diff --git a/configure.ac b/configure.ac index a0590b8b1fd78508468875ccfe9bca68818e4e60..f59996a2b9720022741d47e3bb4f10082f2cdada 100644 --- a/configure.ac +++ b/configure.ac @@ -1122,6 +1122,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH]) if test "x$PKCHECK_PATH" != "x" ; then AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program]) + AC_MSG_CHECKING([whether pkcheck supports uid value]) + pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1` + if test "x$pkcheck_supports_uid" = "xtrue"; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck]) + else + AC_MSG_RESULT([no]) + fi AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, [use PolicyKit for UNIX socket access checks]) AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1, diff --git a/daemon/remote.c b/daemon/remote.c index cf43f04640c3f228e84e726ce0eef1f3036930a0..29ec1f52f280f6f27da79c30b498a92035003e3d 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2809,10 +2809,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, int status = -1; char *ident = NULL; bool authdismissed = 0; + bool supportsuid = false; char *pkout = NULL; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virCommandPtr cmd = NULL; + static bool polkitInsecureWarned; virMutexLock(&priv->lock); action = virNetServerClientGetReadonly(client) ? @@ -2834,14 +2836,28 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, goto authfail; } + if (timestamp == 0) { + VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time", + (long long)callerPid); + goto authfail; + } + VIR_INFO("Checking PID %lld running as %d", (long long) callerPid, callerUid); virCommandAddArg(cmd, "--process"); - if (timestamp != 0) { - virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); +# ifdef PKCHECK_SUPPORTS_UID + supportsuid = true; +# endif + if (supportsuid) { + virCommandAddArgFormat(cmd, "%lld,%llu,%lu", + (long long) callerPid, timestamp, (unsigned long) callerUid); } else { - virCommandAddArgFormat(cmd, "%lld", (long long) callerPid); + if (!polkitInsecureWarned) { + VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); + polkitInsecureWarned = true; + } + virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); } virCommandAddArg(cmd, "--allow-user-interaction"); diff --git a/libvirt.spec.in b/libvirt.spec.in index e76a4305351057d103ef6843393968acd393178e..38c99afcb5a04093a5fcc7862c82e9d3e4562b71 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -474,8 +474,7 @@ BuildRequires: cyrus-sasl-devel %endif %if %{with_polkit} %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 -# Only need the binary, not -devel -BuildRequires: polkit >= 0.93 +BuildRequires: polkit-devel >= 0.93 %else BuildRequires: PolicyKit-devel >= 0.6 %endif