January 2013 - Devel - Libvirt List Archives

by Ján Tomko

This adds support for qcow3 to storage and qemu drivers (except for snapshots, I still need to do that). Qcow3 adds feature bits for compatible, incompatible and autoclear features. I'm not sure if it makes sense to differentiate between them in the XML. If yes, perhaps unknown incompatible features might result in an error, while we could just warn about unknown compatible ones. If not, one bitmap should be enough to track the ones that interest us. There are two feature bits so far: lazy_refcounts (delayed refcount updates) and a dirty bit (refcounts haven't been updated and older QEMU can't read this). If we knew what features are supported by QEMU, we could refuse to use them, however I don't know about other way to find out than running: qemu-img create -f qcow2 -o ? /dev/null If we don't know, I don't think it's any good to find out the dirty bit value. Ján Tomko (5): storage: refactor qemu-img command line generation storage: use virBuffer for generating qemu options string util: add qcow3 format probing conf: add format features to target XML qemu: add support for creating and using qcow3 images src/conf/storage_conf.c | 90 +++++++++++++++++++++++++++++ src/conf/storage_conf.h | 3 + src/libvirt_private.syms | 3 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_hotplug.c | 4 +- src/storage/storage_backend.c | 106 ++++++++++++++++++----------------- src/storage/storage_backend_fs.c | 7 ++ src/util/virstoragefile.c | 116 ++++++++++++++++++++++++++++++++++++-- src/util/virstoragefile.h | 27 +++++++++ 9 files changed, 298 insertions(+), 60 deletions(-) -- 1.7.8.6

11 years, 10 months

1
5
0 / 0

[libvirt] [PATCH] qemu_agent: Remove agent reference only when disposing it

by Michal Privoznik

https://bugzilla.redhat.com/show_bug.cgi?id=892079 With current code, if user calls virDomainPMSuspendForDuration() followed by virDomainDestroy(), the former API checks for qemu agent presence, which will evaluate as true (if agent is configured). While talking to qemu agent, the qemu driver is unlocked, so the latter API starts executing. However, if machine dies meanwhile, libvirtd gets EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The handler clears reference to qemu agent while the destroy API already holding a reference to it. This leads to NULL dereferencing later in the code. Therefore, the agent pointer should be set to NULL only if we are the exclusive owner of it. --- There's a reproducer in the BZ. It doesn't have to be a windows guest, I was able to reproduce with F17 guest as well. src/qemu/qemu_process.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 938c17e..320c0c6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -133,7 +133,8 @@ qemuProcessHandleAgentEOF(qemuAgentPtr agent, virDomainObjLock(vm); priv = vm->privateData; - if (priv->agent == agent) + if (priv->agent == agent && + !virObjectUnref(priv->agent)) priv->agent = NULL; virDomainObjUnlock(vm); -- 1.8.0.2

11 years, 10 months

2
3
0 / 0

[libvirt] [PATCH] maint: fix comment typo

by Eric Blake

While OOM can have knock-on effects that trash a system, generally the first symptom is one of memory thrashing. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Reword slightly. --- Pushing under the trivial rule. src/qemu/qemu_cgroup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 16a9d7c..6527146 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -1,7 +1,7 @@ /* * qemu_cgroup.c: QEMU cgroup management * - * Copyright (C) 2006-2012 Red Hat, Inc. + * Copyright (C) 2006-2013 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -344,8 +344,8 @@ int qemuSetupCgroup(virQEMUDriverPtr driver, if (!hard_limit) { /* If there is no hard_limit set, set a reasonable one to avoid - * system trashing caused by exploited qemu. As 'reasonable limit' - * has been chosen: + * system thrashing caused by exploited qemu. A 'reasonable + * limit' has been chosen: * (1 + k) * (domain memory + total video memory) + (32MB for * cache per each disk) + F * where k = 0.5 and F = 200MB. The cache for disks is important as -- 1.8.0.2

11 years, 10 months

1
0
0 / 0

[libvirt] [PATCH] maint: distribute libvirtd.service.in

by Eric Blake

I did a build --without-libvirtd, then ran 'make dist'. The resulting tarball was broken, with a complaint that make did not know how to create libvirtd.service.in. I traced it to a use of EXTRA_DIST inside a conditional. * daemon/Makefile.am (EXTRA_DIST): Hoist libvirtd.service.in outside of WITH_LIBVIRTD conditional. --- Pushing under the build-breaker rule. daemon/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index c59084c..95ff8cf 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -37,6 +37,7 @@ EXTRA_DIST = \ libvirtd.upstart \ libvirtd.policy.in \ libvirtd.sasl \ + libvirtd.service.in \ libvirtd.sysconf \ libvirtd.sysctl \ libvirtd.aug \ @@ -322,7 +323,6 @@ uninstall-init-upstart: endif # LIBVIRT_INIT_SCRIPT_UPSTART -EXTRA_DIST += libvirtd.service.in if LIBVIRT_INIT_SCRIPT_SYSTEMD SYSTEMD_UNIT_DIR = /lib/systemd/system -- 1.8.0.2

