Re: [libvirt] [PATCH 05/15] Generic module for handling SASL authentication & encryption
On 12/16/2010 04:21 AM, Daniel P. Berrange wrote:
This provides two modules for handling SASL
* virNetSASLContext provides the process-wide state, currently
just a whitelist of usernames on the server and a one time
library init call
* virNetTLSSession provides the per-connection state, ie the
SASL session itself. This also include APIs for providing
data encryption/decryption once the session is established
* src/Makefile.am: Add to libvirt-net-rpc.la
* src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
SASL handling code
---
po/POTFILES.in | 1 +
src/Makefile.am | 3 +
src/rpc/virnetsaslcontext.c | 525 +++++++++++++++++++++++++++++++++++++++++++
src/rpc/virnetsaslcontext.h | 125 ++++++++++
4 files changed, 654 insertions(+), 0 deletions(-)
create mode 100644 src/rpc/virnetsaslcontext.c
create mode 100644 src/rpc/virnetsaslcontext.h
Several patches need to modify the cfg.mk lists of free-like functions
and/or message functions that require translated parameters. For example
2/15 - virNetMessageFree, virNetError
3/15 - virNetSocketFree
4/15 - virNetTLSContextFree, virNetTLSSessionFree
5/15 - virNetSASLContextFree, virNetSASLSessionFree
and probably others later in the series as well (I just noticed the
issue, so I won't report it in the other patches).
+int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
+ const char *identity)
+{
+ const char *const*wildcards;
+
+ /* If the list is not set, allow any DN. */
+ wildcards = ctxt->usernameWhitelist;
+ if (!wildcards)
+ return 1; /* No ACL, allow all */
+
+ while (*wildcards) {
+ if (fnmatch (*wildcards, identity, 0) == 0)
+ return 1; /* Allowed */
Same comment about returning -1 as in 4/15 if fnmatch returns failure
rather than no match, such as for ill-formed wildcard.
+int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
+ int ssf)
Wonky indentation.
+
+int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
+ int minSSF,
+ int maxSSF,
+ bool allowAnonymous)
+{
+ sasl_security_properties_t secprops;
+ int err;
+
+ memset (&secprops, 0, sizeof secprops);
+
+ secprops.min_ssf = minSSF;
+ secprops.max_ssf = maxSSF;
+ secprops.maxbufsize = 100000;
How was this arbitrary number picked? Should it be larger, to
accommodate REMOTE_MESSAGE_MAX (262144)?
+int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,
+ default:
+ VIR_DEBUG("Foo %s", sasl_errdetail(sasl->conn));
Interesting debug message; should "Foo" have been something more legible?
+ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
+ const char *input,
+ size_t inputLen,
+ const char **output,
+ size_t *outputlen)
+{
+ unsigned inlen = inputLen;
Should you check and fail if ((unsigned)inputLen != inputLen), since
sasl_* (unlike gnutls_*) used int rather than size_t as the maximum
transaction size? Or are we assuming that libvirt will never try to
exceed a transaction size of REMOTE_MESSAGE_MAX in the first place, so
we don't have to worry about the 2GB limit being abused?
+ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
+ const char *input,
+ size_t inputLen,
+ const char **output,
+ size_t *outputlen)
+{
+ unsigned inlen = inputLen;
Likewise.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)