On 03/18/2011 12:54 PM, Daniel P. Berrange wrote: > This provides two modules for handling SASL > > * virNetSASLContext provides the process-wide state, currently > just a whitelist of usernames on the server and a one time > library init call > > * virNetTLSSession provides the per-connection state, ie the > SASL session itself. This also include APIs for providing > data encryption/decryption once the session is established > > * src/Makefile.am: Add to libvirt-net-rpc.la > * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic > SASL handling code > --- > cfg.mk | 2 + > po/POTFILES.in | 1 + > src/Makefile.am | 9 + > src/rpc/virnetsaslcontext.c | 599 +++++++++++++++++++++++++++++++++++++++++++ > src/rpc/virnetsaslcontext.h | 120 +++++++++ > 5 files changed, 731 insertions(+), 0 deletions(-) > create mode 100644 src/rpc/virnetsaslcontext.c > create mode 100644 src/rpc/virnetsaslcontext.h Definitely improved over the first time I reviewed this: http://www.redhat.com/archives/libvir-list/2010-December/msg00677.html > +virNetSASLSessionPtr virNetSASLSessionNewClient(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED, > + const char *service, > + const char *hostname, > + const char *localAddr, > + const char *remoteAddr, > + const sasl_callback_t *cbs) > +{ > + virNetSASLSessionPtr sasl = NULL; > + int err; > + > + if (VIR_ALLOC(sasl) < 0) { > + virReportOOMError(); > + goto cleanup; > + } > + > + sasl->refs = 1; > + /* Arbitrary size for amount of data we can encode in a single block */ > + sasl->maxbufsize = 1 << 16; > +virNetSASLSessionPtr virNetSASLSessionNewServer(virNetSASLContextPtr ctxt ATTRIBUTE_UNUSED, > + const char *service, > + const char *localAddr, > + const char *remoteAddr) > +{ > + virNetSASLSessionPtr sasl = NULL; > + int err; > + > + if (VIR_ALLOC(sasl) < 0) { > + virReportOOMError(); > + goto cleanup; > + } > + > + sasl->refs = 1; > + /* Arbitrary size for amount of data we can encode in a single block */ > + sasl->maxbufsize = 1 << 16; Should these two values be a single #define (or enum) earlier in the file, so that they change in lock-step if we ever have reason to pick a different value? > + > +#ifndef __VIR_NET_CLIENT_SASL_CONTEXT_H__ > +# define __VIR_NET_CLIENT_SASL_CONTEXT_H__ > + > +# include <sasl/sasl.h> > + > +# include <stdbool.h> <stdbool.h> is redundant with earlier inclusion of "internal.h". You fixed this in some of your patch series, but not all. > + > +int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, > + const char *identity); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK Likewise for marking up other functions in this header. ACK with those nits addressed. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list