[libvirt] [PATCH v2 5/6] Add ability to get a virIdentity from a virNetServerClientPtr

Tue Mar 19 11:22:16 UTC 2013

On Wed, Mar 13, 2013 at 15:24:04 +0000, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
> 
> Add APIs which allow creation of a virIdentity from the info
> associated with a virNetServerClientPtr instance. This is done
> based on the results of client authentication processes like
> TLS, x509, SASL, SO_PEERCRED
> 
...
> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
> index 40c8173..850f388 100644
> --- a/src/rpc/virnetserverclient.c
> +++ b/src/rpc/virnetserverclient.c
...
> @@ -642,6 +645,113 @@ int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
>  }
>  
>  
> +static virIdentityPtr
> +virNetServerClientCreateIdentity(virNetServerClientPtr client)
> +{
> +    char *processid = NULL;
> +    char *username = NULL;
> +    char *groupname = NULL;
> +#if WITH_SASL
> +    char *saslname = NULL;
> +#endif
> +    char *x509dname = NULL;
> +    char *seccontext = NULL;
> +    virIdentityPtr ret = NULL;
> +
> +    if (client->sock && virNetSocketIsLocal(client->sock)) {
> +        gid_t gid;
> +        uid_t uid;
> +        pid_t pid;
> +        if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid) < 0)
> +            goto cleanup;
> +
> +        if (!(username = virGetUserName(uid)))
> +            goto cleanup;
> +        if (!(groupname = virGetGroupName(gid)))
> +            goto cleanup;
> +        if (virAsprintf(&processid, "%d", (int)pid) < 0)

This should use "%lld" and (long long)pid to be consistent with the way
we format PIDs in libvirt. Also you sould call virReportOOMError() here
since virAsprintf() won't do it for you.

> +            goto cleanup;
> +    }
> +
> +#if WITH_SASL
> +    if (client->sasl) {
> +        const char *identity = virNetSASLSessionGetIdentity(client->sasl);
> +        if (identity &&
> +            !(saslname = strdup(identity))) {
> +            virReportOOMError();
> +            goto cleanup;
> +        }
> +    }
> +#endif
> +
> +    if (client->tls) {
> +        const char *identity = virNetTLSSessionGetX509DName(client->tls);
> +        if (identity &&
> +            !(x509dname = strdup(identity))) {
> +            virReportOOMError();
> +            goto cleanup;
> +        }
> +    }
> +
> +    if (client->sock &&
> +        virNetSocketGetSecurityContext(client->sock, &seccontext) < 0)
> +        goto cleanup;
> +
> +    if (!(ret = virIdentityNew()))
> +        goto cleanup;
> +
> +    if (username &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0)
> +        goto error;
> +    if (groupname &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0)
> +        goto error;
> +    if (processid &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0)
> +        goto error;
> +#if HAVE_SASL
> +    if (saslname &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SASL_USER_NAME, saslname) < 0)
> +        goto error;
> +#endif
> +    if (x509dname &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, x509dname) < 0)
> +        goto error;
> +    if (seccontext &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SECURITY_CONTEXT, seccontext) < 0)
> +        goto error;

Long lines again.

> +
> +cleanup:
> +    VIR_FREE(username);
> +    VIR_FREE(groupname);
> +    VIR_FREE(processid);
> +    VIR_FREE(seccontext);
> +#if HAVE_SASL
> +    VIR_FREE(saslname);
> +#endif
> +    VIR_FREE(x509dname);
> +    return ret;
> +
> +error:
> +    virObjectUnref(ret);
> +    ret = NULL;
> +    goto cleanup;
> +}
...

ACK

Jirka