Re: [PATCHv2 1/5] virnetserver: Introduce virNetServerUpdateTlsFiles

Wednesday, 11 March 2020

On Sat, Mar 07, 2020 at 07:31:00PM +0800, Zhang Bo wrote:
...
 Add an API to update server's tls context.
 ---
  src/libvirt_remote.syms    |  1 +
  src/rpc/virnetserver.c     | 51 ++++++++++++++++++++++++++++++++++++++
  src/rpc/virnetserver.h     |  2 ++
  src/rpc/virnettlscontext.c | 46 ++++++++++++++++++++++++++++++++++
  src/rpc/virnettlscontext.h |  3 +++
  5 files changed, 103 insertions(+)

 diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
 index 0493467f46..0018a0c41d 100644
 --- a/src/libvirt_remote.syms
 +++ b/src/libvirt_remote.syms
 @@ -137,6 +137,7 @@ virNetServerSetClientLimits;
  virNetServerSetThreadPoolParameters;
  virNetServerSetTLSContext;
  virNetServerUpdateServices;
 +virNetServerUpdateTlsFiles;

  # rpc/virnetserverclient.h
 diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
 index 072ffdf5a3..0bfe94d3f8 100644
 --- a/src/rpc/virnetserver.c
 +++ b/src/rpc/virnetserver.c
 @@ -21,6 +21,9 @@

  #include <config.h>

 +#include <sys/types.h>
 +#include <unistd.h> 
We use  virutil.h for geteuid() definition.

...
 +
  #include "virnetserver.h"
  #include "virlog.h"
  #include "viralloc.h"
 @@ -1205,3 +1208,51 @@ virNetServerSetClientLimits(virNetServerPtr srv,
      virObjectUnlock(srv);
      return ret;
  }
 +
 +static virNetTLSContextPtr
 +virNetServerGetTLSContext(virNetServerPtr srv)
 +{
 +    size_t i;
 +    virNetTLSContextPtr ctxt = NULL;
 +    virNetServerServicePtr svc = NULL;
 +
 +    /* find svcTLS from srv, get svcTLS->tls */
 +    for (i = 0; i < srv->nservices; i++) {
 +        svc = srv->services[i];
 +        ctxt = virNetServerServiceGetTLSContext(svc);
 +        if (ctxt != NULL)
 +            break;
 +    }
 +
 +    return ctxt;
 +}
 +
 +int
 +virNetServerUpdateTlsFiles(virNetServerPtr srv)
 +{
 +    int ret = -1;
 +    virNetTLSContextPtr ctxt = NULL;
 +    bool privileged = geteuid() == 0 ? true : false;
 +
 +    ctxt = virNetServerGetTLSContext(srv);
 +    if (!ctxt) {
 +        VIR_ERROR(_("no tls svc found, unable to update tls files")); 
Should be a virReportError

...
 +        return -1;
 +    }
 +
 +    virObjectLock(srv);
 +    virObjectLock(ctxt);
 +
 +    if (virNetTLSContextReloadForServer(ctxt, !privileged)) {
 +        VIR_ERROR(_("failed to reload server's tls context")); 
VIR_DEBUG is sufficient

...
 +        goto cleanup;
 +    }
 +
 +    VIR_INFO("update tls files success");
 +    ret = 0;
 +
 + cleanup:
 +    virObjectUnlock(ctxt);
 +    virObjectUnlock(srv);
 +    return ret;
 +} 

Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com&gt;

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [PATCHv2 1/5] virnetserver: Introduce virNetServerUpdateTlsFiles