External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-03 16:42:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix polkit0 authentication

Browse Source 
Commit 7033c5f2 introduced some bugs in polkit0 authentication.

Fix libvirtd segfault in remoteDispatchAuthPolkit().

Fix polkit authentication bypass when caller UID = 0.
This commit is contained in:
Jim Fehlig 2012-02-15 10:01:50 -07:00
parent c05ec92021
commit fcdfa31f3c
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
daemon/remote.c
View File

@ -2052,16 +2052,16 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
} else if (callerUid == 0) {
char *ident;
if (virAsprintf(&ident, "pid:%lld,uid:%d",
(long long) callerPid, callerUid) >= 0) {
VIR_INFO("Bypass polkit auth for privileged client %s",
ident);
if (virNetServerClientSetIdentity(client, ident) < 0)
virResetLastError();
else
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
(long long) callerPid, callerUid) < 0) {
virReportOOMError();
goto cleanup;
}
rv = -1;
VIR_INFO("Bypass polkit auth for privileged client %s", ident);
if (virNetServerClientSetIdentity(client, ident) < 0)
virResetLastError();
else
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
}
}
@ -2593,8 +2593,6 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
memset(ident, 0, sizeof ident);
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?