Re: [libvirt] [PATCH v2 5/6] Add ability to get a virIdentity from a virNetServerClientPtr
On Wed, Mar 13, 2013 at 15:24:04 +0000, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Add APIs which allow creation of a virIdentity from the info
associated with a virNetServerClientPtr instance. This is done
based on the results of client authentication processes like
TLS, x509, SASL, SO_PEERCRED
...
diff --git a/src/rpc/virnetserverclient.c
b/src/rpc/virnetserverclient.c
index 40c8173..850f388 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
...
@@ -642,6 +645,113 @@ int
virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
}
+static virIdentityPtr
+virNetServerClientCreateIdentity(virNetServerClientPtr client)
+{
+ char *processid = NULL;
+ char *username = NULL;
+ char *groupname = NULL;
+#if WITH_SASL
+ char *saslname = NULL;
+#endif
+ char *x509dname = NULL;
+ char *seccontext = NULL;
+ virIdentityPtr ret = NULL;
+
+ if (client->sock && virNetSocketIsLocal(client->sock)) {
+ gid_t gid;
+ uid_t uid;
+ pid_t pid;
+ if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid)
< 0)
+ goto cleanup;
+
+ if (!(username = virGetUserName(uid)))
+ goto cleanup;
+ if (!(groupname = virGetGroupName(gid)))
+ goto cleanup;
+ if (virAsprintf(&processid, "%d", (int)pid) < 0)
This should use "%lld" and (long long)pid to be consistent with the way
we format PIDs in libvirt. Also you sould call virReportOOMError() here
since virAsprintf() won't do it for you.
+ goto cleanup;
+ }
+
+#if WITH_SASL
+ if (client->sasl) {
+ const char *identity = virNetSASLSessionGetIdentity(client->sasl);
+ if (identity &&
+ !(saslname = strdup(identity))) {
+ virReportOOMError();
+ goto cleanup;
+ }
+ }
+#endif
+
+ if (client->tls) {
+ const char *identity = virNetTLSSessionGetX509DName(client->tls);
+ if (identity &&
+ !(x509dname = strdup(identity))) {
+ virReportOOMError();
+ goto cleanup;
+ }
+ }
+
+ if (client->sock &&
+ virNetSocketGetSecurityContext(client->sock, &seccontext) < 0)
+ goto cleanup;
+
+ if (!(ret = virIdentityNew()))
+ goto cleanup;
+
+ if (username &&
+ virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0)
+ goto error;
+ if (groupname &&
+ virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0)
+ goto error;
+ if (processid &&
+ virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0)
+ goto error;
+#if HAVE_SASL
+ if (saslname &&
+ virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SASL_USER_NAME, saslname) < 0)
+ goto error;
+#endif
+ if (x509dname &&
+ virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, x509dname)
< 0)
+ goto error;
+ if (seccontext &&
+ virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SECURITY_CONTEXT, seccontext) < 0)
+ goto error;
Long lines again.
+
+cleanup:
+ VIR_FREE(username);
+ VIR_FREE(groupname);
+ VIR_FREE(processid);
+ VIR_FREE(seccontext);
+#if HAVE_SASL
+ VIR_FREE(saslname);
+#endif
+ VIR_FREE(x509dname);
+ return ret;
+
+error:
+ virObjectUnref(ret);
+ ret = NULL;
+ goto cleanup;
+}
...
ACK
Jirka