External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 19:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

src: remove WITH_GNUTLS usage

Browse Source 
Since commit <60d9ad6f1e42618fce10baeb0f02c35e5ebd5b24> we require
GnuTLS and since commit <ac0d21c762351f58dd5d2dafa2014ed48a8b49f3>
we can actually drop the usage of WITH_GNUTLS.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Pavel Hrdina 2020-01-22 17:21:35 +01:00
parent e4e62941f2
commit 153fd68368
7 changed files with 10 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libvirt.c
View File

@ -45,9 +45,7 @@
#include "viralloc.h" #include "viralloc.h"
#include "configmake.h" #include "configmake.h"
#include "virconf.h" #include "virconf.h"
#if WITH_GNUTLS #include "rpc/virnettlscontext.h"
# include "rpc/virnettlscontext.h"
#endif
#include "vircommand.h" #include "vircommand.h"
#include "virfile.h" #include "virfile.h"
#include "virrandom.h" #include "virrandom.h"
@ -233,9 +231,7 @@ virGlobalInit(void)
virLogSetFromEnv(); virLogSetFromEnv();
#ifdef WITH_GNUTLS
virNetTLSInit(); virNetTLSInit();
#endif
#if WITH_CURL #if WITH_CURL
curl_global_init(CURL_GLOBAL_DEFAULT); curl_global_init(CURL_GLOBAL_DEFAULT);

19
src/remote/remote_driver.c
View File

@ -124,9 +124,7 @@ struct private_data {
int counter; /* Serial number for RPC */ int counter; /* Serial number for RPC */
#ifdef WITH_GNUTLS
virNetTLSContextPtr tls; virNetTLSContextPtr tls;
#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */ int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */ char *type; /* Cached return from remoteType. */
@ -1132,7 +1130,6 @@ doRemoteOpen(virConnectPtr conn,
virConfGetValueString(conf, "tls_priority", &tls_priority) < 0) virConfGetValueString(conf, "tls_priority", &tls_priority) < 0)
goto failed; goto failed;
#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath, priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false, geteuid() != 0 ? true : false,
tls_priority, tls_priority,
@ -1141,27 +1138,17 @@ doRemoteOpen(virConnectPtr conn,
goto failed; goto failed;
priv->is_secure = 1; priv->is_secure = 1;
G_GNUC_FALLTHROUGH; G_GNUC_FALLTHROUGH;
#else
(void)tls_priority;
(void)sanity;
(void)verify;
virReportError(VIR_ERR_INVALID_ARG, "%s",
_("GNUTLS support not available in this build"));
goto failed;
#endif
case REMOTE_DRIVER_TRANSPORT_TCP: case REMOTE_DRIVER_TRANSPORT_TCP:
priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC); priv->client = virNetClientNewTCP(priv->hostname, port, AF_UNSPEC);
if (!priv->client) if (!priv->client)
goto failed; goto failed;
#ifdef WITH_GNUTLS
if (priv->tls) { if (priv->tls) {
VIR_DEBUG("Starting TLS session"); VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0) if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed; goto failed;
} }
#endif
break; break;
@ -1388,10 +1375,8 @@ doRemoteOpen(virConnectPtr conn,
priv->client = NULL; priv->client = NULL;
virObjectUnref(priv->closeCallback); virObjectUnref(priv->closeCallback);
priv->closeCallback = NULL; priv->closeCallback = NULL;
#ifdef WITH_GNUTLS
virObjectUnref(priv->tls); virObjectUnref(priv->tls);
priv->tls = NULL; priv->tls = NULL;
#endif
VIR_FREE(priv->hostname); VIR_FREE(priv->hostname);
return VIR_DRV_OPEN_ERROR; return VIR_DRV_OPEN_ERROR;
@ -1533,10 +1518,8 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
(xdrproc_t) xdr_void, (char *) NULL) == -1) (xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1; ret = -1;
#ifdef WITH_GNUTLS
virObjectUnref(priv->tls); virObjectUnref(priv->tls);
priv->tls = NULL; priv->tls = NULL;
#endif
virNetClientSetCloseCallback(priv->client, virNetClientSetCloseCallback(priv->client,
NULL, NULL,
@ -4271,7 +4254,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
/* saslcb is now owned by sasl */ /* saslcb is now owned by sasl */
saslcb = NULL; saslcb = NULL;
# ifdef WITH_GNUTLS
/* Initialize some connection props we care about */ /* Initialize some connection props we care about */
if (priv->tls) { if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0) if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
@ -4283,7 +4265,6 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup; goto cleanup;
} }
# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */ /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
/* If we're not secure, then forbid any anonymous or trivially crackable auth */ /* If we're not secure, then forbid any anonymous or trivially crackable auth */

20
src/rpc/virnetclient.c
View File

@ -70,9 +70,7 @@ struct _virNetClient {
virNetSocketPtr sock; virNetSocketPtr sock;
bool asyncIO; bool asyncIO;
#if WITH_GNUTLS
virNetTLSSessionPtr tls; virNetTLSSessionPtr tls;
#endif
char *hostname; char *hostname;
virNetClientProgramPtr *programs; virNetClientProgramPtr *programs;
@ -708,9 +706,7 @@ void virNetClientDispose(void *obj)
if (client->sock) if (client->sock)
virNetSocketRemoveIOCallback(client->sock); virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock); virObjectUnref(client->sock);
#if WITH_GNUTLS
virObjectUnref(client->tls); virObjectUnref(client->tls);
#endif
#if WITH_SASL #if WITH_SASL
virObjectUnref(client->sasl); virObjectUnref(client->sasl);
#endif #endif
@ -750,10 +746,8 @@ virNetClientCloseLocked(virNetClientPtr client)
virObjectUnref(client->sock); virObjectUnref(client->sock);
client->sock = NULL; client->sock = NULL;
#if WITH_GNUTLS
virObjectUnref(client->tls); virObjectUnref(client->tls);
client->tls = NULL; client->tls = NULL;
#endif
#if WITH_SASL #if WITH_SASL
virObjectUnref(client->sasl); virObjectUnref(client->sasl);
client->sasl = NULL; client->sasl = NULL;
@ -837,7 +831,6 @@ void virNetClientSetSASLSession(virNetClientPtr client,
#endif #endif
#if WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client, int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls) virNetTLSContextPtr tls)
{ {
@ -848,12 +841,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
sigset_t oldmask, blockedsigs; sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs); sigemptyset(&blockedsigs);
# ifdef SIGWINCH #ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH); sigaddset(&blockedsigs, SIGWINCH);
# endif #endif
# ifdef SIGCHLD #ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD); sigaddset(&blockedsigs, SIGCHLD);
# endif #endif
sigaddset(&blockedsigs, SIGPIPE); sigaddset(&blockedsigs, SIGPIPE);
virObjectLock(client); virObjectLock(client);
@ -940,16 +933,13 @@ int virNetClientSetTLSSession(virNetClientPtr client,
virObjectUnlock(client); virObjectUnlock(client);
return -1; return -1;
} }
#endif
bool virNetClientIsEncrypted(virNetClientPtr client) bool virNetClientIsEncrypted(virNetClientPtr client)
{ {
bool ret = false; bool ret = false;
virObjectLock(client); virObjectLock(client);
#if WITH_GNUTLS
if (client->tls) if (client->tls)
ret = true; ret = true;
#endif
#if WITH_SASL #if WITH_SASL
if (client->sasl) if (client->sasl)
ret = true; ret = true;
@ -1041,7 +1031,6 @@ const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client)
return virNetSocketRemoteAddrStringSASL(client->sock); return virNetSocketRemoteAddrStringSASL(client->sock);
} }
#if WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client) int virNetClientGetTLSKeySize(virNetClientPtr client)
{ {
int ret = 0; int ret = 0;
@ -1051,7 +1040,6 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
virObjectUnlock(client); virObjectUnlock(client);
return ret; return ret;
} }
#endif
static int static int
virNetClientCallDispatchReply(virNetClientPtr client) virNetClientCallDispatchReply(virNetClientPtr client)

8
src/rpc/virnetclient.h
View File

@ -20,9 +20,7 @@
#pragma once #pragma once
#ifdef WITH_GNUTLS #include "virnettlscontext.h"
# include "virnettlscontext.h"
#endif
#include "virnetmessage.h" #include "virnetmessage.h"
#ifdef WITH_SASL #ifdef WITH_SASL
# include "virnetsaslcontext.h" # include "virnetsaslcontext.h"
@ -120,10 +118,8 @@ void virNetClientSetSASLSession(virNetClientPtr client,
virNetSASLSessionPtr sasl); virNetSASLSessionPtr sasl);
#endif #endif
#ifdef WITH_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client, int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls); virNetTLSContextPtr tls);
#endif
bool virNetClientIsEncrypted(virNetClientPtr client); bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client); bool virNetClientIsOpen(virNetClientPtr client);
@ -131,9 +127,7 @@ bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrStringSASL(virNetClientPtr client); const char *virNetClientLocalAddrStringSASL(virNetClientPtr client);
const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client); const char *virNetClientRemoteAddrStringSASL(virNetClientPtr client);
#ifdef WITH_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client); int virNetClientGetTLSKeySize(virNetClientPtr client);
#endif
void virNetClientClose(virNetClientPtr client); void virNetClientClose(virNetClientPtr client);

16
src/rpc/virnetsocket.c
View File

@ -93,9 +93,7 @@ struct _virNetSocket {
char *remoteAddrStrSASL; char *remoteAddrStrSASL;
char *remoteAddrStrURI; char *remoteAddrStrURI;
#if WITH_GNUTLS
virNetTLSSessionPtr tlsSession; virNetTLSSessionPtr tlsSession;
#endif
#if WITH_SASL #if WITH_SASL
virNetSASLSessionPtr saslSession; virNetSASLSessionPtr saslSession;
@ -1288,13 +1286,11 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
goto error; goto error;
} }
#endif #endif
#if WITH_GNUTLS
if (sock->tlsSession) { if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is active")); _("Unable to save socket state when TLS session is active"));
goto error; goto error;
} }
#endif
if (!(object = virJSONValueNewObject())) if (!(object = virJSONValueNewObject()))
goto error; goto error;
@ -1358,12 +1354,10 @@ void virNetSocketDispose(void *obj)
unlink(sock->localAddr.data.un.sun_path); unlink(sock->localAddr.data.un.sun_path);
#endif #endif
#if WITH_GNUTLS
/* Make sure it can't send any more I/O during shutdown */ /* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession) if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL); virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession); virObjectUnref(sock->tlsSession);
#endif
#if WITH_SASL #if WITH_SASL
virObjectUnref(sock->saslSession); virObjectUnref(sock->saslSession);
#endif #endif
@ -1660,7 +1654,6 @@ const char *virNetSocketRemoteAddrStringURI(virNetSocketPtr sock)
return sock->remoteAddrStrURI; return sock->remoteAddrStrURI;
} }
#if WITH_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf, static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len, size_t len,
void *opaque) void *opaque)
@ -1691,7 +1684,6 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
sock); sock);
virObjectUnlock(sock); virObjectUnlock(sock);
} }
#endif
#if WITH_SASL #if WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock, void virNetSocketSetSASLSession(virNetSocketPtr sock,
@ -1789,17 +1781,13 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
#endif #endif
reread: reread:
#if WITH_GNUTLS
if (sock->tlsSession && if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) { VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len); ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else { } else {
#endif
ret = read(sock->fd, buf, len); ret = read(sock->fd, buf, len);
#if WITH_GNUTLS
} }
#endif
if ((ret < 0) && (errno == EINTR)) if ((ret < 0) && (errno == EINTR))
goto reread; goto reread;
@ -1862,17 +1850,13 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size
#endif #endif
rewrite: rewrite:
#if WITH_GNUTLS
if (sock->tlsSession && if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) { VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len); ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else { } else {
#endif
ret = write(sock->fd, buf, len); ret = write(sock->fd, buf, len);
#if WITH_GNUTLS
} }
#endif
if (ret < 0) { if (ret < 0) {
if (errno == EINTR) if (errno == EINTR)

