[libvirt PATCH 02/23] rpc: remove use of the term 'whitelist' from RPC code
Daniel P. Berrangé
berrange at redhat.com
Fri Jun 19 09:32:39 UTC 2020
The term "access control list" better describes the concept involved.
Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
docs/internals/rpc.html.in | 9 ++++----
src/remote/libvirtd.conf.in | 6 +++---
src/remote/remote_daemon_dispatch.c | 4 ++--
src/rpc/virnetsaslcontext.c | 10 ++++-----
src/rpc/virnetsaslcontext.h | 2 +-
src/rpc/virnettlscontext.c | 32 ++++++++++++++---------------
src/rpc/virnettlscontext.h | 4 ++--
tests/virconfdata/libvirtd.conf | 6 +++---
tests/virconfdata/libvirtd.out | 6 +++---
9 files changed, 40 insertions(+), 39 deletions(-)
diff --git a/docs/internals/rpc.html.in b/docs/internals/rpc.html.in
index 40d844f31c..129945bf1c 100644
--- a/docs/internals/rpc.html.in
+++ b/docs/internals/rpc.html.in
@@ -447,7 +447,8 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
<dt><code>virNetSASLContextPtr</code> (virnetsaslcontext.h)</dt>
<dd>The virNetSASLContext APIs maintain SASL state for a network
service (server or client). This is primarily used on the server
- to provide a whitelist of allowed SASL usernames for clients.
+ to provide an access control list of SASL usernames permitted as
+ clients.
</dd>
<dt><code>virNetSASLSessionPtr</code> (virnetsaslcontext.h)</dt>
@@ -460,7 +461,7 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
<dt><code>virNetTLSContextPtr</code> (virnettlscontext.h)</dt>
<dd>The virNetTLSContext APIs maintain TLS state for a network
service (server or client). This is primarily used on the server
- to provide a whitelist of allowed x509 distinguished names, as
+ to provide an access control list of x509 distinguished names, as
well as diffie-hellman keys. It can also do validation of
x509 certificates prior to initiating a connection, in order
to improve detection of configuration errors.
@@ -760,8 +761,8 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
next step is to decode the RPC header. The header is validated to
ensure the request is sensible, ie the server should not receive a
method reply from a client. If the client has not yet authenticated,
- a security check is also applied to make sure the procedure is on the
- whitelist of those allowed prior to auth. If the packet is a method
+ an access control list check is also performed to make sure the procedure
+ is one of those allowed prior to auth. If the packet is a method
call, it will be placed on a global processing queue. The event loop
thread is now done with the packet for the time being.
</p>
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index 34741183cc..2607fbad86 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -253,11 +253,11 @@
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
+# verification.
#tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -282,7 +282,7 @@
@END@
-# A whitelist of allowed SASL usernames. The format for username
+# An access control list of allowed SASL usernames. The format for username
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username at REALM
#
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index 831e7d165c..67b86cff78 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -3861,7 +3861,7 @@ remoteDispatchAuthSaslStart(virNetServerPtr server,
if (err == VIR_NET_SASL_CONTINUE) {
ret->complete = 0;
} else {
- /* Check username whitelist ACL */
+ /* Check username ACL */
if ((err = remoteSASLFinish(server, client)) < 0) {
if (err == -2)
goto authdeny;
@@ -3957,7 +3957,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server,
if (err == VIR_NET_SASL_CONTINUE) {
ret->complete = 0;
} else {
- /* Check username whitelist ACL */
+ /* Check username ACL */
if ((err = remoteSASLFinish(server, client)) < 0) {
if (err == -2)
goto authdeny;
diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
index e7ed8f4390..9253771787 100644
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -36,7 +36,7 @@ VIR_LOG_INIT("rpc.netsaslcontext");
struct _virNetSASLContext {
virObjectLockable parent;
- const char *const*usernameWhitelist;
+ const char *const *usernameACL;
};
struct _virNetSASLSession {
@@ -121,7 +121,7 @@ virNetSASLContextPtr virNetSASLContextNewClient(void)
return ctxt;
}
-virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist)
+virNetSASLContextPtr virNetSASLContextNewServer(const char *const *usernameACL)
{
virNetSASLContextPtr ctxt;
@@ -132,7 +132,7 @@ virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitel
if (!(ctxt = virObjectLockableNew(virNetSASLContextClass)))
return NULL;
- ctxt->usernameWhitelist = usernameWhitelist;
+ ctxt->usernameACL = usernameACL;
return ctxt;
}
@@ -146,7 +146,7 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
virObjectLock(ctxt);
/* If the list is not set, allow any DN. */
- wildcards = ctxt->usernameWhitelist;
+ wildcards = ctxt->usernameACL;
if (!wildcards) {
ret = 1; /* No ACL, allow all */
goto cleanup;
@@ -162,7 +162,7 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
}
/* Denied */
- VIR_ERROR(_("SASL client identity '%s' not allowed in whitelist"), identity);
+ VIR_ERROR(_("SASL client identity '%s' not allowed by ACL"), identity);
/* This is the most common error: make it informative. */
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
diff --git a/src/rpc/virnetsaslcontext.h b/src/rpc/virnetsaslcontext.h
index 4d1845e643..618230f42d 100644
--- a/src/rpc/virnetsaslcontext.h
+++ b/src/rpc/virnetsaslcontext.h
@@ -38,7 +38,7 @@ enum {
};
virNetSASLContextPtr virNetSASLContextNewClient(void);
-virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist);
+virNetSASLContextPtr virNetSASLContextNewServer(const char *const *usernameACL);
int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
const char *identity);
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index a8104cf484..168f3010ae 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -60,7 +60,7 @@ struct _virNetTLSContext {
bool isServer;
bool requireValidCert;
- const char *const*x509dnWhitelist;
+ const char *const *x509dnACL;
char *priority;
};
@@ -356,8 +356,8 @@ static int virNetTLSContextCheckCertKeyPurpose(gnutls_x509_crt_t cert,
/* Check DN is on tls_allowed_dn_list. */
static int
-virNetTLSContextCheckCertDNWhitelist(const char *dname,
- const char *const*wildcards)
+virNetTLSContextCheckCertDNACL(const char *dname,
+ const char *const *wildcards)
{
while (*wildcards) {
if (g_pattern_match_simple(*wildcards, dname))
@@ -367,7 +367,7 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname,
}
/* Log the client's DN for debugging */
- VIR_DEBUG("Failed whitelist check for client DN '%s'", dname);
+ VIR_DEBUG("Failed ACL check for client DN '%s'", dname);
/* This is the most common error: make it informative. */
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
@@ -385,10 +385,10 @@ virNetTLSContextCheckCertDN(gnutls_x509_crt_t cert,
const char *certFile,
const char *hostname,
const char *dname,
- const char *const* whitelist)
+ const char *const *acl)
{
- if (whitelist && dname &&
- virNetTLSContextCheckCertDNWhitelist(dname, whitelist) <= 0)
+ if (acl && dname &&
+ virNetTLSContextCheckCertDNACL(dname, acl) <= 0)
return -1;
if (hostname &&
@@ -675,7 +675,7 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
const char *cacrl,
const char *cert,
const char *key,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert,
@@ -740,7 +740,7 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
}
ctxt->requireValidCert = requireValidCert;
- ctxt->x509dnWhitelist = x509dnWhitelist;
+ ctxt->x509dnACL = x509dnACL;
ctxt->isServer = isServer;
PROBE(RPC_TLS_CONTEXT_NEW,
@@ -855,7 +855,7 @@ static int virNetTLSContextLocateCredentials(const char *pkipath,
static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
bool tryUserPkiPath,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert,
@@ -869,7 +869,7 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
return NULL;
ctxt = virNetTLSContextNew(cacert, cacrl, cert, key,
- x509dnWhitelist, priority, sanityCheckCert,
+ x509dnACL, priority, sanityCheckCert,
requireValidCert, isServer);
VIR_FREE(cacert);
@@ -882,12 +882,12 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
bool tryUserPkiPath,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnWhitelist, priority,
+ return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnACL, priority,
sanityCheckCert, requireValidCert, true);
}
@@ -906,12 +906,12 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
const char *cacrl,
const char *cert,
const char *key,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert)
{
- return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnWhitelist, priority,
+ return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnACL, priority,
sanityCheckCert, requireValidCert, true);
}
@@ -1063,7 +1063,7 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
VIR_DEBUG("Peer DN is %s", dname);
if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostname, dname,
- ctxt->x509dnWhitelist) < 0) {
+ ctxt->x509dnACL) < 0) {
gnutls_x509_crt_deinit(cert);
goto authdeny;
}
diff --git a/src/rpc/virnettlscontext.h b/src/rpc/virnettlscontext.h
index fe885aed9a..8ac84027b2 100644
--- a/src/rpc/virnettlscontext.h
+++ b/src/rpc/virnettlscontext.h
@@ -34,7 +34,7 @@ void virNetTLSInit(void);
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
bool tryUserPkiPath,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert);
@@ -49,7 +49,7 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
const char *cacrl,
const char *cert,
const char *key,
- const char *const*x509dnWhitelist,
+ const char *const *x509dnACL,
const char *priority,
bool sanityCheckCert,
bool requireValidCert);
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.conf
index 791d6c972b..6d1fd33dcd 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -174,11 +174,11 @@ crl_file = "/etc/pki/CA/crl.pem"
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
+# verification.
tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -194,7 +194,7 @@ tls_no_verify_certificate = 1
tls_allowed_dn_list = ["DN1", "DN2"]
-# A whitelist of allowed SASL usernames. The format for usernames
+# An access control list of allowed SASL usernames. The format for usernames
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username at REALM
#
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index cfdd23fd21..ce50480b8c 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -140,9 +140,9 @@ crl_file = "/etc/pki/CA/crl.pem"
# will be rejected.
#
# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
+# verification.
tls_no_verify_certificate = 1
-# A whitelist of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
@@ -156,7 +156,7 @@ tls_no_verify_certificate = 1
#
# By default, no DN's are checked
tls_allowed_dn_list = [ "DN1", "DN2" ]
-# A whitelist of allowed SASL usernames. The format for usernames
+# An access control list of allowed SASL usernames. The format for usernames
# depends on the SASL authentication mechanism. Kerberos usernames
# look like username at REALM
#
--
2.24.1
More information about the libvir-list
mailing list