mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 01:43:23 +00:00
When reporting errors, use "conn" whenever possible.
* src/remote_internal.c: change all error (NULL, ... to error (conn, ... (check_cert_file): Add+use parameter, conn. Adjust callers. (initialise_gnutls): The "conn" parameter *is* used, so remove ATTRIBUTE_UNUSED. Author: Jim Meyering <meyering@redhat.com>
This commit is contained in:
parent
ba8c4d7400
commit
59a375812d
@ -1,3 +1,12 @@
|
|||||||
|
Tue Nov 27 19:16:43 CET 2007 Jim Meyering <meyering@redhat.com>
|
||||||
|
|
||||||
|
When reporting errors, use "conn" whenever possible.
|
||||||
|
* src/remote_internal.c: change all error (NULL, ... to error (conn, ...
|
||||||
|
(check_cert_file): Add+use parameter, conn.
|
||||||
|
Adjust callers.
|
||||||
|
(initialise_gnutls): The "conn" parameter *is* used, so remove
|
||||||
|
ATTRIBUTE_UNUSED.
|
||||||
|
|
||||||
Tue Nov 27 16:40:29 CET 2007 Daniel Veillard <veillard@redhat.com>
|
Tue Nov 27 16:40:29 CET 2007 Daniel Veillard <veillard@redhat.com>
|
||||||
|
|
||||||
* docs/site.xsl docs/libvir.html *.html: add boilerplate for
|
* docs/site.xsl docs/libvir.html *.html: add boilerplate for
|
||||||
|
@ -280,7 +280,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
else if (strcasecmp (transport_str, "tcp") == 0)
|
else if (strcasecmp (transport_str, "tcp") == 0)
|
||||||
transport = trans_tcp;
|
transport = trans_tcp;
|
||||||
else {
|
else {
|
||||||
error (NULL, VIR_ERR_INVALID_ARG,
|
error (conn, VIR_ERR_INVALID_ARG,
|
||||||
"remote_open: transport in URL not recognised "
|
"remote_open: transport in URL not recognised "
|
||||||
"(should be tls|unix|ssh|ext|tcp)");
|
"(should be tls|unix|ssh|ext|tcp)");
|
||||||
return VIR_DRV_OPEN_ERROR;
|
return VIR_DRV_OPEN_ERROR;
|
||||||
@ -308,7 +308,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
server = strdup (uri->server ? uri->server : "localhost");
|
server = strdup (uri->server ? uri->server : "localhost");
|
||||||
if (!server) {
|
if (!server) {
|
||||||
out_of_memory:
|
out_of_memory:
|
||||||
error (NULL, VIR_ERR_NO_MEMORY, "duplicating server name");
|
error (conn, VIR_ERR_NO_MEMORY, "duplicating server name");
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
if (uri->port != 0) {
|
if (uri->port != 0) {
|
||||||
@ -394,7 +394,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
|
|
||||||
/* For ext transport, command is required. */
|
/* For ext transport, command is required. */
|
||||||
if (transport == trans_ext && !command) {
|
if (transport == trans_ext && !command) {
|
||||||
error (NULL, VIR_ERR_INVALID_ARG, "remote_open: for 'ext' transport, command is required");
|
error (conn, VIR_ERR_INVALID_ARG, "remote_open: for 'ext' transport, command is required");
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -438,7 +438,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
hints.ai_flags = AI_ADDRCONFIG;
|
hints.ai_flags = AI_ADDRCONFIG;
|
||||||
int e = getaddrinfo (server, port, &hints, &res);
|
int e = getaddrinfo (server, port, &hints, &res);
|
||||||
if (e != 0) {
|
if (e != 0) {
|
||||||
error (NULL, VIR_ERR_INVALID_ARG, gai_strerror (e));
|
error (conn, VIR_ERR_INVALID_ARG, gai_strerror (e));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -458,7 +458,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
|
|
||||||
priv->sock = socket (r->ai_family, SOCK_STREAM, 0);
|
priv->sock = socket (r->ai_family, SOCK_STREAM, 0);
|
||||||
if (priv->sock == -1) {
|
if (priv->sock == -1) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -468,7 +468,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
sizeof no_slow_start);
|
sizeof no_slow_start);
|
||||||
|
|
||||||
if (connect (priv->sock, r->ai_addr, r->ai_addrlen) == -1) {
|
if (connect (priv->sock, r->ai_addr, r->ai_addrlen) == -1) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
close (priv->sock);
|
close (priv->sock);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -504,12 +504,12 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
uid_t uid = getuid();
|
uid_t uid = getuid();
|
||||||
|
|
||||||
if (!(pw = getpwuid(uid))) {
