[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] virsh: fixed domdisplay command



On 07/23/2012 12:51 PM, Martin Kletzander wrote:
> The 'domdisplay' command didn't properly evaluate '--include-password'
> option.
> ---
>  tools/virsh.c |   35 +++++++++++++++++++++++------------
>  1 files changed, 23 insertions(+), 12 deletions(-)

In addition to Doug's review...

> -    doc = virDomainGetXMLDesc(dom, 0);
> +    if (!vshCommandOptBool(cmd, "include-password"))
> +        doc = virDomainGetXMLDesc(dom, 0);
> +    else {
> +        if (ctl->conn->flags & VIR_DOMAIN_XML_SECURE) {
> +            vshError(ctl, _("Cannot get password with read-only connection"));
> +            goto cleanup;
> +        }

We shouldn't have to do this filtering here.  Just attempt the access
always (when the options say to); it (better) fail at the driver level
if the connection was read-only, for less work here in virsh, and so
that we can actually validate that the security checking is being done
at the driver level.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]