[libvirt] [PATCH 3/8] Add APIs to get at more client security data
Daniel P. Berrange
berrange at redhat.com
Tue Mar 12 18:05:18 UTC 2013
On Thu, Mar 07, 2013 at 05:33:07PM -0700, Eric Blake wrote:
> On 03/06/2013 05:49 AM, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" <berrange at redhat.com>
> >
> > A socket object has various pieces of security data associated
> > with it, such as the SELinux context, the SASL username and
> > the x509 distinguished name. Add new APIs to virNetServerClient
> > and related modules to access this data.
> >
> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> > ---
> > src/libvirt_private.syms | 6 ++++++
> > src/rpc/virnetserverclient.c | 46 ++++++++++++++++++++++++++++++++++++++++++++
> > src/rpc/virnetserverclient.h | 7 +++++++
> > src/rpc/virnetsocket.c | 44 ++++++++++++++++++++++++++++++++++++++++++
> > src/rpc/virnetsocket.h | 2 ++
> > src/rpc/virnettlscontext.c | 18 +++++++++++++++++
> > src/rpc/virnettlscontext.h | 2 ++
> > 7 files changed, 125 insertions(+)
> >
> > +++ b/src/rpc/virnetserverclient.c
> > @@ -587,6 +587,16 @@ bool virNetServerClientHasTLSSession(virNetServerClientPtr client)
> > return has;
> > }
> >
> > +
> > +virNetTLSSessionPtr virNetServerClientGetTLSSession(virNetServerClientPtr client)
> > +{
> > + virNetTLSSessionPtr tls;
> > + virObjectLock(client);
> > + tls = client->tls;
> > + virObjectUnlock(client);
> > + return tls;
> > +}
>
> This needs to be guarded by WITH_GNUTLS (since client->tls doesn't exist
> otherwise). Which in turn may affect your libvirt_private.syms if you
> don't create a counterpart stub function.
You can't see it from the context, but this is already inside a WITH_GNUTLS
block that is started earlier, and finished later.
Seems we already have a few problems with the symbol file if WITH_GNUTLS
is not defined, so we'll need to fix that up globally.
>
> > +
> > +
> > +virNetSASLSessionPtr virNetServerClientGetSASLSession(virNetServerClientPtr client)
> > +{
> > + virNetSASLSessionPtr sasl;
> > + virObjectLock(client);
> > + sasl = client->sasl;
> > + virObjectUnlock(client);
> > + return sasl;
> > +}
> > #endif
>
> This function was inside an #ifdef, but you declared it in
> libvirt_private.syms, so you'd need a counterpart stub function.
I'll move it to the existing libvirt_sasl.syms files
> Shoot, ran out of review time halfway through. Overall the idea looks
> sound, though.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list