|
if (!(pw = getpwuid(uid))) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (asprintf (&sockname, "@%s" LIBVIRTD_USER_UNIX_SOCKET, pw->pw_dir) < 0) {
|
if (asprintf (&sockname, "@%s" LIBVIRTD_USER_UNIX_SOCKET, pw->pw_dir) < 0) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -518,7 +518,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
else
|
else
|
||||||
sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET);
|
sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET);
|
||||||
if (sockname == NULL) {
|
if (sockname == NULL) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -539,7 +539,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
autostart_retry:
|
autostart_retry:
|
||||||
priv->sock = socket (AF_UNIX, SOCK_STREAM, 0);
|
priv->sock = socket (AF_UNIX, SOCK_STREAM, 0);
|
||||||
if (priv->sock == -1) {
|
if (priv->sock == -1) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
if (connect (priv->sock, (struct sockaddr *) &addr, sizeof addr) == -1) {
|
if (connect (priv->sock, (struct sockaddr *) &addr, sizeof addr) == -1) {
|
||||||
@ -561,7 +561,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
goto autostart_retry;
|
goto autostart_retry;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -576,7 +576,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
|
|
||||||
command = command ? : strdup ("ssh");
|
command = command ? : strdup ("ssh");
|
||||||
if (command == NULL) {
|
if (command == NULL) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -584,7 +584,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
// ssh -p $port [-l $username] $hostname $netcat -U $sockname [NULL]
|
// ssh -p $port [-l $username] $hostname $netcat -U $sockname [NULL]
|
||||||
cmd_argv = malloc (nr_args * sizeof (char *));
|
cmd_argv = malloc (nr_args * sizeof (char *));
|
||||||
if (cmd_argv == NULL) {
|
if (cmd_argv == NULL) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -611,7 +611,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
assert (j == nr_args);
|
assert (j == nr_args);
|
||||||
for (j = 0; j < nr_args; j++)
|
for (j = 0; j < nr_args; j++)
|
||||||
if (cmd_argv[j] == NULL) {
|
if (cmd_argv[j] == NULL) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -626,13 +626,13 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
* to faff around with two file descriptors (a la 'pipe(2)').
|
* to faff around with two file descriptors (a la 'pipe(2)').
|
||||||
*/
|
*/
|
||||||
if (socketpair (PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
|
if (socketpair (PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
pid = fork ();
|
pid = fork ();
|
||||||
if (pid == -1) {
|
if (pid == -1) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
} else if (pid == 0) { /* Child. */
|
} else if (pid == 0) { /* Child. */
|
||||||
close (sv[0]);
|
close (sv[0]);
|
||||||
@ -647,7 +647,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
|
|||||||
if (!cmd_argv) {
|
if (!cmd_argv) {
|
||||||
cmd_argv = malloc (2 * sizeof (char *));
|
cmd_argv = malloc (2 * sizeof (char *));
|
||||||
if (cmd_argv == NULL) {
|
if (cmd_argv == NULL) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
cmd_argv[0] = command;
|
cmd_argv[0] = command;
|
||||||
@ -724,7 +724,7 @@ remoteOpen (virConnectPtr conn, xmlURIPtr uri, int flags)
|
|||||||
|
|
||||||
priv = malloc (sizeof(struct private_data));
|
priv = malloc (sizeof(struct private_data));
|
||||||
if (!priv) {
|
if (!priv) {
|
||||||
error (NULL, VIR_ERR_NO_MEMORY, "struct private_data");
|
error (conn, VIR_ERR_NO_MEMORY, "struct private_data");
|
||||||
return VIR_DRV_OPEN_ERROR;
|
return VIR_DRV_OPEN_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -947,11 +947,11 @@ static gnutls_certificate_credentials_t x509_cred;
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
check_cert_file (const char *type, const char *file)
|
check_cert_file (virConnectPtr conn, const char *type, const char *file)
|
||||||
{
|
{
|
||||||
struct stat sb;
|
struct stat sb;
|
||||||
if (stat(file, &sb) < 0) {
|
if (stat(file, &sb) < 0) {
|
||||||
