2010-12-06 17:03:35 +00:00
|
|
|
/*
|
|
|
|
* virnetsocket.c: generic network socket handling
|
|
|
|
*
|
2013-01-11 10:29:03 -07:00
|
|
|
* Copyright (C) 2006-2013 Red Hat, Inc.
|
2010-12-06 17:03:35 +00:00
|
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-09-20 16:30:55 -06:00
|
|
|
* License along with this library. If not, see
|
2012-07-21 18:06:23 +08:00
|
|
|
* <http://www.gnu.org/licenses/>.
|
2010-12-06 17:03:35 +00:00
|
|
|
*
|
|
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/wait.h>
|
2011-06-30 16:06:48 +01:00
|
|
|
#include <signal.h>
|
2011-07-07 15:17:21 +01:00
|
|
|
#include <fcntl.h>
|
Split src/util/network.{c,h} into 5 pieces
The src/util/network.c file is a dumping ground for many different
APIs. Split it up into 5 pieces, along functional lines
- src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
- src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
- src/util/virsocketaddr.c: virSocketAddr and APIs
- src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
for virNetDevBandwidth
- src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
for virNetDevVPortProfile
* src/util/network.c, src/util/network.h: Split into 5 pieces
* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
src/conf/domain_conf.h, src/conf/network_conf.c,
src/conf/network_conf.h, src/conf/nwfilter_conf.h,
src/esx/esx_util.h, src/network/bridge_driver.c,
src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
src/util/virnetdev.h, src/util/virnetdevtap.c,
tools/virsh.c: Update include files
2011-11-02 15:40:08 +00:00
|
|
|
#include <netdb.h>
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_TCP_H
|
|
|
|
# include <netinet/tcp.h>
|
|
|
|
#endif
|
|
|
|
|
2012-12-14 22:06:33 +04:00
|
|
|
#ifdef HAVE_SYS_UCRED_H
|
|
|
|
# include <sys/ucred.h>
|
|
|
|
#endif
|
|
|
|
|
rpc: remove trailing whitespace character in error string
Instead of only removing the ending newline character, it is
better to remove all of standard whitespace character for the
sake of log format.
One example that we have to do this is:
After three times incorrect password input, virsh command
virsh -c qemu://remoteserver/system will report error like:
: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).
But it should be:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
: Connection reset by peer
The reason is that we dropped the newline, but have a '\r' left.
The terminal interprets it as "move the cursor back to the start
of the current line", so the error string is messed up.
2012-07-18 23:02:02 +08:00
|
|
|
#include "c-ctype.h"
|
2010-12-06 17:03:35 +00:00
|
|
|
#include "virnetsocket.h"
|
2012-12-13 17:44:57 +00:00
|
|
|
#include "virutil.h"
|
2012-12-12 18:06:53 +00:00
|
|
|
#include "viralloc.h"
|
2012-12-13 18:21:53 +00:00
|
|
|
#include "virerror.h"
|
2012-12-12 17:59:27 +00:00
|
|
|
#include "virlog.h"
|
2011-07-19 12:32:58 -06:00
|
|
|
#include "virfile.h"
|
2012-12-13 15:49:48 +00:00
|
|
|
#include "virthread.h"
|
2012-09-24 18:10:37 +01:00
|
|
|
#include "virprocess.h"
|
2010-12-06 17:03:35 +00:00
|
|
|
|
2011-10-21 11:13:21 +01:00
|
|
|
#include "passfd.h"
|
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
# include "virnetsshsession.h"
|
|
|
|
#endif
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
#define VIR_FROM_THIS VIR_FROM_RPC
|
|
|
|
|
|
|
|
|
|
|
|
struct _virNetSocket {
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLockable parent;
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
int fd;
|
|
|
|
int watch;
|
|
|
|
pid_t pid;
|
|
|
|
int errfd;
|
|
|
|
bool client;
|
2011-07-19 14:11:33 +01:00
|
|
|
|
|
|
|
/* Event callback fields */
|
2010-12-06 17:03:35 +00:00
|
|
|
virNetSocketIOFunc func;
|
|
|
|
void *opaque;
|
2011-07-19 14:11:33 +01:00
|
|
|
virFreeCallback ff;
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
virSocketAddr localAddr;
|
|
|
|
virSocketAddr remoteAddr;
|
|
|
|
char *localAddrStr;
|
|
|
|
char *remoteAddrStr;
|
2010-12-10 12:22:03 +00:00
|
|
|
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
virNetTLSSessionPtr tlsSession;
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2010-12-10 12:22:03 +00:00
|
|
|
virNetSASLSessionPtr saslSession;
|
|
|
|
|
|
|
|
const char *saslDecoded;
|
|
|
|
size_t saslDecodedLength;
|
|
|
|
size_t saslDecodedOffset;
|
|
|
|
|
|
|
|
const char *saslEncoded;
|
|
|
|
size_t saslEncodedLength;
|
|
|
|
size_t saslEncodedOffset;
|
|
|
|
#endif
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
virNetSSHSessionPtr sshSession;
|
|
|
|
#endif
|
2010-12-06 17:03:35 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2012-07-11 14:35:51 +01:00
|
|
|
static virClassPtr virNetSocketClass;
|
|
|
|
static void virNetSocketDispose(void *obj);
|
|
|
|
|
|
|
|
static int virNetSocketOnceInit(void)
|
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(virNetSocketClass = virClassNew(virClassForObjectLockable(),
|
2013-01-09 17:37:27 +00:00
|
|
|
"virNetSocket",
|
2012-07-11 14:35:51 +01:00
|
|
|
sizeof(virNetSocket),
|
|
|
|
virNetSocketDispose)))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_ONCE_GLOBAL_INIT(virNetSocket)
|
|
|
|
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
#ifndef WIN32
|
|
|
|
static int virNetSocketForkDaemon(const char *binary)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
virCommandPtr cmd = virCommandNewArgList(binary,
|
|
|
|
"--timeout=30",
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
virCommandAddEnvPassCommon(cmd);
|
2012-07-12 13:52:36 +02:00
|
|
|
virCommandAddEnvPass(cmd, "XDG_CACHE_HOME");
|
|
|
|
virCommandAddEnvPass(cmd, "XDG_CONFIG_HOME");
|
|
|
|
virCommandAddEnvPass(cmd, "XDG_RUNTIME_DIR");
|
2010-12-06 17:03:35 +00:00
|
|
|
virCommandClearCaps(cmd);
|
|
|
|
virCommandDaemonize(cmd);
|
|
|
|
ret = virCommandRun(cmd, NULL);
|
|
|
|
virCommandFree(cmd);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
static virNetSocketPtr virNetSocketNew(virSocketAddrPtr localAddr,
|
|
|
|
virSocketAddrPtr remoteAddr,
|
|
|
|
bool isClient,
|
|
|
|
int fd, int errfd, pid_t pid)
|
|
|
|
{
|
|
|
|
virNetSocketPtr sock;
|
|
|
|
int no_slow_start = 1;
|
|
|
|
|
2012-07-11 14:35:51 +01:00
|
|
|
if (virNetSocketInitialize() < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2012-02-10 16:52:01 -07:00
|
|
|
VIR_DEBUG("localAddr=%p remoteAddr=%p fd=%d errfd=%d pid=%lld",
|
2010-12-06 17:03:35 +00:00
|
|
|
localAddr, remoteAddr,
|
2012-02-10 16:52:01 -07:00
|
|
|
fd, errfd, (long long) pid);
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
if (virSetCloseExec(fd) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to set close-on-exec flag"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
if (virSetNonBlock(fd) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to enable non-blocking flag"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
if (!(sock = virObjectLockableNew(virNetSocketClass)))
|
2011-07-19 14:00:24 +01:00
|
|
|
return NULL;
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
if (localAddr)
|
|
|
|
sock->localAddr = *localAddr;
|
|
|
|
if (remoteAddr)
|
|
|
|
sock->remoteAddr = *remoteAddr;
|
|
|
|
sock->fd = fd;
|
|
|
|
sock->errfd = errfd;
|
|
|
|
sock->pid = pid;
|
|
|
|
|
|
|
|
/* Disable nagle for TCP sockets */
|
|
|
|
if (sock->localAddr.data.sa.sa_family == AF_INET ||
|
|
|
|
sock->localAddr.data.sa.sa_family == AF_INET6) {
|
|
|
|
if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY,
|
|
|
|
&no_slow_start,
|
|
|
|
sizeof(no_slow_start)) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to disable nagle algorithm"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (localAddr &&
|
Santize naming of socket address APIs
The socket address APIs in src/util/network.h either take the
form virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.
Sanitize this so everything is virSocketAddrXXXX, and ensure
that the virSocketAddr parameter is always the first one.
