[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] PATCH: 4/10: PolicyKit authentication support



On Thu, Nov 29, 2007 at 05:18:41PM +0000, Daniel P. Berrange wrote:
> This patch adds support for an PolicyKit authentication mechanism. This
> was previously described here:
> 
> http://www.redhat.com/archives/libvir-list/2007-September/msg00168.html
> 
> If PolicyKit is compiled in, then the UNIX domain sockets have their
> default settings changed to make sure of PolicyKit. Thus, when PolicyKit
> is enabled, both the RO & RW sockets are mode 0777. PolicyKit is then
> called upon client connect to decide whether to allow the client to gain
> access.
> 
> The policyfile is shipped in /usr/share/PolicyKit/policy and has default
> settings to mimic current non-PolicyKit access. If making a read-only
> connection, any application will be granted access by default. If making
> a read-write connection, applications will need to authenticate against
> policykit by providing the user's own password. This is akin to 'sudo'
> style auth. The credentials persist until the user logs out.
> 
> The file in /etc/PolicyKit/PolicyKit.conf can be used by the local sysadmin
> to override the default policy on a per-host basis. eg, they could restrict
> access to the read-only connections, or open up the read-write connections
> to more apps. See 'man PolicyKit.conf' for more info.
> 
> The configure script will check for PolicyKit using pkg-config and only
> enable it if actually present. So any OS without PolicyKit will not be
> impacted by this patch.

Rebased to latest CVS. Added RPM dep on PolicyKit stuff, dependant on being
on Fedora 8 or later.

diff -r ca9413d4d890 configure.in
--- a/configure.in	Fri Nov 30 15:15:26 2007 -0500
+++ b/configure.in	Fri Nov 30 15:15:51 2007 -0500
@@ -25,6 +25,7 @@ LIBXML_REQUIRED="2.5.0"
 LIBXML_REQUIRED="2.5.0"
 GNUTLS_REQUIRED="1.0.25"
 AVAHI_REQUIRED="0.6.0"
+POLKIT_REQUIRED="0.6"
 
 dnl Checks for C compiler.
 AC_PROG_CC
@@ -395,6 +396,25 @@ AC_SUBST(SASL_LIBS)
 AC_SUBST(SASL_LIBS)
 
 
+dnl PolicyKit library
+POLKIT_CFLAGS=
+POLKIT_LIBS=
+AC_ARG_WITH(polkit,
+  [  --with-polkit         use PolicyKit for UNIX socket access checks],
+  [],
+  [with_polkit=check])
+
+if test "$with_polkit" = "check"; then
+  PKG_CHECK_EXISTS(polkit-dbus >= $POLKIT_REQUIRED, [with_polkit=yes], [with_polkit=no])
+fi
+
+if test "$with_polkit" = "yes"; then
+  PKG_CHECK_MODULES(POLKIT, polkit-dbus >= $POLKIT_REQUIRED)
+  AC_DEFINE_UNQUOTED(HAVE_POLKIT, 1, [use PolicyKit for UNIX socket access checks])
+fi
+AM_CONDITIONAL(HAVE_POLKIT, [test "$with_polkit" = "yes"])
+AC_SUBST(POLKIT_CFLAGS)
+AC_SUBST(POLKIT_LIBS)
 
 dnl Avahi library
 AC_ARG_WITH(avahi,
@@ -634,6 +654,11 @@ else
 else
 AC_MSG_NOTICE([   avahi: no])
 fi
+if test "$with_polkit" = "yes" ; then
+AC_MSG_NOTICE([  polkit: $POLKIT_CFLAGS $POLKIT_LIBS])
+else
+AC_MSG_NOTICE([  polkit: no])
+fi
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
 AC_MSG_NOTICE([])
diff -r ca9413d4d890 libvirt.spec.in
--- a/libvirt.spec.in	Fri Nov 30 15:15:26 2007 -0500
+++ b/libvirt.spec.in	Fri Nov 30 15:15:51 2007 -0500
@@ -1,4 +1,10 @@
 # -*- rpm-spec -*-
+
+%if %{fedora} >= 8
+%define with_polkit 1
+%else
+%define with_polkit 0
+%endif
 