11 years, 10 months

1
0
0 / 0

[libvirt] [PATCH] Make TLS support conditional

by Daniel P. Berrange

From: "Daniel P. Berrange" <berrange(a)redhat.com> Add checks for existance of GNUTLS and automatically disable it if not found. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- configure.ac | 70 ++++++++++++++++++++++++++++++++----------- daemon/libvirtd.c | 41 ++++++++++++++++++------- daemon/remote.c | 2 ++ src/Makefile.am | 8 ++++- src/libvirt.c | 17 ++++++++--- src/locking/lock_daemon.c | 12 ++++++-- src/lxc/lxc_controller.c | 6 ++-- src/qemu/qemu_migration.c | 15 ++++++++-- src/remote/remote_driver.c | 15 ++++++++++ src/rpc/virnetclient.c | 20 ++++++++++--- src/rpc/virnetclient.h | 8 ++++- src/rpc/virnetserver.c | 6 ++++ src/rpc/virnetserver.h | 6 +++- src/rpc/virnetserverclient.c | 63 ++++++++++++++++++++++++++++++++++---- src/rpc/virnetserverclient.h | 4 +++ src/rpc/virnetserverservice.c | 31 ++++++++++++++----- src/rpc/virnetserverservice.h | 20 +++++++++---- src/rpc/virnetsocket.c | 17 ++++++++++- src/rpc/virnetsocket.h | 6 +++- tests/Makefile.am | 11 ++++++- 20 files changed, 311 insertions(+), 67 deletions(-) diff --git a/configure.ac b/configure.ac index ab08f17..bb64bf6 100644 --- a/configure.ac +++ b/configure.ac @@ -1025,30 +1025,62 @@ CFLAGS="$old_cflags" LIBS="$old_libs" dnl GnuTLS library -GNUTLS_CFLAGS= -GNUTLS_LIBS= -GNUTLS_FOUND=no -if test -x "$PKG_CONFIG" ; then - PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED, - [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no]) -fi -if test "$GNUTLS_FOUND" = "no"; then +AC_ARG_WITH([gnutls], + AC_HELP_STRING([--with-gnutls], [use GNUTLS for encryption @<:@default=check@:>@]), + [], + [with_gnutls=check]) + + +if test "x$with_gnutls" != "xno"; then + if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then + GNUTLS_CFLAGS="-I$with_gnutls/include" + GNUTLS_LIBS="-L$with_gnutls/lib" + fi fail=0 + old_cflags="$CFLAGS" old_libs="$LIBS" - AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1]) - AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt]) + CFLAGS="$CFLAGS $GNUTLS_CFLAGS" + LIBS="$LIBS $GNUTLS_LIBS" - test $fail = 1 && - AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt]) + GNUTLS_FOUND=no + if test -x "$PKG_CONFIG" ; then + PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED, + [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no]) + fi + if test "$GNUTLS_FOUND" = "no"; then + fail=0 + AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1]) + AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt]) + + test $fail = 0 && GNUTLS_FOUND=yes + + GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls" + fi + if test "$GNUTLS_FOUND" = "no"; then + if test "$with_gnutls" = "check"; then + with_gnutls=no + GNUTLS_LIBS= + GNUTLS_CFLAGS= + else + AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt]) + fi + else + dnl Not all versions of gnutls include -lgcrypt, and so we add + dnl it explicitly for the calls to gcry_control/check_version + GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt" + + with_gnutls=yes + fi - dnl Not all versions of gnutls include -lgcrypt, and so we add - dnl it explicitly for the calls to gcry_control/check_version - GNUTLS_LIBS="$LIBS -lgcrypt" LIBS="$old_libs" -else - GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt" + CFLAGS="$old_CFLAGS" fi +if test "x$with_gnutls" = "xyes" ; then + AC_DEFINE_UNQUOTED([HAVE_GNUTLS], 1, + [whether GNUTLS is available for encryption]) +fi +AM_CONDITIONAL([HAVE_GNUTLS], [test "x$with_gnutls" = "xyes"]) AC_SUBST([GNUTLS_CFLAGS]) AC_SUBST([GNUTLS_LIBS]) @@ -3168,7 +3200,11 @@ AC_MSG_NOTICE([ libssh2: $LIBSSH2_CFLAGS $LIBSSH2_LIBS]) else AC_MSG_NOTICE([ libssh2: no]) fi +if test "$with_gnutls" != "no" ; then AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS]) +else +AC_MSG_NOTICE([ gnutls: no]) +fi if test "$with_sasl" != "no" ; then AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS]) else diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index fa4d129..ff54af3 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -449,7 +449,9 @@ static int daemonSetupNetworking(virNetServerPtr srv, virNetServerServicePtr svc = NULL; virNetServerServicePtr svcRO = NULL; virNetServerServicePtr svcTCP = NULL; +#if HAVE_GNUTLS virNetServerServicePtr svcTLS = NULL; +#endif gid_t unix_sock_gid = 0; int unix_sock_ro_mask = 0; int unix_sock_rw_mask = 0; @@ -474,9 +476,11 @@ static int daemonSetupNetworking(virNetServerPtr srv, unix_sock_rw_mask, unix_sock_gid, config->auth_unix_rw, +#if HAVE_GNUTLS + NULL, +#endif false, - config->max_client_requests, - NULL))) + config->max_client_requests))) goto error; if (sock_path_ro) { VIR_DEBUG("Registering unix socket %s", sock_path_ro); @@ -484,9 +488,11 @@ static int daemonSetupNetworking(virNetServerPtr srv, unix_sock_ro_mask, unix_sock_gid, config->auth_unix_ro, +#if HAVE_GNUTLS + NULL, +#endif true, - config->max_client_requests, - NULL))) + config->max_client_requests))) goto error; } @@ -507,9 +513,11 @@ static int daemonSetupNetworking(virNetServerPtr srv, if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr, config->tcp_port, config->auth_tcp, +#if HAVE_GNUTLS + NULL, +#endif false, - config->max_client_requests, - NULL))) + config->max_client_requests))) goto error; if (virNetServerAddService(srv, svcTCP, @@ -517,6 +525,7 @@ static int daemonSetupNetworking(virNetServerPtr srv, goto error; } +#if HAVE_GNUTLS if (config->listen_tls) { virNetTLSContextPtr ctxt = NULL; @@ -546,9 +555,9 @@ static int daemonSetupNetworking(virNetServerPtr srv, virNetServerServiceNewTCP(config->listen_addr, config->tls_port, config->auth_tls, + ctxt, false, - config->max_client_requests, - ctxt))) { + config->max_client_requests))) { virObjectUnref(ctxt); goto