[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] PATCH: 3/10: auth configuration support



This patch provides the ability to configure what authentication mechanism
is used on each socket - UNIX RW, UNIX RO, TCP, and TLS sockets - all can
have independant settings. By default the UNIX & TLS sockets have no auth,
and the TCP socket has SASL auth enabled. The /etc/libvirt/libvirtd.conf
file lets you override these options.

There is also a new  sasl_allowed_username_list = ["admin"]  config
param to let you whitelist the users you want to allow.  This supports
use of wildcards. The username is dependnat on the SASL auth mechanism.
For DIGEST-MD5 it will be plain usernames, for Kerberos it will be a
username + realm, eg  admin EXAMPLE COM

After discussion with Rich, I also remove the tls_allowed_ip_list for
whitelisting source IP addresses. This was a) not protecting us because
it was only checked after the TLS handshake - thus allowing trivial DOS
attack b) much easier to handle via tcp wrappers, or IPtables. c) only
ever checked for the TLS socket d) IP addresses are easily spoofed.

If summary, if you're using a real authentication mechanism, this is
only useful for protecting against DOS attacks & that's better done by
iptables.

 Makefile.am                  |   12 -
 internal.h                   |    4 
 libvirtd.conf                |  143 ++++++++++++----
 qemud.c                      |  379 ++++++++++++++++++++++---------------------
 remote.c                     |  290 ++++++++++++++++++++++++--------
 remote_dispatch_prototypes.h |  138 +++++++--------
 remote_generate_stubs.pl     |    5 
 7 files changed, 602 insertions(+), 369 deletions(-)



diff -r f28fe18bd7f5 qemud/Makefile.am
--- a/qemud/Makefile.am	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/Makefile.am	Thu Nov 29 09:51:32 2007 -0500
@@ -101,14 +101,14 @@ remote.c: remote_dispatch_prototypes.h \
 	  remote_dispatch_localvars.h \
 	  remote_dispatch_proc_switch.h
 
-remote_dispatch_prototypes.h: remote_generate_stubs.pl remote_protocol.x
-	perl -w remote_generate_stubs.pl -i remote_protocol.x > $@
+remote_dispatch_prototypes.h: $(srcdir)/remote_generate_stubs.pl remote_protocol.x
+	perl -w $(srcdir)/remote_generate_stubs.pl -i $(srcdir)/remote_protocol.x > $@
 
-remote_dispatch_localvars.h: remote_generate_stubs.pl remote_protocol.x
-	perl -w remote_generate_stubs.pl -v remote_protocol.x > $@
+remote_dispatch_localvars.h: $(srcdir)/remote_generate_stubs.pl remote_protocol.x
+	perl -w $(srcdir)/remote_generate_stubs.pl -v $(srcdir)/remote_protocol.x > $@
 
-remote_dispatch_proc_switch.h: remote_generate_stubs.pl remote_protocol.x
-	perl -w remote_generate_stubs.pl -w remote_protocol.x > $@
+remote_dispatch_proc_switch.h: $(srcdir)/remote_generate_stubs.pl remote_protocol.x
+	perl -w $(srcdir)/remote_generate_stubs.pl -w $(srcdir)/remote_protocol.x > $@
 
 if LIBVIRT_INIT_SCRIPTS_RED_HAT
 install-init: libvirtd.init
diff -r f28fe18bd7f5 qemud/internal.h
--- a/qemud/internal.h	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/internal.h	Thu Nov 29 09:51:32 2007 -0500
@@ -109,6 +109,7 @@ struct qemud_client {
     const char *saslEncoded;
     unsigned int saslEncodedLength;
     unsigned int saslEncodedOffset;
+    char *saslUsername;
 #endif
 
     unsigned int incomingSerial;
@@ -151,6 +152,9 @@ struct qemud_server {
 #ifdef HAVE_AVAHI
     struct libvirtd_mdns *mdns;
 #endif
+#if HAVE_SASL
+    char **saslUsernameWhitelist;
+#endif
 };
 
 void qemudLog(int priority, const char *fmt, ...)
diff -r f28fe18bd7f5 qemud/libvirtd.conf
--- a/qemud/libvirtd.conf	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/libvirtd.conf	Thu Nov 29 09:51:32 2007 -0500
@@ -2,6 +2,11 @@
 #
 # For further information consult http://libvirt.org/format.html
 
+
+#################################################################
+#
+# Network connectivitiy controls
+#
 
 # Flag listening for secure TLS connections on the public TCP/IP port.
 # NB, must pass the --listen flag to the libvirtd process for this to
@@ -17,7 +22,9 @@
 # NB, must pass the --listen flag to the libvirtd process for this to
 # have any effect.
 #
-# NB, this is insecure. Do not use except for development.
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
 #
 # This is disabled by default, uncomment this to enable it.
 # listen_tcp = 1
@@ -53,6 +60,10 @@
 # mdns_name "Virtualization Host Joe Demo" 
 
 
+#################################################################
+#
+# UNIX socket access controls
+#
 
 # Set the UNIX domain socket group ownership. This can be used to
 # allow a 'trusted' set of users access to management capabilities
@@ -73,8 +84,88 @@
 #
 # Default allows only root. If setting group ownership may want to
 # relax this to:
-# unix_sock_rw_perms "octal-perms" 	"0770"
-
+# unix_sock_rw_perms "0770"
+
+
+
+#################################################################
+#
+# Authentication.
+#
+#  - none: do not perform auth checks. If you can connect to the
+#          socket you are allowed. This is suitable if there are
+#          restrictions on connecting to the socket (eg, UNIX
+#          socket permissions), or if there is a lower layer in
+#          the network providing auth (eg, TLS/x509 certificates)
+#
+#  - sasl: use SASL infrastructure. The actual auth scheme is then
+#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
+#
+
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+# auth_unix_ro = "none"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+# auth_unix_rw = "none"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+# auth_tcp = "sasl"
+
+# Change the authentication scheme for TLS sockets.
+# 
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+# auth_tls = "none"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+# key_file "/etc/pki/libvirt/private/serverkey.pem"
+
+# Override the default server certificate file path
+#
+# cert_file "/etc/pki/libvirt/servercert.pem"
+
+# Override the default CA certificate path
+#
+# ca_file "/etc/pki/CA/cacert.pem"
+
+# Specify a certificate revocation list.
+# 
+# Defaults to not using a CRL, uncomment to enable it
+# crl_file "/etc/pki/CA/crl.pem"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
 
 
 # Flag to disable verification of client certificates
@@ -87,31 +178,6 @@
 # verification - make sure an IP whitelist is set
 # tls_no_verify_certificate 1 
 
-# Flag to disable verification of client IP address
-#
-# Client IP address will be verified against the CommonName field
-# of the x509 certificate. This has minimal security benefit since
-# it is easy to spoof source IP.
-#
-# Uncommenting this will disable verification
-# tls_no_verify_address 1
-
-# Override the default server key file path
-#
-# key_file "/etc/pki/libvirt/private/serverkey.pem"
-
-# Override the default server certificate file path
-#
-# cert_file "/etc/pki/libvirt/servercert.pem"
-
-# Override the default CA certificate path
-#
-# ca_file "/etc/pki/CA/cacert.pem"
-
-# Specify a certificate revocation list.
-# 
-# Defaults to not using a CRL, uncomment to enable it
-# crl_file "/etc/pki/CA/crl.pem"
 
 # A whitelist of allowed x509  Distinguished Names
 # This list may contain wildcards such as 
@@ -127,15 +193,20 @@
 # tls_allowed_dn_list ["DN1", "DN2"]
 
 
-# A whitelist of allowed client IP addresses
-#
-# This list may contain wildcards such as 192.168.* See the POSIX fnmatch 
-# function for the format of the wildcards.
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username REALM
+#
+# This list may contain wildcards such as 
+#
+#    "* EXAMPLE COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
 #
-# By default, no IP's are checked. This can be IPv4 or IPv6 addresses
-# tls_allowed_ip_list ["ip1", "ip2", "ip3"]
-
-
+# By default, no Username's are checked
+# sasl_allowed_username_list ["joe EXAMPLE COM", "fred EXAMPLE COM" ]
+
+
diff -r f28fe18bd7f5 qemud/qemud.c
--- a/qemud/qemud.c	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/qemud.c	Thu Nov 29 09:51:32 2007 -0500
@@ -77,15 +77,23 @@ static int unix_sock_rw_perms = 0700; /*
 static int unix_sock_rw_perms = 0700; /* Allow user only */
 static int unix_sock_ro_perms = 0777; /* Allow world */
 
