Bug 658144 - Make SASL work over UNIX domain sockets
Summary: Make SASL work over UNIX domain sockets
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Daniel Veillard
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 641687
Blocks: 570526
TreeView+ depends on / blocked
 
Reported: 2010-11-29 14:11 UTC by RHEL Program Management
Modified: 2013-01-11 03:37 UTC (History)
12 users (show)

Fixed In Version: libvirt-0.8.1-27.el6_0.1
Doc Type: Bug Fix
Doc Text:
The "addrToString" methods did not work properly with UNIX domain sockets which did not have a normal "host:port" address. As a result SASL (Simple Authentication and Security Layer) could not be used over UNIX domain sockets. With this update, the "addrToString" methods are fixed and SASL is no longer restricted to TCP connections.
Clone Of:
Environment:
Last Closed: 2011-04-14 16:19:15 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0446 normal SHIPPED_LIVE libvirt bug fix update 2011-04-14 16:18:21 UTC

Description RHEL Program Management 2010-11-29 14:11:43 UTC
This bug has been copied from bug #641687 and has been proposed
to be backported to 6.0 z-stream (EUS).

Comment 3 Jiri Denemark 2010-11-29 23:52:14 UTC
Patches built into libvirt-0.8.1-27.el6_0.1

Comment 4 zhanghaiyan 2010-12-21 05:31:51 UTC
I am general sure about my test steps, but I have a little concern in https://bugzilla.redhat.com/show_bug.cgi?id=641687#c12 
Could anyone please help confirm weather it is OK to regard this bug as pass or not? Thanks.

Verified this bug with libvirt-0.8.1-27.el6_0.2.x86_64
- kernel-2.6.32-71.13.1.el6.x86_64
- qemu-kvm-0.12.1.2-2.113.el6_0.5.x86_64

Test steps:
1. Edit /etc/libvirt/libvirtd.conf to use 'sasl' as auth 
auth_unix_rw = "sasl"
2. # service libvirtd restart
3. # echo redhat | saslpasswd2 -p -a libvirt tester
4. # virsh -q qemu+unix:///system
error: unknown command: 'qemu+unix:///system'
[root@dhcp-65-132 ~]# virsh -c qemu+unix:///system
Please enter your authentication name: tester
Please enter your password: 
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # list --all
 Id Name                 State
----------------------------------

virsh # quit
5. # virsh -c qemu+unix:///system --readonly
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh > list --all
 Id Name                 State
----------------------------------

virsh > quit

Comment 7 koka xiong 2011-01-30 01:45:40 UTC
Verified with 
libvirt: libvirt-0.8.1-27.el6_0.3
kernel: kernel-2.6.32-71.16.1.el6
qemu-kvm: qemu-kvm-0.12.1.2-2.113.el6_0.6
Steps
1. Edit /etc/libvirt/libvirtd.conf as below
auth_unix_ro="none"
auth_unix_rw = "sasl"
2.# service libvirtd restart
3.# saslpasswd2 -a libvirt test
4.# virsh  -c  qemu+unix:///system
Please enter your authentication name: test
Please enter your password: 
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # 

5.
# virsh  -c  qemu+unix:///system --readonly
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh >

Comment 8 errata-xmlrpc 2011-04-14 16:19:15 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0446.html

Comment 9 Martin Prpič 2011-04-15 14:21:03 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The "addrToString" methods did not work properly with UNIX domain sockets which did not have a normal "host:port" address. As a result SASL (Simple Authentication and Security Layer) could not be used over UNIX domain sockets. With this update, the "addrToString" methods are fixed and SASL is no longer restricted to TCP connections.


Note You need to log in before you can comment on or make changes to this bug.