On Fri, Jun 02, 2017 at 13:28:31 +0100, Daniel Berrange wrote: > On Fri, Jun 02, 2017 at 02:10:25PM +0200, Peter Krempa wrote: > > SASL context would be initialized even if the corresponding TCP or TLS > > sockets are not enabled. > > > > fe772f24a68 attempted to fix the symptom by commenting out the settings, > > but that did not fix the root cause. 3c647ee4bbb later reverted those > > changes so that the more secure algorithm is used. > > > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450095 > > --- > > daemon/libvirtd.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c > > index 891238bcb..4a242e3e5 100644 > > --- a/daemon/libvirtd.c > > +++ b/daemon/libvirtd.c > > @@ -613,11 +613,11 @@ daemonSetupNetworking(virNetServerPtr srv, > > > > #if WITH_SASL > > if (config->auth_unix_rw == REMOTE_AUTH_SASL || > > - config->auth_unix_ro == REMOTE_AUTH_SASL || > > + (sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) || > > # if WITH_GNUTLS > > - config->auth_tls == REMOTE_AUTH_SASL || > > + (config->listen_tls && config->auth_tls == REMOTE_AUTH_SASL) || > > # endif > > - config->auth_tcp == REMOTE_AUTH_SASL) { > > + (config->listen_tcp && config->auth_tcp == REMOTE_AUTH_SASL)) { > > saslCtxt = virNetSASLContextNewServer( > > (const char *const*)config->sasl_allowed_username_list); > > if (!saslCtxt) > > I think you need to check 'ipsock' too, since listen_tls defaults > to 1, but is not used unless --listen is set. Yes, I've just tested that option (after sending this obviously) and came to the same conclusion.
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
