driver.c: change URI validation to handle QEMU and vbox case

The existing QEMU and vbox URI path validation consider
that a privileged user can use both a "/system" and a
"/session" URI. This differs from all the other drivers
that forbids the root user to use "/session" URI.

Let's update virConnectValidateURIPath() to handle these
cases as exceptions, using the already existent 'entityName'
value to handle "QEMU" and "vbox" differently. This allows
us to use the validateURI function in these cases without
changing the existing behavior of other drivers.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Suggested-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>

diff --git a/src/driver.c b/src/driver.c
index 6b756226895bfc8967752be9c3b585c574f0453a..ed2d943ddf3aeb327713989d9fbd236a6a8d99dd 100644 (file)
--- a/src/driver.c
+++ b/src/driver.c
@@ -276,7 +276,19 @@ virConnectValidateURIPath(const char *uriPath,
                           bool privileged)
 {
     if (privileged) {
-        if (STRNEQ(uriPath, "/system")) {
+        /* TODO: qemu and vbox drivers allow '/session'
+         * connections as root. This is not ideal, but changing
+         * these drivers to refuse privileged '/session'
+         * connections, like everyone else is already doing, can
+         * break existing applications. Until we decide what to do,
+         * for now we can handle them as exception in this validate
+         * function.
+         */
+        bool compatSessionRoot = (STREQ(entityName, "qemu") ||
+                                  STREQ(entityName, "vbox")) &&
+                                  STREQ(uriPath, "/session");
+
+        if (STRNEQ(uriPath, "/system") && !compatSessionRoot) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("unexpected %s URI path '%s', try "
                              "%s:///system"),