2010-12-10 12:21:18 +00:00
|
|
|
/*
|
|
|
|
* virnetsaslcontext.c: SASL encryption/auth handling
|
|
|
|
*
|
maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread. When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.
In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in. Syntax check to the rescue!
The syntax check can catch uses such as
virReportError(code,
_("split "
"string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.
This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.
* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-23 20:33:08 +00:00
|
|
|
* Copyright (C) 2010-2012 Red Hat, Inc.
|
2010-12-10 12:21:18 +00:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 22:30:55 +00:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 10:06:23 +00:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2010-12-10 12:21:18 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include <fnmatch.h>
|
|
|
|
|
|
|
|
#include "virnetsaslcontext.h"
|
|
|
|
#include "virnetmessage.h"
|
|
|
|
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
2012-12-12 18:06:53 +00:00
|
|
|
#include "viralloc.h"
|
2012-12-13 15:49:48 +00:00
|
|
|
#include "virthread.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2013-05-03 12:47:53 +00:00
|
|
|
#include "virstring.h"
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_RPC
|
|
|
|
|
2014-02-28 12:16:17 +00:00
|
|
|
VIR_LOG_INIT("rpc.netsaslcontext");
|
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
struct _virNetSASLContext {
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLockable parent;
|
2012-07-11 13:35:49 +00:00
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
const char *const*usernameWhitelist;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct _virNetSASLSession {
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLockable parent;
|
2012-07-11 13:35:49 +00:00
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
sasl_conn_t *conn;
|
|
|
|
size_t maxbufsize;
|
2013-11-22 16:27:21 +00:00
|
|
|
sasl_callback_t *callbacks;
|
2010-12-10 12:21:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2012-07-11 13:35:49 +00:00
|
|
|
static virClassPtr virNetSASLContextClass;
|
|
|
|
static virClassPtr virNetSASLSessionClass;
|
|
|
|
static void virNetSASLSessionDispose(void *obj);
|
|
|
|
|
|
|
|
static int virNetSASLContextOnceInit(void)
|
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(virNetSASLContextClass = virClassNew(virClassForObjectLockable(),
|
2013-01-09 17:37:27 +00:00
|
|
|
"virNetSASLContext",
|
2012-07-11 13:35:49 +00:00
|
|
|
sizeof(virNetSASLContext),
|
2013-01-09 21:27:28 +00:00
|
|
|
NULL)))
|
2012-07-11 13:35:49 +00:00
|
|
|
return -1;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(virNetSASLSessionClass = virClassNew(virClassForObjectLockable(),
|
2013-01-09 17:37:27 +00:00
|
|
|
"virNetSASLSession",
|
2012-07-11 13:35:49 +00:00
|
|
|
sizeof(virNetSASLSession),
|
|
|
|
virNetSASLSessionDispose)))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_ONCE_GLOBAL_INIT(virNetSASLContext)
|
|
|
|
|
2017-04-07 14:43:38 +00:00
|
|
|
/* Apple have annotated all SASL functions as deprecated for
|
|
|
|
* unknown reasons. Since they still work, lets just ignore
|
|
|
|
* the warnings. If Apple finally delete the SASL functions
|
|
|
|
* our configure check should already catch that
|
|
|
|
*/
|
|
|
|
#ifdef __APPLE__
|
|
|
|
VIR_WARNINGS_NO_DEPRECATED
|
|
|
|
#endif
|
2012-07-11 13:35:49 +00:00
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
virNetSASLContextPtr virNetSASLContextNewClient(void)
|
|
|
|
{
|
|
|
|
virNetSASLContextPtr ctxt;
|
|
|
|
int err;
|
|
|
|
|
2012-07-11 13:35:49 +00:00
|
|
|
if (virNetSASLContextInitialize() < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
err = sasl_client_init(NULL);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("failed to initialize SASL library: %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2010-12-10 12:21:18 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(ctxt = virObjectLockableNew(virNetSASLContextClass)))
|
2010-12-10 12:21:18 +00:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return ctxt;
|
|
|
|
}
|
|
|
|
|
|
|
|
virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist)
|
|
|
|
{
|
|
|
|
virNetSASLContextPtr ctxt;
|
|
|
|
int err;
|
|
|
|
|
2012-07-11 13:35:49 +00:00
|
|
|
if (virNetSASLContextInitialize() < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
err = sasl_server_init(NULL, "libvirt");
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("failed to initialize SASL library: %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2010-12-10 12:21:18 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(ctxt = virObjectLockableNew(virNetSASLContextClass)))
|
2011-07-26 00:21:32 +00:00
|
|
|
return NULL;
|
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
ctxt->usernameWhitelist = usernameWhitelist;
|
|
|
|
|
|
|
|
return ctxt;
|
|
|
|
}
|
|
|
|
|
|
|
|
int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
|
|
|
|
const char *identity)
|
|
|
|
{
|
|
|
|
const char *const*wildcards;
|
2011-07-26 00:21:32 +00:00
|
|
|
int ret = -1;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(ctxt);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
/* If the list is not set, allow any DN. */
|
|
|
|
wildcards = ctxt->usernameWhitelist;
|
2011-07-26 00:21:32 +00:00
|
|
|
if (!wildcards) {
|
|
|
|
ret = 1; /* No ACL, allow all */
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
while (*wildcards) {
|
2012-10-17 09:23:12 +00:00
|
|
|
int rv = fnmatch(*wildcards, identity, 0);
|
2011-07-26 00:21:32 +00:00
|
|
|
if (rv == 0) {
|
|
|
|
ret = 1;
|
2012-10-11 16:31:20 +00:00
|
|
|
goto cleanup; /* Successful match */
|
2011-07-26 00:21:32 +00:00
|
|
|
}
|
2011-08-02 19:04:19 +00:00
|
|
|
if (rv != FNM_NOMATCH) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("Malformed TLS whitelist regular expression '%s'"),
|
|
|
|
*wildcards);
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
wildcards++;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Denied */
|
2012-11-30 15:05:48 +00:00
|
|
|
VIR_ERROR(_("SASL client identity '%s' not allowed in whitelist"), identity);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
/* This is the most common error: make it informative. */
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
|
|
|
|
_("Client's username is not on the list of allowed clients"));
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(ctxt);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
|
|
|
|
const char *service,
|
|
|
|
const char *hostname,
|
|
|
|
const char *localAddr,
|
|
|
|
const char *remoteAddr,
|
2013-11-22 16:27:21 +00:00
|
|
|
sasl_callback_t *cbs)
|
2010-12-10 12:21:18 +00:00
|
|
|
{
|
|
|
|
virNetSASLSessionPtr sasl = NULL;
|
|
|
|
int err;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(sasl = virObjectLockableNew(virNetSASLSessionClass)))
|
2011-07-26 00:21:32 +00:00
|
|
|
return NULL;
|
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
/* Arbitrary size for amount of data we can encode in a single block */
|
|
|
|
sasl->maxbufsize = 1 << 16;
|
|
|
|
|
|
|
|
err = sasl_client_new(service,
|
|
|
|
hostname,
|
|
|
|
localAddr,
|
|
|
|
remoteAddr,
|
|
|
|
cbs,
|
|
|
|
SASL_SUCCESS_DATA,
|
|
|
|
&sasl->conn);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("Failed to create SASL client context: %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2010-12-10 12:21:18 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
2013-11-22 16:27:21 +00:00
|
|
|
sasl->callbacks = cbs;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
return sasl;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2012-07-11 13:35:49 +00:00
|
|
|
virObjectUnref(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED,
|
|
|
|
const char *service,
|
|
|
|
const char *localAddr,
|
|
|
|
const char *remoteAddr)
|
|
|
|
{
|
|
|
|
virNetSASLSessionPtr sasl = NULL;
|
|
|
|
int err;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(sasl = virObjectLockableNew(virNetSASLSessionClass)))
|
2011-07-26 00:21:32 +00:00
|
|
|
return NULL;
|
|
|
|
|
2010-12-10 12:21:18 +00:00
|
|
|
/* Arbitrary size for amount of data we can encode in a single block */
|
|
|
|
sasl->maxbufsize = 1 << 16;
|
|
|
|
|
|
|
|
err = sasl_server_new(service,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
localAddr,
|
|
|
|
remoteAddr,
|
|
|
|
NULL,
|
|
|
|
SASL_SUCCESS_DATA,
|
|
|
|
&sasl->conn);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("Failed to create SASL client context: %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2010-12-10 12:21:18 +00:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
return sasl;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2012-07-11 13:35:49 +00:00
|
|
|
virObjectUnref(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
|
|
|
|
int ssf)
|
|
|
|
{
|
|
|
|
int err;
|
2011-07-26 00:21:32 +00:00
|
|
|
int ret = -1;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
err = sasl_setprop(sasl->conn, SASL_SSF_EXTERNAL, &ssf);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("cannot set external SSF %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *virNetSASLSessionGetIdentity(virNetSASLSessionPtr sasl)
|
|
|
|
{
|
2011-07-26 00:21:32 +00:00
|
|
|
const void *val = NULL;
|
2010-12-10 12:21:18 +00:00
|
|
|
int err;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
err = sasl_getprop(sasl->conn, SASL_USERNAME, &val);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("cannot query SASL username on connection %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2011-07-26 00:21:32 +00:00
|
|
|
val = NULL;
|
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
if (val == NULL) {
|
maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread. When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.
In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in. Syntax check to the rescue!
The syntax check can catch uses such as
virReportError(code,
_("split "
"string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.
This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.
* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-23 20:33:08 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED, "%s",
|
2012-07-18 10:41:47 +00:00
|
|
|
_("no client username was found"));
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
VIR_DEBUG("SASL client username %s", (const char *)val);
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
return (const char*)val;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSASLSessionGetKeySize(virNetSASLSessionPtr sasl)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
int ssf;
|
|
|
|
const void *val;
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
err = sasl_getprop(sasl->conn, SASL_SSF, &val);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("cannot query SASL ssf on connection %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2011-07-26 00:21:32 +00:00
|
|
|
ssf = -1;
|
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
ssf = *(const int *)val;
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
return ssf;
|
|
|
|
}
|
|
|
|
|
|
|
|
int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
|
|
|
|
int minSSF,
|
|
|
|
int maxSSF,
|
|
|
|
bool allowAnonymous)
|
|
|
|
{
|
|
|
|
sasl_security_properties_t secprops;
|
|
|
|
int err;
|
2011-07-26 00:21:32 +00:00
|
|
|
int ret = -1;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
VIR_DEBUG("minSSF=%d maxSSF=%d allowAnonymous=%d maxbufsize=%zu",
|
|
|
|
minSSF, maxSSF, allowAnonymous, sasl->maxbufsize);
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2012-03-29 09:52:04 +00:00
|
|
|
memset(&secprops, 0, sizeof(secprops));
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
secprops.min_ssf = minSSF;
|
|
|
|
secprops.max_ssf = maxSSF;
|
|
|
|
secprops.maxbufsize = sasl->maxbufsize;
|
|
|
|
secprops.security_flags = allowAnonymous ? 0 :
|
|
|
|
SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
|
|
|
|
|
|
|
|
err = sasl_setprop(sasl->conn, SASL_SEC_PROPS, &secprops);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("cannot set security props %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int virNetSASLSessionUpdateBufSize(virNetSASLSessionPtr sasl)
|
|
|
|
{
|
2011-07-26 22:21:10 +00:00
|
|
|
union {
|
|
|
|
unsigned *maxbufsize;
|
|
|
|
const void *ptr;
|
|
|
|
} u;
|
2010-12-10 12:21:18 +00:00
|
|
|
int err;
|
|
|
|
|
2011-07-26 22:21:10 +00:00
|
|
|
err = sasl_getprop(sasl->conn, SASL_MAXOUTBUF, &u.ptr);
|
2010-12-10 12:21:18 +00:00
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("cannot get security props %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2010-12-10 12:21:18 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_DEBUG("Negotiated bufsize is %u vs requested size %zu",
|
2011-07-26 22:21:10 +00:00
|
|
|
*u.maxbufsize, sasl->maxbufsize);
|
|
|
|
sasl->maxbufsize = *u.maxbufsize;
|
2010-12-10 12:21:18 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *virNetSASLSessionListMechanisms(virNetSASLSessionPtr sasl)
|
|
|
|
{
|
|
|
|
const char *mechlist;
|
2011-07-26 00:21:32 +00:00
|
|
|
char *ret = NULL;
|
2010-12-10 12:21:18 +00:00
|
|
|
int err;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
err = sasl_listmech(sasl->conn,
|
|
|
|
NULL, /* Don't need to set user */
|
|
|
|
"", /* Prefix */
|
|
|
|
",", /* Separator */
|
|
|
|
"", /* Suffix */
|
|
|
|
&mechlist,
|
|
|
|
NULL,
|
|
|
|
NULL);
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("cannot list SASL mechanisms %d (%s)"),
|
|
|
|
err, sasl_errdetail(sasl->conn));
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2017-03-15 18:03:37 +00:00
|
|
|
VIR_DEBUG("SASL mechanism list is '%s'", mechlist);
|
|
|
|
if (STREQ(mechlist, "")) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("no SASL mechanisms are available"));
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2013-05-03 12:47:53 +00:00
|
|
|
ignore_value(VIR_STRDUP(ret, mechlist));
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSASLSessionClientStart(virNetSASLSessionPtr sasl,
