[libvirt PATCH] src: remove WITH_GNUTLS usage

Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require GnuTLS so it doesn't make sense to ifdef the code. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/libvirt.c | 6 +----- src/remote/remote_driver.c | 19 ------------------- src/rpc/virnetclient.c | 20 ++++---------------- src/rpc/virnetclient.h | 8 +------- src/rpc/virnetsocket.c | 16 ---------------- src/rpc/virnetsocket.h | 6 +----- src/util/virrandom.c | 36 ++---------------------------------- 7 files changed, 9 insertions(+), 102 deletions(-) diff --git a/src/libvirt.c b/src/libvirt.c index f1ffc97261..86bb6551ed 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -45,9 +45,7 @@ #include "viralloc.h" #include "configmake.h" #include "virconf.h" -#if WITH_GNUTLS -# include "rpc/virnettlscontext.h" -#endif +#include "rpc/virnettlscontext.h" #include "vircommand.h" #include "virfile.h" #include "virrandom.h" @@ -233,9 +231,7 @@ virGlobalInit(void) virLogSetFromEnv(); -#ifdef WITH_GNUTLS virNetTLSInit(); -#endif #if WITH_CURL curl_global_init(CURL_GLOBAL_DEFAULT); diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 66472a6cc1..f6e725dcbf 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -124,9 +124,7 @@ struct private_data { int counter; /* Serial number for RPC */ -#ifdef WITH_GNUTLS virNetTLSContextPtr tls; -#endif int is_secure; /* Secure if TLS or SASL or UNIX sockets */ char *type; /* Cached return from remoteType. */ @@ -1132,7 +1130,6 @@ doRemoteOpen(virConnectPtr conn, virConfGetValueString(conf, "tls_priority", &tls_priority) < 0) goto failed; -#ifdef WITH_GNUTLS priv->tls = virNetTLSContextNewClientPath(pkipath, geteuid() != 0 ? true : false, tls_priority, @@ -1141,27 +1138,17 @@ doRemoteOpen(virConnectPtr conn, goto failed; priv->is_secure = 1; G_GNUC_FALLTHROUGH; -#else - (void)tls_priority; - (void)sanity; - (void)verify; - virReportError(VIR_ERR_INVALID_ARG, "%s", - _("GNUTLS support not available in this build")); - goto failed; -#endif case REMOTE_DRIVER_TRANSPORT_TCP: priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC); if (!priv->client) goto failed; -#ifdef WITH_GNUTLS if (priv->tls) { VIR_DEBUG("Starting TLS session"); if (virNetClientSetTLSSession(priv->client, priv->tls) < 0) goto failed; } -#endif break; @@ -1388,10 +1375,8 @@ doRemoteOpen(virConnectPtr conn, priv->client = NULL; virObjectUnref(priv->closeCallback); priv->closeCallback = NULL; -#ifdef WITH_GNUTLS virObjectUnref(priv->tls); priv->tls = NULL; -#endif VIR_FREE(priv->hostname); return VIR_DRV_OPEN_ERROR; @@ -1533,10 +1518,8 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv) (xdrproc_t) xdr_void, (char *) NULL) == -1) ret = -1; -#ifdef WITH_GNUTLS virObjectUnref(priv->tls); priv->tls = NULL; -#endif virNetClientSetCloseCallback(priv->client, NULL, @@ -4271,7 +4254,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, /* saslcb is now owned by sasl */ saslcb = NULL; -# ifdef WITH_GNUTLS /* Initialize some connection props we care about */ if (priv->tls) { if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0) @@ -4283,7 +4265,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) goto cleanup; } -# endif /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */ /* If we're not secure, then forbid any anonymous or trivially crackable auth */ diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 50489b754c..000b937cdd 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -70,9 +70,7 @@ struct _virNetClient { virNetSocketPtr sock; bool asyncIO; -#if WITH_GNUTLS virNetTLSSessionPtr tls; -#endif char *hostname; virNetClientProgramPtr *programs; @@ -708,9 +706,7 @@ void virNetClientDispose(void *obj) if (client->sock) virNetSocketRemoveIOCallback(client->sock); virObjectUnref(client->sock); -#if WITH_GNUTLS virObjectUnref(client->tls); -#endif #if WITH_SASL virObjectUnref(client->sasl); #endif @@ -750,10 +746,8 @@ virNetClientCloseLocked(virNetClientPtr client) virObjectUnref(client->sock); client->sock = NULL; -#if WITH_GNUTLS virObjectUnref(client->tls); client->tls = NULL; -#endif #if WITH_SASL virObjectUnref(client->sasl); client->sasl = NULL; @@ -837,7 +831,6 @@ void virNetClientSetSASLSession(virNetClientPtr client, #endif -#if WITH_GNUTLS int virNetClientSetTLSSession(virNetClientPtr client, virNetTLSContextPtr tls) { @@ -848,12 +841,12 @@ int virNetClientSetTLSSession(virNetClientPtr client, sigset_t oldmask, blockedsigs; sigemptyset(&blockedsigs); -# ifdef SIGWINCH +#ifdef SIGWINCH sigaddset(&blockedsigs, SIGWINCH); -# endif -# ifdef SIGCHLD +#endif +#ifdef SIGCHLD sigaddset(&blockedsigs, SIGCHLD); -# endif +#endif sigaddset(&blockedsigs, SIGPIPE); virObjectLock(client); @@ -940,16 +933,13 @@ int virNetClientSetTLSSession(virNetClientPtr client, virObjectUnlock(client); return -1; } -#endif bool virNetClientIsEncrypted(virNetClientPtr client) { bool ret = false; virObjectLock(client); -#if WITH_GNUTLS if (client->tls) ret = true; -#endif #if WITH_SASL if (client->sasl) ret = true; @@ -1041,7 +1031,6 @@ const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client) return virNetSocketRemoteAddrStringSASL(client->sock); } -#if WITH_GNUTLS int virNetClientGetTLSKeySize(virNetClientPtr client) { int ret = 0; @@ -1051,7 +1040,6 @@ int virNetClientGetTLSKeySize(virNetClientPtr client) virObjectUnlock(client); return ret; } -#endif static int virNetClientCallDispatchReply(virNetClientPtr client) diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index 07b399c1a9..778910b575 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -20,9 +20,7 @@ #pragma once -#ifdef WITH_GNUTLS -# include "virnettlscontext.h" -#endif +#include "virnettlscontext.h" #include "virnetmessage.h" #ifdef WITH_SASL # include "virnetsaslcontext.h" @@ -120,10 +118,8 @@ void virNetClientSetSASLSession(virNetClientPtr client, virNetSASLSessionPtr sasl); #endif -#ifdef WITH_GNUTLS int virNetClientSetTLSSession(virNetClientPtr client, virNetTLSContextPtr tls); -#endif bool virNetClientIsEncrypted(virNetClientPtr client); bool virNetClientIsOpen(virNetClientPtr client); @@ -131,9 +127,7 @@ bool virNetClientIsOpen(virNetClientPtr client); const char *virNetClientLocalAddrStringSASL(virNetClientPtr client); const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client); -#ifdef WITH_GNUTLS int virNetClientGetTLSKeySize(virNetClientPtr client); -#endif void virNetClientClose(virNetClientPtr client); diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 973827ebde..23384e5250 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -93,9 +93,7 @@ struct _virNetSocket { char *remoteAddrStrSASL; char *remoteAddrStrURI; -#if WITH_GNUTLS virNetTLSSessionPtr tlsSession; -#endif #if WITH_SASL virNetSASLSessionPtr saslSession; @@ -1288,13 +1286,11 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock) goto error; } #endif -#if WITH_GNUTLS if (sock->tlsSession) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Unable to save socket state when TLS session is active")); goto error; } -#endif if (!(object = virJSONValueNewObject())) goto error; @@ -1358,12 +1354,10 @@ void virNetSocketDispose(void *obj) unlink(sock->localAddr.data.un.sun_path); #endif -#if WITH_GNUTLS /* Make sure it can't send any more I/O during shutdown */ if (sock->tlsSession) virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL); virObjectUnref(sock->tlsSession); -#endif #if WITH_SASL virObjectUnref(sock->saslSession); #endif @@ -1660,7 +1654,6 @@ const char *virNetSocketRemoteAddrStringURI(virNetSocketPtr sock) return sock->remoteAddrStrURI; } -#if WITH_GNUTLS static ssize_t virNetSocketTLSSessionWrite(const char *buf, size_t len, void *opaque) @@ -1691,7 +1684,6 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock, sock); virObjectUnlock(sock); } -#endif #if WITH_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, @@ -1789,17 +1781,13 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len) #endif reread: -#if WITH_GNUTLS if (sock->tlsSession && virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == VIR_NET_TLS_HANDSHAKE_COMPLETE) { ret = virNetTLSSessionRead(sock->tlsSession, buf, len); } else { -#endif ret = read(sock->fd, buf, len); -#if WITH_GNUTLS } -#endif if ((ret < 0) && (errno == EINTR)) goto reread; @@ -1862,17 +1850,13 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size #endif rewrite: -#if WITH_GNUTLS if (sock->tlsSession && virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == VIR_NET_TLS_HANDSHAKE_COMPLETE) { ret = virNetTLSSessionWrite(sock->tlsSession, buf, len); } else { -#endif ret = write(sock->fd, buf, len); -#if WITH_GNUTLS } -#endif if (ret < 0) { if (errno == EINTR) diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index 8d075464cb..f2b74f3ccb 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -23,9 +23,7 @@ #include "virsocketaddr.h" #include "vircommand.h" -#ifdef WITH_GNUTLS -# include "virnettlscontext.h" -#endif +#include "virnettlscontext.h" #include "virobject.h" #ifdef WITH_SASL # include "virnetsaslcontext.h" @@ -152,10 +150,8 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len); int virNetSocketSendFD(virNetSocketPtr sock, int fd); int virNetSocketRecvFD(virNetSocketPtr sock, int *fd); -#ifdef WITH_GNUTLS void virNetSocketSetTLSSession(virNetSocketPtr sock, virNetTLSSessionPtr sess); -#endif #ifdef WITH_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 39ac36a76e..eae7f3db3c 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -24,10 +24,8 @@ #include <fcntl.h> #include <sys/stat.h> #include <sys/types.h> -#ifdef WITH_GNUTLS -# include <gnutls/gnutls.h> -# include <gnutls/crypto.h> -#endif +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> #include "virrandom.h" #include "virthread.h" @@ -116,7 +114,6 @@ int virRandomBytes(unsigned char *buf, size_t buflen) { -#if WITH_GNUTLS int rv; /* Generate the byte stream using gnutls_rnd() if possible */ @@ -127,35 +124,6 @@ virRandomBytes(unsigned char *buf, return -1; } -#else /* !WITH_GNUTLS */ - - int fd; - - if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) { - virReportSystemError(errno, - _("unable to open %s"), - RANDOM_SOURCE); - return -1; - } - - while (buflen > 0) { - ssize_t n; - - if ((n = saferead(fd, buf, buflen)) <= 0) { - virReportSystemError(errno, - _("unable to read from %s"), - RANDOM_SOURCE); - VIR_FORCE_CLOSE(fd); - return n < 0 ? -errno : -ENODATA; - } - - buf += n; - buflen -= n; - } - - VIR_FORCE_CLOSE(fd); -#endif /* !WITH_GNUTLS */ - return 0; } -- 2.24.1

On Wed, Jan 22, 2020 at 05:33:02PM +0100, Pavel Hrdina wrote:
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require GnuTLS so it doesn't make sense to ifdef the code.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/libvirt.c | 6 +----- src/remote/remote_driver.c | 19 ------------------- src/rpc/virnetclient.c | 20 ++++---------------- src/rpc/virnetclient.h | 8 +------- src/rpc/virnetsocket.c | 16 ---------------- src/rpc/virnetsocket.h | 6 +----- src/util/virrandom.c | 36 ++---------------------------------- 7 files changed, 9 insertions(+), 102 deletions(-)
...
diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 39ac36a76e..eae7f3db3c 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -24,10 +24,8 @@ #include <fcntl.h> #include <sys/stat.h> #include <sys/types.h> -#ifdef WITH_GNUTLS -# include <gnutls/gnutls.h> -# include <gnutls/crypto.h> -#endif +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h>
#include "virrandom.h" #include "virthread.h"
There's a #define of RANDOM_SOURCE that I believe you can drop too....
@@ -116,7 +114,6 @@ int virRandomBytes(unsigned char *buf, size_t buflen)
And the API docs for this are talking about RANDOM_SOURCE instead of GNUTLS (pre-existing problem, but reasonabl to fix now)
{ -#if WITH_GNUTLS int rv;
/* Generate the byte stream using gnutls_rnd() if possible */ @@ -127,35 +124,6 @@ virRandomBytes(unsigned char *buf, return -1; }
-#else /* !WITH_GNUTLS */ - - int fd; - - if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) { - virReportSystemError(errno, - _("unable to open %s"), - RANDOM_SOURCE); - return -1; - } - - while (buflen > 0) { - ssize_t n; - - if ((n = saferead(fd, buf, buflen)) <= 0) { - virReportSystemError(errno, - _("unable to read from %s"), - RANDOM_SOURCE); - VIR_FORCE_CLOSE(fd); - return n < 0 ? -errno : -ENODATA; - } - - buf += n; - buflen -= n; - } - - VIR_FORCE_CLOSE(fd); -#endif /* !WITH_GNUTLS */ - return 0;
With the above minor changes Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

On Wed, Jan 22, 2020 at 05:33:02PM +0100, Pavel Hrdina wrote:
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require GnuTLS so it doesn't make sense to ifdef the code.
The important commit is ac0d21c762351f58dd5d2dafa2014ed48a8b49f3 Michal's commit 234ce7d02f4bfd4d80c1fbcd7e1545f31bae5498 specifically mentions leaving these ifdefs because of their usage in the setuid parts.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/libvirt.c | 6 +----- src/remote/remote_driver.c | 19 ------------------- src/rpc/virnetclient.c | 20 ++++---------------- src/rpc/virnetclient.h | 8 +------- src/rpc/virnetsocket.c | 16 ---------------- src/rpc/virnetsocket.h | 6 +----- src/util/virrandom.c | 36 ++---------------------------------- 7 files changed, 9 insertions(+), 102 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (3)
-
Daniel P. Berrangé
-
Ján Tomko
-
Pavel Hrdina