mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-08 07:15:46 +00:00
13fdc6d63e
The array of sasl_callback_t callbacks which is passed to sasl_client_new() must be kept alive as long as the created sasl_conn_t object is alive as cyrus-sasl uses this structure internally for things like logging, so the memory used for callbacks must only be freed after sasl_dispose() has been called. During testing of successful SASL logins with virsh -c qemu+tls:///system list --all I've been getting invalid read reports from valgrind ==9237== Invalid read of size 8 ==9237== at 0x6E93B6F: _sasl_getcallback (common.c:1745) ==9237== by 0x6E95430: _sasl_log (common.c:1850) ==9237== by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580) ==9237== by 0x6E91653: client_dispose (client.c:332) ==9237== by 0x6E9476A: sasl_dispose (common.c:851) ==9237== by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678) ==9237== by 0x4CBC551: virObjectUnref (virobject.c:262) ==9237== by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042) ==9237== by 0x4CBC551: virObjectUnref (virobject.c:262) ==9237== by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794) ==9237== by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583) ==9237== by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652) ==9237== by 0x4C94730: virEventRunDefaultImpl (virevent.c:274) ==9237== by 0x12C7BA: vshEventLoop (virsh.c:2407) ==9237== by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161) ==9237== by 0x7DAEF32: start_thread (pthread_create.c:309) ==9237== by 0x8C86EAC: clone (clone.S:111) ==9237== Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd ==9237== at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9237== by 0x4C73827: virFree (viralloc.c:580) ==9237== by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219) ==9237== by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639) ==9237== by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832) ==9237== by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031) ==9237== by 0x4D8595F: do_open (libvirt.c:1239) ==9237== by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481) ==9237== by 0x12762B: vshReconnect (virsh.c:337) ==9237== by 0x12C9B0: vshInit (virsh.c:2470) ==9237== by 0x12E9A5: main (virsh.c:3338) This commit changes virNetSASLSessionNewClient() to take ownership of the SASL callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding sasl_conn_t has been freed.
114 lines
4.5 KiB
C
114 lines
4.5 KiB
C
/*
|
|
* virnetsaslcontext.h: SASL encryption/auth handling
|
|
*
|
|
* Copyright (C) 2010-2011 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library. If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef __VIR_NET_CLIENT_SASL_CONTEXT_H__
|
|
# define __VIR_NET_CLIENT_SASL_CONTEXT_H__
|
|
|
|
# include <sasl/sasl.h>
|
|
|
|
# include "internal.h"
|
|
# include "virobject.h"
|
|
|
|
typedef struct _virNetSASLContext virNetSASLContext;
|
|
typedef virNetSASLContext *virNetSASLContextPtr;
|
|
|
|
typedef struct _virNetSASLSession virNetSASLSession;
|
|
typedef virNetSASLSession *virNetSASLSessionPtr;
|
|
|
|
enum {
|
|
VIR_NET_SASL_COMPLETE,
|
|
VIR_NET_SASL_CONTINUE,
|
|
VIR_NET_SASL_INTERACT,
|
|
};
|
|
|
|
virNetSASLContextPtr virNetSASLContextNewClient(void);
|
|
virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist);
|
|
|
|
int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
|
|
const char *identity);
|
|
|
|
virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt,
|
|
const char *service,
|
|
const char *hostname,
|
|
const char *localAddr,
|
|
const char *remoteAddr,
|
|
sasl_callback_t *cbs);
|
|
virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt,
|
|
const char *service,
|
|
const char *localAddr,
|
|
const char *remoteAddr);
|
|
|
|
char *virNetSASLSessionListMechanisms(virNetSASLSessionPtr sasl);
|
|
|
|
int virNetSASLSessionExtKeySize(virNetSASLSessionPtr sasl,
|
|
int ssf);
|
|
|
|
int virNetSASLSessionGetKeySize(virNetSASLSessionPtr sasl);
|
|
|
|
const char *virNetSASLSessionGetIdentity(virNetSASLSessionPtr sasl);
|
|
|
|
int virNetSASLSessionSecProps(virNetSASLSessionPtr sasl,
|
|
int minSSF,
|
|
int maxSSF,
|
|
bool allowAnonymous);
|
|
|
|
int virNetSASLSessionClientStart(virNetSASLSessionPtr sasl,
|
|
const char *mechlist,
|
|
sasl_interact_t **prompt_need,
|
|
const char **clientout,
|
|
size_t *clientoutlen,
|
|
const char **mech);
|
|
|
|
int virNetSASLSessionClientStep(virNetSASLSessionPtr sasl,
|
|
const char *serverin,
|
|
size_t serverinlen,
|
|
sasl_interact_t **prompt_need,
|
|
const char **clientout,
|
|
size_t *clientoutlen);
|
|
|
|
int virNetSASLSessionServerStart(virNetSASLSessionPtr sasl,
|
|
const char *mechname,
|
|
const char *clientin,
|
|
size_t clientinlen,
|
|
const char **serverout,
|
|
size_t *serveroutlen);
|
|
|
|
int virNetSASLSessionServerStep(virNetSASLSessionPtr sasl,
|
|
const char *clientin,
|
|
size_t clientinlen,
|
|
const char **serverout,
|
|
size_t *serveroutlen);
|
|
|
|
size_t virNetSASLSessionGetMaxBufSize(virNetSASLSessionPtr sasl);
|
|
|
|
ssize_t virNetSASLSessionEncode(virNetSASLSessionPtr sasl,
|
|
const char *input,
|
|
size_t inputLen,
|
|
const char **output,
|
|
size_t *outputlen);
|
|
|
|
ssize_t virNetSASLSessionDecode(virNetSASLSessionPtr sasl,
|
|
const char *input,
|
|
size_t inputLen,
|
|
const char **output,
|
|
size_t *outputlen);
|
|
|
|
#endif /* __VIR_NET_CLIENT_SASL_CONTEXT_H__ */
|