6
src/rpc/virnetsocket.h
View File

@ -23,9 +23,7 @@
#include "virsocketaddr.h" #include "virsocketaddr.h"
#include "vircommand.h" #include "vircommand.h"
#ifdef WITH_GNUTLS #include "virnettlscontext.h"
# include "virnettlscontext.h"
#endif
#include "virobject.h" #include "virobject.h"
#ifdef WITH_SASL #ifdef WITH_SASL
# include "virnetsaslcontext.h" # include "virnetsaslcontext.h"
@ -152,10 +150,8 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len);
int virNetSocketSendFD(virNetSocketPtr sock, int fd); int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd); int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
#ifdef WITH_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock, void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess); virNetTLSSessionPtr sess);
#endif
#ifdef WITH_SASL #ifdef WITH_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock, void virNetSocketSetSASLSession(virNetSocketPtr sock,

41
src/util/virrandom.c
View File

@ -24,10 +24,8 @@
#include <fcntl.h> #include <fcntl.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#ifdef WITH_GNUTLS #include <gnutls/gnutls.h>
# include <gnutls/gnutls.h> #include <gnutls/crypto.h>
# include <gnutls/crypto.h>
#endif
#include "virrandom.h" #include "virrandom.h"
#include "virthread.h" #include "virthread.h"
@ -41,8 +39,6 @@
VIR_LOG_INIT("util.random"); VIR_LOG_INIT("util.random");
#define RANDOM_SOURCE "/dev/urandom"
/** /**
* virRandomBits: * virRandomBits:
* @nbits: Number of bits of randomness required * @nbits: Number of bits of randomness required
@ -107,7 +103,7 @@ uint32_t virRandomInt(uint32_t max)
* @buf: Pointer to location to store bytes * @buf: Pointer to location to store bytes
* @buflen: Number of bytes to store * @buflen: Number of bytes to store
* *
* Generate a stream of random bytes from RANDOM_SOURCE * Generate a stream of random bytes using gnutls_rnd()
* into @buf of size @buflen * into @buf of size @buflen
* *
* Returns 0 on success or -1 (with error reported) * Returns 0 on success or -1 (with error reported)
@ -116,10 +112,8 @@ int
virRandomBytes(unsigned char *buf, virRandomBytes(unsigned char *buf,
size_t buflen) size_t buflen)
{ {
#if WITH_GNUTLS
int rv; int rv;
/* Generate the byte stream using gnutls_rnd() if possible */
if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) { if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to generate byte stream: %s"), _("failed to generate byte stream: %s"),
@ -127,35 +121,6 @@ virRandomBytes(unsigned char *buf,
return -1; return -1;
} }
#else /* !WITH_GNUTLS */
int fd;
if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
virReportSystemError(errno,
_("unable to open %s"),
RANDOM_SOURCE);
return -1;
}
while (buflen > 0) {
ssize_t n;
if ((n = saferead(fd, buf, buflen)) <= 0) {
virReportSystemError(errno,
_("unable to read from %s"),
RANDOM_SOURCE);
VIR_FORCE_CLOSE(fd);
return n < 0 ? -errno : -ENODATA;
}
buf += n;
buflen -= n;
}
VIR_FORCE_CLOSE(fd);
#endif /* !WITH_GNUTLS */
return 0; return 0;
} }