On 12/16/2010 04:21 AM, Daniel P. Berrange wrote: > This provides two modules for handling SASL > > * virNetSASLContext provides the process-wide state, currently > just a whitelist of usernames on the server and a one time > library init call > > * virNetTLSSession provides the per-connection state, ie the > SASL session itself. This also include APIs for providing > data encryption/decryption once the session is established > > * src/Makefile.am: Add to libvirt-net-rpc.la > * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic > SASL handling code > --- > po/POTFILES.in | 1 + > src/Makefile.am | 3 + > src/rpc/virnetsaslcontext.c | 525 > +++++++++++++++++++++++++++++++++++++++++++ > src/rpc/virnetsaslcontext.h | 125 ++++++++++ > 4 files changed, 654 insertions(+), 0 deletions(-) > create mode 100644 src/rpc/virnetsaslcontext.c > create mode 100644 src/rpc/virnetsaslcontext.h
Several patches need to modify the cfg.mk lists of free-like functions
and/or message functions that require translated parameters. For example
2/15 - virNetMessageFree, virNetError
3/15 - virNetSocketFree
4/15 - virNetTLSContextFree, virNetTLSSessionFree
5/15 - virNetSASLContextFree, virNetSASLSessionFree
and probably others later in the series as well (I just noticed the
issue, so I won't report it in the other patches).
> +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
> + const char *identity)
> +{
> + const char *const*wildcards;
> +
> + /* If the list is not set, allow any DN. */
> + wildcards = ctxt->usernameWhitelist;
> + if (!wildcards)
> + return 1; /* No ACL, allow all */
> +
> + while (*wildcards) {
> + if (fnmatch (*wildcards, identity, 0) == 0)
> + return 1; /* Allowed */
Same comment about returning -1 as in 4/15 if fnmatch returns failure
rather than no match, such as for ill-formed wildcard.
> +int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
> + int ssf)
Wonky indentation.
> +
> +int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
> + int minSSF,
> + int maxSSF,
> + bool allowAnonymous)
> +{
> + sasl_security_properties_t secprops;
> + int err;
> +
> + memset (&secprops, 0, sizeof secprops);
> +
> + secprops.min_ssf = minSSF;
> + secprops.max_ssf = maxSSF;
> + secprops.maxbufsize = 100000;
How was this arbitrary number picked? Should it be larger, to
accommodate REMOTE_MESSAGE_MAX (262144)?
> +int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,
> + default:
> + VIR_DEBUG("Foo %s", sasl_errdetail(sasl->conn));
Interesting debug message; should "Foo" have been something more legible?
> +ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
> + const char *input,
> + size_t inputLen,
> + const char **output,
> + size_t *outputlen)
> +{
> + unsigned inlen = inputLen;
Should you check and fail if ((unsigned)inputLen != inputLen), since
sasl_* (unlike gnutls_*) used int rather than size_t as the maximum
transaction size? Or are we assuming that libvirt will never try to
exceed a transaction size of REMOTE_MESSAGE_MAX in the first place, so
we don't have to worry about the 2GB limit being abused?
> +ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
> + const char *input,
> + size_t inputLen,
> + const char **output,
> + size_t *outputlen)
> +{
> + unsigned inlen = inputLen;
Likewise.
--
Eric Blake [email protected] +1-801-349-2682
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