 Summary: Library providing a simple API virtualization
 Name: libvirt
@@ -20,6 +26,9 @@ Requires: cyrus-sasl
 # Not technically required, but makes 'out-of-box' config
 # work correctly & doesn't have onerous dependancies
 Requires: cyrus-sasl-md5
+%if %{with_polkit}
+Requires: PolicyKit >= 0.6
+%endif
 BuildRequires: xen-devel
 BuildRequires: libxml2-devel
 BuildRequires: readline-devel
@@ -31,6 +40,9 @@ BuildRequires: bridge-utils
 BuildRequires: bridge-utils
 BuildRequires: qemu
 BuildRequires: cyrus-sasl-devel
+%if %{with_polkit}
+BuildRequires: PolicyKit-devel >= 0.6
+%endif
 Obsoletes: libvir
 ExclusiveArch: i386 x86_64 ia64
 
@@ -143,6 +155,7 @@ fi
 %{_datadir}/libvirt/networks/default.xml
 %dir %{_localstatedir}/run/libvirt/
 %dir %{_localstatedir}/lib/libvirt/
+%{_datadir}/PolicyKit/policy/libvirtd.policy
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
 %attr(4755, root, root) %{_libexecdir}/libvirt_proxy
 %attr(0755, root, root) %{_sbindir}/libvirtd
diff -r ca9413d4d890 qemud/Makefile.am
--- a/qemud/Makefile.am	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/Makefile.am	Fri Nov 30 15:15:51 2007 -0500
@@ -30,15 +30,24 @@ libvirtd_CFLAGS = \
 libvirtd_CFLAGS = \
         -I$(top_srcdir)/include -I$(top_builddir)/include \
         $(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
+        $(POLKIT_CFLAGS) \
         $(WARN_CFLAGS) -DLOCAL_STATE_DIR="\"$(localstatedir)\"" \
         -DSYSCONF_DIR="\"$(sysconfdir)\"" \
 	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" \
 	-DREMOTE_PID_FILE="\"$(REMOTE_PID_FILE)\"" \
         -DGETTEXT_PACKAGE=\"$(PACKAGE)\"
 
-libvirtd_LDFLAGS = $(WARN_CFLAGS) $(LIBXML_LIBS) $(GNUTLS_LIBS) $(SASL_LIBS)
+libvirtd_LDFLAGS = $(WARN_CFLAGS) $(LIBXML_LIBS) $(GNUTLS_LIBS) $(SASL_LIBS) \
+                   $(POLKIT_LIBS)
 libvirtd_DEPENDENCIES = ../src/libvirt.la
 libvirtd_LDADD = ../src/libvirt.la
+
+
+if HAVE_POLKIT
+policydir = $(datadir)/PolicyKit/policy
+policy_DATA = libvirtd.policy
+endif
+EXTRA_DIST += libvirtd.policy
 
 if HAVE_AVAHI
 libvirtd_SOURCES += mdns.c mdns.h
diff -r ca9413d4d890 qemud/internal.h
--- a/qemud/internal.h	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/internal.h	Fri Nov 30 15:15:51 2007 -0500
@@ -30,6 +30,10 @@
 #include "../src/gnutls_1_0_compat.h"
 #if HAVE_SASL
 #include <sasl/sasl.h>
+#endif
+
+#ifdef HAVE_POLKIT
+#include <dbus/dbus.h>
 #endif
 
 #ifdef HAVE_SYS_SYSLIMITS_H
@@ -155,6 +159,9 @@ struct qemud_server {
 #if HAVE_SASL
     char **saslUsernameWhitelist;
 #endif
+#if HAVE_POLKIT
+    DBusConnection *sysbus;
+#endif
 };
 
 void qemudLog(int priority, const char *fmt, ...)
diff -r ca9413d4d890 qemud/libvirtd.conf
--- a/qemud/libvirtd.conf	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/libvirtd.conf	Fri Nov 30 15:15:51 2007 -0500
@@ -82,8 +82,11 @@
 # Set the UNIX socket permissions for the R/W socket. This is used
 # for full management of VMs
 #
-# Default allows only root. If setting group ownership may want to
-# relax this to:
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
 #unix_sock_rw_perms = "0770"
 