__virRaiseError (NULL, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
|
__virRaiseError (conn, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
|
||||||
VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0,
|
VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0,
|
||||||
"Cannot access %s '%s': %s (%d)",
|
"Cannot access %s '%s': %s (%d)",
|
||||||
type, file, strerror(errno), errno);
|
type, file, strerror(errno), errno);
|
||||||
@ -962,7 +962,7 @@ check_cert_file (const char *type, const char *file)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
|
initialise_gnutls (virConnectPtr conn)
|
||||||
{
|
{
|
||||||
static int initialised = 0;
|
static int initialised = 0;
|
||||||
int err;
|
int err;
|
||||||
@ -974,16 +974,16 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
|
|||||||
/* X509 stuff */
|
/* X509 stuff */
|
||||||
err = gnutls_certificate_allocate_credentials (&x509_cred);
|
err = gnutls_certificate_allocate_credentials (&x509_cred);
|
||||||
if (err) {
|
if (err) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (check_cert_file("CA certificate", LIBVIRT_CACERT) < 0)
|
if (check_cert_file(conn, "CA certificate", LIBVIRT_CACERT) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
if (check_cert_file("client key", LIBVIRT_CLIENTKEY) < 0)
|
if (check_cert_file(conn, "client key", LIBVIRT_CLIENTKEY) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
if (check_cert_file("client certificate", LIBVIRT_CLIENTCERT) < 0)
|
if (check_cert_file(conn, "client certificate", LIBVIRT_CLIENTCERT) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
/* Set the trusted CA cert. */
|
/* Set the trusted CA cert. */
|
||||||
@ -994,7 +994,7 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
|
|||||||
gnutls_certificate_set_x509_trust_file (x509_cred, LIBVIRT_CACERT,
|
gnutls_certificate_set_x509_trust_file (x509_cred, LIBVIRT_CACERT,
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1009,7 +1009,7 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
|
|||||||
LIBVIRT_CLIENTKEY,
|
LIBVIRT_CLIENTKEY,
|
||||||
GNUTLS_X509_FMT_PEM);
|
GNUTLS_X509_FMT_PEM);
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1035,21 +1035,21 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
|
|||||||
*/
|
*/
|
||||||
err = gnutls_init (&session, GNUTLS_CLIENT);
|
err = gnutls_init (&session, GNUTLS_CLIENT);
|
||||||
if (err) {
|
if (err) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Use default priorities */
|
/* Use default priorities */
|
||||||
err = gnutls_set_default_priority (session);
|
err = gnutls_set_default_priority (session);
|
||||||
if (err) {
|
if (err) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
err =
|
err =
|
||||||
gnutls_certificate_type_set_priority (session,
|
gnutls_certificate_type_set_priority (session,
|
||||||
cert_type_priority);
|
cert_type_priority);
|
||||||
if (err) {
|
if (err) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1057,7 +1057,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
|
|||||||
*/
|
*/
|
||||||
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
|
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
|
||||||
if (err) {
|
if (err) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1070,7 +1070,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
|
|||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
if (err == GNUTLS_E_AGAIN || err == GNUTLS_E_INTERRUPTED)
|
if (err == GNUTLS_E_AGAIN || err == GNUTLS_E_INTERRUPTED)
|
||||||
goto again;
|
goto again;
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1091,11 +1091,11 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
|
|||||||
if (len < 0 && len != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) {
|
if (len < 0 && len != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) {
|
||||||
if (len == GNUTLS_E_AGAIN || len == GNUTLS_E_INTERRUPTED)
|
if (len == GNUTLS_E_AGAIN || len == GNUTLS_E_INTERRUPTED)
|
||||||
goto again_2;
|
goto again_2;
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (len));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (len));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (len != 1 || buf[0] != '\1') {
