[libvirt] [PATCH] Use per-user TLS certificates when possible
When using TLS authentication and operating as the non-root user, initially attempt to use that specific user's TLS certificates before attempting to use the system wide TLS certificates. Signed-off-by: Doug Goldstein <cardoe@cardoe.com> --- src/remote/remote_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 8c69743..1691dab 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags) if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath, "clientcert.pem")) < 0) goto out_of_memory; - } else if (flags & VIR_DRV_OPEN_REMOTE_USER) { + } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) { userdir = virGetUserDirectory(getuid()); if (!userdir) -- 1.7.5.rc3
On Fri, May 20, 2011 at 03:18:09PM -0500, Doug Goldstein wrote:
When using TLS authentication and operating as the non-root user, initially attempt to use that specific user's TLS certificates before attempting to use the system wide TLS certificates.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com> --- src/remote/remote_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 8c69743..1691dab 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags) if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath, "clientcert.pem")) < 0) goto out_of_memory; - } else if (flags & VIR_DRV_OPEN_REMOTE_USER) { + } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) { userdir = virGetUserDirectory(getuid());
if (!userdir)
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 05/23/2011 05:48 AM, Daniel P. Berrange wrote:
On Fri, May 20, 2011 at 03:18:09PM -0500, Doug Goldstein wrote:
When using TLS authentication and operating as the non-root user, initially attempt to use that specific user's TLS certificates before attempting to use the system wide TLS certificates.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com> --- src/remote/remote_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 8c69743..1691dab 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags) if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath, "clientcert.pem")) < 0) goto out_of_memory; - } else if (flags & VIR_DRV_OPEN_REMOTE_USER) { + } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) { userdir = virGetUserDirectory(getuid());
if (!userdir)
ACK
Pushed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (3)
-
Daniel P. Berrange -
Doug Goldstein -
Eric Blake