error; } @@ -559,13 +568,23 @@ static int daemonSetupNetworking(virNetServerPtr srv, virObjectUnref(ctxt); } +#else + (void)privileged; + if (config->listen_tls) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("This libvirtd build does not support TLS")); + goto error; + } +#endif } #if HAVE_SASL if (config->auth_unix_rw == REMOTE_AUTH_SASL || config->auth_unix_ro == REMOTE_AUTH_SASL || - config->auth_tcp == REMOTE_AUTH_SASL || - config->auth_tls == REMOTE_AUTH_SASL) { +# if HAVE_GNUTLS + config->auth_tls == REMOTE_AUTH_SASL || +# endif + config->auth_tcp == REMOTE_AUTH_SASL) { saslCtxt = virNetSASLContextNewServer( (const char *const*)config->sasl_allowed_username_list); if (!saslCtxt) @@ -576,7 +595,9 @@ static int daemonSetupNetworking(virNetServerPtr srv, return 0; error: +#if HAVE_GNUTLS virObjectUnref(svcTLS); +#endif virObjectUnref(svcTCP); virObjectUnref(svc); virObjectUnref(svcRO); diff --git a/daemon/remote.c b/daemon/remote.c index 8767c18..67fe335 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2464,6 +2464,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED, if (!sasl) goto authfail; +# if HAVE_GNUTLS /* Inform SASL that we've got an external SSF layer from TLS */ if (virNetServerClientHasTLSSession(client)) { int ssf; @@ -2477,6 +2478,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED, if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) goto authfail; } +# endif if (virNetServerClientIsSecure(client)) /* If we've got TLS or UNIX domain sock, we don't care about SSF */ diff --git a/src/Makefile.am b/src/Makefile.am index 955973e..061d544 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1777,7 +1777,6 @@ libvirt_net_rpc_la_SOURCES = \ rpc/virnetmessage.h rpc/virnetmessage.c \ rpc/virnetprotocol.h rpc/virnetprotocol.c \ rpc/virnetsocket.h rpc/virnetsocket.c \ - rpc/virnettlscontext.h rpc/virnettlscontext.c \ rpc/virkeepaliveprotocol.h rpc/virkeepaliveprotocol.c \ rpc/virkeepalive.h rpc/virkeepalive.c if HAVE_LIBSSH2 @@ -1787,6 +1786,13 @@ else EXTRA_DIST += \ rpc/virnetsshsession.h rpc/virnetsshsession.c endif +if HAVE_GNUTLS +libvirt_net_rpc_la_SOURCES += \ + rpc/virnettlscontext.h rpc/virnettlscontext.c +else +EXTRA_DIST += \ + rpc/virnettlscontext.h rpc/virnettlscontext.c +endif if HAVE_SASL libvirt_net_rpc_la_SOURCES += \ rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c diff --git a/src/libvirt.c b/src/libvirt.c index 6d1da12..e0f6185 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -55,7 +55,9 @@ #include "configmake.h" #include "intprops.h" #include "virconf.h" -#include "rpc/virnettlscontext.h" +#if HAVE_GNUTLS +# include "rpc/virnettlscontext.h" +#endif #include "vircommand.h" #include "virrandom.h" #include "viruri.h" @@ -268,6 +270,8 @@ winsock_init(void) } #endif + +#ifdef HAVE_GNUTLS static int virTLSMutexInit(void **priv) { virMutexPtr lock = NULL; @@ -308,11 +312,11 @@ static int virTLSMutexUnlock(void **priv) static struct gcry_thread_cbs virTLSThreadImpl = { /* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */ -#ifdef GCRY_THREAD_OPTION_VERSION +# ifdef GCRY_THREAD_OPTION_VERSION (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), -#else +# else GCRY_THREAD_OPTION_PTHREAD, -#endif +# endif NULL, virTLSMutexInit, virTLSMutexDestroy, @@ -320,6 +324,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = { virTLSMutexUnlock, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +#endif /* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This * assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but @@ -403,12 +408,16 @@ virGlobalInit(void) virErrorInitialize() < 0) goto error; +#ifdef HAVE_GNUTLS gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl); gcry_check_version(NULL); +#endif virLogSetFromEnv(); +#ifdef HAVE_GNUTLS virNetTLSInit(); +#endif #if HAVE_LIBCURL curl_global_init(CURL_GLOBAL_DEFAULT); diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index 7288f7a..ba42c00 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -654,7 +654,11 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv) /* Systemd passes FDs, starting immediately after stderr, * so the first FD we'll get is '3'. */ - if (!(svc = virNetServerServiceNewFD(3, 0, false, 1, NULL))) + if (!(svc = virNetServerServiceNewFD(3, 0, +#if HAVE_GNUTLS + NULL, +#endif + false, 1))) return -1; if (virNetServerAddService(srv, svc, NULL) < 0) { @@ -672,7 +676,11 @@ virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path) VIR_DEBUG("Setting up networking natively"); - if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, false, 1, NULL))) + if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, +#if HAVE_GNUTLS + NULL, +#endif + false, 1))) return -1; if (virNetServerAddService(srv, svc, NULL) < 0) { diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index c9d96b3..ddc921e 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -631,9 +631,11 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl) 0700, 0, 0, +#if HAVE_GNUTLS + NULL, +#endif false, - 5, - NULL))) + 5))) goto error; if (virNetServerAddService(ctrl->server, svc, NULL) < 0) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 9c7247b..e235677 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -23,8 +23,10 @@ #include <config.h> #include <sys/time.h> -#include <gnutls/gnutls.h> -#include <gnutls/x509.h> +#ifdef HAVE_GNUTLS +# include <gnutls/gnutls.h> +# include <gnutls/x509.h> +#endif #include <fcntl.h> #include <poll.h> @@ -196,6 +198,7 @@ static void qemuMigrationCookieFree(qemuMigrationCookiePtr mig) } +#ifdef HAVE_GNUTLS static char * qemuDomainExtractTLSSubject(const char *certdir) { @@ -254,7 +257,7 @@ error: VIR_FREE(pemdata); return NULL; } - +#endif static qemuMigrationCookieGraphicsPtr qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, @@ -273,9 +276,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, if (!listenAddr) listenAddr = driver->vncListen; +#ifdef HAVE_GNUTLS if (driver->vncTLS && !