[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v2] daemon: Don't initialize SASL context if not necessary



On Fri, Jun 02, 2017 at 02:53:28PM +0200, Peter Krempa wrote:
> SASL context would be initialized even if the corresponding TCP or TLS
> sockets are not enabled.
> 
> fe772f24a68 attempted to fix the symptom by commenting out the settings,
> but that did not fix the root cause. 3c647ee4bbb later reverted those
> changes so that the more secure algorithm is used.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450095
> ---
> v2:
> Fix the message also if SASL authentication and the TCP/TLS sockets are
> explicitly enabled in config bug --listen is not specified.
> 
>  daemon/libvirtd.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> index 891238bcb..bac4bc1b6 100644
> --- a/daemon/libvirtd.c
> +++ b/daemon/libvirtd.c
> @@ -613,11 +613,11 @@ daemonSetupNetworking(virNetServerPtr srv,
> 
>  #if WITH_SASL
>      if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
> -        config->auth_unix_ro == REMOTE_AUTH_SASL ||
> +        (sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) ||
>  # if WITH_GNUTLS
> -        config->auth_tls == REMOTE_AUTH_SASL ||
> +        (ipsock && config->listen_tls && config->auth_tls == REMOTE_AUTH_SASL) ||
>  # endif
> -        config->auth_tcp == REMOTE_AUTH_SASL) {
> +        (ipsock && config->listen_tcp && config->auth_tcp == REMOTE_AUTH_SASL)) {
>          saslCtxt = virNetSASLContextNewServer(
>              (const char *const*)config->sasl_allowed_username_list);
>          if (!saslCtxt)


Reviewed-by: Daniel P. Berrange <berrange redhat com>

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]