Make SASL work over UNIX domain sockets

The addrToString methods were not coping with UNIX domain sockets which have no normal host+port address. Hardcode special handling for these so that SASL routines can work over UNIX sockets. Also fix up SSF logic in remote client so that it presumes that a UNIX socket is secure * daemon/remote.c: Fix addrToString for UNIX sockets. * src/remote/remote_driver.c: Fix addrToString for UNIX sockets and fix SSF logic to work for TLS + UNIX sockets in the same manner
2025-01-18 10:35:20 +00:00 · 2010-09-14 19:17:25 +01:00 · 2010-09-14 19:17:25 +01:00 · 3a73eaeb61
commit 3a73eaeb61
parent e8066d532c
2 changed files with 23 additions and 7 deletions
--- a/daemon/remote.c
+++ b/daemon/remote.c
@ -3263,6 +3263,14 @@ static char *addrToString(remote_error *rerr,
    int err;
    struct sockaddr *sa = (struct sockaddr *)ss;

+    if (sa->sa_family == AF_UNIX) {
+        if (!(addr = strdup("127.0.0.1;0"))) {
+            virReportOOMError();
+            return NULL;
+        }
+        return addr;
+    }
+
    if ((err = getnameinfo(sa, salen,
                           host, sizeof(host),
                           port, sizeof(port),
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@ -6676,6 +6676,14 @@ static char *addrToString(struct sockaddr_storage *ss, socklen_t salen)
    int err;
    struct sockaddr *sa = (struct sockaddr *)ss;

+    if (sa->sa_family == AF_UNIX) {
+        if (!(addr = strdup("127.0.0.1;0"))) {
+            virReportOOMError();
+            return NULL;
+        }
+        return addr;
+    }
+
    if ((err = getnameinfo(sa, salen,
                           host, sizeof(host),
                           port, sizeof(port),
@ -6977,12 +6985,12 @@ remoteAuthSASL (virConnectPtr conn, struct private_data *priv, int in_open,
    }

    memset (&secprops, 0, sizeof secprops);
-    /* If we've got TLS, we don't care about SSF */
-    secprops.min_ssf = priv->uses_tls ? 0 : 56; /* Equiv to DES supported by all Kerberos */
-    secprops.max_ssf = priv->uses_tls ? 0 : 100000; /* Very strong ! AES == 256 */
+    /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
+    secprops.min_ssf = priv->is_secure ? 0 : 56; /* Equiv to DES supported by all Kerberos */
+    secprops.max_ssf = priv->is_secure ? 0 : 100000; /* Very strong ! AES == 256 */
    secprops.maxbufsize = 100000;
-    /* If we're not TLS, then forbid any anonymous or trivially crackable auth */
-    secprops.security_flags = priv->uses_tls ? 0 :
+    /* If we're not secure, then forbid any anonymous or trivially crackable auth */
+    secprops.security_flags = priv->is_secure ? 0 :
        SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;

    err = sasl_setprop(saslconn, SASL_SEC_PROPS, &secprops);
@ -7164,8 +7172,8 @@ remoteAuthSASL (virConnectPtr conn, struct private_data *priv, int in_open,
        }
    }

-    /* Check for suitable SSF if non-TLS */
-    if (!priv->uses_tls) {
+    /* Check for suitable SSF if not already secure (TLS or UNIX sock) */
+    if (!priv->is_secure) {
        err = sasl_getprop(saslconn, SASL_SSF, &val);
        if (err != SASL_OK) {
            remoteError(VIR_ERR_AUTH_FAILED,