driver.c: change URI validation to handle QEMU and vbox case

The existing QEMU and vbox URI path validation consider that a privileged user can use both a "/system" and a "/session" URI. This differs from all the other drivers that forbids the root user to use "/session" URI. Let's update virConnectValidateURIPath() to handle these cases as exceptions, using the already existent 'entityName' value to handle "QEMU" and "vbox" differently. This allows us to use the validateURI function in these cases without changing the existing behavior of other drivers. Reviewed-by: Cole Robinson <crobinso@redhat.com> Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2024-10-05 22:05:47 +00:00 · 2019-09-26 11:56:43 -03:00 · 2019-09-26 11:56:43 -03:00 · f69af572b3
commit f69af572b3
parent 7d5b420f98
1 changed files with 13 additions and 1 deletions
--- a/src/driver.c
+++ b/src/driver.c
@ -276,7 +276,19 @@ virConnectValidateURIPath(const char *uriPath,
                          bool privileged)
 {
    if (privileged) {
-        if (STRNEQ(uriPath, "/system")) {
+        /* TODO: qemu and vbox drivers allow '/session'
+         * connections as root. This is not ideal, but changing
+         * these drivers to refuse privileged '/session'
+         * connections, like everyone else is already doing, can
+         * break existing applications. Until we decide what to do,
+         * for now we can handle them as exception in this validate
+         * function.
+         */
+        bool compatSessionRoot = (STREQ(entityName, "qemu") ||
+                                  STREQ(entityName, "vbox")) &&
+                                  STREQ(uriPath, "/session");
+
+        if (STRNEQ(uriPath, "/system") && !compatSessionRoot) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("unexpected %s URI path '%s', try "
                             "%s:///system"),