[libvirt] [PATCHv1 0/5] qcow3 support
by Ján Tomko
This adds support for qcow3 to storage and qemu drivers (except for
snapshots, I still need to do that).
Qcow3 adds feature bits for compatible, incompatible and autoclear features.
I'm not sure if it makes sense to differentiate between them in the XML.
If yes, perhaps unknown incompatible features might result in an error, while
we could just warn about unknown compatible ones.
If not, one bitmap should be enough to track the ones that interest us.
There are two feature bits so far: lazy_refcounts (delayed refcount updates)
and a dirty bit (refcounts haven't been updated and older QEMU can't read this).
If we knew what features are supported by QEMU, we could refuse to use them,
however I don't know about other way to find out than running:
qemu-img create -f qcow2 -o ? /dev/null
If we don't know, I don't think it's any good to find out the dirty bit value.
Ján Tomko (5):
storage: refactor qemu-img command line generation
storage: use virBuffer for generating qemu options string
util: add qcow3 format probing
conf: add format features to target XML
qemu: add support for creating and using qcow3 images
src/conf/storage_conf.c | 90 +++++++++++++++++++++++++++++
src/conf/storage_conf.h | 3 +
src/libvirt_private.syms | 3 +
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_hotplug.c | 4 +-
src/storage/storage_backend.c | 106 ++++++++++++++++++-----------------
src/storage/storage_backend_fs.c | 7 ++
src/util/virstoragefile.c | 116 ++++++++++++++++++++++++++++++++++++--
src/util/virstoragefile.h | 27 +++++++++
9 files changed, 298 insertions(+), 60 deletions(-)
--
1.7.8.6
11 years, 11 months
[libvirt] [PATCH] qemu_agent: Remove agent reference only when disposing it
by Michal Privoznik
https://bugzilla.redhat.com/show_bug.cgi?id=892079
With current code, if user calls virDomainPMSuspendForDuration()
followed by virDomainDestroy(), the former API checks for qemu agent
presence, which will evaluate as true (if agent is configured). While
talking to qemu agent, the qemu driver is unlocked, so the latter API
starts executing. However, if machine dies meanwhile, libvirtd gets
EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The
handler clears reference to qemu agent while the destroy API already
holding a reference to it. This leads to NULL dereferencing later in
the code. Therefore, the agent pointer should be set to NULL only if
we are the exclusive owner of it.
---
There's a reproducer in the BZ. It doesn't have to be a windows guest,
I was able to reproduce with F17 guest as well.
src/qemu/qemu_process.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 938c17e..320c0c6 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -133,7 +133,8 @@ qemuProcessHandleAgentEOF(qemuAgentPtr agent,
virDomainObjLock(vm);
priv = vm->privateData;
- if (priv->agent == agent)
+ if (priv->agent == agent &&
+ !virObjectUnref(priv->agent))
priv->agent = NULL;
virDomainObjUnlock(vm);
--
1.8.0.2
11 years, 11 months
[libvirt] [PATCH] maint: fix comment typo
by Eric Blake
While OOM can have knock-on effects that trash a system, generally
the first symptom is one of memory thrashing.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Reword slightly.
---
Pushing under the trivial rule.
src/qemu/qemu_cgroup.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 16a9d7c..6527146 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -1,7 +1,7 @@
/*
* qemu_cgroup.c: QEMU cgroup management
*
- * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006-2013 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -344,8 +344,8 @@ int qemuSetupCgroup(virQEMUDriverPtr driver,
if (!hard_limit) {
/* If there is no hard_limit set, set a reasonable one to avoid
- * system trashing caused by exploited qemu. As 'reasonable limit'
- * has been chosen:
+ * system thrashing caused by exploited qemu. A 'reasonable
+ * limit' has been chosen:
* (1 + k) * (domain memory + total video memory) + (32MB for
* cache per each disk) + F
* where k = 0.5 and F = 200MB. The cache for disks is important as
--
1.8.0.2
11 years, 11 months
[libvirt] [PATCH] maint: distribute libvirtd.service.in
by Eric Blake
I did a build --without-libvirtd, then ran 'make dist'. The
resulting tarball was broken, with a complaint that make did not
know how to create libvirtd.service.in. I traced it to a use
of EXTRA_DIST inside a conditional.
* daemon/Makefile.am (EXTRA_DIST): Hoist libvirtd.service.in
outside of WITH_LIBVIRTD conditional.
---
Pushing under the build-breaker rule.
daemon/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index c59084c..95ff8cf 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -37,6 +37,7 @@ EXTRA_DIST = \
libvirtd.upstart \
libvirtd.policy.in \
libvirtd.sasl \
+ libvirtd.service.in \
libvirtd.sysconf \
libvirtd.sysctl \
libvirtd.aug \
@@ -322,7 +323,6 @@ uninstall-init-upstart:
endif # LIBVIRT_INIT_SCRIPT_UPSTART
-EXTRA_DIST += libvirtd.service.in
if LIBVIRT_INIT_SCRIPT_SYSTEMD
SYSTEMD_UNIT_DIR = /lib/systemd/system
--
1.8.0.2
11 years, 11 months
[libvirt] [PATCH] Make TLS support conditional
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Add checks for existance of GNUTLS and automatically disable
it if not found.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
configure.ac | 70 ++++++++++++++++++++++++++++++++-----------
daemon/libvirtd.c | 41 ++++++++++++++++++-------
daemon/remote.c | 2 ++
src/Makefile.am | 8 ++++-
src/libvirt.c | 17 ++++++++---
src/locking/lock_daemon.c | 12 ++++++--
src/lxc/lxc_controller.c | 6 ++--
src/qemu/qemu_migration.c | 15 ++++++++--
src/remote/remote_driver.c | 15 ++++++++++
src/rpc/virnetclient.c | 20 ++++++++++---
src/rpc/virnetclient.h | 8 ++++-
src/rpc/virnetserver.c | 6 ++++
src/rpc/virnetserver.h | 6 +++-
src/rpc/virnetserverclient.c | 63 ++++++++++++++++++++++++++++++++++----
src/rpc/virnetserverclient.h | 4 +++
src/rpc/virnetserverservice.c | 31 ++++++++++++++-----
src/rpc/virnetserverservice.h | 20 +++++++++----
src/rpc/virnetsocket.c | 17 ++++++++++-
src/rpc/virnetsocket.h | 6 +++-
tests/Makefile.am | 11 ++++++-
20 files changed, 311 insertions(+), 67 deletions(-)
diff --git a/configure.ac b/configure.ac
index ab08f17..bb64bf6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1025,30 +1025,62 @@ CFLAGS="$old_cflags"
LIBS="$old_libs"
dnl GnuTLS library
-GNUTLS_CFLAGS=
-GNUTLS_LIBS=
-GNUTLS_FOUND=no
-if test -x "$PKG_CONFIG" ; then
- PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
- [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
-fi
-if test "$GNUTLS_FOUND" = "no"; then
+AC_ARG_WITH([gnutls],
+ AC_HELP_STRING([--with-gnutls], [use GNUTLS for encryption @<:@default=check@:>@]),
+ [],
+ [with_gnutls=check])
+
+
+if test "x$with_gnutls" != "xno"; then
+ if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then
+ GNUTLS_CFLAGS="-I$with_gnutls/include"
+ GNUTLS_LIBS="-L$with_gnutls/lib"
+ fi
fail=0
+ old_cflags="$CFLAGS"
old_libs="$LIBS"
- AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
- AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
+ CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
+ LIBS="$LIBS $GNUTLS_LIBS"
- test $fail = 1 &&
- AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
+ GNUTLS_FOUND=no
+ if test -x "$PKG_CONFIG" ; then
+ PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
+ [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
+ fi
+ if test "$GNUTLS_FOUND" = "no"; then
+ fail=0
+ AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
+ AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
+
+ test $fail = 0 && GNUTLS_FOUND=yes
+
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls"
+ fi
+ if test "$GNUTLS_FOUND" = "no"; then
+ if test "$with_gnutls" = "check"; then
+ with_gnutls=no
+ GNUTLS_LIBS=
+ GNUTLS_CFLAGS=
+ else
+ AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
+ fi
+ else
+ dnl Not all versions of gnutls include -lgcrypt, and so we add
+ dnl it explicitly for the calls to gcry_control/check_version
+ GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+
+ with_gnutls=yes
+ fi
- dnl Not all versions of gnutls include -lgcrypt, and so we add
- dnl it explicitly for the calls to gcry_control/check_version
- GNUTLS_LIBS="$LIBS -lgcrypt"
LIBS="$old_libs"
-else
- GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
+ CFLAGS="$old_CFLAGS"
fi
+if test "x$with_gnutls" = "xyes" ; then
+ AC_DEFINE_UNQUOTED([HAVE_GNUTLS], 1,
+ [whether GNUTLS is available for encryption])
+fi
+AM_CONDITIONAL([HAVE_GNUTLS], [test "x$with_gnutls" = "xyes"])
AC_SUBST([GNUTLS_CFLAGS])
AC_SUBST([GNUTLS_LIBS])
@@ -3168,7 +3200,11 @@ AC_MSG_NOTICE([ libssh2: $LIBSSH2_CFLAGS $LIBSSH2_LIBS])
else
AC_MSG_NOTICE([ libssh2: no])
fi
+if test "$with_gnutls" != "no" ; then
AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS])
+else
+AC_MSG_NOTICE([ gnutls: no])
+fi
if test "$with_sasl" != "no" ; then
AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS])
else
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index fa4d129..ff54af3 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -449,7 +449,9 @@ static int daemonSetupNetworking(virNetServerPtr srv,
virNetServerServicePtr svc = NULL;
virNetServerServicePtr svcRO = NULL;
virNetServerServicePtr svcTCP = NULL;
+#if HAVE_GNUTLS
virNetServerServicePtr svcTLS = NULL;
+#endif
gid_t unix_sock_gid = 0;
int unix_sock_ro_mask = 0;
int unix_sock_rw_mask = 0;
@@ -474,9 +476,11 @@ static int daemonSetupNetworking(virNetServerPtr srv,
unix_sock_rw_mask,
unix_sock_gid,
config->auth_unix_rw,
+#if HAVE_GNUTLS
+ NULL,
+#endif
false,
- config->max_client_requests,
- NULL)))
+ config->max_client_requests)))
goto error;
if (sock_path_ro) {
VIR_DEBUG("Registering unix socket %s", sock_path_ro);
@@ -484,9 +488,11 @@ static int daemonSetupNetworking(virNetServerPtr srv,
unix_sock_ro_mask,
unix_sock_gid,
config->auth_unix_ro,
+#if HAVE_GNUTLS
+ NULL,
+#endif
true,
- config->max_client_requests,
- NULL)))
+ config->max_client_requests)))
goto error;
}
@@ -507,9 +513,11 @@ static int daemonSetupNetworking(virNetServerPtr srv,
if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr,
config->tcp_port,
config->auth_tcp,
+#if HAVE_GNUTLS
+ NULL,
+#endif
false,
- config->max_client_requests,
- NULL)))
+ config->max_client_requests)))
goto error;
if (virNetServerAddService(srv, svcTCP,
@@ -517,6 +525,7 @@ static int daemonSetupNetworking(virNetServerPtr srv,
goto error;
}
+#if HAVE_GNUTLS
if (config->listen_tls) {
virNetTLSContextPtr ctxt = NULL;
@@ -546,9 +555,9 @@ static int daemonSetupNetworking(virNetServerPtr srv,
virNetServerServiceNewTCP(config->listen_addr,
config->tls_port,
config->auth_tls,
+ ctxt,
false,
- config->max_client_requests,
- ctxt))) {
+ config->max_client_requests))) {
virObjectUnref(ctxt);
goto error;
}
@@ -559,13 +568,23 @@ static int daemonSetupNetworking(virNetServerPtr srv,
virObjectUnref(ctxt);
}
+#else
+ (void)privileged;
+ if (config->listen_tls) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("This libvirtd build does not support TLS"));
+ goto error;
+ }
+#endif
}
#if HAVE_SASL
if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
config->auth_unix_ro == REMOTE_AUTH_SASL ||
- config->auth_tcp == REMOTE_AUTH_SASL ||
- config->auth_tls == REMOTE_AUTH_SASL) {
+# if HAVE_GNUTLS
+ config->auth_tls == REMOTE_AUTH_SASL ||
+# endif
+ config->auth_tcp == REMOTE_AUTH_SASL) {
saslCtxt = virNetSASLContextNewServer(
(const char *const*)config->sasl_allowed_username_list);
if (!saslCtxt)
@@ -576,7 +595,9 @@ static int daemonSetupNetworking(virNetServerPtr srv,
return 0;
error:
+#if HAVE_GNUTLS
virObjectUnref(svcTLS);
+#endif
virObjectUnref(svcTCP);
virObjectUnref(svc);
virObjectUnref(svcRO);
diff --git a/daemon/remote.c b/daemon/remote.c
index 8767c18..67fe335 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2464,6 +2464,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
if (!sasl)
goto authfail;
+# if HAVE_GNUTLS
/* Inform SASL that we've got an external SSF layer from TLS */
if (virNetServerClientHasTLSSession(client)) {
int ssf;
@@ -2477,6 +2478,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto authfail;
}
+# endif
if (virNetServerClientIsSecure(client))
/* If we've got TLS or UNIX domain sock, we don't care about SSF */
diff --git a/src/Makefile.am b/src/Makefile.am
index 955973e..061d544 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1777,7 +1777,6 @@ libvirt_net_rpc_la_SOURCES = \
rpc/virnetmessage.h rpc/virnetmessage.c \
rpc/virnetprotocol.h rpc/virnetprotocol.c \
rpc/virnetsocket.h rpc/virnetsocket.c \
- rpc/virnettlscontext.h rpc/virnettlscontext.c \
rpc/virkeepaliveprotocol.h rpc/virkeepaliveprotocol.c \
rpc/virkeepalive.h rpc/virkeepalive.c
if HAVE_LIBSSH2
@@ -1787,6 +1786,13 @@ else
EXTRA_DIST += \
rpc/virnetsshsession.h rpc/virnetsshsession.c
endif
+if HAVE_GNUTLS
+libvirt_net_rpc_la_SOURCES += \
+ rpc/virnettlscontext.h rpc/virnettlscontext.c
+else
+EXTRA_DIST += \
+ rpc/virnettlscontext.h rpc/virnettlscontext.c
+endif
if HAVE_SASL
libvirt_net_rpc_la_SOURCES += \
rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c
diff --git a/src/libvirt.c b/src/libvirt.c
index 6d1da12..e0f6185 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -55,7 +55,9 @@
#include "configmake.h"
#include "intprops.h"
#include "virconf.h"
-#include "rpc/virnettlscontext.h"
+#if HAVE_GNUTLS
+# include "rpc/virnettlscontext.h"
+#endif
#include "vircommand.h"
#include "virrandom.h"
#include "viruri.h"
@@ -268,6 +270,8 @@ winsock_init(void)
}
#endif
+
+#ifdef HAVE_GNUTLS
static int virTLSMutexInit(void **priv)
{
virMutexPtr lock = NULL;
@@ -308,11 +312,11 @@ static int virTLSMutexUnlock(void **priv)
static struct gcry_thread_cbs virTLSThreadImpl = {
/* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */
-#ifdef GCRY_THREAD_OPTION_VERSION
+# ifdef GCRY_THREAD_OPTION_VERSION
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
-#else
+# else
GCRY_THREAD_OPTION_PTHREAD,
-#endif
+# endif
NULL,
virTLSMutexInit,
virTLSMutexDestroy,
@@ -320,6 +324,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = {
virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
+#endif
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
@@ -403,12 +408,16 @@ virGlobalInit(void)
virErrorInitialize() < 0)
goto error;
+#ifdef HAVE_GNUTLS
gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl);
gcry_check_version(NULL);
+#endif
virLogSetFromEnv();
+#ifdef HAVE_GNUTLS
virNetTLSInit();
+#endif
#if HAVE_LIBCURL
curl_global_init(CURL_GLOBAL_DEFAULT);
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index 7288f7a..ba42c00 100644
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -654,7 +654,11 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv)
/* Systemd passes FDs, starting immediately after stderr,
* so the first FD we'll get is '3'. */
- if (!(svc = virNetServerServiceNewFD(3, 0, false, 1, NULL)))
+ if (!(svc = virNetServerServiceNewFD(3, 0,
+#if HAVE_GNUTLS
+ NULL,
+#endif
+ false, 1)))
return -1;
if (virNetServerAddService(srv, svc, NULL) < 0) {
@@ -672,7 +676,11 @@ virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path)
VIR_DEBUG("Setting up networking natively");
- if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, false, 1, NULL)))
+ if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
+#if HAVE_GNUTLS
+ NULL,
+#endif
+ false, 1)))
return -1;
if (virNetServerAddService(srv, svc, NULL) < 0) {
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index c9d96b3..ddc921e 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -631,9 +631,11 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl)
0700,
0,
0,
+#if HAVE_GNUTLS
+ NULL,
+#endif
false,
- 5,
- NULL)))
+ 5)))
goto error;
if (virNetServerAddService(ctrl->server, svc, NULL) < 0)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 9c7247b..e235677 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -23,8 +23,10 @@
#include <config.h>
#include <sys/time.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
+#ifdef HAVE_GNUTLS
+# include <gnutls/gnutls.h>
+# include <gnutls/x509.h>
+#endif
#include <fcntl.h>
#include <poll.h>
@@ -196,6 +198,7 @@ static void qemuMigrationCookieFree(qemuMigrationCookiePtr mig)
}
+#ifdef HAVE_GNUTLS
static char *
qemuDomainExtractTLSSubject(const char *certdir)
{
@@ -254,7 +257,7 @@ error:
VIR_FREE(pemdata);
return NULL;
}
-
+#endif
static qemuMigrationCookieGraphicsPtr
qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
@@ -273,9 +276,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
if (!listenAddr)
listenAddr = driver->vncListen;
+#ifdef HAVE_GNUTLS
if (driver->vncTLS &&
!(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->vncTLSx509certdir)))
goto error;
+#endif
} else {
mig->port = def->data.spice.port;
if (driver->spiceTLS)
@@ -286,9 +291,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
if (!listenAddr)
listenAddr = driver->spiceListen;
+#ifdef HAVE_GNUTLS
if (driver->spiceTLS &&
!(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->spiceTLSx509certdir)))
goto error;
+#endif
}
if (!(mig->listen = strdup(listenAddr)))
goto no_memory;
@@ -297,7 +304,9 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
no_memory:
virReportOOMError();
+#ifdef HAVE_GNUTLS
error:
+#endif
qemuMigrationCookieGraphicsFree(mig);
return NULL;
}
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index c078cb5..f10c68a 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -80,7 +80,9 @@ struct private_data {
int counter; /* Serial number for RPC */
+#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls;
+#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */
@@ -596,12 +598,19 @@ doRemoteOpen(virConnectPtr conn,
/* Connect to the remote service. */
switch (transport) {
case trans_tls:
+#ifdef HAVE_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
sanity, verify);
if (!priv->tls)
goto failed;
priv->is_secure = 1;
+#else
+ (void)sanity;
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("GNUTLS support not available in this build"));
+ goto failed;
+#endif
/*FALLTHROUGH*/
case trans_tcp:
@@ -609,11 +618,13 @@ doRemoteOpen(virConnectPtr conn,
if (!priv->client)
goto failed;
+#ifdef HAVE_GNUTLS
if (priv->tls) {
VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed;
}
+#endif
break;
@@ -1001,8 +1012,10 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
(xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1;
+#ifdef HAVE_GNUTLS
virObjectUnref(priv->tls);
priv->tls = NULL;
+#endif
virNetClientSetCloseCallback(priv->client,
NULL,
NULL,
@@ -3879,6 +3892,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
saslcb)))
goto cleanup;
+# ifdef HAVE_GNUTLS
/* Initialize some connection props we care about */
if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
@@ -3890,6 +3904,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup;
}
+# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
/* If we're not secure, then forbid any anonymous or trivially crackable auth */
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 208e2e9..e933529 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -70,7 +70,9 @@ struct _virNetClient {
virNetSocketPtr sock;
bool asyncIO;
+#if HAVE_GNUTLS
virNetTLSSessionPtr tls;
+#endif
char *hostname;
virNetClientProgramPtr *programs;
@@ -627,7 +629,9 @@ void virNetClientDispose(void *obj)
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock);
+#if HAVE_GNUTLS
virObjectUnref(client->tls);
+#endif
#if HAVE_SASL
virObjectUnref(client->sasl);
#endif
@@ -663,8 +667,10 @@ virNetClientCloseLocked(virNetClientPtr client)
virObjectUnref(client->sock);
client->sock = NULL;
+#if HAVE_GNUTLS
virObjectUnref(client->tls);
client->tls = NULL;
+#endif
#if HAVE_SASL
virObjectUnref(client->sasl);
client->sasl = NULL;
@@ -745,6 +751,7 @@ void virNetClientSetSASLSession(virNetClientPtr client,
#endif
+#if HAVE_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls)
{
@@ -755,12 +762,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs);
-#ifdef SIGWINCH
+# ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH);
-#endif
-#ifdef SIGCHLD
+# endif
+# ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD);
-#endif
+# endif
sigaddset(&blockedsigs, SIGPIPE);
virNetClientLock(client);
@@ -847,13 +854,16 @@ error:
virNetClientUnlock(client);
return -1;
}
+#endif
bool virNetClientIsEncrypted(virNetClientPtr client)
{
bool ret = false;
virNetClientLock(client);
+#if HAVE_GNUTLS
if (client->tls)
ret = true;
+#endif
#if HAVE_SASL
if (client->sasl)
ret = true;
@@ -956,6 +966,7 @@ const char *virNetClientRemoteAddrString(virNetClientPtr client)
return virNetSocketRemoteAddrString(client->sock);
}
+#if HAVE_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client)
{
int ret = 0;
@@ -965,6 +976,7 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
virNetClientUnlock(client);
return ret;
}
+#endif
static int
virNetClientCallDispatchReply(virNetClientPtr client)
diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h
index 139cf32..d594add 100644
--- a/src/rpc/virnetclient.h
+++ b/src/rpc/virnetclient.h
@@ -23,7 +23,9 @@
#ifndef __VIR_NET_CLIENT_H__
# define __VIR_NET_CLIENT_H__
-# include "virnettlscontext.h"
+# ifdef HAVE_GNUTLS
+# include "virnettlscontext.h"
+# endif
# include "virnetmessage.h"
# ifdef HAVE_SASL
# include "virnetsaslcontext.h"
@@ -107,8 +109,10 @@ void virNetClientSetSASLSession(virNetClientPtr client,
virNetSASLSessionPtr sasl);
# endif
+# ifdef HAVE_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls);
+# endif
bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client);
@@ -116,7 +120,9 @@ bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrString(virNetClientPtr client);
const char *virNetClientRemoteAddrString(virNetClientPtr client);
+# ifdef HAVE_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client);
+# endif
void virNetClientClose(virNetClientPtr client);
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 5674309..b9df71b 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -98,7 +98,9 @@ struct _virNetServer {
unsigned int quit :1;
+#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls;
+#endif
unsigned int autoShutdownTimeout;
size_t autoShutdownInhibitions;
@@ -309,7 +311,9 @@ static int virNetServerDispatchNewClient(virNetServerServicePtr svc,
virNetServerServiceGetAuth(svc),
virNetServerServiceIsReadonly(svc),
virNetServerServiceGetMaxRequests(svc),
+#if HAVE_GNUTLS
virNetServerServiceGetTLSContext(svc),
+#endif
srv->clientPrivNew,
srv->clientPrivPreExecRestart,
srv->clientPrivFree,
@@ -1034,12 +1038,14 @@ no_memory:
return -1;
}
+#if HAVE_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls)
{
srv->tls = virObjectRef(tls);
return 0;
}
+#endif
static void virNetServerAutoShutdownTimer(int timerid ATTRIBUTE_UNUSED,
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index da7dc9e..d906dd1 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -26,7 +26,9 @@
# include <signal.h>
-# include "virnettlscontext.h"
+# ifdef HAVE_GNUTLS
+# include "virnettlscontext.h"
+# endif
# include "virnetserverprogram.h"
# include "virnetserverclient.h"
# include "virnetserverservice.h"
@@ -79,8 +81,10 @@ int virNetServerAddService(virNetServerPtr srv,
int virNetServerAddProgram(virNetServerPtr srv,
virNetServerProgramPtr prog);
+# if HAVE_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls);
+# endif
void virNetServerUpdateServices(virNetServerPtr srv,
bool enabled);
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index aefc511..bf23d24 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -66,8 +66,10 @@ struct _virNetServerClient
int auth;
bool readonly;
char *identity;
+#if HAVE_GNUTLS
virNetTLSContextPtr tlsCtxt;
virNetTLSSessionPtr tls;
+#endif
#if HAVE_SASL
virNetSASLSessionPtr sasl;
#endif
@@ -147,13 +149,18 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) {
VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p",
+#ifdef HAVE_GNUTLS
client->tls,
client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1,
+#else
+ NULL, -1,
+#endif
client->rx,
client->tx);
if (!client->sock || client->wantClose)
return 0;
+#if HAVE_GNUTLS
if (client->tls) {
switch (virNetTLSSessionGetHandshakeStatus(client->tls)) {
case VIR_NET_TLS_HANDSHAKE_RECVING:
@@ -170,6 +177,7 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) {
mode |= VIR_EVENT_HANDLE_WRITABLE;
}
} else {
+#endif
/* If there is a message on the rx queue, and
* we're not in middle of a delayedClose, then
* we're wanting more input */
@@ -180,7 +188,9 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) {
then monitor for writability on socket */
if (client->tx)
mode |= VIR_EVENT_HANDLE_WRITABLE;
+#if HAVE_GNUTLS
}
+#endif
VIR_DEBUG("mode=%o", mode);
return mode;
}
@@ -287,6 +297,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
}
+#ifdef HAVE_GNUTLS
/* Check the client's access. */
static int
virNetServerClientCheckAccess(virNetServerClientPtr client)
@@ -322,6 +333,8 @@ virNetServerClientCheckAccess(virNetServerClientPtr client)
return 0;
}
+#endif
+
static void virNetServerClientSockTimerFunc(int timer,
void *opaque)
@@ -340,9 +353,11 @@ static void virNetServerClientSockTimerFunc(int timer,
static virNetServerClientPtr
virNetServerClientNewInternal(virNetSocketPtr sock,
int auth,
+#ifdef HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_max)
{
virNetServerClientPtr client;
@@ -360,7 +375,9 @@ virNetServerClientNewInternal(virNetSocketPtr sock,
client->sock = virObjectRef(sock);
client->auth = auth;
client->readonly = readonly;
+#ifdef HAVE_GNUTLS
client->tlsCtxt = virObjectRef(tls);
+#endif
client->nrequests_max = nrequests_max;
client->sockTimer = virEventAddTimeout(-1, virNetServerClientSockTimerFunc,
@@ -394,7 +411,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock,
int auth,
bool readonly,
size_t nrequests_max,
+#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls,
+#endif
virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart privPreExecRestart,
virFreeCallback privFree,
@@ -402,9 +421,19 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock,
{
virNetServerClientPtr client;
- VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls);
+ VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth,
+#ifdef HAVE_GNUTLS
+ tls
+#else
+ NULL
+#endif
+ );
- if (!(client = virNetServerClientNewInternal(sock, auth, readonly, nrequests_max, tls)))
+ if (!(client = virNetServerClientNewInternal(sock, auth,
+#ifdef HAVE_GNUTLS
+ tls,
+#endif
+ readonly, nrequests_max)))
return NULL;
if (privNew) {
@@ -470,9 +499,11 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec
if (!(client = virNetServerClientNewInternal(sock,
auth,
+#ifdef HAVE_GNUTLS
+ NULL,
+#endif
readonly,
- nrequests_max,
- NULL))) {
+ nrequests_max))) {
virObjectUnref(sock);
return NULL;
}
@@ -571,6 +602,7 @@ bool virNetServerClientGetReadonly(virNetServerClientPtr client)
}
+#ifdef HAVE_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client)
{
bool has;
@@ -589,6 +621,7 @@ int virNetServerClientGetTLSKeySize(virNetServerClientPtr client)
virNetServerClientUnlock(client);
return size;
}
+#endif
int virNetServerClientGetFD(virNetServerClientPtr client)
{
@@ -615,8 +648,10 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client)
{
bool secure = false;
virNetServerClientLock(client);
+#if HAVE_GNUTLS
if (client->tls)
secure = true;
+#endif
#if HAVE_SASL
if (client->sasl)
secure = true;
@@ -628,6 +663,7 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client)
}
+
#if HAVE_SASL
void virNetServerClientSetSASLSession(virNetServerClientPtr client,
virNetSASLSessionPtr sasl)
@@ -730,8 +766,10 @@ void virNetServerClientDispose(void *obj)
#endif
if (client->sockTimer > 0)
virEventRemoveTimeout(client->sockTimer);
+#if HAVE_GNUTLS
virObjectUnref(client->tls);
virObjectUnref(client->tlsCtxt);
+#endif
virObjectUnref(client->sock);
virNetServerClientUnlock(client);
virMutexDestroy(&client->lock);
@@ -784,10 +822,12 @@ void virNetServerClientClose(virNetServerClientPtr client)
if (client->sock)
virNetSocketRemoveIOCallback(client->sock);
+#if HAVE_GNUTLS
if (client->tls) {
virObjectUnref(client->tls);
client->tls = NULL;
}
+#endif
client->wantClose = true;
while (client->rx) {
@@ -847,10 +887,13 @@ int virNetServerClientInit(virNetServerClientPtr client)
{
virNetServerClientLock(client);
+#if HAVE_GNUTLS
if (!client->tlsCtxt) {
+#endif
/* Plain socket, so prepare to read first message */
if (virNetServerClientRegisterEvent(client) < 0)
goto error;
+#if HAVE_GNUTLS
} else {
int ret;
@@ -879,6 +922,7 @@ int virNetServerClientInit(virNetServerClientPtr client)
goto error;
}
}
+#endif
virNetServerClientUnlock(client);
return 0;
@@ -1180,6 +1224,8 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client)
}
}
+
+#if HAVE_GNUTLS
static void
virNetServerClientDispatchHandshake(virNetServerClientPtr client)
{
@@ -1202,6 +1248,7 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client)
client->wantClose = true;
}
}
+#endif
static void
virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
@@ -1218,17 +1265,21 @@ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
if (events & (VIR_EVENT_HANDLE_WRITABLE |
VIR_EVENT_HANDLE_READABLE)) {
+#if HAVE_GNUTLS
if (client->tls &&
virNetTLSSessionGetHandshakeStatus(client->tls) !=
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
virNetServerClientDispatchHandshake(client);
} else {
+#endif
if (events & VIR_EVENT_HANDLE_WRITABLE)
virNetServerClientDispatchWrite(client);
if (events & VIR_EVENT_HANDLE_READABLE &&
client->rx)
virNetServerClientDispatchRead(client);
+#if HAVE_GNUTLS
}
+#endif
}
/* NB, will get HANGUP + READABLE at same time upon
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h
index 65084e2..b11b9a9 100644
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -52,7 +52,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock,
int auth,
bool readonly,
size_t nrequests_max,
+# ifdef HAVE_GNUTLS
virNetTLSContextPtr tls,
+# endif
virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart privPreExecRestart,
virFreeCallback privFree,
@@ -76,8 +78,10 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
int virNetServerClientGetAuth(virNetServerClientPtr client);
bool virNetServerClientGetReadonly(virNetServerClientPtr client);
+# ifdef HAVE_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client);
int virNetServerClientGetTLSKeySize(virNetServerClientPtr client);
+# endif
# ifdef HAVE_SASL
void virNetServerClientSetSASLSession(virNetServerClientPtr client,
diff --git a/src/rpc/virnetserverservice.c b/src/rpc/virnetserverservice.c
index 7d671f0..61dd682 100644
--- a/src/rpc/virnetserverservice.c
+++ b/src/rpc/virnetserverservice.c
@@ -41,7 +41,9 @@ struct _virNetServerService {
bool readonly;
size_t nrequests_client_max;
+#if HAVE_GNUTLS
virNetTLSContextPtr tls;
+#endif
virNetServerServiceDispatchFunc dispatchFunc;
void *dispatchOpaque;
@@ -90,9 +92,11 @@ cleanup:
virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service,
int auth,
+#if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_client_max)
{
virNetServerServicePtr svc;
size_t i;
@@ -106,7 +110,9 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
+#if HAVE_GNUTLS
svc->tls = virObjectRef(tls);
+#endif
if (virNetSocketNewListenTCP(nodename,
service,
@@ -144,9 +150,11 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
+#if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_client_max)
{
virNetServerServicePtr svc;
int i;
@@ -160,7 +168,9 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
+#if HAVE_GNUTLS
svc->tls = virObjectRef(tls);
+#endif
svc->nsocks = 1;
if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0)
@@ -202,9 +212,11 @@ error:
virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth,
+#if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+#endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls)
+ size_t nrequests_client_max)
{
virNetServerServicePtr svc;
int i;
@@ -218,7 +230,9 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd,
svc->auth = auth;
svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max;
+#if HAVE_GNUTLS
svc->tls = virObjectRef(tls);
+#endif
svc->nsocks = 1;
if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0)
@@ -401,11 +415,12 @@ size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc)
return svc->nrequests_client_max;
}
+#if HAVE_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc)
{
return svc->tls;
}
-
+#endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func,
@@ -425,7 +440,9 @@ void virNetServerServiceDispose(void *obj)
virObjectUnref(svc->socks[i]);
VIR_FREE(svc->socks);
+#if HAVE_GNUTLS
virObjectUnref(svc->tls);
+#endif
}
void virNetServerServiceToggle(virNetServerServicePtr svc,
