Don't invoke callback with unsupported credential types

2025-02-01 17:35:17 +00:00 · 2007-12-15 17:15:12 +00:00 · 2007-12-15 17:15:12 +00:00 · a11494fd52
commit a11494fd52
parent cc8e4ff318
3 changed files with 28 additions and 5 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Sat Dec 15 12:12:14 EST 2007 Daniel P. Berrange <berrange@redhat.com>
+
+	* src/libvirt.c: Return error code if passed unsupported
+	credential types.
+	* src/remote_internal.c: Don't run callback if it doesn't
+	support the VIR_CRED_EXTERNAL credential type
+
 Fri Dec 14 16:50:14 CET 2007 Daniel Veillard <veillard@redhat.com>

 	* src/xm_internal.c: patch from Saori Fukuta to fix setting
--- a/src/libvirt.c
+++ b/src/libvirt.c
@ -104,6 +104,9 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
            if (!bufptr)
                return -1;
            break;
+
+        default:
+            return -1;
        }

        if (STREQ(bufptr, "") && cred[i].defresult)
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@ -3520,6 +3520,7 @@ remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open,
                  virConnectAuthPtr auth)
 {
    remote_auth_polkit_ret ret;
+    int i, allowcb = 0;
    virConnectCredential cred = {
        VIR_CRED_EXTERNAL,
        conn->flags & VIR_CONNECT_RO ? "org.libvirt.unix.monitor" : "org.libvirt.unix.manage",
@ -3530,12 +3531,24 @@ remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open,
    };
    remoteDebug(priv, "Client initialize PolicyKit authentication");

+    for (i = 0 ; i < auth->ncredtype ; i++) {
+        if (auth->credtype[i] == VIR_CRED_EXTERNAL)
+            allowcb = 1;
+    }
+
    /* Run the authentication callback */
-    if (auth && auth->cb && (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
-        __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
-                         VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
-                         "Failed to collect auth credentials");
-        return -1;
+    if (allowcb) {
+        if (auth && auth->cb &&
+            (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
+            __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                             VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+                             "Failed to collect auth credentials");
+            return -1;
+        } else {
+            remoteDebug(priv, "No auth callback provided for PolicyKit");
+        }
+    } else {
+        remoteDebug(priv, "Client auth callback does not support PolicyKit");
    }

    memset (&ret, 0, sizeof ret);