Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
---
daemon/remote.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 3ac528c..2ff2288 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2738,12 +2738,13 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
int status = -1;
char *ident = NULL;
bool authdismissed = 0;
- bool supportsuid = false;
char *pkout = NULL;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
virCommandPtr cmd = NULL;
+# ifndef PKCHECK_SUPPORTS_UID
static bool polkitInsecureWarned;
+# endif
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?
@@ -2775,19 +2776,21 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
+
# ifdef PKCHECK_SUPPORTS_UID
- supportsuid = true;
-# endif
- if (supportsuid) {
- virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
- (long long) callerPid, timestamp, (unsigned long) callerUid);
- } else {
- if (!polkitInsecureWarned) {
- VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
- polkitInsecureWarned = true;
- }
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
+ (long long) callerPid,
+ timestamp,
+ (unsigned long) callerUid);
+# else
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. "
+ "This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
}
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# endif
+
virCommandAddArg(cmd, "--allow-user-interaction");
if (virAsprintf(&ident, "pid:%lld,uid:%d",
--
1.8.3.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list