diff --git a/src/rpc/virnetserverservice.h b/src/rpc/virnetserverservice.h
index 615b572..934b8d3 100644
--- a/src/rpc/virnetserverservice.h
+++ b/src/rpc/virnetserverservice.h
@@ -40,21 +40,27 @@ typedef int (*virNetServerServiceDispatchFunc)(virNetServerServicePtr svc,
virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service,
int auth,
+# if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+# endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls);
+ size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask,
gid_t grp,
int auth,
+# if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+# endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls);
+ size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth,
+# if HAVE_GNUTLS
+ virNetTLSContextPtr tls,
+# endif
bool readonly,
- size_t nrequests_client_max,
- virNetTLSContextPtr tls);
+ size_t nrequests_client_max);
virNetServerServicePtr virNetServerServiceNewPostExecRestart(virJSONValuePtr object);
@@ -65,7 +71,9 @@ int virNetServerServiceGetPort(virNetServerServicePtr svc);
int virNetServerServiceGetAuth(virNetServerServicePtr svc);
bool virNetServerServiceIsReadonly(virNetServerServicePtr svc);
size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc);
+# ifdef HAVE_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc);
+# endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func,
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index ef93892..a817999 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -79,7 +79,9 @@ struct _virNetSocket {
char *localAddrStr;
char *remoteAddrStr;
+#if HAVE_GNUTLS
virNetTLSSessionPtr tlsSession;
+#endif
#if HAVE_SASL
virNetSASLSessionPtr saslSession;
@@ -948,11 +950,13 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
goto error;
}
#endif
+#if HAVE_GNUTLS
if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is active"));
goto error;
}
+#endif
if (!(object = virJSONValueNewObject()))
goto error;
@@ -1011,10 +1015,12 @@ void virNetSocketDispose(void *obj)
unlink(sock->localAddr.data.un.sun_path);
#endif
+#if HAVE_GNUTLS
/* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession);
+#endif
#if HAVE_SASL
virObjectUnref(sock->saslSession);
#endif
@@ -1178,6 +1184,7 @@ const char *virNetSocketRemoteAddrString(virNetSocketPtr sock)
}
+#if HAVE_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len,
void *opaque)
@@ -1208,7 +1215,7 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
sock);
virMutexUnlock(&sock->lock);
}
-
+#endif
#if HAVE_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
@@ -1280,13 +1287,17 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
#endif
reread:
+#if HAVE_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else {
+#endif
ret = read(sock->fd, buf, len);
+#if HAVE_GNUTLS
}
+#endif
if ((ret < 0) && (errno == EINTR))
goto reread;
@@ -1335,13 +1346,17 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size
#endif
rewrite:
+#if HAVE_GNUTLS
if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else {
+#endif
ret = write(sock->fd, buf, len);
+#if HAVE_GNUTLS
}
+#endif
if (ret < 0) {
if (errno == EINTR)
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 7016c09..ce15bb8 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -26,7 +26,9 @@
# include "virsocketaddr.h"
# include "vircommand.h"
-# include "virnettlscontext.h"
+# ifdef HAVE_GNUTLS
+# include "virnettlscontext.h"
+# endif
# include "virobject.h"
# ifdef HAVE_SASL
# include "virnetsaslcontext.h"
@@ -122,8 +124,10 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len);
int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
+# ifdef HAVE_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess);
+# endif
# ifdef HAVE_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b603ea3..9c7c6fb 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -91,7 +91,7 @@ test_programs = virshtest sockettest \
commandtest seclabeltest \
virhashtest virnetmessagetest virnetsockettest \
viratomictest \
- utiltest virnettlscontexttest shunloadtest \
+ utiltest shunloadtest \
virtimetest viruritest virkeyfiletest \
virauthconfigtest \
virbitmaptest \
@@ -100,6 +100,10 @@ test_programs = virshtest sockettest \
sysinfotest \
$(NULL)
+if HAVE_GNUTLS
+test_programs += virnettlscontexttest
+endif
+
if WITH_SECDRIVER_SELINUX
test_programs += securityselinuxtest
endif
@@ -526,6 +530,7 @@ virnetsockettest_SOURCES = \
virnetsockettest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
virnetsockettest_LDADD = $(LDADDS)
+if HAVE_GNUTLS
virnettlscontexttest_SOURCES = \
virnettlscontexttest.c testutils.h testutils.c
virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
@@ -536,6 +541,10 @@ virnettlscontexttest_LDADD += -ltasn1
else
EXTRA_DIST += pkix_asn1_tab.c
endif
+else
+EXTRA_DIST += \
+ virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
+endif
virtimetest_SOURCES = \
virtimetest.c testutils.h testutils.c
--
1.8.0.1
11 years, 11 months
[libvirt] Connection release is not correct in libvirt and libvrt java
by Benjamin Wang (gendwang)
Hi,
The following is the current code to release connection in libvirt.
int
virConnectClose(virConnectPtr conn)
{
...
if (!VIR_IS_CONNECT(conn)) {
virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__);
goto error;
}
...
error:
virDispatchError(NULL);
return ret;
}
Now if the cable is unplugged and the application call virConnectClose to release connection, the code will enter into the error procedure, the connection
Can't be released. I have changed the following two parts to fix this issue. Please give your comments:
Changed Code1:
int
virConnectClose(virConnectPtr conn)
{
...
