community/libvirt/0001-Also-store-user-group-ID-values-in-virIdentity.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

From 02432e3afa32e9866fbf1317069b422ef552d1d4 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Thu, 22 Aug 2013 16:00:01 +0100
Subject: [PATCH 1/3] Also store user & group ID values in virIdentity

Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
 src/util/viridentity.c       | 23 +++++++++++++++++++----
 src/util/viridentity.h       |  2 ++
 3 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 83d5cf1..f30dd08 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
     char *processid = NULL;
     char *processtime = NULL;
     char *username = NULL;
+    char *userid = NULL;
     char *groupname = NULL;
+    char *groupid = NULL;
 #if WITH_SASL
     char *saslname = NULL;
 #endif
@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
 
         if (!(username = virGetUserName(uid)))
             goto cleanup;
+        if (virAsprintf(&userid, "%d", uid) < 0)
+            goto cleanup;
         if (!(groupname = virGetGroupName(gid)))
             goto cleanup;
+        if (virAsprintf(&userid, "%d", gid) < 0)
+            goto cleanup;
         if (virAsprintf(&processid, "%llu",
                         (unsigned long long)pid) < 0)
             goto cleanup;
@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
                            username) < 0)
         goto error;
+    if (userid &&
+        virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
+                           userid) < 0)
+        goto error;
     if (groupname &&
         virIdentitySetAttr(ret,
                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
                            groupname) < 0)
         goto error;
+    if (groupid &&
+        virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+                           groupid) < 0)
+        goto error;
     if (processid &&
         virIdentitySetAttr(ret,
                            VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
 
 cleanup:
     VIR_FREE(username);
+    VIR_FREE(userid);
     VIR_FREE(groupname);
+    VIR_FREE(groupid);
     VIR_FREE(processid);
     VIR_FREE(processtime);
     VIR_FREE(seccontext);
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 781f660..03c375b 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
 virIdentityPtr virIdentityGetSystem(void)
 {
     char *username = NULL;
+    char *userid = NULL;
     char *groupname = NULL;
+    char *groupid = NULL;
     char *seccontext = NULL;
     virIdentityPtr ret = NULL;
 #if WITH_SELINUX
@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
 
     if (!(username = virGetUserName(getuid())))
         goto cleanup;
+    if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+        goto cleanup;
+
     if (!(groupname = virGetGroupName(getgid())))
         goto cleanup;
+    if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
+        goto cleanup;
 
 #if WITH_SELINUX
     if (getcon(&con) < 0) {
@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
     if (!(ret = virIdentityNew()))
         goto cleanup;
 
-    if (username &&
-        virIdentitySetAttr(ret,
+    if (virIdentitySetAttr(ret,
                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
                            username) < 0)
         goto error;
-    if (groupname &&
-        virIdentitySetAttr(ret,
+    if (virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
+                           userid) < 0)
+        goto error;
+    if (virIdentitySetAttr(ret,
                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
                            groupname) < 0)
         goto error;
+    if (virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+                           groupid) < 0)
+        goto error;
     if (seccontext &&
         virIdentitySetAttr(ret,
                            VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
 
 cleanup:
     VIR_FREE(username);
+    VIR_FREE(userid);
     VIR_FREE(groupname);
+    VIR_FREE(groupid);
     VIR_FREE(seccontext);
     VIR_FREE(processid);
     return ret;
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 4bae8d6..a240c2d 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
 
 typedef enum {
       VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+      VIR_IDENTITY_ATTR_UNIX_USER_ID,
       VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+      VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
       VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
       VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
       VIR_IDENTITY_ATTR_SASL_USER_NAME,
-- 
1.8.3.1