 
@@ -103,7 +106,12 @@
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
 #          For non-TCP or TLS sockets,  any scheme is allowed.
 #
-
+#  - polkit: use PolicyKit to authenticate. This is only suitable
+#            for use on the UNIX sockets. The default policy will
+#            require a user to supply their own password to gain
+#            full read/write access (aka sudo like), while anyone
+#            is allowed read/only access.
+#
 # Set an authentication scheme for UNIX read-only sockets
 # By default socket permissions allow anyone to connect
 #
@@ -112,7 +120,9 @@
 #auth_unix_ro = "none"
 
 # Set an authentication scheme for UNIX read-write sockets
-# By default socket permissions only allow root.
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
 #
 # If the unix_sock_rw_perms are changed you may wish to enable
 # an authentication mechanism here
diff -r ca9413d4d890 qemud/libvirtd.policy
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/qemud/libvirtd.policy	Fri Nov 30 15:15:51 2007 -0500
@@ -0,0 +1,42 @@
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";>
+
+<!--
+Policy definitions for libvirt daemon
+
+Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
+
+libvirt is licensed to you under the GNU Lesser General Public License
+version 2. See COPYING for details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+    <action id="org.libvirt.unix.monitor">
+      <description>Monitor local virtualized systems</description>
+      <message>System policy prevents monitoring of local virtualized systems</message>
+      <defaults>
+        <!-- Any program can use libvirt in read-only mode for monitoring,
+             even if not part of a session -->
+        <allow_any>yes</allow_any>
+        <allow_inactive>yes</allow_inactive>
+        <allow_active>yes</allow_active>
+      </defaults>
+    </action>
+
+    <action id="org.libvirt.unix.manage">
+      <description>Manage local virtualized systems</description>
+      <message>System policy prevents management of local virtualized systems</message>
+      <defaults>
+        <!-- Only a program in the active host session can use libvirt in
+             read-write mode for management, and we require user password -->
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
+        <allow_active>auth_self_keep_session</allow_active>
+      </defaults>
+    </action>
+</policyconfig>
\ No newline at end of file
diff -r ca9413d4d890 qemud/qemud.c
--- a/qemud/qemud.c	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/qemud.c	Fri Nov 30 15:15:51 2007 -0500
@@ -77,8 +77,13 @@ static int unix_sock_rw_mask = 0700; /* 
 static int unix_sock_rw_mask = 0700; /* Allow user only */
 static int unix_sock_ro_mask = 0777; /* Allow world */
 
+#if HAVE_POLKIT
+static int auth_unix_rw = REMOTE_AUTH_POLKIT;
+static int auth_unix_ro = REMOTE_AUTH_POLKIT;
+#else
 static int auth_unix_rw = REMOTE_AUTH_NONE;
 static int auth_unix_ro = REMOTE_AUTH_NONE;
+#endif /* HAVE_POLKIT */
 #if HAVE_SASL
 static int auth_tcp = REMOTE_AUTH_SASL;
 #else
@@ -761,6 +766,21 @@ static struct qemud_server *qemudNetwork
     }
 #endif
 
+#ifdef HAVE_POLKIT
+    if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
+        auth_unix_ro == REMOTE_AUTH_POLKIT) {
+        DBusError derr;
+        dbus_error_init(&derr);
+        server->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
+        if (!(server->sysbus)) {
+            qemudLog(QEMUD_ERR, "Failed to connect to system bus for PolicyKit auth: %s",
+                     derr.message);
+            dbus_error_free(&derr);
+            goto cleanup;
+        }
+    }
+#endif
+
     if (ipsock) {
         if (listen_tcp && remoteListenTCP (server, tcp_port, QEMUD_SOCK_TYPE_TCP, auth_tcp) < 0)
             goto cleanup;
@@ -828,6 +848,10 @@ static struct qemud_server *qemudNetwork
             sock = sock->next;
         }
 
+#ifdef HAVE_POLKIT
+        if (server->sysbus)
+            dbus_connection_unref(server->sysbus);
+#endif
         free(server);
     }
     return NULL;
@@ -1783,6 +1807,10 @@ static int remoteConfigGetAuth(virConfPt
     } else if (STREQ(p->str, "sasl")) {
         *auth = REMOTE_AUTH_SASL;
 #endif
+#if HAVE_POLKIT
+    } else if (STREQ(p->str, "polkit")) {
+        *auth = REMOTE_AUTH_POLKIT;
+#endif
     } else {
         qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: unsupported auth %s\n", filename, key, p->str);
         return -1;
@@ -1818,6 +1846,13 @@ remoteReadConfigFile (struct qemud_serve
 
     if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0)
         return -1;
+#if HAVE_POLKIT
+    /* Change default perms to be wide-open if PolicyKit is enabled.
+     * Admin can always override in config file
+     */
+    if (auth_unix_rw == REMOTE_AUTH_POLKIT)
+        unix_sock_rw_mask = 0777;
+#endif
     if (remoteConfigGetAuth(conf, "auth_unix_ro", &auth_unix_ro, filename) < 0)
         return -1;
     if (remoteConfigGetAuth(conf, "auth_tcp", &auth_tcp, filename) < 0)
diff -r ca9413d4d890 qemud/remote.c
--- a/qemud/remote.c	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote.c	Fri Nov 30 15:15:51 2007 -0500
@@ -46,6 +46,11 @@
 #include <assert.h>
 #include <fnmatch.h>
 
+#ifdef HAVE_POLKIT
+#include <polkit/polkit.h>
+#include <polkit-dbus/polkit-dbus.h>
+#endif
+
 #include <libvirt/virterror.h>
 
 #include "internal.h"
@@ -132,7 +137,8 @@ remoteDispatchClientRequest (struct qemu
         if (req.proc != REMOTE_PROC_AUTH_LIST &&
             req.proc != REMOTE_PROC_AUTH_SASL_INIT &&
             req.proc != REMOTE_PROC_AUTH_SASL_START &&
-            req.proc != REMOTE_PROC_AUTH_SASL_STEP
+            req.proc != REMOTE_PROC_AUTH_SASL_STEP &&
+            req.proc != REMOTE_PROC_AUTH_POLKIT
             ) {
             remoteDispatchError (client, &req, "authentication required");
             xdr_destroy (&xdr);
@@ -2550,6 +2556,133 @@ remoteDispatchAuthSaslStep (struct qemud
 #endif /* HAVE_SASL */
 
 
+#if HAVE_POLKIT
+static int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
+#ifdef SO_PEERCRED
+    struct ucred cr;
+    unsigned int cr_len = sizeof (cr);
+
+    if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
+        qemudLog(QEMUD_ERR, "Failed to verify client credentials: %s", strerror(errno));
+        return -1;
+    }
+
+    *pid = cr.pid;
+    *uid = cr.uid;
+#else
+    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
+#error "UNIX socket credentials not supported/implemented on this platform yet..."
+#endif
+    return 0;
+}
+
+
+static int
+remoteDispatchAuthPolkit (struct qemud_server *server ATTRIBUTE_UNUSED,
+                          struct qemud_client *client,
+                          remote_message_header *req,
+                          void *args ATTRIBUTE_UNUSED,
+                          remote_auth_polkit_ret *ret)
+{
+    pid_t callerPid;
+    uid_t callerUid;
+
+    REMOTE_DEBUG("Start PolicyKit auth %d", client->fd);
+    if (client->auth != REMOTE_AUTH_POLKIT) {
+        qemudLog(QEMUD_ERR, "client tried invalid PolicyKit init request");
+        remoteDispatchFailAuth(client, req);
+        return -2;
+    }
+
+    if (qemudGetSocketIdentity(client->fd, &callerUid, &callerPid) < 0) {
+        qemudLog(QEMUD_ERR, "cannot get peer socket identity");
+        remoteDispatchFailAuth(client, req);
+        return -2;
+    }
+
+    /* Only do policy checks for non-root - allow root user
+       through with no checks, as a fail-safe - root can easily
+       change policykit policy anyway, so its pointless trying
+       to restrict root */
+    if (callerUid == 0) {
+        qemudLog(QEMUD_INFO, "Allowing PID %d running as root", callerPid);
+        ret->complete = 1;
+        client->auth = REMOTE_AUTH_NONE;
+    } else {
+        PolKitCaller *pkcaller = NULL;
+        PolKitAction *pkaction = NULL;
+        PolKitContext *pkcontext = NULL;
+        PolKitError *pkerr;
+        PolKitResult pkresult;
+        DBusError err;
+        const char *action = client->readonly ?
+            "org.libvirt.unix.monitor" :
+            "org.libvirt.unix.manage";
+
+        qemudLog(QEMUD_INFO, "Checking PID %d running as %d", callerPid, callerUid);
+        dbus_error_init(&err);
+        if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus, callerPid, &err))) {
+            qemudLog(QEMUD_ERR, "Failed to lookup policy kit caller: %s", err.message);
+            dbus_error_free(&err);
+            remoteDispatchFailAuth(client, req);
+            return -2;
+        }
+
+        if (!(pkaction = polkit_action_new())) {
+            qemudLog(QEMUD_ERR, "Failed to create polkit action %s\n", strerror(errno));
+            polkit_caller_unref(pkcaller);
+            remoteDispatchFailAuth(client, req);
+            return -2;
+        }
+        polkit_action_set_action_id(pkaction, action);
+
+        if (!(pkcontext = polkit_context_new()) ||
+            !polkit_context_init(pkcontext, &pkerr)) {
+            qemudLog(QEMUD_ERR, "Failed to create polkit context %s\n",
+                     pkerr ? polkit_error_get_error_message(pkerr) : strerror(errno));
+            if (pkerr)
+                polkit_error_free(pkerr);
+            polkit_caller_unref(pkcaller);
+            polkit_action_unref(pkaction);
+            dbus_error_free(&err);
+            remoteDispatchFailAuth(client, req);
+            return -2;
+        }
+
+        pkresult = polkit_context_can_caller_do_action(pkcontext, pkaction, pkcaller);
+        polkit_context_unref(pkcontext);
+        polkit_caller_unref(pkcaller);
+        polkit_action_unref(pkaction);
+        if (pkresult != POLKIT_RESULT_YES) {
+            qemudLog(QEMUD_ERR, "Policy kit denied action %s from pid %d, uid %d, result: %s\n",
+                     action, callerPid, callerUid, polkit_result_to_string_representation(pkresult));
+            remoteDispatchFailAuth(client, req);
+            return -2;
+        }
+        qemudLog(QEMUD_INFO, "Policy allowed action %s from pid %d, uid %d, result %s",
+                 action, callerPid, callerUid, polkit_result_to_string_representation(pkresult));
+        ret->complete = 1;
+        client->auth = REMOTE_AUTH_NONE;
+    }
+
+    return 0;
+}
+
+#else /* HAVE_POLKIT */
+
+static int
+remoteDispatchAuthPolkitInit (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
+                              remote_message_header *req,
+                              void *args ATTRIBUTE_UNUSED,
+                              remote_auth_polkit_ret *ret ATTRIBUTE_UNUSED)
+{
+    qemudLog(QEMUD_ERR, "client tried unsupported PolicyKit init request");
+    remoteDispatchFailAuth(client, req);
+    return -1;
+}
+#endif /* HAVE_POLKIT */
+
 /*----- Helpers. -----*/
 
 /* get_nonnull_domain and get_nonnull_network turn an on-wire
diff -r ca9413d4d890 qemud/remote_dispatch_localvars.h
--- a/qemud/remote_dispatch_localvars.h	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote_dispatch_localvars.h	Fri Nov 30 15:15:51 2007 -0500
@@ -37,6 +37,7 @@ remote_domain_create_linux_args lv_remot
 remote_domain_create_linux_args lv_remote_domain_create_linux_args;
 remote_domain_create_linux_ret lv_remote_domain_create_linux_ret;
 remote_domain_set_scheduler_parameters_args lv_remote_domain_set_scheduler_parameters_args;
+remote_auth_polkit_ret lv_remote_auth_polkit_ret;
 remote_auth_sasl_start_args lv_remote_auth_sasl_start_args;
 remote_auth_sasl_start_ret lv_remote_auth_sasl_start_ret;
 remote_domain_interface_stats_args lv_remote_domain_interface_stats_args;
diff -r ca9413d4d890 qemud/remote_dispatch_proc_switch.h
--- a/qemud/remote_dispatch_proc_switch.h	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote_dispatch_proc_switch.h	Fri Nov 30 15:15:51 2007 -0500
@@ -8,6 +8,12 @@ case REMOTE_PROC_AUTH_LIST:
 	ret = (char *) &lv_remote_auth_list_ret;
 	memset (&lv_remote_auth_list_ret, 0, sizeof lv_remote_auth_list_ret);
 	break;
+case REMOTE_PROC_AUTH_POLKIT:
+	fn = (dispatch_fn) remoteDispatchAuthPolkit;
+	ret_filter = (xdrproc_t) xdr_remote_auth_polkit_ret;
+	ret = (char *) &lv_remote_auth_polkit_ret;
+	memset (&lv_remote_auth_polkit_ret, 0, sizeof lv_remote_auth_polkit_ret);
+	break;
 case REMOTE_PROC_AUTH_SASL_INIT:
 	fn = (dispatch_fn) remoteDispatchAuthSaslInit;
 	ret_filter = (xdrproc_t) xdr_remote_auth_sasl_init_ret;
diff -r ca9413d4d890 qemud/remote_dispatch_prototypes.h
--- a/qemud/remote_dispatch_prototypes.h	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote_dispatch_prototypes.h	Fri Nov 30 15:15:51 2007 -0500
@@ -3,6 +3,7 @@
  */
 
