[libvirt] [PATCH 05/12] Generic module for handling SASL authentication & encryption
Eric Blake
eblake at redhat.com
Mon Mar 21 22:57:52 UTC 2011
On 03/18/2011 12:54 PM, Daniel P. Berrange wrote:
> This provides two modules for handling SASL
>
> * virNetSASLContext provides the process-wide state, currently
> just a whitelist of usernames on the server and a one time
> library init call
>
> * virNetTLSSession provides the per-connection state, ie the
> SASL session itself. This also include APIs for providing
> data encryption/decryption once the session is established
>
> * src/Makefile.am: Add to libvirt-net-rpc.la
> * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
> SASL handling code
> ---
> cfg.mk | 2 +
> po/POTFILES.in | 1 +
> src/Makefile.am | 9 +
> src/rpc/virnetsaslcontext.c | 599 +++++++++++++++++++++++++++++++++++++++++++
> src/rpc/virnetsaslcontext.h | 120 +++++++++
> 5 files changed, 731 insertions(+), 0 deletions(-)
> create mode 100644 src/rpc/virnetsaslcontext.c
> create mode 100644 src/rpc/virnetsaslcontext.h
Definitely improved over the first time I reviewed this:
http://www.redhat.com/archives/libvir-list/2010-December/msg00677.html
> +virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
> + const char *service,
> + const char *hostname,
> + const char *localAddr,
> + const char *remoteAddr,
> + const sasl_callback_t *cbs)
> +{
> + virNetSASLSessionPtr sasl = NULL;
> + int err;
> +
> + if (VIR_ALLOC(sasl) < 0) {
> + virReportOOMError();
> + goto cleanup;
> + }
> +
> + sasl->refs = 1;
> + /* Arbitrary size for amount of data we can encode in a single block */
> + sasl->maxbufsize = 1 << 16;
> +virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
> + const char *service,
> + const char *localAddr,
> + const char *remoteAddr)
> +{
> + virNetSASLSessionPtr sasl = NULL;
> + int err;
> +
> + if (VIR_ALLOC(sasl) < 0) {
> + virReportOOMError();
> + goto cleanup;
> + }
> +
> + sasl->refs = 1;
> + /* Arbitrary size for amount of data we can encode in a single block */
> + sasl->maxbufsize = 1 << 16;
Should these two values be a single #define (or enum) earlier in the
file, so that they change in lock-step if we ever have reason to pick a
different value?
> +
> +#ifndef __VIR_NET_CLIENT_SASL_CONTEXT_H__
> +# define __VIR_NET_CLIENT_SASL_CONTEXT_H__
> +
> +# include <sasl/sasl.h>
> +
> +# include <stdbool.h>
<stdbool.h> is redundant with earlier inclusion of "internal.h". You
fixed this in some of your patch series, but not all.
> +
> +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
> + const char *identity);
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK
Likewise for marking up other functions in this header.
ACK with those nits addressed.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110321/d50ba3e5/attachment-0001.sig>
More information about the libvir-list
mailing list