[libvirt] [PATCH 05/15] Generic module for handling SASL authentication & encryption
Eric Blake
eblake at redhat.com
Thu Dec 16 23:36:34 UTC 2010
On 12/16/2010 04:21 AM, Daniel P. Berrange wrote:
> This provides two modules for handling SASL
>
> * virNetSASLContext provides the process-wide state, currently
> just a whitelist of usernames on the server and a one time
> library init call
>
> * virNetTLSSession provides the per-connection state, ie the
> SASL session itself. This also include APIs for providing
> data encryption/decryption once the session is established
>
> * src/Makefile.am: Add to libvirt-net-rpc.la
> * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
> SASL handling code
> ---
> po/POTFILES.in | 1 +
> src/Makefile.am | 3 +
> src/rpc/virnetsaslcontext.c | 525 +++++++++++++++++++++++++++++++++++++++++++
> src/rpc/virnetsaslcontext.h | 125 ++++++++++
> 4 files changed, 654 insertions(+), 0 deletions(-)
> create mode 100644 src/rpc/virnetsaslcontext.c
> create mode 100644 src/rpc/virnetsaslcontext.h
Several patches need to modify the cfg.mk lists of free-like functions
and/or message functions that require translated parameters. For example
2/15 - virNetMessageFree, virNetError
3/15 - virNetSocketFree
4/15 - virNetTLSContextFree, virNetTLSSessionFree
5/15 - virNetSASLContextFree, virNetSASLSessionFree
and probably others later in the series as well (I just noticed the
issue, so I won't report it in the other patches).
> +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
> + const char *identity)
> +{
> + const char *const*wildcards;
> +
> + /* If the list is not set, allow any DN. */
> + wildcards = ctxt->usernameWhitelist;
> + if (!wildcards)
> + return 1; /* No ACL, allow all */
> +
> + while (*wildcards) {
> + if (fnmatch (*wildcards, identity, 0) == 0)
> + return 1; /* Allowed */
Same comment about returning -1 as in 4/15 if fnmatch returns failure
rather than no match, such as for ill-formed wildcard.
> +int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
> + int ssf)
Wonky indentation.
> +
> +int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
> + int minSSF,
> + int maxSSF,
> + bool allowAnonymous)
> +{
> + sasl_security_properties_t secprops;
> + int err;
> +
> + memset (&secprops, 0, sizeof secprops);
> +
> + secprops.min_ssf = minSSF;
> + secprops.max_ssf = maxSSF;
> + secprops.maxbufsize = 100000;
How was this arbitrary number picked? Should it be larger, to
accommodate REMOTE_MESSAGE_MAX (262144)?
> +int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,
> + default:
> + VIR_DEBUG("Foo %s", sasl_errdetail(sasl->conn));
Interesting debug message; should "Foo" have been something more legible?
> +ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
> + const char *input,
> + size_t inputLen,
> + const char **output,
> + size_t *outputlen)
> +{
> + unsigned inlen = inputLen;
Should you check and fail if ((unsigned)inputLen != inputLen), since
sasl_* (unlike gnutls_*) used int rather than size_t as the maximum
transaction size? Or are we assuming that libvirt will never try to
exceed a transaction size of REMOTE_MESSAGE_MAX in the first place, so
we don't have to worry about the 2GB limit being abused?
> +ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
> + const char *input,
> + size_t inputLen,
> + const char **output,
> + size_t *outputlen)
> +{
> + unsigned inlen = inputLen;
Likewise.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101216/abe292bc/attachment-0001.sig>
More information about the libvir-list
mailing list