From 953f046d814403579c98f315358a8b59b8a9bdb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Thu, 22 Mar 2018 17:31:56 +0000
Subject: [PATCH] remote: use VIR_DRV_OPEN_REMOTE_USER in ssh transport checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We currently refuse to connect to remote libvirtd over SSH if we see the
path ends in /session. Earlier on though we checked for /session and set
the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction
though with the test driver. All test URIs are marked with this flag,
regardless of whether the URI indicates a local or remote connection.
Previously a local connection to the test driver would have used the
unprivileged libvirtd while a remote connection would have tried the
privileged libvirtd. With this we are consistent and use the
unprivileged for both local & remote, if the current user is non-root.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/remote/remote_driver.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8d83ee0db5..df58b23c8c 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1000,7 +1000,7 @@ doRemoteOpen(virConnectPtr conn,
     case trans_libssh2:
         if (!sockname) {
             /* Right now we don't support default session connections */
-            if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+            if (flags & VIR_DRV_OPEN_REMOTE_USER) {
                 virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
                                _("Connecting to session instance without "
                                  "socket path is not supported by the libssh2 "
@@ -1035,7 +1035,7 @@ doRemoteOpen(virConnectPtr conn,
     case trans_libssh:
         if (!sockname) {
             /* Right now we don't support default session connections */
-            if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+            if (flags & VIR_DRV_OPEN_REMOTE_USER) {
                 virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
                                _("Connecting to session instance without "
                                  "socket path is not supported by the libssh "
@@ -1100,7 +1100,7 @@ doRemoteOpen(virConnectPtr conn,
 
         if (!sockname) {
             /* Right now we don't support default session connections */
-            if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+            if (flags & VIR_DRV_OPEN_REMOTE_USER) {
                 virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
                                _("Connecting to session instance without "
                                  "socket path is not supported by the ssh "
-- 
GitLab