mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2025-01-17 23:34:07 +00:00
community/libvirt to 1.1.2-2
This commit is contained in:
parent
82c45ac41f
commit
a8454b8248
4 changed files with 402 additions and 3 deletions
|
@ -0,0 +1,156 @@
|
|||
From 02432e3afa32e9866fbf1317069b422ef552d1d4 Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Thu, 22 Aug 2013 16:00:01 +0100
|
||||
Subject: [PATCH 1/3] Also store user & group ID values in virIdentity
|
||||
|
||||
Future improvements to the polkit code will require access to
|
||||
the numeric user ID, not merely user name.
|
||||
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
|
||||
src/util/viridentity.c | 23 +++++++++++++++++++----
|
||||
src/util/viridentity.h | 2 ++
|
||||
3 files changed, 39 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
|
||||
index 83d5cf1..f30dd08 100644
|
||||
--- a/src/rpc/virnetserverclient.c
|
||||
+++ b/src/rpc/virnetserverclient.c
|
||||
@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
|
||||
char *processid = NULL;
|
||||
char *processtime = NULL;
|
||||
char *username = NULL;
|
||||
+ char *userid = NULL;
|
||||
char *groupname = NULL;
|
||||
+ char *groupid = NULL;
|
||||
#if WITH_SASL
|
||||
char *saslname = NULL;
|
||||
#endif
|
||||
@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
|
||||
|
||||
if (!(username = virGetUserName(uid)))
|
||||
goto cleanup;
|
||||
+ if (virAsprintf(&userid, "%d", uid) < 0)
|
||||
+ goto cleanup;
|
||||
if (!(groupname = virGetGroupName(gid)))
|
||||
goto cleanup;
|
||||
+ if (virAsprintf(&userid, "%d", gid) < 0)
|
||||
+ goto cleanup;
|
||||
if (virAsprintf(&processid, "%llu",
|
||||
(unsigned long long)pid) < 0)
|
||||
goto cleanup;
|
||||
@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
|
||||
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
|
||||
username) < 0)
|
||||
goto error;
|
||||
+ if (userid &&
|
||||
+ virIdentitySetAttr(ret,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
|
||||
+ userid) < 0)
|
||||
+ goto error;
|
||||
if (groupname &&
|
||||
virIdentitySetAttr(ret,
|
||||
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
|
||||
groupname) < 0)
|
||||
goto error;
|
||||
+ if (groupid &&
|
||||
+ virIdentitySetAttr(ret,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
|
||||
+ groupid) < 0)
|
||||
+ goto error;
|
||||
if (processid &&
|
||||
virIdentitySetAttr(ret,
|
||||
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
|
||||
@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
|
||||
|
||||
cleanup:
|
||||
VIR_FREE(username);
|
||||
+ VIR_FREE(userid);
|
||||
VIR_FREE(groupname);
|
||||
+ VIR_FREE(groupid);
|
||||
VIR_FREE(processid);
|
||||
VIR_FREE(processtime);
|
||||
VIR_FREE(seccontext);
|
||||
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
|
||||
index 781f660..03c375b 100644
|
||||
--- a/src/util/viridentity.c
|
||||
+++ b/src/util/viridentity.c
|
||||
@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
|
||||
virIdentityPtr virIdentityGetSystem(void)
|
||||
{
|
||||
char *username = NULL;
|
||||
+ char *userid = NULL;
|
||||
char *groupname = NULL;
|
||||
+ char *groupid = NULL;
|
||||
char *seccontext = NULL;
|
||||
virIdentityPtr ret = NULL;
|
||||
#if WITH_SELINUX
|
||||
@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
|
||||
|
||||
if (!(username = virGetUserName(getuid())))
|
||||
goto cleanup;
|
||||
+ if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
if (!(groupname = virGetGroupName(getgid())))
|
||||
goto cleanup;
|
||||
+ if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
|
||||
+ goto cleanup;
|
||||
|
||||
#if WITH_SELINUX
|
||||
if (getcon(&con) < 0) {
|
||||
@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
|
||||
if (!(ret = virIdentityNew()))
|
||||
goto cleanup;
|
||||
|
||||
- if (username &&
|
||||
- virIdentitySetAttr(ret,
|
||||
+ if (virIdentitySetAttr(ret,
|
||||
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
|
||||
username) < 0)
|
||||
goto error;
|
||||
- if (groupname &&
|
||||
- virIdentitySetAttr(ret,
|
||||
+ if (virIdentitySetAttr(ret,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
|
||||
