From c946c197fe303703e4edef70e4ae86ed2d9dcd4f Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 7 Aug 2007 13:02:35 +0000 Subject: [PATCH] Tue Aug 7 13:58:00 BST 2007 Richard W.M. Jones * acinclude.m4, configure.in: ./configure option --disable-stack-protector. * src/gnutls_1_0_compat.h: Compatibility with GnuTLS 1.0. * src/bridge.c: If no bridge ioctls, give an error at runtime. --- ChangeLog | 7 +++++++ acinclude.m4 | 2 +- configure.in | 19 +++++++++++++++++++ qemud/internal.h | 1 + qemud/qemud.c | 6 +++--- src/bridge.c | 42 ++++++++++++++++++++++++++++++++++++++++- src/gnutls_1_0_compat.h | 36 +++++++++++++++++++++++++++++++++++ src/qemu_conf.c | 2 +- src/remote_internal.c | 5 ++++- 9 files changed, 113 insertions(+), 7 deletions(-) create mode 100644 src/gnutls_1_0_compat.h diff --git a/ChangeLog b/ChangeLog index bde4bb874c..6e02786dda 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Tue Aug 7 13:58:00 BST 2007 Richard W.M. Jones + + * acinclude.m4, configure.in: ./configure option + --disable-stack-protector. + * src/gnutls_1_0_compat.h: Compatibility with GnuTLS 1.0. + * src/bridge.c: If no bridge ioctls, give an error at runtime. + Thu Aug 2 12:49:08 CEST 2007 Daniel Veillard * src/xml.c: changes from Masayuki Sunou to improve error reporting diff --git a/acinclude.m4 b/acinclude.m4 index b96267c1d8..6543f056ed 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -19,7 +19,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ warnCFLAGS= - try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables" + try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables" case "$enable_compile_warnings" in no) diff --git a/configure.in b/configure.in index 9b454b59fa..c2313f695a 100644 --- a/configure.in +++ b/configure.in @@ -100,6 +100,17 @@ if test x"$enable_debug" = x"yes"; then AC_DEFINE(ENABLE_DEBUG, [], [whether debugging is enabled]) fi +dnl --disable-stack-protector +AC_ARG_ENABLE(stack-protector, + AC_HELP_STRING([--disable-stack-protector], + [disable stack protector]), + [], + [enable_stack_protector=yes]) +if test x"$enable_stack_protector" = x"yes"; then + CFLAGS="$CFLAGS -fstack-protector --param=ssp-buffer-size=4" +fi + + AC_MSG_CHECKING([where to write libvirtd PID file]) AC_ARG_WITH(remote-pid-file, AC_HELP_STRING([--with-remote-pid-file=[pidfile|none]], [PID file for libvirtd])) if test "x$with_remote_pid_file" == "x" ; then @@ -302,6 +313,14 @@ AC_CHECK_LIB(gnutls, gnutls_handshake, [], [AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])]) +dnl Old versions of GnuTLS uses types like 'gnutls_session' instead +dnl of 'gnutls_session_t'. Try to detect this type if defined so +dnl that we can offer backwards compatibility. +AC_CHECK_TYPE(gnutls_session, + AC_DEFINE(GNUTLS_1_0_COMPAT,[], + [enable GnuTLS 1.0 compatibility macros]),, + [#include ]) + dnl virsh libraries AC_CHECK_LIB(curses, initscr, [VIRSH_LIBS="$VIRSH_LIBS -lcurses"], diff --git a/qemud/internal.h b/qemud/internal.h index f4fbe70522..95704622d0 100644 --- a/qemud/internal.h +++ b/qemud/internal.h @@ -27,6 +27,7 @@ #include #include +#include "../src/gnutls_1_0_compat.h" #include "protocol.h" #include "remote_protocol.h" diff --git a/qemud/qemud.c b/qemud/qemud.c index d38a47e522..3520f3016d 100644 --- a/qemud/qemud.c +++ b/qemud/qemud.c @@ -48,8 +48,6 @@ #include #include #include -#include -#include #include @@ -110,7 +108,7 @@ static void qemudDispatchClientEvent(int fd, int events, void *opaque); static void qemudDispatchServerEvent(int fd, int events, void *opaque); static int qemudRegisterClientEvent(struct qemud_server *server, struct qemud_client *client, - int remove); + int removeFirst); static int remoteCheckCertFile(const char *type, const char *file) @@ -818,8 +816,10 @@ remoteCheckCertificate (gnutls_session_t session) if (status & GNUTLS_CERT_REVOKED) qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate has been revoked."); +#ifndef GNUTLS_1_0_COMPAT if (status & GNUTLS_CERT_INSECURE_ALGORITHM) qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate uses an insecure algorithm."); +#endif return -1; } diff --git a/src/bridge.c b/src/bridge.c index 0bcbd76da3..d728c2684c 100644 --- a/src/bridge.c +++ b/src/bridge.c @@ -124,6 +124,7 @@ brShutdown(brControl *ctl) * * Returns 0 in case of success or an errno code in case of failure. */ +#ifdef SIOCBRADDBR int brAddBridge(brControl *ctl, const char *nameOrFmt, @@ -170,6 +171,15 @@ brAddBridge(brControl *ctl, return errno; } +#else +int brAddBridge (brControl *ctl ATTRIBUTE_UNUSED, + const char *nameOrFmt ATTRIBUTE_UNUSED, + char *name ATTRIBUTE_UNUSED, + int maxlen ATTRIBUTE_UNUSED) +{ + return EINVAL; +} +#endif /** * brDeleteBridge: @@ -180,6 +190,7 @@ brAddBridge(brControl *ctl, * * Returns 0 in case of success or an errno code in case of failure. */ +#ifdef SIOCBRDELBR int brDeleteBridge(brControl *ctl, const char *name) @@ -189,7 +200,16 @@ brDeleteBridge(brControl *ctl, return ioctl(ctl->fd, SIOCBRDELBR, name) == 0 ? 0 : errno; } +#else +int +brDeleteBridge(brControl *ctl ATTRIBUTE_UNUSED, + const char *name ATTRIBUTE_UNUSED) +{ + return EINVAL; +} +#endif +#if defined(SIOCBRADDIF) && defined(SIOCBRDELIF) static int brAddDelInterface(brControl *ctl, int cmd, @@ -215,6 +235,7 @@ brAddDelInterface(brControl *ctl, return ioctl(ctl->fd, cmd, &ifr) == 0 ? 0 : errno; } +#endif /** * brAddInterface: @@ -226,6 +247,7 @@ brAddDelInterface(brControl *ctl, * * Returns 0 in case of success or an errno code in case of failure. */ +#ifdef SIOCBRADDIF int brAddInterface(brControl *ctl, const char *bridge, @@ -233,6 +255,15 @@ brAddInterface(brControl *ctl, { return brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface); } +#else +int +brAddInterface(brControl *ctl ATTRIBUTE_UNUSED, + const char *bridge ATTRIBUTE_UNUSED, + const char *iface ATTRIBUTE_UNUSED) +{ + return EINVAL; +} +#endif /** * brDeleteInterface: @@ -244,6 +275,7 @@ brAddInterface(brControl *ctl, * * Returns 0 in case of success or an errno code in case of failure. */ +#ifdef SIOCBRDELIF int brDeleteInterface(brControl *ctl, const char *bridge, @@ -251,7 +283,15 @@ brDeleteInterface(brControl *ctl, { return brAddDelInterface(ctl, SIOCBRDELIF, bridge, iface); } - +#else +int +brDeleteInterface(brControl *ctl ATTRIBUTE_UNUSED, + const char *bridge ATTRIBUTE_UNUSED, + const char *iface ATTRIBUTE_UNUSED) +{ + return EINVAL; +} +#endif /** * brAddTap: diff --git a/src/gnutls_1_0_compat.h b/src/gnutls_1_0_compat.h new file mode 100644 index 0000000000..2b3111fa26 --- /dev/null +++ b/src/gnutls_1_0_compat.h @@ -0,0 +1,36 @@ +/* + * gnutls_1_0_compat.h: GnuTLS 1.0 compatibility + * + * Copyright (C) 2007 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Author: Richard W.M. Jones + */ + +#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__ + +#include "config.h" + +#ifdef GNUTLS_1_0_COMPAT +#define gnutls_session_t gnutls_session +#define gnutls_x509_crt_t gnutls_x509_crt +#define gnutls_dh_params_t gnutls_dh_params +#define gnutls_transport_ptr_t gnutls_transport_ptr +#define gnutls_datum_t gnutls_datum +#define gnutls_certificate_credentials_t gnutls_certificate_credentials +#endif + +#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */ diff --git a/src/qemu_conf.c b/src/qemu_conf.c index 7219cf5b2e..926b1d8179 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -768,7 +768,7 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn, } else if (net->type == QEMUD_NET_CLIENT || net->type == QEMUD_NET_SERVER || net->type == QEMUD_NET_MCAST) { - int len; + int len = 0; char *ret; if (port == NULL) { diff --git a/src/remote_internal.c b/src/remote_internal.c index 24ee5e7052..171a74a116 100644 --- a/src/remote_internal.c +++ b/src/remote_internal.c @@ -43,6 +43,7 @@ #include #include #include +#include "gnutls_1_0_compat.h" #include #include "internal.h" @@ -1085,9 +1086,11 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED, if (status & GNUTLS_CERT_REVOKED) reason = "The certificate has been revoked."; - + +#ifndef GNUTLS_1_0_COMPAT if (status & GNUTLS_CERT_INSECURE_ALGORITHM) reason = "The certificate uses an insecure algorithm"; +#endif error (NULL, VIR_ERR_RPC, reason); return -1;