+
+static int auth_unix_rw = REMOTE_AUTH_NONE;
+static int auth_unix_ro = REMOTE_AUTH_NONE;
+#if HAVE_SASL
+static int auth_tcp = REMOTE_AUTH_SASL;
+#else
+static int auth_tcp = REMOTE_AUTH_NONE;
+#endif
+static int auth_tls = REMOTE_AUTH_NONE;
+
 #ifdef HAVE_AVAHI
 static int mdns_adv = 1;
 static const char *mdns_name = NULL;
 #endif
 
 static int tls_no_verify_certificate = 0;
-static int tls_no_verify_address = 0;
-static const char **tls_allowed_ip_list = 0;
-static const char **tls_allowed_dn_list = 0;
+static char **tls_allowed_dn_list = 0;
 
 static const char *key_file = LIBVIRT_SERVERKEY;
 static const char *cert_file = LIBVIRT_SERVERCERT;
@@ -450,7 +458,7 @@ static int qemudWritePidFile(const char 
 }
 
 static int qemudListenUnix(struct qemud_server *server,
-                           const char *path, int readonly) {
+                           const char *path, int readonly, int auth) {
     struct qemud_socket *sock = calloc(1, sizeof(struct qemud_socket));
     struct sockaddr_un addr;
     mode_t oldmask;
@@ -464,6 +472,7 @@ static int qemudListenUnix(struct qemud_
     sock->readonly = readonly;
     sock->port = -1;
     sock->type = QEMUD_SOCK_TYPE_UNIX;
+    sock->auth = auth;
 
     if ((sock->fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
         qemudLog(QEMUD_ERR, "Failed to create socket: %s",
@@ -701,6 +710,27 @@ static int qemudInitPaths(struct qemud_s
 
 static struct qemud_server *qemudInitialize(int sigread) {
     struct qemud_server *server;
+
+    if (!(server = calloc(1, sizeof(struct qemud_server)))) {
+        qemudLog(QEMUD_ERR, "Failed to allocate struct qemud_server");
+        return NULL;
+    }
+
+    server->sigread = sigread;
+
+    __virEventRegisterImpl(virEventAddHandleImpl,
+                           virEventUpdateHandleImpl,
+                           virEventRemoveHandleImpl,
+                           virEventAddTimeoutImpl,
+                           virEventUpdateTimeoutImpl,
+                           virEventRemoveTimeoutImpl);
+
+    virStateInitialize();
+
+    return server;
+}
+
+static struct qemud_server *qemudNetworkInit(struct qemud_server *server) {
     struct qemud_socket *sock;
     char sockname[PATH_MAX];
     char roSockname[PATH_MAX];
@@ -708,56 +738,39 @@ static struct qemud_server *qemudInitial
     int err;
 #endif /* HAVE_SASL */
 
-    if (!(server = calloc(1, sizeof(struct qemud_server)))) {
-        qemudLog(QEMUD_ERR, "Failed to allocate struct qemud_server");
-        return NULL;
-    }
-
-    /* We don't have a dom-0, so start from 1 */
-    server->sigread = sigread;
-
     roSockname[0] = '\0';
 
     if (qemudInitPaths(server, sockname, roSockname, PATH_MAX) < 0)
         goto cleanup;
 
-    if (qemudListenUnix(server, sockname, 0) < 0)
+    if (qemudListenUnix(server, sockname, 0, auth_unix_rw) < 0)
         goto cleanup;
 
-    if (roSockname[0] != '\0' && qemudListenUnix(server, roSockname, 1) < 0)
+    if (roSockname[0] != '\0' && qemudListenUnix(server, roSockname, 1, auth_unix_ro) < 0)
         goto cleanup;
 
-    __virEventRegisterImpl(virEventAddHandleImpl,
-                           virEventUpdateHandleImpl,
-                           virEventRemoveHandleImpl,
-                           virEventAddTimeoutImpl,
-                           virEventUpdateTimeoutImpl,
-                           virEventRemoveTimeoutImpl);
-
-    virStateInitialize();
-
 #if HAVE_SASL
-    if ((err = sasl_server_init(NULL, "libvirt")) != SASL_OK) {
-        qemudLog(QEMUD_ERR, "Failed to initialize SASL authentication %s",
-                 sasl_errstring(err, NULL, NULL));
-        goto cleanup;
+    if (auth_unix_rw == REMOTE_AUTH_SASL ||
+        auth_unix_ro == REMOTE_AUTH_SASL ||
+        auth_tcp == REMOTE_AUTH_SASL ||
+        auth_tls == REMOTE_AUTH_SASL) {
+        if ((err = sasl_server_init(NULL, "libvirt")) != SASL_OK) {
+            qemudLog(QEMUD_ERR, "Failed to initialize SASL authentication %s",
+                     sasl_errstring(err, NULL, NULL));
+            goto cleanup;
+        }
     }
 #endif
 
     if (ipsock) {
-#if HAVE_SASL
-        if (listen_tcp && remoteListenTCP (server, tcp_port, QEMUD_SOCK_TYPE_TCP, REMOTE_AUTH_SASL) < 0)
+        if (listen_tcp && remoteListenTCP (server, tcp_port, QEMUD_SOCK_TYPE_TCP, auth_tcp) < 0)
             goto cleanup;
-#else
-        if (listen_tcp && remoteListenTCP (server, tcp_port, QEMUD_SOCK_TYPE_TCP, REMOTE_AUTH_NONE) < 0)
-            goto cleanup;
-#endif
 
         if (listen_tls) {
             if (remoteInitializeGnuTLS () < 0)
                 goto cleanup;
 
-            if (remoteListenTCP (server, tls_port, QEMUD_SOCK_TYPE_TLS, REMOTE_AUTH_NONE) < 0)
+            if (remoteListenTCP (server, tls_port, QEMUD_SOCK_TYPE_TLS, auth_tls) < 0)
                 goto cleanup;
         }
     }
@@ -859,7 +872,7 @@ remoteCheckDN (gnutls_x509_crt_t cert)
 {
     char name[256];
     size_t namesize = sizeof name;
-    const char **wildcards;
+    char **wildcards;
     int err;
 
     err = gnutls_x509_crt_get_dn (cert, name, &namesize);
@@ -977,53 +990,11 @@ static int
 static int
 remoteCheckAccess (struct qemud_client *client)
 {
-    char addr[NI_MAXHOST];
-    const char **wildcards;
-    int found, err;
-
     /* Verify client certificate. */
     if (remoteCheckCertificate (client->tlssession) == -1) {
         qemudLog (QEMUD_ERR, "remoteCheckCertificate: failed to verify client's certificate");
         if (!tls_no_verify_certificate) return -1;
         else qemudLog (QEMUD_INFO, "remoteCheckCertificate: tls_no_verify_certificate is set so the bad certificate is ignored");
-    }
-
-    /*----- IP address check, similar to tcp wrappers -----*/
-
-    /* Convert IP address to printable string (eg. "127.0.0.1" or "::1"). */
-    err = getnameinfo ((struct sockaddr *) &client->addr, client->addrlen,
-                       addr, sizeof addr, NULL, 0,
-                       NI_NUMERICHOST);
-    if (err != 0) {
-        qemudLog (QEMUD_ERR, "getnameinfo: %s", gai_strerror (err));
-        return -1;
-    }
-
-    /* Verify the client is on the list of allowed clients.
-     *
-     * NB: No tls_allowed_ip_list in config file means anyone can access.
-     * If tls_allowed_ip_list is in the config file but empty, means no
-     * one can access (not particularly useful, but it's what the sysadmin
-     * would expect).
-     */
-    wildcards = tls_allowed_ip_list;
-    if (wildcards) {
-        found = 0;
-
-        while (*wildcards) {
-            if (fnmatch (*wildcards, addr, 0) == 0) {
-                found = 1;
-                break;
-            }
-            wildcards++;
-        }
-    } else
-        found = 1;
-
-    if (!found) {
-        qemudLog (QEMUD_ERR, "remoteCheckAccess: client's IP address (%s) is not on the list of allowed clients (tls_allowed_ip_list)", addr);
-        if (!tls_no_verify_address) return -1;
-        else qemudLog (QEMUD_INFO, "remoteCheckAccess: tls_no_verify_address is set so the client's IP address is ignored");
     }
 
     /* Checks have succeeded.  Write a '\1' byte back to the client to
@@ -1148,6 +1119,7 @@ static void qemudDispatchClientFailure(s
 
 #if HAVE_SASL
     if (client->saslconn) sasl_dispose(&client->saslconn);
+    if (client->saslUsername) free(client->saslUsername);
 #endif
     if (client->tlssession) gnutls_deinit (client->tlssession);
     close(client->fd);
@@ -1649,17 +1621,114 @@ static void qemudCleanup(struct qemud_se
         sock = next;
     }
 
-
+    if (server->saslUsernameWhitelist) {
+        char **list = server->saslUsernameWhitelist;
+        while (*list) {
+            if (*list)
+                free(*list);
+            list++;
+        }
+    }
     virStateCleanup();
 
     free(server);
+}
+
+
+static int remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list, const char *filename) {
+    virConfValuePtr p;
+
+    p = virConfGetValue (conf, key);
+    if (p) {
+        switch (p->type) {
+        case VIR_CONF_STRING:
+            *list = malloc (2 * sizeof (char *));
+            if (*list == NULL) {
+                qemudLog (QEMUD_ERR, "failed to allocate memory for %s config list", key);
+                return -1;
+            }
+            (*list)[0] = strdup (p->str);
+            (*list)[1] = 0;
+            if ((*list)[0] == NULL) {
+                qemudLog (QEMUD_ERR, "failed to allocate memory for %s config list value", key);
+                free(*list);
+                return -1;
+            }
+            break;
+
+        case VIR_CONF_LIST: {
+            int i, len = 0;
+            virConfValuePtr pp;
+            for (pp = p->list; pp; pp = pp->next)
+                len++;
+            *list =
+                calloc (1+len, sizeof (char *));
+            if (*list == NULL) {
+                qemudLog (QEMUD_ERR, "failed to allocate memory for %s config list", key);
+                return -1;
+            }
+            for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
+                if (pp->type != VIR_CONF_STRING) {
+                    qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: should be a string or list of strings\n", filename, key);
+                    return -1;
+                }
+                (*list)[i] = strdup (pp->str);
+                if ((*list)[i] == NULL) {
+                    for (i = 0 ; i < len ; i++)
+                        if ((*list)[i]) free((*list)[i]);
+                    free(*list);
+                    qemudLog (QEMUD_ERR, "failed to allocate memory for %s config list value", key);
+                    return -1;
+                }
+
+            }
+            (*list)[i] = 0;
+            break;
+        }
+
+        default:
+            qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: should be a string or list of strings\n", filename, key);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
+    virConfValuePtr p;
+
+    p = virConfGetValue (conf, key);
+    if (!p)
+        return 0;
+
+    if (p->type != VIR_CONF_STRING) {
+        qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: should be a string\n", filename, key);
+        return -1;
+    }
+
+    if (!p->str)
+        return 0;
+
+    if (STREQ(p->str, "none")) {
+        *auth = REMOTE_AUTH_NONE;
+#if HAVE_SASL
+    } else if (STREQ(p->str, "sasl")) {
+        *auth = REMOTE_AUTH_SASL;
+#endif
+    } else {
+        qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: %s: unsupported auth %s\n", filename, key, p->str);
+        return -1;
+    }
+
+    return 0;
 }
 
