On 03/18/2011 12:54 PM, Daniel P. Berrange wrote:
This provides two modules for handling SASL
* virNetSASLContext provides the process-wide state, currently just a whitelist of usernames on the server and a one time library init call
* virNetTLSSession provides the per-connection state, ie the SASL session itself. This also include APIs for providing data encryption/decryption once the session is established
* src/Makefile.am: Add to libvirt-net-rpc.la * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic SASL handling code --- cfg.mk | 2 + po/POTFILES.in | 1 + src/Makefile.am | 9 + src/rpc/virnetsaslcontext.c | 599 +++++++++++++++++++++++++++++++++++++++++++ src/rpc/virnetsaslcontext.h | 120 +++++++++ 5 files changed, 731 insertions(+), 0 deletions(-) create mode 100644 src/rpc/virnetsaslcontext.c create mode 100644 src/rpc/virnetsaslcontext.h
Definitely improved over the first time I reviewed this: http://www.redhat.com/archives/libvir-list/2010-December/msg00677.html
+virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED, + const char *service, + const char *hostname, + const char *localAddr, + const char *remoteAddr, + const sasl_callback_t *cbs) +{ + virNetSASLSessionPtr sasl = NULL; + int err; + + if (VIR_ALLOC(sasl) < 0) { + virReportOOMError(); + goto cleanup; + } + + sasl->refs = 1; + /* Arbitrary size for amount of data we can encode in a single block */ + sasl->maxbufsize = 1 << 16;
+virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED, + const char *service, + const char *localAddr, + const char *remoteAddr) +{ + virNetSASLSessionPtr sasl = NULL; + int err; + + if (VIR_ALLOC(sasl) < 0) { + virReportOOMError(); + goto cleanup; + } + + sasl->refs = 1; + /* Arbitrary size for amount of data we can encode in a single block */ + sasl->maxbufsize = 1 << 16;
Should these two values be a single #define (or enum) earlier in the file, so that they change in lock-step if we ever have reason to pick a different value?
+ +#ifndef __VIR_NET_CLIENT_SASL_CONTEXT_H__ +# define __VIR_NET_CLIENT_SASL_CONTEXT_H__ + +# include <sasl/sasl.h> + +# include <stdbool.h>
<stdbool.h> is redundant with earlier inclusion of "internal.h". You fixed this in some of your patch series, but not all.
+ +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, + const char *identity);
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK Likewise for marking up other functions in this header. ACK with those nits addressed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org