[libvirt] [PATCH] daemon: Don't initialize SASL context if not necessary
Peter Krempa
pkrempa at redhat.com
Fri Jun 2 12:10:25 UTC 2017
SASL context would be initialized even if the corresponding TCP or TLS
sockets are not enabled.
fe772f24a68 attempted to fix the symptom by commenting out the settings,
but that did not fix the root cause. 3c647ee4bbb later reverted those
changes so that the more secure algorithm is used.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450095
---
daemon/libvirtd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 891238bcb..4a242e3e5 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -613,11 +613,11 @@ daemonSetupNetworking(virNetServerPtr srv,
#if WITH_SASL
if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
- config->auth_unix_ro == REMOTE_AUTH_SASL ||
+ (sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) ||
# if WITH_GNUTLS
- config->auth_tls == REMOTE_AUTH_SASL ||
+ (config->listen_tls && config->auth_tls == REMOTE_AUTH_SASL) ||
# endif
- config->auth_tcp == REMOTE_AUTH_SASL) {
+ (config->listen_tcp && config->auth_tcp == REMOTE_AUTH_SASL)) {
saslCtxt = virNetSASLContextNewServer(
(const char *const*)config->sasl_allowed_username_list);
if (!saslCtxt)
--
2.12.2
More information about the libvir-list
mailing list