Tue Aug 7 13:58:00 BST 2007 Richard W.M. Jones <rjones@redhat.com>

* acinclude.m4, configure.in: ./configure option
          --disable-stack-protector.
        * src/gnutls_1_0_compat.h: Compatibility with GnuTLS 1.0.
        * src/bridge.c: If no bridge ioctls, give an error at runtime.
This commit is contained in:
Richard W.M. Jones 2007-08-07 13:02:35 +00:00
parent 6253863e8f
commit c946c197fe
9 changed files with 113 additions and 7 deletions

View File

@ -1,3 +1,10 @@
Tue Aug 7 13:58:00 BST 2007 Richard W.M. Jones <rjones@redhat.com>
* acinclude.m4, configure.in: ./configure option
--disable-stack-protector.
* src/gnutls_1_0_compat.h: Compatibility with GnuTLS 1.0.
* src/bridge.c: If no bridge ioctls, give an error at runtime.
Thu Aug 2 12:49:08 CEST 2007 Daniel Veillard <veillard@redhat.com>
* src/xml.c: changes from Masayuki Sunou to improve error reporting

View File

@ -19,7 +19,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
warnCFLAGS=
try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables"
try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables"
case "$enable_compile_warnings" in
no)

View File

@ -100,6 +100,17 @@ if test x"$enable_debug" = x"yes"; then
AC_DEFINE(ENABLE_DEBUG, [], [whether debugging is enabled])
fi
dnl --disable-stack-protector
AC_ARG_ENABLE(stack-protector,
AC_HELP_STRING([--disable-stack-protector],
[disable stack protector]),
[],
[enable_stack_protector=yes])
if test x"$enable_stack_protector" = x"yes"; then
CFLAGS="$CFLAGS -fstack-protector --param=ssp-buffer-size=4"
fi
AC_MSG_CHECKING([where to write libvirtd PID file])
AC_ARG_WITH(remote-pid-file, AC_HELP_STRING([--with-remote-pid-file=[pidfile|none]], [PID file for libvirtd]))
if test "x$with_remote_pid_file" == "x" ; then
@ -302,6 +313,14 @@ AC_CHECK_LIB(gnutls, gnutls_handshake,
[],
[AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])])
dnl Old versions of GnuTLS uses types like 'gnutls_session' instead
dnl of 'gnutls_session_t'. Try to detect this type if defined so
dnl that we can offer backwards compatibility.
AC_CHECK_TYPE(gnutls_session,
AC_DEFINE(GNUTLS_1_0_COMPAT,[],
[enable GnuTLS 1.0 compatibility macros]),,
[#include <gnutls/gnutls.h>])
dnl virsh libraries
AC_CHECK_LIB(curses, initscr,
[VIRSH_LIBS="$VIRSH_LIBS -lcurses"],

View File

@ -27,6 +27,7 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "../src/gnutls_1_0_compat.h"
#include "protocol.h"
#include "remote_protocol.h"

View File

@ -48,8 +48,6 @@
#include <getopt.h>
#include <assert.h>
#include <fnmatch.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <libvirt/virterror.h>
@ -110,7 +108,7 @@ static void qemudDispatchClientEvent(int fd, int events, void *opaque);
static void qemudDispatchServerEvent(int fd, int events, void *opaque);
static int qemudRegisterClientEvent(struct qemud_server *server,
struct qemud_client *client,
int remove);
int removeFirst);
static int
remoteCheckCertFile(const char *type, const char *file)
@ -818,8 +816,10 @@ remoteCheckCertificate (gnutls_session_t session)
if (status & GNUTLS_CERT_REVOKED)
qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate has been revoked.");
#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate uses an insecure algorithm.");
#endif
return -1;
}

