From a11494fd5234d3709e0f002b6a4acd44a2d8fd27 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Sat, 15 Dec 2007 17:15:12 +0000
Subject: [PATCH] Don't invoke callback with unsupported credential types

---
 ChangeLog             |  7 +++++++
 src/libvirt.c         |  3 +++
 src/remote_internal.c | 23 ++++++++++++++++++-----
 3 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7a6f560b82..76d8811262 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Sat Dec 15 12:12:14 EST 2007 Daniel P. Berrange <berrange@redhat.com>
+
+	* src/libvirt.c: Return error code if passed unsupported
+	credential types.
+	* src/remote_internal.c: Don't run callback if it doesn't
+	support the VIR_CRED_EXTERNAL credential type
+
 Fri Dec 14 16:50:14 CET 2007 Daniel Veillard <veillard@redhat.com>
 
 	* src/xm_internal.c: patch from Saori Fukuta to fix setting
diff --git a/src/libvirt.c b/src/libvirt.c
index 2f4848e93e..67d7e18c29 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -104,6 +104,9 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
             if (!bufptr)
                 return -1;
             break;
+
+        default:
+            return -1;
         }
 
         if (STREQ(bufptr, "") && cred[i].defresult)
diff --git a/src/remote_internal.c b/src/remote_internal.c
index b6513fb0fa..e0e735338a 100644
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -3520,6 +3520,7 @@ remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open,
                   virConnectAuthPtr auth)
 {
     remote_auth_polkit_ret ret;
+    int i, allowcb = 0;
     virConnectCredential cred = {
         VIR_CRED_EXTERNAL,
         conn->flags & VIR_CONNECT_RO ? "org.libvirt.unix.monitor" : "org.libvirt.unix.manage",
@@ -3530,12 +3531,24 @@ remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open,
     };
     remoteDebug(priv, "Client initialize PolicyKit authentication");
 
+    for (i = 0 ; i < auth->ncredtype ; i++) {
+        if (auth->credtype[i] == VIR_CRED_EXTERNAL)
+            allowcb = 1;
+    }
+
     /* Run the authentication callback */
-    if (auth && auth->cb && (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
-        __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
-                         VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
-                         "Failed to collect auth credentials");
-        return -1;
+    if (allowcb) {
+        if (auth && auth->cb &&
+            (*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
+            __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+                             VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0,
+                             "Failed to collect auth credentials");
+            return -1;
+        } else {
+            remoteDebug(priv, "No auth callback provided for PolicyKit");
+        }
+    } else {
+        remoteDebug(priv, "Client auth callback does not support PolicyKit");
     }
 
     memset (&ret, 0, sizeof ret);
-- 
GitLab