(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->vncTLSx509certdir))) goto error; +#endif } else { mig->port = def->data.spice.port; if (driver->spiceTLS) @@ -286,9 +291,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, if (!listenAddr) listenAddr = driver->spiceListen; +#ifdef HAVE_GNUTLS if (driver->spiceTLS && !(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->spiceTLSx509certdir))) goto error; +#endif } if (!(mig->listen = strdup(listenAddr))) goto no_memory; @@ -297,7 +304,9 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, no_memory: virReportOOMError(); +#ifdef HAVE_GNUTLS error: +#endif qemuMigrationCookieGraphicsFree(mig); return NULL; } diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index c078cb5..f10c68a 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -80,7 +80,9 @@ struct private_data { int counter; /* Serial number for RPC */ +#ifdef HAVE_GNUTLS virNetTLSContextPtr tls; +#endif int is_secure; /* Secure if TLS or SASL or UNIX sockets */ char *type; /* Cached return from remoteType. */ @@ -596,12 +598,19 @@ doRemoteOpen(virConnectPtr conn, /* Connect to the remote service. */ switch (transport) { case trans_tls: +#ifdef HAVE_GNUTLS priv->tls = virNetTLSContextNewClientPath(pkipath, geteuid() != 0 ? true : false, sanity, verify); if (!priv->tls) goto failed; priv->is_secure = 1; +#else + (void)sanity; + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("GNUTLS support not available in this build")); + goto failed; +#endif /*FALLTHROUGH*/ case trans_tcp: @@ -609,11 +618,13 @@ doRemoteOpen(virConnectPtr conn, if (!priv->client) goto failed; +#ifdef HAVE_GNUTLS if (priv->tls) { VIR_DEBUG("Starting TLS session"); if (virNetClientSetTLSSession(priv->client, priv->tls) < 0) goto failed; } +#endif break; @@ -1001,8 +1012,10 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv) (xdrproc_t) xdr_void, (char *) NULL) == -1) ret = -1; +#ifdef HAVE_GNUTLS virObjectUnref(priv->tls); priv->tls = NULL; +#endif virNetClientSetCloseCallback(priv->client, NULL, NULL, @@ -3879,6 +3892,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, saslcb))) goto cleanup; +# ifdef HAVE_GNUTLS /* Initialize some connection props we care about */ if (priv->tls) { if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0) @@ -3890,6 +3904,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) goto cleanup; } +# endif /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */ /* If we're not secure, then forbid any anonymous or trivially crackable auth */ diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 208e2e9..e933529 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -70,7 +70,9 @@ struct _virNetClient { virNetSocketPtr sock; bool asyncIO; +#if HAVE_GNUTLS virNetTLSSessionPtr tls; +#endif char *hostname; virNetClientProgramPtr *programs; @@ -627,7 +629,9 @@ void virNetClientDispose(void *obj) if (client->sock) virNetSocketRemoveIOCallback(client->sock); virObjectUnref(client->sock); +#if HAVE_GNUTLS virObjectUnref(client->tls); +#endif #if HAVE_SASL virObjectUnref(client->sasl); #endif @@ -663,8 +667,10 @@ virNetClientCloseLocked(virNetClientPtr client) virObjectUnref(client->sock); client->sock = NULL; +#if HAVE_GNUTLS virObjectUnref(client->tls); client->tls = NULL; +#endif #if HAVE_SASL virObjectUnref(client->sasl); client->sasl = NULL; @@ -745,6 +751,7 @@ void virNetClientSetSASLSession(virNetClientPtr client, #endif +#if HAVE_GNUTLS int virNetClientSetTLSSession(virNetClientPtr client, virNetTLSContextPtr tls) { @@ -755,12 +762,12 @@ int virNetClientSetTLSSession(virNetClientPtr client, sigset_t oldmask, blockedsigs; sigemptyset(&blockedsigs); -#ifdef SIGWINCH +# ifdef SIGWINCH sigaddset(&blockedsigs, SIGWINCH); -#endif -#ifdef SIGCHLD +# endif +# ifdef SIGCHLD sigaddset(&blockedsigs, SIGCHLD); -#endif +# endif sigaddset(&blockedsigs, SIGPIPE); virNetClientLock(client); @@ -847,13 +854,16 @@ error: virNetClientUnlock(client); return -1; } +#endif bool virNetClientIsEncrypted(virNetClientPtr client) { bool ret = false; virNetClientLock(client); +#if HAVE_GNUTLS if (client->tls) ret = true; +#endif #if HAVE_SASL if (client->sasl) ret = true; @@ -956,6 +966,7 @@ const char *virNetClientRemoteAddrString(virNetClientPtr client) return virNetSocketRemoteAddrString(client->sock); } +#if HAVE_GNUTLS int virNetClientGetTLSKeySize(virNetClientPtr client) { int ret = 0; @@ -965,6 +976,7 @@ int virNetClientGetTLSKeySize(virNetClientPtr client) virNetClientUnlock(client); return ret; } +#endif static int virNetClientCallDispatchReply(virNetClientPtr client) diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 139cf32..d594add 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -23,7 +23,9 @@ #ifndef __VIR_NET_CLIENT_H__ # define __VIR_NET_CLIENT_H__ -# include "virnettlscontext.h" +# ifdef HAVE_GNUTLS +# include "virnettlscontext.h" +# endif # include "virnetmessage.h" # ifdef HAVE_SASL # include "virnetsaslcontext.h" @@ -107,8 +109,10 @@ void virNetClientSetSASLSession(virNetClientPtr client, virNetSASLSessionPtr sasl); # endif +# ifdef HAVE_GNUTLS int virNetClientSetTLSSession(virNetClientPtr client, virNetTLSContextPtr tls); +# endif bool virNetClientIsEncrypted(virNetClientPtr client); bool virNetClientIsOpen(virNetClientPtr client); @@ -116,7 +120,9 @@ bool virNetClientIsOpen(virNetClientPtr