On Wed, Mar 13, 2013 at 15:24:04 +0000, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Add APIs which allow creation of a virIdentity from the info associated with a virNetServerClientPtr instance. This is done based on the results of client authentication processes like TLS, x509, SASL, SO_PEERCRED
...
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 40c8173..850f388 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c ... @@ -642,6 +645,113 @@ int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client, }
+static virIdentityPtr +virNetServerClientCreateIdentity(virNetServerClientPtr client) +{ + char *processid = NULL; + char *username = NULL; + char *groupname = NULL; +#if WITH_SASL + char *saslname = NULL; +#endif + char *x509dname = NULL; + char *seccontext = NULL; + virIdentityPtr ret = NULL; + + if (client->sock && virNetSocketIsLocal(client->sock)) { + gid_t gid; + uid_t uid; + pid_t pid; + if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid) < 0) + goto cleanup; + + if (!(username = virGetUserName(uid))) + goto cleanup; + if (!(groupname = virGetGroupName(gid))) + goto cleanup; + if (virAsprintf(&processid, "%d", (int)pid) < 0)
This should use "%lld" and (long long)pid to be consistent with the way we format PIDs in libvirt. Also you sould call virReportOOMError() here since virAsprintf() won't do it for you.
+ goto cleanup; + } + +#if WITH_SASL + if (client->sasl) { + const char *identity = virNetSASLSessionGetIdentity(client->sasl); + if (identity && + !(saslname = strdup(identity))) { + virReportOOMError(); + goto cleanup; + } + } +#endif + + if (client->tls) { + const char *identity = virNetTLSSessionGetX509DName(client->tls); + if (identity && + !(x509dname = strdup(identity))) { + virReportOOMError(); + goto cleanup; + } + } + + if (client->sock && + virNetSocketGetSecurityContext(client->sock, &seccontext) < 0) + goto cleanup; + + if (!(ret = virIdentityNew())) + goto cleanup; + + if (username && + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0) + goto error; + if (groupname && + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0) + goto error; + if (processid && + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0) + goto error; +#if HAVE_SASL + if (saslname && + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SASL_USER_NAME, saslname) < 0) + goto error; +#endif + if (x509dname && + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, x509dname) < 0) + goto error; + if (seccontext && + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SECURITY_CONTEXT, seccontext) < 0) + goto error;
Long lines again.
+ +cleanup: + VIR_FREE(username); + VIR_FREE(groupname); + VIR_FREE(processid); + VIR_FREE(seccontext); +#if HAVE_SASL + VIR_FREE(saslname); +#endif + VIR_FREE(x509dname); + return ret; + +error: + virObjectUnref(ret); + ret = NULL; + goto cleanup; +} ...
ACK Jirka