10:33 a.m.
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require
GnuTLS so it doesn't make sense to ifdef the code.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/libvirt.c | 6 +-----
src/remote/remote_driver.c | 19 -------------------
src/rpc/virnetclient.c | 20 ++++----------------
src/rpc/virnetclient.h | 8 +-------
src/rpc/virnetsocket.c | 16 ----------------
src/rpc/virnetsocket.h | 6 +-----
src/util/virrandom.c | 36 ++----------------------------------
7 files changed, 9 insertions(+), 102 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index f1ffc97261..86bb6551ed 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -45,9 +45,7 @@
#include "viralloc.h"
#include "configmake.h"
#include "virconf.h"
-#if WITH_GNUTLS
-# include "rpc/virnettlscontext.h"
-#endif
+#include "rpc/virnettlscontext.h"
#include "vircommand.h"
#include "virfile.h"
#include "virrandom.h"
@@ -233,9 +231,7 @@ virGlobalInit(void)
virLogSetFromEnv();
-#ifdef WITH_GNUTLS
virNetTLSInit();
-#endif
#if WITH_CURL
curl_global_init(CURL_GLOBAL_DEFAULT);
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 66472a6cc1..f6e725dcbf 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -124,9 +124,7 @@ struct private_data {
int counter; /* Serial number for RPC */
-#ifdef WITH_GNUTLS
virNetTLSContextPtr tls;
-#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */
@@ -1132,7 +1130,6 @@ doRemoteOpen(virConnectPtr conn,
virConfGetValueString(conf, "tls_priority", &tls_priority) <
0)
goto failed;
-#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
tls_priority,
@@ -1141,27 +1138,17 @@ doRemoteOpen(virConnectPtr conn,
goto failed;
priv->is_secure = 1;
G_GNUC_FALLTHROUGH;
-#else
- (void)tls_priority;
- (void)sanity;
- (void)verify;
- virReportError(VIR_ERR_INVALID_ARG, "%s",
- _("GNUTLS support not available in this build"));
- goto failed;
-#endif
case REMOTE_DRIVER_TRANSPORT_TCP:
priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC);
if (!priv->client)
goto failed;
-#ifdef WITH_GNUTLS
if (priv->tls) {
VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed;
}
-#endif
break;
@@ -1388,10 +1375,8 @@ doRemoteOpen(virConnectPtr conn,
priv->client = NULL;
virObjectUnref(priv->closeCallback);
priv->closeCallback = NULL;
-#ifdef WITH_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
-#endif
VIR_FREE(priv->hostname);
return VIR_DRV_OPEN_ERROR;
@@ -1533,10 +1518,8 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
(xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1;
-#ifdef WITH_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
-#endif
virNetClientSetCloseCallback(priv->client,
NULL,
@@ -4271,7 +4254,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
/* saslcb is now owned by sasl */
saslcb = NULL;
-# ifdef WITH_GNUTLS
/* Initialize some connection props we care about */
if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
@@ -4283,7 +4265,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup;
}
-# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF
*/
/* If we're not secure, then forbid any anonymous or trivially crackable auth */
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 50489b754c..000b937cdd 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -70,9 +70,7 @@ struct _virNetClient {
virNetSocketPtr sock;
bool asyncIO;
-#if WITH_GNUTLS
virNetTLSSessionPtr tls;
-#endif
char *hostname;
virNetClientProgramPtr *programs;
@@ -708,9 +706,7 @@ void virNetClientDispose(void *obj)
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock);
-#if WITH_GNUTLS
virObjectUnref(client->tls);
-#endif
#if WITH_SASL
virObjectUnref(client->sasl);
#endif
@@ -750,10 +746,8 @@ virNetClientCloseLocked(virNetClientPtr client)
virObjectUnref(client->sock);
client->sock = NULL;
-#if WITH_GNUTLS
virObjectUnref(client->tls);
client->tls = NULL;
-#endif
#if WITH_SASL
virObjectUnref(client->sasl);
client->sasl = NULL;
@@ -837,7 +831,6 @@ void virNetClientSetSASLSession(virNetClientPtr client,
#endif
-#if WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls)
{
@@ -848,12 +841,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs);
-# ifdef SIGWINCH
+#ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH);
-# endif
-# ifdef SIGCHLD
+#endif
+#ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD);
-# endif
+#endif
sigaddset(&blockedsigs, SIGPIPE);
virObjectLock(client);
@@ -940,16 +933,13 @@ int virNetClientSetTLSSession(virNetClientPtr client,
virObjectUnlock(client);
return -1;
}
-#endif
bool virNetClientIsEncrypted(virNetClientPtr client)
{
bool ret = false;
virObjectLock(client);
-#if WITH_GNUTLS
if (client->tls)
ret = true;
-#endif
#if WITH_SASL
if (client->sasl)
ret = true;
@@ -1041,7 +1031,6 @@ const char *virNetClientRemoteAddrStringSASL(virNetClientPtr
client)