client); const char *virNetClientLocalAddrString(virNetClientPtr client); const char *virNetClientRemoteAddrString(virNetClientPtr client); +# ifdef HAVE_GNUTLS int virNetClientGetTLSKeySize(virNetClientPtr client); +# endif void virNetClientClose(virNetClientPtr client); diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 5674309..b9df71b 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -98,7 +98,9 @@ struct _virNetServer { unsigned int quit :1; +#ifdef HAVE_GNUTLS virNetTLSContextPtr tls; +#endif unsigned int autoShutdownTimeout; size_t autoShutdownInhibitions; @@ -309,7 +311,9 @@ static int virNetServerDispatchNewClient(virNetServerServicePtr svc, virNetServerServiceGetAuth(svc), virNetServerServiceIsReadonly(svc), virNetServerServiceGetMaxRequests(svc), +#if HAVE_GNUTLS virNetServerServiceGetTLSContext(svc), +#endif srv->clientPrivNew, srv->clientPrivPreExecRestart, srv->clientPrivFree, @@ -1034,12 +1038,14 @@ no_memory: return -1; } +#if HAVE_GNUTLS int virNetServerSetTLSContext(virNetServerPtr srv, virNetTLSContextPtr tls) { srv->tls = virObjectRef(tls); return 0; } +#endif static void virNetServerAutoShutdownTimer(int timerid ATTRIBUTE_UNUSED, diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index da7dc9e..d906dd1 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -26,7 +26,9 @@ # include <signal.h> -# include "virnettlscontext.h" +# ifdef HAVE_GNUTLS +# include "virnettlscontext.h" +# endif # include "virnetserverprogram.h" # include "virnetserverclient.h" # include "virnetserverservice.h" @@ -79,8 +81,10 @@ int virNetServerAddService(virNetServerPtr srv, int virNetServerAddProgram(virNetServerPtr srv, virNetServerProgramPtr prog); +# if HAVE_GNUTLS int virNetServerSetTLSContext(virNetServerPtr srv, virNetTLSContextPtr tls); +# endif void virNetServerUpdateServices(virNetServerPtr srv, bool enabled); diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index aefc511..bf23d24 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -66,8 +66,10 @@ struct _virNetServerClient int auth; bool readonly; char *identity; +#if HAVE_GNUTLS virNetTLSContextPtr tlsCtxt; virNetTLSSessionPtr tls; +#endif #if HAVE_SASL virNetSASLSessionPtr sasl; #endif @@ -147,13 +149,18 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p", +#ifdef HAVE_GNUTLS client->tls, client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1, +#else + NULL, -1, +#endif client->rx, client->tx); if (!client->sock || client->wantClose) return 0; +#if HAVE_GNUTLS if (client->tls) { switch (virNetTLSSessionGetHandshakeStatus(client->tls)) { case VIR_NET_TLS_HANDSHAKE_RECVING: @@ -170,6 +177,7 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { mode |= VIR_EVENT_HANDLE_WRITABLE; } } else { +#endif /* If there is a message on the rx queue, and * we're not in middle of a delayedClose, then * we're wanting more input */ @@ -180,7 +188,9 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { then monitor for writability on socket */ if (client->tx) mode |= VIR_EVENT_HANDLE_WRITABLE; +#if HAVE_GNUTLS } +#endif VIR_DEBUG("mode=%o", mode); return mode; } @@ -287,6 +297,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client, } +#ifdef HAVE_GNUTLS /* Check the client's access. */ static int virNetServerClientCheckAccess(virNetServerClientPtr client) @@ -322,6 +333,8 @@ virNetServerClientCheckAccess(virNetServerClientPtr client) return 0; } +#endif + static void virNetServerClientSockTimerFunc(int timer, void *opaque) @@ -340,9 +353,11 @@ static void virNetServerClientSockTimerFunc(int timer, static virNetServerClientPtr virNetServerClientNewInternal(virNetSocketPtr sock, int auth, +#ifdef HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_max, - virNetTLSContextPtr tls) + size_t nrequests_max) { virNetServerClientPtr client; @@ -360,7 +375,9 @@ virNetServerClientNewInternal(virNetSocketPtr sock, client->sock = virObjectRef(sock); client->auth = auth; client->readonly = readonly; +#ifdef HAVE_GNUTLS client->tlsCtxt = virObjectRef(tls); +#endif client->nrequests_max = nrequests_max; client->sockTimer = virEventAddTimeout(-1, virNetServerClientSockTimerFunc, @@ -394,7 +411,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock, int auth, bool readonly, size_t nrequests_max, +#ifdef HAVE_GNUTLS virNetTLSContextPtr tls, +#endif virNetServerClientPrivNew privNew, virNetServerClientPrivPreExecRestart privPreExecRestart, virFreeCallback privFree, @@ -402,9 +421,19 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock, { virNetServerClientPtr client; - VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls); + VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, +#ifdef HAVE_GNUTLS + tls +#else + NULL +#endif + ); - if (!(client = virNetServerClientNewInternal(sock, auth, readonly, nrequests_max, tls))) + if (!(client = virNetServerClientNewInternal(sock, auth, +#ifdef HAVE_GNUTLS + tls, +#endif + readonly, nrequests_max))) return NULL; if (privNew) { @@ -470,9 +499,11 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec if (!