[libvirt] [PATCH v2 14/14] remote: add locking around the critical section in remoteSASLFinish
Marc Hartmayer
mhartmay at linux.vnet.ibm.com
Thu Dec 21 14:29:09 UTC 2017
...as there is an access to priv->sasl the priv->lock is needed.
Signed-off-by: Marc Hartmayer <mhartmay at linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk at linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy at linux.vnet.ibm.com>
---
daemon/remote.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index b6fe6d8539ff..81d570b6e269 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3389,6 +3389,9 @@ remoteSASLFinish(virNetServerPtr server,
const char *identity;
struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client);
int ssf;
+ int rv = 0;
+
+ virMutexLock(&priv->lock);
/* TLS or UNIX domain sockets trivially OK */
if (!virNetServerClientIsSecure(client)) {
@@ -3398,15 +3401,15 @@ remoteSASLFinish(virNetServerPtr server,
VIR_DEBUG("negotiated an SSF of %d", ssf);
if (ssf < 56) { /* 56 is good for Kerberos */
VIR_ERROR(_("negotiated SSF %d was not strong enough"), ssf);
- return -2;
+ goto rejected;
}
}
if (!(identity = virNetSASLSessionGetIdentity(priv->sasl)))
- return -2;
+ goto rejected;
if (!virNetSASLContextCheckIdentity(saslCtxt, identity))
- return -2;
+ goto rejected;
if (!(clnt_identity = virNetServerClientGetIdentity(client)))
goto error;
@@ -3425,10 +3428,17 @@ remoteSASLFinish(virNetServerPtr server,
virObjectUnref(priv->sasl);
priv->sasl = NULL;
- return 0;
+ cleanup:
+ virMutexUnlock(&priv->lock);
+ return rv;
error:
- return -1;
+ rv = -1;
+ goto cleanup;
+
+ rejected:
+ rv = -2;
+ goto cleanup;
}
/*
--
2.13.4
More information about the libvir-list
mailing list