3:18 p.m.
When using TLS authentication and operating as the non-root user,
initially attempt to use that specific user's TLS certificates before
attempting to use the system wide TLS certificates.
Signed-off-by: Doug Goldstein <cardoe(a)cardoe.com>
---
src/remote/remote_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8c69743..1691dab 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags)
if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath,
"clientcert.pem")) < 0)
goto out_of_memory;
- } else if (flags & VIR_DRV_OPEN_REMOTE_USER) {
+ } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) {
userdir = virGetUserDirectory(getuid());
if (!userdir)
--
1.7.5.rc3
6:48 a.m.
On Fri, May 20, 2011 at 03:18:09PM -0500, Doug Goldstein wrote:
When using TLS authentication and operating as the non-root user,
initially attempt to use that specific user's TLS certificates before
attempting to use the system wide TLS certificates.
Signed-off-by: Doug Goldstein <cardoe(a)cardoe.com>
---
src/remote/remote_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8c69743..1691dab 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags)
if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath,
"clientcert.pem")) < 0)
goto out_of_memory;
- } else if (flags & VIR_DRV_OPEN_REMOTE_USER) {
+ } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) {
userdir = virGetUserDirectory(getuid());
if (!userdir)
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
2:40 p.m.
On 05/23/2011 05:48 AM, Daniel P. Berrange wrote:
On Fri, May 20, 2011 at 03:18:09PM -0500, Doug Goldstein wrote:
> When using TLS authentication and operating as the non-root user,
> initially attempt to use that specific user's TLS certificates before
> attempting to use the system wide TLS certificates.
>
> Signed-off-by: Doug Goldstein <cardoe(a)cardoe.com>
> ---
> src/remote/remote_driver.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 8c69743..1691dab 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags)
> if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath,
> "clientcert.pem")) < 0)
> goto out_of_memory;
> - } else if (flags & VIR_DRV_OPEN_REMOTE_USER) {
> + } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) {
> userdir = virGetUserDirectory(getuid());
>
> if (!userdir)
ACK
Pushed.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
4933
days inactive
4936
days old
2 comments
3 participants
participants (3)
-
Daniel P. Berrange -
Doug Goldstein -
Eric Blake