From 5f75ec90fe671e5b19515c8e993f5fc4b03b19e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 16 Jun 2020 10:39:17 +0100 Subject: [PATCH] rpc: remove use of the term 'whitelist' from RPC code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The term "access control list" better describes the concept involved. Reviewed-by: Peter Krempa Signed-off-by: Daniel P. Berrangé --- docs/internals/rpc.html.in | 9 ++++---- src/remote/libvirtd.conf.in | 6 +++--- src/remote/remote_daemon_dispatch.c | 4 ++-- src/rpc/virnetsaslcontext.c | 10 ++++----- src/rpc/virnetsaslcontext.h | 2 +- src/rpc/virnettlscontext.c | 32 ++++++++++++++--------------- src/rpc/virnettlscontext.h | 4 ++-- tests/virconfdata/libvirtd.conf | 6 +++--- tests/virconfdata/libvirtd.out | 6 +++--- 9 files changed, 40 insertions(+), 39 deletions(-) diff --git a/docs/internals/rpc.html.in b/docs/internals/rpc.html.in index 40d844f31c..129945bf1c 100644 --- a/docs/internals/rpc.html.in +++ b/docs/internals/rpc.html.in @@ -447,7 +447,8 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
virNetSASLContextPtr (virnetsaslcontext.h)
The virNetSASLContext APIs maintain SASL state for a network service (server or client). This is primarily used on the server - to provide a whitelist of allowed SASL usernames for clients. + to provide an access control list of SASL usernames permitted as + clients.
virNetSASLSessionPtr (virnetsaslcontext.h)
@@ -460,7 +461,7 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
virNetTLSContextPtr (virnettlscontext.h)
The virNetTLSContext APIs maintain TLS state for a network service (server or client). This is primarily used on the server - to provide a whitelist of allowed x509 distinguished names, as + to provide an access control list of x509 distinguished names, as well as diffie-hellman keys. It can also do validation of x509 certificates prior to initiating a connection, in order to improve detection of configuration errors. @@ -760,8 +761,8 @@ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply) next step is to decode the RPC header. The header is validated to ensure the request is sensible, ie the server should not receive a method reply from a client. If the client has not yet authenticated, - a security check is also applied to make sure the procedure is on the - whitelist of those allowed prior to auth. If the packet is a method + an access control list check is also performed to make sure the procedure + is one of those allowed prior to auth. If the packet is a method call, it will be placed on a global processing queue. The event loop thread is now done with the packet for the time being.

diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in index 34741183cc..2607fbad86 100644 --- a/src/remote/libvirtd.conf.in +++ b/src/remote/libvirtd.conf.in @@ -253,11 +253,11 @@ # will be rejected. # # Default is to always verify. Uncommenting this will disable -# verification - make sure an IP whitelist is set +# verification. #tls_no_verify_certificate = 1 -# A whitelist of allowed x509 Distinguished Names +# An access control list of allowed x509 Distinguished Names # This list may contain wildcards such as # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" @@ -282,7 +282,7 @@ @END@ -# A whitelist of allowed SASL usernames. The format for username +# An access control list of allowed SASL usernames. The format for username # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM # diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 831e7d165c..67b86cff78 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -3861,7 +3861,7 @@ remoteDispatchAuthSaslStart(virNetServerPtr server, if (err == VIR_NET_SASL_CONTINUE) { ret->complete = 0; } else { - /* Check username whitelist ACL */ + /* Check username ACL */ if ((err = remoteSASLFinish(server, client)) < 0) { if (err == -2) goto authdeny; @@ -3957,7 +3957,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server, if (err == VIR_NET_SASL_CONTINUE) { ret->complete = 0; } else { - /* Check username whitelist ACL */ + /* Check username ACL */ if ((err = remoteSASLFinish(server, client)) < 0) { if (err == -2) goto authdeny; diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c