Use per-user TLS certificates when possible

When using TLS authentication and operating as the non-root user,
initially attempt to use that specific user's TLS certificates before
attempting to use the system wide TLS certificates.

Signed-off-by: Doug Goldstein <cardoe@cardoe.com>

diff --git a/.mailmap b/.mailmap
index f73e26b9e331cd6593f65986ec6a6a98024212af..62bc228054a1fc36a8dbe33c8f0718c1b0488fe9 100644 (file)
--- a/.mailmap
+++ b/.mailmap
@@ -19,3 +19,4 @@
 <soren@linux2go.dk> <soren@canonical.com>
 <cfergeau@redhat.com> <teuf@gnome.org>
 <wency@cn.fujitsu.com> <wency cn fujitsu com>
+<cardoe@cardoe.com> <cardoe@gentoo.org>

diff --git a/AUTHORS b/AUTHORS
index a1e93db6bd65e2071f90ae0c0fcc5b2cb0c5316c..e8c9a10dd7e826c34c4043921af4336d4ced08f2 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -81,7 +81,7 @@ Patches have also been contributed by:
   Serge E. Hallyn      <serue@us.ibm.com>
   Soren Hansen         <soren@linux2go.dk>
   Abel Míguez Rodríguez<amiguezr@pdi.ucm.es>
-  Doug Goldstein       <cardoe@gentoo.org>
+  Doug Goldstein       <cardoe@cardoe.com>
   Javier Fontan        <jfontan@gmail.com>
   Federico Simoncelli  <federico.simoncelli@gmail.com>
   Amy Griffis          <amy.griffis@hp.com>

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8c697436044f10a6371581a8dcd65455eb95e609..1691dab6ee7af17830e82fe4d9572b8eb21a0bb9 100644 (file)
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags)
         if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath,
                         "clientcert.pem")) < 0)
              goto out_of_memory;
-    } else if (flags & VIR_DRV_OPEN_REMOTE_USER) {
+    } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) {
         userdir = virGetUserDirectory(getuid());
 
         if (!userdir)