+ userid) < 0)
|
||||
+ goto error;
|
||||
+ if (virIdentitySetAttr(ret,
|
||||
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
|
||||
groupname) < 0)
|
||||
goto error;
|
||||
+ if (virIdentitySetAttr(ret,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
|
||||
+ groupid) < 0)
|
||||
+ goto error;
|
||||
if (seccontext &&
|
||||
virIdentitySetAttr(ret,
|
||||
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
|
||||
@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
|
||||
|
||||
cleanup:
|
||||
VIR_FREE(username);
|
||||
+ VIR_FREE(userid);
|
||||
VIR_FREE(groupname);
|
||||
+ VIR_FREE(groupid);
|
||||
VIR_FREE(seccontext);
|
||||
VIR_FREE(processid);
|
||||
return ret;
|
||||
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
|
||||
index 4bae8d6..a240c2d 100644
|
||||
--- a/src/util/viridentity.h
|
||||
+++ b/src/util/viridentity.h
|
||||
@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
|
||||
|
||||
typedef enum {
|
||||
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
|
||||
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
|
||||
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
|
||||
VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
|
||||
VIR_IDENTITY_ATTR_SASL_USER_NAME,
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
From f26b6e44bf0c3efe8167a528141224ccb7623b4a Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Wed, 28 Aug 2013 15:22:05 +0100
|
||||
Subject: [PATCH 2/3] Ensure system identity includes process start time
|
||||
|
||||
The polkit access driver will want to use the process start
|
||||
time field. This was already set for network identities, but
|
||||
not for the system identity.
|
||||
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
src/util/viridentity.c | 16 ++++++++++++++++
|
||||
1 file changed, 16 insertions(+)
|
||||
|
||||
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
|
||||
index 03c375b..f681f85 100644
|
||||
--- a/src/util/viridentity.c
|
||||
+++ b/src/util/viridentity.c
|
||||
@@ -35,6 +35,7 @@
|
||||
#include "virthread.h"
|
||||
#include "virutil.h"
|
||||
#include "virstring.h"
|
||||
+#include "virprocess.h"
|
||||
|
||||
#define VIR_FROM_THIS VIR_FROM_IDENTITY
|
||||
|
||||
@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void)
|
||||
security_context_t con;
|
||||
#endif
|
||||
char *processid = NULL;
|
||||
+ unsigned long long timestamp;
|
||||
+ char *processtime = NULL;
|
||||
|
||||
if (virAsprintf(&processid, "%llu",
|
||||
(unsigned long long)getpid()) < 0)
|
||||
goto cleanup;
|
||||
|
||||
+ if (virProcessGetStartTime(getpid(), ×tamp) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (timestamp != 0 &&
|
||||
+ virAsprintf(&processtime, "%llu", timestamp) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
if (!(username = virGetUserName(getuid())))
|
||||
goto cleanup;
|
||||
if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
|
||||
@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void)
|
||||
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
|
||||
processid) < 0)
|
||||
goto error;
|
||||
+ if (processtime &&
|
||||
+ virIdentitySetAttr(ret,
|
||||
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
|
||||
+ processtime) < 0)
|
||||
+ goto error;
|
||||
|
||||
cleanup:
|
||||
VIR_FREE(username);
|
||||
@@ -206,6 +221,7 @@ cleanup:
|
||||
VIR_FREE(groupid);
|
||||
VIR_FREE(seccontext);
|
||||
VIR_FREE(processid);
|
||||
+ VIR_FREE(processtime);
|
||||
return ret;
|
||||
|
||||
error:
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -0,0 +1,159 @@
|
|||
From 4a061ec8fe94857dd21acf401c66195ec51b1234 Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Wed, 28 Aug 2013 15:25:40 +0100
|
||||
Subject: [PATCH 3/3] Add support for using 3-arg pkcheck syntax for process
|
||||
|
||||
With the existing pkcheck (pid, start time) tuple for identifying
|
||||
the process, there is a race condition, where a process can make
|
||||
a libvirt RPC call and in another thread exec a setuid application,
|
||||
causing it to change to effective UID 0. This in turn causes polkit
|
||||
to do its permission check based on the wrong UID.
|
||||
|
||||
To address this, libvirt must get the UID the caller had at time
|
||||
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
|
||||
triple to the pkcheck program.
|
||||
|
||||
Signed-off-by: Colin Walters <walters@redhat.com>
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
configure.ac | 8 ++++++++
|
||||
daemon/remote.c | 21 +++++++++++++++++---
|
||||
src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
|
||||
3 files changed, 61 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 94a2e19..3dfbb4d 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
|
||||
AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
|
||||
if test "x$PKCHECK_PATH" != "x" ; then
|
||||
AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
|
||||
+ AC_MSG_CHECKING([whether pkcheck supports uid value])
|
||||
+ pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
|
||||
+ if test "x$pkcheck_supports_uid" = "xtrue"; then
|
||||
+ AC_MSG_RESULT([yes])
|
||||
+ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
|
||||
+ else
|
||||
+ AC_MSG_RESULT([no])
|
||||
+ fi
|
||||
AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
|
||||
[use PolicyKit for UNIX socket access checks])
|
||||
AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index 03d5557..6132091 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -2731,10 +2731,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
||||
int status = -1;
|
||||
char *ident = NULL;
|
||||
bool authdismissed = 0;
|
||||
+ bool supportsuid = 0;
|
||||
char *pkout = NULL;
|
||||
struct daemonClientPrivate *priv =
|
||||
virNetServerClientGetPrivateData(client);
|
||||
virCommandPtr cmd = NULL;
|
||||
+ static bool polkitInsecureWarned = false;
|
||||
|
||||
virMutexLock(&priv->lock);
|
||||
action = virNetServerClientGetReadonly(client) ?
|
||||
@@ -2756,14 +2758,27 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
|
||||
goto authfail;
|
||||
}
|
||||
|
||||
+ if (timestamp == 0) {
|
||||
+ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
|
||||
+ (long long)callerPid);
|
||||
+ goto authfail;
|
||||
+ }
|
||||
+
|
||||
VIR_INFO("Checking PID %lld running as %d",
|
||||
(long long) callerPid, callerUid);
|
||||
|
||||
virCommandAddArg(cmd, "--process");
|
||||
- if (timestamp != 0) {
|
||||
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
|
||||
+# ifdef PKCHECK_SUPPORTS_UID
|
||||
+ supportsuid = 1;
|
||||
+# endif
|
||||
+ if (supportsuid) {
|
||||
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu", (long long) callerPid, timestamp, (unsigned long) callerUid);
|
||||
} else {
|
||||
- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
|
||||
+ if (!polkitInsecureWarned) {
|
||||
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
|
||||
+ polkitInsecureWarned = true;
|
||||
+ }
|
||||
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
|
||||
}
|
||||
virCommandAddArg(cmd, "--allow-user-interaction");
|
||||
|
||||
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
|
||||
index 4c76e64..d980820 100644
|
||||
--- a/src/access/viraccessdriverpolkit.c
|
||||
+++ b/src/access/viraccessdriverpolkit.c
|
||||
@@ -72,8 +72,12 @@ static char *
|
||||
virAccessDriverPolkitFormatProcess(const char *actionid)
|
||||
{
|
||||
virIdentityPtr identity = virIdentityGetCurrent();
|
||||
- const char *process = NULL;
|
||||
+ const char *callerPid = NULL;
|
||||
+ const char *callerTime = NULL;
|
||||
+ const char *callerUid = NULL;
|
||||
char *ret = NULL;
|
||||
+ bool supportsuid = 0;
|
||||
+ static bool polkitInsecureWarned = false;
|
||||
|
||||
if (!identity) {
|
||||
virAccessError(VIR_ERR_ACCESS_DENIED,
|
||||
@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
|
||||
actionid);
|
||||
return NULL;
|
||||
}
|
||||
- if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
|
||||
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
|
||||
+ goto cleanup;
|
||||
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
|
||||
+ goto cleanup;
|
||||
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
|
||||
goto cleanup;
|
||||
|
||||
- if (!process) {
|
||||
+ if (!callerPid) {
|
||||
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("No UNIX process ID available"));
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
- if (VIR_STRDUP(ret, process) < 0)
|
||||
+ if (!callerTime) {
|
||||
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
+ _("No UNIX process start time available"));
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ if (!callerUid) {
|
||||
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
+ _("No UNIX caller UID available"));
|
||||
goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+#ifdef PKCHECK_SUPPORTS_UID
|
||||
+ supportsuid = 1;
|
||||
+#endif
|
||||
+ if (supportsuid) {
|
||||
+ if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
|
||||
+ goto cleanup;
|
||||
+ } else {
|
||||
+ if (!polkitInsecureWarned) {
|
||||
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
|
||||
+ polkitInsecureWarned = true;
|
||||
+ }
|
||||
+ if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
cleanup:
|
||||
virObjectUnref(identity);
|
||||
--
|
||||
1.8.3.1
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
pkgname=libvirt
|
||||
pkgver=1.1.2
|
||||
pkgrel=1
|
||||
pkgrel=2
|
||||
pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)"
|
||||
arch=('i686' 'x86_64')
|
||||
url="http://libvirt.org/"
|
||||
|
@ -36,11 +36,25 @@ install="libvirt.install"
|
|||
source=("http://libvirt.org/sources/$pkgname-$pkgver.tar.gz"
|
||||
libvirtd.conf.d
|
||||
libvirtd-guests.conf.d
|
||||
libvirt.tmpfiles.d)
|
||||
libvirt.tmpfiles.d
|
||||
0001-Also-store-user-group-ID-values-in-virIdentity.patch
|
||||
0002-Ensure-system-identity-includes-process-start-time.patch
|
||||
0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch)
|
||||
md5sums=('1835bbfa492099bce12e2934870e5611'
|
||||
'3ed0e24f5b5e25bf553f5427d64915e6'
|
||||
'0a96ed876ffb1fcb9dff5a9b3a609c1e'
|
||||
'020971887442ebbf1b6949e031c8dd3f')
|
||||
'020971887442ebbf1b6949e031c8dd3f'
|
||||
'60912fc049f0e8cf8d89c919ea619415'
|
||||
'a42387495f75dd918a6c25b36eb3b428'
|
||||
'2dba51f17f37f59585852092e4c86e44')
|
||||
|
||||
prepare() {
|
||||
cd "$srcdir/$pkgname-$pkgver"
|
||||
patch -p1 <$srcdir/0001-Also-store-user-group-ID-values-in-virIdentity.patch
|
||||
patch -p1 <$srcdir/0002-Ensure-system-identity-includes-process-start-time.patch
|
||||
patch -p1 <$srcdir/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
|
||||
autoreconf
|
||||
}
|
||||
|
||||
build() {
|
||||
cd "$srcdir/$pkgname-$pkgver"
|
||||
|
|
Loading…
Reference in a new issue