[PATCH] usbredir: fix redirection of user-accesible device nodes.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This basically reverts 63c8526c699692b6fdca15db8209730fca7eb817

After this change opening the device node is not tried at all.

So when user has access to the device node and policykit ACL is not set
up access is denied while in fact the device could be accessed.

Since opening the device node directly is immedite and asking the
policykit is asynchronous it seems saner to open directly first.

The change was made to prevent logging error when opening the device is
attempted. However, unless some really complex error processing is
implemented logging the error from libusb and displaying the error from
ACL helper to the user seems like the best thing we can do.

Signed-off-by: Michal Suchanek <hramrach@xxxxxxxxx>
---
 spice-common           |  2 +-
 src/channel-usbredir.c | 30 ++++++++++++++----------------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/spice-common b/spice-common
index 1b5edbe..1450bb4 160000
--- a/spice-common
+++ b/spice-common
@@ -1 +1 @@
-Subproject commit 1b5edbe49e5c36c4f35453de448b54f770e1c1be
+Subproject commit 1450bb4ddbd8ceab9192e4f84606aa5ae54c5ea6
diff --git a/src/channel-usbredir.c b/src/channel-usbredir.c
index 292b82f..82348a1 100644
--- a/src/channel-usbredir.c
+++ b/src/channel-usbredir.c
@@ -319,9 +319,7 @@ void spice_usbredir_channel_connect_device_async(
 {
     SpiceUsbredirChannelPrivate *priv = channel->priv;
     GSimpleAsyncResult *result;
-#if ! USE_POLKIT
     GError *err = NULL;
-#endif
 
     g_return_if_fail(SPICE_IS_USBREDIR_CHANNEL(channel));
     g_return_if_fail(device != NULL);
@@ -348,28 +346,28 @@ void spice_usbredir_channel_connect_device_async(
     priv->device = libusb_ref_device(device);
     priv->spice_device = g_boxed_copy(spice_usb_device_get_type(),
                                       spice_device);
+    if (!spice_usbredir_channel_open_device(channel, &err)) {
 #if USE_POLKIT
-    priv->result = result;
-    priv->state  = STATE_WAITING_FOR_ACL_HELPER;
-    priv->acl_helper = spice_usb_acl_helper_new();
-    g_object_set(spice_channel_get_session(SPICE_CHANNEL(channel)),
-                 "inhibit-keyboard-grab", TRUE, NULL);
-    spice_usb_acl_helper_open_acl(priv->acl_helper,
-                                  libusb_get_bus_number(device),
-                                  libusb_get_device_address(device),
-                                  cancellable,
-                                  spice_usbredir_channel_open_acl_cb,
-                                  channel);
-    return;
+        priv->result = result;
+        priv->state  = STATE_WAITING_FOR_ACL_HELPER;
+        priv->acl_helper = spice_usb_acl_helper_new();
+        g_object_set(spice_channel_get_session(SPICE_CHANNEL(channel)),
+                "inhibit-keyboard-grab", TRUE, NULL);
+        spice_usb_acl_helper_open_acl(priv->acl_helper,
+                libusb_get_bus_number(device),
+                libusb_get_device_address(device),
+                cancellable,
+                spice_usbredir_channel_open_acl_cb,
+                channel);
+        return;
 #else
-    if (!spice_usbredir_channel_open_device(channel, &err)) {
         g_simple_async_result_take_error(result, err);
         libusb_unref_device(priv->device);
         priv->device = NULL;
         g_boxed_free(spice_usb_device_get_type(), priv->spice_device);
         priv->spice_device = NULL;
-    }
 #endif
+    }
 
 done:
     g_simple_async_result_complete_in_idle(result);
-- 
2.1.4

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]