Hi,
On 20-07-15 11:51, Christophe Fergeau wrote:
Hey,
Looks good te me now.
Hans, would you mind taking a quick look at that
patch in case you have objections on the change (if
spice_usb_acl_helper_open_acl_finish() fails, try to directly open the
device node anyway as it may be user-accessible).
I do not think that this is the right thing todo, this means e.g.
that if policykit / the admin explicitly denies redirection, but
the usb device node happens to be opened up (which happens with
e.g. scanners), then we will still redirect, this seems wrong to me.
Instead Michal should fixup his policykit so that the helper works
for him.
Regards,
Hans
Thanks,
Christophe
On Wed, Jul 15, 2015 at 10:07:37AM +0100, Michal Suchanek wrote:
When calling ACL helper fails also try to open the device node directly.
Otherwise user-accessible device nodes are rejected when policykit
support is compiled in and policy is not set up when in fact the device
could be accessed.
Signed-off-by: Michal Suchanek <hramrach@xxxxxxxxx>
--
v2:
- clear errors properly
v4:
- handle connection cancellation
---
src/channel-usbredir.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/channel-usbredir.c b/src/channel-usbredir.c
index 292b82f..c6f9e5e 100644
--- a/src/channel-usbredir.c
+++ b/src/channel-usbredir.c
@@ -276,13 +276,14 @@ static void spice_usbredir_channel_open_acl_cb(
SpiceUsbredirChannel *channel = SPICE_USBREDIR_CHANNEL(user_data);
SpiceUsbredirChannelPrivate *priv = channel->priv;
GError *err = NULL;
+ GError *acl_err = NULL;
g_return_if_fail(acl_helper == priv->acl_helper);
g_return_if_fail(priv->state == STATE_WAITING_FOR_ACL_HELPER ||
priv->state == STATE_DISCONNECTING);
- spice_usb_acl_helper_open_acl_finish(acl_helper, acl_res, &err);
- if (!err && priv->state == STATE_DISCONNECTING) {
+ spice_usb_acl_helper_open_acl_finish(acl_helper, acl_res, &acl_err);
+ if (priv->state == STATE_DISCONNECTING) {
err = g_error_new_literal(G_IO_ERROR, G_IO_ERROR_CANCELLED,
"USB redirection channel connect cancelled");
}
@@ -290,13 +291,21 @@ static void spice_usbredir_channel_open_acl_cb(
spice_usbredir_channel_open_device(channel, &err);
}
if (err) {
- g_simple_async_result_take_error(priv->result, err);
+ if (acl_err) {
+ g_simple_async_result_take_error(priv->result, acl_err);
+ acl_err = NULL;
+ } else {
+ g_simple_async_result_take_error(priv->result, err);
+ err = NULL;
+ }
libusb_unref_device(priv->device);
priv->device = NULL;
g_boxed_free(spice_usb_device_get_type(), priv->spice_device);
priv->spice_device = NULL;
priv->state = STATE_DISCONNECTED;
}
+ g_clear_error(&acl_err);
+ g_clear_error(&err);
spice_usb_acl_helper_close_acl(priv->acl_helper);
g_clear_object(&priv->acl_helper);
--
2.1.4
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel