/** * virIdentityGetSystem: * * Returns an identity that represents the system itself. * This is the identity that the process is running as * * Returns a reference to the system identity, or NULL */ virIdentityPtr virIdentityGetSystem(void) { char *username = NULL; char *groupname = NULL; char *seccontext = NULL; virIdentityPtr ret = NULL; #if WITH_SELINUX security_context_t con; #endif if (!(username = virGetUserName(getuid()))) goto cleanup; if (!(groupname = virGetGroupName(getgid()))) goto cleanup; #if WITH_SELINUX if (getcon(&con) < 0) { virReportSystemError(errno, "%s", _("Unable to lookup SELinux process context")); goto cleanup; } if (VIR_STRDUP(seccontext, con) < 0) { freecon(con); goto cleanup; } freecon(con); #endif if (!(ret = virIdentityNew())) goto cleanup; if (username && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0) goto error; if (groupname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0) goto error; if (seccontext && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SELINUX_CONTEXT, seccontext) < 0) goto error; cleanup: VIR_FREE(username); VIR_FREE(groupname); VIR_FREE(seccontext); return ret; error: virObjectUnref(ret); ret = NULL; goto cleanup; }
/** * virIdentityGetSystem: * * Returns an identity that represents the system itself. * This is the identity that the process is running as * * Returns a reference to the system identity, or NULL */ virIdentityPtr virIdentityGetSystem(void) { VIR_AUTOFREE(char *) username = NULL; VIR_AUTOFREE(char *) groupname = NULL; unsigned long long startTime; virIdentityPtr ret = NULL; #if WITH_SELINUX security_context_t con; #endif if (!(ret = virIdentityNew())) goto error; if (virIdentitySetUNIXProcessID(ret, getpid()) < 0) goto error; if (virProcessGetStartTime(getpid(), &startTime) < 0) goto error; if (startTime != 0 && virIdentitySetUNIXProcessTime(ret, startTime) < 0) goto error; if (!(username = virGetUserName(geteuid()))) return ret; if (virIdentitySetUNIXUserName(ret, username) < 0) goto error; if (virIdentitySetUNIXUserID(ret, getuid()) < 0) goto error; if (!(groupname = virGetGroupName(getegid()))) return ret; if (virIdentitySetUNIXGroupName(ret, groupname) < 0) goto error; if (virIdentitySetUNIXGroupID(ret, getgid()) < 0) goto error; #if WITH_SELINUX if (is_selinux_enabled() > 0) { if (getcon(&con) < 0) { virReportSystemError(errno, "%s", _("Unable to lookup SELinux process context")); return ret; } if (virIdentitySetSELinuxContext(ret, con) < 0) { freecon(con); goto error; } freecon(con); } #endif return ret; error: virObjectUnref(ret); return NULL; }
static virIdentityPtr virNetServerClientCreateIdentity(virNetServerClientPtr client) { char *username = NULL; char *groupname = NULL; char *seccontext = NULL; virIdentityPtr ret = NULL; if (!(ret = virIdentityNew())) goto error; if (client->sock && virNetSocketIsLocal(client->sock)) { gid_t gid; uid_t uid; pid_t pid; unsigned long long timestamp; if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid, ×tamp) < 0) goto error; if (!(username = virGetUserName(uid))) goto error; if (virIdentitySetUNIXUserName(ret, username) < 0) goto error; if (virIdentitySetUNIXUserID(ret, uid) < 0) goto error; if (!(groupname = virGetGroupName(gid))) goto error; if (virIdentitySetUNIXGroupName(ret, groupname) < 0) goto error; if (virIdentitySetUNIXGroupID(ret, gid) < 0) goto error; if (virIdentitySetUNIXProcessID(ret, pid) < 0) goto error; if (virIdentitySetUNIXProcessTime(ret, timestamp) < 0) goto error; } #if WITH_SASL if (client->sasl) { const char *identity = virNetSASLSessionGetIdentity(client->sasl); if (virIdentitySetSASLUserName(ret, identity) < 0) goto error; } #endif #if WITH_GNUTLS if (client->tls) { const char *identity = virNetTLSSessionGetX509DName(client->tls); if (virIdentitySetX509DName(ret, identity) < 0) goto error; } #endif if (client->sock && virNetSocketGetSELinuxContext(client->sock, &seccontext) < 0) goto error; if (seccontext && virIdentitySetSELinuxContext(ret, seccontext) < 0) goto error; cleanup: VIR_FREE(username); VIR_FREE(groupname); VIR_FREE(seccontext); return ret; error: virObjectUnref(ret); ret = NULL; goto cleanup; }
static virIdentityPtr virNetServerClientCreateIdentity(virNetServerClientPtr client) { char *processid = NULL; char *processtime = NULL; char *username = NULL; char *userid = NULL; char *groupname = NULL; char *groupid = NULL; #if WITH_SASL char *saslname = NULL; #endif #if WITH_GNUTLS char *x509dname = NULL; #endif char *seccontext = NULL; virIdentityPtr ret = NULL; if (client->sock && virNetSocketIsLocal(client->sock)) { gid_t gid; uid_t uid; pid_t pid; unsigned long long timestamp; if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid, ×tamp) < 0) goto cleanup; if (!(username = virGetUserName(uid))) goto cleanup; if (virAsprintf(&userid, "%d", (int)uid) < 0) goto cleanup; if (!(groupname = virGetGroupName(gid))) goto cleanup; if (virAsprintf(&groupid, "%d", (int)gid) < 0) goto cleanup; if (virAsprintf(&processid, "%llu", (unsigned long long)pid) < 0) goto cleanup; if (virAsprintf(&processtime, "%llu", timestamp) < 0) goto cleanup; } #if WITH_SASL if (client->sasl) { const char *identity = virNetSASLSessionGetIdentity(client->sasl); if (VIR_STRDUP(saslname, identity) < 0) goto cleanup; } #endif #if WITH_GNUTLS if (client->tls) { const char *identity = virNetTLSSessionGetX509DName(client->tls); if (VIR_STRDUP(x509dname, identity) < 0) goto cleanup; } #endif if (client->sock && virNetSocketGetSELinuxContext(client->sock, &seccontext) < 0) goto cleanup; if (!(ret = virIdentityNew())) goto cleanup; if (username && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0) goto error; if (userid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_ID, userid) < 0) goto error; if (groupname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0) goto error; if (groupid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_ID, groupid) < 0) goto error; if (processid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0) goto error; if (processtime && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, processtime) < 0) goto error; #if WITH_SASL if (saslname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SASL_USER_NAME, saslname) < 0) goto error; #endif #if WITH_GNUTLS if (x509dname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, x509dname) < 0) goto error; #endif if (seccontext && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SELINUX_CONTEXT, seccontext) < 0) goto error; cleanup: VIR_FREE(username); VIR_FREE(userid); VIR_FREE(groupname); VIR_FREE(groupid); VIR_FREE(processid); VIR_FREE(processtime); VIR_FREE(seccontext); #if WITH_SASL VIR_FREE(saslname); #endif #if WITH_GNUTLS VIR_FREE(x509dname); #endif return ret; error: virObjectUnref(ret); ret = NULL; goto cleanup; }