From 7310739d1f1c766c0607ef4279b0e676a253ad84 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 15 Mar 2017 18:03:37 +0000 Subject: [PATCH] Short circuit SASL auth when no mechanisms are available If the SASL config does not have any mechanisms we currently just report an empty list to the client which will then fail to identify a usable mechanism. This is a server config error, so we should fail immediately on the server side. Signed-off-by: Daniel P. Berrange --- src/rpc/virnetsaslcontext.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c index 37a5da279d..c4492ecd2c 100644 --- a/src/rpc/virnetsaslcontext.c +++ b/src/rpc/virnetsaslcontext.c @@ -390,6 +390,12 @@ char *virNetSASLSessionListMechanisms(virNetSASLSessionPtr sasl) err, sasl_errdetail(sasl->conn)); goto cleanup; } + VIR_DEBUG("SASL mechanism list is '%s'", mechlist); + if (STREQ(mechlist, "")) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("no SASL mechanisms are available")); + goto cleanup; + } ignore_value(VIR_STRDUP(ret, mechlist)); cleanup: -- 2.47.2