[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 05/15] Generic module for handling SASL authentication & encryption



On 12/16/2010 04:21 AM, Daniel P. Berrange wrote:
> This provides two modules for handling SASL
> 
>  * virNetSASLContext provides the process-wide state, currently
>    just a whitelist of usernames on the server and a one time
>    library init call
> 
>  * virNetTLSSession provides the per-connection state, ie the
>    SASL session itself. This also include APIs for providing
>    data encryption/decryption once the session is established
> 
> * src/Makefile.am: Add to libvirt-net-rpc.la
> * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
>   SASL handling code
> ---
>  po/POTFILES.in              |    1 +
>  src/Makefile.am             |    3 +
>  src/rpc/virnetsaslcontext.c |  525 +++++++++++++++++++++++++++++++++++++++++++
>  src/rpc/virnetsaslcontext.h |  125 ++++++++++
>  4 files changed, 654 insertions(+), 0 deletions(-)
>  create mode 100644 src/rpc/virnetsaslcontext.c
>  create mode 100644 src/rpc/virnetsaslcontext.h

Several patches need to modify the cfg.mk lists of free-like functions
and/or message functions that require translated parameters.  For example

2/15 - virNetMessageFree, virNetError
3/15 - virNetSocketFree
4/15 - virNetTLSContextFree, virNetTLSSessionFree
5/15 - virNetSASLContextFree, virNetSASLSessionFree

and probably others later in the series as well (I just noticed the
issue, so I won't report it in the other patches).

> +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
> +                                   const char *identity)
> +{
> +    const char *const*wildcards;
> +
> +    /* If the list is not set, allow any DN. */
> +    wildcards = ctxt->usernameWhitelist;
> +    if (!wildcards)
> +        return 1; /* No ACL, allow all */
> +
> +    while (*wildcards) {
> +        if (fnmatch (*wildcards, identity, 0) == 0)
> +            return 1; /* Allowed */

Same comment about returning -1 as in 4/15 if fnmatch returns failure
rather than no match, such as for ill-formed wildcard.

> +int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
> +                                      int ssf)

Wonky indentation.

> +
> +int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
> +                              int minSSF,
> +                              int maxSSF,
> +                              bool allowAnonymous)
> +{
> +    sasl_security_properties_t secprops;
> +    int err;
> +
> +    memset (&secprops, 0, sizeof secprops);
> +
> +    secprops.min_ssf = minSSF;
> +    secprops.max_ssf = maxSSF;
> +    secprops.maxbufsize = 100000;

How was this arbitrary number picked?  Should it be larger, to
accommodate REMOTE_MESSAGE_MAX (262144)?

> +int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,

> +    default:
> +        VIR_DEBUG("Foo %s", sasl_errdetail(sasl->conn));

Interesting debug message; should "Foo" have been something more legible?

> +ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
> +                                const char *input,
> +                                size_t inputLen,
> +                                const char **output,
> +                                size_t *outputlen)
> +{
> +    unsigned inlen = inputLen;

Should you check and fail if ((unsigned)inputLen != inputLen), since
sasl_* (unlike gnutls_*) used int rather than size_t as the maximum
transaction size?  Or are we assuming that libvirt will never try to
exceed a transaction size of REMOTE_MESSAGE_MAX in the first place, so
we don't have to worry about the 2GB limit being abused?

> +ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
> +                                const char *input,
> +                                size_t inputLen,
> +                                const char **output,
> +                                size_t *outputlen)
> +{
> +    unsigned inlen = inputLen;

Likewise.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]