 static int remoteDispatchAuthList (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_auth_list_ret *ret);
+static int remoteDispatchAuthPolkit (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_auth_polkit_ret *ret);
 static int remoteDispatchAuthSaslInit (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_auth_sasl_init_ret *ret);
 static int remoteDispatchAuthSaslStart (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_auth_sasl_start_args *args, remote_auth_sasl_start_ret *ret);
 static int remoteDispatchAuthSaslStep (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_auth_sasl_step_args *args, remote_auth_sasl_step_ret *ret);
diff -r ca9413d4d890 qemud/remote_protocol.c
--- a/qemud/remote_protocol.c	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote_protocol.c	Fri Nov 30 15:15:51 2007 -0500
@@ -1309,6 +1309,15 @@ xdr_remote_auth_sasl_step_ret (XDR *xdrs
 }
 
 bool_t
+xdr_remote_auth_polkit_ret (XDR *xdrs, remote_auth_polkit_ret *objp)
+{
+
+	 if (!xdr_int (xdrs, &objp->complete))
+		 return FALSE;
+	return TRUE;
+}
+
+bool_t
 xdr_remote_procedure (XDR *xdrs, remote_procedure *objp)
 {
 
diff -r ca9413d4d890 qemud/remote_protocol.h
--- a/qemud/remote_protocol.h	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote_protocol.h	Fri Nov 30 15:15:51 2007 -0500
@@ -68,6 +68,7 @@ enum remote_auth_type {
 enum remote_auth_type {
 	REMOTE_AUTH_NONE = 0,
 	REMOTE_AUTH_SASL = 1,
+	REMOTE_AUTH_POLKIT = 2,
 };
 typedef enum remote_auth_type remote_auth_type;
 
@@ -719,6 +720,11 @@ struct remote_auth_sasl_step_ret {
 	} data;
 };
 typedef struct remote_auth_sasl_step_ret remote_auth_sasl_step_ret;
+
+struct remote_auth_polkit_ret {
+	int complete;
+};
+typedef struct remote_auth_polkit_ret remote_auth_polkit_ret;
 #define REMOTE_PROGRAM 0x20008086
 #define REMOTE_PROTOCOL_VERSION 1
 
@@ -792,6 +798,7 @@ enum remote_procedure {
 	REMOTE_PROC_AUTH_SASL_INIT = 67,
 	REMOTE_PROC_AUTH_SASL_START = 68,
 	REMOTE_PROC_AUTH_SASL_STEP = 69,
+	REMOTE_PROC_AUTH_POLKIT = 70,
 };
 typedef enum remote_procedure remote_procedure;
 