 /* Read the config file if it exists.
  * Only used in the remote case, hence the name.
  */
 static int
-remoteReadConfigFile (const char *filename)
+remoteReadConfigFile (struct qemud_server *server, const char *filename)
 {
     virConfPtr conf;
 
@@ -1695,6 +1764,15 @@ remoteReadConfigFile (const char *filena
     p = virConfGetValue (conf, "tcp_port");
     CHECK_TYPE ("tcp_port", VIR_CONF_STRING);
     tcp_port = p ? strdup (p->str) : tcp_port;
+
+    if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0)
+        return -1;
+    if (remoteConfigGetAuth(conf, "auth_unix_ro", &auth_unix_ro, filename) < 0)
+        return -1;
+    if (remoteConfigGetAuth(conf, "auth_tcp", &auth_tcp, filename) < 0)
+        return -1;
+    if (remoteConfigGetAuth(conf, "auth_tls", &auth_tls, filename) < 0)
+        return -1;
 
     p = virConfGetValue (conf, "unix_sock_group");
     CHECK_TYPE ("unix_sock_group", VIR_CONF_STRING);
@@ -1743,10 +1821,6 @@ remoteReadConfigFile (const char *filena
     CHECK_TYPE ("tls_no_verify_certificate", VIR_CONF_LONG);
     tls_no_verify_certificate = p ? p->l : tls_no_verify_certificate;
 
-    p = virConfGetValue (conf, "tls_no_verify_address");
-    CHECK_TYPE ("tls_no_verify_address", VIR_CONF_LONG);
-    tls_no_verify_address = p ? p->l : tls_no_verify_address;
-
     p = virConfGetValue (conf, "key_file");
     CHECK_TYPE ("key_file", VIR_CONF_STRING);
     key_file = p ? strdup (p->str) : key_file;
@@ -1763,71 +1837,11 @@ remoteReadConfigFile (const char *filena
     CHECK_TYPE ("crl_file", VIR_CONF_STRING);
     crl_file = p ? strdup (p->str) : crl_file;
 
-    p = virConfGetValue (conf, "tls_allowed_dn_list");
-    if (p) {
-        switch (p->type) {
-        case VIR_CONF_STRING:
-            tls_allowed_dn_list = malloc (2 * sizeof (char *));
-            tls_allowed_dn_list[0] = strdup (p->str);
-            tls_allowed_dn_list[1] = 0;
-            break;
-
-        case VIR_CONF_LIST: {
-            int i, len = 0;
-            virConfValuePtr pp;
-            for (pp = p->list; pp; pp = p->next)
-                len++;
-            tls_allowed_dn_list =
-                malloc ((1+len) * sizeof (char *));
-            for (i = 0, pp = p->list; pp; ++i, pp = p->next) {
-                if (pp->type != VIR_CONF_STRING) {
-                    qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_dn_list: should be a string or list of strings\n", filename);
-                    return -1;
-                }
-                tls_allowed_dn_list[i] = strdup (pp->str);
-            }
-            tls_allowed_dn_list[i] = 0;
-            break;
-        }
-
-        default:
-            qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_dn_list: should be a string or list of strings\n", filename);
-            return -1;
-        }
-    }
-
-    p = virConfGetValue (conf, "tls_allowed_ip_list");
-    if (p) {
-        switch (p->type) {
-        case VIR_CONF_STRING:
-            tls_allowed_ip_list = malloc (2 * sizeof (char *));
-            tls_allowed_ip_list[0] = strdup (p->str);
-            tls_allowed_ip_list[1] = 0;
-            break;
-
-        case VIR_CONF_LIST: {
-            int i, len = 0;
-            virConfValuePtr pp;
-            for (pp = p->list; pp; pp = p->next)
-                len++;
-            tls_allowed_ip_list =
-                malloc ((1+len) * sizeof (char *));
-            for (i = 0, pp = p->list; pp; ++i, pp = p->next) {
-                if (pp->type != VIR_CONF_STRING) {
-                    qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_ip_list: should be a string or list of strings\n", filename);
-                    return -1;
-                }
-                tls_allowed_ip_list[i] = strdup (pp->str);
-            }
-            tls_allowed_ip_list[i] = 0;
-            break;
-        }
-
-        default:
-            qemudLog (QEMUD_ERR, "remoteReadConfigFile: %s: tls_allowed_ip_list: should be a string or list of strings\n", filename);
-            return -1;
-        }
-    }
+    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list", &tls_allowed_dn_list, filename) < 0)
+        return -1;
+
+    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list", &server->saslUsernameWhitelist, filename) < 0)
+        return -1;
 
     virConfFree (conf);
     return 0;
@@ -1950,13 +1964,6 @@ int main(int argc, char **argv) {
         }
     }
 
-    /* Read the config file (if it exists). */
-    if (remoteReadConfigFile (remote_config_file) < 0)
-        goto error1;
-
-    if (godaemon)
-        openlog("libvirtd", 0, 0);
-
     if (pipe(sigpipe) < 0 ||
         qemudSetNonBlock(sigpipe[0]) < 0 ||
         qemudSetNonBlock(sigpipe[1]) < 0) {
@@ -1964,8 +1971,38 @@ int main(int argc, char **argv) {
                  strerror(errno));
         goto error1;
     }
-
     sigwrite = sigpipe[1];
+
+    if (!(server = qemudInitialize(sigpipe[0]))) {
+        ret = 2;
+        goto error1;
+    }
+
+    /* Read the config file (if it exists). */
+    if (remoteReadConfigFile (server, remote_config_file) < 0)
+        goto error1;
+
+    if (godaemon) {
+        int pid;
+        openlog("libvirtd", 0, 0);
+        pid = qemudGoDaemon();
+        if (pid < 0) {
+            qemudLog(QEMUD_ERR, "Failed to fork as daemon: %s",
+                     strerror(errno));
+            goto error1;
+        }
+        if (pid > 0)
+            goto out;
+
+        /* Choose the name of the PID file. */
+        if (!pid_file) {
+            if (REMOTE_PID_FILE[0] != '\0')
+                pid_file = REMOTE_PID_FILE;
+        }
+
+        if (pid_file && qemudWritePidFile (pid_file) < 0)
+            goto error1;
+    }
 
     sig_action.sa_handler = sig_handler;
     sig_action.sa_flags = 0;
@@ -1979,31 +2016,6 @@ int main(int argc, char **argv) {
 
     sig_action.sa_handler = SIG_IGN;
     sigaction(SIGPIPE, &sig_action, NULL);
-
-    if (godaemon) {
-        int pid = qemudGoDaemon();
-        if (pid < 0) {
-            qemudLog(QEMUD_ERR, "Failed to fork as daemon: %s",
-                     strerror(errno));
-            goto error1;
-        }
-        if (pid > 0)
-            goto out;
-
-        /* Choose the name of the PID file. */
-        if (!pid_file) {
-            if (REMOTE_PID_FILE[0] != '\0')
-                pid_file = REMOTE_PID_FILE;
-        }
-
-        if (pid_file && qemudWritePidFile (pid_file) < 0)
-            goto error1;
-    }
-
-    if (!(server = qemudInitialize(sigpipe[0]))) {
-        ret = 2;
-        goto error2;
-    }
 
     if (virEventAddHandleImpl(sigpipe[0],
                               POLLIN,
@@ -2011,6 +2023,11 @@ int main(int argc, char **argv) {
                               server) < 0) {
         qemudLog(QEMUD_ERR, "Failed to register callback for signal pipe");
         ret = 3;
+        goto error2;
+    }
+
+    if (!(server = qemudNetworkInit(server))) {
+        ret = 2;
         goto error2;
     }
 
diff -r f28fe18bd7f5 qemud/remote.c
--- a/qemud/remote.c	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/remote.c	Thu Nov 29 09:51:32 2007 -0500
@@ -44,6 +44,7 @@
 #include <getopt.h>
 #include <ctype.h>
 #include <assert.h>
+#include <fnmatch.h>
 
 #include <libvirt/virterror.h>
 
@@ -65,14 +66,18 @@ static void make_nonnull_network (remote
 
 #include "remote_dispatch_prototypes.h"
 
-typedef int (*dispatch_fn) (struct qemud_client *client, remote_message_header *req, char *args, char *ret);
+typedef int (*dispatch_fn) (struct qemud_server *server,
+                            struct qemud_client *client,
+                            remote_message_header *req,
+                            char *args,
+                            char *ret);
 
 /* This function gets called from qemud when it detects an incoming
  * remote protocol message.  At this point, client->buffer contains
  * the full call message (including length word which we skip).
  */
 void
-remoteDispatchClientRequest (struct qemud_server *server ATTRIBUTE_UNUSED,
+remoteDispatchClientRequest (struct qemud_server *server,
                              struct qemud_client *client)
 {
     XDR xdr;
@@ -158,7 +163,7 @@ remoteDispatchClientRequest (struct qemu
     xdr_destroy (&xdr);
 
     /* Call function. */
-    rv = fn (client, &req, args, ret);
+    rv = fn (server, client, &req, args, ret);
     xdr_free (args_filter, args);
 
     /* Dispatch function must return -2, -1 or 0.  Anything else is
@@ -398,7 +403,8 @@ remoteDispatchError (struct qemud_client
 /*----- Functions. -----*/
 
 static int
-remoteDispatchOpen (struct qemud_client *client, remote_message_header *req,
+remoteDispatchOpen (struct qemud_server *server ATTRIBUTE_UNUSED,
+                    struct qemud_client *client, remote_message_header *req,
                     struct remote_open_args *args, void *ret ATTRIBUTE_UNUSED)
 {
     const char *name;
@@ -437,7 +443,8 @@ remoteDispatchOpen (struct qemud_client 
     }
 
 static int
-remoteDispatchClose (struct qemud_client *client, remote_message_header *req,
+remoteDispatchClose (struct qemud_server *server ATTRIBUTE_UNUSED,
+                     struct qemud_client *client, remote_message_header *req,
                      void *args ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED)
 {
     int rv;
@@ -450,7 +457,8 @@ remoteDispatchClose (struct qemud_client
 }
 
 static int
-remoteDispatchSupportsFeature (struct qemud_client *client, remote_message_header *req,
+remoteDispatchSupportsFeature (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client, remote_message_header *req,
                                remote_supports_feature_args *args, remote_supports_feature_ret *ret)
 {
     CHECK_CONN(client);
@@ -462,7 +470,8 @@ remoteDispatchSupportsFeature (struct qe
 }
 
 static int
-remoteDispatchGetType (struct qemud_client *client, remote_message_header *req,
+remoteDispatchGetType (struct qemud_server *server ATTRIBUTE_UNUSED,
+                       struct qemud_client *client, remote_message_header *req,
                        void *args ATTRIBUTE_UNUSED, remote_get_type_ret *ret)
 {
     const char *type;
@@ -484,7 +493,8 @@ remoteDispatchGetType (struct qemud_clie
 }
 
 static int
-remoteDispatchGetVersion (struct qemud_client *client,
+remoteDispatchGetVersion (struct qemud_server *server ATTRIBUTE_UNUSED,
+                          struct qemud_client *client,
                           remote_message_header *req,
                           void *args ATTRIBUTE_UNUSED,
                           remote_get_version_ret *ret)
@@ -500,7 +510,8 @@ remoteDispatchGetVersion (struct qemud_c
 }
 
 static int
-remoteDispatchGetHostname (struct qemud_client *client,
+remoteDispatchGetHostname (struct qemud_server *server ATTRIBUTE_UNUSED,
+                           struct qemud_client *client,
                            remote_message_header *req,
                            void *args ATTRIBUTE_UNUSED,
                            remote_get_hostname_ret *ret)
@@ -516,7 +527,8 @@ remoteDispatchGetHostname (struct qemud_
 }
 
 static int
-remoteDispatchGetMaxVcpus (struct qemud_client *client,
+remoteDispatchGetMaxVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+                           struct qemud_client *client,
                            remote_message_header *req,
                            remote_get_max_vcpus_args *args,
                            remote_get_max_vcpus_ret *ret)
@@ -532,7 +544,8 @@ remoteDispatchGetMaxVcpus (struct qemud_
 }
 
 static int
-remoteDispatchNodeGetInfo (struct qemud_client *client,
+remoteDispatchNodeGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
+                           struct qemud_client *client,
                            remote_message_header *req,
                            void *args ATTRIBUTE_UNUSED,
                            remote_node_get_info_ret *ret)
@@ -556,7 +569,8 @@ remoteDispatchNodeGetInfo (struct qemud_
 }
 
 static int
-remoteDispatchGetCapabilities (struct qemud_client *client,
+remoteDispatchGetCapabilities (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client,
                                remote_message_header *req,
                                void *args ATTRIBUTE_UNUSED,
                                remote_get_capabilities_ret *ret)
@@ -572,7 +586,8 @@ remoteDispatchGetCapabilities (struct qe
 }
 
 static int
-remoteDispatchDomainGetSchedulerType (struct qemud_client *client,
+remoteDispatchDomainGetSchedulerType (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                      struct qemud_client *client,
                                       remote_message_header *req,
                                       remote_domain_get_scheduler_type_args *args,
                                       remote_domain_get_scheduler_type_ret *ret)
@@ -601,7 +616,8 @@ remoteDispatchDomainGetSchedulerType (st
 }
 
 static int
-remoteDispatchDomainGetSchedulerParameters (struct qemud_client *client,
+remoteDispatchDomainGetSchedulerParameters (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                            struct qemud_client *client,
                                             remote_message_header *req,
                                             remote_domain_get_scheduler_parameters_args *args,
                                             remote_domain_get_scheduler_parameters_ret *ret)
@@ -687,7 +703,8 @@ remoteDispatchDomainGetSchedulerParamete
 }
 
 static int
-remoteDispatchDomainSetSchedulerParameters (struct qemud_client *client,
+remoteDispatchDomainSetSchedulerParameters (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                            struct qemud_client *client,
                                             remote_message_header *req,
                                             remote_domain_set_scheduler_parameters_args *args,
                                             void *ret ATTRIBUTE_UNUSED)
@@ -747,7 +764,8 @@ remoteDispatchDomainSetSchedulerParamete
 }
 
 static int
-remoteDispatchDomainBlockStats (struct qemud_client *client,
+remoteDispatchDomainBlockStats (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                struct qemud_client *client,
                                 remote_message_header *req,
                                 remote_domain_block_stats_args *args,
                                 remote_domain_block_stats_ret *ret)
@@ -777,7 +795,8 @@ remoteDispatchDomainBlockStats (struct q
 }
 
 static int
-remoteDispatchDomainInterfaceStats (struct qemud_client *client,
+remoteDispatchDomainInterfaceStats (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                    struct qemud_client *client,
                                     remote_message_header *req,
                                     remote_domain_interface_stats_args *args,
                                     remote_domain_interface_stats_ret *ret)
@@ -810,7 +829,8 @@ remoteDispatchDomainInterfaceStats (stru
 }
 
 static int
-remoteDispatchDomainAttachDevice (struct qemud_client *client,
+remoteDispatchDomainAttachDevice (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_attach_device_args *args,
                                   void *ret ATTRIBUTE_UNUSED)
@@ -833,7 +853,8 @@ remoteDispatchDomainAttachDevice (struct
 }
 
 static int
-remoteDispatchDomainCreate (struct qemud_client *client,
+remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             remote_domain_create_args *args,
                             void *ret ATTRIBUTE_UNUSED)
@@ -856,7 +877,8 @@ remoteDispatchDomainCreate (struct qemud
 }
 
 static int
-remoteDispatchDomainCreateLinux (struct qemud_client *client,
+remoteDispatchDomainCreateLinux (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                 struct qemud_client *client,
                                  remote_message_header *req,
                                  remote_domain_create_linux_args *args,
                                  remote_domain_create_linux_ret *ret)
@@ -874,7 +896,8 @@ remoteDispatchDomainCreateLinux (struct 
 }
 
 static int
-remoteDispatchDomainDefineXml (struct qemud_client *client,
+remoteDispatchDomainDefineXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client,
                                remote_message_header *req,
                                remote_domain_define_xml_args *args,
                                remote_domain_define_xml_ret *ret)
@@ -892,7 +915,8 @@ remoteDispatchDomainDefineXml (struct qe
 }
 
 static int
-remoteDispatchDomainDestroy (struct qemud_client *client,
+remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_domain_destroy_args *args,
                              void *ret ATTRIBUTE_UNUSED)
@@ -913,7 +937,8 @@ remoteDispatchDomainDestroy (struct qemu
 }
 
 static int
-remoteDispatchDomainDetachDevice (struct qemud_client *client,
+remoteDispatchDomainDetachDevice (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_detach_device_args *args,
                                   void *ret ATTRIBUTE_UNUSED)
@@ -937,7 +962,8 @@ remoteDispatchDomainDetachDevice (struct
 }
 
 static int
-remoteDispatchDomainDumpXml (struct qemud_client *client,
+remoteDispatchDomainDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_domain_dump_xml_args *args,
                              remote_domain_dump_xml_ret *ret)
@@ -962,7 +988,8 @@ remoteDispatchDomainDumpXml (struct qemu
 }
 
 static int
-remoteDispatchDomainGetAutostart (struct qemud_client *client,
+remoteDispatchDomainGetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_get_autostart_args *args,
                                   remote_domain_get_autostart_ret *ret)
@@ -985,7 +1012,8 @@ remoteDispatchDomainGetAutostart (struct
 }
 
 static int
-remoteDispatchDomainGetInfo (struct qemud_client *client,
+remoteDispatchDomainGetInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_domain_get_info_args *args,
                              remote_domain_get_info_ret *ret)
@@ -1017,7 +1045,8 @@ remoteDispatchDomainGetInfo (struct qemu
 }
 
 static int
-remoteDispatchDomainGetMaxMemory (struct qemud_client *client,
+remoteDispatchDomainGetMaxMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_get_max_memory_args *args,
                                   remote_domain_get_max_memory_ret *ret)
@@ -1041,7 +1070,8 @@ remoteDispatchDomainGetMaxMemory (struct
 }
 
 static int
-remoteDispatchDomainGetMaxVcpus (struct qemud_client *client,
+remoteDispatchDomainGetMaxVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                 struct qemud_client *client,
                                  remote_message_header *req,
                                  remote_domain_get_max_vcpus_args *args,
                                  remote_domain_get_max_vcpus_ret *ret)
@@ -1065,7 +1095,8 @@ remoteDispatchDomainGetMaxVcpus (struct 
 }
 
 static int
-remoteDispatchDomainGetOsType (struct qemud_client *client,
+remoteDispatchDomainGetOsType (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client,
                                remote_message_header *req,
                                remote_domain_get_os_type_args *args,
                                remote_domain_get_os_type_ret *ret)
@@ -1090,7 +1121,8 @@ remoteDispatchDomainGetOsType (struct qe
 }
 
 static int
-remoteDispatchDomainGetVcpus (struct qemud_client *client,
+remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_domain_get_vcpus_args *args,
                               remote_domain_get_vcpus_ret *ret)
@@ -1154,7 +1186,8 @@ remoteDispatchDomainGetVcpus (struct qem
 }
 
 static int
-remoteDispatchDomainMigratePrepare (struct qemud_client *client,
+remoteDispatchDomainMigratePrepare (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                    struct qemud_client *client,
                                     remote_message_header *req,
                                     remote_domain_migrate_prepare_args *args,
                                     remote_domain_migrate_prepare_ret *ret)
@@ -1189,7 +1222,8 @@ remoteDispatchDomainMigratePrepare (stru
 }
 
 static int
-remoteDispatchDomainMigratePerform (struct qemud_client *client,
+remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                    struct qemud_client *client,
                                     remote_message_header *req,
                                     remote_domain_migrate_perform_args *args,
                                     void *ret ATTRIBUTE_UNUSED)
@@ -1218,7 +1252,8 @@ remoteDispatchDomainMigratePerform (stru
 }
 
 static int
-remoteDispatchDomainMigrateFinish (struct qemud_client *client,
+remoteDispatchDomainMigrateFinish (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    remote_domain_migrate_finish_args *args,
                                    remote_domain_migrate_finish_ret *ret)
@@ -1239,7 +1274,8 @@ remoteDispatchDomainMigrateFinish (struc
 }
 
 static int
-remoteDispatchListDefinedDomains (struct qemud_client *client,
+remoteDispatchListDefinedDomains (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_list_defined_domains_args *args,
                                   remote_list_defined_domains_ret *ret)
@@ -1264,7 +1300,8 @@ remoteDispatchListDefinedDomains (struct
 }
 
 static int
-remoteDispatchDomainLookupById (struct qemud_client *client,
+remoteDispatchDomainLookupById (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                struct qemud_client *client,
                                 remote_message_header *req,
                                 remote_domain_lookup_by_id_args *args,
                                 remote_domain_lookup_by_id_ret *ret)
@@ -1281,7 +1318,8 @@ remoteDispatchDomainLookupById (struct q
 }
 
 static int
-remoteDispatchDomainLookupByName (struct qemud_client *client,
+remoteDispatchDomainLookupByName (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_lookup_by_name_args *args,
                                   remote_domain_lookup_by_name_ret *ret)
@@ -1298,7 +1336,8 @@ remoteDispatchDomainLookupByName (struct
 }
 
 static int
-remoteDispatchDomainLookupByUuid (struct qemud_client *client,
+remoteDispatchDomainLookupByUuid (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_lookup_by_uuid_args *args,
                                   remote_domain_lookup_by_uuid_ret *ret)
@@ -1315,7 +1354,8 @@ remoteDispatchDomainLookupByUuid (struct
 }
 
 static int
-remoteDispatchNumOfDefinedDomains (struct qemud_client *client,
+remoteDispatchNumOfDefinedDomains (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    void *args ATTRIBUTE_UNUSED,
                                    remote_num_of_defined_domains_ret *ret)
@@ -1329,7 +1369,8 @@ remoteDispatchNumOfDefinedDomains (struc
 }
 
 static int
-remoteDispatchDomainPinVcpu (struct qemud_client *client,
+remoteDispatchDomainPinVcpu (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_domain_pin_vcpu_args *args,
                              void *ret ATTRIBUTE_UNUSED)
@@ -1362,7 +1403,8 @@ remoteDispatchDomainPinVcpu (struct qemu
 }
 
 static int
-remoteDispatchDomainReboot (struct qemud_client *client,
+remoteDispatchDomainReboot (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             remote_domain_reboot_args *args,
                             void *ret ATTRIBUTE_UNUSED)
@@ -1385,7 +1427,8 @@ remoteDispatchDomainReboot (struct qemud
 }
 
 static int
-remoteDispatchDomainRestore (struct qemud_client *client,
+remoteDispatchDomainRestore (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_domain_restore_args *args,
                              void *ret ATTRIBUTE_UNUSED)
@@ -1399,7 +1442,8 @@ remoteDispatchDomainRestore (struct qemu
 }
 
 static int
-remoteDispatchDomainResume (struct qemud_client *client,
+remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             remote_domain_resume_args *args,
                             void *ret ATTRIBUTE_UNUSED)
@@ -1422,7 +1466,8 @@ remoteDispatchDomainResume (struct qemud
 }
 
 static int
-remoteDispatchDomainSave (struct qemud_client *client,
+remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED,
+                          struct qemud_client *client,
                           remote_message_header *req,
                           remote_domain_save_args *args,
                           void *ret ATTRIBUTE_UNUSED)
@@ -1445,7 +1490,8 @@ remoteDispatchDomainSave (struct qemud_c
 }
 
 static int
-remoteDispatchDomainCoreDump (struct qemud_client *client,
+remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_domain_core_dump_args *args,
                               void *ret ATTRIBUTE_UNUSED)
@@ -1468,7 +1514,8 @@ remoteDispatchDomainCoreDump (struct qem
 }
 
 static int
-remoteDispatchDomainSetAutostart (struct qemud_client *client,
+remoteDispatchDomainSetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_set_autostart_args *args,
                                   void *ret ATTRIBUTE_UNUSED)
@@ -1491,7 +1538,8 @@ remoteDispatchDomainSetAutostart (struct
 }
 
 static int
-remoteDispatchDomainSetMaxMemory (struct qemud_client *client,
+remoteDispatchDomainSetMaxMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                  struct qemud_client *client,
                                   remote_message_header *req,
                                   remote_domain_set_max_memory_args *args,
                                   void *ret ATTRIBUTE_UNUSED)
@@ -1514,7 +1562,8 @@ remoteDispatchDomainSetMaxMemory (struct
 }
 
 static int
-remoteDispatchDomainSetMemory (struct qemud_client *client,
+remoteDispatchDomainSetMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client,
                                remote_message_header *req,
                                remote_domain_set_memory_args *args,
                                void *ret ATTRIBUTE_UNUSED)
@@ -1537,7 +1586,8 @@ remoteDispatchDomainSetMemory (struct qe
 }
 
 static int
-remoteDispatchDomainSetVcpus (struct qemud_client *client,
+remoteDispatchDomainSetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_domain_set_vcpus_args *args,
                               void *ret ATTRIBUTE_UNUSED)
@@ -1560,7 +1610,8 @@ remoteDispatchDomainSetVcpus (struct qem
 }
 
 static int
-remoteDispatchDomainShutdown (struct qemud_client *client,
+remoteDispatchDomainShutdown (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_domain_shutdown_args *args,
                               void *ret ATTRIBUTE_UNUSED)
@@ -1583,7 +1634,8 @@ remoteDispatchDomainShutdown (struct qem
 }
 
 static int
-remoteDispatchDomainSuspend (struct qemud_client *client,
+remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_domain_suspend_args *args,
                              void *ret ATTRIBUTE_UNUSED)
@@ -1606,7 +1658,8 @@ remoteDispatchDomainSuspend (struct qemu
 }
 
 static int
-remoteDispatchDomainUndefine (struct qemud_client *client,
+remoteDispatchDomainUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_domain_undefine_args *args,
                               void *ret ATTRIBUTE_UNUSED)
@@ -1629,7 +1682,8 @@ remoteDispatchDomainUndefine (struct qem
 }
 
 static int
-remoteDispatchListDefinedNetworks (struct qemud_client *client,
+remoteDispatchListDefinedNetworks (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    remote_list_defined_networks_args *args,
                                    remote_list_defined_networks_ret *ret)
@@ -1654,7 +1708,8 @@ remoteDispatchListDefinedNetworks (struc
 }
 
 static int
-remoteDispatchListDomains (struct qemud_client *client,
+remoteDispatchListDomains (struct qemud_server *server ATTRIBUTE_UNUSED,
+                           struct qemud_client *client,
                            remote_message_header *req,
                            remote_list_domains_args *args,
                            remote_list_domains_ret *ret)
@@ -1678,7 +1733,8 @@ remoteDispatchListDomains (struct qemud_
 }
 
 static int
-remoteDispatchListNetworks (struct qemud_client *client,
+remoteDispatchListNetworks (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             remote_list_networks_args *args,
                             remote_list_networks_ret *ret)
@@ -1703,7 +1759,8 @@ remoteDispatchListNetworks (struct qemud
 }
 
 static int
-remoteDispatchNetworkCreate (struct qemud_client *client,
+remoteDispatchNetworkCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_network_create_args *args,
                              void *ret ATTRIBUTE_UNUSED)
@@ -1726,7 +1783,8 @@ remoteDispatchNetworkCreate (struct qemu
 }
 
 static int
-remoteDispatchNetworkCreateXml (struct qemud_client *client,
+remoteDispatchNetworkCreateXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                struct qemud_client *client,
                                 remote_message_header *req,
                                 remote_network_create_xml_args *args,
                                 remote_network_create_xml_ret *ret)
@@ -1743,7 +1801,8 @@ remoteDispatchNetworkCreateXml (struct q
 }
 
 static int
-remoteDispatchNetworkDefineXml (struct qemud_client *client,
+remoteDispatchNetworkDefineXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                struct qemud_client *client,
                                 remote_message_header *req,
                                 remote_network_define_xml_args *args,
                                 remote_network_define_xml_ret *ret)
@@ -1760,7 +1819,8 @@ remoteDispatchNetworkDefineXml (struct q
 }
 
 static int
-remoteDispatchNetworkDestroy (struct qemud_client *client,
+remoteDispatchNetworkDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_network_destroy_args *args,
                               void *ret ATTRIBUTE_UNUSED)
@@ -1783,7 +1843,8 @@ remoteDispatchNetworkDestroy (struct qem
 }
 
 static int
-remoteDispatchNetworkDumpXml (struct qemud_client *client,
+remoteDispatchNetworkDumpXml (struct qemud_server *server ATTRIBUTE_UNUSED,
+                              struct qemud_client *client,
                               remote_message_header *req,
                               remote_network_dump_xml_args *args,
                               remote_network_dump_xml_ret *ret)
@@ -1808,7 +1869,8 @@ remoteDispatchNetworkDumpXml (struct qem
 }
 
 static int
-remoteDispatchNetworkGetAutostart (struct qemud_client *client,
+remoteDispatchNetworkGetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    remote_network_get_autostart_args *args,
                                    remote_network_get_autostart_ret *ret)
@@ -1831,7 +1893,8 @@ remoteDispatchNetworkGetAutostart (struc
 }
 
 static int
-remoteDispatchNetworkGetBridgeName (struct qemud_client *client,
+remoteDispatchNetworkGetBridgeName (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                    struct qemud_client *client,
                                     remote_message_header *req,
                                     remote_network_get_bridge_name_args *args,
                                     remote_network_get_bridge_name_ret *ret)
@@ -1856,7 +1919,8 @@ remoteDispatchNetworkGetBridgeName (stru
 }
 
 static int
-remoteDispatchNetworkLookupByName (struct qemud_client *client,
+remoteDispatchNetworkLookupByName (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    remote_network_lookup_by_name_args *args,
                                    remote_network_lookup_by_name_ret *ret)
@@ -1873,7 +1937,8 @@ remoteDispatchNetworkLookupByName (struc
 }
 
 static int
-remoteDispatchNetworkLookupByUuid (struct qemud_client *client,
+remoteDispatchNetworkLookupByUuid (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    remote_network_lookup_by_uuid_args *args,
                                    remote_network_lookup_by_uuid_ret *ret)
@@ -1890,7 +1955,8 @@ remoteDispatchNetworkLookupByUuid (struc
 }
 
 static int
-remoteDispatchNetworkSetAutostart (struct qemud_client *client,
+remoteDispatchNetworkSetAutostart (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client,
                                    remote_message_header *req,
                                    remote_network_set_autostart_args *args,
                                    void *ret ATTRIBUTE_UNUSED)
@@ -1913,7 +1979,8 @@ remoteDispatchNetworkSetAutostart (struc
 }
 
 static int
-remoteDispatchNetworkUndefine (struct qemud_client *client,
+remoteDispatchNetworkUndefine (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client,
                                remote_message_header *req,
                                remote_network_undefine_args *args,
                                void *ret ATTRIBUTE_UNUSED)
@@ -1936,7 +2003,8 @@ remoteDispatchNetworkUndefine (struct qe
 }
 
 static int
-remoteDispatchNumOfDefinedNetworks (struct qemud_client *client,
+remoteDispatchNumOfDefinedNetworks (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                    struct qemud_client *client,
                                     remote_message_header *req,
                                     void *args ATTRIBUTE_UNUSED,
                                     remote_num_of_defined_networks_ret *ret)
@@ -1950,7 +2018,8 @@ remoteDispatchNumOfDefinedNetworks (stru
 }
 
 static int
-remoteDispatchNumOfDomains (struct qemud_client *client,
+remoteDispatchNumOfDomains (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             void *args ATTRIBUTE_UNUSED,
                             remote_num_of_domains_ret *ret)
@@ -1964,7 +2033,8 @@ remoteDispatchNumOfDomains (struct qemud
 }
 
 static int
-remoteDispatchNumOfNetworks (struct qemud_client *client,
+remoteDispatchNumOfNetworks (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              void *args ATTRIBUTE_UNUSED,
                              remote_num_of_networks_ret *ret)
@@ -1979,7 +2049,8 @@ remoteDispatchNumOfNetworks (struct qemu
 
 
 static int
-remoteDispatchAuthList (struct qemud_client *client,
+remoteDispatchAuthList (struct qemud_server *server ATTRIBUTE_UNUSED,
+                        struct qemud_client *client,
                         remote_message_header *req ATTRIBUTE_UNUSED,
                         void *args ATTRIBUTE_UNUSED,
                         remote_auth_list_ret *ret)
@@ -2034,7 +2105,8 @@ static char *addrToString(struct qemud_c
  * XXX callbacks for stuff like password verification ?
  */
 static int
-remoteDispatchAuthSaslInit (struct qemud_client *client,
+remoteDispatchAuthSaslInit (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             void *args ATTRIBUTE_UNUSED,
                             remote_auth_sasl_init_ret *ret)
@@ -2223,11 +2295,67 @@ remoteSASLCheckSSF (struct qemud_client 
     return 0;
 }
 
+static int
+remoteSASLCheckAccess (struct qemud_server *server,
+                       struct qemud_client *client,
+                       remote_message_header *req) {
+    const void *val;
+    int err;
+    char **wildcards;
+
+    err = sasl_getprop(client->saslconn, SASL_USERNAME, &val);
+    if (err != SASL_OK) {
+        qemudLog(QEMUD_ERR, "cannot query SASL username on connection %d (%s)",
+                 err, sasl_errstring(err, NULL, NULL));
+        remoteDispatchFailAuth(client, req);
+        sasl_dispose(&client->saslconn);
+        client->saslconn = NULL;
+        return -1;
+    }
+    if (val == NULL) {
+        qemudLog(QEMUD_ERR, "no client username was found");
+        remoteDispatchFailAuth(client, req);
+        sasl_dispose(&client->saslconn);
+        client->saslconn = NULL;
+        return -1;
+    }
+    REMOTE_DEBUG("SASL client username %s", (const char *)val);
+
+    client->saslUsername = strdup((const char*)val);
+    if (client->saslUsername == NULL) {
+        qemudLog(QEMUD_ERR, "out of memory copying username");
+        remoteDispatchFailAuth(client, req);
+        sasl_dispose(&client->saslconn);
+        client->saslconn = NULL;
+        return -1;
+    }
+
+    /* If the list is not set, allow any DN. */
+    wildcards = server->saslUsernameWhitelist;
+    if (!wildcards)
+        return 0; /* No ACL, allow all */
+
+    while (*wildcards) {
+        if (fnmatch (*wildcards, client->saslUsername, 0) == 0)
+            return 0; /* Allowed */
+        wildcards++;
+    }
+
+    /* Denied */
+    qemudLog(QEMUD_ERR, "SASL client %s not allowed in whitelist", client->saslUsername);
+    remoteDispatchFailAuth(client, req);
+    sasl_dispose(&client->saslconn);
+    client->saslconn = NULL;
+    return -1;
+}
+
+
 /*
  * This starts the SASL authentication negotiation.
  */
 static int
-remoteDispatchAuthSaslStart (struct qemud_client *client,
+remoteDispatchAuthSaslStart (struct qemud_server *server,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_auth_sasl_start_args *args,
                              remote_auth_sasl_start_ret *ret)
@@ -2291,6 +2419,10 @@ remoteDispatchAuthSaslStart (struct qemu
         if (remoteSASLCheckSSF(client, req) < 0)
             return -2;
 
+        /* Check username whitelist ACL */
+        if (remoteSASLCheckAccess(server, client, req) < 0)
+            return -2;
+
         REMOTE_DEBUG("Authentication successful %d", client->fd);
         ret->complete = 1;
         client->auth = REMOTE_AUTH_NONE;
@@ -2301,7 +2433,8 @@ remoteDispatchAuthSaslStart (struct qemu
 
 
 static int
-remoteDispatchAuthSaslStep (struct qemud_client *client,
+remoteDispatchAuthSaslStep (struct qemud_server *server,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             remote_auth_sasl_step_args *args,
                             remote_auth_sasl_step_ret *ret)
@@ -2365,6 +2498,10 @@ remoteDispatchAuthSaslStep (struct qemud
         if (remoteSASLCheckSSF(client, req) < 0)
             return -2;
 
+        /* Check username whitelist ACL */
+        if (remoteSASLCheckAccess(server, client, req) < 0)
+            return -2;
+
         REMOTE_DEBUG("Authentication successful %d", client->fd);
         ret->complete = 1;
         client->auth = REMOTE_AUTH_NONE;
@@ -2376,7 +2513,8 @@ remoteDispatchAuthSaslStep (struct qemud
 
 #else /* HAVE_SASL */
 static int
-remoteDispatchAuthSaslInit (struct qemud_client *client,
+remoteDispatchAuthSaslInit (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             void *args ATTRIBUTE_UNUSED,
                             remote_auth_sasl_init_ret *ret ATTRIBUTE_UNUSED)
@@ -2387,7 +2525,8 @@ remoteDispatchAuthSaslInit (struct qemud
 }
 
 static int
-remoteDispatchAuthSaslStart (struct qemud_client *client,
+remoteDispatchAuthSaslStart (struct qemud_server *server ATTRIBUTE_UNUSED,
+                             struct qemud_client *client,
                              remote_message_header *req,
                              remote_auth_sasl_start_args *args ATTRIBUTE_UNUSED,
                              remote_auth_sasl_start_ret *ret ATTRIBUTE_UNUSED)
@@ -2398,7 +2537,8 @@ remoteDispatchAuthSaslStart (struct qemu
 }
 
 static int
-remoteDispatchAuthSaslStep (struct qemud_client *client,
+remoteDispatchAuthSaslStep (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client,
                             remote_message_header *req,
                             remote_auth_sasl_step_args *args ATTRIBUTE_UNUSED,
                             remote_auth_sasl_step_ret *ret ATTRIBUTE_UNUSED)
diff -r f28fe18bd7f5 qemud/remote_dispatch_prototypes.h
--- a/qemud/remote_dispatch_prototypes.h	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/remote_dispatch_prototypes.h	Thu Nov 29 09:51:32 2007 -0500
@@ -2,72 +2,72 @@
  * Do not edit this file.  Any changes you make will be lost.
  */
 
