
|
char *ident = NULL;
|
||||||
int rv = -1;
|
int rv = -1;
|
||||||
struct daemonClientPrivate *priv =
|
struct daemonClientPrivate *priv =
|
||||||
virNetServerClientGetPrivateData(client);
|
virNetServerClientGetPrivateData(client);
|
||||||
|
|
@ -2585,18 +2589,20 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
|
if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
|
||||||
|
&callerPid) < 0) {
|
||||||
VIR_ERROR(_("cannot get peer socket identity"));
|
VIR_ERROR(_("cannot get peer socket identity"));
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = snprintf(ident, sizeof ident, "pid:%d,uid:%d", callerPid, callerUid);
|
if (virAsprintf(&ident, "pid:%lld,uid:%d",
|
||||||
if (rv < 0 || rv >= sizeof ident) {
|
(long long) callerPid, callerUid) < 0) {
|
||||||
VIR_ERROR(_("Caller identity was too large %d:%d"), callerPid, callerUid);
|
virReportOOMError();
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
|
|
||||||
VIR_INFO("Checking PID %d running as %d", callerPid, callerUid);
|
VIR_INFO("Checking PID %lld running as %d",
|
||||||
|
(long long) callerPid, callerUid);
|
||||||
dbus_error_init(&err);
|
dbus_error_init(&err);
|
||||||
if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server),
|
if (!(pkcaller = polkit_caller_new_from_pid(virNetServerGetDBusConn(server),
|
||||||
callerPid, &err))) {
|
callerPid, &err))) {
|
||||||
|
|
@ -2649,24 +2655,26 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
|
||||||
polkit_caller_unref(pkcaller);
|
polkit_caller_unref(pkcaller);
|
||||||
polkit_action_unref(pkaction);
|
polkit_action_unref(pkaction);
|
||||||
if (pkresult != POLKIT_RESULT_YES) {
|
if (pkresult != POLKIT_RESULT_YES) {
|
||||||
VIR_ERROR(_("Policy kit denied action %s from pid %d, uid %d, result: %s"),
|
VIR_ERROR(_("Policy kit denied action %s from pid %lld, uid %d, result: %s"),
|
||||||
action, callerPid, callerUid,
|
action, (long long) callerPid, callerUid,
|
||||||
polkit_result_to_string_representation(pkresult));
|
polkit_result_to_string_representation(pkresult));
|
||||||
goto authdeny;
|
goto authdeny;
|
||||||
}
|
}
|
||||||
PROBE(RPC_SERVER_CLIENT_AUTH_ALLOW,
|
PROBE(RPC_SERVER_CLIENT_AUTH_ALLOW,
|
||||||
"client=%p auth=%d identity=%s",
|
"client=%p auth=%d identity=%s",
|
||||||
client, REMOTE_AUTH_POLKIT, ident);
|
client, REMOTE_AUTH_POLKIT, ident);
|
||||||
VIR_INFO("Policy allowed action %s from pid %d, uid %d, result %s",
|
VIR_INFO("Policy allowed action %s from pid %lld, uid %d, result %s",
|
||||||
action, callerPid, callerUid,
|
action, (long long) callerPid, callerUid,
|
||||||
polkit_result_to_string_representation(pkresult));
|
polkit_result_to_string_representation(pkresult));
|
||||||
ret->complete = 1;
|
ret->complete = 1;
|
||||||
virNetServerClientSetIdentity(client, ident);
|
virNetServerClientSetIdentity(client, ident);
|
||||||
|
|
||||||
virMutexUnlock(&priv->lock);
|
virMutexUnlock(&priv->lock);
|
||||||
|
VIR_FREE(ident);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
|
VIR_FREE(ident);
|
||||||
virResetLastError();
|
virResetLastError();
|
||||||
virNetError(VIR_ERR_AUTH_FAILED, "%s",
|
virNetError(VIR_ERR_AUTH_FAILED, "%s",
|
||||||
_("authentication failed"));
|
_("authentication failed"));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue