January 2013 - Devel - libvirt List Archives

[libvirt] [PATCH] libvirt.h.in: Fix indentation
by Michal Privoznik 10 Jan '13

10 Jan '13

With the most recent patch from Claudio, I realized how many indentation flaws we have in the libvirt.h.in file. Even though they are harmless, it's still worth fixing them. --- Pushed under trivial rule. include/libvirt/libvirt.h.in | 58 ++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index d2640e1..c1233f6 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -124,7 +124,7 @@ typedef enum { VIR_DOMAIN_SHUTOFF = 5, /* the domain is shut off */ VIR_DOMAIN_CRASHED = 6, /* the domain is crashed */ VIR_DOMAIN_PMSUSPENDED = 7, /* the domain is suspended by guest - power management */ + power management */ #ifdef VIR_ENUM_SENTINELS /* @@ -1380,7 +1380,7 @@ virDomainPtr virDomainLookupByID (virConnectPtr conn, virDomainPtr virDomainLookupByUUID (virConnectPtr conn, const unsigned char *uuid); virDomainPtr virDomainLookupByUUIDString (virConnectPtr conn, - const char *uuid); + const char *uuid); typedef enum { VIR_DOMAIN_SHUTDOWN_DEFAULT = 0, /* hypervisor choice */ @@ -1479,9 +1479,9 @@ int virDomainSaveImageDefineXML (virConnectPtr conn, int virDomainManagedSave (virDomainPtr dom, unsigned int flags); int virDomainHasManagedSaveImage(virDomainPtr dom, - unsigned int flags); + unsigned int flags); int virDomainManagedSaveRemove(virDomainPtr dom, - unsigned int flags); + unsigned int flags); /* * Domain core dump @@ -1550,7 +1550,7 @@ int virDomainGetControlInfo (virDomainPtr domain, * Return scheduler type in effect 'sedf', 'credit', 'linux' */ char * virDomainGetSchedulerType(virDomainPtr domain, - int *nparams); + int *nparams); /* Manage blkio parameters. */ @@ -1698,7 +1698,7 @@ unsigned int virDomainGetID (virDomainPtr domain); int virDomainGetUUID (virDomainPtr domain, unsigned char *uuid); int virDomainGetUUIDString (virDomainPtr domain, - char *buf); + char *buf); char * virDomainGetOSType (virDomainPtr domain); unsigned long virDomainGetMaxMemory (virDomainPtr domain); int virDomainSetMaxMemory (virDomainPtr domain, @@ -1828,13 +1828,13 @@ int virDomainInterfaceStats (virDomainPtr dom, #define VIR_DOMAIN_BANDWIDTH_OUT_BURST "outbound.burst" int virDomainSetInterfaceParameters (virDomainPtr dom, - const char *device, - virTypedParameterPtr params, - int nparams, unsigned int flags); + const char *device, + virTypedParameterPtr params, + int nparams, unsigned int flags); int virDomainGetInterfaceParameters (virDomainPtr dom, - const char *device, - virTypedParameterPtr params, - int *nparams, unsigned int flags); + const char *device, + virTypedParameterPtr params, + int *nparams, unsigned int flags); /* Management of domain block devices */ @@ -1972,7 +1972,7 @@ int virConnectListAllDomains (virConnectPtr conn, unsigned int flags); int virDomainCreate (virDomainPtr domain); int virDomainCreateWithFlags (virDomainPtr domain, - unsigned int flags); + unsigned int flags); int virDomainGetAutostart (virDomainPtr domain, int *autostart); @@ -2515,7 +2515,7 @@ typedef enum { config if it's not active */ VIR_NETWORK_UPDATE_AFFECT_LIVE = 1 << 0, /* affect live state of network only */ VIR_NETWORK_UPDATE_AFFECT_CONFIG = 1 << 1, /* affect persistent config only */ - } virNetworkUpdateFlags; +} virNetworkUpdateFlags; /* * Update an existing network definition @@ -2725,16 +2725,16 @@ typedef enum { typedef enum { VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */ VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass NNSA Policy Letter - NAP-14.1-C (XVI-8) */ + NAP-14.1-C (XVI-8) */ VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section - 8-306 procedure */ + 8-306 procedure */ VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the - German Center of Security in - Information Technologies */ + German Center of Security in + Information Technologies */ VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */ VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by - Bruce Schneier in "Applied - Cryptography" (1996) */ + Bruce Schneier in "Applied + Cryptography" (1996) */ VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */ VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */ @@ -3556,12 +3556,12 @@ int virConnectListSecrets (virConnectPtr conn, */ typedef enum { VIR_CONNECT_LIST_SECRETS_EPHEMERAL = 1 << 0, /* kept in memory, never - stored persistently */ + stored persistently */ VIR_CONNECT_LIST_SECRETS_NO_EPHEMERAL = 1 << 1, VIR_CONNECT_LIST_SECRETS_PRIVATE = 1 << 2, /* not revealed to any caller - of libvirt, nor to any other - node */ + of libvirt, nor to any other + node */ VIR_CONNECT_LIST_SECRETS_NO_PRIVATE = 1 << 3, } virConnectListAllSecretsFlags; @@ -4305,12 +4305,12 @@ typedef enum { * VIR_DOMAIN_EVENT_ID_DISK_CHANGE with virConnectDomainEventRegisterAny() */ typedef void (*virConnectDomainEventDiskChangeCallback)(virConnectPtr conn, - virDomainPtr dom, - const char *oldSrcPath, - const char *newSrcPath, - const char *devAlias, - int reason, - void *opaque); + virDomainPtr dom, + const char *oldSrcPath, + const char *newSrcPath, + const char *devAlias, + int reason, + void *opaque); /** * virConnectDomainEventTrayChangeReason: -- 1.8.0.2

1 0

[libvirt] [PATCHv1 0/5] qcow3 support
by Ján Tomko 10 Jan '13

10 Jan '13

This adds support for qcow3 to storage and qemu drivers (except for snapshots, I still need to do that). Qcow3 adds feature bits for compatible, incompatible and autoclear features. I'm not sure if it makes sense to differentiate between them in the XML. If yes, perhaps unknown incompatible features might result in an error, while we could just warn about unknown compatible ones. If not, one bitmap should be enough to track the ones that interest us. There are two feature bits so far: lazy_refcounts (delayed refcount updates) and a dirty bit (refcounts haven't been updated and older QEMU can't read this). If we knew what features are supported by QEMU, we could refuse to use them, however I don't know about other way to find out than running: qemu-img create -f qcow2 -o ? /dev/null If we don't know, I don't think it's any good to find out the dirty bit value. Ján Tomko (5): storage: refactor qemu-img command line generation storage: use virBuffer for generating qemu options string util: add qcow3 format probing conf: add format features to target XML qemu: add support for creating and using qcow3 images src/conf/storage_conf.c | 90 +++++++++++++++++++++++++++++ src/conf/storage_conf.h | 3 + src/libvirt_private.syms | 3 + src/qemu/qemu_command.c | 2 +- src/qemu/qemu_hotplug.c | 4 +- src/storage/storage_backend.c | 106 ++++++++++++++++++----------------- src/storage/storage_backend_fs.c | 7 ++ src/util/virstoragefile.c | 116 ++++++++++++++++++++++++++++++++++++-- src/util/virstoragefile.h | 27 +++++++++ 9 files changed, 298 insertions(+), 60 deletions(-) -- 1.7.8.6

1 5

[libvirt] [PATCH] qemu_agent: Remove agent reference only when disposing it
by Michal Privoznik 10 Jan '13

10 Jan '13

https://bugzilla.redhat.com/show_bug.cgi?id=892079 With current code, if user calls virDomainPMSuspendForDuration() followed by virDomainDestroy(), the former API checks for qemu agent presence, which will evaluate as true (if agent is configured). While talking to qemu agent, the qemu driver is unlocked, so the latter API starts executing. However, if machine dies meanwhile, libvirtd gets EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The handler clears reference to qemu agent while the destroy API already holding a reference to it. This leads to NULL dereferencing later in the code. Therefore, the agent pointer should be set to NULL only if we are the exclusive owner of it. --- There's a reproducer in the BZ. It doesn't have to be a windows guest, I was able to reproduce with F17 guest as well. src/qemu/qemu_process.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 938c17e..320c0c6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -133,7 +133,8 @@ qemuProcessHandleAgentEOF(qemuAgentPtr agent, virDomainObjLock(vm); priv = vm->privateData; - if (priv->agent == agent) + if (priv->agent == agent && + !virObjectUnref(priv->agent)) priv->agent = NULL; virDomainObjUnlock(vm); -- 1.8.0.2

2 3

[libvirt] [PATCH] maint: fix comment typo
by Eric Blake 10 Jan '13

10 Jan '13

While OOM can have knock-on effects that trash a system, generally the first symptom is one of memory thrashing. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Reword slightly. --- Pushing under the trivial rule. src/qemu/qemu_cgroup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 16a9d7c..6527146 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -1,7 +1,7 @@ /* * qemu_cgroup.c: QEMU cgroup management * - * Copyright (C) 2006-2012 Red Hat, Inc. + * Copyright (C) 2006-2013 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -344,8 +344,8 @@ int qemuSetupCgroup(virQEMUDriverPtr driver, if (!hard_limit) { /* If there is no hard_limit set, set a reasonable one to avoid - * system trashing caused by exploited qemu. As 'reasonable limit' - * has been chosen: + * system thrashing caused by exploited qemu. A 'reasonable + * limit' has been chosen: * (1 + k) * (domain memory + total video memory) + (32MB for * cache per each disk) + F * where k = 0.5 and F = 200MB. The cache for disks is important as -- 1.8.0.2

1 0

[libvirt] [PATCH] maint: distribute libvirtd.service.in
by Eric Blake 09 Jan '13

09 Jan '13

I did a build --without-libvirtd, then ran 'make dist'. The resulting tarball was broken, with a complaint that make did not know how to create libvirtd.service.in. I traced it to a use of EXTRA_DIST inside a conditional. * daemon/Makefile.am (EXTRA_DIST): Hoist libvirtd.service.in outside of WITH_LIBVIRTD conditional. --- Pushing under the build-breaker rule. daemon/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index c59084c..95ff8cf 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -37,6 +37,7 @@ EXTRA_DIST = \ libvirtd.upstart \ libvirtd.policy.in \ libvirtd.sasl \ + libvirtd.service.in \ libvirtd.sysconf \ libvirtd.sysctl \ libvirtd.aug \ @@ -322,7 +323,6 @@ uninstall-init-upstart: endif # LIBVIRT_INIT_SCRIPT_UPSTART -EXTRA_DIST += libvirtd.service.in if LIBVIRT_INIT_SCRIPT_SYSTEMD SYSTEMD_UNIT_DIR = /lib/systemd/system -- 1.8.0.2

1 0

[libvirt] [PATCH] Make TLS support conditional
by Daniel P. Berrange 09 Jan '13

09 Jan '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> Add checks for existance of GNUTLS and automatically disable it if not found. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- configure.ac | 70 ++++++++++++++++++++++++++++++++----------- daemon/libvirtd.c | 41 ++++++++++++++++++------- daemon/remote.c | 2 ++ src/Makefile.am | 8 ++++- src/libvirt.c | 17 ++++++++--- src/locking/lock_daemon.c | 12 ++++++-- src/lxc/lxc_controller.c | 6 ++-- src/qemu/qemu_migration.c | 15 ++++++++-- src/remote/remote_driver.c | 15 ++++++++++ src/rpc/virnetclient.c | 20 ++++++++++--- src/rpc/virnetclient.h | 8 ++++- src/rpc/virnetserver.c | 6 ++++ src/rpc/virnetserver.h | 6 +++- src/rpc/virnetserverclient.c | 63 ++++++++++++++++++++++++++++++++++---- src/rpc/virnetserverclient.h | 4 +++ src/rpc/virnetserverservice.c | 31 ++++++++++++++----- src/rpc/virnetserverservice.h | 20 +++++++++---- src/rpc/virnetsocket.c | 17 ++++++++++- src/rpc/virnetsocket.h | 6 +++- tests/Makefile.am | 11 ++++++- 20 files changed, 311 insertions(+), 67 deletions(-) diff --git a/configure.ac b/configure.ac index ab08f17..bb64bf6 100644 --- a/configure.ac +++ b/configure.ac @@ -1025,30 +1025,62 @@ CFLAGS="$old_cflags" LIBS="$old_libs" dnl GnuTLS library -GNUTLS_CFLAGS= -GNUTLS_LIBS= -GNUTLS_FOUND=no -if test -x "$PKG_CONFIG" ; then - PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED, - [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no]) -fi -if test "$GNUTLS_FOUND" = "no"; then +AC_ARG_WITH([gnutls], + AC_HELP_STRING([--with-gnutls], [use GNUTLS for encryption @<:@default=check@:>@]), + [], + [with_gnutls=check]) + + +if test "x$with_gnutls" != "xno"; then + if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then + GNUTLS_CFLAGS="-I$with_gnutls/include" + GNUTLS_LIBS="-L$with_gnutls/lib" + fi fail=0 + old_cflags="$CFLAGS" old_libs="$LIBS" - AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1]) - AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt]) + CFLAGS="$CFLAGS $GNUTLS_CFLAGS" + LIBS="$LIBS $GNUTLS_LIBS" - test $fail = 1 && - AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt]) + GNUTLS_FOUND=no + if test -x "$PKG_CONFIG" ; then + PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED, + [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no]) + fi + if test "$GNUTLS_FOUND" = "no"; then + fail=0 + AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1]) + AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt]) + + test $fail = 0 && GNUTLS_FOUND=yes + + GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls" + fi + if test "$GNUTLS_FOUND" = "no"; then + if test "$with_gnutls" = "check"; then + with_gnutls=no + GNUTLS_LIBS= + GNUTLS_CFLAGS= + else + AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt]) + fi + else + dnl Not all versions of gnutls include -lgcrypt, and so we add + dnl it explicitly for the calls to gcry_control/check_version + GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt" + + with_gnutls=yes + fi - dnl Not all versions of gnutls include -lgcrypt, and so we add - dnl it explicitly for the calls to gcry_control/check_version - GNUTLS_LIBS="$LIBS -lgcrypt" LIBS="$old_libs" -else - GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt" + CFLAGS="$old_CFLAGS" fi +if test "x$with_gnutls" = "xyes" ; then + AC_DEFINE_UNQUOTED([HAVE_GNUTLS], 1, + [whether GNUTLS is available for encryption]) +fi +AM_CONDITIONAL([HAVE_GNUTLS], [test "x$with_gnutls" = "xyes"]) AC_SUBST([GNUTLS_CFLAGS]) AC_SUBST([GNUTLS_LIBS]) @@ -3168,7 +3200,11 @@ AC_MSG_NOTICE([ libssh2: $LIBSSH2_CFLAGS $LIBSSH2_LIBS]) else AC_MSG_NOTICE([ libssh2: no]) fi +if test "$with_gnutls" != "no" ; then AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS]) +else +AC_MSG_NOTICE([ gnutls: no]) +fi if test "$with_sasl" != "no" ; then AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS]) else diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index fa4d129..ff54af3 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -449,7 +449,9 @@ static int daemonSetupNetworking(virNetServerPtr srv, virNetServerServicePtr svc = NULL; virNetServerServicePtr svcRO = NULL; virNetServerServicePtr svcTCP = NULL; +#if HAVE_GNUTLS virNetServerServicePtr svcTLS = NULL; +#endif gid_t unix_sock_gid = 0; int unix_sock_ro_mask = 0; int unix_sock_rw_mask = 0; @@ -474,9 +476,11 @@ static int daemonSetupNetworking(virNetServerPtr srv, unix_sock_rw_mask, unix_sock_gid, config->auth_unix_rw, +#if HAVE_GNUTLS + NULL, +#endif false, - config->max_client_requests, - NULL))) + config->max_client_requests))) goto error; if (sock_path_ro) { VIR_DEBUG("Registering unix socket %s", sock_path_ro); @@ -484,9 +488,11 @@ static int daemonSetupNetworking(virNetServerPtr srv, unix_sock_ro_mask, unix_sock_gid, config->auth_unix_ro, +#if HAVE_GNUTLS + NULL, +#endif true, - config->max_client_requests, - NULL))) + config->max_client_requests))) goto error; } @@ -507,9 +513,11 @@ static int daemonSetupNetworking(virNetServerPtr srv, if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr, config->tcp_port, config->auth_tcp, +#if HAVE_GNUTLS + NULL, +#endif false, - config->max_client_requests, - NULL))) + config->max_client_requests))) goto error; if (virNetServerAddService(srv, svcTCP, @@ -517,6 +525,7 @@ static int daemonSetupNetworking(virNetServerPtr srv, goto error; } +#if HAVE_GNUTLS if (config->listen_tls) { virNetTLSContextPtr ctxt = NULL; @@ -546,9 +555,9 @@ static int daemonSetupNetworking(virNetServerPtr srv, virNetServerServiceNewTCP(config->listen_addr, config->tls_port, config->auth_tls, + ctxt, false, - config->max_client_requests, - ctxt))) { + config->max_client_requests))) { virObjectUnref(ctxt); goto error; } @@ -559,13 +568,23 @@ static int daemonSetupNetworking(virNetServerPtr srv, virObjectUnref(ctxt); } +#else + (void)privileged; + if (config->listen_tls) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("This libvirtd build does not support TLS")); + goto error; + } +#endif } #if HAVE_SASL if (config->auth_unix_rw == REMOTE_AUTH_SASL || config->auth_unix_ro == REMOTE_AUTH_SASL || - config->auth_tcp == REMOTE_AUTH_SASL || - config->auth_tls == REMOTE_AUTH_SASL) { +# if HAVE_GNUTLS + config->auth_tls == REMOTE_AUTH_SASL || +# endif + config->auth_tcp == REMOTE_AUTH_SASL) { saslCtxt = virNetSASLContextNewServer( (const char *const*)config->sasl_allowed_username_list); if (!saslCtxt) @@ -576,7 +595,9 @@ static int daemonSetupNetworking(virNetServerPtr srv, return 0; error: +#if HAVE_GNUTLS virObjectUnref(svcTLS); +#endif virObjectUnref(svcTCP); virObjectUnref(svc); virObjectUnref(svcRO); diff --git a/daemon/remote.c b/daemon/remote.c index 8767c18..67fe335 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2464,6 +2464,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED, if (!sasl) goto authfail; +# if HAVE_GNUTLS /* Inform SASL that we've got an external SSF layer from TLS */ if (virNetServerClientHasTLSSession(client)) { int ssf; @@ -2477,6 +2478,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED, if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) goto authfail; } +# endif if (virNetServerClientIsSecure(client)) /* If we've got TLS or UNIX domain sock, we don't care about SSF */ diff --git a/src/Makefile.am b/src/Makefile.am index 955973e..061d544 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1777,7 +1777,6 @@ libvirt_net_rpc_la_SOURCES = \ rpc/virnetmessage.h rpc/virnetmessage.c \ rpc/virnetprotocol.h rpc/virnetprotocol.c \ rpc/virnetsocket.h rpc/virnetsocket.c \ - rpc/virnettlscontext.h rpc/virnettlscontext.c \ rpc/virkeepaliveprotocol.h rpc/virkeepaliveprotocol.c \ rpc/virkeepalive.h rpc/virkeepalive.c if HAVE_LIBSSH2 @@ -1787,6 +1786,13 @@ else EXTRA_DIST += \ rpc/virnetsshsession.h rpc/virnetsshsession.c endif +if HAVE_GNUTLS +libvirt_net_rpc_la_SOURCES += \ + rpc/virnettlscontext.h rpc/virnettlscontext.c +else +EXTRA_DIST += \ + rpc/virnettlscontext.h rpc/virnettlscontext.c +endif if HAVE_SASL libvirt_net_rpc_la_SOURCES += \ rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c diff --git a/src/libvirt.c b/src/libvirt.c index 6d1da12..e0f6185 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -55,7 +55,9 @@ #include "configmake.h" #include "intprops.h" #include "virconf.h" -#include "rpc/virnettlscontext.h" +#if HAVE_GNUTLS +# include "rpc/virnettlscontext.h" +#endif #include "vircommand.h" #include "virrandom.h" #include "viruri.h" @@ -268,6 +270,8 @@ winsock_init(void) } #endif + +#ifdef HAVE_GNUTLS static int virTLSMutexInit(void **priv) { virMutexPtr lock = NULL; @@ -308,11 +312,11 @@ static int virTLSMutexUnlock(void **priv) static struct gcry_thread_cbs virTLSThreadImpl = { /* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */ -#ifdef GCRY_THREAD_OPTION_VERSION +# ifdef GCRY_THREAD_OPTION_VERSION (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), -#else +# else GCRY_THREAD_OPTION_PTHREAD, -#endif +# endif NULL, virTLSMutexInit, virTLSMutexDestroy, @@ -320,6 +324,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = { virTLSMutexUnlock, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +#endif /* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This * assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but @@ -403,12 +408,16 @@ virGlobalInit(void) virErrorInitialize() < 0) goto error; +#ifdef HAVE_GNUTLS gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl); gcry_check_version(NULL); +#endif virLogSetFromEnv(); +#ifdef HAVE_GNUTLS virNetTLSInit(); +#endif #if HAVE_LIBCURL curl_global_init(CURL_GLOBAL_DEFAULT); diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c index 7288f7a..ba42c00 100644 --- a/src/locking/lock_daemon.c +++ b/src/locking/lock_daemon.c @@ -654,7 +654,11 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv) /* Systemd passes FDs, starting immediately after stderr, * so the first FD we'll get is '3'. */ - if (!(svc = virNetServerServiceNewFD(3, 0, false, 1, NULL))) + if (!(svc = virNetServerServiceNewFD(3, 0, +#if HAVE_GNUTLS + NULL, +#endif + false, 1))) return -1; if (virNetServerAddService(srv, svc, NULL) < 0) { @@ -672,7 +676,11 @@ virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path) VIR_DEBUG("Setting up networking natively"); - if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, false, 1, NULL))) + if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, +#if HAVE_GNUTLS + NULL, +#endif + false, 1))) return -1; if (virNetServerAddService(srv, svc, NULL) < 0) { diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index c9d96b3..ddc921e 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -631,9 +631,11 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl) 0700, 0, 0, +#if HAVE_GNUTLS + NULL, +#endif false, - 5, - NULL))) + 5))) goto error; if (virNetServerAddService(ctrl->server, svc, NULL) < 0) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 9c7247b..e235677 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -23,8 +23,10 @@ #include <config.h> #include <sys/time.h> -#include <gnutls/gnutls.h> -#include <gnutls/x509.h> +#ifdef HAVE_GNUTLS +# include <gnutls/gnutls.h> +# include <gnutls/x509.h> +#endif #include <fcntl.h> #include <poll.h> @@ -196,6 +198,7 @@ static void qemuMigrationCookieFree(qemuMigrationCookiePtr mig) } +#ifdef HAVE_GNUTLS static char * qemuDomainExtractTLSSubject(const char *certdir) { @@ -254,7 +257,7 @@ error: VIR_FREE(pemdata); return NULL; } - +#endif static qemuMigrationCookieGraphicsPtr qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, @@ -273,9 +276,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, if (!listenAddr) listenAddr = driver->vncListen; +#ifdef HAVE_GNUTLS if (driver->vncTLS && !(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->vncTLSx509certdir))) goto error; +#endif } else { mig->port = def->data.spice.port; if (driver->spiceTLS) @@ -286,9 +291,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, if (!listenAddr) listenAddr = driver->spiceListen; +#ifdef HAVE_GNUTLS if (driver->spiceTLS && !(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->spiceTLSx509certdir))) goto error; +#endif } if (!(mig->listen = strdup(listenAddr))) goto no_memory; @@ -297,7 +304,9 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, no_memory: virReportOOMError(); +#ifdef HAVE_GNUTLS error: +#endif qemuMigrationCookieGraphicsFree(mig); return NULL; } diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index c078cb5..f10c68a 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -80,7 +80,9 @@ struct private_data { int counter; /* Serial number for RPC */ +#ifdef HAVE_GNUTLS virNetTLSContextPtr tls; +#endif int is_secure; /* Secure if TLS or SASL or UNIX sockets */ char *type; /* Cached return from remoteType. */ @@ -596,12 +598,19 @@ doRemoteOpen(virConnectPtr conn, /* Connect to the remote service. */ switch (transport) { case trans_tls: +#ifdef HAVE_GNUTLS priv->tls = virNetTLSContextNewClientPath(pkipath, geteuid() != 0 ? true : false, sanity, verify); if (!priv->tls) goto failed; priv->is_secure = 1; +#else + (void)sanity; + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("GNUTLS support not available in this build")); + goto failed; +#endif /*FALLTHROUGH*/ case trans_tcp: @@ -609,11 +618,13 @@ doRemoteOpen(virConnectPtr conn, if (!priv->client) goto failed; +#ifdef HAVE_GNUTLS if (priv->tls) { VIR_DEBUG("Starting TLS session"); if (virNetClientSetTLSSession(priv->client, priv->tls) < 0) goto failed; } +#endif break; @@ -1001,8 +1012,10 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv) (xdrproc_t) xdr_void, (char *) NULL) == -1) ret = -1; +#ifdef HAVE_GNUTLS virObjectUnref(priv->tls); priv->tls = NULL; +#endif virNetClientSetCloseCallback(priv->client, NULL, NULL, @@ -3879,6 +3892,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, saslcb))) goto cleanup; +# ifdef HAVE_GNUTLS /* Initialize some connection props we care about */ if (priv->tls) { if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0) @@ -3890,6 +3904,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) goto cleanup; } +# endif /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */ /* If we're not secure, then forbid any anonymous or trivially crackable auth */ diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 208e2e9..e933529 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -70,7 +70,9 @@ struct _virNetClient { virNetSocketPtr sock; bool asyncIO; +#if HAVE_GNUTLS virNetTLSSessionPtr tls; +#endif char *hostname; virNetClientProgramPtr *programs; @@ -627,7 +629,9 @@ void virNetClientDispose(void *obj) if (client->sock) virNetSocketRemoveIOCallback(client->sock); virObjectUnref(client->sock); +#if HAVE_GNUTLS virObjectUnref(client->tls); +#endif #if HAVE_SASL virObjectUnref(client->sasl); #endif @@ -663,8 +667,10 @@ virNetClientCloseLocked(virNetClientPtr client) virObjectUnref(client->sock); client->sock = NULL; +#if HAVE_GNUTLS virObjectUnref(client->tls); client->tls = NULL; +#endif #if HAVE_SASL virObjectUnref(client->sasl); client->sasl = NULL; @@ -745,6 +751,7 @@ void virNetClientSetSASLSession(virNetClientPtr client, #endif +#if HAVE_GNUTLS int virNetClientSetTLSSession(virNetClientPtr client, virNetTLSContextPtr tls) { @@ -755,12 +762,12 @@ int virNetClientSetTLSSession(virNetClientPtr client, sigset_t oldmask, blockedsigs; sigemptyset(&blockedsigs); -#ifdef SIGWINCH +# ifdef SIGWINCH sigaddset(&blockedsigs, SIGWINCH); -#endif -#ifdef SIGCHLD +# endif +# ifdef SIGCHLD sigaddset(&blockedsigs, SIGCHLD); -#endif +# endif sigaddset(&blockedsigs, SIGPIPE); virNetClientLock(client); @@ -847,13 +854,16 @@ error: virNetClientUnlock(client); return -1; } +#endif bool virNetClientIsEncrypted(virNetClientPtr client) { bool ret = false; virNetClientLock(client); +#if HAVE_GNUTLS if (client->tls) ret = true; +#endif #if HAVE_SASL if (client->sasl) ret = true; @@ -956,6 +966,7 @@ const char *virNetClientRemoteAddrString(virNetClientPtr client) return virNetSocketRemoteAddrString(client->sock); } +#if HAVE_GNUTLS int virNetClientGetTLSKeySize(virNetClientPtr client) { int ret = 0; @@ -965,6 +976,7 @@ int virNetClientGetTLSKeySize(virNetClientPtr client) virNetClientUnlock(client); return ret; } +#endif static int virNetClientCallDispatchReply(virNetClientPtr client) diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 139cf32..d594add 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -23,7 +23,9 @@ #ifndef __VIR_NET_CLIENT_H__ # define __VIR_NET_CLIENT_H__ -# include "virnettlscontext.h" +# ifdef HAVE_GNUTLS +# include "virnettlscontext.h" +# endif # include "virnetmessage.h" # ifdef HAVE_SASL # include "virnetsaslcontext.h" @@ -107,8 +109,10 @@ void virNetClientSetSASLSession(virNetClientPtr client, virNetSASLSessionPtr sasl); # endif +# ifdef HAVE_GNUTLS int virNetClientSetTLSSession(virNetClientPtr client, virNetTLSContextPtr tls); +# endif bool virNetClientIsEncrypted(virNetClientPtr client); bool virNetClientIsOpen(virNetClientPtr client); @@ -116,7 +120,9 @@ bool virNetClientIsOpen(virNetClientPtr client); const char *virNetClientLocalAddrString(virNetClientPtr client); const char *virNetClientRemoteAddrString(virNetClientPtr client); +# ifdef HAVE_GNUTLS int virNetClientGetTLSKeySize(virNetClientPtr client); +# endif void virNetClientClose(virNetClientPtr client); diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 5674309..b9df71b 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -98,7 +98,9 @@ struct _virNetServer { unsigned int quit :1; +#ifdef HAVE_GNUTLS virNetTLSContextPtr tls; +#endif unsigned int autoShutdownTimeout; size_t autoShutdownInhibitions; @@ -309,7 +311,9 @@ static int virNetServerDispatchNewClient(virNetServerServicePtr svc, virNetServerServiceGetAuth(svc), virNetServerServiceIsReadonly(svc), virNetServerServiceGetMaxRequests(svc), +#if HAVE_GNUTLS virNetServerServiceGetTLSContext(svc), +#endif srv->clientPrivNew, srv->clientPrivPreExecRestart, srv->clientPrivFree, @@ -1034,12 +1038,14 @@ no_memory: return -1; } +#if HAVE_GNUTLS int virNetServerSetTLSContext(virNetServerPtr srv, virNetTLSContextPtr tls) { srv->tls = virObjectRef(tls); return 0; } +#endif static void virNetServerAutoShutdownTimer(int timerid ATTRIBUTE_UNUSED, diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h index da7dc9e..d906dd1 100644 --- a/src/rpc/virnetserver.h +++ b/src/rpc/virnetserver.h @@ -26,7 +26,9 @@ # include <signal.h> -# include "virnettlscontext.h" +# ifdef HAVE_GNUTLS +# include "virnettlscontext.h" +# endif # include "virnetserverprogram.h" # include "virnetserverclient.h" # include "virnetserverservice.h" @@ -79,8 +81,10 @@ int virNetServerAddService(virNetServerPtr srv, int virNetServerAddProgram(virNetServerPtr srv, virNetServerProgramPtr prog); +# if HAVE_GNUTLS int virNetServerSetTLSContext(virNetServerPtr srv, virNetTLSContextPtr tls); +# endif void virNetServerUpdateServices(virNetServerPtr srv, bool enabled); diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index aefc511..bf23d24 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -66,8 +66,10 @@ struct _virNetServerClient int auth; bool readonly; char *identity; +#if HAVE_GNUTLS virNetTLSContextPtr tlsCtxt; virNetTLSSessionPtr tls; +#endif #if HAVE_SASL virNetSASLSessionPtr sasl; #endif @@ -147,13 +149,18 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p", +#ifdef HAVE_GNUTLS client->tls, client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1, +#else + NULL, -1, +#endif client->rx, client->tx); if (!client->sock || client->wantClose) return 0; +#if HAVE_GNUTLS if (client->tls) { switch (virNetTLSSessionGetHandshakeStatus(client->tls)) { case VIR_NET_TLS_HANDSHAKE_RECVING: @@ -170,6 +177,7 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { mode |= VIR_EVENT_HANDLE_WRITABLE; } } else { +#endif /* If there is a message on the rx queue, and * we're not in middle of a delayedClose, then * we're wanting more input */ @@ -180,7 +188,9 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { then monitor for writability on socket */ if (client->tx) mode |= VIR_EVENT_HANDLE_WRITABLE; +#if HAVE_GNUTLS } +#endif VIR_DEBUG("mode=%o", mode); return mode; } @@ -287,6 +297,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client, } +#ifdef HAVE_GNUTLS /* Check the client's access. */ static int virNetServerClientCheckAccess(virNetServerClientPtr client) @@ -322,6 +333,8 @@ virNetServerClientCheckAccess(virNetServerClientPtr client) return 0; } +#endif + static void virNetServerClientSockTimerFunc(int timer, void *opaque) @@ -340,9 +353,11 @@ static void virNetServerClientSockTimerFunc(int timer, static virNetServerClientPtr virNetServerClientNewInternal(virNetSocketPtr sock, int auth, +#ifdef HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_max, - virNetTLSContextPtr tls) + size_t nrequests_max) { virNetServerClientPtr client; @@ -360,7 +375,9 @@ virNetServerClientNewInternal(virNetSocketPtr sock, client->sock = virObjectRef(sock); client->auth = auth; client->readonly = readonly; +#ifdef HAVE_GNUTLS client->tlsCtxt = virObjectRef(tls); +#endif client->nrequests_max = nrequests_max; client->sockTimer = virEventAddTimeout(-1, virNetServerClientSockTimerFunc, @@ -394,7 +411,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock, int auth, bool readonly, size_t nrequests_max, +#ifdef HAVE_GNUTLS virNetTLSContextPtr tls, +#endif virNetServerClientPrivNew privNew, virNetServerClientPrivPreExecRestart privPreExecRestart, virFreeCallback privFree, @@ -402,9 +421,19 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock, { virNetServerClientPtr client; - VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls); + VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, +#ifdef HAVE_GNUTLS + tls +#else + NULL +#endif + ); - if (!(client = virNetServerClientNewInternal(sock, auth, readonly, nrequests_max, tls))) + if (!(client = virNetServerClientNewInternal(sock, auth, +#ifdef HAVE_GNUTLS + tls, +#endif + readonly, nrequests_max))) return NULL; if (privNew) { @@ -470,9 +499,11 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec if (!(client = virNetServerClientNewInternal(sock, auth, +#ifdef HAVE_GNUTLS + NULL, +#endif readonly, - nrequests_max, - NULL))) { + nrequests_max))) { virObjectUnref(sock); return NULL; } @@ -571,6 +602,7 @@ bool virNetServerClientGetReadonly(virNetServerClientPtr client) } +#ifdef HAVE_GNUTLS bool virNetServerClientHasTLSSession(virNetServerClientPtr client) { bool has; @@ -589,6 +621,7 @@ int virNetServerClientGetTLSKeySize(virNetServerClientPtr client) virNetServerClientUnlock(client); return size; } +#endif int virNetServerClientGetFD(virNetServerClientPtr client) { @@ -615,8 +648,10 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client) { bool secure = false; virNetServerClientLock(client); +#if HAVE_GNUTLS if (client->tls) secure = true; +#endif #if HAVE_SASL if (client->sasl) secure = true; @@ -628,6 +663,7 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client) } + #if HAVE_SASL void virNetServerClientSetSASLSession(virNetServerClientPtr client, virNetSASLSessionPtr sasl) @@ -730,8 +766,10 @@ void virNetServerClientDispose(void *obj) #endif if (client->sockTimer > 0) virEventRemoveTimeout(client->sockTimer); +#if HAVE_GNUTLS virObjectUnref(client->tls); virObjectUnref(client->tlsCtxt); +#endif virObjectUnref(client->sock); virNetServerClientUnlock(client); virMutexDestroy(&client->lock); @@ -784,10 +822,12 @@ void virNetServerClientClose(virNetServerClientPtr client) if (client->sock) virNetSocketRemoveIOCallback(client->sock); +#if HAVE_GNUTLS if (client->tls) { virObjectUnref(client->tls); client->tls = NULL; } +#endif client->wantClose = true; while (client->rx) { @@ -847,10 +887,13 @@ int virNetServerClientInit(virNetServerClientPtr client) { virNetServerClientLock(client); +#if HAVE_GNUTLS if (!client->tlsCtxt) { +#endif /* Plain socket, so prepare to read first message */ if (virNetServerClientRegisterEvent(client) < 0) goto error; +#if HAVE_GNUTLS } else { int ret; @@ -879,6 +922,7 @@ int virNetServerClientInit(virNetServerClientPtr client) goto error; } } +#endif virNetServerClientUnlock(client); return 0; @@ -1180,6 +1224,8 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client) } } + +#if HAVE_GNUTLS static void virNetServerClientDispatchHandshake(virNetServerClientPtr client) { @@ -1202,6 +1248,7 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client) client->wantClose = true; } } +#endif static void virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque) @@ -1218,17 +1265,21 @@ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque) if (events & (VIR_EVENT_HANDLE_WRITABLE | VIR_EVENT_HANDLE_READABLE)) { +#if HAVE_GNUTLS if (client->tls && virNetTLSSessionGetHandshakeStatus(client->tls) != VIR_NET_TLS_HANDSHAKE_COMPLETE) { virNetServerClientDispatchHandshake(client); } else { +#endif if (events & VIR_EVENT_HANDLE_WRITABLE) virNetServerClientDispatchWrite(client); if (events & VIR_EVENT_HANDLE_READABLE && client->rx) virNetServerClientDispatchRead(client); +#if HAVE_GNUTLS } +#endif } /* NB, will get HANGUP + READABLE at same time upon diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index 65084e2..b11b9a9 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -52,7 +52,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock, int auth, bool readonly, size_t nrequests_max, +# ifdef HAVE_GNUTLS virNetTLSContextPtr tls, +# endif virNetServerClientPrivNew privNew, virNetServerClientPrivPreExecRestart privPreExecRestart, virFreeCallback privFree, @@ -76,8 +78,10 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client, int virNetServerClientGetAuth(virNetServerClientPtr client); bool virNetServerClientGetReadonly(virNetServerClientPtr client); +# ifdef HAVE_GNUTLS bool virNetServerClientHasTLSSession(virNetServerClientPtr client); int virNetServerClientGetTLSKeySize(virNetServerClientPtr client); +# endif # ifdef HAVE_SASL void virNetServerClientSetSASLSession(virNetServerClientPtr client, diff --git a/src/rpc/virnetserverservice.c b/src/rpc/virnetserverservice.c index 7d671f0..61dd682 100644 --- a/src/rpc/virnetserverservice.c +++ b/src/rpc/virnetserverservice.c @@ -41,7 +41,9 @@ struct _virNetServerService { bool readonly; size_t nrequests_client_max; +#if HAVE_GNUTLS virNetTLSContextPtr tls; +#endif virNetServerServiceDispatchFunc dispatchFunc; void *dispatchOpaque; @@ -90,9 +92,11 @@ cleanup: virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, const char *service, int auth, +#if HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls) + size_t nrequests_client_max) { virNetServerServicePtr svc; size_t i; @@ -106,7 +110,9 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, svc->auth = auth; svc->readonly = readonly; svc->nrequests_client_max = nrequests_client_max; +#if HAVE_GNUTLS svc->tls = virObjectRef(tls); +#endif if (virNetSocketNewListenTCP(nodename, service, @@ -144,9 +150,11 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, mode_t mask, gid_t grp, int auth, +#if HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls) + size_t nrequests_client_max) { virNetServerServicePtr svc; int i; @@ -160,7 +168,9 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, svc->auth = auth; svc->readonly = readonly; svc->nrequests_client_max = nrequests_client_max; +#if HAVE_GNUTLS svc->tls = virObjectRef(tls); +#endif svc->nsocks = 1; if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) @@ -202,9 +212,11 @@ error: virNetServerServicePtr virNetServerServiceNewFD(int fd, int auth, +#if HAVE_GNUTLS + virNetTLSContextPtr tls, +#endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls) + size_t nrequests_client_max) { virNetServerServicePtr svc; int i; @@ -218,7 +230,9 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd, svc->auth = auth; svc->readonly = readonly; svc->nrequests_client_max = nrequests_client_max; +#if HAVE_GNUTLS svc->tls = virObjectRef(tls); +#endif svc->nsocks = 1; if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) @@ -401,11 +415,12 @@ size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc) return svc->nrequests_client_max; } +#if HAVE_GNUTLS virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc) { return svc->tls; } - +#endif void virNetServerServiceSetDispatcher(virNetServerServicePtr svc, virNetServerServiceDispatchFunc func, @@ -425,7 +440,9 @@ void virNetServerServiceDispose(void *obj) virObjectUnref(svc->socks[i]); VIR_FREE(svc->socks); +#if HAVE_GNUTLS virObjectUnref(svc->tls); +#endif } void virNetServerServiceToggle(virNetServerServicePtr svc, diff --git a/src/rpc/virnetserverservice.h b/src/rpc/virnetserverservice.h index 615b572..934b8d3 100644 --- a/src/rpc/virnetserverservice.h +++ b/src/rpc/virnetserverservice.h @@ -40,21 +40,27 @@ typedef int (*virNetServerServiceDispatchFunc)(virNetServerServicePtr svc, virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, const char *service, int auth, +# if HAVE_GNUTLS + virNetTLSContextPtr tls, +# endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls); + size_t nrequests_client_max); virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, mode_t mask, gid_t grp, int auth, +# if HAVE_GNUTLS + virNetTLSContextPtr tls, +# endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls); + size_t nrequests_client_max); virNetServerServicePtr virNetServerServiceNewFD(int fd, int auth, +# if HAVE_GNUTLS + virNetTLSContextPtr tls, +# endif bool readonly, - size_t nrequests_client_max, - virNetTLSContextPtr tls); + size_t nrequests_client_max); virNetServerServicePtr virNetServerServiceNewPostExecRestart(virJSONValuePtr object); @@ -65,7 +71,9 @@ int virNetServerServiceGetPort(virNetServerServicePtr svc); int virNetServerServiceGetAuth(virNetServerServicePtr svc); bool virNetServerServiceIsReadonly(virNetServerServicePtr svc); size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc); +# ifdef HAVE_GNUTLS virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc); +# endif void virNetServerServiceSetDispatcher(virNetServerServicePtr svc, virNetServerServiceDispatchFunc func, diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index ef93892..a817999 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -79,7 +79,9 @@ struct _virNetSocket { char *localAddrStr; char *remoteAddrStr; +#if HAVE_GNUTLS virNetTLSSessionPtr tlsSession; +#endif #if HAVE_SASL virNetSASLSessionPtr saslSession; @@ -948,11 +950,13 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock) goto error; } #endif +#if HAVE_GNUTLS if (sock->tlsSession) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Unable to save socket state when TLS session is active")); goto error; } +#endif if (!(object = virJSONValueNewObject())) goto error; @@ -1011,10 +1015,12 @@ void virNetSocketDispose(void *obj) unlink(sock->localAddr.data.un.sun_path); #endif +#if HAVE_GNUTLS /* Make sure it can't send any more I/O during shutdown */ if (sock->tlsSession) virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL); virObjectUnref(sock->tlsSession); +#endif #if HAVE_SASL virObjectUnref(sock->saslSession); #endif @@ -1178,6 +1184,7 @@ const char *virNetSocketRemoteAddrString(virNetSocketPtr sock) } +#if HAVE_GNUTLS static ssize_t virNetSocketTLSSessionWrite(const char *buf, size_t len, void *opaque) @@ -1208,7 +1215,7 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock, sock); virMutexUnlock(&sock->lock); } - +#endif #if HAVE_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, @@ -1280,13 +1287,17 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len) #endif reread: +#if HAVE_GNUTLS if (sock->tlsSession && virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == VIR_NET_TLS_HANDSHAKE_COMPLETE) { ret = virNetTLSSessionRead(sock->tlsSession, buf, len); } else { +#endif ret = read(sock->fd, buf, len); +#if HAVE_GNUTLS } +#endif if ((ret < 0) && (errno == EINTR)) goto reread; @@ -1335,13 +1346,17 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size #endif rewrite: +#if HAVE_GNUTLS if (sock->tlsSession && virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == VIR_NET_TLS_HANDSHAKE_COMPLETE) { ret = virNetTLSSessionWrite(sock->tlsSession, buf, len); } else { +#endif ret = write(sock->fd, buf, len); +#if HAVE_GNUTLS } +#endif if (ret < 0) { if (errno == EINTR) diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index 7016c09..ce15bb8 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -26,7 +26,9 @@ # include "virsocketaddr.h" # include "vircommand.h" -# include "virnettlscontext.h" +# ifdef HAVE_GNUTLS +# include "virnettlscontext.h" +# endif # include "virobject.h" # ifdef HAVE_SASL # include "virnetsaslcontext.h" @@ -122,8 +124,10 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len); int virNetSocketSendFD(virNetSocketPtr sock, int fd); int virNetSocketRecvFD(virNetSocketPtr sock, int *fd); +# ifdef HAVE_GNUTLS void virNetSocketSetTLSSession(virNetSocketPtr sock, virNetTLSSessionPtr sess); +# endif # ifdef HAVE_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, diff --git a/tests/Makefile.am b/tests/Makefile.am index b603ea3..9c7c6fb 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -91,7 +91,7 @@ test_programs = virshtest sockettest \ commandtest seclabeltest \ virhashtest virnetmessagetest virnetsockettest \ viratomictest \ - utiltest virnettlscontexttest shunloadtest \ + utiltest shunloadtest \ virtimetest viruritest virkeyfiletest \ virauthconfigtest \ virbitmaptest \ @@ -100,6 +100,10 @@ test_programs = virshtest sockettest \ sysinfotest \ $(NULL) +if HAVE_GNUTLS +test_programs += virnettlscontexttest +endif + if WITH_SECDRIVER_SELINUX test_programs += securityselinuxtest endif @@ -526,6 +530,7 @@ virnetsockettest_SOURCES = \ virnetsockettest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) virnetsockettest_LDADD = $(LDADDS) +if HAVE_GNUTLS virnettlscontexttest_SOURCES = \ virnettlscontexttest.c testutils.h testutils.c virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) @@ -536,6 +541,10 @@ virnettlscontexttest_LDADD += -ltasn1 else EXTRA_DIST += pkix_asn1_tab.c endif +else +EXTRA_DIST += \ + virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c +endif virtimetest_SOURCES = \ virtimetest.c testutils.h testutils.c -- 1.8.0.1

2 5

[libvirt] Connection release is not correct in libvirt and libvrt java
by Benjamin Wang (gendwang) 09 Jan '13

09 Jan '13

Hi, The following is the current code to release connection in libvirt. int virConnectClose(virConnectPtr conn) { ... if (!VIR_IS_CONNECT(conn)) { virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__); goto error; } ... error: virDispatchError(NULL); return ret; } Now if the cable is unplugged and the application call virConnectClose to release connection, the code will enter into the error procedure, the connection Can't be released. I have changed the following two parts to fix this issue. Please give your comments: Changed Code1: int virConnectClose(virConnectPtr conn) { ... + if(NULL == conn) { + return 0; + } ... - if (!VIR_IS_CONNECT(conn)) { - virLibConnError(VIR_ERR_INVALID_CONN, __FUNCTION__); - goto error; - } ... error: virDispatchError(NULL); return ret; } Changed Code2: int virUnrefConnect(virConnectPtr conn) { ... + if(NULL == conn) { + return 0; + } - if ((!VIR_IS_CONNECT(conn))) { - virLibConnError(VIR_ERR_INVALID_ARG, _("no connection")); - return -1; - } ... } For libvirt java, there are similar issue. I have changed code as following in Collect.java. Please also give your comments. public int close() throws LibvirtException { int success = 0; if (VCP != null) { + try { success = libvirt.virConnectClose(VCP); processError(); + } + finally { // If leave an invalid pointer dangling around JVM crashes and burns // if someone tries to call a method on us // We rely on the underlying libvirt error handling to detect that // it's called with a null virConnectPointer VCP = null; + } } return success; } B.R. Benjamin Wang

3 2

[libvirt] [PATCH 0/2] Colorize HTML documentation
by Claudio Bley 09 Jan '13

09 Jan '13

Hi. This patchset adds a few classes to the generated HTML documentation. The style sheets are also adapted making use of the new classes to give the documentation a little visual overhaul. YMMV, but it looks good for me using Firefox, Webkit and Opera. I did check the CSS rules using the W3C CSS validator. Claudio Bley (2): docs: Assign classes to documentation elements docs: Add some style and color to the HTML documentation docs/generic.css | 4 ++ docs/libvirt.css | 56 +++++++++++++++- docs/newapi.xsl | 187 +++++++++++++++++++++++++++++++----------------------- 3 files changed, 166 insertions(+), 81 deletions(-) -- 1.7.9.5

1 2

[libvirt] [PATCH 0/2] Improve readability of generated HTML documenation
by Claudio Bley 09 Jan '13

09 Jan '13

Hi. These patches try to improve the look and feel of the libvirt documentation. Claudio Bley (2): docs: break longer text into paragraphs in HTML docs: Limit the maximum width of info text to 75em for better readability docs/libvirt.css | 4 ++++ docs/newapi.xsl | 50 +++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 45 insertions(+), 9 deletions(-) -- 1.7.9.5

2 5

[libvirt] [PATCH 0/3] Resolve DEADCODE errors found by Coverity
by John Ferlan 09 Jan '13

09 Jan '13

This set of patches resolves "Error: DEADCODE (CWE-561)" errors found by Coverity John Ferlan (3): phyp: Remove deadcode referencing exit_status nwfilter: Remove unprivileged code path to set base tests: Remove remnants of removing the fake emulator output src/nwfilter/nwfilter_driver.c | 10 ++-------- src/phyp/phyp_driver.c | 4 ---- tests/qemuxml2argvtest.c | 11 ----------- 3 files changed, 2 insertions(+), 23 deletions(-) -- 1.7.11.7

2 6