On Tue, Aug 25, 2020 at 07:47:13 +0200, Martin Kletzander wrote:
Local socket connections were outright disabled because there was no
"server"
part in the URI. However, given how requirements and usage scenarios are
evolving, some management apps might need the source libvirt daemon to connect
to the destination daemon over a UNIX socket for peer2peer migration. Since we
cannot know where the socket leads (whether the same daemon or not) let's decide
that based on whether the socket path is non-standard, or rather explicitly
specified in the URI. Checking non-standard path would require to ask the
daemon for configuration and the only misuse that it would prevent would be a
pretty weird one. And that's not worth it. The assumption is that whenever
someone uses explicit UNIX socket paths in the URI for migration they better
know what they are doing.
Partially resolves:
https://bugzilla.redhat.com/1638889
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
docs/manpages/virsh.rst | 9 +++++++++
src/libvirt-domain.c | 8 +++++++-
src/remote/remote_driver.c | 8 ++++++--
src/util/viruri.c | 30 ++++++++++++++++++++++++++++++
src/util/viruri.h | 2 ++
tests/virmigtest.c | 2 +-
6 files changed, 55 insertions(+), 4 deletions(-)
...
diff --git a/src/util/viruri.c b/src/util/viruri.c
index 0112186fdbc4..91f86de19a8e 100644
--- a/src/util/viruri.c
+++ b/src/util/viruri.c
@@ -393,3 +393,33 @@ virURIGetParam(virURIPtr uri, const char *name)
_("Missing URI parameter '%s'"), name);
return NULL;
}
+
+
+/**
+ * virCheckURIProxied:
+ * @uri: URI to check
+ *
+ * Check if the URI looks like it refers to a non-standard socket path. In such
+ * scenario the socket might be proxied to a remote server even though the URI
+ * looks like it is only local.
+ *
+ * Returns: true if the URI might be proxied to a remote server
+ */
+bool
+virURICheckProxied(virURIPtr uri)
I'd call this function virURICheckUnixSocket or similar as that's what
it's actually doing. It doesn't really care whether the socket is
connected to a proxy or not.
+{
+ size_t i = 0;
+
+ if (!uri->scheme)
+ return false;
+
+ if (STRNEQ_NULLABLE(strchr(uri->scheme, '+'), "+unix"))
+ return false;
+
+ for (i = 0; i < uri->paramsCount; i++) {
+ if (STREQ(uri->params[i].name, "socket"))
+ return true;
+ }
+
+ return false;
+}
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>