[Libvir] Remote patch, 2007-02-26

I was really hoping to have a patch which could be applied out today. This isn't quite that patch, so my apologies. Nevertheless, this demonstrates what can be done, and works on a selection of the important libvirt API calls. http://www.annexia.org/tmp/libvirt-tls-20070226.patch List of things that need to be done: * Audit incoming IP addresses / virConnectOpen names to syslog. * GnuTLS handshake DoS fix (see danpb's email). * GnuTLS client crashing bug (I have a fix, just needs to be applied). * Complete the wrappers for the remaining API calls. * Testing(!) Apart from that list above, I'm hoping that this patch addresses everything that people have raised on list and privately about previous patches. If I've missed anything, let me know. Rich. ----------------------------------------- "screenshot" --- rjones@oirase:~/d/libvirt-remote$ src/virsh -c test://localhost/default nodeinfo proceeding with name = test:///default loading CA file demoCA/cacert.pem loading client cert and key from files 127001cert.pem and 127001key.pem CPU model: i686 CPU(s): 16 CPU frequency: 1400 MHz CPU socket(s): 2 Core(s) per socket: 2 Thread(s) per core: 2 NUMA cell(s): 2 Memory size: 3145728 kB rjones@oirase:~/d/libvirt-remote$ src/virsh -c test://localhost/default create tests/xmconfigdata/test-fullvirt-new-cdrom.xml proceeding with name = test:///default loading CA file demoCA/cacert.pem loading client cert and key from files 127001cert.pem and 127001key.pem Domain XenGuest2 created from tests/xmconfigdata/test-fullvirt-new-cdrom.xml rjones@oirase:~/d/libvirt-remote$ src/libvirtd -d libvir: error : failed to open /home/rjones/local/etc/libvirtd.conf for reading libvirtd: loading CA cert from demoCA/cacert.pem libvirtd: loading cert and key from servercert.pem and serverkey.pem libvirtd: TLS service listening on port 16514 libvirtd: Unix service listening on socket /home/rjones/local/var/run/libvirtd/socket libvirtd: create_mapping: xprt = 0x647680 libvirtd: lookup_connection: xprt = 0x647680 libvirtd: set_connection: xprt = 0x647680 libvirtd: lookup_connection: xprt = 0x647680 libvirtd: lookup_connection: xprt = 0x647680 libvirtd: set_connection: xprt = 0x647680 libvirtd: destroy_mapping: xprt = 0x647680 libvirtd: create_mapping: xprt = 0x647b20 libvirtd: lookup_connection: xprt = 0x647b20 libvirtd: set_connection: xprt = 0x647b20 libvirtd: lookup_connection: xprt = 0x647b20 libvirtd: lookup_connection: xprt = 0x647b20 libvirtd: set_connection: xprt = 0x647b20 libvirtd: destroy_mapping: xprt = 0x647b20 -- Emerging Technologies, Red Hat http://et.redhat.com/~rjones/ 64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421 "[Negative numbers] darken the very whole doctrines of the equations and make dark of the things which are in their nature excessively obvious and simple" (Francis Maseres FRS, mathematician, 1759)