[libvirt] [PATCH] Short circuit SASL auth when no mechanisms are available
If the SASL config does not have any mechanisms we currently just report an empty list to the client which will then fail to identify a usable mechanism. This is a server config error, so we should fail immediately on the server side. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/rpc/virnetsaslcontext.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c index 37a5da2..c4492ec 100644 --- a/src/rpc/virnetsaslcontext.c +++ b/src/rpc/virnetsaslcontext.c @@ -390,6 +390,12 @@ char *virNetSASLSessionListMechanisms(virNetSASLSessionPtr sasl) err, sasl_errdetail(sasl->conn)); goto cleanup; } + VIR_DEBUG("SASL mechanism list is '%s'", mechlist); + if (STREQ(mechlist, "")) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("no SASL mechanisms are available")); + goto cleanup; + } ignore_value(VIR_STRDUP(ret, mechlist)); cleanup: -- 2.9.3
On Wed, Mar 15, 2017 at 18:05:11 +0000, Daniel Berrange wrote:
If the SASL config does not have any mechanisms we currently just report an empty list to the client which will then fail to identify a usable mechanism. This is a server config error, so we should fail immediately on the server side.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/rpc/virnetsaslcontext.c | 6 ++++++ 1 file changed, 6 insertions(+)
ACK
participants (2)
-
Daniel P. Berrange -
Peter Krempa