|
|
|
|
const char *mechlist,
|
|
|
|
sasl_interact_t **prompt_need,
|
|
|
|
const char **clientout,
|
|
|
|
size_t *clientoutlen,
|
|
|
|
const char **mech)
|
|
|
|
{
|
|
|
|
unsigned outlen = 0;
|
2011-07-26 00:21:32 +00:00
|
|
|
int err;
|
|
|
|
int ret = -1;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
VIR_DEBUG("sasl=%p mechlist=%s prompt_need=%p clientout=%p clientoutlen=%p mech=%p",
|
|
|
|
sasl, mechlist, prompt_need, clientout, clientoutlen, mech);
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
err = sasl_client_start(sasl->conn,
|
|
|
|
mechlist,
|
|
|
|
prompt_need,
|
|
|
|
clientout,
|
|
|
|
&outlen,
|
|
|
|
mech);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
*clientoutlen = outlen;
|
|
|
|
|
|
|
|
switch (err) {
|
|
|
|
case SASL_OK:
|
|
|
|
if (virNetSASLSessionUpdateBufSize(sasl) < 0)
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
|
|
|
ret = VIR_NET_SASL_COMPLETE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_CONTINUE:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_CONTINUE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_INTERACT:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_INTERACT;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
default:
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("Failed to start SASL negotiation: %d (%s)"),
|
|
|
|
err, sasl_errdetail(sasl->conn));
|
2011-07-26 00:21:32 +00:00
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSASLSessionClientStep(virNetSASLSessionPtr sasl,
|
|
|
|
const char *serverin,
|
|
|
|
size_t serverinlen,
|
|
|
|
sasl_interact_t **prompt_need,
|
|
|
|
const char **clientout,
|
|
|
|
size_t *clientoutlen)
|
|
|
|
{
|
|
|
|
unsigned inlen = serverinlen;
|
|
|
|
unsigned outlen = 0;
|
2011-07-26 00:21:32 +00:00
|
|
|
int err;
|
|
|
|
int ret = -1;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
2013-11-22 16:54:53 +00:00
|
|
|
VIR_DEBUG("sasl=%p serverin=%p serverinlen=%zu prompt_need=%p clientout=%p clientoutlen=%p",
|
2010-12-10 12:21:18 +00:00
|
|
|
sasl, serverin, serverinlen, prompt_need, clientout, clientoutlen);
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
err = sasl_client_step(sasl->conn,
|
|
|
|
serverin,
|
|
|
|
inlen,
|
|
|
|
prompt_need,
|
|
|
|
clientout,
|
|
|
|
&outlen);
|
2010-12-10 12:21:18 +00:00
|
|
|
*clientoutlen = outlen;
|
|
|
|
|
|
|
|
switch (err) {
|
|
|
|
case SASL_OK:
|
|
|
|
if (virNetSASLSessionUpdateBufSize(sasl) < 0)
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
|
|
|
ret = VIR_NET_SASL_COMPLETE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_CONTINUE:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_CONTINUE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_INTERACT:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_INTERACT;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
default:
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("Failed to step SASL negotiation: %d (%s)"),
|
|
|
|
err, sasl_errdetail(sasl->conn));
|
2011-07-26 00:21:32 +00:00
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int virNetSASLSessionServerStart(virNetSASLSessionPtr sasl,
|
|
|
|
const char *mechname,
|
|
|
|
const char *clientin,
|
|
|
|
size_t clientinlen,
|
|
|
|
const char **serverout,
|
|
|
|
size_t *serveroutlen)
|
|
|
|
{
|
|
|
|
unsigned inlen = clientinlen;
|
|
|
|
unsigned outlen = 0;
|
2011-07-26 00:21:32 +00:00
|
|
|
int err;
|
|
|
|
int ret = -1;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
err = sasl_server_start(sasl->conn,
|
|
|
|
mechname,
|
|
|
|
clientin,
|
|
|
|
inlen,
|
|
|
|
serverout,
|
|
|
|
&outlen);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
*serveroutlen = outlen;
|
|
|
|
|
|
|
|
switch (err) {
|
|
|
|
case SASL_OK:
|
|
|
|
if (virNetSASLSessionUpdateBufSize(sasl) < 0)
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
|
|
|
ret = VIR_NET_SASL_COMPLETE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_CONTINUE:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_CONTINUE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_INTERACT:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_INTERACT;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
default:
