From nobody Sun Apr 28 12:21:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1560949809; cv=none; d=zoho.com; s=zohoarc; b=W6qK3g2Cm8y6z4ZV6Ww8/TKW6+IigvThb2TZQTj6prR4ZYUfm3smTxCzc3tpSZjOc8xFvFdhdivSQUOF1FYp3COjyWeQhxi16vl39UYXHdJ4ToswYufzejzaTBhO4Pd8Jh67oiY8M/Nql/3jOchzUiPZOBvJ9X09KxYucmGpPWk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1560949809; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=dA0J0QuxzQ3G4BLSR8bPMnx+QXCLC/xvevmbBl6+UGA=; b=aYeL0MN1eDolwPiizHmlrThrhJsfzhkbeZU/5wZ4OHCkVuW1lD34C3pYAVtCKAn4+L8M/OI3l7po/I2PCud6Ebhvck9U1wwEYzkqnnG1BvJX9bD/8hHW65acbwPKnT8mx4ZQ33ieSiXN6FEOSV/f6/GlX429b1ATOiB8Eggu5lo= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1560949809610959.1647442090114; Wed, 19 Jun 2019 06:10:09 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E8CF730860BC; Wed, 19 Jun 2019 13:09:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E8395D71A; Wed, 19 Jun 2019 13:09:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D625E1806B1A; Wed, 19 Jun 2019 13:09:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x5JD9igc005255 for ; Wed, 19 Jun 2019 09:09:44 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6D7BD60FDE; Wed, 19 Jun 2019 13:09:44 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-48.ams2.redhat.com [10.36.112.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 272E617BA3; Wed, 19 Jun 2019 13:09:38 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Wed, 19 Jun 2019 14:09:35 +0100 Message-Id: <20190619130935.6879-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] remote: refactor how unprivileged user session connection is identified X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Wed, 19 Jun 2019 13:10:08 +0000 (UTC) Currently the VIR_DRV_OPEN_REMOTE_USER flag is only set when we identify that we're connecting to a local libvirtd daemon. We would like to be able to set that even if connecting to a remote libvirtd daemon. This entails refactoring the conditional check. One subtle change is that the VIR_DRV_OPEN_REMOTE_USER is now set when the test+XXX:// URI is used, even if a servername is present. This has no effect in this patch, but will later. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/remote/remote_driver.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index a95781a797..e1eaa56230 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1390,25 +1390,35 @@ remoteConnectOpen(virConnectPtr conn, rflags |=3D VIR_DRV_OPEN_REMOTE_RO; =20 /* - * If no servername is given, and no +XXX - * transport is listed, or transport is unix, - * and path is /session, and uid is unprivileged - * then auto-spawn a daemon. + * User session daemon is used for + * + * - Any URI with /session suffix + * - Test driver, if a protocol is given + * + * provided we are running non-root */ if (conn->uri && - !conn->uri->server && conn->uri->path && conn->uri->scheme && - (transport =3D=3D NULL || STREQ(transport, "unix")) && (STREQ(conn->uri->path, "/session") || STRPREFIX(conn->uri->scheme, "test+")) && geteuid() > 0) { - VIR_DEBUG("Auto-spawn user daemon instance"); + VIR_DEBUG("User session daemon required"); rflags |=3D VIR_DRV_OPEN_REMOTE_USER; + + /* + * Furthermore if no servername is given, and no +XXX + * transport is listed, or transport is unix, + * and uid is unprivileged then auto-spawn a daemon. + */ if (!virIsSUID() && + !conn->uri->server && + (transport =3D=3D NULL || STREQ(transport, "unix")) && (!autostart || - STRNEQ(autostart, "0"))) + STRNEQ(autostart, "0"))) { + VIR_DEBUG("Try daemon autostart"); rflags |=3D VIR_DRV_OPEN_REMOTE_AUTOSTART; + } } =20 /* --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list