(client = virNetServerClientNewInternal(sock, auth, +#ifdef HAVE_GNUTLS + NULL, +#endif readonly, - nrequests_max, - NULL))) { + nrequests_max))) { virObjectUnref(sock); return NULL; } @@ -571,6 +602,7 @@ bool virNetServerClientGetReadonly(virNetServerClientPtr client) } +#ifdef HAVE_GNUTLS bool virNetServerClientHasTLSSession(virNetServerClientPtr client) { bool has; @@ -589,6 +621,7 @@ int virNetServerClientGetTLSKeySize(virNetServerClientPtr client) virNetServerClientUnlock(client); return size; } +#endif int virNetServerClientGetFD(virNetServerClientPtr client) { @@ -615,8 +648,10 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client) { bool secure = false; virNetServerClientLock(client); +#if HAVE_GNUTLS if (client->tls) secure = true; +#endif #if HAVE_SASL if (client->sasl) secure = true; @@ -628,6 +663,7 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client) } + #if HAVE_SASL void virNetServerClientSetSASLSession(virNetServerClientPtr client, virNetSASLSessionPtr sasl) @@ -730,8 +766,10 @@ void virNetServerClientDispose(void *obj) #endif if (client->sockTimer > 0) virEventRemoveTimeout(client->sockTimer); +#if HAVE_GNUTLS virObjectUnref(client->tls); virObjectUnref(client->tlsCtxt); +#endif virObjectUnref(client->sock); virNetServerClientUnlock(client); virMutexDestroy(&client->lock); @@ -784,10 +822,12 @@ void virNetServerClientClose(virNetServerClientPtr client) if (client->sock) virNetSocketRemoveIOCallback(client->sock); +#if HAVE_GNUTLS if (client->tls) { virObjectUnref(client->tls); client->tls = NULL; } +#endif client->wantClose = true; while (client->rx) { @@ -847,10 +887,13 @@ int virNetServerClientInit(virNetServerClientPtr client) { virNetServerClientLock(client); +#if HAVE_GNUTLS if (!client->tlsCtxt) { +#endif /* Plain socket, so prepare to read first message */ if (virNetServerClientRegisterEvent(client) < 0) goto error; +#if HAVE_GNUTLS } else { int ret; @@ -879,6 +922,7 @@ int virNetServerClientInit(virNetServerClientPtr client) goto error; } } +#endif virNetServerClientUnlock(client); return 0; @@ -1180,6 +1224,8 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client) } } + +#if HAVE_GNUTLS static void virNetServerClientDispatchHandshake(virNetServerClientPtr client) { @@ -1202,6 +1248,7 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client) client->wantClose = true; } } +#endif static void virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque) @@ -1218,17 +1265,21 @@ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque) if (events & (VIR_EVENT_HANDLE_WRITABLE | VIR_EVENT_HANDLE_READABLE)) { +#if HAVE_GNUTLS if (client->tls && virNetTLSSessionGetHandshakeStatus(client->tls) != VIR_NET_TLS_HANDSHAKE_COMPLETE) { virNetServerClientDispatchHandshake(client); } else { +#endif if (events & VIR_EVENT_HANDLE_WRITABLE) virNetServerClientDispatchWrite(client); if (events & VIR_EVENT_HANDLE_READABLE && client->rx) virNetServerClientDispatchRead(client); +#if HAVE_GNUTLS } +#endif } /* NB, will get HANGUP + READABLE at same time upon diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index 65084e2..b11b9a9 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -52,7 +52,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock, int auth, bool readonly, size_t nrequests_max, +# ifdef HAVE_GNUTLS virNetTLSContextPtr tls, +# endif virNetServerClientPrivNew privNew, virNetServerClientPrivPreExecRestart privPreExecRestart, virFreeCallback privFree, @@ -76,8 +78,10 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client, int virNetServerClientGetAuth(virNetServerClientPtr client); bool virNetServerClientGetReadonly(virNetServerClientPtr client); +# ifdef HAVE_GNUTLS bool virNetServerClientHasTLSSession(virNetServerClientPtr client); int virNetServerClientGetTLSKeySize(virNetServerClientPtr client); +# endif # ifdef HAVE_SASL void virNetServerClientSetSASLSession(virNetServerClientPtr client, diff --git a/src/rpc/virnetserverservice.c b/src/rpc/virnetserverservice.c index 7d671f0..61dd682 100644 --- a/src/rpc/virnetserverservice.c +++ b/src/rpc/virnetserverservice.c @@ -41,7 +41,9 @@ struct _virNetServerService { bool readonly; size_t nrequests_client_max; +#if HAVE_GNUTLS virNetTLSContextPtr tls; +#endif virNetServerServiceDispatchFunc dispatchFunc; void *dispatchOpaque; @@ -90,9 +92,11 @@ cleanup: virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, const char *service, int auth, +#if HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls) + size_t nrequests_client_max) { virNetServerServicePtr svc; size_t i; @@ -106,7 +110,9 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, svc->auth = auth; svc->readonly = readonly; svc->nrequests_client_max = nrequests_client_max; +#if HAVE_GNUTLS svc->tls = virObjectRef(tls); +#endif if (virNetSocketNewListenTCP(nodename, service, @@ -144,9 +150,11 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, mode_t mask, gid_t grp, int auth, +#if HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls) + size_t nrequests_client_max) { virNetServerServicePtr svc; int i; @@ -160,7 +168,9 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, svc->auth = auth; svc->readonly = readonly; svc->nrequests_client_max = nrequests_client_max; +#if HAVE_GNUTLS svc->tls = virObjectRef(tls); +#endif svc->nsocks = 1; if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) @@ -202,9 +212,11 @@ error: virNetServerServicePtr virNetServerServiceNewFD(int fd, int auth, +#if HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls) + size_t nrequests_client_max) { virNetServerServicePtr svc; int i; @@ -218,7 +230,9 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd, svc->auth = auth; svc->readonly = readonly; svc->nrequests_client_max = nrequests_client_max; +#if HAVE_GNUTLS svc->tls = virObjectRef(tls); +#endif svc->nsocks = 1; if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) @@ -401,11 +415,12 @@ size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc) return svc->nrequests_client_max; } +#if HAVE_GNUTLS virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc) { return svc->tls; } - +#endif void virNetServerServiceSetDispatcher(virNetServerServicePtr svc, virNetServerServiceDispatchFunc func, @@ -425,7 +440,9 @@ void virNetServerServiceDispose(void *obj) virObjectUnref(svc->socks[i]); VIR_FREE(svc->socks); +#if HAVE_GNUTLS virObjectUnref(svc->tls); +#endif } void virNetServerServiceToggle(virNetServerServicePtr svc, diff --git a/src/rpc/virnetserverservice.h b/src/rpc/virnetserverservice.h index 615b572..934b8d3 100644 --- a/src/rpc/virnetserverservice.h +++ b/src/rpc/virnetserverservice.h @@ -40,21 +40,27 @@ typedef int (*virNetServerServiceDispatchFunc)(virNetServerServicePtr svc, virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, const char *service, int auth, +# if HAVE_GNUTLS + virNetTLSContextPtr tls, +# endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls); + size_t nrequests_client_max); virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, mode_t mask, gid_t grp, int auth, +# if HAVE_GNUTLS + virNetTLSContextPtr tls, +# endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls); + size_t nrequests_client_max); virNetServerServicePtr virNetServerServiceNewFD(int fd, int auth, +# if HAVE_GNUTLS + virNetTLSContextPtr tls, +# endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls); + size_t nrequests_client_max); virNetServerServicePtr virNetServerServiceNewPostExecRestart(virJSONValuePtr object); @@ -65,7 +71,9 @@ int virNetServerServiceGetPort(virNetServerServicePtr svc); int virNetServerServiceGetAuth(virNetServerServicePtr svc); bool virNetServerServiceIsReadonly(virNetServerServicePtr svc); size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc); +# ifdef HAVE_GNUTLS virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc); +# endif void virNetServerServiceSetDispatcher(virNetServerServicePtr svc, virNetServerServiceDispatchFunc func, diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index ef93892..a817999 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -79,7 +79,9 @@ struct _virNetSocket { char *localAddrStr; char *remoteAddrStr; +#if HAVE_GNUTLS virNetTLSSessionPtr tlsSession; +#endif #if HAVE_SASL virNetSASLSessionPtr saslSession; @@ -948,11 +950,13 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock) goto error; } #endif +#if HAVE_GNUTLS if (sock->tlsSession) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Unable to save socket state when TLS session is active")); goto error; } +#endif if (!(object = virJSONValueNewObject())) goto error; @@ -1011,10 +1015,12 @@ void virNetSocketDispose(void *obj) unlink(sock->localAddr.data.un.sun_path); #endif +#if HAVE_GNUTLS /* Make sure it can't send any more I/O during shutdown */ if (sock->tlsSession) virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL); virObjectUnref(sock->tlsSession); +#endif #if HAVE_SASL virObjectUnref(sock->saslSession); #endif @@ -1178,6 +1184,7 @@ const char *virNetSocketRemoteAddrString(virNetSocketPtr sock) } +#if HAVE_GNUTLS static ssize_t virNetSocketTLSSessionWrite(const char *buf, size_t len, void *opaque) @@ -1208,7 +1215,7 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock, sock); virMutexUnlock(&sock->lock); } - +#endif #if HAVE_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, @@ -1280,13 +1287,17 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len) #endif reread: +#if HAVE_GNUTLS if (sock->tlsSession && virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == VIR_NET_TLS_HANDSHAKE_COMPLETE) { ret = virNetTLSSessionRead(sock->tlsSession, buf, len); } else { +#endif ret = read(sock->fd, buf, len); +#if HAVE_GNUTLS } +#endif if ((ret < 0) && (errno == EINTR)) goto reread; @@ -1335,13 +1346,17 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size #endif rewrite: +#if HAVE_GNUTLS if (sock->tlsSession && virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == VIR_NET_TLS_HANDSHAKE_COMPLETE) { ret = virNetTLSSessionWrite(sock->tlsSession, buf, len); } else { +#endif ret = write(sock->fd, buf, len); +#if HAVE_GNUTLS } +#endif if (ret < 0) { if (errno == EINTR) diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index 7016c09..ce15bb8 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -26,7 +26,9 @@ # include "virsocketaddr.h" # include "vircommand.h" -# include "virnettlscontext.h" +# ifdef HAVE_GNUTLS +# include "virnettlscontext.h" +# endif # include "virobject.h" # ifdef HAVE_SASL # include "virnetsaslcontext.h" @@ -122,8 +124,10 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len); int virNetSocketSendFD(virNetSocketPtr sock, int fd); int virNetSocketRecvFD(virNetSocketPtr sock, int *fd); +# ifdef HAVE_GNUTLS void virNetSocketSetTLSSession(virNetSocketPtr sock, virNetTLSSessionPtr sess); +# endif # ifdef HAVE_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, diff --git a/tests/Makefile.am b/tests/Makefile.am index b603ea3..9c7c6fb 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -91,7 +91,7 @@ test_programs = virshtest sockettest \ commandtest seclabeltest \ virhashtest virnetmessagetest virnetsockettest \ viratomictest \ - utiltest virnettlscontexttest shunloadtest \ + utiltest shunloadtest \ virtimetest viruritest virkeyfiletest \ virauthconfigtest \ virbitmaptest \ @@ -100,6 +100,10 @@ test_programs = virshtest sockettest \ sysinfotest \ $(NULL) +if HAVE_GNUTLS +test_programs += virnettlscontexttest +endif + if WITH_SECDRIVER_SELINUX test_programs += securityselinuxtest endif @@ -526,6 +530,7 @@ virnetsockettest_SOURCES = \ virnetsockettest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) virnetsockettest_LDADD = $(LDADDS) +if HAVE_GNUTLS virnettlscontexttest_SOURCES = \ virnettlscontexttest.c testutils.h testutils.c virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) @@ -536,6 +541,10 @@ virnettlscontexttest_LDADD += -ltasn1 else EXTRA_DIST += pkix_asn1_tab.c endif +else +EXTRA_DIST += \ + virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c +endif virtimetest_SOURCES = \ virtimetest.c testutils.h testutils.c -- 1.8.0.1

