From nobody Sat Apr 27 17:59:34 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1496408019640468.23604210177245;
 Fri, 2 Jun 2017 05:53:39 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9573C232044;
	Fri,  2 Jun 2017 12:53:36 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B9AD18B27;
	Fri,  2 Jun 2017 12:53:35 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id BD2B1180BAF4;
	Fri,  2 Jun 2017 12:53:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v52CrWh1016313 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 2 Jun 2017 08:53:32 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 004027A439; Fri,  2 Jun 2017 12:53:32 +0000 (UTC)
Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com
 [10.34.129.47])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 52BED77CA6;
	Fri,  2 Jun 2017 12:53:29 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 9573C232044
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 9573C232044
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Fri,  2 Jun 2017 14:53:28 +0200
Message-Id: 
 <ed914284ba74afb7dd16dcb623073bb1a1d5cd21.1496407940.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH v2] daemon: Don't initialize SASL context if not
	necessary
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Fri, 02 Jun 2017 12:53:37 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

SASL context would be initialized even if the corresponding TCP or TLS
sockets are not enabled.

fe772f24a68 attempted to fix the symptom by commenting out the settings,
but that did not fix the root cause. 3c647ee4bbb later reverted those
changes so that the more secure algorithm is used.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1450095
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
---
v2:
Fix the message also if SASL authentication and the TCP/TLS sockets are
explicitly enabled in config bug --listen is not specified.

 daemon/libvirtd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 891238bcb..bac4bc1b6 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -613,11 +613,11 @@ daemonSetupNetworking(virNetServerPtr srv,

 #if WITH_SASL
     if (config->auth_unix_rw =3D=3D REMOTE_AUTH_SASL ||
-        config->auth_unix_ro =3D=3D REMOTE_AUTH_SASL ||
+        (sock_path_ro && config->auth_unix_ro =3D=3D REMOTE_AUTH_SASL) ||
 # if WITH_GNUTLS
-        config->auth_tls =3D=3D REMOTE_AUTH_SASL ||
+        (ipsock && config->listen_tls && config->auth_tls =3D=3D REMOTE_AU=
TH_SASL) ||
 # endif
-        config->auth_tcp =3D=3D REMOTE_AUTH_SASL) {
+        (ipsock && config->listen_tcp && config->auth_tcp =3D=3D REMOTE_AU=
TH_SASL)) {
         saslCtxt =3D virNetSASLContextNewServer(
             (const char *const*)config->sasl_allowed_username_list);
         if (!saslCtxt)
--=20
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list