Make SASL work over UNIX domain sockets

The addrToString methods were not coping with UNIX domain sockets
which have no normal host+port address. Hardcode special handling
for these so that SASL routines can work over UNIX sockets. Also
fix up SSF logic in remote client so that it presumes that a UNIX
socket is secure

* daemon/remote.c: Fix addrToString for UNIX sockets.
* src/remote/remote_driver.c: Fix addrToString for UNIX sockets
  and fix SSF logic to work for TLS + UNIX sockets in the same
  manner

diff --git a/daemon/remote.c b/daemon/remote.c
index 3db9790a3100b712e95fd403b869bdea0d24f0bd..6b67678f971389f8f05f29871f4a180678555c77 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3263,6 +3263,14 @@ static char *addrToString(remote_error *rerr,
     int err;
     struct sockaddr *sa = (struct sockaddr *)ss;
 
+    if (sa->sa_family == AF_UNIX) {
+        if (!(addr = strdup("127.0.0.1;0"))) {
+            virReportOOMError();
+            return NULL;
+        }
+        return addr;
+    }
+
     if ((err = getnameinfo(sa, salen,
                            host, sizeof(host),
                            port, sizeof(port),

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index a945710c4b963a7088fa894e51a5d8b6c83835d8..acba01e9c8e7c4480f71037060c9167a505e230c 100644 (file)
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -6676,6 +6676,14 @@ static char *addrToString(struct sockaddr_storage *ss, socklen_t salen)
     int err;
     struct sockaddr *sa = (struct sockaddr *)ss;
 
+    if (sa->sa_family == AF_UNIX) {
+        if (!(addr = strdup("127.0.0.1;0"))) {
+            virReportOOMError();
+            return NULL;
+        }
+        return addr;
+    }
+
     if ((err = getnameinfo(sa, salen,
                            host, sizeof(host),
                            port, sizeof(port),
@@ -6977,12 +6985,12 @@ remoteAuthSASL (virConnectPtr conn, struct private_data *priv, int in_open,
     }
 
     memset (&secprops, 0, sizeof secprops);
-    /* If we've got TLS, we don't care about SSF */
-    secprops.min_ssf = priv->uses_tls ? 0 : 56; /* Equiv to DES supported by all Kerberos */
-    secprops.max_ssf = priv->uses_tls ? 0 : 100000; /* Very strong ! AES == 256 */
+    /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
+    secprops.min_ssf = priv->is_secure ? 0 : 56; /* Equiv to DES supported by all Kerberos */
+    secprops.max_ssf = priv->is_secure ? 0 : 100000; /* Very strong ! AES == 256 */
     secprops.maxbufsize = 100000;
-    /* If we're not TLS, then forbid any anonymous or trivially crackable auth */
-    secprops.security_flags = priv->uses_tls ? 0 :
+    /* If we're not secure, then forbid any anonymous or trivially crackable auth */
+    secprops.security_flags = priv->is_secure ? 0 :
         SASL_SEC_NOANONYMOUS | SASL_SEC_NOPLAINTEXT;
 
     err = sasl_setprop(saslconn, SASL_SEC_PROPS, &secprops);
@@ -7164,8 +7172,8 @@ remoteAuthSASL (virConnectPtr conn, struct private_data *priv, int in_open,
         }
     }
 
-    /* Check for suitable SSF if non-TLS */
-    if (!priv->uses_tls) {
+    /* Check for suitable SSF if not already secure (TLS or UNIX sock) */
+    if (!priv->is_secure) {
         err = sasl_getprop(saslconn, SASL_SSF, &val);
         if (err != SASL_OK) {
             remoteError(VIR_ERR_AUTH_FAILED,