index e7ed8f4390..9253771787 100644 --- a/src/rpc/virnetsaslcontext.c +++ b/src/rpc/virnetsaslcontext.c @@ -36,7 +36,7 @@ VIR_LOG_INIT("rpc.netsaslcontext"); struct _virNetSASLContext { virObjectLockable parent; - const char *const*usernameWhitelist; + const char *const *usernameACL; }; struct _virNetSASLSession { @@ -121,7 +121,7 @@ virNetSASLContextPtr virNetSASLContextNewClient(void) return ctxt; } -virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist) +virNetSASLContextPtr virNetSASLContextNewServer(const char *const *usernameACL) { virNetSASLContextPtr ctxt; @@ -132,7 +132,7 @@ virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitel if (!(ctxt = virObjectLockableNew(virNetSASLContextClass))) return NULL; - ctxt->usernameWhitelist = usernameWhitelist; + ctxt->usernameACL = usernameACL; return ctxt; } @@ -146,7 +146,7 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, virObjectLock(ctxt); /* If the list is not set, allow any DN. */ - wildcards = ctxt->usernameWhitelist; + wildcards = ctxt->usernameACL; if (!wildcards) { ret = 1; /* No ACL, allow all */ goto cleanup; @@ -162,7 +162,7 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, } /* Denied */ - VIR_ERROR(_("SASL client identity '%s' not allowed in whitelist"), identity); + VIR_ERROR(_("SASL client identity '%s' not allowed by ACL"), identity); /* This is the most common error: make it informative. */ virReportError(VIR_ERR_SYSTEM_ERROR, "%s", diff --git a/src/rpc/virnetsaslcontext.h b/src/rpc/virnetsaslcontext.h index 4d1845e643..618230f42d 100644 --- a/src/rpc/virnetsaslcontext.h +++ b/src/rpc/virnetsaslcontext.h @@ -38,7 +38,7 @@ enum { }; virNetSASLContextPtr virNetSASLContextNewClient(void); -virNetSASLContextPtr virNetSASLContextNewServer(const char *const*usernameWhitelist); +virNetSASLContextPtr virNetSASLContextNewServer(const char *const *usernameACL); int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt, const char *identity); diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index a8104cf484..168f3010ae 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -60,7 +60,7 @@ struct _virNetTLSContext { bool isServer; bool requireValidCert; - const char *const*x509dnWhitelist; + const char *const *x509dnACL; char *priority; }; @@ -356,8 +356,8 @@ static int virNetTLSContextCheckCertKeyPurpose(gnutls_x509_crt_t cert, /* Check DN is on tls_allowed_dn_list. */ static int -virNetTLSContextCheckCertDNWhitelist(const char *dname, - const char *const*wildcards) +virNetTLSContextCheckCertDNACL(const char *dname, + const char *const *wildcards) { while (*wildcards) { if (g_pattern_match_simple(*wildcards, dname)) @@ -367,7 +367,7 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname, } /* Log the client's DN for debugging */ - VIR_DEBUG("Failed whitelist check for client DN '%s'", dname); + VIR_DEBUG("Failed ACL check for client DN '%s'", dname); /* This is the most common error: make it informative. */ virReportError(VIR_ERR_SYSTEM_ERROR, "%s", @@ -385,10 +385,10 @@ virNetTLSContextCheckCertDN(gnutls_x509_crt_t cert, const char *certFile, const char *hostname, const char *dname, - const char *const* whitelist) + const char *const *acl) { - if (whitelist && dname && - virNetTLSContextCheckCertDNWhitelist(dname, whitelist) <= 0) + if (acl && dname && + virNetTLSContextCheckCertDNACL(dname, acl) <= 0) return -1; if (hostname && @@ -675,7 +675,7 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert, const char *cacrl, const char *cert, const char *key, - const char *const*x509dnWhitelist, + const char *const *x509dnACL, const char *priority, bool sanityCheckCert, bool requireValidCert, @@ -740,7 +740,7 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert, } ctxt->requireValidCert = requireValidCert; - ctxt->x509dnWhitelist = x509dnWhitelist; + ctxt->x509dnACL = x509dnACL; ctxt->isServer = isServer; PROBE(RPC_TLS_CONTEXT_NEW, @@ -855,7 +855,7 @@ static int virNetTLSContextLocateCredentials(const char *pkipath, static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath, bool tryUserPkiPath, - const char *const*x509dnWhitelist, + const char *const *x509dnACL, const char *priority, bool sanityCheckCert, bool requireValidCert, @@ -869,7 +869,7 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath, return NULL; ctxt = virNetTLSContextNew(cacert, cacrl, cert, key, - x509dnWhitelist, priority, sanityCheckCert, + x509dnACL, priority, sanityCheckCert, requireValidCert, isServer); VIR_FREE(cacert); @@ -882,12 +882,12 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath, virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath, bool tryUserPkiPath, - const char *const*x509dnWhitelist, + const char *const *x509dnACL, const char *priority, bool sanityCheckCert, bool requireValidCert) { - return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnWhitelist, priority, + return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnACL, priority, sanityCheckCert, requireValidCert, true); } @@ -906,12 +906,12 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert, const char *cacrl, const char *cert, const char *key, - const char *const*x509dnWhitelist, + const char *const *x509dnACL, const char *priority, bool sanityCheckCert, bool requireValidCert) { - return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnWhitelist, priority, + return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnACL, priority, sanityCheckCert, requireValidCert, true); } @@ -1063,7 +1063,7 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt, VIR_DEBUG("Peer DN is %s", dname); if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostname, dname, - ctxt->x509dnWhitelist) < 0) { + ctxt->x509dnACL) < 0) { gnutls_x509_crt_deinit(cert); goto authdeny; } diff --git a/src/rpc/virnettlscontext.h b/src/rpc/virnettlscontext.h index fe885aed9a..8ac84027b2 100644 --- a/src/rpc/virnettlscontext.h +++ b/src/rpc/virnettlscontext.h @@ -34,7 +34,7 @@ void virNetTLSInit(void); virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath, bool tryUserPkiPath, - const char *const*x509dnWhitelist, + const char *const *x509dnACL, const char *priority, bool sanityCheckCert, bool requireValidCert); @@ -49,7 +49,7 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert, const char *cacrl, const char *cert, const char *key, - const char *const*x509dnWhitelist, + const char *const *x509dnACL, const char *priority, bool sanityCheckCert, bool requireValidCert); diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.conf index 791d6c972b..6d1fd33dcd 100644 --- a/tests/virconfdata/libvirtd.conf +++ b/tests/virconfdata/libvirtd.conf @@ -174,11 +174,11 @@ crl_file = "/etc/pki/CA/crl.pem" # will be rejected. # # Default is to always verify. Uncommenting this will disable -# verification - make sure an IP whitelist is set +# verification. tls_no_verify_certificate = 1 -# A whitelist of allowed x509 Distinguished Names +# An access control list of allowed x509 Distinguished Names # This list may contain wildcards such as # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" @@ -194,7 +194,7 @@ tls_no_verify_certificate = 1 tls_allowed_dn_list = ["DN1", "DN2"] -# A whitelist of allowed SASL usernames. The format for usernames +# An access control list of allowed SASL usernames. The format for usernames # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM # diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out index cfdd23fd21..ce50480b8c 100644 --- a/tests/virconfdata/libvirtd.out +++ b/tests/virconfdata/libvirtd.out @@ -140,9 +140,9 @@ crl_file = "/etc/pki/CA/crl.pem" # will be rejected. # # Default is to always verify. Uncommenting this will disable -# verification - make sure an IP whitelist is set +# verification. tls_no_verify_certificate = 1 -# A whitelist of allowed x509 Distinguished Names +# An access control list of allowed x509 Distinguished Names # This list may contain wildcards such as # # "C=GB,ST=London,L=London,O=Red Hat,CN=*" @@ -156,7 +156,7 @@ tls_no_verify_certificate = 1 # # By default, no DN's are checked tls_allowed_dn_list = [ "DN1", "DN2" ] -# A whitelist of allowed SASL usernames. The format for usernames +# An access control list of allowed SASL usernames. The format for usernames # depends on the SASL authentication mechanism. Kerberos usernames # look like username@REALM #