+ if(NULL == conn) {
+ return 0;
+ }
...
- if (!VIR_IS_CONNECT(conn)) {
- virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__);
- goto error;
- }
...
error:
virDispatchError(NULL);
return ret;
}
Changed Code2:
int
virUnrefConnect(virConnectPtr conn) {
...
+ if(NULL == conn) {
+ return 0;
+ }
- if ((!VIR_IS_CONNECT(conn))) {
- virLibConnError(VIR_ERR_INVALID_ARG, _("no connection"));
- return -1;
- }
...
}
For libvirt java, there are similar issue. I have changed code as following in Collect.java. Please also give your comments.
public int close() throws LibvirtException {
int success = 0;
if (VCP != null) {
+ try {
success = libvirt.virConnectClose(VCP);
processError();
+ }
+ finally {
// If leave an invalid pointer dangling around JVM crashes and burns
// if someone tries to call a method on us
// We rely on the underlying libvirt error handling to detect that
// it's called with a null virConnectPointer
VCP = null;
+ }
}
return success;
}
B.R.
Benjamin Wang
11 years, 11 months
[libvirt] [PATCH 0/2] Colorize HTML documentation
by Claudio Bley
Hi.
This patchset adds a few classes to the generated HTML documentation.
The style sheets are also adapted making use of the new classes to
give the documentation a little visual overhaul.
YMMV, but it looks good for me using Firefox, Webkit and Opera.
I did check the CSS rules using the W3C CSS validator.
Claudio Bley (2):
docs: Assign classes to documentation elements
docs: Add some style and color to the HTML documentation
docs/generic.css | 4 ++
docs/libvirt.css | 56 +++++++++++++++-
docs/newapi.xsl | 187 +++++++++++++++++++++++++++++++-----------------------
3 files changed, 166 insertions(+), 81 deletions(-)
--
1.7.9.5
11 years, 11 months
[libvirt] [PATCH 0/2] Improve readability of generated HTML documenation
by Claudio Bley
Hi.
These patches try to improve the look and feel of the libvirt documentation.
Claudio Bley (2):
docs: break longer text into paragraphs in HTML
docs: Limit the maximum width of info text to 75em for better
readability
docs/libvirt.css | 4 ++++
docs/newapi.xsl | 50 +++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 45 insertions(+), 9 deletions(-)
--
1.7.9.5
11 years, 11 months
[libvirt] [PATCH 0/3] Resolve DEADCODE errors found by Coverity
by John Ferlan
This set of patches resolves "Error: DEADCODE (CWE-561)" errors found by Coverity
John Ferlan (3):
phyp: Remove deadcode referencing exit_status
nwfilter: Remove unprivileged code path to set base
tests: Remove remnants of removing the fake emulator output
src/nwfilter/nwfilter_driver.c | 10 ++--------
src/phyp/phyp_driver.c | 4 ----
tests/qemuxml2argvtest.c | 11 -----------
3 files changed, 2 insertions(+), 23 deletions(-)
--
1.7.11.7
11 years, 11 months
[libvirt] virsh auto completion
by Michal Privoznik
Going over my local git branches, I found old patch set which I was trying to get in once.
Along guest IP address patches I feel like this one is desired as well and keeps returning
to us from time to time.
What I think this feature should look like:
virsh # sta<TAB>
expands to:
virsh # start
Now, hitting <TAB> again (okay, several times actually) gives us a list of supported options:
--autodestroy --bypass-cache --console --force-boot --paused
virsh # start --
Up to here, it's just current implementation. What I'd like to see is list of
(ideally shut off) domains:
--autodestroy --bypass-cache --console --force-boot --paused f17 f18 <...>
virsh # start --
The same applies to complete a single option as well. That is not (only) command based completer,
but a option based one. IIRC, that was conclusion on my first approach as well. What I've come up with so far is:
diff --git a/tools/virsh.h b/tools/virsh.h
index ab7161f..c7cdb3a 100644
--- a/tools/virsh.h
+++ b/tools/virsh.h
@@ -146,6 +146,8 @@ typedef struct _vshCmdOptDef vshCmdOptDef;
typedef struct _vshControl vshControl;
typedef struct _vshCtrlData vshCtrlData;
+typedef char ** (*vshCmdOptCompleter)
+ (const vshCmdDef *cmd, const char *optname, void *opaque);
/*
* vshCmdInfo -- name/value pair for information about command
*
@@ -162,11 +164,13 @@ struct _vshCmdInfo {
* vshCmdOptDef - command option definition
*/
struct _vshCmdOptDef {
- const char *name; /* the name of option, or NULL for list end */
- vshCmdOptType type; /* option type */
- unsigned int flags; /* flags */
- const char *help; /* non-NULL help string; or for VSH_OT_ALIAS
- * the name of a later public option */
+ const char *name; /* the name of option, or NULL for list end */
+ vshCmdOptType type; /* option type */
+ unsigned int flags; /* flags */
+ vshCmdOptCompleter completer; /* option arguments completer */
+ void *opaque; /* value to pass to @completer */
+ const char *help; /* non-NULL help string; or for VSH_OT_ALIAS
+ * the name of a later public option */
};
One of the biggest problem with this is - I'd have to change all of option definitions
(add 'NULL, NULL, ' to all of them). Apart from huge impact, we still want command based completer,
otherwise we would only complete:
f17 f18 <...>
virsh # start --domain <TAB>
Who's really typing '--domain'? The idea is to make users life easier, not harder.
My aim to write this e-mail is:
1) let you know somebody is working on this
2) get your thoughts and opinions.
Michal
11 years, 11 months