archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2025-03-19 00:21:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

community/libvirt to 1.1.2-2

Browse source
This commit is contained in:
Kevin Mihelich 2013-09-25 14:20:50 +00:00
parent 82c45ac41f
commit a8454b8248
4 changed files with 402 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

156
community/libvirt/0001-Also-store-user-group-ID-values-in-virIdentity.patch Normal file
View file

@ -0,0 +1,156 @@
From 02432e3afa32e9866fbf1317069b422ef552d1d4 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Thu, 22 Aug 2013 16:00:01 +0100
Subject: [PATCH 1/3] Also store user & group ID values in virIdentity
Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
src/util/viridentity.c | 23 +++++++++++++++++++----
src/util/viridentity.h | 2 ++
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 83d5cf1..f30dd08 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
char *processid = NULL;
char *processtime = NULL;
char *username = NULL;
+ char *userid = NULL;
char *groupname = NULL;
+ char *groupid = NULL;
#if WITH_SASL
char *saslname = NULL;
#endif
@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
if (!(username = virGetUserName(uid)))
goto cleanup;
+ if (virAsprintf(&userid, "%d", uid) < 0)
+ goto cleanup;
if (!(groupname = virGetGroupName(gid)))
goto cleanup;
+ if (virAsprintf(&userid, "%d", gid) < 0)
+ goto cleanup;
if (virAsprintf(&processid, "%llu",
(unsigned long long)pid) < 0)
goto cleanup;
@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
username) < 0)
goto error;
+ if (userid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ userid) < 0)
+ goto error;
if (groupname &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
groupname) < 0)
goto error;
+ if (groupid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ groupid) < 0)
+ goto error;
if (processid &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
cleanup:
VIR_FREE(username);
+ VIR_FREE(userid);
VIR_FREE(groupname);
+ VIR_FREE(groupid);
VIR_FREE(processid);
VIR_FREE(processtime);
VIR_FREE(seccontext);
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 781f660..03c375b 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
virIdentityPtr virIdentityGetSystem(void)
{
char *username = NULL;
+ char *userid = NULL;
char *groupname = NULL;
+ char *groupid = NULL;
char *seccontext = NULL;
virIdentityPtr ret = NULL;
#if WITH_SELINUX
@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
if (!(username = virGetUserName(getuid())))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+ goto cleanup;
+
if (!(groupname = virGetGroupName(getgid())))
goto cleanup;
+ if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
+ goto cleanup;
#if WITH_SELINUX
if (getcon(&con) < 0) {
@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
if (!(ret = virIdentityNew()))
goto cleanup;
- if (username &&
- virIdentitySetAttr(ret,
+ if (virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
username) < 0)
goto error;
- if (groupname &&
- virIdentitySetAttr(ret,
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ userid) < 0)
+ goto error;
+ if (virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
groupname) < 0)
goto error;
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ groupid) < 0)
+ goto error;
if (seccontext &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
cleanup:
VIR_FREE(username);
+ VIR_FREE(userid);
VIR_FREE(groupname);
+ VIR_FREE(groupid);
VIR_FREE(seccontext);
VIR_FREE(processid);
return ret;
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 4bae8d6..a240c2d 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
typedef enum {
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
VIR_IDENTITY_ATTR_SASL_USER_NAME,
--
1.8.3.1

70
community/libvirt/0002-Ensure-system-identity-includes-process-start-time.patch Normal file
View file

@ -0,0 +1,70 @@
From f26b6e44bf0c3efe8167a528141224ccb7623b4a Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 28 Aug 2013 15:22:05 +0100
Subject: [PATCH 2/3] Ensure system identity includes process start time
The polkit access driver will want to use the process start
time field. This was already set for network identities, but
not for the system identity.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
src/util/viridentity.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 03c375b..f681f85 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -35,6 +35,7 @@
#include "virthread.h"
#include "virutil.h"
#include "virstring.h"
+#include "virprocess.h"
#define VIR_FROM_THIS VIR_FROM_IDENTITY
@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void)
security_context_t con;
#endif
char *processid = NULL;
+ unsigned long long timestamp;
+ char *processtime = NULL;
if (virAsprintf(&processid, "%llu",
(unsigned long long)getpid()) < 0)
goto cleanup;
+ if (virProcessGetStartTime(getpid(), &timestamp) < 0)
+ goto cleanup;
+
+ if (timestamp != 0 &&
+ virAsprintf(&processtime, "%llu", timestamp) < 0)
+ goto cleanup;
+
if (!(username = virGetUserName(getuid())))
goto cleanup;
if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void)
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
processid) < 0)
goto error;
+ if (processtime &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
+ processtime) < 0)
+ goto error;
cleanup:
VIR_FREE(username);
@@ -206,6 +221,7 @@ cleanup:
VIR_FREE(groupid);
VIR_FREE(seccontext);
VIR_FREE(processid);
+ VIR_FREE(processtime);
return ret;
error:
--
1.8.3.1