return virNetSocketRemoteAddrStringSASL(client->sock);
}
-#if WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client)
{
int ret = 0;
@@ -1051,7 +1040,6 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
virObjectUnlock(client);
return ret;
}
-#endif
static int
virNetClientCallDispatchReply(virNetClientPtr client)
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 07b399c1a9..778910b575 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -20,9 +20,7 @@
#pragma once
-#ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-#endif
+#include "virnettlscontext.h"
#include "virnetmessage.h"
#ifdef WITH_SASL
# include "virnetsaslcontext.h"
@@ -120,10 +118,8 @@ void virNetClientSetSASLSession(virNetClientPtr client,
virNetSASLSessionPtr sasl);
#endif
-#ifdef WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls);
-#endif
bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client);
@@ -131,9 +127,7 @@ bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrStringSASL(virNetClientPtr client);
const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client);
-#ifdef WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client);
-#endif
void virNetClientClose(virNetClientPtr client);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 973827ebde..23384e5250 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -93,9 +93,7 @@ struct _virNetSocket {
char *remoteAddrStrSASL;
char *remoteAddrStrURI;
-#if WITH_GNUTLS
virNetTLSSessionPtr tlsSession;
-#endif
#if WITH_SASL
virNetSASLSessionPtr saslSession;
@@ -1288,13 +1286,11 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
goto error;
}
#endif
-#if WITH_GNUTLS
if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is
active"));
goto error;
}
-#endif
if (!(object = virJSONValueNewObject()))
goto error;
@@ -1358,12 +1354,10 @@ void virNetSocketDispose(void *obj)
unlink(sock->localAddr.data.un.sun_path);
#endif
-#if WITH_GNUTLS
/* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession);
-#endif
#if WITH_SASL
virObjectUnref(sock->saslSession);
#endif
@@ -1660,7 +1654,6 @@ const char *virNetSocketRemoteAddrStringURI(virNetSocketPtr sock)
return sock->remoteAddrStrURI;
}
-#if WITH_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len,
void *opaque)
@@ -1691,7 +1684,6 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
sock);
virObjectUnlock(sock);
}
-#endif
#if WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
@@ -1789,17 +1781,13 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char
*buf, size_t len)
#endif
reread:
-#if WITH_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else {
-#endif
ret = read(sock->fd, buf, len);
-#if WITH_GNUTLS
}
-#endif
if ((ret < 0) && (errno == EINTR))
goto reread;
@@ -1862,17 +1850,13 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const
char *buf, size
#endif
rewrite:
-#if WITH_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else {
-#endif
ret = write(sock->fd, buf, len);
-#if WITH_GNUTLS
}
-#endif
if (ret < 0) {
if (errno == EINTR)
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 8d075464cb..f2b74f3ccb 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -23,9 +23,7 @@
#include "virsocketaddr.h"
#include "vircommand.h"
-#ifdef WITH_GNUTLS
-# include "virnettlscontext.h"
-#endif
+#include "virnettlscontext.h"
#include "virobject.h"
#ifdef WITH_SASL
# include "virnetsaslcontext.h"
@@ -152,10 +150,8 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf,
size_t len);
int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
-#ifdef WITH_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess);
-#endif
#ifdef WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 39ac36a76e..eae7f3db3c 100644
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -24,10 +24,8 @@
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
-#ifdef WITH_GNUTLS
-# include <gnutls/gnutls.h>
-# include <gnutls/crypto.h>
-#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
#include "virrandom.h"
#include "virthread.h"
@@ -116,7 +114,6 @@ int
virRandomBytes(unsigned char *buf,
size_t buflen)
{
-#if WITH_GNUTLS
int rv;
/* Generate the byte stream using gnutls_rnd() if possible */
@@ -127,35 +124,6 @@ virRandomBytes(unsigned char *buf,
return -1;
}
-#else /* !WITH_GNUTLS */
-
- int fd;
-
- if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
- virReportSystemError(errno,
- _("unable to open %s"),
- RANDOM_SOURCE);
- return -1;
- }
-
- while (buflen > 0) {
- ssize_t n;
-
- if ((n = saferead(fd, buf, buflen)) <= 0) {
- virReportSystemError(errno,
- _("unable to read from %s"),
- RANDOM_SOURCE);
- VIR_FORCE_CLOSE(fd);
- return n < 0 ? -errno : -ENODATA;
- }
-
- buf += n;
- buflen -= n;
- }
-
- VIR_FORCE_CLOSE(fd);
-#endif /* !WITH_GNUTLS */
-
return 0;
}
--
2.24.1
10:47 a.m.
