From nobody Fri Mar 29 07:22:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520414996159878.7343019755037; Wed, 7 Mar 2018 01:29:56 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AD06081DFA; Wed, 7 Mar 2018 09:29:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6D2B85D77F; Wed, 7 Mar 2018 09:29:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 05FD64A46D; Wed, 7 Mar 2018 09:29:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w279TZmI004910 for ; Wed, 7 Mar 2018 04:29:35 -0500 Received: by smtp.corp.redhat.com (Postfix) id 631582026990; Wed, 7 Mar 2018 09:29:35 +0000 (UTC) Received: from icr.brq.redhat.com (unknown [10.43.2.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E209B202698A for ; Wed, 7 Mar 2018 09:29:34 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 7 Mar 2018 10:29:30 +0100 Message-Id: <4bc0193e0570c9ac66592f4537173e5fa1f7fcae.1520414902.git.jtomko@redhat.com> In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/3] Remove Policy-Kit support X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 07 Mar 2018 09:29:55 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Policy-Kit has been replaced by polkit (referred to as POLKIT0 and POLKIT1 in our Makefiles). The last build fix with old Policy-Kit was in May 2013: commit <442eb2ba> and build with -Wunused-label was broken since April 2016: commit <8437130> This includes a partial revert of commit , which added an extra step to generating the policy file. Signed-off-by: J=C3=A1n Tomko --- .gitignore | 1 - m4/virt-polkit.m4 | 44 +-------- src/libvirt.c | 27 ----- src/remote/Makefile.inc.am | 24 +---- src/remote/{libvirtd.policy.in =3D> libvirtd.policy} | 6 +- src/remote/remote_driver.c | 63 ------------ src/util/Makefile.inc.am | 2 - src/util/virpolkit.c | 109 +----------------= ---- 8 files changed, 8 insertions(+), 268 deletions(-) rename src/remote/{libvirtd.policy.in =3D> libvirtd.policy} (92%) diff --git a/.gitignore b/.gitignore index 2ca7d9776..dd00fc5cc 100644 --- a/.gitignore +++ b/.gitignore @@ -135,7 +135,6 @@ /src/libvirt_lxc /src/libvirtd /src/libvirtd*.logrotate -/src/libvirtd.policy /src/locking/libxl-lockd.conf /src/locking/libxl-sanlock.conf /src/locking/lock_daemon_dispatch_stubs.h diff --git a/m4/virt-polkit.m4 b/m4/virt-polkit.m4 index 7bdbf804d..9426c7d5d 100644 --- a/m4/virt-polkit.m4 +++ b/m4/virt-polkit.m4 @@ -25,12 +25,8 @@ AC_DEFUN([LIBVIRT_ARG_POLKIT], [ AC_DEFUN([LIBVIRT_CHECK_POLKIT], [ AC_REQUIRE([LIBVIRT_CHECK_DBUS]) =20 - POLKIT_REQUIRED=3D"0.6" - POLKIT_CFLAGS=3D - POLKIT_LIBS=3D PKCHECK_PATH=3D =20 - with_polkit0=3Dno with_polkit1=3Dno =20 if test "x$with_polkit" =3D "xyes" || test "x$with_polkit" =3D "xcheck";= then @@ -56,52 +52,14 @@ AC_DEFUN([LIBVIRT_CHECK_POLKIT], [ [You must install dbus to compile libvirt with polkit-1]) fi fi - else - dnl Check for old polkit second - library + binary - PKG_CHECK_MODULES(POLKIT, polkit-dbus >=3D $POLKIT_REQUIRED, - [with_polkit=3Dyes], [ - if test "x$with_polkit" =3D "xcheck" ; then - with_polkit=3Dno - else - AC_MSG_ERROR( - [You must install PolicyKit >=3D $POLKIT_REQUIRED to compile = libvirt]) - fi - ]) - if test "x$with_polkit" =3D "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, - [use PolicyKit for UNIX socket access checks]) - AC_DEFINE_UNQUOTED([WITH_POLKIT0], 1, - [use PolicyKit for UNIX socket access checks]) - - old_CFLAGS=3D$CFLAGS - old_LIBS=3D$LIBS - CFLAGS=3D"$CFLAGS $POLKIT_CFLAGS" - LIBS=3D"$LIBS $POLKIT_LIBS" - AC_CHECK_FUNCS([polkit_context_is_caller_authorized]) - CFLAGS=3D"$old_CFLAGS" - LIBS=3D"$old_LIBS" - - AC_PATH_PROG([POLKIT_AUTH], [polkit-auth]) - if test "x$POLKIT_AUTH" !=3D "x"; then - AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of p= olkit-auth program]) - fi - with_polkit0=3D"yes" - fi fi fi =20 AM_CONDITIONAL([WITH_POLKIT], [test "x$with_polkit" =3D "xyes"]) - AM_CONDITIONAL([WITH_POLKIT0], [test "x$with_polkit0" =3D "xyes"]) AM_CONDITIONAL([WITH_POLKIT1], [test "x$with_polkit1" =3D "xyes"]) - AC_SUBST([POLKIT_CFLAGS]) - AC_SUBST([POLKIT_LIBS]) ]) =20 AC_DEFUN([LIBVIRT_RESULT_POLKIT], [ - if test "$with_polkit0" =3D "yes" ; then - msg=3D"$POLKIT_CFLAGS $POLKIT_LIBS (version 0)" - else - msg=3D"$PKCHECK_PATH (version 1)" - fi + msg=3D"$PKCHECK_PATH (version 1)" LIBVIRT_RESULT([polkit], [$with_polkit], [$msg]) ]) diff --git a/src/libvirt.c b/src/libvirt.c index 536d56f0a..b7bcf8022 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -121,28 +121,6 @@ static virSecretDriverPtr virSharedSecretDriver; static virNWFilterDriverPtr virSharedNWFilterDriver; =20 =20 -#if defined(POLKIT_AUTH) -static int -virConnectAuthGainPolkit(const char *privilege) -{ - virCommandPtr cmd; - int ret =3D -1; - - if (geteuid() =3D=3D 0) - return 0; - - cmd =3D virCommandNewArgList(POLKIT_AUTH, "--obtain", privilege, NULL); - if (virCommandRun(cmd, NULL) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virCommandFree(cmd); - return ret; -} -#endif - - static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred, unsigned int ncred, @@ -160,16 +138,11 @@ virConnectAuthCallbackDefault(virConnectCredentialPtr= cred, if (STRNEQ(cred[i].challenge, "PolicyKit")) return -1; =20 -#if defined(POLKIT_AUTH) - if (virConnectAuthGainPolkit(cred[i].prompt) < 0) - return -1; -#else /* * Ignore & carry on. Although we can't auth * directly, the user may have authenticated * themselves already outside context of libvirt */ -#endif break; } =20 diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index a6e8ecabf..12600b8bb 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -75,7 +75,7 @@ EXTRA_DIST +=3D \ remote/test_libvirtd.aug.in \ remote/libvirtd.aug \ remote/libvirtd.conf \ - remote/libvirtd.policy.in \ + remote/libvirtd.policy \ remote/libvirtd.rules \ remote/libvirtd.sasl \ remote/libvirtd.sysctl \ @@ -120,18 +120,9 @@ conf_DATA +=3D remote/libvirtd.conf CLEANFILES +=3D test_libvirtd.aug =20 if WITH_POLKIT -if WITH_POLKIT0 -policydir =3D $(datadir)/PolicyKit/policy -policyauth =3D auth_admin_keep_session -else ! WITH_POLKIT0 policydir =3D $(datadir)/polkit-1/actions -policyauth =3D auth_admin_keep -endif ! WITH_POLKIT0 endif WITH_POLKIT =20 -BUILT_SOURCES +=3D libvirtd.policy -CLEANFILES +=3D libvirtd.policy - man8_MANS +=3D libvirtd.8 =20 libvirtd_SOURCES =3D $(LIBVIRTD_SOURCES) @@ -218,20 +209,17 @@ endif ! WITH_SYSCTL if WITH_POLKIT install-polkit:: $(MKDIR_P) $(DESTDIR)$(policydir) - $(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.p= olicy -if ! WITH_POLKIT0 + $(INSTALL_DATA) $(srcdir)/remote/libvirtd.policy \ + $(DESTDIR)$(policydir)/org.libvirt.unix.policy $(MKDIR_P) $(DESTDIR)$(datadir)/polkit-1/rules.d $(INSTALL_DATA) $(srcdir)/remote/libvirtd.rules \ $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules -endif ! WITH_POLKIT0 =20 uninstall-polkit:: rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy rmdir $(DESTDIR)$(policydir) || : -if ! WITH_POLKIT0 rm -f $(DESTDIR)$(datadir)/polkit-1/rules.d/50-libvirt.rules rmdir $(DESTDIR)$(datadir)/polkit-1/rules.d || : -endif ! WITH_POLKIT0 =20 else ! WITH_POLKIT install-polkit:: @@ -267,12 +255,6 @@ install-sasl: uninstall-sasl: endif ! WITH_SASL =20 -libvirtd.policy: remote/libvirtd.policy.in $(top_builddir)/config.status - $(AM_V_GEN) sed \ - -e 's|[@]authaction[@]|$(policyauth)|g' \ - < $< > $@-t && \ - mv $@-t $@ - libvirtd.init: remote/libvirtd.init.in $(top_builddir)/config.status $(AM_V_GEN)sed \ -e 's|[@]localstatedir[@]|$(localstatedir)|g' \ diff --git a/src/remote/libvirtd.policy.in b/src/remote/libvirtd.policy similarity index 92% rename from src/remote/libvirtd.policy.in rename to src/remote/libvirtd.policy index de1aba459..e834d2432 100644 --- a/src/remote/libvirtd.policy.in +++ b/src/remote/libvirtd.policy @@ -43,9 +43,9 @@ License along with this library. If not, see - @authaction@ - @authaction@ - @authaction@ + auth_admin_keep + auth_admin_keep + auth_admin_keep diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 9ea726dc4..bf00e3210 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -4289,64 +4289,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_da= ta *priv, #endif /* WITH_SASL */ =20 =20 -#if WITH_POLKIT0 -/* Perform the PolicyKit0 authentication process */ -static int -remoteAuthPolkit0(virConnectPtr conn, struct private_data *priv, - virConnectAuthPtr auth) -{ - remote_auth_polkit_ret ret; - size_t i; - int allowcb =3D 0; - virConnectCredential cred =3D { - VIR_CRED_EXTERNAL, - conn->flags & VIR_CONNECT_RO ? "org.libvirt.unix.monitor" : "org.l= ibvirt.unix.manage", - "PolicyKit", - NULL, - NULL, - 0, - }; - VIR_DEBUG("Client initialize PolicyKit-0 authentication"); - - /* We only make it here if auth already failed - * Ask client to obtain it and check again. */ - if (auth && auth->cb) { - /* Check if the necessary credential type for PolicyKit is support= ed */ - for (i =3D 0; i < auth->ncredtype; i++) { - if (auth->credtype[i] =3D=3D VIR_CRED_EXTERNAL) - allowcb =3D 1; - } - - if (allowcb) { - VIR_DEBUG("Client run callback for PolicyKit authentication"); - /* Run the authentication callback */ - if ((*(auth->cb))(&cred, 1, auth->cbdata) < 0) { - virReportError(VIR_ERR_AUTH_FAILED, "%s", - _("Failed to collect auth credentials")); - return -1; - } - } else { - VIR_DEBUG("Client auth callback does not support PolicyKit"); - return -1; - } - } else { - VIR_DEBUG("No auth callback provided"); - return -1; - } - - memset(&ret, 0, sizeof(ret)); - if (call(conn, priv, 0, REMOTE_PROC_AUTH_POLKIT, - (xdrproc_t) xdr_void, (char *)NULL, - (xdrproc_t) xdr_remote_auth_polkit_ret, (char *) &ret) !