On Wed, Mar 13, 2013 at 15:24:04 +0000, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
>
> Add APIs which allow creation of a virIdentity from the info
> associated with a virNetServerClientPtr instance. This is done
> based on the results of client authentication processes like
> TLS, x509, SASL, SO_PEERCRED
>
...
> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
> index 40c8173..850f388 100644
> --- a/src/rpc/virnetserverclient.c
> +++ b/src/rpc/virnetserverclient.c
...
> @@ -642,6 +645,113 @@ int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
> }
>
>
> +static virIdentityPtr
> +virNetServerClientCreateIdentity(virNetServerClientPtr client)
> +{
> + char *processid = NULL;
> + char *username = NULL;
> + char *groupname = NULL;
> +#if WITH_SASL
> + char *saslname = NULL;
> +#endif
> + char *x509dname = NULL;
> + char *seccontext = NULL;
> + virIdentityPtr ret = NULL;
> +
> + if (client->sock && virNetSocketIsLocal(client->sock)) {
> + gid_t gid;
> + uid_t uid;
> + pid_t pid;
> + if (virNetSocketGetUNIXIdentity(client->sock, &uid, &gid, &pid) < 0)
> + goto cleanup;
> +
> + if (!(username = virGetUserName(uid)))
> + goto cleanup;
> + if (!(groupname = virGetGroupName(gid)))
> + goto cleanup;
> + if (virAsprintf(&processid, "%d", (int)pid) < 0)
This should use "%lld" and (long long)pid to be consistent with the way
we format PIDs in libvirt. Also you sould call virReportOOMError() here
since virAsprintf() won't do it for you.
> + goto cleanup;
> + }
> +
> +#if WITH_SASL
> + if (client->sasl) {
> + const char *identity = virNetSASLSessionGetIdentity(client->sasl);
> + if (identity &&
> + !(saslname = strdup(identity))) {
> + virReportOOMError();
> + goto cleanup;
> + }
> + }
> +#endif
> +
> + if (client->tls) {
> + const char *identity = virNetTLSSessionGetX509DName(client->tls);
> + if (identity &&
> + !(x509dname = strdup(identity))) {
> + virReportOOMError();
> + goto cleanup;
> + }
> + }
> +
> + if (client->sock &&
> + virNetSocketGetSecurityContext(client->sock, &seccontext) < 0)
> + goto cleanup;
> +
> + if (!(ret = virIdentityNew()))
> + goto cleanup;
> +
> + if (username &&
> + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0)
> + goto error;
> + if (groupname &&
> + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0)
> + goto error;
> + if (processid &&
> + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0)
> + goto error;
> +#if HAVE_SASL
> + if (saslname &&
> + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SASL_USER_NAME, saslname) < 0)
> + goto error;
> +#endif
> + if (x509dname &&
> + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME, x509dname) < 0)
> + goto error;
> + if (seccontext &&
> + virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SECURITY_CONTEXT, seccontext) < 0)
> + goto error;
Long lines again.
> +
> +cleanup:
> + VIR_FREE(username);
> + VIR_FREE(groupname);
> + VIR_FREE(processid);
> + VIR_FREE(seccontext);
> +#if HAVE_SASL
> + VIR_FREE(saslname);
> +#endif
> + VIR_FREE(x509dname);
> + return ret;
> +
> +error:
> + virObjectUnref(ret);
> + ret = NULL;
> + goto cleanup;
> +}
...
ACK
Jirka
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list