On Wed, Jan 22, 2020 at 05:33:02PM +0100, Pavel Hrdina wrote:
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we
require
GnuTLS so it doesn't make sense to ifdef the code.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/libvirt.c | 6 +-----
src/remote/remote_driver.c | 19 -------------------
src/rpc/virnetclient.c | 20 ++++----------------
src/rpc/virnetclient.h | 8 +-------
src/rpc/virnetsocket.c | 16 ----------------
src/rpc/virnetsocket.h | 6 +-----
src/util/virrandom.c | 36 ++----------------------------------
7 files changed, 9 insertions(+), 102 deletions(-)
...
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 39ac36a76e..eae7f3db3c 100644
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -24,10 +24,8 @@
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
-#ifdef WITH_GNUTLS
-# include <gnutls/gnutls.h>
-# include <gnutls/crypto.h>
-#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
#include "virrandom.h"
#include "virthread.h"
There's a #define of RANDOM_SOURCE that I believe you can
drop too....
@@ -116,7 +114,6 @@ int
virRandomBytes(unsigned char *buf,
size_t buflen)
And the API docs for this are talking about RANDOM_SOURCE
instead of GNUTLS (pre-existing problem, but reasonabl
to fix now)
{
-#if WITH_GNUTLS
int rv;
/* Generate the byte stream using gnutls_rnd() if possible */
@@ -127,35 +124,6 @@ virRandomBytes(unsigned char *buf,
return -1;
}
-#else /* !WITH_GNUTLS */
-
- int fd;
-
- if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
- virReportSystemError(errno,
- _("unable to open %s"),
- RANDOM_SOURCE);
- return -1;
- }
-
- while (buflen > 0) {
- ssize_t n;
-
- if ((n = saferead(fd, buf, buflen)) <= 0) {
- virReportSystemError(errno,
- _("unable to read from %s"),
- RANDOM_SOURCE);
- VIR_FORCE_CLOSE(fd);
- return n < 0 ? -errno : -ENODATA;
- }
-
- buf += n;
- buflen -= n;
- }
-
- VIR_FORCE_CLOSE(fd);
-#endif /* !WITH_GNUTLS */
-
return 0;
With the above minor changes
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
10:54 a.m.
On Wed, Jan 22, 2020 at 05:33:02PM +0100, Pavel Hrdina wrote:
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we
require
GnuTLS so it doesn't make sense to ifdef the code.
The important commit is ac0d21c762351f58dd5d2dafa2014ed48a8b49f3
Michal's commit 234ce7d02f4bfd4d80c1fbcd7e1545f31bae5498
specifically mentions leaving these ifdefs because of their usage in the
setuid parts.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/libvirt.c | 6 +-----
src/remote/remote_driver.c | 19 -------------------
src/rpc/virnetclient.c | 20 ++++----------------
src/rpc/virnetclient.h | 8 +-------
src/rpc/virnetsocket.c | 16 ----------------
src/rpc/virnetsocket.h | 6 +-----
src/util/virrandom.c | 36 ++----------------------------------
7 files changed, 9 insertions(+), 102 deletions(-)
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
1766
days inactive
1766
days old
2 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
Ján Tomko -
Pavel Hrdina