From nobody Sun Feb 8 20:23:54 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1600331565; cv=none; d=zohomail.com; s=zohoarc; b=MYwxuobiLJz9xDvxYgqx2NfqUa/XeDS0bdlmWIZbUlVY3G73Bs8u8IwVG1UE6BVJ7ENvQBbreMavAx3dhwyQgAW65nARNIUnW1EcxloN8k6I6G1yy8AD8VPwOmAxxOOc8TUu66RF6GC9DcbA3lLj4y/MnLPTxxnTDlbN5QKcZdY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1600331565; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=9bZ3mx5D3NUhB/8kMuCHvb7CMW1MHpmMhMopF0gjuWA=; b=OfAU09IOUZoFJOZ6kYF1pD5sUmuQljVScLf7f8KDU4tJGEXXV5rTh5mupr4UudQfhgYjuCoDC/u5BH/yyJQoGkQRVJYhofyPdF7XSYyOTJKHl3XNL/hXYHTTXN+telDO4fXrOxZSMP2dh7cyXArQNfKEdLREah7v4MKMwTsIuN4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1600331565224414.6620968156798; Thu, 17 Sep 2020 01:32:45 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-37-PgHP0VihMJOmWVYq327HCw-1; Thu, 17 Sep 2020 04:32:41 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4F7A885B685; Thu, 17 Sep 2020 08:32:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECD3D5DEC2; Thu, 17 Sep 2020 08:32:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B6CBB8C7CF; Thu, 17 Sep 2020 08:32:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 08H8U0o9004100 for ; Thu, 17 Sep 2020 04:30:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4A6105DEBF; Thu, 17 Sep 2020 08:30:00 +0000 (UTC) Received: from antique-work.redhat.com (unknown [10.40.195.159]) by smtp.corp.redhat.com (Postfix) with ESMTP id BBD1A5DA30 for ; Thu, 17 Sep 2020 08:29:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1600331564; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=9bZ3mx5D3NUhB/8kMuCHvb7CMW1MHpmMhMopF0gjuWA=; b=OaNBGiW3IfIbyUzDcsuLE6XKFOyl/5Pmt3s4OeL7FQVAa00d/YugKhvjM2JlQc4YCBu33Q tc5gyEEoX8uGcsaKqXlYOGEMDGDtcIk2ts/vxgAmeJL8xvhR1dEt24hUJuq+8Z2Ig46BLk /og1BKoLl52iq1UYeqAU8qCuXqzmIwA= X-MC-Unique: PgHP0VihMJOmWVYq327HCw-1 From: Pavel Hrdina To: libvir-list@redhat.com Subject: [libvirt PATCH 06/14] src/util/virpolkit: convert to use GLib DBus Date: Thu, 17 Sep 2020 10:29:41 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Pavel Hrdina --- src/util/virpolkit.c | 115 +++++++++++++++++++++--------------------- tests/meson.build | 11 ++-- tests/virpolkittest.c | 112 +++++++++++++++------------------------- 3 files changed, 104 insertions(+), 134 deletions(-) diff --git a/src/util/virpolkit.c b/src/util/virpolkit.c index 1570d667ee..2ad00fd206 100644 --- a/src/util/virpolkit.c +++ b/src/util/virpolkit.c @@ -28,7 +28,7 @@ #include "virstring.h" #include "virprocess.h" #include "viralloc.h" -#include "virdbus.h" +#include "virgdbus.h" #include "virfile.h" #include "virutil.h" =20 @@ -63,80 +63,81 @@ int virPolkitCheckAuth(const char *actionid, const char **details, bool allowInteraction) { - DBusConnection *sysbus; - DBusMessage *reply =3D NULL; - char **retdetails =3D NULL; - size_t nretdetails =3D 0; - bool is_authorized; - bool is_challenge; + GDBusConnection *sysbus; + GVariantBuilder builder; + GVariant *gprocess =3D NULL; + GVariant *gdetails =3D NULL; + g_autoptr(GVariant) message =3D NULL; + g_autoptr(GVariant) reply =3D NULL; + g_autoptr(GVariantIter) iter =3D NULL; + char *retkey; + char *retval; + gboolean is_authorized; + gboolean is_challenge; bool is_dismissed =3D false; size_t i; - int ret =3D -1; =20 - if (!(sysbus =3D virDBusGetSystemBus())) - goto cleanup; + if (!