From nobody Sun Feb  8 03:33:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1569271522; cv=none;
	d=zoho.com; s=zohoarc;
	b=H8qlKH9JQck8hkDt4qTLYLvNF9nOoOUqDCPO24kqiDu4Y4NX9Cl3KVlRpTVGPKGzeCwEuvOvzkFzRt+Yj+dAbtPGXk0taa/N50k8BMlD8ai8y68UVxtybuEsB+tCkG37+LvqFGhu3x+IfM9rdeCbD41jVuA7kWjqCgPHyxXZyGI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1569271522;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=UwIxid4vKB5IBWXa0QLKHizBWFrZHzjdrW+8VsIM6NU=;
	b=mfTx5yrww2ySR69CKoK/0QVHjiulyUHKgccxREGD6FBD180qLbZXTHdqbzabSLJ+hItHiodtcXxz9DIOJ6hAnNtjS1gwRequKbo++QQDgx8kaqOUjHe2YR9ZtOnkNzV3kHGGqE3rx4hohRuzpc5T9mx+phajxIEQNqIWDdRmNMo=
ARC-Authentication-Results: i=1; mx.zoho.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<danielhb413@gmail.com> (p=none dis=none)
 header.from=<danielhb413@gmail.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 15692715220541015.2318424751918;
 Mon, 23 Sep 2019 13:45:22 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id EEA1A7BDA0;
	Mon, 23 Sep 2019 20:45:19 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C70191001E91;
	Mon, 23 Sep 2019 20:45:19 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 71B96180B76F;
	Mon, 23 Sep 2019 20:45:19 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
	[10.5.11.14])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x8NKjHFB031870 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 23 Sep 2019 16:45:17 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id AF03F5ED3C; Mon, 23 Sep 2019 20:45:17 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com
	[10.5.110.41])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 387695E7B2;
	Mon, 23 Sep 2019 20:44:50 +0000 (UTC)
Received: from mail-qk1-f196.google.com (mail-qk1-f196.google.com
	[209.85.222.196])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7ACD231628F5;
	Mon, 23 Sep 2019 20:44:49 +0000 (UTC)
Received: by mail-qk1-f196.google.com with SMTP id y189so16953140qkc.3;
	Mon, 23 Sep 2019 13:44:49 -0700 (PDT)
Received: from rekt.ibmuc.com ([2804:431:c7c6:df05:2a1f:6ce3:83c3:51c0])
	by smtp.gmail.com with ESMTPSA id
	z13sm5343974qkj.34.2019.09.23.13.44.46
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Mon, 23 Sep 2019 13:44:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=OJXoweaRr9Z8RLEGBeboRuSVoAanB+8tkRD0nOZ96a0=;
	b=Mc5E8ZfWYkw4R3wPxA1o1nz91CvCgt/vQfcgvAxXU/LoJK1LIApk1DY6XasE7ex5BH
	hO1kkgoH+eEqV1mpDCq2v6w+Op4id4PmJLk64iER9aUJqkGp+/MYjuXE0gFzNdc7G+sR
	vBmbmdEf8Cqjj3Kq7LATKEOv11SthvA3NycUi055VmBCyFZEXzBcCwMXh0x93bp9B8Nl
	jx7YAmhYklGc5PnuEXUXSmzlqX8/9H1C5oTIK6MNvIGQo7gyLYaNbFxX0R1zoKqKnX23
	zQF7Ox+4QWd7/s2xCgfg6cCj+2lYSvozuDkqcLiNLC0ZY8kUhCnLyK5V/0NMJgygqwc5
	7jOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=OJXoweaRr9Z8RLEGBeboRuSVoAanB+8tkRD0nOZ96a0=;
	b=VclkmtFdaEeadvebBxYkTmeJUG8V/MMAtYayeALyxHQKDkvsvlCtSHLu8g7i4qDZ+9
	z21MjcesQW54/0Sb/Jsihy5zJw5Ww9oM3IG0zvOyPfQVIa6MpHHP4cppifwHe9iMinn2
	4kB96CdYGQSzLdBPdemvqGOHnguoHRd7lWdaD/Vj3Qbh30EUoPL9byKbW+kzKcKOO+jo
	lUl+1S9N9BQ4Kf36zthJRGLfPvFQNYXQiYOO0GXfMnplkFyT2ZJVKEc7UzEO/5KUHHyw
	szS6svcoS8ijj5VA06HyRtByxCydbNEHdmK0gPK0OfYjNB8n4IqQg3pf9ItIh8Eg+cs7
	S0ig==
X-Gm-Message-State: APjAAAWkki8MtX7v5SyVqB7pmIUBRoI+9V+I3TsO/B31hLuY+HmV1GgM
	LFPu7EBjEJuxFnkEzPQkugYdog8D
X-Google-Smtp-Source: 
 APXvYqwt6UZdGFDY0UYGggawwEdawTtRsvkz+NLfz7QLehDbgdp58lrPWWGVt4VuMyuhILipoHqBOQ==