* src/util/network.c, src/util/network.h: Santize socket
address API naming
* src/conf/domain_conf.c, src/conf/network_conf.c,
src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
src/nwfilter/nwfilter_ebiptables_driver.c,
src/nwfilter/nwfilter_learnipaddr.c,
src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
src/util/dnsmasq.c, src/util/iptables.c,
src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
API renaming
2011-11-02 14:06:59 +00:00
|
|
|
!(sock->localAddrStr = virSocketAddrFormatFull(localAddr, true, ";")))
|
2010-12-06 17:03:35 +00:00
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (remoteAddr &&
|
Santize naming of socket address APIs
The socket address APIs in src/util/network.h either take the
form virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.
Sanitize this so everything is virSocketAddrXXXX, and ensure
that the virSocketAddr parameter is always the first one.
* src/util/network.c, src/util/network.h: Santize socket
address API naming
* src/conf/domain_conf.c, src/conf/network_conf.c,
src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
src/nwfilter/nwfilter_ebiptables_driver.c,
src/nwfilter/nwfilter_learnipaddr.c,
src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
src/util/dnsmasq.c, src/util/iptables.c,
src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
API renaming
2011-11-02 14:06:59 +00:00
|
|
|
!(sock->remoteAddrStr = virSocketAddrFormatFull(remoteAddr, true, ";")))
|
2010-12-06 17:03:35 +00:00
|
|
|
goto error;
|
|
|
|
|
|
|
|
sock->client = isClient;
|
|
|
|
|
Rewrite all the DTrace/SystemTAP probing
The libvirtd daemon had a few crude system tap probes. Some of
these were broken during the RPC rewrite. The new modular RPC
code is structured in a way that allows much more effective
tracing. Instead of trying to hook up the original probes,
define a new set of probes for the RPC and event code.
The master probes file is now src/probes.d. This contains
probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
probes for the poll event loop.
The src/dtrace2systemtap.pl script can convert the probes.d
file into a libvirt_probes.stp file to make use from systemtap
much simpler.
The src/rpc/gensystemtap.pl script can generate a set of
systemtap functions for translating RPC enum values into
printable strings. This works for all RPC header enums (program,
type, status, procedure) and also the authentication enum
The PROBE macro will automatically generate a VIR_DEBUG
statement, so any place with a PROBE can remove any existing
manual DEBUG statements.
* daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
* daemon/libvirtd.h: Remove probe macros
* daemon/Makefile.am: Remove all probe buildings/install
* daemon/remote.c: Update authentication probes
* src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
to generate STP files
* src/internal.h: Add probe macros
* src/probes.d: Master list of probes
* src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
src/util/event_poll.c: Insert probe points, removing any
DEBUG statements that duplicate the info
2011-09-30 14:40:23 +01:00
|
|
|
PROBE(RPC_SOCKET_NEW,
|
2012-07-11 14:35:51 +01:00
|
|
|
"sock=%p fd=%d errfd=%d pid=%lld localAddr=%s, remoteAddr=%s",
|
|
|
|
sock, fd, errfd, (long long) pid,
|
2012-02-10 16:52:01 -07:00
|
|
|
NULLSTR(sock->localAddrStr), NULLSTR(sock->remoteAddrStr));
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
return sock;
|
|
|
|
|
|
|
|
error:
|
|
|
|
sock->fd = sock->errfd = -1; /* Caller owns fd/errfd on failure */
|
2012-07-11 14:35:51 +01:00
|
|
|
virObjectUnref(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSocketNewListenTCP(const char *nodename,
|
|
|
|
const char *service,
|
|
|
|
virNetSocketPtr **retsocks,
|
|
|
|
size_t *nretsocks)
|
|
|
|
{
|
|
|
|
virNetSocketPtr *socks = NULL;
|
|
|
|
size_t nsocks = 0;
|
|
|
|
struct addrinfo *ai = NULL;
|
|
|
|
struct addrinfo hints;
|
|
|
|
int fd = -1;
|
|
|
|
int i;
|
2011-07-26 08:14:02 +08:00
|
|
|
int addrInUse = false;
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
*retsocks = NULL;
|
|
|
|
*nretsocks = 0;
|
|
|
|
|
2012-03-29 10:52:04 +01:00
|
|
|
memset(&hints, 0, sizeof(hints));
|
2010-12-06 17:03:35 +00:00
|
|
|
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
|
|
|
int e = getaddrinfo(nodename, service, &hints, &ai);
|
|
|
|
if (e != 0) {
|
2012-07-18 11:41:47 +01:00
|
|
|
virReportError(VIR_ERR_SYSTEM_ERROR,
|
|
|
|
_("Unable to resolve address '%s' service '%s': %s"),
|
|
|
|
nodename, service, gai_strerror(e));
|
2010-12-06 17:03:35 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct addrinfo *runp = ai;
|
|
|
|
while (runp) {
|
|
|
|
virSocketAddr addr;
|
|
|
|
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
|
|
|
|
if ((fd = socket(runp->ai_family, runp->ai_socktype,
|
|
|
|
runp->ai_protocol)) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to create socket"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
int opt = 1;
|
2012-03-29 10:52:04 +01:00
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) {
|
2010-12-06 17:03:35 +00:00
|
|
|
virReportSystemError(errno, "%s", _("Unable to enable port reuse"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef IPV6_V6ONLY
|
|
|
|
if (runp->ai_family == PF_INET6) {
|
|
|
|
int on = 1;
|
|
|
|
/*
|
|
|
|
* Normally on Linux an INET6 socket will bind to the INET4
|
|
|
|
* address too. If getaddrinfo returns results with INET4
|
|
|
|
* first though, this will result in INET6 binding failing.
|
|
|
|
* We can trivially cope with multiple server sockets, so
|
|
|
|
* we force it to only listen on IPv6
|
|
|
|
*/
|
|
|
|
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
|
2012-03-29 10:52:04 +01:00
|
|
|
(void*)&on, sizeof(on)) < 0) {
|
2010-12-06 17:03:35 +00:00
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to force bind to IPv6 only"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (bind(fd, runp->ai_addr, runp->ai_addrlen) < 0) {
|
|
|
|
if (errno != EADDRINUSE) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to bind to port"));
|
|
|
|
goto error;
|
|
|
|
}
|
2011-07-26 08:14:02 +08:00
|
|
|
addrInUse = true;
|
2010-12-06 17:03:35 +00:00
|
|
|
VIR_FORCE_CLOSE(fd);
|
2011-07-26 08:14:02 +08:00
|
|
|
runp = runp->ai_next;
|
2010-12-06 17:03:35 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
addr.len = sizeof(addr.data);
|
|
|
|
if (getsockname(fd, &addr.data.sa, &addr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get local socket name"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_DEBUG("%p f=%d f=%d", &addr, runp->ai_family, addr.data.sa.sa_family);
|
|
|
|
|
|
|
|
if (VIR_EXPAND_N(socks, nsocks, 1) < 0) {
|
|
|
|
virReportOOMError();
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(socks[nsocks-1] = virNetSocketNew(&addr, NULL, false, fd, -1, 0)))
|
|
|
|
goto error;
|
|
|
|
runp = runp->ai_next;
|
|
|
|
fd = -1;
|
|
|
|
}
|
|
|
|
|
2011-07-26 08:14:02 +08:00
|
|
|
if (nsocks == 0 &&
|
|
|
|
addrInUse) {
|
|
|
|
virReportSystemError(EADDRINUSE, "%s", _("Unable to bind to port"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
freeaddrinfo(ai);
|
|
|
|
|
|
|
|
*retsocks = socks;
|
|
|
|
*nretsocks = nsocks;
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
for (i = 0 ; i < nsocks ; i++)
|
2012-07-11 14:35:51 +01:00
|
|
|
virObjectUnref(socks[i]);
|
2010-12-06 17:03:35 +00:00
|
|
|
VIR_FREE(socks);
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#if HAVE_SYS_UN_H
|
|
|
|
int virNetSocketNewListenUNIX(const char *path,
|
|
|
|
mode_t mask,
|
2011-08-12 11:10:19 +02:00
|
|
|
uid_t user,
|
2010-12-06 17:03:35 +00:00
|
|
|
gid_t grp,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
virSocketAddr addr;
|
|
|
|
mode_t oldmask;
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
*retsock = NULL;
|
|
|
|
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
|
|
|
|
addr.len = sizeof(addr.data.un);
|
|
|
|
|
|
|
|
if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Failed to create socket"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
addr.data.un.sun_family = AF_UNIX;
|
|
|
|
if (virStrcpyStatic(addr.data.un.sun_path, path) == NULL) {
|
2011-11-02 21:39:31 +01:00
|
|
|
virReportSystemError(ENAMETOOLONG,
|
|
|
|
_("Path %s too long for unix socket"), path);
|
2010-12-06 17:03:35 +00:00
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
if (addr.data.un.sun_path[0] == '@')
|
|
|
|
addr.data.un.sun_path[0] = '\0';
|
|
|
|
else
|
|
|
|
unlink(addr.data.un.sun_path);
|
|
|
|
|
|
|
|
oldmask = umask(~mask);
|
|
|
|
|
|
|
|
if (bind(fd, &addr.data.sa, addr.len) < 0) {
|
|
|
|
umask(oldmask);
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Failed to bind socket to '%s'"),
|
|
|
|
path);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
umask(oldmask);
|
|
|
|
|
|
|
|
/* chown() doesn't work for abstract sockets but we use them only
|
|
|
|
* if libvirtd runs unprivileged
|
|
|
|
*/
|
2011-08-12 11:10:19 +02:00
|
|
|
if (grp != 0 && chown(path, user, grp)) {
|
2010-12-06 17:03:35 +00:00
|
|
|
virReportSystemError(errno,
|
2011-08-12 11:10:19 +02:00
|
|
|
_("Failed to change ownership of '%s' to %d:%d"),
|
|
|
|
path, (int) user, (int) grp);
|
2010-12-06 17:03:35 +00:00
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(*retsock = virNetSocketNew(&addr, NULL, false, fd, -1, 0)))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
if (path[0] != '@')
|
|
|
|
unlink(path);
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
int virNetSocketNewListenUNIX(const char *path ATTRIBUTE_UNUSED,
|
|
|
|
mode_t mask ATTRIBUTE_UNUSED,
|
2011-08-17 11:52:38 -06:00
|
|
|
uid_t user ATTRIBUTE_UNUSED,
|
2010-12-06 17:03:35 +00:00
|
|
|
gid_t grp ATTRIBUTE_UNUSED,
|
|
|
|
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
virReportSystemError(ENOSYS, "%s",
|
|
|
|
_("UNIX sockets are not supported on this platform"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-08-09 15:09:19 +01:00
|
|
|
int virNetSocketNewListenFD(int fd,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
virSocketAddr addr;
|
|
|
|
*retsock = NULL;
|
|
|
|
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
|
|
|
|
addr.len = sizeof(addr.data);
|
|
|
|
if (getsockname(fd, &addr.data.sa, &addr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get local socket name"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(*retsock = virNetSocketNew(&addr, NULL, false, fd, -1, 0)))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
int virNetSocketNewConnectTCP(const char *nodename,
|
|
|
|
const char *service,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
struct addrinfo *ai = NULL;
|
|
|
|
struct addrinfo hints;
|
|
|
|
int fd = -1;
|
|
|
|
virSocketAddr localAddr;
|
|
|
|
virSocketAddr remoteAddr;
|
|
|
|
struct addrinfo *runp;
|
|
|
|
int savedErrno = ENOENT;
|
|
|
|
|
|
|
|
*retsock = NULL;
|
|
|
|
|
|
|
|
memset(&localAddr, 0, sizeof(localAddr));
|
|
|
|
memset(&remoteAddr, 0, sizeof(remoteAddr));
|
|
|
|
|
2012-03-29 10:52:04 +01:00
|
|
|
memset(&hints, 0, sizeof(hints));
|
2010-12-06 17:03:35 +00:00
|
|
|
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
|
|
|
int e = getaddrinfo(nodename, service, &hints, &ai);
|
|
|
|
if (e != 0) {
|
2012-07-18 11:41:47 +01:00
|
|
|
virReportError(VIR_ERR_SYSTEM_ERROR,
|
|
|
|
_("Unable to resolve address '%s' service '%s': %s"),
|
2012-10-17 10:23:12 +01:00
|
|
|
nodename, service, gai_strerror(e));
|
2010-12-06 17:03:35 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
runp = ai;
|
|
|
|
while (runp) {
|
|
|
|
int opt = 1;
|
|
|
|
|
|
|
|
if ((fd = socket(runp->ai_family, runp->ai_socktype,
|
|
|
|
runp->ai_protocol)) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to create socket"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2013-01-15 13:12:56 -05:00
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) {
|
|
|
|
VIR_WARN("Unable to enable port reuse");
|
|
|
|
}
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
if (connect(fd, runp->ai_addr, runp->ai_addrlen) >= 0)
|
|
|
|
break;
|
|
|
|
|
|
|
|
savedErrno = errno;
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
runp = runp->ai_next;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fd == -1) {
|
|
|
|
virReportSystemError(savedErrno,
|
|
|
|
_("unable to connect to server at '%s:%s'"),
|
|
|
|
nodename, service);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
localAddr.len = sizeof(localAddr.data);
|
|
|
|
if (getsockname(fd, &localAddr.data.sa, &localAddr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get local socket name"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
remoteAddr.len = sizeof(remoteAddr.data);
|
|
|
|
if (getpeername(fd, &remoteAddr.data.sa, &remoteAddr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get remote socket name"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(*retsock = virNetSocketNew(&localAddr, &remoteAddr, true, fd, -1, 0)))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-12-10 12:22:03 +00:00
|
|
|
#ifdef HAVE_SYS_UN_H
|
2010-12-06 17:03:35 +00:00
|
|
|
int virNetSocketNewConnectUNIX(const char *path,
|
|
|
|
bool spawnDaemon,
|
|
|
|
const char *binary,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
virSocketAddr localAddr;
|
|
|
|
virSocketAddr remoteAddr;
|
|
|
|
int fd;
|
|
|
|
int retries = 0;
|
|
|
|
|
|
|
|
memset(&localAddr, 0, sizeof(localAddr));
|
|
|
|
memset(&remoteAddr, 0, sizeof(remoteAddr));
|
|
|
|
|
|
|
|
remoteAddr.len = sizeof(remoteAddr.data.un);
|
|
|
|
|
2011-12-06 21:46:22 +00:00
|
|
|
if (spawnDaemon && !binary) {
|
maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread. When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.
In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in. Syntax check to the rescue!
The syntax check can catch uses such as
virReportError(code,
_("split "
"string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.
This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.
* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-23 14:33:08 -06:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
2012-07-18 11:41:47 +01:00
|
|
|
_("Auto-spawn of daemon requested, but no binary specified"));
|
2011-12-06 21:46:22 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Failed to create socket"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
remoteAddr.data.un.sun_family = AF_UNIX;
|
|
|
|
if (virStrcpyStatic(remoteAddr.data.un.sun_path, path) == NULL) {
|
|
|
|
virReportSystemError(ENOMEM, _("Path %s too long for unix socket"), path);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
if (remoteAddr.data.un.sun_path[0] == '@')
|
|
|
|
remoteAddr.data.un.sun_path[0] = '\0';
|
|
|
|
|
|
|
|
retry:
|
|
|
|
if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
|
2012-05-25 14:54:31 +01:00
|
|
|
if ((errno == ECONNREFUSED ||
|
|
|
|
errno == ENOENT) &&
|
|
|
|
spawnDaemon && retries < 20) {
|
|
|
|
VIR_DEBUG("Connection refused for %s, trying to spawn %s",
|
|
|
|
path, binary);
|
2010-12-06 17:03:35 +00:00
|
|
|
if (retries == 0 &&
|
|
|
|
virNetSocketForkDaemon(binary) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
retries++;
|
|
|
|
usleep(1000 * 100 * retries);
|
|
|
|
goto retry;
|
|
|
|
}
|
|
|
|
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Failed to connect socket to '%s'"),
|
|
|
|
path);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
localAddr.len = sizeof(localAddr.data);
|
|
|
|
if (getsockname(fd, &localAddr.data.sa, &localAddr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get local socket name"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(*retsock = virNetSocketNew(&localAddr, &remoteAddr, true, fd, -1, 0)))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
int virNetSocketNewConnectUNIX(const char *path ATTRIBUTE_UNUSED,
|
|
|
|
bool spawnDaemon ATTRIBUTE_UNUSED,
|
|
|
|
const char *binary ATTRIBUTE_UNUSED,
|
|
|
|
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
virReportSystemError(ENOSYS, "%s",
|
|
|
|
_("UNIX sockets are not supported on this platform"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef WIN32
|
|
|
|
int virNetSocketNewConnectCommand(virCommandPtr cmd,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
pid_t pid = 0;
|
2011-06-29 12:28:57 -06:00
|
|
|
int sv[2] = { -1, -1 };
|
|
|
|
int errfd[2] = { -1, -1 };
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
*retsock = NULL;
|
|
|
|
|
|
|
|
/* Fork off the external process. Use socketpair to create a private
|
|
|
|
* (unnamed) Unix domain socket to the child process so we don't have
|
|
|
|
* to faff around with two file descriptors (a la 'pipe(2)').
|
|
|
|
*/
|
|
|
|
if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("unable to create socket pair"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pipe(errfd) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("unable to create socket pair"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
virCommandSetInputFD(cmd, sv[1]);
|
|
|
|
virCommandSetOutputFD(cmd, &sv[1]);
|
|
|
|
virCommandSetErrorFD(cmd, &errfd[1]);
|
|
|
|
|
|
|
|
if (virCommandRunAsync(cmd, &pid) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
/* Parent continues here. */
|
|
|
|
VIR_FORCE_CLOSE(sv[1]);
|
|
|
|
VIR_FORCE_CLOSE(errfd[1]);
|
|
|
|
|
|
|
|
if (!(*retsock = virNetSocketNew(NULL, NULL, true, sv[0], errfd[0], pid)))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
virCommandFree(cmd);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
VIR_FORCE_CLOSE(sv[0]);
|
|
|
|
VIR_FORCE_CLOSE(sv[1]);
|
|
|
|
VIR_FORCE_CLOSE(errfd[0]);
|
|
|
|
VIR_FORCE_CLOSE(errfd[1]);
|
|
|
|
|
|
|
|
virCommandAbort(cmd);
|
|
|
|
virCommandFree(cmd);
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
int virNetSocketNewConnectCommand(virCommandPtr cmd ATTRIBUTE_UNUSED,
|
|
|
|
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Tunnelling sockets not supported on this platform"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
int virNetSocketNewConnectSSH(const char *nodename,
|
|
|
|
const char *service,
|
|
|
|
const char *binary,
|
|
|
|
const char *username,
|
|
|
|
bool noTTY,
|
2011-07-11 22:50:31 +03:00
|
|
|
bool noVerify,
|
2010-12-06 17:03:35 +00:00
|
|
|
const char *netcat,
|
2011-07-19 20:52:21 +03:00
|
|
|
const char *keyfile,
|
2010-12-06 17:03:35 +00:00
|
|
|
const char *path,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
2011-10-13 21:49:01 +02:00
|
|
|
char *quoted;
|
2010-12-06 17:03:35 +00:00
|
|
|
virCommandPtr cmd;
|
2011-10-13 21:49:01 +02:00
|
|
|
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
*retsock = NULL;
|
|
|
|
|
|
|
|
cmd = virCommandNew(binary ? binary : "ssh");
|
|
|
|
virCommandAddEnvPassCommon(cmd);
|
2011-09-09 15:59:26 +02:00
|
|
|
virCommandAddEnvPass(cmd, "KRB5CCNAME");
|
2010-12-06 17:03:35 +00:00
|
|
|
virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
|
|
|
|
virCommandAddEnvPass(cmd, "SSH_ASKPASS");
|
2011-07-20 14:11:43 -04:00
|
|
|
virCommandAddEnvPass(cmd, "DISPLAY");
|
2011-11-28 13:15:25 +01:00
|
|
|
virCommandAddEnvPass(cmd, "XAUTHORITY");
|
2010-12-06 17:03:35 +00:00
|
|
|
virCommandClearCaps(cmd);
|
|
|
|
|
|
|
|
if (service)
|
|
|
|
virCommandAddArgList(cmd, "-p", service, NULL);
|
|
|
|
if (username)
|
|
|
|
virCommandAddArgList(cmd, "-l", username, NULL);
|
2011-07-19 20:52:21 +03:00
|
|
|
if (keyfile)
|
|
|
|
virCommandAddArgList(cmd, "-i", keyfile, NULL);
|
2010-12-06 17:03:35 +00:00
|
|
|
if (noTTY)
|
|
|
|
virCommandAddArgList(cmd, "-T", "-o", "BatchMode=yes",
|
|
|
|
"-e", "none", NULL);
|
2011-07-11 22:50:31 +03:00
|
|
|
if (noVerify)
|
|
|
|
virCommandAddArgList(cmd, "-o", "StrictHostKeyChecking=no", NULL);
|
2011-07-08 21:07:29 +02:00
|
|
|
|
|
|
|
if (!netcat)
|
|
|
|
netcat = "nc";
|
|
|
|
|
|
|
|
virCommandAddArgList(cmd, nodename, "sh", "-c", NULL);
|
2011-10-13 21:49:01 +02:00
|
|
|
|
|
|
|
virBufferEscapeShell(&buf, netcat);
|
|
|
|
if (virBufferError(&buf)) {
|
2013-01-30 10:05:24 -05:00
|
|
|
virCommandFree(cmd);
|
2011-10-13 21:49:01 +02:00
|
|
|
virBufferFreeAndReset(&buf);
|
|
|
|
virReportOOMError();
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
quoted = virBufferContentAndReset(&buf);
|
2011-07-08 21:07:29 +02:00
|
|
|
/*
|
|
|
|
* This ugly thing is a shell script to detect availability of
|
|
|
|
* the -q option for 'nc': debian and suse based distros need this
|
|
|
|
* flag to ensure the remote nc will exit on EOF, so it will go away
|
|
|
|
* when we close the connection tunnel. If it doesn't go away, subsequent
|
|
|
|
* connection attempts will hang.
|
|
|
|
*
|
|
|
|
* Fedora's 'nc' doesn't have this option, and defaults to the desired
|
|
|
|
* behavior.
|
|
|
|
*/
|
|
|
|
virCommandAddArgFormat(cmd,
|
2011-10-13 21:49:01 +02:00
|
|
|
"'if '%s' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
|
2011-07-08 21:07:29 +02:00
|
|
|
"ARG=-q0;"
|
|
|
|
"else "
|
|
|
|
"ARG=;"
|
|
|
|
"fi;"
|
2011-10-13 21:49:01 +02:00
|
|
|
"'%s' $ARG -U %s'",
|
|
|
|
quoted, quoted, path);
|
2010-12-06 17:03:35 +00:00
|
|
|
|
2011-10-13 21:49:01 +02:00
|
|
|
VIR_FREE(quoted);
|
2010-12-06 17:03:35 +00:00
|
|
|
return virNetSocketNewConnectCommand(cmd, retsock);
|
|
|
|
}
|
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
int
|
|
|
|
virNetSocketNewConnectLibSSH2(const char *host,
|
|
|
|
const char *port,
|
|
|
|
const char *username,
|
|
|
|
const char *password,
|
|
|
|
const char *privkey,
|
|
|
|
const char *knownHosts,
|
|
|
|
const char *knownHostsVerify,
|
|
|
|
const char *authMethods,
|
|
|
|
const char *command,
|
|
|
|
virConnectAuthPtr auth,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
virNetSocketPtr sock = NULL;
|
|
|
|
virNetSSHSessionPtr sess = NULL;
|
|
|
|
unsigned int verify;
|
|
|
|
int ret = -1;
|
|
|
|
int portN;
|
|
|
|
|
|
|
|
char *authMethodNext = NULL;
|
|
|
|
char *authMethodsCopy = NULL;
|
|
|
|
char *authMethod;
|
|
|
|
|
|
|
|
/* port number will be verified while opening the socket */
|
|
|
|
if (virStrToLong_i(port, NULL, 10, &portN) < 0) {
|
|
|
|
virReportError(VIR_ERR_SSH, "%s",
|
|
|
|
_("Failed to parse port number"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* create ssh session context */
|
|
|
|
if (!(sess = virNetSSHSessionNew()))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
/* set ssh session parameters */
|
|
|
|
if (virNetSSHSessionAuthSetCallback(sess, auth) != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (STRCASEEQ("auto", knownHostsVerify))
|
|
|
|
verify = VIR_NET_SSH_HOSTKEY_VERIFY_AUTO_ADD;
|
|
|
|
else if (STRCASEEQ("ignore", knownHostsVerify))
|
|
|
|
verify = VIR_NET_SSH_HOSTKEY_VERIFY_IGNORE;
|
|
|
|
else if (STRCASEEQ("normal", knownHostsVerify))
|
|
|
|
verify = VIR_NET_SSH_HOSTKEY_VERIFY_NORMAL;
|
|
|
|
else {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG,
|
|
|
|
_("Invalid host key verification method: '%s'"),
|
|
|
|
knownHostsVerify);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virNetSSHSessionSetHostKeyVerification(sess,
|
|
|
|
host,
|
|
|
|
portN,
|
|
|
|
knownHosts,
|
2012-08-21 18:28:11 +02:00
|
|
|
verify,
|
|
|
|
VIR_NET_SSH_HOSTKEY_FILE_CREATE) != 0)
|
2011-11-14 15:50:02 +01:00
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virNetSSHSessionSetChannelCommand(sess, command) != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (!(authMethodNext = authMethodsCopy = strdup(authMethods))) {
|
|
|
|
virReportOOMError();
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
while ((authMethod = strsep(&authMethodNext, ","))) {
|
|
|
|
if (STRCASEEQ(authMethod, "keyboard-interactive"))
|
|
|
|
ret = virNetSSHSessionAuthAddKeyboardAuth(sess, username, -1);
|
|
|
|
else if (STRCASEEQ(authMethod, "password"))
|
|
|
|
ret = virNetSSHSessionAuthAddPasswordAuth(sess,
|
|
|
|
username,
|
|
|
|
password);
|
|
|
|
else if (STRCASEEQ(authMethod, "privkey"))
|
|
|
|
ret = virNetSSHSessionAuthAddPrivKeyAuth(sess,
|
|
|
|
username,
|
|
|
|
privkey,
|
|
|
|
NULL);
|
|
|
|
else if (STRCASEEQ(authMethod, "agent"))
|
|
|
|
ret = virNetSSHSessionAuthAddAgentAuth(sess, username);
|
|
|
|
else {
|
|
|
|
virReportError(VIR_ERR_INVALID_ARG,
|
|
|
|
_("Invalid authentication method: '%s'"),
|
|
|
|
authMethod);
|
|
|
|
ret = -1;
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ret != 0)
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* connect to remote server */
|
|
|
|
if ((ret = virNetSocketNewConnectTCP(host, port, &sock)) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
/* connect to the host using ssh */
|
|
|
|
if ((ret = virNetSSHSessionConnect(sess, virNetSocketGetFD(sock))) != 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
sock->sshSession = sess;
|
|
|
|
*retsock = sock;
|
|
|
|
|
|
|
|
VIR_FREE(authMethodsCopy);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
virObjectUnref(sock);
|
|
|
|
virObjectUnref(sess);
|
|
|
|
VIR_FREE(authMethodsCopy);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
int
|
|
|
|
virNetSocketNewConnectLibSSH2(const char *host ATTRIBUTE_UNUSED,
|
|
|
|
const char *port ATTRIBUTE_UNUSED,
|
|
|
|
const char *username ATTRIBUTE_UNUSED,
|
|
|
|
const char *password ATTRIBUTE_UNUSED,
|
|
|
|
const char *privkey ATTRIBUTE_UNUSED,
|
|
|
|
const char *knownHosts ATTRIBUTE_UNUSED,
|
|
|
|
const char *knownHostsVerify ATTRIBUTE_UNUSED,
|
|
|
|
const char *authMethods ATTRIBUTE_UNUSED,
|
|
|
|
const char *command ATTRIBUTE_UNUSED,
|
|
|
|
virConnectAuthPtr auth ATTRIBUTE_UNUSED,
|
|
|
|
virNetSocketPtr *retsock ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
virReportSystemError(ENOSYS, "%s",
|
|
|
|
_("libssh2 transport support was not enabled"));
|
|
|
|
return -1;
|
|
|
|
}
|
2013-01-08 21:34:15 +00:00
|
|
|
#endif /* WITH_SSH2 */
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
int virNetSocketNewConnectExternal(const char **cmdargv,
|
|
|
|
virNetSocketPtr *retsock)
|
|
|
|
{
|
|
|
|
virCommandPtr cmd;
|
|
|
|
|
|
|
|
*retsock = NULL;
|
|
|
|
|
|
|
|
cmd = virCommandNewArgs(cmdargv);
|
|
|
|
virCommandAddEnvPassCommon(cmd);
|
|
|
|
virCommandClearCaps(cmd);
|
|
|
|
|
|
|
|
return virNetSocketNewConnectCommand(cmd, retsock);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-08-09 12:54:54 +01:00
|
|
|
virNetSocketPtr virNetSocketNewPostExecRestart(virJSONValuePtr object)
|
|
|
|
{
|
|
|
|
virSocketAddr localAddr;
|
|
|
|
virSocketAddr remoteAddr;
|
|
|
|
int fd, thepid, errfd;
|
|
|
|
bool isClient;
|
|
|
|
|
|
|
|
if (virJSONValueObjectGetNumberInt(object, "fd", &fd) < 0) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Missing fd data in JSON document"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virJSONValueObjectGetNumberInt(object, "pid", &thepid) < 0) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Missing pid data in JSON document"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virJSONValueObjectGetNumberInt(object, "errfd", &errfd) < 0) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Missing errfd data in JSON document"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
if (virJSONValueObjectGetBoolean(object, "isClient", &isClient) < 0) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Missing isClient data in JSON document"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
memset(&localAddr, 0, sizeof(localAddr));
|
|
|
|
memset(&remoteAddr, 0, sizeof(remoteAddr));
|
|
|
|
|
|
|
|
remoteAddr.len = sizeof(remoteAddr.data.stor);
|
|
|
|
if (getsockname(fd, &remoteAddr.data.sa, &remoteAddr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get peer socket name"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
localAddr.len = sizeof(localAddr.data.stor);
|
|
|
|
if (getsockname(fd, &localAddr.data.sa, &localAddr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get local socket name"));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return virNetSocketNew(&localAddr, &remoteAddr,
|
|
|
|
isClient, fd, errfd, thepid);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
|
|
|
|
{
|
|
|
|
virJSONValuePtr object = NULL;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-08-09 12:54:54 +01:00
|
|
|
|
2013-01-11 10:29:03 -07:00
|
|
|
#if WITH_SASL
|
2012-08-09 12:54:54 +01:00
|
|
|
if (sock->saslSession) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
|
|
|
_("Unable to save socket state when SASL session is active"));
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
#endif
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2012-08-09 12:54:54 +01:00
|
|
|
if (sock->tlsSession) {
|
|
|
|
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
|
|
|
_("Unable to save socket state when TLS session is active"));
|
|
|
|
goto error;
|
|
|
|
}
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2012-08-09 12:54:54 +01:00
|
|
|
|
|
|
|
if (!(object = virJSONValueNewObject()))
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virJSONValueObjectAppendNumberInt(object, "fd", sock->fd) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virJSONValueObjectAppendNumberInt(object, "errfd", sock->errfd) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virJSONValueObjectAppendNumberInt(object, "pid", sock->pid) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virJSONValueObjectAppendBoolean(object, "isClient", sock->client) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (virSetInherit(sock->fd, true) < 0) {
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Cannot disable close-on-exec flag on socket %d"),
|
|
|
|
sock->fd);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
if (sock->errfd != -1 &&
|
|
|
|
virSetInherit(sock->errfd, true) < 0) {
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Cannot disable close-on-exec flag on pipe %d"),
|
|
|
|
sock->errfd);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2012-08-09 12:54:54 +01:00
|
|
|
return object;
|
|
|
|
|
|
|
|
error:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2012-08-09 12:54:54 +01:00
|
|
|
virJSONValueFree(object);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-07-11 14:35:51 +01:00
|
|
|
void virNetSocketDispose(void *obj)
|
2011-10-07 16:39:37 +01:00
|
|
|
{
|
2012-07-11 14:35:51 +01:00
|
|
|
virNetSocketPtr sock = obj;
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
VIR_DEBUG("sock=%p fd=%d", sock, sock->fd);
|
|
|
|
if (sock->watch > 0) {
|
|
|
|
virEventRemoveHandle(sock->watch);
|
|
|
|
sock->watch = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_UN_H
|
|
|
|
/* If a server socket, then unlink UNIX path */
|
|
|
|
if (!sock->client &&
|
|
|
|
sock->localAddr.data.sa.sa_family == AF_UNIX &&
|
|
|
|
sock->localAddr.data.un.sun_path[0] != '\0')
|
|
|
|
unlink(sock->localAddr.data.un.sun_path);
|
|
|
|
#endif
|
|
|
|
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
/* Make sure it can't send any more I/O during shutdown */
|
|
|
|
if (sock->tlsSession)
|
|
|
|
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
|
2012-07-11 14:35:48 +01:00
|
|
|
virObjectUnref(sock->tlsSession);
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2012-07-11 14:35:49 +01:00
|
|
|
virObjectUnref(sock->saslSession);
|
2010-12-10 12:22:03 +00:00
|
|
|
#endif
|
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
virObjectUnref(sock->sshSession);
|
|
|
|
#endif
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
VIR_FORCE_CLOSE(sock->fd);
|
|
|
|
VIR_FORCE_CLOSE(sock->errfd);
|
|
|
|
|
2012-09-24 17:59:31 +01:00
|
|
|
virProcessAbort(sock->pid);
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
VIR_FREE(sock->localAddrStr);
|
|
|
|
VIR_FREE(sock->remoteAddrStr);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSocketGetFD(virNetSocketPtr sock)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
int fd;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
fd = sock->fd;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return fd;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-07-07 15:17:21 +01:00
|
|
|
int virNetSocketDupFD(virNetSocketPtr sock, bool cloexec)
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
if (cloexec)
|
|
|
|
fd = fcntl(sock->fd, F_DUPFD_CLOEXEC);
|
|
|
|
else
|
|
|
|
fd = dup(sock->fd);
|
|
|
|
if (fd < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to copy socket file handle"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
bool virNetSocketIsLocal(virNetSocketPtr sock)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
bool isLocal = false;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
if (sock->localAddr.data.sa.sa_family == AF_UNIX)
|
2011-07-19 14:00:24 +01:00
|
|
|
isLocal = true;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return isLocal;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-10-21 11:13:21 +01:00
|
|
|
bool virNetSocketHasPassFD(virNetSocketPtr sock)
|
|
|
|
{
|
|
|
|
bool hasPassFD = false;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-10-21 11:13:21 +01:00
|
|
|
if (sock->localAddr.data.sa.sa_family == AF_UNIX)
|
|
|
|
hasPassFD = true;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-10-21 11:13:21 +01:00
|
|
|
return hasPassFD;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-03-02 17:11:42 +00:00
|
|
|
int virNetSocketGetPort(virNetSocketPtr sock)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
int port;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
Santize naming of socket address APIs
The socket address APIs in src/util/network.h either take the
form virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.
Sanitize this so everything is virSocketAddrXXXX, and ensure
that the virSocketAddr parameter is always the first one.
* src/util/network.c, src/util/network.h: Santize socket
address API naming
* src/conf/domain_conf.c, src/conf/network_conf.c,
src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
src/nwfilter/nwfilter_ebiptables_driver.c,
src/nwfilter/nwfilter_learnipaddr.c,
src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
src/util/dnsmasq.c, src/util/iptables.c,
src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
API renaming
2011-11-02 14:06:59 +00:00
|
|
|
port = virSocketAddrGetPort(&sock->localAddr);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return port;
|
2011-03-02 17:11:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-12-14 22:06:33 +04:00
|
|
|
#if defined(SO_PEERCRED)
|
2012-01-18 17:41:36 +00:00
|
|
|
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
|
|
|
|
uid_t *uid,
|
|
|
|
gid_t *gid,
|
|
|
|
pid_t *pid)
|
2010-12-06 17:03:35 +00:00
|
|
|
{
|
|
|
|
struct ucred cr;
|
2012-03-29 10:52:04 +01:00
|
|
|
socklen_t cr_len = sizeof(cr);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
if (getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Failed to get client socket identity"));
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*pid = cr.pid;
|
|
|
|
*uid = cr.uid;
|
2011-12-16 00:18:22 +00:00
|
|
|
*gid = cr.gid;
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2012-12-14 22:06:33 +04:00
|
|
|
#elif defined(LOCAL_PEERCRED)
|
|
|
|
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
|
|
|
|
uid_t *uid,
|
|
|
|
gid_t *gid,
|
|
|
|
pid_t *pid)
|
|
|
|
{
|
|
|
|
struct xucred cr;
|
|
|
|
socklen_t cr_len = sizeof(cr);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-12-14 22:06:33 +04:00
|
|
|
|
|
|
|
if (getsockopt(sock->fd, SOL_SOCKET, LOCAL_PEERCRED, &cr, &cr_len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Failed to get client socket identity"));
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2012-12-14 22:06:33 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*pid = -1;
|
|
|
|
*uid = cr.cr_uid;
|
|
|
|
*gid = cr.cr_gid;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2012-12-14 22:06:33 +04:00
|
|
|
return 0;
|
|
|
|
}
|
2010-12-06 17:03:35 +00:00
|
|
|
#else
|
2012-01-18 17:41:36 +00:00
|
|
|
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
|
|
|
|
uid_t *uid ATTRIBUTE_UNUSED,
|
|
|
|
gid_t *gid ATTRIBUTE_UNUSED,
|
|
|
|
pid_t *pid ATTRIBUTE_UNUSED)
|
2010-12-06 17:03:35 +00:00
|
|
|
{
|
|
|
|
/* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
|
|
|
|
virReportSystemError(ENOSYS, "%s",
|
|
|
|
_("Client socket identity not available"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
int virNetSocketSetBlocking(virNetSocketPtr sock,
|
|
|
|
bool blocking)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
int ret;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
ret = virSetBlocking(sock->fd, blocking);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return ret;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
const char *virNetSocketLocalAddrString(virNetSocketPtr sock)
|
|
|
|
{
|
|
|
|
return sock->localAddrStr;
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *virNetSocketRemoteAddrString(virNetSocketPtr sock)
|
|
|
|
{
|
|
|
|
return sock->remoteAddrStr;
|
|
|
|
}
|
|
|
|
|
2010-12-10 12:22:03 +00:00
|
|
|
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
static ssize_t virNetSocketTLSSessionWrite(const char *buf,
|
|
|
|
size_t len,
|
|
|
|
void *opaque)
|
|
|
|
{
|
|
|
|
virNetSocketPtr sock = opaque;
|
|
|
|
return write(sock->fd, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static ssize_t virNetSocketTLSSessionRead(char *buf,
|
|
|
|
size_t len,
|
|
|
|
void *opaque)
|
|
|
|
{
|
|
|
|
virNetSocketPtr sock = opaque;
|
|
|
|
return read(sock->fd, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void virNetSocketSetTLSSession(virNetSocketPtr sock,
|
|
|
|
virNetTLSSessionPtr sess)
|
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-07-11 14:35:48 +01:00
|
|
|
virObjectUnref(sock->tlsSession);
|
|
|
|
sock->tlsSession = virObjectRef(sess);
|
2010-12-10 12:22:03 +00:00
|
|
|
virNetTLSSessionSetIOCallbacks(sess,
|
|
|
|
virNetSocketTLSSessionWrite,
|
|
|
|
virNetSocketTLSSessionRead,
|
|
|
|
sock);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2010-12-10 12:22:03 +00:00
|
|
|
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2010-12-10 12:22:03 +00:00
|
|
|
void virNetSocketSetSASLSession(virNetSocketPtr sock,
|
|
|
|
virNetSASLSessionPtr sess)
|
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-07-11 14:35:49 +01:00
|
|
|
virObjectUnref(sock->saslSession);
|
|
|
|
sock->saslSession = virObjectRef(sess);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
bool virNetSocketHasCachedData(virNetSocketPtr sock ATTRIBUTE_UNUSED)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
bool hasCached = false;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-11-14 15:50:02 +01:00
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
if (virNetSSHSessionHasCachedData(sock->sshSession))
|
|
|
|
hasCached = true;
|
|
|
|
#endif
|
|
|
|
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2010-12-10 12:22:03 +00:00
|
|
|
if (sock->saslDecoded)
|
2011-07-19 14:00:24 +01:00
|
|
|
hasCached = true;
|
2010-12-10 12:22:03 +00:00
|
|
|
#endif
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return hasCached;
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
static ssize_t virNetSocketLibSSH2Read(virNetSocketPtr sock,
|
|
|
|
char *buf,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
return virNetSSHChannelRead(sock->sshSession, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t virNetSocketLibSSH2Write(virNetSocketPtr sock,
|
|
|
|
const char *buf,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
return virNetSSHChannelWrite(sock->sshSession, buf, len);
|
|
|
|
}
|
|
|
|
#endif
|
2010-12-10 12:22:03 +00:00
|
|
|
|
2011-11-08 09:13:27 +00:00
|
|
|
bool virNetSocketHasPendingData(virNetSocketPtr sock ATTRIBUTE_UNUSED)
|
|
|
|
{
|
|
|
|
bool hasPending = false;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2011-11-08 09:13:27 +00:00
|
|
|
if (sock->saslEncoded)
|
|
|
|
hasPending = true;
|
|
|
|
#endif
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-11-08 09:13:27 +00:00
|
|
|
return hasPending;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-12-10 12:22:03 +00:00
|
|
|
static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
|
2010-12-06 17:03:35 +00:00
|
|
|
{
|
|
|
|
char *errout = NULL;
|
|
|
|
ssize_t ret;
|
2011-11-14 15:50:02 +01:00
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
if (sock->sshSession)
|
|
|
|
return virNetSocketLibSSH2Read(sock, buf, len);
|
|
|
|
#endif
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
reread:
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
if (sock->tlsSession &&
|
|
|
|
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
|
|
|
|
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
|
|
|
|
ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
|
|
|
|
} else {
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2010-12-10 12:22:03 +00:00
|
|
|
ret = read(sock->fd, buf, len);
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
if ((ret < 0) && (errno == EINTR))
|
|
|
|
goto reread;
|
|
|
|
if ((ret < 0) && (errno == EAGAIN))
|
|
|
|
return 0;
|
2010-12-10 12:22:03 +00:00
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
if (ret <= 0 &&
|
|
|
|
sock->errfd != -1 &&
|
|
|
|
virFileReadLimFD(sock->errfd, 1024, &errout) >= 0 &&
|
|
|
|
errout != NULL) {
|
|
|
|
size_t elen = strlen(errout);
|
rpc: remove trailing whitespace character in error string
Instead of only removing the ending newline character, it is
better to remove all of standard whitespace character for the
sake of log format.
One example that we have to do this is:
After three times incorrect password input, virsh command
virsh -c qemu://remoteserver/system will report error like:
: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).
But it should be:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
: Connection reset by peer
The reason is that we dropped the newline, but have a '\r' left.
The terminal interprets it as "move the cursor back to the start
of the current line", so the error string is messed up.
2012-07-18 23:02:02 +08:00
|
|
|
/* remove trailing whitespace */
|
|
|
|
while (elen && c_isspace(errout[elen - 1]))
|
|
|
|
errout[--elen] = '\0';
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
if (errout)
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Cannot recv data: %s"), errout);
|
|
|
|
else
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Cannot recv data"));
|
|
|
|
ret = -1;
|
|
|
|
} else if (ret == 0) {
|
|
|
|
if (errout)
|
|
|
|
virReportSystemError(EIO,
|
|
|
|
_("End of file while reading data: %s"), errout);
|
|
|
|
else
|
|
|
|
virReportSystemError(EIO, "%s",
|
|
|
|
_("End of file while reading data"));
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
VIR_FREE(errout);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2010-12-10 12:22:03 +00:00
|
|
|
static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size_t len)
|
2010-12-06 17:03:35 +00:00
|
|
|
{
|
|
|
|
ssize_t ret;
|
2011-11-14 15:50:02 +01:00
|
|
|
|
2013-01-08 21:34:15 +00:00
|
|
|
#if WITH_SSH2
|
2011-11-14 15:50:02 +01:00
|
|
|
if (sock->sshSession)
|
|
|
|
return virNetSocketLibSSH2Write(sock, buf, len);
|
|
|
|
#endif
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
rewrite:
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
if (sock->tlsSession &&
|
|
|
|
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
|
|
|
|
VIR_NET_TLS_HANDSHAKE_COMPLETE) {
|
|
|
|
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
|
|
|
|
} else {
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2010-12-10 12:22:03 +00:00
|
|
|
ret = write(sock->fd, buf, len);
|
2013-01-08 21:02:05 +00:00
|
|
|
#if WITH_GNUTLS
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
2013-01-07 14:54:18 +00:00
|
|
|
#endif
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
if (errno == EINTR)
|
|
|
|
goto rewrite;
|
|
|
|
if (errno == EAGAIN)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Cannot write data"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (ret == 0) {
|
|
|
|
virReportSystemError(EIO, "%s",
|
|
|
|
_("End of file while writing data"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2010-12-10 12:22:03 +00:00
|
|
|
static ssize_t virNetSocketReadSASL(virNetSocketPtr sock, char *buf, size_t len)
|
|
|
|
{
|
|
|
|
ssize_t got;
|
|
|
|
|
|
|
|
/* Need to read some more data off the wire */
|
|
|
|
if (sock->saslDecoded == NULL) {
|
|
|
|
ssize_t encodedLen = virNetSASLSessionGetMaxBufSize(sock->saslSession);
|
|
|
|
char *encoded;
|
|
|
|
if (VIR_ALLOC_N(encoded, encodedLen) < 0) {
|
|
|
|
virReportOOMError();
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
encodedLen = virNetSocketReadWire(sock, encoded, encodedLen);
|
|
|
|
|
|
|
|
if (encodedLen <= 0) {
|
|
|
|
VIR_FREE(encoded);
|
|
|
|
return encodedLen;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (virNetSASLSessionDecode(sock->saslSession,
|
|
|
|
encoded, encodedLen,
|
|
|
|
&sock->saslDecoded, &sock->saslDecodedLength) < 0) {
|
|
|
|
VIR_FREE(encoded);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
VIR_FREE(encoded);
|
|
|
|
|
|
|
|
sock->saslDecodedOffset = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Some buffered decoded data to return now */
|
|
|
|
got = sock->saslDecodedLength - sock->saslDecodedOffset;
|
|
|
|
|
|
|
|
if (len > got)
|
|
|
|
len = got;
|
|
|
|
|
|
|
|
memcpy(buf, sock->saslDecoded + sock->saslDecodedOffset, len);
|
|
|
|
sock->saslDecodedOffset += len;
|
|
|
|
|
|
|
|
if (sock->saslDecodedOffset == sock->saslDecodedLength) {
|
|
|
|
sock->saslDecoded = NULL;
|
|
|
|
sock->saslDecodedOffset = sock->saslDecodedLength = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static ssize_t virNetSocketWriteSASL(virNetSocketPtr sock, const char *buf, size_t len)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
size_t tosend = virNetSASLSessionGetMaxBufSize(sock->saslSession);
|
|
|
|
|
|
|
|
/* SASL doesn't necessarily let us send the whole
|
|
|
|
buffer at once */
|
|
|
|
if (tosend > len)
|
|
|
|
tosend = len;
|
|
|
|
|
|
|
|
/* Not got any pending encoded data, so we need to encode raw stuff */
|
|
|
|
if (sock->saslEncoded == NULL) {
|
|
|
|
if (virNetSASLSessionEncode(sock->saslSession,
|
|
|
|
buf, tosend,
|
|
|
|
&sock->saslEncoded,
|
|
|
|
&sock->saslEncodedLength) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
sock->saslEncodedOffset = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Send some of the encoded stuff out on the wire */
|
|
|
|
ret = virNetSocketWriteWire(sock,
|
|
|
|
sock->saslEncoded + sock->saslEncodedOffset,
|
|
|
|
sock->saslEncodedLength - sock->saslEncodedOffset);
|
|
|
|
|
|
|
|
if (ret <= 0)
|
|
|
|
return ret; /* -1 error, 0 == egain */
|
|
|
|
|
|
|
|
/* Note how much we sent */
|
|
|
|
sock->saslEncodedOffset += ret;
|
|
|
|
|
|
|
|
/* Sent all encoded, so update raw buffer to indicate completion */
|
|
|
|
if (sock->saslEncodedOffset == sock->saslEncodedLength) {
|
|
|
|
sock->saslEncoded = NULL;
|
|
|
|
sock->saslEncodedOffset = sock->saslEncodedLength = 0;
|
|
|
|
|
|
|
|
/* Mark as complete, so caller detects completion */
|
|
|
|
return tosend;
|
|
|
|
} else {
|
|
|
|
/* Still have stuff pending in saslEncoded buffer.
|
|
|
|
* Pretend to caller that we didn't send any yet.
|
|
|
|
* The caller will then retry with same buffer
|
|
|
|
* shortly, which lets us finish saslEncoded.
|
|
|
|
*/
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
ssize_t virNetSocketRead(virNetSocketPtr sock, char *buf, size_t len)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
ssize_t ret;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2010-12-10 12:22:03 +00:00
|
|
|
if (sock->saslSession)
|
2011-07-19 14:00:24 +01:00
|
|
|
ret = virNetSocketReadSASL(sock, buf, len);
|
2010-12-10 12:22:03 +00:00
|
|
|
else
|
|
|
|
#endif
|
2011-07-19 14:00:24 +01:00
|
|
|
ret = virNetSocketReadWire(sock, buf, len);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return ret;
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
ssize_t ret;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2012-09-20 12:58:29 +01:00
|
|
|
#if WITH_SASL
|
2010-12-10 12:22:03 +00:00
|
|
|
if (sock->saslSession)
|
2011-07-19 14:00:24 +01:00
|
|
|
ret = virNetSocketWriteSASL(sock, buf, len);
|
2010-12-10 12:22:03 +00:00
|
|
|
else
|
|
|
|
#endif
|
2011-07-19 14:00:24 +01:00
|
|
|
ret = virNetSocketWriteWire(sock, buf, len);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return ret;
|
2010-12-10 12:22:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-11-04 16:02:14 +00:00
|
|
|
/*
|
|
|
|
* Returns 1 if an FD was sent, 0 if it would block, -1 on error
|
|
|
|
*/
|
2011-10-21 11:13:21 +01:00
|
|
|
int virNetSocketSendFD(virNetSocketPtr sock, int fd)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
if (!virNetSocketHasPassFD(sock)) {
|
maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread. When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.
In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in. Syntax check to the rescue!
The syntax check can catch uses such as
virReportError(code,
_("split "
"string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.
This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.
* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-23 14:33:08 -06:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
2012-07-18 11:41:47 +01:00
|
|
|
_("Sending file descriptors is not supported on this socket"));
|
2011-10-21 11:13:21 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-10-21 11:13:21 +01:00
|
|
|
PROBE(RPC_SOCKET_SEND_FD,
|
|
|
|
"sock=%p fd=%d", sock, fd);
|
|
|
|
if (sendfd(sock->fd, fd) < 0) {
|
2011-11-04 16:02:14 +00:00
|
|
|
if (errno == EAGAIN)
|
|
|
|
ret = 0;
|
|
|
|
else
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Failed to send file descriptor %d"),
|
|
|
|
fd);
|
2011-10-21 11:13:21 +01:00
|
|
|
goto cleanup;
|
|
|
|
}
|
2011-11-04 16:02:14 +00:00
|
|
|
ret = 1;
|
2011-10-21 11:13:21 +01:00
|
|
|
|
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-10-21 11:13:21 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-11-04 16:02:14 +00:00
|
|
|
/*
|
|
|
|
* Returns 1 if an FD was read, 0 if it would block, -1 on error
|
|
|
|
*/
|
|
|
|
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd)
|
2011-10-21 11:13:21 +01:00
|
|
|
{
|
|
|
|
int ret = -1;
|
2011-11-04 16:02:14 +00:00
|
|
|
|
|
|
|
*fd = -1;
|
|
|
|
|
2011-10-21 11:13:21 +01:00
|
|
|
if (!virNetSocketHasPassFD(sock)) {
|
maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread. When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.