(sysbus =3D virGDBusGetSystemBus())) + return -1; =20 VIR_INFO("Checking PID %lld running as %d", (long long) pid, uid); =20 - if (virDBusCallMethod(sysbus, - &reply, - NULL, - "org.freedesktop.PolicyKit1", - "/org/freedesktop/PolicyKit1/Authority", - "org.freedesktop.PolicyKit1.Authority", - "CheckAuthorization", - "(sa{sv})sa&{ss}us", - "unix-process", - 3, - "pid", "u", (unsigned int)pid, - "start-time", "t", startTime, - "uid", "i", (int)uid, - actionid, - virStringListLength(details) / 2, - details, - allowInteraction, - "" /* cancellation ID */) < 0) - goto cleanup; + g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}")); + g_variant_builder_add(&builder, "{sv}", "pid", g_variant_new_uint32(pi= d)); + g_variant_builder_add(&builder, "{sv}", "start-time", g_variant_new_ui= nt64(startTime)); + g_variant_builder_add(&builder, "{sv}", "uid", g_variant_new_int32(uid= )); + gprocess =3D g_variant_builder_end(&builder); =20 - if (virDBusMessageDecode(reply, - "(bba&{ss})", - &is_authorized, - &is_challenge, - &nretdetails, - &retdetails) < 0) - goto cleanup; + g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}")); + for (i =3D 0; i < virStringListLength(details); i +=3D 2) + g_variant_builder_add(&builder, "{ss}", details[i], details[i + 1]= ); + gdetails =3D g_variant_builder_end(&builder); =20 - for (i =3D 0; i < (nretdetails / 2); i++) { - if (STREQ(retdetails[(i * 2)], "polkit.dismissed") && - STREQ(retdetails[(i * 2) + 1], "true")) + message =3D g_variant_new("((s@a{sv})s@a{ss}us)", + "unix-process", + gprocess, + actionid, + gdetails, + allowInteraction, + "" /* cancellation ID */); + + if (virGDBusCallMethod(sysbus, + &reply, + NULL, + "org.freedesktop.PolicyKit1", + "/org/freedesktop/PolicyKit1/Authority", + "org.freedesktop.PolicyKit1.Authority", + "CheckAuthorization", + message) < 0) + return -1; + + g_variant_get(reply, "((bba{ss}))", &is_authorized, &is_challenge, &it= er); + + while (g_variant_iter_loop(iter, "{ss}", &retkey, &retval)) { + if (STREQ(retkey, "polkit.dismissed") && STREQ(retval, "true")) is_dismissed =3D true; } =20 VIR_DEBUG("is auth %d is challenge %d", is_authorized, is_challenge); =20 - if (is_authorized) { - ret =3D 0; + if (is_authorized) + return 0; + + if (is_dismissed) { + virReportError(VIR_ERR_AUTH_CANCELLED, "%s", + _("user cancelled authentication process")); + } else if (is_challenge) { + virReportError(VIR_ERR_AUTH_UNAVAILABLE, + _("no polkit agent available to authenticate action= '%s'"), + actionid); } else { - ret =3D -2; - if (is_dismissed) - virReportError(VIR_ERR_AUTH_CANCELLED, "%s", - _("user cancelled authentication process")); - else if (is_challenge) - virReportError(VIR_ERR_AUTH_UNAVAILABLE, - _("no polkit agent available to authenticate " - "action '%s'"), - actionid); - else - virReportError(VIR_ERR_AUTH_FAILED, "%s", - _("access denied by policy")); + virReportError(VIR_ERR_AUTH_FAILED, "%s", + _("access denied by policy")); } =20 - cleanup: - virStringListFreeCount(retdetails, nretdetails); - virDBusMessageUnref(reply); - return ret; + return -2; } =20 =20 diff --git a/tests/meson.build b/tests/meson.build index 0f3e4bfdd7..75bfb3effe 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -365,11 +365,6 @@ if conf.has('WITH_DBUS') { 'name': 'virsystemdtest', 'deps': [ dbus_dep ] }, ] =20 - if conf.has('WITH_POLKIT') - tests +=3D [ - { 'name': 'virpolkittest', 'deps': [ dbus_dep ] }, - ] - endif endif =20 if conf.has('WITH_ESX') @@ -446,6 +441,12 @@ if conf.has('WITH_OPENVZ') ] endif =20 +if conf.has('WITH_POLKIT') + tests +=3D [ + { 'name': 'virpolkittest' }, + ] +endif + if conf.has('WITH_QEMU') tests +=3D [ { 'name': 'qemuagenttest', 'link_with': [ test_qemu_driver_lib, test_u= tils_qemu_monitor_lib ], 'link_whole': [ test_utils_qemu_lib ] }, diff --git a/tests/virpolkittest.c b/tests/virpolkittest.c index fe7a3b5b91..011d83a506 100644 --- a/tests/virpolkittest.c +++ b/tests/virpolkittest.c @@ -22,10 +22,8 @@ =20 #if defined(__ELF__) =20 -# include - # include "virpolkit.h" -# include "virdbus.h" +# include "virgdbus.h" # include "virlog.h" # include "virmock.h" # define VIR_FROM_THIS VIR_FROM_NONE @@ -37,54 +35,43 @@ VIR_LOG_INIT("tests.systemdtest"); # define THE_TIME 11011000001 # define THE_UID 1729 =20 -VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block, - DBusMessage *, - DBusConnection *, connection, - DBusMessage *, message, - int, timeout_milliseconds, - DBusError *, error) +VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync, + GVariant *, + GDBusConnection *, connection, + const gchar *, bus_name, + const gchar *, object_path, + const gchar *, interface_name, + const gchar *, method_name, + GVariant *, parameters, + const GVariantType *, reply_type, + GDBusCallFlags, flags, + gint, timeout_msec, + GCancellable *, cancellable, + GError **, error) { - DBusMessage *reply =3D NULL; - const char *service =3D dbus_message_get_destination(message); - const char *member =3D dbus_message_get_member(message); + GVariant *reply =3D NULL; + g_autoptr(GVariant) params =3D parameters; =20 - VIR_MOCK_REAL_INIT(dbus_connection_send_with_reply_and_block); + VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync); =20 - if (STREQ(service, "org.freedesktop.PolicyKit1") && - STREQ(member, "CheckAuthorization")) { + if (STREQ(bus_name, "org.freedesktop.PolicyKit1") && + STREQ(method_name, "CheckAuthorization")) { + g_autoptr(GVariantIter) iter =3D NULL; + GVariantBuilder builder; char *type; - char *pidkey; - unsigned int pidval; - char *timekey; - unsigned long long timeval; - char *uidkey; - int uidval; char *actionid; - char **details; - size_t detailslen; - int allowInteraction; - char *cancellationId; - const char **retdetails =3D NULL; - size_t retdetailslen =3D 0; - const char *retdetailscancelled[] =3D { - "polkit.dismissed", "true", - }; int is_authorized =3D 1; int is_challenge =3D 0; =20 - if (virDBusMessageDecode(message, - "(sa{sv})sa&{ss}us", - &type, - 3, - &pidkey, "u", &pidval, - &timekey, "t", &timeval, - &uidkey, "i", &uidval, - &actionid, - &detailslen, - &details, - &allowInteraction, - &cancellationId) < 0) - goto error; + g_variant_get(params, "((&s@a{sv})&sa{ss}@u@s)", + &type, + NULL, + &actionid, + &iter, + NULL, + NULL); + + g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}")); =20 if (STREQ(actionid, "org.libvirt.test.success")) { is_authorized =3D 1; @@ -95,17 +82,15 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_= and_block, } else if (STREQ(actionid, "org.libvirt.test.cancelled")) { is_authorized =3D 0; is_challenge =3D 0; - retdetails =3D retdetailscancelled; - retdetailslen =3D G_N_ELEMENTS(retdetailscancelled) / 2; + g_variant_builder_add(&builder, "{ss}", "polkit.dismissed", "t= rue"); } else if (STREQ(actionid, "org.libvirt.test.details")) { - size_t i; + char *key; + char *val; is_authorized =3D 0; is_challenge =3D 0; - for (i =3D 0; i < detailslen / 2; i++) { - if (STREQ(details[i * 2], - "org.libvirt.test.person") && - STREQ(details[(i * 2) + 1], - "Fred")) { + + while (g_variant_iter_loop(iter, "{ss}", &key, &val)) { + if (STREQ(key, "org.libvirt.test.person") && STREQ(val, "F= red")) { is_authorized =3D 1; is_challenge =3D 0; } @@ -115,30 +100,13 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_repl= y_and_block, is_challenge =3D 0; } =20 - VIR_FREE(type); - VIR_FREE(pidkey); - VIR_FREE(timekey); - VIR_FREE(uidkey); - VIR_FREE(actionid); - VIR_FREE(cancellationId); - virStringListFreeCount(details, detailslen); - - if (virDBusCreateReply(&reply, - "(bba&{ss})", - is_authorized, - is_challenge, - retdetailslen, - retdetails) < 0) - goto error; + reply =3D g_variant_new("((bb@a{ss}))", is_authorized, is_challeng= e, + g_variant_builder_end(&builder)); } else { - reply =3D dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + reply =3D g_variant_new("()"); } =20 return reply; - - error: - virDBusMessageUnref(reply); - return NULL; } =20 =20 @@ -322,7 +290,7 @@ mymain(void) return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } =20 -VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virdbus")) +VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virgdbus")) =20 #else /* ! __ELF__ */ int --=20 2.26.2