From: Doug Goldstein <cardoe@cardoe.com>
Date: Fri, 20 May 2011 20:18:09 +0000 (-0500)
Subject: Use per-user TLS certificates when possible
X-Git-Tag: CVE-2011-2178~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a67407fa36623d44b0ebe8960e351f0b8a280d1e;p=thirdparty%2Flibvirt.git

Use per-user TLS certificates when possible

When using TLS authentication and operating as the non-root user,
initially attempt to use that specific user's TLS certificates before
attempting to use the system wide TLS certificates.

Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
---

diff --git a/.mailmap b/.mailmap
index f73e26b9e3..62bc228054 100644
--- a/.mailmap
+++ b/.mailmap
@@ -19,3 +19,4 @@
 <soren@linux2go.dk> <soren@canonical.com>
 <cfergeau@redhat.com> <teuf@gnome.org>
 <wency@cn.fujitsu.com> <wency cn fujitsu com>
+<cardoe@cardoe.com> <cardoe@gentoo.org>
diff --git a/AUTHORS b/AUTHORS
index a1e93db6bd..e8c9a10dd7 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -81,7 +81,7 @@ Patches have also been contributed by:
   Serge E. Hallyn      <serue@us.ibm.com>
   Soren Hansen         <soren@linux2go.dk>
   Abel Míguez Rodríguez<amiguezr@pdi.ucm.es>
-  Doug Goldstein       <cardoe@gentoo.org>
+  Doug Goldstein       <cardoe@cardoe.com>
   Javier Fontan        <jfontan@gmail.com>
   Federico Simoncelli  <federico.simoncelli@gmail.com>
   Amy Griffis          <amy.griffis@hp.com>
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8c69743604..1691dab6ee 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1159,7 +1159,7 @@ initialize_gnutls(char *pkipath, int flags)
         if ((virAsprintf(&libvirt_clientcert, "%s/%s", pkipath,
                         "clientcert.pem")) < 0)
              goto out_of_memory;
-    } else if (flags & VIR_DRV_OPEN_REMOTE_USER) {
+    } else if (flags & VIR_DRV_OPEN_REMOTE_USER || getuid() > 0) {
         userdir = virGetUserDirectory(getuid());
 
         if (!userdir)