]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c06334)
remote: warn on low SSF
authorJán Tomko <jtomko@redhat.com>
Wed, 16 Jan 2019 15:29:44 +0000 (16:29 +0100)
committerJán Tomko <jtomko@redhat.com>
Thu, 4 Nov 2021 16:02:56 +0000 (17:02 +0100)
Prepare for deprecating old kerberos ciphers by warning users
with a SSF lower than 112.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
src/remote/remote_driver.c patch | blob | blame | history
src/remote/remote_driver.h patch | blob | blame | history

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 719fcf4297824e3a15412c8becca1a30ee98da63..c0bb44b2cd220e587c6e7f408552f12b99d8f7fe 100644 (file)
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -4186,6 +4186,11 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
                            _("negotiation SSF %d was not strong enough"), ssf);
             goto cleanup;
         }
+        if (ssf < SSF_WARNING_LEVEL) {
+            VIR_WARN("negotiation SSF %d lower than %d will be deprecated. "
+                     "Please upgrade your ciphers.",
+                     ssf, SSF_WARNING_LEVEL);
+        }
         priv->is_secure = 1;
     }
 
diff --git a/src/remote/remote_driver.h b/src/remote/remote_driver.h
index 1fab5a6cc47307fb9a8cff7ac8850acfa2eaab3e..5e9b04da636c9c53eb1a16e86eecb7342b17f05d 100644 (file)
--- a/src/remote/remote_driver.h
+++ b/src/remote/remote_driver.h
@@ -39,3 +39,5 @@ unsigned long remoteVersion(void);
 #define LIBVIRT_CLIENTCERT LIBVIRT_PKI_DIR "/libvirt/clientcert.pem"
 #define LIBVIRT_SERVERKEY LIBVIRT_PKI_DIR "/libvirt/private/serverkey.pem"
 #define LIBVIRT_SERVERCERT LIBVIRT_PKI_DIR "/libvirt/servercert.pem"
+
+#define SSF_WARNING_LEVEL 112
Mirror of https://github.com/libvirt/libvirt.git