[libvirt] [PATCH] daemon: Don't initialize SASL context if not necessary
Peter Krempa
pkrempa at redhat.com
Fri Jun 2 12:33:20 UTC 2017
On Fri, Jun 02, 2017 at 13:28:31 +0100, Daniel Berrange wrote:
> On Fri, Jun 02, 2017 at 02:10:25PM +0200, Peter Krempa wrote:
> > SASL context would be initialized even if the corresponding TCP or TLS
> > sockets are not enabled.
> >
> > fe772f24a68 attempted to fix the symptom by commenting out the settings,
> > but that did not fix the root cause. 3c647ee4bbb later reverted those
> > changes so that the more secure algorithm is used.
> >
> > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450095
> > ---
> > daemon/libvirtd.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> > index 891238bcb..4a242e3e5 100644
> > --- a/daemon/libvirtd.c
> > +++ b/daemon/libvirtd.c
> > @@ -613,11 +613,11 @@ daemonSetupNetworking(virNetServerPtr srv,
> >
> > #if WITH_SASL
> > if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
> > - config->auth_unix_ro == REMOTE_AUTH_SASL ||
> > + (sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) ||
> > # if WITH_GNUTLS
> > - config->auth_tls == REMOTE_AUTH_SASL ||
> > + (config->listen_tls && config->auth_tls == REMOTE_AUTH_SASL) ||
> > # endif
> > - config->auth_tcp == REMOTE_AUTH_SASL) {
> > + (config->listen_tcp && config->auth_tcp == REMOTE_AUTH_SASL)) {
> > saslCtxt = virNetSASLContextNewServer(
> > (const char *const*)config->sasl_allowed_username_list);
> > if (!saslCtxt)
>
> I think you need to check 'ipsock' too, since listen_tls defaults
> to 1, but is not used unless --listen is set.
Yes, I've just tested that option (after sending this obviously) and
came to the same conclusion.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170602/fc78cf15/attachment-0001.sig>
More information about the libvir-list
mailing list