[libvirt] [PATCH] Short circuit SASL auth when no mechanisms are available

Daniel P. Berrange berrange at redhat.com
Wed Mar 15 18:05:11 UTC 2017


If the SASL config does not have any mechanisms we currently
just report an empty list to the client which will then
fail to identify a usable mechanism. This is a server config
error, so we should fail immediately on the server side.

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 src/rpc/virnetsaslcontext.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
index 37a5da2..c4492ec 100644
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -390,6 +390,12 @@ char *virNetSASLSessionListMechanisms(virNetSASLSessionPtr sasl)
                        err, sasl_errdetail(sasl->conn));
         goto cleanup;
     }
+    VIR_DEBUG("SASL mechanism list is '%s'", mechlist);
+    if (STREQ(mechlist, "")) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("no SASL mechanisms are available"));
+        goto cleanup;
+    }
     ignore_value(VIR_STRDUP(ret, mechlist));
 
  cleanup:
-- 
2.9.3




More information about the libvir-list mailing list