11 years, 10 months

2
5
0 / 0

[libvirt] Connection release is not correct in libvirt and libvrt java

by Benjamin Wang (gendwang)

Hi, The following is the current code to release connection in libvirt. int virConnectClose(virConnectPtr conn) { ... if (!VIR_IS_CONNECT(conn)) { virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__); goto error; } ... error: virDispatchError(NULL); return ret; } Now if the cable is unplugged and the application call virConnectClose to release connection, the code will enter into the error procedure, the connection Can't be released. I have changed the following two parts to fix this issue. Please give your comments: Changed Code1: int virConnectClose(virConnectPtr conn) { ... + if(NULL == conn) { + return 0; + } ... - if (!VIR_IS_CONNECT(conn)) { - virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__); - goto error; - } ... error: virDispatchError(NULL); return ret; } Changed Code2: int virUnrefConnect(virConnectPtr conn) { ... + if(NULL == conn) { + return 0; + } - if ((!VIR_IS_CONNECT(conn))) { - virLibConnError(VIR_ERR_INVALID_ARG, _("no connection")); - return -1; - } ... } For libvirt java, there are similar issue. I have changed code as following in Collect.java. Please also give your comments. public int close() throws LibvirtException { int success = 0; if (VCP != null) { + try { success = libvirt.virConnectClose(VCP); processError(); + } + finally { // If leave an invalid pointer dangling around JVM crashes and burns // if someone tries to call a method on us // We rely on the underlying libvirt error handling to detect that // it's called with a null virConnectPointer VCP = null; + } } return success; } B.R. Benjamin Wang

11 years, 10 months

3
2
0 / 0

[libvirt] [PATCH 0/2] Colorize HTML documentation

by Claudio Bley

Hi. This patchset adds a few classes to the generated HTML documentation. The style sheets are also adapted making use of the new classes to give the documentation a little visual overhaul. YMMV, but it looks good for me using Firefox, Webkit and Opera. I did check the CSS rules using the W3C CSS validator. Claudio Bley (2): docs: Assign classes to documentation elements docs: Add some style and color to the HTML documentation docs/generic.css | 4 ++ docs/libvirt.css | 56 +++++++++++++++- docs/newapi.xsl | 187 +++++++++++++++++++++++++++++++----------------------- 3 files changed, 166 insertions(+), 81 deletions(-) -- 1.7.9.5

11 years, 10 months

1
2
0 / 0

[libvirt] [PATCH 0/2] Improve readability of generated HTML documenation

by Claudio Bley

Hi. These patches try to improve the look and feel of the libvirt documentation. Claudio Bley (2): docs: break longer text into paragraphs in HTML docs: Limit the maximum width of info text to 75em for better readability docs/libvirt.css | 4 ++++ docs/newapi.xsl | 50 +++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 45 insertions(+), 9 deletions(-) -- 1.7.9.5

11 years, 10 months

2
5
0 / 0

[libvirt] [PATCH 0/3] Resolve DEADCODE errors found by Coverity

by John Ferlan

This set of patches resolves "Error: DEADCODE (CWE-561)" errors found by Coverity John Ferlan (3): phyp: Remove deadcode referencing exit_status nwfilter: Remove unprivileged code path to set base tests: Remove remnants of removing the fake emulator output src/nwfilter/nwfilter_driver.c | 10 ++-------- src/phyp/phyp_driver.c | 4 ---- tests/qemuxml2argvtest.c | 11 ----------- 3 files changed, 2 insertions(+), 23 deletions(-) -- 1.7.11.7

11 years, 10 months

2
6
0 / 0

[libvirt] virsh auto completion

by Michal Privoznik

Going over my local git branches, I found old patch set which I was trying to get in once. Along guest IP address patches I feel like this one is desired as well and keeps returning to us from time to time. What I think this feature should look like: virsh # sta<TAB> expands to: virsh # start Now, hitting <TAB> again (okay, several times actually) gives us a list of supported options: --autodestroy --bypass-cache --console --force-boot --paused virsh # start -- Up to here, it's just current implementation. What I'd like to see is list of (ideally shut off) domains: --autodestroy --bypass-cache --console --force-boot --paused f17 f18 <...> virsh # start -- The same applies to complete a single option as well. That is not (only) command based completer, but a option based one. IIRC, that was conclusion on my first approach as well. What I've come up with so far is: diff --git a/tools/virsh.h b/tools/virsh.h index ab7161f..c7cdb3a 100644 --- a/tools/virsh.h +++ b/tools/virsh.h @@ -146,6 +146,8 @@ typedef struct _vshCmdOptDef vshCmdOptDef; typedef struct _vshControl vshControl; typedef struct _vshCtrlData vshCtrlData; +typedef char ** (*vshCmdOptCompleter) + (const vshCmdDef *cmd, const char *optname, void *opaque); /* * vshCmdInfo -- name/value pair for information about command * @@ -162,11 +164,13 @@ struct _vshCmdInfo { * vshCmdOptDef - command option definition */ struct _vshCmdOptDef { - const char *name; /* the name of option, or NULL for list end */ - vshCmdOptType type; /* option type */ - unsigned int flags; /* flags */ - const char *help; /* non-NULL help string; or for VSH_OT_ALIAS - * the name of a later public option */ + const char *name; /* the name of option, or NULL for list end */ + vshCmdOptType type; /* option type */ + unsigned int flags; /* flags */ + vshCmdOptCompleter completer; /* option arguments completer */ + void *opaque; /* value to pass to @completer */ + const char *help; /* non-NULL help string; or for VSH_OT_ALIAS + * the name of a later public option */ }; One of the biggest problem with this is - I'd have to change all of option definitions (add 'NULL, NULL, ' to all of them). Apart from huge impact, we still want command based completer, otherwise we would only complete: f17 f18 <...> virsh # start --domain <TAB> Who's really typing '--domain'? The idea is to make users life easier, not harder. My aim to write this e-mail is: 1) let you know somebody is working on this 2) get your thoughts and opinions. Michal

11 years, 10 months

4
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel January 2013