Once the SASL authentication process has successfully passed, we should also
save the SASL username used to client's identity, so that when a client like
virt-admin tries to obtain it, the server will actually format the username to
the response data.
Signed-off-by: Erik Skultety <eskultet@xxxxxxxxxx>
---
daemon/remote.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/daemon/remote.c b/daemon/remote.c
index 4aa43c2..6991a7e 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3116,6 +3116,7 @@ static int
remoteSASLFinish(virNetServerPtr server,
virNetServerClientPtr client)
{
+ virIdentityPtr clnt_identity = NULL;
const char *identity;
struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client);
int ssf;
@@ -3138,9 +3139,13 @@ remoteSASLFinish(virNetServerPtr server,
if (!virNetSASLContextCheckIdentity(saslCtxt, identity))
return -2;
+ if (!(clnt_identity = virNetServerClientGetIdentity(client)))
+ goto error;
+
virNetServerClientSetAuth(client, 0);
virNetServerTrackCompletedAuth(server);
virNetServerClientSetSASLSession(client, priv->sasl);
+ virIdentitySetSASLUserName(clnt_identity, identity);
VIR_DEBUG("Authentication successful %d", virNetServerClientGetFD(client));
@@ -3148,6 +3153,7 @@ remoteSASLFinish(virNetServerPtr server,
"client=%p auth=%d identity=%s",
client, REMOTE_AUTH_SASL, identity);
+ virObjectUnref(clnt_identity);
virObjectUnref(priv->sasl);
priv->sasl = NULL;
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list