=3D 0= ) { - return -1; /* virError already set by call */ - } - - out: - VIR_DEBUG("PolicyKit-0 authentication complete"); - return 0; -} -#endif /* WITH_POLKIT0 */ - static int remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, virConnectAuthPtr auth ATTRIBUTE_UNUSED) @@ -4361,11 +4303,6 @@ remoteAuthPolkit(virConnectPtr conn, struct private_= data *priv, return -1; /* virError already set by call */ } =20 -#if WITH_POLKIT0 - if (remoteAuthPolkit0(conn, priv, auth) < 0) - return -1; -#endif /* WITH_POLKIT0 */ - VIR_DEBUG("PolicyKit authentication complete"); return 0; } diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am index a91b30dca..3f9d1164b 100644 --- a/src/util/Makefile.inc.am +++ b/src/util/Makefile.inc.am @@ -251,7 +251,6 @@ libvirt_util_la_CFLAGS =3D \ $(DBUS_CFLAGS) \ $(LDEXP_LIBM) \ $(NUMACTL_CFLAGS) \ - $(POLKIT_CFLAGS) \ $(GNUTLS_CFLAGS) \ $(ACL_CFLAGS) \ $(NULL) @@ -269,7 +268,6 @@ libvirt_util_la_LIBADD =3D \ $(SECDRIVER_LIBS) \ $(NUMACTL_LIBS) \ $(ACL_LIBS) \ - $(POLKIT_LIBS) \ $(GNUTLS_LIBS) \ $(NULL) =20 diff --git a/src/util/virpolkit.c b/src/util/virpolkit.c index 4559431ba..2e8660188 100644 --- a/src/util/virpolkit.c +++ b/src/util/virpolkit.c @@ -22,11 +22,6 @@ #include #include =20 -#if WITH_POLKIT0 -# include -# include -#endif - #include "virpolkit.h" #include "virerror.h" #include "virlog.h" @@ -211,109 +206,7 @@ virPolkitAgentCreate(void) } =20 =20 -#elif WITH_POLKIT0 -int virPolkitCheckAuth(const char *actionid, - pid_t pid, - unsigned long long startTime ATTRIBUTE_UNUSED, - uid_t uid, - const char **details, - bool allowInteraction ATTRIBUTE_UNUSED) -{ - PolKitCaller *pkcaller =3D NULL; - PolKitAction *pkaction =3D NULL; - PolKitContext *pkcontext =3D NULL; - PolKitError *pkerr =3D NULL; - PolKitResult pkresult; - DBusError err; - DBusConnection *sysbus; - int ret =3D -1; - - if (details) { - virReportError(VIR_ERR_AUTH_FAILED, "%s", - _("Details not supported with polkit v0")); - return -1; - } - - if (!(sysbus =3D virDBusGetSystemBus())) - goto cleanup; - - VIR_INFO("Checking PID %lld running as %d", - (long long) pid, uid); - dbus_error_init(&err); - if (!(pkcaller =3D polkit_caller_new_from_pid(sysbus, - pid, &err))) { - VIR_DEBUG("Failed to lookup policy kit caller: %s", err.message); - dbus_error_free(&err); - goto cleanup; - } - - if (!(pkaction =3D polkit_action_new())) { - char ebuf[1024]; - VIR_DEBUG("Failed to create polkit action %s", - virStrerror(errno, ebuf, sizeof(ebuf))); - goto cleanup; - } - polkit_action_set_action_id(pkaction, actionid); - - if (!