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("Failed to start SASL negotiation: %d (%s)"),
|
|
|
|
err, sasl_errdetail(sasl->conn));
|
2011-07-26 00:21:32 +00:00
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,
|
|
|
|
const char *clientin,
|
|
|
|
size_t clientinlen,
|
|
|
|
const char **serverout,
|
|
|
|
size_t *serveroutlen)
|
|
|
|
{
|
|
|
|
unsigned inlen = clientinlen;
|
|
|
|
unsigned outlen = 0;
|
2011-07-26 00:21:32 +00:00
|
|
|
int err;
|
|
|
|
int ret = -1;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
err = sasl_server_step(sasl->conn,
|
|
|
|
clientin,
|
|
|
|
inlen,
|
|
|
|
serverout,
|
|
|
|
&outlen);
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
*serveroutlen = outlen;
|
|
|
|
|
|
|
|
switch (err) {
|
|
|
|
case SASL_OK:
|
|
|
|
if (virNetSASLSessionUpdateBufSize(sasl) < 0)
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
|
|
|
ret = VIR_NET_SASL_COMPLETE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_CONTINUE:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_CONTINUE;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
case SASL_INTERACT:
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = VIR_NET_SASL_INTERACT;
|
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
default:
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_AUTH_FAILED,
|
|
|
|
_("Failed to start SASL negotiation: %d (%s)"),
|
|
|
|
err, sasl_errdetail(sasl->conn));
|
2011-07-26 00:21:32 +00:00
|
|
|
break;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
size_t virNetSASLSessionGetMaxBufSize(virNetSASLSessionPtr sasl)
|
|
|
|
{
|
2011-07-26 00:21:32 +00:00
|
|
|
size_t ret;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = sasl->maxbufsize;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
|
|
|
|
const char *input,
|
|
|
|
size_t inputLen,
|
|
|
|
const char **output,
|
|
|
|
size_t *outputlen)
|
|
|
|
{
|
|
|
|
unsigned inlen = inputLen;
|
|
|
|
unsigned outlen = 0;
|
|
|
|
int err;
|
2011-07-26 00:21:32 +00:00
|
|
|
ssize_t ret = -1;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
if (inputLen > sasl->maxbufsize) {
|
|
|
|
virReportSystemError(EINVAL,
|
|
|
|
_("SASL data length %zu too long, max %zu"),
|
|
|
|
inputLen, sasl->maxbufsize);
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err = sasl_encode(sasl->conn,
|
|
|
|
input,
|
|
|
|
inlen,
|
|
|
|
output,
|
|
|
|
&outlen);
|
|
|
|
*outputlen = outlen;
|
|
|
|
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("failed to encode SASL data: %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
|
|
|
|
const char *input,
|
|
|
|
size_t inputLen,
|
|
|
|
const char **output,
|
|
|
|
size_t *outputlen)
|
|
|
|
{
|
|
|
|
unsigned inlen = inputLen;
|
|
|
|
unsigned outlen = 0;
|
|
|
|
int err;
|
2011-07-26 00:21:32 +00:00
|
|
|
ssize_t ret = -1;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sasl);
|
2010-12-10 12:21:18 +00:00
|
|
|
if (inputLen > sasl->maxbufsize) {
|
|
|
|
virReportSystemError(EINVAL,
|
|
|
|
_("SASL data length %zu too long, max %zu"),
|
|
|
|
inputLen, sasl->maxbufsize);
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err = sasl_decode(sasl->conn,
|
|
|
|
input,
|
|
|
|
inlen,
|
|
|
|
output,
|
|
|
|
&outlen);
|
|
|
|
*outputlen = outlen;
|
|
|
|
if (err != SASL_OK) {
|
2012-07-18 10:41:47 +00:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("failed to decode SASL data: %d (%s)"),
|
|
|
|
err, sasl_errstring(err, NULL, NULL));
|
2011-07-26 00:21:32 +00:00
|
|
|
goto cleanup;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2011-07-26 00:21:32 +00:00
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 06:52:31 +00:00
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sasl);
|
2011-07-26 00:21:32 +00:00
|
|
|
return ret;
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
|
|
|
|
2012-07-11 13:35:49 +00:00
|
|
|
void virNetSASLSessionDispose(void *obj)
|
2010-12-10 12:21:18 +00:00
|
|
|
{
|
2012-07-11 13:35:49 +00:00
|
|
|
virNetSASLSessionPtr sasl = obj;
|
2010-12-10 12:21:18 +00:00
|
|
|
|
|
|
|
if (sasl->conn)
|
|
|
|
sasl_dispose(&sasl->conn);
|
2013-11-22 16:27:21 +00:00
|
|
|
VIR_FREE(sasl->callbacks);
|
2010-12-10 12:21:18 +00:00
|
|
|
}
|
2017-04-07 14:43:38 +00:00
|
|
|
|
|
|
|
#ifdef __APPLE__
|
|
|
|
VIR_WARNINGS_RESET
|
|
|
|
#endif
|