On Thu, Mar 07, 2013 at 05:33:07PM -0700, Eric Blake wrote:
On 03/06/2013 05:49 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
A socket object has various pieces of security data associated with it, such as the SELinux context, the SASL username and the x509 distinguished name. Add new APIs to virNetServerClient and related modules to access this data.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/libvirt_private.syms | 6 ++++++ src/rpc/virnetserverclient.c | 46 ++++++++++++++++++++++++++++++++++++++++++++ src/rpc/virnetserverclient.h | 7 +++++++ src/rpc/virnetsocket.c | 44 ++++++++++++++++++++++++++++++++++++++++++ src/rpc/virnetsocket.h | 2 ++ src/rpc/virnettlscontext.c | 18 +++++++++++++++++ src/rpc/virnettlscontext.h | 2 ++ 7 files changed, 125 insertions(+)
+++ b/src/rpc/virnetserverclient.c @@ -587,6 +587,16 @@ bool virNetServerClientHasTLSSession(virNetServerClientPtr client) return has; }
+ +virNetTLSSessionPtr virNetServerClientGetTLSSession(virNetServerClientPtr client) +{ + virNetTLSSessionPtr tls; + virObjectLock(client); + tls = client->tls; + virObjectUnlock(client); + return tls; +}
This needs to be guarded by WITH_GNUTLS (since client->tls doesn't exist otherwise). Which in turn may affect your libvirt_private.syms if you don't create a counterpart stub function.
You can't see it from the context, but this is already inside a WITH_GNUTLS block that is started earlier, and finished later. Seems we already have a few problems with the symbol file if WITH_GNUTLS is not defined, so we'll need to fix that up globally.
+ + +virNetSASLSessionPtr virNetServerClientGetSASLSession(virNetServerClientPtr client) +{ + virNetSASLSessionPtr sasl; + virObjectLock(client); + sasl = client->sasl; + virObjectUnlock(client); + return sasl; +} #endif
This function was inside an #ifdef, but you declared it in libvirt_private.syms, so you'd need a counterpart stub function.
I'll move it to the existing libvirt_sasl.syms files
Shoot, ran out of review time halfway through. Overall the idea looks sound, though.
Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|