(pkcontext =3D polkit_context_new()) || - !polkit_context_init(pkcontext, &pkerr)) { - char ebuf[1024]; - VIR_DEBUG("Failed to create polkit context %s", - (pkerr ? polkit_error_get_error_message(pkerr) - : virStrerror(errno, ebuf, sizeof(ebuf)))); - if (pkerr) - polkit_error_free(pkerr); - dbus_error_free(&err); - goto cleanup; - } - -# if HAVE_POLKIT_CONTEXT_IS_CALLER_AUTHORIZED - pkresult =3D polkit_context_is_caller_authorized(pkcontext, - pkaction, - pkcaller, - 0, - &pkerr); - if (pkerr && polkit_error_is_set(pkerr)) { - VIR_DEBUG("Policy kit failed to check authorization %d %s", - polkit_error_get_error_code(pkerr), - polkit_error_get_error_message(pkerr)); - goto cleanup; - } -# else - pkresult =3D polkit_context_can_caller_do_action(pkcontext, - pkaction, - pkcaller); -# endif - if (pkresult !=3D POLKIT_RESULT_YES) { - VIR_DEBUG("Policy kit denied action %s from pid %lld, uid %d, resu= lt: %s", - actionid, (long long) pid, uid, - polkit_result_to_string_representation(pkresult)); - ret =3D -2; - goto cleanup; - } - - VIR_DEBUG("Policy allowed action %s from pid %lld, uid %d", - actionid, (long long)pid, (int)uid); - - ret =3D 0; - - cleanup: - if (ret < 0) { - virResetLastError(); - virReportError(VIR_ERR_AUTH_FAILED, "%s", - _("authentication failed")); - } - if (pkcontext) - polkit_context_unref(pkcontext); - if (pkcaller) - polkit_caller_unref(pkcaller); - if (pkaction) - polkit_action_unref(pkaction); - return ret; -} - - -#else /* ! WITH_POLKIT1 && ! WITH_POLKIT0 */ +#else /* ! WITH_POLKIT1 */ =20 int virPolkitCheckAuth(const char *actionid ATTRIBUTE_UNUSED, pid_t pid ATTRIBUTE_UNUSED, --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Mar 29 07:22:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520414981965902.8144280445598; Wed, 7 Mar 2018 01:29:41 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 883577FEB4; Wed, 7 Mar 2018 09:29:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 588195D753; Wed, 7 Mar 2018 09:29:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E5961181B9FC; Wed, 7 Mar 2018 09:29:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w279TaNZ004916 for ; Wed, 7 Mar 2018 04:29:36 -0500 Received: by smtp.corp.redhat.com (Postfix) id 00FCA2026990; Wed, 7 Mar 2018 09:29:36 +0000 (UTC) Received: from icr.brq.redhat.com (unknown [10.43.2.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9CF1A202698A for ; Wed, 7 Mar 2018 09:29:35 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 7 Mar 2018 10:29:31 +0100 Message-Id: In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/3] Merge WITH_POLKIT1 and WITH_POLKIT X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 07 Mar 2018 09:29:40 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 There is just one polkit now. Signed-off-by: J=C3=A1n Tomko Reviewed-by: Andrea Bolognani --- m4/virt-polkit.m4 | 6 ------ src/access/Makefile.inc.am | 6 +++--- src/access/viraccessmanager.c | 4 ++-- src/util/virpolkit.c | 6 +++--- tests/Makefile.am | 4 ++-- 5 files changed, 10 insertions(+), 16 deletions(-) diff --git a/m4/virt-polkit.m4 b/m4/virt-polkit.m4 index 9426c7d5d..5c2a3c1e3 100644 --- a/m4/virt-polkit.m4 +++ b/m4/virt-polkit.m4 @@ -27,8 +27,6 @@ AC_DEFUN([LIBVIRT_CHECK_POLKIT], [ =20 PKCHECK_PATH=3D =20 - with_polkit1=3Dno - if test "x$with_polkit" =3D "xyes" || test "x$with_polkit" =3D "xcheck";= then dnl Check for new polkit first. We directly talk over DBus dnl but we use existence of pkcheck binary as a sign that @@ -40,10 +38,7 @@ AC_DEFUN([LIBVIRT_CHECK_POLKIT], [ if test "x$with_dbus" =3D "xyes" ; then AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, [use PolicyKit for UNIX socket access checks]) - AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1, - [use PolicyKit for UNIX socket access checks]) with_polkit=3D"yes" - with_polkit1=3D"yes" else if test "x$with_polkit" =3D "xcheck" ; then with_polkit=3Dno @@ -56,7 +51,6 @@ AC_DEFUN([LIBVIRT_CHECK_POLKIT], [ fi =20 AM_CONDITIONAL([WITH_POLKIT], [test "x$with_polkit" =3D "xyes"]) - AM_CONDITIONAL([WITH_POLKIT1], [test "x$with_polkit1" =3D "xyes"]) ]) =20 AC_DEFUN([LIBVIRT_RESULT_POLKIT], [ diff --git a/src/access/Makefile.inc.am b/src/access/Makefile.inc.am index c68ba5f04..6d57ca1a1 100644 --- a/src/access/Makefile.inc.am +++ b/src/access/Makefile.inc.am @@ -64,7 +64,7 @@ $(ACCESS_DRIVER_POLKIT_POLICY): $(srcdir)/access/viracces= sperm.h \ $(srcdir)/access/genpolkit.pl Makefile.am $(AM_V_GEN)$(PERL) $(srcdir)/access/genpolkit.pl < $< > $@ || rm -f $@ =20 -if WITH_POLKIT1 +if WITH_POLKIT libvirt_driver_access_la_SOURCES +=3D $(ACCESS_DRIVER_POLKIT_SOURCES) =20 polkitactiondir =3D $(datadir)/polkit-1/actions @@ -74,9 +74,9 @@ endif WITH_LIBVIRTD =20 CLEANFILES +=3D $(ACCESS_DRIVER_POLKIT_POLICY) BUILT_SOURCES +=3D $(ACCESS_DRIVER_POLKIT_POLICY) -else ! WITH_POLKIT1 +else ! WITH_POLKIT EXTRA_DIST +=3D $(ACCESS_DRIVER_POLKIT_SOURCES) -endif ! WITH_POLKIT1 +endif ! WITH_POLKIT =20 =20 BUILT_SOURCES +=3D \ diff --git a/src/access/viraccessmanager.c b/src/access/viraccessmanager.c index cbfefb9d4..c268ec57f 100644 --- a/src/access/viraccessmanager.c +++ b/src/access/viraccessmanager.c @@ -23,7 +23,7 @@ #include "viraccessmanager.h" #include "viraccessdrivernop.h" #include "viraccessdriverstack.h" -#if WITH_POLKIT1 +#if WITH_POLKIT # include "viraccessdriverpolkit.h" #endif #include "viralloc.h" @@ -112,7 +112,7 @@ static virAccessManagerPtr virAccessManagerNewDriver(vi= rAccessDriverPtr drv) =20 static virAccessDriverPtr accessDrivers[] =3D { &accessDriverNop, -#if WITH_POLKIT1 +#if WITH_POLKIT &accessDriverPolkit, #endif }; diff --git a/src/util/virpolkit.c b/src/util/virpolkit.c index 2e8660188..198439cea 100644 --- a/src/util/virpolkit.c +++ b/src/util/virpolkit.c @@ -35,7 +35,7 @@ =20 VIR_LOG_INIT("util.polkit"); =20 -#if WITH_POLKIT1 +#if WITH_POLKIT =20 struct _virPolkitAgent { virCommandPtr cmd; @@ -206,7 +206,7 @@ virPolkitAgentCreate(void) } =20 =20 -#else /* ! WITH_POLKIT1 */ +#else /* ! WITH_POLKIT */ =20 int virPolkitCheckAuth(const char *actionid ATTRIBUTE_UNUSED, pid_t pid ATTRIBUTE_UNUSED, @@ -236,4 +236,4 @@ virPolkitAgentCreate(void) _("polkit text authentication agent unavailable")); return NULL; } -#endif /* WITH_POLKIT1 */ +#endif /* WITH_POLKIT */ diff --git a/tests/Makefile.am b/tests/Makefile.am index d794df3e5..6ca34092c 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -250,9 +250,9 @@ test_programs +=3D virdbustest \ virsystemdtest \ $(NULL) test_libraries +=3D virdbusmock.la -if WITH_POLKIT1 +if WITH_POLKIT test_programs +=3D virpolkittest -endif WITH_POLKIT1 +endif WITH_POLKIT endif WITH_DBUS =20 if WITH_SECDRIVER_SELINUX --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Mar 29 07:22:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520414991589692.2244408174528; Wed, 7 Mar 2018 01:29:51 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CC3CE2D268A; Wed, 7 Mar 2018 09:29:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9F5E05D780; Wed, 7 Mar 2018 09:29:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 42DA34A46F; Wed, 7 Mar 2018 09:29:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w279TaDE004921 for ; Wed, 7 Mar 2018 04:29:36 -0500 Received: by smtp.corp.redhat.com (Postfix) id 933612026990; Wed, 7 Mar 2018 09:29:36 +0000 (UTC) Received: from icr.brq.redhat.com (unknown [10.43.2.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3AFC4202698A for ; Wed, 7 Mar 2018 09:29:36 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Wed, 7 Mar 2018 10:29:32 +0100 Message-Id: <954ea690d87d8cb47e9dedf836c195cc144dae1f.1520414902.git.jtomko@redhat.com> In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/3] Do not check for pkcheck X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 07 Mar 2018 09:29:50 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 All we need is DBus. Signed-off-by: J=C3=A1n Tomko --- m4/virt-polkit.m4 | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/m4/virt-polkit.m4 b/m4/virt-polkit.m4 index 5c2a3c1e3..1016df4b3 100644 --- a/m4/virt-polkit.m4 +++ b/m4/virt-polkit.m4 @@ -25,27 +25,19 @@ AC_DEFUN([LIBVIRT_ARG_POLKIT], [ AC_DEFUN([LIBVIRT_CHECK_POLKIT], [ AC_REQUIRE([LIBVIRT_CHECK_DBUS]) =20 - PKCHECK_PATH=3D - if test "x$with_polkit" =3D "xyes" || test "x$with_polkit" =3D "xcheck";= then - dnl Check for new polkit first. We directly talk over DBus - dnl but we use existence of pkcheck binary as a sign that - dnl we should prefer polkit-1 over polkit-0, so we check - dnl for it even though we don't ultimately use it - AC_PATH_PROG([PKCHECK_PATH], [pkcheck], [], [$LIBVIRT_SBIN_PATH]) - if test "x$PKCHECK_PATH" !=3D "x" ; then - dnl Found pkcheck, so ensure dbus-devel is present - if test "x$with_dbus" =3D "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, - [use PolicyKit for UNIX socket access checks]) - with_polkit=3D"yes" + dnl All we need to talk to polkit is DBus, no need to check + dnl for anything else. + if test "x$with_dbus" =3D "xyes" ; then + AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, + [use PolicyKit for UNIX socket access checks]) + with_polkit=3D"yes" + else + if test "x$with_polkit" =3D "xcheck" ; then + with_polkit=3Dno else - if test "x$with_polkit" =3D "xcheck" ; then - with_polkit=3Dno - else - AC_MSG_ERROR( - [You must install dbus to compile libvirt with polkit-1]) - fi + AC_MSG_ERROR( + [You must install dbus to compile libvirt with polkit-1]) fi fi fi --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list