On Fri, Sep 27, 2013 at 11:16 AM, Daniel P. Berrange
<berrange@xxxxxxxxxx> wrote:
> On Tue, Sep 24, 2013 at 11:44:54AM -0500, Doug Goldstein wrote:
>> Ensure that the socket credentials we got back on BSD are valid before
>> using them.
>> ---
>> src/rpc/virnetsocket.c | 12 ++++++++++++
>> 1 file changed, 12 insertions(+)
>>
>> diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
>> index b311aae..49c6ddc 100644
>> --- a/src/rpc/virnetsocket.c
>> +++ b/src/rpc/virnetsocket.c
>> @@ -1166,6 +1166,18 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
>> return -1;
>> }
>>
>> + if (cr.cr_version != XUCRED_VERSION) {
>> + virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
>> + _("Failed to get valid client socket identity"));
>> + return -1;
>> + }
>> +
>> + if (cr.cr_ngroups == 0) {
>> + virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
>> + _("Failed to get valid client socket identity groups"));
>> + return -1;
>> + }
>> +
>> *pid = -1;
>> *uid = cr.cr_uid;
>> *gid = cr.cr_gid;
>
> ACK,
>
> Though presumably this still won't make things work, as we'll now get a fatal
> error reported, rather than silently using bogus data ?
>
Exactly. Hoping to get some free time to play on my Mac mini next week
to solve the actual underlying error.
--
Doug Goldstein
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list