Re: [libvirt] [PATCH 5/7] Convert remote daemon & acl code to use polkit API

Thursday, 25 September 2014

On 09/10/2014 10:20 AM, Daniel P. Berrange wrote:
...
 Convert the remote daemon auth check and the access control
 code to use the common polkit API for checking auth.

 Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt;
 ---
  daemon/remote.c                    | 235 ++-----------------------------------
  src/access/viraccessdriverpolkit.c |  91 ++++++--------
  2 files changed, 45 insertions(+), 281 deletions(-)

<...snip...>

Since this was pushed yesterday - my morning Coverity picked up on an
issue this morning...

...
 -static char *
 -virAccessDriverPolkitFormatProcess(const char *actionid)
 +static int
 +virAccessDriverPolkitGetCaller(const char *actionid,
 +                               pid_t *pid,
 +                               unsigned long long *startTime,
 +                               uid_t *uid)
  {
      virIdentityPtr identity = virIdentityGetCurrent();
 -    pid_t pid;
 -    unsigned long long startTime;
 -    uid_t uid;
 -    char *ret = NULL;
 -#ifndef PKCHECK_SUPPORTS_UID
 -    static bool polkitInsecureWarned;
 -#endif
 +    int ret = -1;

      if (!identity) {
          virAccessError(VIR_ERR_ACCESS_DENIED,
                         _("Policy kit denied action %s from
<anonymous>"),
                         actionid);
 -        return NULL;
 +        return -1;
      }
 -    if (virIdentityGetUNIXProcessID(identity, &pid) < 0)
 +    if (virIdentityGetUNIXProcessID(identity, pid) < 0) 
(1) Event deref_ptr_in_call: 	Dereferencing pointer "pid". [details]
Also see events: 	[check_after_deref]

...
          goto cleanup;
 -    if (virIdentityGetUNIXProcessTime(identity, &startTime) < 0)
 +    if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
          goto cleanup;
 -    if (virIdentityGetUNIXUserID(identity, &uid) < 0)
 +    if (virIdentityGetUNIXUserID(identity, uid) < 0)
          goto cleanup;

      if (!pid) { 
(2) Event check_after_deref: 	Null-checking "pid" suggests that it may
be null, but it has already been dereferenced on all paths leading to
the check.
Also see events: 	[deref_ptr_in_call]

Should this reference now be "(!*pid)" ?

John

...
 @@ -101,25 +99,14 @@ virAccessDriverPolkitFormatProcess(const char
*actionid)
                         _("No UNIX process ID available"));
          goto cleanup;
      }
 -    if (!startTime) {
 -        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
 -                       _("No UNIX process start time available"));
 -        goto cleanup;
 -    }

 -#ifdef PKCHECK_SUPPORTS_UID
 -    if (virAsprintf(&ret, "%llu,%llu,%llu",
 -                    (unsigned long long)pid, startTime, (unsigned long long)uid) <
0)
 +    if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
          goto cleanup;
 -#else
 -    if (!polkitInsecureWarned) {
 -        VIR_WARN("No support for caller UID with pkcheck. This deployment is known
to be insecure.");
 -        polkitInsecureWarned = true;
 -    }
 -    if (virAsprintf(&ret, "%llu,%llu",
 -                    (unsigned long long)pid, startTime) < 0)
 +
 +    if (virIdentityGetUNIXUserID(identity, uid) < 0)
          goto cleanup;
 -#endif
 +
 +    ret = 0;

   cleanup:
      virObjectUnref(identity); 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH 5/7] Convert remote daemon & acl code to use polkit API