@@ -935,6 +942,7 @@ extern  bool_t xdr_remote_auth_sasl_star
 extern  bool_t xdr_remote_auth_sasl_start_ret (XDR *, remote_auth_sasl_start_ret*);
 extern  bool_t xdr_remote_auth_sasl_step_args (XDR *, remote_auth_sasl_step_args*);
 extern  bool_t xdr_remote_auth_sasl_step_ret (XDR *, remote_auth_sasl_step_ret*);
+extern  bool_t xdr_remote_auth_polkit_ret (XDR *, remote_auth_polkit_ret*);
 extern  bool_t xdr_remote_procedure (XDR *, remote_procedure*);
 extern  bool_t xdr_remote_message_direction (XDR *, remote_message_direction*);
 extern  bool_t xdr_remote_message_status (XDR *, remote_message_status*);
@@ -1054,6 +1062,7 @@ extern bool_t xdr_remote_auth_sasl_start
 extern bool_t xdr_remote_auth_sasl_start_ret ();
 extern bool_t xdr_remote_auth_sasl_step_args ();
 extern bool_t xdr_remote_auth_sasl_step_ret ();
+extern bool_t xdr_remote_auth_polkit_ret ();
 extern bool_t xdr_remote_procedure ();
 extern bool_t xdr_remote_message_direction ();
 extern bool_t xdr_remote_message_status ();
diff -r ca9413d4d890 qemud/remote_protocol.x
--- a/qemud/remote_protocol.x	Fri Nov 30 15:15:26 2007 -0500
+++ b/qemud/remote_protocol.x	Fri Nov 30 15:15:51 2007 -0500
@@ -132,7 +132,8 @@ struct remote_error {
 /* Authentication types available thus far.... */
 enum remote_auth_type {
     REMOTE_AUTH_NONE = 0,
-    REMOTE_AUTH_SASL = 1
+    REMOTE_AUTH_SASL = 1,
+    REMOTE_AUTH_POLKIT = 2
 };
 
 
@@ -654,6 +655,10 @@ struct remote_auth_sasl_step_ret {
     int complete;
     int nil;
     char data<REMOTE_AUTH_SASL_DATA_MAX>;
+};
+
+struct remote_auth_polkit_ret {
+    int complete;
 };
 
 /*----- Protocol. -----*/
@@ -731,7 +736,8 @@ enum remote_procedure {
     REMOTE_PROC_AUTH_LIST = 66,
     REMOTE_PROC_AUTH_SASL_INIT = 67,
     REMOTE_PROC_AUTH_SASL_START = 68,
-    REMOTE_PROC_AUTH_SASL_STEP = 69
+    REMOTE_PROC_AUTH_SASL_STEP = 69,
+    REMOTE_PROC_AUTH_POLKIT = 70
 };
 
 /* Custom RPC structure. */
diff -r ca9413d4d890 src/remote_internal.c
--- a/src/remote_internal.c	Fri Nov 30 15:15:26 2007 -0500
+++ b/src/remote_internal.c	Fri Nov 30 15:15:51 2007 -0500
@@ -115,6 +115,9 @@ static int remoteAuthenticate (virConnec
 #if HAVE_SASL
 static int remoteAuthSASL (virConnectPtr conn, struct private_data *priv, int in_open);
 #endif
+#if HAVE_POLKIT
+static int remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open);
+#endif /* HAVE_POLKIT */
 static void error (virConnectPtr conn, virErrorNumber code, const char *info);
 static void server_error (virConnectPtr conn, remote_error *err);
 static virDomainPtr get_nonnull_domain (virConnectPtr conn, remote_nonnull_domain domain);
@@ -2854,6 +2857,15 @@ remoteAuthenticate (virConnectPtr conn, 
         break;
 #endif
 
+#if HAVE_POLKIT
+    case REMOTE_AUTH_POLKIT:
+        if (remoteAuthPolkit(conn, priv, in_open) < 0) {
+            free(ret.types.types_val);
+            return -1;
+        }
+        break;
+#endif
+
     case REMOTE_AUTH_NONE:
         /* Nothing todo, hurrah ! */
         break;
@@ -3443,6 +3455,29 @@ really_write_sasl (virConnectPtr conn, s
     return really_write_buf(conn, priv, in_open, output, outputlen);
 }
 #endif
+
+
+#if HAVE_POLKIT
+/* Perform the PolicyKit authentication process
+ */
+static int
+remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open)
+{
+    remote_auth_polkit_ret ret;
+
+    remoteDebug(priv, "Client initialize PolicyKit authentication");
+
+    memset (&ret, 0, sizeof ret);
+    if (call (conn, priv, in_open, REMOTE_PROC_AUTH_POLKIT,
+              (xdrproc_t) xdr_void, (char *)NULL,
+              (xdrproc_t) xdr_remote_auth_polkit_ret, (char *) &ret) != 0) {
+        return -1; /* virError already set by call */
+    }
+
+    remoteDebug(priv, "PolicyKit authentication complete");
+    return 0;
+}
+#endif /* HAVE_POLKIT */
 
 static int
 really_write (virConnectPtr conn, struct private_data *priv,


Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]