159
community/libvirt/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch Normal file
View file

@ -0,0 +1,159 @@
From 4a061ec8fe94857dd21acf401c66195ec51b1234 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 28 Aug 2013 15:25:40 +0100
Subject: [PATCH 3/3] Add support for using 3-arg pkcheck syntax for process
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.
To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.
Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
configure.ac | 8 ++++++++
daemon/remote.c | 21 +++++++++++++++++---
src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
3 files changed, 61 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 94a2e19..3dfbb4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
if test "x$PKCHECK_PATH" != "x" ; then
AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
+ AC_MSG_CHECKING([whether pkcheck supports uid value])
+ pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+ if test "x$pkcheck_supports_uid" = "xtrue"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
+ else
+ AC_MSG_RESULT([no])
+ fi
AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
[use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
diff --git a/daemon/remote.c b/daemon/remote.c
index 03d5557..6132091 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2731,10 +2731,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
int status = -1;
char *ident = NULL;
bool authdismissed = 0;
+ bool supportsuid = 0;
char *pkout = NULL;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
virCommandPtr cmd = NULL;
+ static bool polkitInsecureWarned = false;
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?
@@ -2756,14 +2758,27 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
goto authfail;
}
+ if (timestamp == 0) {
+ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
+ (long long)callerPid);
+ goto authfail;
+ }
+
VIR_INFO("Checking PID %lld running as %d",
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
- if (timestamp != 0) {
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = 1;
+# endif
+ if (supportsuid) {
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu", (long long) callerPid, timestamp, (unsigned long) callerUid);
} else {
- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
}
virCommandAddArg(cmd, "--allow-user-interaction");
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 4c76e64..d980820 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -72,8 +72,12 @@ static char *
virAccessDriverPolkitFormatProcess(const char *actionid)
{
virIdentityPtr identity = virIdentityGetCurrent();
- const char *process = NULL;
+ const char *callerPid = NULL;
+ const char *callerTime = NULL;
+ const char *callerUid = NULL;
char *ret = NULL;
+ bool supportsuid = 0;
+ static bool polkitInsecureWarned = false;
if (!identity) {
virAccessError(VIR_ERR_ACCESS_DENIED,
@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
actionid);
return NULL;
}
- if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
+ goto cleanup;
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
+ goto cleanup;
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
goto cleanup;
- if (!process) {
+ if (!callerPid) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX process ID available"));
goto cleanup;
}
-
- if (VIR_STRDUP(ret, process) < 0)
+ if (!callerTime) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX process start time available"));
+ goto cleanup;
+ }
+ if (!callerUid) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX caller UID available"));
goto cleanup;
+ }
+
+#ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = 1;
+#endif
+ if (supportsuid) {
+ if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
+ goto cleanup;
+ } else {
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
+ goto cleanup;
+ }
cleanup:
virObjectUnref(identity);
--
1.8.3.1

20
community/libvirt/PKGBUILD
View file

@ -7,7 +7,7 @@
pkgname=libvirt pkgname=libvirt
pkgver=1.1.2 pkgver=1.1.2
pkgrel=1 pkgrel=2
pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)" pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)"
arch=('i686' 'x86_64') arch=('i686' 'x86_64')
url="http://libvirt.org/" url="http://libvirt.org/"
@ -36,11 +36,25 @@ install="libvirt.install"
source=("http://libvirt.org/sources/$pkgname-$pkgver.tar.gz" source=("http://libvirt.org/sources/$pkgname-$pkgver.tar.gz"
libvirtd.conf.d libvirtd.conf.d
libvirtd-guests.conf.d libvirtd-guests.conf.d
libvirt.tmpfiles.d) libvirt.tmpfiles.d
0001-Also-store-user-group-ID-values-in-virIdentity.patch
0002-Ensure-system-identity-includes-process-start-time.patch
0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch)
md5sums=('1835bbfa492099bce12e2934870e5611' md5sums=('1835bbfa492099bce12e2934870e5611'
'3ed0e24f5b5e25bf553f5427d64915e6' '3ed0e24f5b5e25bf553f5427d64915e6'
'0a96ed876ffb1fcb9dff5a9b3a609c1e' '0a96ed876ffb1fcb9dff5a9b3a609c1e'
'020971887442ebbf1b6949e031c8dd3f') '020971887442ebbf1b6949e031c8dd3f'
'60912fc049f0e8cf8d89c919ea619415'
'a42387495f75dd918a6c25b36eb3b428'
'2dba51f17f37f59585852092e4c86e44')
prepare() {
cd "$srcdir/$pkgname-$pkgver"
patch -p1 <$srcdir/0001-Also-store-user-group-ID-values-in-virIdentity.patch
patch -p1 <$srcdir/0002-Ensure-system-identity-includes-process-start-time.patch
patch -p1 <$srcdir/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
autoreconf
}
build() { build() {
cd "$srcdir/$pkgname-$pkgver" cd "$srcdir/$pkgname-$pkgver"