Re: [PATCHv2 1/5] virnetserver: Introduce virNetServerUpdateTlsFiles

11 Mar 2020

On Sat, Mar 07, 2020 at 07:31:00PM +0800, Zhang Bo wrote:
...
Add an API to update server's tls context.
---
 src/libvirt_remote.syms    |  1 +
 src/rpc/virnetserver.c     | 51 ++++++++++++++++++++++++++++++++++++++
 src/rpc/virnetserver.h     |  2 ++
 src/rpc/virnettlscontext.c | 46 ++++++++++++++++++++++++++++++++++
 src/rpc/virnettlscontext.h |  3 +++
 5 files changed, 103 insertions(+)

diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
index 0493467f46..0018a0c41d 100644
--- a/src/libvirt_remote.syms
+++ b/src/libvirt_remote.syms
@@ -137,6 +137,7 @@ virNetServerSetClientLimits;
 virNetServerSetThreadPoolParameters;
 virNetServerSetTLSContext;
 virNetServerUpdateServices;
+virNetServerUpdateTlsFiles;
# rpc/virnetserverclient.h
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 072ffdf5a3..0bfe94d3f8 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -21,6 +21,9 @@
#include <config.h>
+#include <sys/types.h>
+#include <unistd.h>
We use  virutil.h for geteuid() definition.
...
+
 #include "virnetserver.h"
 #include "virlog.h"
 #include "viralloc.h"
@@ -1205,3 +1208,51 @@ virNetServerSetClientLimits(virNetServerPtr srv,
     virObjectUnlock(srv);
     return ret;
 }
+
+static virNetTLSContextPtr
+virNetServerGetTLSContext(virNetServerPtr srv)
+{
+    size_t i;
+    virNetTLSContextPtr ctxt = NULL;
+    virNetServerServicePtr svc = NULL;
+
+    /* find svcTLS from srv, get svcTLS->tls */
+    for (i = 0; i < srv->nservices; i++) {
+        svc = srv->services[i];
+        ctxt = virNetServerServiceGetTLSContext(svc);
+        if (ctxt != NULL)
+            break;
+    }
+
+    return ctxt;
+}
+
+int
+virNetServerUpdateTlsFiles(virNetServerPtr srv)
+{
+    int ret = -1;
+    virNetTLSContextPtr ctxt = NULL;
+    bool privileged = geteuid() == 0 ? true : false;
+
+    ctxt = virNetServerGetTLSContext(srv);
+    if (!ctxt) {
+        VIR_ERROR(_("no tls svc found, unable to update tls files"));
Should be a virReportError
...
+        return -1;
+    }
+
+    virObjectLock(srv);
+    virObjectLock(ctxt);
+
+    if (virNetTLSContextReloadForServer(ctxt, !privileged)) {
+        VIR_ERROR(_("failed to reload server's tls context"));
VIR_DEBUG is sufficient
...
+        goto cleanup;
+    }
+
+    VIR_INFO("update tls files success");
+    ret = 0;
+
+ cleanup:
+    virObjectUnlock(ctxt);
+    virObjectUnlock(srv);
+    return ret;
+}
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

    