[PATCH 5/5] Don't invoke the auth callback if all credentials were in config file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

The remote driver first looks at the libvirt auth config file to
fill in any credentials. It then invokes the auth callback for
any remaining credentials. It was accidentally invoking the
auth callback even if there were not any more credentials
required.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/remote/remote_driver.c | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index cf1f079..6169243 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -3326,29 +3326,38 @@ static int remoteAuthInteract(virConnectPtr conn,
     VIR_DEBUG("Starting SASL interaction");
     remoteAuthInteractStateClear(state, false);
 
+    /* Fills state->interact with any values from the auth config file */
     if (remoteAuthFillFromConfig(conn, state) < 0)
         goto cleanup;
 
+    /* Populates state->cred for anything not found in the auth config */
     if (remoteAuthMakeCredentials(state->interact, &state->cred, &state->ncred) < 0) {
         virReportError(VIR_ERR_AUTH_FAILED, "%s",
                        _("Failed to make auth credentials"));
         goto cleanup;
     }
 
-    /* Run the authentication callback */
-    if (!auth || !auth->cb) {
-        virReportError(VIR_ERR_AUTH_FAILED, "%s",
-                       _("No authentication callback available"));
-        goto cleanup;
-    }
+    /* If there was anything not in the auth config, we need to
+     * run the interactive callback
+     */
+    if (state->ncred) {
+        /* Run the authentication callback */
+        if (!auth || !auth->cb) {
+            virReportError(VIR_ERR_AUTH_FAILED, "%s",
+                           _("No authentication callback available"));
+            goto cleanup;
+        }
 
-    if ((*(auth->cb))(state->cred, state->ncred, auth->cbdata) < 0) {
-        virReportError(VIR_ERR_AUTH_FAILED, "%s",
-                       _("Failed to collect auth credentials"));
-        goto cleanup;
+        if ((*(auth->cb))(state->cred, state->ncred, auth->cbdata) < 0) {
+            virReportError(VIR_ERR_AUTH_FAILED, "%s",
+                           _("Failed to collect auth credentials"));
+            goto cleanup;
+        }
+
+        /* Copy user's responses from cred into interact */
+        remoteAuthFillInteract(state->cred, state->interact);
     }
 
-    remoteAuthFillInteract(state->cred, state->interact);
     /*
      * 'interact' now has pointers to strings in 'state->cred'
      * so we must not free state->cred until the *next*
-- 
1.7.11.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]