In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in. Syntax check to the rescue!
The syntax check can catch uses such as
virReportError(code,
_("split "
"string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.
This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.
* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-23 14:33:08 -06:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
2012-07-18 11:41:47 +01:00
|
|
|
_("Receiving file descriptors is not supported on this socket"));
|
2011-10-21 11:13:21 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-10-21 11:13:21 +01:00
|
|
|
|
2011-11-04 16:02:14 +00:00
|
|
|
if ((*fd = recvfd(sock->fd, O_CLOEXEC)) < 0) {
|
|
|
|
if (errno == EAGAIN)
|
|
|
|
ret = 0;
|
|
|
|
else
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Failed to recv file descriptor"));
|
2011-10-21 11:13:21 +01:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
PROBE(RPC_SOCKET_RECV_FD,
|
2011-11-04 16:02:14 +00:00
|
|
|
"sock=%p fd=%d", sock, *fd);
|
|
|
|
ret = 1;
|
2011-10-21 11:13:21 +01:00
|
|
|
|
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-10-21 11:13:21 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-12 11:07:51 +02:00
|
|
|
int virNetSocketListen(virNetSocketPtr sock, int backlog)
|
2010-12-06 17:03:35 +00:00
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-08-12 11:07:51 +02:00
|
|
|
if (listen(sock->fd, backlog > 0 ? backlog : 30) < 0) {
|
2010-12-06 17:03:35 +00:00
|
|
|
virReportSystemError(errno, "%s", _("Unable to listen on socket"));
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return -1;
|
|
|
|
}
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int virNetSocketAccept(virNetSocketPtr sock, virNetSocketPtr *clientsock)
|
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
int fd = -1;
|
2010-12-06 17:03:35 +00:00
|
|
|
virSocketAddr localAddr;
|
|
|
|
virSocketAddr remoteAddr;
|
2011-07-19 14:00:24 +01:00
|
|
|
int ret = -1;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
*clientsock = NULL;
|
|
|
|
|
|
|
|
memset(&localAddr, 0, sizeof(localAddr));
|
|
|
|
memset(&remoteAddr, 0, sizeof(remoteAddr));
|
|
|
|
|
|
|
|
remoteAddr.len = sizeof(remoteAddr.data.stor);
|
|
|
|
if ((fd = accept(sock->fd, &remoteAddr.data.sa, &remoteAddr.len)) < 0) {
|
|
|
|
if (errno == ECONNABORTED ||
|
2011-07-19 14:00:24 +01:00
|
|
|
errno == EAGAIN) {
|
|
|
|
ret = 0;
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2010-12-06 17:03:35 +00:00
|
|
|
|
|
|
|
virReportSystemError(errno, "%s",
|
|
|
|
_("Unable to accept client"));
|
2011-07-19 14:00:24 +01:00
|
|
|
goto cleanup;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
localAddr.len = sizeof(localAddr.data);
|
|
|
|
if (getsockname(fd, &localAddr.data.sa, &localAddr.len) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to get local socket name"));
|
2011-07-19 14:00:24 +01:00
|
|
|
goto cleanup;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!(*clientsock = virNetSocketNew(&localAddr,
|
|
|
|
&remoteAddr,
|
|
|
|
true,
|
2011-07-19 14:00:24 +01:00
|
|
|
fd, -1, 0)))
|
|
|
|
goto cleanup;
|
2010-12-06 17:03:35 +00:00
|
|
|
|
2011-07-19 14:00:24 +01:00
|
|
|
fd = -1;
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
VIR_FORCE_CLOSE(fd);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return ret;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-07-11 16:26:34 +08:00
|
|
|
static void virNetSocketEventHandle(int watch ATTRIBUTE_UNUSED,
|
|
|
|
int fd ATTRIBUTE_UNUSED,
|
2010-12-06 17:03:35 +00:00
|
|
|
int events,
|
|
|
|
void *opaque)
|
|
|
|
{
|
|
|
|
virNetSocketPtr sock = opaque;
|
2011-07-19 14:00:24 +01:00
|
|
|
virNetSocketIOFunc func;
|
|
|
|
void *eopaque;
|
2010-12-06 17:03:35 +00:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
func = sock->func;
|
|
|
|
eopaque = sock->opaque;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
|
|
|
|
if (func)
|
|
|
|
func(sock, events, eopaque);
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2011-07-19 14:11:33 +01:00
|
|
|
static void virNetSocketEventFree(void *opaque)
|
|
|
|
{
|
|
|
|
virNetSocketPtr sock = opaque;
|
|
|
|
virFreeCallback ff;
|
|
|
|
void *eopaque;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-07-19 14:11:33 +01:00
|
|
|
ff = sock->ff;
|
|
|
|
eopaque = sock->opaque;
|
|
|
|
sock->func = NULL;
|
|
|
|
sock->ff = NULL;
|
|
|
|
sock->opaque = NULL;
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-07-19 14:11:33 +01:00
|
|
|
|
|
|
|
if (ff)
|
|
|
|
ff(eopaque);
|
|
|
|
|
2012-07-11 14:35:51 +01:00
|
|
|
virObjectUnref(sock);
|
2011-07-19 14:11:33 +01:00
|
|
|
}
|
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
int virNetSocketAddIOCallback(virNetSocketPtr sock,
|
|
|
|
int events,
|
|
|
|
virNetSocketIOFunc func,
|
2011-07-19 14:11:33 +01:00
|
|
|
void *opaque,
|
|
|
|
virFreeCallback ff)
|
2010-12-06 17:03:35 +00:00
|
|
|
{
|
2011-07-19 14:00:24 +01:00
|
|
|
int ret = -1;
|
|
|
|
|
2012-07-11 14:35:51 +01:00
|
|
|
virObjectRef(sock);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
if (sock->watch > 0) {
|
|
|
|
VIR_DEBUG("Watch already registered on socket %p", sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
goto cleanup;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if ((sock->watch = virEventAddHandle(sock->fd,
|
|
|
|
events,
|
|
|
|
virNetSocketEventHandle,
|
|
|
|
sock,
|
2011-07-19 14:11:33 +01:00
|
|
|
virNetSocketEventFree)) < 0) {
|
2011-06-28 17:39:02 +01:00
|
|
|
VIR_DEBUG("Failed to register watch on socket %p", sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
goto cleanup;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
sock->func = func;
|
|
|
|
sock->opaque = opaque;
|
2011-07-19 14:11:33 +01:00
|
|
|
sock->ff = ff;
|
2010-12-06 17:03:35 +00:00
|
|
|
|
2011-07-19 14:00:24 +01:00
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
cleanup:
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-10-07 16:39:37 +01:00
|
|
|
if (ret != 0)
|
2012-07-11 14:35:51 +01:00
|
|
|
virObjectUnref(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
return ret;
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void virNetSocketUpdateIOCallback(virNetSocketPtr sock,
|
|
|
|
int events)
|
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
if (sock->watch <= 0) {
|
|
|
|
VIR_DEBUG("Watch not registered on socket %p", sock);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
virEventUpdateHandle(sock->watch, events);
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void virNetSocketRemoveIOCallback(virNetSocketPtr sock)
|
|
|
|
{
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2010-12-06 17:03:35 +00:00
|
|
|
if (sock->watch <= 0) {
|
|
|
|
VIR_DEBUG("Watch not registered on socket %p", sock);
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
virEventRemoveHandle(sock->watch);
|
2011-07-19 14:00:24 +01:00
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2010-12-06 17:03:35 +00:00
|
|
|
}
|
2011-08-04 16:54:58 +08:00
|
|
|
|
|
|
|
void virNetSocketClose(virNetSocketPtr sock)
|
|
|
|
{
|
|
|
|
if (!sock)
|
|
|
|
return;
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectLock(sock);
|
2011-08-04 16:54:58 +08:00
|
|
|
|
|
|
|
VIR_FORCE_CLOSE(sock->fd);
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_UN_H
|
|
|
|
/* If a server socket, then unlink UNIX path */
|
|
|
|
if (!sock->client &&
|
|
|
|
sock->localAddr.data.sa.sa_family == AF_UNIX &&
|
|
|
|
sock->localAddr.data.un.sun_path[0] != '\0') {
|
|
|
|
if (unlink(sock->localAddr.data.un.sun_path) == 0)
|
|
|
|
sock->localAddr.data.un.sun_path[0] = '\0';
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2013-01-09 21:27:28 +00:00
|
|
|
virObjectUnlock(sock);
|
2011-08-04 16:54:58 +08:00
|
|
|
}
|