-static int remoteDispatchAuthList (struct qemud_client *client, remote_message_header *req, void *args, remote_auth_list_ret *ret);
-static int remoteDispatchAuthSaslInit (struct qemud_client *client, remote_message_header *req, void *args, remote_auth_sasl_init_ret *ret);
-static int remoteDispatchAuthSaslStart (struct qemud_client *client, remote_message_header *req, remote_auth_sasl_start_args *args, remote_auth_sasl_start_ret *ret);
-static int remoteDispatchAuthSaslStep (struct qemud_client *client, remote_message_header *req, remote_auth_sasl_step_args *args, remote_auth_sasl_step_ret *ret);
-static int remoteDispatchClose (struct qemud_client *client, remote_message_header *req, void *args, void *ret);
-static int remoteDispatchDomainAttachDevice (struct qemud_client *client, remote_message_header *req, remote_domain_attach_device_args *args, void *ret);
-static int remoteDispatchDomainBlockStats (struct qemud_client *client, remote_message_header *req, remote_domain_block_stats_args *args, remote_domain_block_stats_ret *ret);
-static int remoteDispatchDomainCoreDump (struct qemud_client *client, remote_message_header *req, remote_domain_core_dump_args *args, void *ret);
-static int remoteDispatchDomainCreate (struct qemud_client *client, remote_message_header *req, remote_domain_create_args *args, void *ret);
-static int remoteDispatchDomainCreateLinux (struct qemud_client *client, remote_message_header *req, remote_domain_create_linux_args *args, remote_domain_create_linux_ret *ret);
-static int remoteDispatchDomainDefineXml (struct qemud_client *client, remote_message_header *req, remote_domain_define_xml_args *args, remote_domain_define_xml_ret *ret);
-static int remoteDispatchDomainDestroy (struct qemud_client *client, remote_message_header *req, remote_domain_destroy_args *args, void *ret);
-static int remoteDispatchDomainDetachDevice (struct qemud_client *client, remote_message_header *req, remote_domain_detach_device_args *args, void *ret);
-static int remoteDispatchDomainDumpXml (struct qemud_client *client, remote_message_header *req, remote_domain_dump_xml_args *args, remote_domain_dump_xml_ret *ret);
-static int remoteDispatchDomainGetAutostart (struct qemud_client *client, remote_message_header *req, remote_domain_get_autostart_args *args, remote_domain_get_autostart_ret *ret);
-static int remoteDispatchDomainGetInfo (struct qemud_client *client, remote_message_header *req, remote_domain_get_info_args *args, remote_domain_get_info_ret *ret);
-static int remoteDispatchDomainGetMaxMemory (struct qemud_client *client, remote_message_header *req, remote_domain_get_max_memory_args *args, remote_domain_get_max_memory_ret *ret);
-static int remoteDispatchDomainGetMaxVcpus (struct qemud_client *client, remote_message_header *req, remote_domain_get_max_vcpus_args *args, remote_domain_get_max_vcpus_ret *ret);
-static int remoteDispatchDomainGetOsType (struct qemud_client *client, remote_message_header *req, remote_domain_get_os_type_args *args, remote_domain_get_os_type_ret *ret);
-static int remoteDispatchDomainGetSchedulerParameters (struct qemud_client *client, remote_message_header *req, remote_domain_get_scheduler_parameters_args *args, remote_domain_get_scheduler_parameters_ret *ret);
-static int remoteDispatchDomainGetSchedulerType (struct qemud_client *client, remote_message_header *req, remote_domain_get_scheduler_type_args *args, remote_domain_get_scheduler_type_ret *ret);
-static int remoteDispatchDomainGetVcpus (struct qemud_client *client, remote_message_header *req, remote_domain_get_vcpus_args *args, remote_domain_get_vcpus_ret *ret);
-static int remoteDispatchDomainInterfaceStats (struct qemud_client *client, remote_message_header *req, remote_domain_interface_stats_args *args, remote_domain_interface_stats_ret *ret);
-static int remoteDispatchDomainLookupById (struct qemud_client *client, remote_message_header *req, remote_domain_lookup_by_id_args *args, remote_domain_lookup_by_id_ret *ret);
-static int remoteDispatchDomainLookupByName (struct qemud_client *client, remote_message_header *req, remote_domain_lookup_by_name_args *args, remote_domain_lookup_by_name_ret *ret);
-static int remoteDispatchDomainLookupByUuid (struct qemud_client *client, remote_message_header *req, remote_domain_lookup_by_uuid_args *args, remote_domain_lookup_by_uuid_ret *ret);
-static int remoteDispatchDomainMigrateFinish (struct qemud_client *client, remote_message_header *req, remote_domain_migrate_finish_args *args, remote_domain_migrate_finish_ret *ret);
-static int remoteDispatchDomainMigratePerform (struct qemud_client *client, remote_message_header *req, remote_domain_migrate_perform_args *args, void *ret);
-static int remoteDispatchDomainMigratePrepare (struct qemud_client *client, remote_message_header *req, remote_domain_migrate_prepare_args *args, remote_domain_migrate_prepare_ret *ret);
-static int remoteDispatchDomainPinVcpu (struct qemud_client *client, remote_message_header *req, remote_domain_pin_vcpu_args *args, void *ret);
-static int remoteDispatchDomainReboot (struct qemud_client *client, remote_message_header *req, remote_domain_reboot_args *args, void *ret);
-static int remoteDispatchDomainRestore (struct qemud_client *client, remote_message_header *req, remote_domain_restore_args *args, void *ret);
-static int remoteDispatchDomainResume (struct qemud_client *client, remote_message_header *req, remote_domain_resume_args *args, void *ret);
-static int remoteDispatchDomainSave (struct qemud_client *client, remote_message_header *req, remote_domain_save_args *args, void *ret);
-static int remoteDispatchDomainSetAutostart (struct qemud_client *client, remote_message_header *req, remote_domain_set_autostart_args *args, void *ret);
-static int remoteDispatchDomainSetMaxMemory (struct qemud_client *client, remote_message_header *req, remote_domain_set_max_memory_args *args, void *ret);
-static int remoteDispatchDomainSetMemory (struct qemud_client *client, remote_message_header *req, remote_domain_set_memory_args *args, void *ret);
-static int remoteDispatchDomainSetSchedulerParameters (struct qemud_client *client, remote_message_header *req, remote_domain_set_scheduler_parameters_args *args, void *ret);
-static int remoteDispatchDomainSetVcpus (struct qemud_client *client, remote_message_header *req, remote_domain_set_vcpus_args *args, void *ret);
-static int remoteDispatchDomainShutdown (struct qemud_client *client, remote_message_header *req, remote_domain_shutdown_args *args, void *ret);
-static int remoteDispatchDomainSuspend (struct qemud_client *client, remote_message_header *req, remote_domain_suspend_args *args, void *ret);
-static int remoteDispatchDomainUndefine (struct qemud_client *client, remote_message_header *req, remote_domain_undefine_args *args, void *ret);
-static int remoteDispatchGetCapabilities (struct qemud_client *client, remote_message_header *req, void *args, remote_get_capabilities_ret *ret);
-static int remoteDispatchGetHostname (struct qemud_client *client, remote_message_header *req, void *args, remote_get_hostname_ret *ret);
-static int remoteDispatchGetMaxVcpus (struct qemud_client *client, remote_message_header *req, remote_get_max_vcpus_args *args, remote_get_max_vcpus_ret *ret);
-static int remoteDispatchGetType (struct qemud_client *client, remote_message_header *req, void *args, remote_get_type_ret *ret);
-static int remoteDispatchGetVersion (struct qemud_client *client, remote_message_header *req, void *args, remote_get_version_ret *ret);
-static int remoteDispatchListDefinedDomains (struct qemud_client *client, remote_message_header *req, remote_list_defined_domains_args *args, remote_list_defined_domains_ret *ret);
-static int remoteDispatchListDefinedNetworks (struct qemud_client *client, remote_message_header *req, remote_list_defined_networks_args *args, remote_list_defined_networks_ret *ret);
-static int remoteDispatchListDomains (struct qemud_client *client, remote_message_header *req, remote_list_domains_args *args, remote_list_domains_ret *ret);
-static int remoteDispatchListNetworks (struct qemud_client *client, remote_message_header *req, remote_list_networks_args *args, remote_list_networks_ret *ret);
-static int remoteDispatchNetworkCreate (struct qemud_client *client, remote_message_header *req, remote_network_create_args *args, void *ret);
-static int remoteDispatchNetworkCreateXml (struct qemud_client *client, remote_message_header *req, remote_network_create_xml_args *args, remote_network_create_xml_ret *ret);
-static int remoteDispatchNetworkDefineXml (struct qemud_client *client, remote_message_header *req, remote_network_define_xml_args *args, remote_network_define_xml_ret *ret);
-static int remoteDispatchNetworkDestroy (struct qemud_client *client, remote_message_header *req, remote_network_destroy_args *args, void *ret);
-static int remoteDispatchNetworkDumpXml (struct qemud_client *client, remote_message_header *req, remote_network_dump_xml_args *args, remote_network_dump_xml_ret *ret);
-static int remoteDispatchNetworkGetAutostart (struct qemud_client *client, remote_message_header *req, remote_network_get_autostart_args *args, remote_network_get_autostart_ret *ret);
-static int remoteDispatchNetworkGetBridgeName (struct qemud_client *client, remote_message_header *req, remote_network_get_bridge_name_args *args, remote_network_get_bridge_name_ret *ret);
-static int remoteDispatchNetworkLookupByName (struct qemud_client *client, remote_message_header *req, remote_network_lookup_by_name_args *args, remote_network_lookup_by_name_ret *ret);
-static int remoteDispatchNetworkLookupByUuid (struct qemud_client *client, remote_message_header *req, remote_network_lookup_by_uuid_args *args, remote_network_lookup_by_uuid_ret *ret);
-static int remoteDispatchNetworkSetAutostart (struct qemud_client *client, remote_message_header *req, remote_network_set_autostart_args *args, void *ret);
-static int remoteDispatchNetworkUndefine (struct qemud_client *client, remote_message_header *req, remote_network_undefine_args *args, void *ret);
-static int remoteDispatchNodeGetInfo (struct qemud_client *client, remote_message_header *req, void *args, remote_node_get_info_ret *ret);
-static int remoteDispatchNumOfDefinedDomains (struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_defined_domains_ret *ret);
-static int remoteDispatchNumOfDefinedNetworks (struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_defined_networks_ret *ret);
-static int remoteDispatchNumOfDomains (struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_domains_ret *ret);
-static int remoteDispatchNumOfNetworks (struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_networks_ret *ret);
-static int remoteDispatchOpen (struct qemud_client *client, remote_message_header *req, remote_open_args *args, void *ret);
-static int remoteDispatchSupportsFeature (struct qemud_client *client, remote_message_header *req, remote_supports_feature_args *args, remote_supports_feature_ret *ret);
+static int remoteDispatchAuthList (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_auth_list_ret *ret);
+static int remoteDispatchAuthSaslInit (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_auth_sasl_init_ret *ret);
+static int remoteDispatchAuthSaslStart (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_auth_sasl_start_args *args, remote_auth_sasl_start_ret *ret);
+static int remoteDispatchAuthSaslStep (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_auth_sasl_step_args *args, remote_auth_sasl_step_ret *ret);
+static int remoteDispatchClose (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, void *ret);
+static int remoteDispatchDomainAttachDevice (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_attach_device_args *args, void *ret);
+static int remoteDispatchDomainBlockStats (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_block_stats_args *args, remote_domain_block_stats_ret *ret);
+static int remoteDispatchDomainCoreDump (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_core_dump_args *args, void *ret);
+static int remoteDispatchDomainCreate (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_create_args *args, void *ret);
+static int remoteDispatchDomainCreateLinux (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_create_linux_args *args, remote_domain_create_linux_ret *ret);
+static int remoteDispatchDomainDefineXml (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_define_xml_args *args, remote_domain_define_xml_ret *ret);
+static int remoteDispatchDomainDestroy (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_destroy_args *args, void *ret);
+static int remoteDispatchDomainDetachDevice (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_detach_device_args *args, void *ret);
+static int remoteDispatchDomainDumpXml (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_dump_xml_args *args, remote_domain_dump_xml_ret *ret);
+static int remoteDispatchDomainGetAutostart (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_autostart_args *args, remote_domain_get_autostart_ret *ret);
+static int remoteDispatchDomainGetInfo (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_info_args *args, remote_domain_get_info_ret *ret);
+static int remoteDispatchDomainGetMaxMemory (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_max_memory_args *args, remote_domain_get_max_memory_ret *ret);
+static int remoteDispatchDomainGetMaxVcpus (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_max_vcpus_args *args, remote_domain_get_max_vcpus_ret *ret);
+static int remoteDispatchDomainGetOsType (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_os_type_args *args, remote_domain_get_os_type_ret *ret);
+static int remoteDispatchDomainGetSchedulerParameters (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_scheduler_parameters_args *args, remote_domain_get_scheduler_parameters_ret *ret);
+static int remoteDispatchDomainGetSchedulerType (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_scheduler_type_args *args, remote_domain_get_scheduler_type_ret *ret);
+static int remoteDispatchDomainGetVcpus (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_get_vcpus_args *args, remote_domain_get_vcpus_ret *ret);
+static int remoteDispatchDomainInterfaceStats (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_interface_stats_args *args, remote_domain_interface_stats_ret *ret);
+static int remoteDispatchDomainLookupById (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_lookup_by_id_args *args, remote_domain_lookup_by_id_ret *ret);
+static int remoteDispatchDomainLookupByName (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_lookup_by_name_args *args, remote_domain_lookup_by_name_ret *ret);
+static int remoteDispatchDomainLookupByUuid (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_lookup_by_uuid_args *args, remote_domain_lookup_by_uuid_ret *ret);
+static int remoteDispatchDomainMigrateFinish (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_migrate_finish_args *args, remote_domain_migrate_finish_ret *ret);
+static int remoteDispatchDomainMigratePerform (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_migrate_perform_args *args, void *ret);
+static int remoteDispatchDomainMigratePrepare (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_migrate_prepare_args *args, remote_domain_migrate_prepare_ret *ret);
+static int remoteDispatchDomainPinVcpu (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_pin_vcpu_args *args, void *ret);
+static int remoteDispatchDomainReboot (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_reboot_args *args, void *ret);
+static int remoteDispatchDomainRestore (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_restore_args *args, void *ret);
+static int remoteDispatchDomainResume (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_resume_args *args, void *ret);
+static int remoteDispatchDomainSave (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_save_args *args, void *ret);
+static int remoteDispatchDomainSetAutostart (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_set_autostart_args *args, void *ret);
+static int remoteDispatchDomainSetMaxMemory (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_set_max_memory_args *args, void *ret);
+static int remoteDispatchDomainSetMemory (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_set_memory_args *args, void *ret);
+static int remoteDispatchDomainSetSchedulerParameters (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_set_scheduler_parameters_args *args, void *ret);
+static int remoteDispatchDomainSetVcpus (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_set_vcpus_args *args, void *ret);
+static int remoteDispatchDomainShutdown (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_shutdown_args *args, void *ret);
+static int remoteDispatchDomainSuspend (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_suspend_args *args, void *ret);
+static int remoteDispatchDomainUndefine (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_domain_undefine_args *args, void *ret);
+static int remoteDispatchGetCapabilities (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_get_capabilities_ret *ret);
+static int remoteDispatchGetHostname (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_get_hostname_ret *ret);
+static int remoteDispatchGetMaxVcpus (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_get_max_vcpus_args *args, remote_get_max_vcpus_ret *ret);
+static int remoteDispatchGetType (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_get_type_ret *ret);
+static int remoteDispatchGetVersion (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_get_version_ret *ret);
+static int remoteDispatchListDefinedDomains (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_list_defined_domains_args *args, remote_list_defined_domains_ret *ret);
+static int remoteDispatchListDefinedNetworks (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_list_defined_networks_args *args, remote_list_defined_networks_ret *ret);
+static int remoteDispatchListDomains (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_list_domains_args *args, remote_list_domains_ret *ret);
+static int remoteDispatchListNetworks (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_list_networks_args *args, remote_list_networks_ret *ret);
+static int remoteDispatchNetworkCreate (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_create_args *args, void *ret);
+static int remoteDispatchNetworkCreateXml (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_create_xml_args *args, remote_network_create_xml_ret *ret);
+static int remoteDispatchNetworkDefineXml (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_define_xml_args *args, remote_network_define_xml_ret *ret);
+static int remoteDispatchNetworkDestroy (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_destroy_args *args, void *ret);
+static int remoteDispatchNetworkDumpXml (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_dump_xml_args *args, remote_network_dump_xml_ret *ret);
+static int remoteDispatchNetworkGetAutostart (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_get_autostart_args *args, remote_network_get_autostart_ret *ret);
+static int remoteDispatchNetworkGetBridgeName (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_get_bridge_name_args *args, remote_network_get_bridge_name_ret *ret);
+static int remoteDispatchNetworkLookupByName (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_lookup_by_name_args *args, remote_network_lookup_by_name_ret *ret);
+static int remoteDispatchNetworkLookupByUuid (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_lookup_by_uuid_args *args, remote_network_lookup_by_uuid_ret *ret);
+static int remoteDispatchNetworkSetAutostart (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_set_autostart_args *args, void *ret);
+static int remoteDispatchNetworkUndefine (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_network_undefine_args *args, void *ret);
+static int remoteDispatchNodeGetInfo (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_node_get_info_ret *ret);
+static int remoteDispatchNumOfDefinedDomains (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_defined_domains_ret *ret);
+static int remoteDispatchNumOfDefinedNetworks (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_defined_networks_ret *ret);
+static int remoteDispatchNumOfDomains (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_domains_ret *ret);
+static int remoteDispatchNumOfNetworks (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, void *args, remote_num_of_networks_ret *ret);
+static int remoteDispatchOpen (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_open_args *args, void *ret);
+static int remoteDispatchSupportsFeature (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, remote_supports_feature_args *args, remote_supports_feature_ret *ret);
diff -r f28fe18bd7f5 qemud/remote_generate_stubs.pl
--- a/qemud/remote_generate_stubs.pl	Thu Nov 29 09:47:39 2007 -0500
+++ b/qemud/remote_generate_stubs.pl	Thu Nov 29 09:51:32 2007 -0500
@@ -93,7 +93,7 @@ elsif ($opt_i) {
 elsif ($opt_i) {
     my @keys = sort (keys %calls);
     foreach (@keys) {
-	print "static int remoteDispatch$calls{$_}->{ProcName} (struct qemud_client *client, remote_message_header *req, $calls{$_}->{args} *args, $calls{$_}->{ret} *ret);\n";
+	print "static int remoteDispatch$calls{$_}->{ProcName} (struct qemud_server *server, struct qemud_client *client, remote_message_header *req, $calls{$_}->{args} *args, $calls{$_}->{ret} *ret);\n";
     }
 }
 
@@ -196,7 +196,8 @@ elsif ($opt_s) {
 	my $retvoid = $ret eq "void";
 
 	print "static int\n";
-	print "remoteDispatch$calls{$_}->{ProcName} (struct qemud_client *client,\n";
+	print "remoteDispatch$calls{$_}->{ProcName} (struct qemud_server *server,\n";
+	print "            struct qemud_client *client,\n";
 	print "            remote_message_header *req,\n";
 	print "            remote_get_max_vcpus_args *args,\n";
 	print "            remote_get_max_vcpus_ret *ret)\n";

-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]