|
if (len != 1 || buf[0] != '\1') {
|
||||||
error (NULL, VIR_ERR_RPC,
|
error (conn, VIR_ERR_RPC,
|
||||||
"server verification (of our certificate or IP address) failed\n");
|
"server verification (of our certificate or IP address) failed\n");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -1120,12 +1120,12 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
time_t now;
|
time_t now;
|
||||||
|
|
||||||
if ((ret = gnutls_certificate_verify_peers2 (session, &status)) < 0) {
|
if ((ret = gnutls_certificate_verify_peers2 (session, &status)) < 0) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((now = time(NULL)) == ((time_t)-1)) {
|
if ((now = time(NULL)) == ((time_t)-1)) {
|
||||||
error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1146,17 +1146,17 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
reason = "The certificate uses an insecure algorithm";
|
reason = "The certificate uses an insecure algorithm";
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
error (NULL, VIR_ERR_RPC, reason);
|
error (conn, VIR_ERR_RPC, reason);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) {
|
if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) {
|
||||||
error (NULL, VIR_ERR_RPC, "Certificate type is not X.509");
|
error (conn, VIR_ERR_RPC, "Certificate type is not X.509");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(certs = gnutls_certificate_get_peers(session, &nCerts))) {
|
if (!(certs = gnutls_certificate_get_peers(session, &nCerts))) {
|
||||||
error (NULL, VIR_ERR_RPC, "gnutls_certificate_get_peers failed");
|
error (conn, VIR_ERR_RPC, "gnutls_certificate_get_peers failed");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1165,25 +1165,25 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
ret = gnutls_x509_crt_init (&cert);
|
ret = gnutls_x509_crt_init (&cert);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = gnutls_x509_crt_import (cert, &certs[i], GNUTLS_X509_FMT_DER);
|
ret = gnutls_x509_crt_import (cert, &certs[i], GNUTLS_X509_FMT_DER);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
|
error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
|
||||||
gnutls_x509_crt_deinit (cert);
|
gnutls_x509_crt_deinit (cert);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (gnutls_x509_crt_get_expiration_time (cert) < now) {
|
if (gnutls_x509_crt_get_expiration_time (cert) < now) {
|
||||||
error (NULL, VIR_ERR_RPC, "The certificate has expired");
|
error (conn, VIR_ERR_RPC, "The certificate has expired");
|
||||||
gnutls_x509_crt_deinit (cert);
|
gnutls_x509_crt_deinit (cert);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (gnutls_x509_crt_get_activation_time (cert) > now) {
|
if (gnutls_x509_crt_get_activation_time (cert) > now) {
|
||||||
error (NULL, VIR_ERR_RPC, "The certificate is not yet activated");
|
error (conn, VIR_ERR_RPC, "The certificate is not yet activated");
|
||||||
gnutls_x509_crt_deinit (cert);
|
gnutls_x509_crt_deinit (cert);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -1191,7 +1191,7 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
if (!gnutls_x509_crt_check_hostname (cert, hostname)) {
|
if (!gnutls_x509_crt_check_hostname (cert, hostname)) {
|
||||||
__virRaiseError
|
__virRaiseError
|
||||||
(NULL, NULL, NULL,
|
(conn, NULL, NULL,
|
||||||
VIR_FROM_REMOTE, VIR_ERR_RPC,
|
VIR_FROM_REMOTE, VIR_ERR_RPC,
|
||||||
VIR_ERR_ERROR, hostname, NULL, NULL,
|
VIR_ERR_ERROR, hostname, NULL, NULL,
|
||||||
0, 0,
|
0, 0,
|
||||||
@ -2390,7 +2390,7 @@ remoteNetworkOpen (virConnectPtr conn,
|
|||||||
struct private_data *priv = malloc (sizeof(struct private_data));
|
struct private_data *priv = malloc (sizeof(struct private_data));
|
||||||
int ret, rflags = 0;
|
int ret, rflags = 0;
|
||||||
if (!priv) {
|
if (!priv) {
|
||||||
error (NULL, VIR_ERR_NO_MEMORY, "struct private_data");
|
error (conn, VIR_ERR_NO_MEMORY, "struct private_data");
|
||||||
return VIR_DRV_OPEN_ERROR;
|
return VIR_DRV_OPEN_ERROR;
|
||||||
}
|
}
|
||||||
if (flags & VIR_DRV_OPEN_RO)
|
if (flags & VIR_DRV_OPEN_RO)
|
||||||
|
Loading…
Reference in New Issue
Block a user