X-Received: by 2002:a37:8547:: with SMTP id h68mr1907452qkd.219.1569271488669;
	Mon, 23 Sep 2019 13:44:48 -0700 (PDT)
From: Daniel Henrique Barboza <danielhb413@gmail.com>
To: libvir-list@redhat.com
Date: Mon, 23 Sep 2019 17:44:20 -0300
Message-Id: <20190923204423.23824-9-danielhb413@gmail.com>
In-Reply-To: <20190923204423.23824-1-danielhb413@gmail.com>
References: <20190923204423.23824-1-danielhb413@gmail.com>
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.41]);
	Mon, 23 Sep 2019 20:44:49 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.41]);
	Mon, 23 Sep 2019 20:44:49 +0000 (UTC) for IP:'209.85.222.196'
	DOMAIN:'mail-qk1-f196.google.com'
	HELO:'mail-qk1-f196.google.com' FROM:'danielhb413@gmail.com'
	RCPT:''
X-RedHat-Spam-Score: 0.15  (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU,
	FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,
	SPF_PASS) 209.85.222.196 mail-qk1-f196.google.com 209.85.222.196
	mail-qk1-f196.google.com <danielhb413@gmail.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-loop: libvir-list@redhat.com
Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
Subject: [libvirt] [PATCH v2 08/11] driver.c: change URI validation to
	handle QEMU and vbox case
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Mon, 23 Sep 2019 20:45:20 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
Content-Type: text/plain; charset="utf-8"

The existing QEMU and vbox URI path validation consider
that a privileged user can use both a "/system" and a
"/session" URI. This differs from all the other drivers
that forbids the root user to use "/session" URI.

Let's update virConnectValidateURIPath() to handle these
cases as exceptions, using the already existent 'entityName'
value to handle "QEMU" and "vbox" differently. This allows
us to use the validateURI function in these cases without
changing the existing behavior of other drivers.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 src/driver.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/driver.c b/src/driver.c
index e627b0c1d7..c89a410dd1 100644
--- a/src/driver.c
+++ b/src/driver.c
@@ -276,7 +276,23 @@ virConnectValidateURIPath(const char *uriPath,
                           bool privileged)
 {
     if (privileged) {
-        if (STRNEQ(uriPath, "/system")) {
+        /* TODO: QEMU and vbox drivers allow '/session'
+         * connections as root. This is not ideal, but changing
+         * these drivers to refuse privileged '/session'
+         * connections, like everyone else is already doing, can
+         * break existing applications. Until we decide what to do,
+         * for now we can handle them as exception in this validate
+         * function.
+         */
+        if (STREQ(entityName, "QEMU") || STREQ(entityName, "vbox")) {
+            if (STRNEQ(uriPath, "/system") &&
+                STRNEQ(uriPath, "/session")) {
+                virReportError(VIR_ERR_INTERNAL_ERROR,
+                               _("unexpected %s URI path '%s', try %s:///s=
ystem"),
+                               entityName, uriPath, entityName);
+                return false;
+            }
+        } else if (STRNEQ(uriPath, "/system")) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("unexpected %s URI path '%s', try %s:///syste=
m"),
                            entityName, uriPath, entityName);
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list