From nobody Sat May 4 04:34:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1560941032; cv=none; d=zoho.com; s=zohoarc; b=K9tXwtP5h52oiMYTG5+eZbyv/SKgXHnG708mkkl/29wBxqQby9o4VDZ1dK8XImb2atFGmZe/ki0dWF3aB49RK8XoFxlJkVIbOGJ+8KnTgsldq3L5jts9bMz6/VaBmD07IOJQKT2xFxNOhhEc5sn5q4bruT++cfeeMMW1R2uENCc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1560941032; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=wPlBgA5u5H7VRefUa6FxTyDoScXx4YlnpxE8n+0xqVk=; b=bcJFPhIzxX7NSMzQs8ORZHnoiJOF551NoygouBKjxSNHV84f4CB8yZ2Y0kbPMy4UlaYPlSD/3fyy3BSLVMYt3TQIZqnDISsTHluk55N2ToO74d6phjCpgJfHq21WpKvlWdvn85pfro2jyTJG1DHaia4z2C/fLAFa6MS/n7TdlGo= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1560941032329317.17164691052653; Wed, 19 Jun 2019 03:43:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7BAAD31628F9; Wed, 19 Jun 2019 10:43:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 555285C220; Wed, 19 Jun 2019 10:43:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 077B01806B19; Wed, 19 Jun 2019 10:43:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x5JAhdqY005764 for ; Wed, 19 Jun 2019 06:43:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 748C81001E81; Wed, 19 Jun 2019 10:43:39 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-48.ams2.redhat.com [10.36.112.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9D7471019306; Wed, 19 Jun 2019 10:43:33 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Wed, 19 Jun 2019 11:43:31 +0100 Message-Id: <20190619104331.18645-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] remote: use VIR_DRV_OPEN_REMOTE_USER in ssh transport checks X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Wed, 19 Jun 2019 10:43:51 +0000 (UTC) We currently refuse to connect to remote libvirtd over SSH if we see the path ends in /session. Earlier on though we checked for /session and set the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction though with the test driver. All test URIs are marked with this flag, regardless of whether the URI indicates a local or remote connection. Previously a local connection to the test driver would have used the unprivileged libvirtd while a remote connection would have tried the privileged libvirtd. With this we are consistent and use the unprivileged for both local & remote, if the current user is non-root. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- src/remote/remote_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 0a37a63e8d..e1eaa56230 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1002,7 +1002,7 @@ doRemoteOpen(virConnectPtr conn, case trans_libssh2: if (!sockname) { /* Right now we don't support default session connections */ - if (STREQ_NULLABLE(conn->uri->path, "/session")) { + if (flags & VIR_DRV_OPEN_REMOTE_USER) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Connecting to session instance without " "socket path is not supported by the libs= sh2 " @@ -1037,7 +1037,7 @@ doRemoteOpen(virConnectPtr conn, case trans_libssh: if (!sockname) { /* Right now we don't support default session connections */ - if (STREQ_NULLABLE(conn->uri->path, "/session")) { + if (flags & VIR_DRV_OPEN_REMOTE_USER) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Connecting to session instance without " "socket path is not supported by the libs= sh " @@ -1103,7 +1103,7 @@ doRemoteOpen(virConnectPtr conn, =20 if (!sockname) { /* Right now we don't support default session connections */ - if (STREQ_NULLABLE(conn->uri->path, "/session")) { + if (flags & VIR_DRV_OPEN_REMOTE_USER) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Connecting to session instance without " "socket path is not supported by the ssh " --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list