virauth: Verify virConnectAuth::cb is set in virAuthGetPasswordPath()

Simirarly to virAuthGetUsernamePath() check whether callback used
to collect credentials is actually set before calling it. This
bug is easily reproducible, for instance as:

  int credtype[] = { VIR_CRED_PASSPHRASE };
  virConnectPtr conn = virConnectOpenAuth("esx://root@example.com/",
                                          &(virConnectAuth){
                                          .credtype = credtype,
                                          .ncredtype = 1,
                                          .cb = NULL
                                          },
                                          0);

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/util/virauth.c b/src/util/virauth.c
index fd4b13de7afce095d4f5e3b3b88b6bd4d16fc8a0..28202208975d82d342533db9f15db680b44b72ac 100644 (file)
--- a/src/util/virauth.c
+++ b/src/util/virauth.c
@@ -229,6 +229,12 @@ virAuthGetPasswordPath(const char *path,
         return NULL;
     }
 
+    if (!auth->cb) {
+        virReportError(VIR_ERR_INVALID_ARG, "%s",
+                       _("Missing authentication callback"));
+        return NULL;
+    }
+
     prompt = g_strdup_printf(_("Enter %1$s's password for %2$s"), username, hostname);
 
     if (!(cred = virAuthAskCredential(auth, prompt, false)))