Don't invoke callback with unsupported credential types

author Daniel P. Berrange <berrange@redhat.com>

Sat, 15 Dec 2007 17:15:12 +0000 (17:15 +0000)

committer Daniel P. Berrange <berrange@redhat.com>

Sat, 15 Dec 2007 17:15:12 +0000 (17:15 +0000)
author Daniel P. Berrange <berrange@redhat.com>
Sat, 15 Dec 2007 17:15:12 +0000 (17:15 +0000)
committer Daniel P. Berrange <berrange@redhat.com>
Sat, 15 Dec 2007 17:15:12 +0000 (17:15 +0000)
diff --git a/ChangeLog b/ChangeLog

index 7a6f560b820c04dbb7827f07931b560aafb54cc7..76d8811262c8a238fbff33702eb45044337eec5f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Sat Dec 15 12:12:14 EST 2007 Daniel P. Berrange <berrange@redhat.com>
+
+       * src/libvirt.c: Return error code if passed unsupported
+       credential types.
+       * src/remote_internal.c: Don't run callback if it doesn't
+       support the VIR_CRED_EXTERNAL credential type
+
  Fri Dec 14 16:50:14 CET 2007 Daniel Veillard <veillard@redhat.com>
  
         * src/xm_internal.c: patch from Saori Fukuta to fix setting
diff --git a/src/libvirt.c b/src/libvirt.c

index 2f4848e93eb99d8752cb63ef146d3b9c9bacd379..67d7e18c29f158174c77dfda768fdfe148da684c 100644 (file)
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -104,6 +104,9 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
              if (!bufptr)
                  return -1;
              break;
+
+        default:
+            return -1;
          }
  
          if (STREQ(bufptr, "") && cred[i].defresult)
diff --git a/src/remote_internal.c b/src/remote_internal.c

index b6513fb0fa12256390a1728a6e36c9723d3bc8bf..e0e735338a1b57c51cd9c040290b345ed7c5904d 100644 (file)
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -3520,6 +3520,7 @@ remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open,
                    virConnectAuthPtr auth)
  {
      remote_auth_polkit_ret ret;
+    int i, allowcb = 0;
      virConnectCredential cred = {
          VIR_CRED_EXTERNAL,
          conn->flags & VIR_CONNECT_RO ? "org.libvirt.unix.monitor" : "org.libvirt.unix.manage",
@@ -3530,12 +3531,24 @@ remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open,
      };
      remoteDebug(priv, "Client initialize PolicyKit authentication");
  
+    for (i = 0 ; i < auth->ncredtype ; i++) {
+        if (auth->credtype[i] == VIR_CRED_EXTERNAL)
+            allowcb = 1;
+    }
+
      /* Run the authentication callback */
-    if (auth && auth->cb && (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
-        __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
-                         VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
-                         "Failed to collect auth credentials");
-        return -1;
+    if (allowcb) {
+        if (auth && auth->cb &&
+            (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
+            __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                             VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+                             "Failed to collect auth credentials");
+            return -1;
+        } else {
+            remoteDebug(priv, "No auth callback provided for PolicyKit");
+        }
+    } else {
+        remoteDebug(priv, "Client auth callback does not support PolicyKit");
      }
  
      memset (&ret, 0, sizeof ret);
author	Daniel P. Berrange <berrange@redhat.com>
	Sat, 15 Dec 2007 17:15:12 +0000 (17:15 +0000)
committer	Daniel P. Berrange <berrange@redhat.com>
	Sat, 15 Dec 2007 17:15:12 +0000 (17:15 +0000)
ChangeLog		patch \| blob \| blame \| history
src/libvirt.c		patch \| blob \| blame \| history
src/remote_internal.c		patch \| blob \| blame \| history