shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-09 01:18:00 +03:00
Code Releases Activity

Fix polkit0 authentication

Browse Source 
Commit 7033c5f2 introduced some bugs in polkit0 authentication.

Fix libvirtd segfault in remoteDispatchAuthPolkit().

Fix polkit authentication bypass when caller UID = 0.
This commit is contained in:
Jim Fehlig 2012-02-15 10:01:50 -07:00
parent c05ec92021
commit fcdfa31f3c
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
daemon/remote.c
View File

@ -2052,16 +2052,16 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
} else if (callerUid == 0) { } else if (callerUid == 0) {
char *ident; char *ident;
if (virAsprintf(&ident, "pid:%lld,uid:%d", if (virAsprintf(&ident, "pid:%lld,uid:%d",
(long long) callerPid, callerUid) >= 0) { (long long) callerPid, callerUid) < 0) {
VIR_INFO("Bypass polkit auth for privileged client %s", virReportOOMError();
ident); goto cleanup;
if (virNetServerClientSetIdentity(client, ident) < 0)
virResetLastError();
else
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
} }
rv = -1; VIR_INFO("Bypass polkit auth for privileged client %s", ident);
if (virNetServerClientSetIdentity(client, ident) < 0)
virResetLastError();
else
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
} }
} }
@ -2593,8 +2593,6 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
struct daemonClientPrivate *priv = struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client); virNetServerClientGetPrivateData(client);
memset(ident, 0, sizeof ident);
virMutexLock(&priv->lock); virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ? action = virNetServerClientGetReadonly(client) ?