On 12/16/2010 04:21 AM, Daniel P. Berrange wrote:
This provides two modules for handling SASL
* virNetSASLContext provides the process-wide state, currently just a whitelist of usernames on the server and a one time library init call
* virNetTLSSession provides the per-connection state, ie the SASL session itself. This also include APIs for providing data encryption/decryption once the session is established
* src/Makefile.am: Add to libvirt-net-rpc.la * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic SASL handling code --- po/POTFILES.in | 1 + src/Makefile.am | 3 + src/rpc/virnetsaslcontext.c | 525 +++++++++++++++++++++++++++++++++++++++++++ src/rpc/virnetsaslcontext.h | 125 ++++++++++ 4 files changed, 654 insertions(+), 0 deletions(-) create mode 100644 src/rpc/virnetsaslcontext.c create mode 100644 src/rpc/virnetsaslcontext.h
Several patches need to modify the cfg.mk lists of free-like functions and/or message functions that require translated parameters. For example 2/15 - virNetMessageFree, virNetError 3/15 - virNetSocketFree 4/15 - virNetTLSContextFree, virNetTLSSessionFree 5/15 - virNetSASLContextFree, virNetSASLSessionFree and probably others later in the series as well (I just noticed the issue, so I won't report it in the other patches).
+int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, + const char *identity) +{ + const char *const*wildcards; + + /* If the list is not set, allow any DN. */ + wildcards = ctxt->usernameWhitelist; + if (!wildcards) + return 1; /* No ACL, allow all */ + + while (*wildcards) { + if (fnmatch (*wildcards, identity, 0) == 0) + return 1; /* Allowed */
Same comment about returning -1 as in 4/15 if fnmatch returns failure rather than no match, such as for ill-formed wildcard.
+int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl, + int ssf)
Wonky indentation.
+ +int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl, + int minSSF, + int maxSSF, + bool allowAnonymous) +{ + sasl_security_properties_t secprops; + int err; + + memset (&secprops, 0, sizeof secprops); + + secprops.min_ssf = minSSF; + secprops.max_ssf = maxSSF; + secprops.maxbufsize = 100000;
How was this arbitrary number picked? Should it be larger, to accommodate REMOTE_MESSAGE_MAX (262144)?
+int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,
+ default: + VIR_DEBUG("Foo %s", sasl_errdetail(sasl->conn));
Interesting debug message; should "Foo" have been something more legible?
+ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl, + const char *input, + size_t inputLen, + const char **output, + size_t *outputlen) +{ + unsigned inlen = inputLen;
Should you check and fail if ((unsigned)inputLen != inputLen), since sasl_* (unlike gnutls_*) used int rather than size_t as the maximum transaction size? Or are we assuming that libvirt will never try to exceed a transaction size of REMOTE_MESSAGE_MAX in the first place, so we don't have to worry about the 2GB limit being abused?
+ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl, + const char *input, + size_t inputLen, + const char **output, + size_t *outputlen) +{ + unsigned inlen = inputLen;
Likewise. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org