View File

@ -124,6 +124,7 @@ brShutdown(brControl *ctl)
*
* Returns 0 in case of success or an errno code in case of failure.
*/
#ifdef SIOCBRADDBR
int
brAddBridge(brControl *ctl,
const char *nameOrFmt,
@ -170,6 +171,15 @@ brAddBridge(brControl *ctl,
return errno;
}
#else
int brAddBridge (brControl *ctl ATTRIBUTE_UNUSED,
const char *nameOrFmt ATTRIBUTE_UNUSED,
char *name ATTRIBUTE_UNUSED,
int maxlen ATTRIBUTE_UNUSED)
{
return EINVAL;
}
#endif
/**
* brDeleteBridge:
@ -180,6 +190,7 @@ brAddBridge(brControl *ctl,
*
* Returns 0 in case of success or an errno code in case of failure.
*/
#ifdef SIOCBRDELBR
int
brDeleteBridge(brControl *ctl,
const char *name)
@ -189,7 +200,16 @@ brDeleteBridge(brControl *ctl,
return ioctl(ctl->fd, SIOCBRDELBR, name) == 0 ? 0 : errno;
}
#else
int
brDeleteBridge(brControl *ctl ATTRIBUTE_UNUSED,
const char *name ATTRIBUTE_UNUSED)
{
return EINVAL;
}
#endif
#if defined(SIOCBRADDIF) && defined(SIOCBRDELIF)
static int
brAddDelInterface(brControl *ctl,
int cmd,
@ -215,6 +235,7 @@ brAddDelInterface(brControl *ctl,
return ioctl(ctl->fd, cmd, &ifr) == 0 ? 0 : errno;
}
#endif
/**
* brAddInterface:
@ -226,6 +247,7 @@ brAddDelInterface(brControl *ctl,
*
* Returns 0 in case of success or an errno code in case of failure.
*/
#ifdef SIOCBRADDIF
int
brAddInterface(brControl *ctl,
const char *bridge,
@ -233,6 +255,15 @@ brAddInterface(brControl *ctl,
{
return brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface);
}
#else
int
brAddInterface(brControl *ctl ATTRIBUTE_UNUSED,
const char *bridge ATTRIBUTE_UNUSED,
const char *iface ATTRIBUTE_UNUSED)
{
return EINVAL;
}
#endif
/**
* brDeleteInterface:
@ -244,6 +275,7 @@ brAddInterface(brControl *ctl,
*
* Returns 0 in case of success or an errno code in case of failure.
*/
#ifdef SIOCBRDELIF
int
brDeleteInterface(brControl *ctl,
const char *bridge,
@ -251,7 +283,15 @@ brDeleteInterface(brControl *ctl,
{
return brAddDelInterface(ctl, SIOCBRDELIF, bridge, iface);
}
#else
int
brDeleteInterface(brControl *ctl ATTRIBUTE_UNUSED,
const char *bridge ATTRIBUTE_UNUSED,
const char *iface ATTRIBUTE_UNUSED)
{
return EINVAL;
}
#endif
/**
* brAddTap:

36
src/gnutls_1_0_compat.h Normal file
View File

@ -0,0 +1,36 @@
/*
* gnutls_1_0_compat.h: GnuTLS 1.0 compatibility
*
* Copyright (C) 2007 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Author: Richard W.M. Jones <rjones@redhat.com>
*/
#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__
#include "config.h"
#ifdef GNUTLS_1_0_COMPAT
#define gnutls_session_t gnutls_session
#define gnutls_x509_crt_t gnutls_x509_crt
#define gnutls_dh_params_t gnutls_dh_params
#define gnutls_transport_ptr_t gnutls_transport_ptr
#define gnutls_datum_t gnutls_datum
#define gnutls_certificate_credentials_t gnutls_certificate_credentials
#endif
#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */

View File

@ -768,7 +768,7 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn,
} else if (net->type == QEMUD_NET_CLIENT ||
net->type == QEMUD_NET_SERVER ||
net->type == QEMUD_NET_MCAST) {
int len;
int len = 0;
char *ret;
if (port == NULL) {

View File

@ -43,6 +43,7 @@
#include <rpc/xdr.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "gnutls_1_0_compat.h"
#include <libxml/uri.h>
#include "internal.h"
@ -1085,9 +1086,11 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
if (status & GNUTLS_CERT_REVOKED)
reason = "The certificate has been revoked.";
#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
reason = "The certificate uses an insecure algorithm";
#endif
error (NULL, VIR_ERR_RPC, reason);
return -1;