[libvirt] [PATCH 05/12] Generic module for handling SASL authentication & encryption

Mon Mar 21 22:57:52 UTC 2011

On 03/18/2011 12:54 PM, Daniel P. Berrange wrote:
> This provides two modules for handling SASL
> 
>  * virNetSASLContext provides the process-wide state, currently
>    just a whitelist of usernames on the server and a one time
>    library init call
> 
>  * virNetTLSSession provides the per-connection state, ie the
>    SASL session itself. This also include APIs for providing
>    data encryption/decryption once the session is established
> 
> * src/Makefile.am: Add to libvirt-net-rpc.la
> * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
>   SASL handling code
> ---
>  cfg.mk                      |    2 +
>  po/POTFILES.in              |    1 +
>  src/Makefile.am             |    9 +
>  src/rpc/virnetsaslcontext.c |  599 +++++++++++++++++++++++++++++++++++++++++++
>  src/rpc/virnetsaslcontext.h |  120 +++++++++
>  5 files changed, 731 insertions(+), 0 deletions(-)
>  create mode 100644 src/rpc/virnetsaslcontext.c
>  create mode 100644 src/rpc/virnetsaslcontext.h

Definitely improved over the first time I reviewed this:
http://www.redhat.com/archives/libvir-list/2010-December/msg00677.html

> +virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
> +                                                const char *service,
> +                                                const char *hostname,
> +                                                const char *localAddr,
> +                                                const char *remoteAddr,
> +                                                const sasl_callback_t *cbs)
> +{
> +    virNetSASLSessionPtr sasl = NULL;
> +    int err;
> +
> +    if (VIR_ALLOC(sasl) < 0) {
> +        virReportOOMError();
> +        goto cleanup;
> +    }
> +
> +    sasl->refs = 1;
> +    /* Arbitrary size for amount of data we can encode in a single block */
> +    sasl->maxbufsize = 1 << 16;

> +virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
> +                                                const char *service,
> +                                                const char *localAddr,
> +                                                const char *remoteAddr)
> +{
> +    virNetSASLSessionPtr sasl = NULL;
> +    int err;
> +
> +    if (VIR_ALLOC(sasl) < 0) {
> +        virReportOOMError();
> +        goto cleanup;
> +    }
> +
> +    sasl->refs = 1;
> +    /* Arbitrary size for amount of data we can encode in a single block */
> +    sasl->maxbufsize = 1 << 16;

Should these two values be a single #define (or enum) earlier in the
file, so that they change in lock-step if we ever have reason to pick a
different value?

> +
> +#ifndef __VIR_NET_CLIENT_SASL_CONTEXT_H__
> +# define __VIR_NET_CLIENT_SASL_CONTEXT_H__
> +
> +# include <sasl/sasl.h>
> +
> +# include <stdbool.h>

<stdbool.h> is redundant with earlier inclusion of "internal.h".  You
fixed this in some of your patch series, but not all.

> +
> +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
> +                                   const char *identity);

ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK

Likewise for marking up other functions in this header.

ACK with those nits addressed.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110321/d50ba3e5/attachment-0001.sig>