Short circuit SASL auth when no mechanisms are available

If the SASL config does not have any mechanisms we currently
just report an empty list to the client which will then
fail to identify a usable mechanism. This is a server config
error, so we should fail immediately on the server side.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
index 37a5da279d32e1f482afaad68b58e94532234ef9..c4492ecd2c8624e870802bcb5de5949ae2f5f7be 100644 (file)
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -390,6 +390,12 @@ char *virNetSASLSessionListMechanisms(virNetSASLSessionPtr sasl)
                        err, sasl_errdetail(sasl->conn));
         goto cleanup;
     }
+    VIR_DEBUG("SASL mechanism list is '%s'", mechlist);
+    if (STREQ(mechlist, "")) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("no SASL mechanisms are available"));
+        goto cleanup;
+    }
     ignore_value(VIR_STRDUP(ret, mechlist));
 
  cleanup: