diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am index b72186109a..a77b59a171 100644 --- a/src/remote/Makefile.inc.am +++ b/src/remote/Makefile.inc.am @@ -148,6 +148,7 @@ libvirtd_CFLAGS = \ -I$(srcdir)/rpc \ -DSOCK_PREFIX="\"libvirt\"" \ -DDAEMON_NAME="\"libvirtd\"" \ + -DWITH_IP \ $(NULL) libvirtd_LDFLAGS = \ diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index cf3d4b8f90..d63f2daac1 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3) daemonSetupNetworking(virNetServerPtr srv, virNetServerPtr srvAdm, struct daemonConfig *config, +#ifdef WITH_IP + bool ipsock, + bool privileged, +#endif /* ! WITH_IP */ const char *sock_path, const char *sock_path_ro, - const char *sock_path_adm, - bool ipsock, - bool privileged) + const char *sock_path_adm) { gid_t unix_sock_gid = 0; int unix_sock_ro_mask = 0; @@ -397,15 +399,19 @@ daemonSetupNetworking(virNetServerPtr srv, { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path }, { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = sock_path_ro }, { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = sock_path_adm }, +#ifdef WITH_IP { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET }, { .name = DAEMON_NAME "-tls.socket", .family = AF_INET }, +#endif /* ! WITH_IP */ }; +#ifdef WITH_IP if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0) return -1; if ((actmap[4].port = virSocketAddrResolveService(config->tls_port)) < 0) return -1; +#endif /* ! WITH_IP */ if (virSystemdGetActivation(actmap, ARRAY_CARDINALITY(actmap), &act) < 0) return -1; @@ -470,6 +476,7 @@ daemonSetupNetworking(virNetServerPtr srv, config->admin_max_client_requests) < 0) goto cleanup; +#ifdef WITH_IP if (((ipsock && config->listen_tcp) || act) && virNetServerAddServiceTCP(srv, act, @@ -544,6 +551,7 @@ daemonSetupNetworking(virNetServerPtr srv, } virObjectUnref(ctxt); } +#endif /* ! WITH_IP */ if (act && virSystemdActivationComplete(act) < 0) @@ -892,7 +900,9 @@ daemonUsage(const char *argv0, bool privileged) { "-h | --help", N_("Display program help") }, { "-v | --verbose", N_("Verbose messages") }, { "-d | --daemon", N_("Run as a daemon & write PID file") }, +#ifdef WITH_IP { "-l | --listen", N_("Listen for TCP/IP connections") }, +#endif /* !WITH_IP */ { "-t | --timeout ", N_("Exit after timeout period") }, { "-f | --config ", N_("Configuration file") }, { "-V | --version", N_("Display version information") }, @@ -930,6 +940,7 @@ daemonUsage(const char *argv0, bool privileged) LOCALSTATEDIR, SOCK_PREFIX); fprintf(stderr, "\n"); +#ifdef WITH_IP fprintf(stderr, " %s\n", _("TLS:")); fprintf(stderr, " %s %s\n", _("CA certificate:"), @@ -941,6 +952,7 @@ daemonUsage(const char *argv0, bool privileged) _("Server private key:"), privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem"); fprintf(stderr, "\n"); +#endif /* ! WITH_IP */ fprintf(stderr, " %s\n", _("PID file (unless overridden by -p):")); @@ -967,7 +979,9 @@ int main(int argc, char **argv) { int timeout = -1; /* -t: Shutdown timeout */ int verbose = 0; int godaemon = 0; +#ifdef WITH_IP int ipsock = 0; +#endif /* ! WITH_IP */ struct daemonConfig *config; bool privileged = geteuid() == 0 ? true : false; bool implicit_conf = false; @@ -977,7 +991,9 @@ int main(int argc, char **argv) { struct option opts[] = { { "verbose", no_argument, &verbose, 'v'}, { "daemon", no_argument, &godaemon, 'd'}, +#ifdef WITH_IP { "listen", no_argument, &ipsock, 'l'}, +#endif /* ! WITH_IP */ { "config", required_argument, NULL, 'f'}, { "timeout", required_argument, NULL, 't'}, { "pid-file", required_argument, NULL, 'p'}, @@ -1000,8 +1016,13 @@ int main(int argc, char **argv) { int optidx = 0; int c; char *tmp; +#ifdef WITH_IP + const char *optstr = "ldf:p:t:vVh"; +#else /* ! WITH_IP */ + const char *optstr = "df:p:t:vVh"; +#endif /* ! WITH_IP */ - c = getopt_long(argc, argv, "ldf:p:t:vVh", opts, &optidx); + c = getopt_long(argc, argv, optstr, opts, &optidx); if (c == -1) break; @@ -1016,9 +1037,12 @@ int main(int argc, char **argv) { case 'd': godaemon = 1; break; + +#ifdef WITH_IP case 'l': ipsock = 1; break; +#endif /* ! WITH_IP */ case 't': if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0 @@ -1332,10 +1356,13 @@ int main(int argc, char **argv) { if (daemonSetupNetworking(srv, srvAdm, config, +#ifdef WITH_IP + ipsock, + privileged, +#endif /* !WITH_IP */ sock_file, sock_file_ro, - sock_file_adm, - ipsock, privileged) < 0) { + sock_file_adm) < 0) { ret = VIR_DAEMON_ERR_NETWORK; goto cleanup; } diff --git a/src/remote/remote_daemon_config.c b/src/remote/remote_daemon_config.c index 3e62b4203f..b74a1c242d 100644 --- a/src/remote/remote_daemon_config.c +++ b/src/remote/remote_daemon_config.c @@ -107,12 +107,14 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) if (VIR_ALLOC(data) < 0) return NULL; +#ifdef WITH_IP data->listen_tls = 1; data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || VIR_STRDUP(data->tcp_port, LIBVIRTD_TCP_PORT) < 0) goto error; +#endif /* !WITH_IP */ /* Only default to PolicyKit if running as root */ #if WITH_POLKIT @@ -133,12 +135,14 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) VIR_STRDUP(data->unix_sock_admin_perms, "0700") < 0) goto error; -#if WITH_SASL +#ifdef WITH_IP +# if WITH_SASL data->auth_tcp = REMOTE_AUTH_SASL; -#else +# else data->auth_tcp = REMOTE_AUTH_NONE; -#endif +# endif data->auth_tls = REMOTE_AUTH_NONE; +#endif /* ! WITH_IP */ data->min_workers = 5; data->max_workers = 20; @@ -182,9 +186,12 @@ daemonConfigFree(struct daemonConfig *data) if (!data) return; +#ifdef WITH_IP VIR_FREE(data->listen_addr); VIR_FREE(data->tls_port); VIR_FREE(data->tcp_port); +#endif /* ! WITH_IP */ + tmp = data->access_drivers; while (tmp && *tmp) { VIR_FREE(*tmp); @@ -198,6 +205,14 @@ daemonConfigFree(struct daemonConfig *data) VIR_FREE(data->unix_sock_group); VIR_FREE(data->unix_sock_dir); + tmp = data->sasl_allowed_username_list; + while (tmp && *tmp) { + VIR_FREE(*tmp); + tmp++; + } + VIR_FREE(data->sasl_allowed_username_list); + +#ifdef WITH_IP tmp = data->tls_allowed_dn_list; while (tmp && *tmp) { VIR_FREE(*tmp); @@ -205,18 +220,13 @@ daemonConfigFree(struct daemonConfig *data) } VIR_FREE(data->tls_allowed_dn_list); - tmp = data->sasl_allowed_username_list; - while (tmp && *tmp) { - VIR_FREE(*tmp); - tmp++; - } - VIR_FREE(data->sasl_allowed_username_list); VIR_FREE(data->tls_priority); VIR_FREE(data->key_file); VIR_FREE(data->ca_file); VIR_FREE(data->cert_file); VIR_FREE(data->crl_file); +#endif /* ! WITH_IP */ VIR_FREE(data->host_uuid); VIR_FREE(data->host_uuid_source); @@ -231,6 +241,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, const char *filename, virConfPtr conf) { +#ifdef WITH_IP if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0) goto error; if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0) @@ -241,6 +252,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, goto error; if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0) goto error; +#endif /* !WITH_IP */ if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0) goto error; @@ -256,10 +268,13 @@ daemonConfigLoadOptions(struct daemonConfig *data, #endif if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0) goto error; + +#ifdef WITH_IP if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0) goto error; if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0) goto error; +#endif /* ! WITH_IP */ if (virConfGetValueStringList(conf, "access_drivers", false, &data->access_drivers) < 0) @@ -277,6 +292,7 @@ daemonConfigLoadOptions(struct daemonConfig *data, if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0) goto error; +#ifdef WITH_IP if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0) goto error; if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0) @@ -295,14 +311,14 @@ daemonConfigLoadOptions(struct daemonConfig *data, &data->tls_allowed_dn_list) < 0) goto error; + if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0) + goto error; +#endif /* ! WITH_IP */ if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false, &data->sasl_allowed_username_list) < 0) goto error; - if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0) - goto error; - if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0) goto error; if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0) diff --git a/src/remote/remote_daemon_config.h b/src/remote/remote_daemon_config.h index d580e7d49c..9cad9da734 100644 --- a/src/remote/remote_daemon_config.h +++ b/src/remote/remote_daemon_config.h @@ -27,11 +27,13 @@ struct daemonConfig { char *host_uuid; char *host_uuid_source; +#ifdef WITH_IP bool listen_tls; bool listen_tcp; char *listen_addr; char *tls_port; char *tcp_port; +#endif /* ! WITH_IP */ char *unix_sock_admin_perms; char *unix_sock_ro_perms; @@ -41,21 +43,27 @@ struct daemonConfig { int auth_unix_rw; int auth_unix_ro; + +#ifdef WITH_IP int auth_tcp; int auth_tls; +#endif /* ! WITH_IP */ char **access_drivers; +#ifdef WITH_IP bool tls_no_verify_certificate; bool tls_no_sanity_certificate; char **tls_allowed_dn_list; - char **sasl_allowed_username_list; char *tls_priority; char *key_file; char *cert_file; char *ca_file; char *crl_file; +#endif /* ! WITH_IP */ + + char **sasl_allowed_username_list; unsigned int min_workers; unsigned int max_workers;