mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
Add no_verify query parameter to ESX URIs
* src/esx/esx_driver.c src/esx/esx_util.c src/esx/esx_util.h src/esx/esx_vi.c src/esx/esx_vi.h: adds a no_verify query parameter to stop libcurl from verifying theserver certificate for the https transport.
This commit is contained in:
parent
e74d6c5009
commit
e4e50f52e8
@ -70,8 +70,21 @@ typedef struct _esxPrivate {
|
||||
|
||||
|
||||
/*
|
||||
* URI format: esx://[<user>@]<server>[?transport={http|https}][&vcenter=<vcenter>]
|
||||
* URI format: esx://[<user>@]<server>[?transport={http|https}][&vcenter=<vcenter>][&no_verify={0|1}]
|
||||
* esx:///phantom
|
||||
*
|
||||
* If no transport parameter is specified https is used.
|
||||
*
|
||||
* The vcenter parameter is only necessary for migration, because the vCenter
|
||||
* server is in charge to initiate a migration between two ESX hosts.
|
||||
*
|
||||
* If the no_verify parameter is set to 1, this disables libcurl client checks
|
||||
* of the server's certificate.
|
||||
*
|
||||
* The esx:///phantom URI may be used for tasks that don't require an actual
|
||||
* connection to the hypervisor like domxml-{from,to}-native:
|
||||
*
|
||||
* virsh -c esx:///phantom domxml-from-native vmware-vmx dummy.vmx
|
||||
*/
|
||||
static virDrvOpenStatus
|
||||
esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
|
||||
@ -80,9 +93,10 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
|
||||
char dummy_string[NI_MAXHOST] = "";
|
||||
char *url = NULL;
|
||||
char *vcenter = NULL;
|
||||
int noVerify = 0; // boolean
|
||||
char *username = NULL;
|
||||
char *password = NULL;
|
||||
int phantom = 0;
|
||||
int phantom = 0; // boolean
|
||||
|
||||
/* Decline if the URI is NULL or the scheme is not 'esx' */
|
||||
if (conn->uri == NULL || conn->uri->scheme == NULL ||
|
||||
@ -120,7 +134,8 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
|
||||
|
||||
/* Request credentials and login to non-phantom host/vCenter */
|
||||
if (! phantom) {
|
||||
if (esxUtil_ParseQuery(conn, &priv->transport, &vcenter) < 0) {
|
||||
if (esxUtil_ParseQuery(conn, &priv->transport, &vcenter,
|
||||
&noVerify) < 0) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
@ -169,7 +184,7 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
|
||||
}
|
||||
|
||||
if (esxVI_Context_Connect(conn, priv->host, url, username,
|
||||
password) < 0) {
|
||||
password, noVerify) < 0) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
@ -205,7 +220,7 @@ esxOpen(virConnectPtr conn, virConnectAuthPtr auth, int flags ATTRIBUTE_UNUSED)
|
||||
}
|
||||
|
||||
if (esxVI_Context_Connect(conn, priv->vcenter, url, username,
|
||||
password) < 0) {
|
||||
password, noVerify) < 0) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
@ -2549,7 +2564,7 @@ esxDomainMigratePrepare(virConnectPtr dconn,
|
||||
char *transport = NULL;
|
||||
|
||||
if (uri_in == NULL) {
|
||||
if (esxUtil_ParseQuery(dconn, &transport, NULL) < 0) {
|
||||
if (esxUtil_ParseQuery(dconn, &transport, NULL, NULL) < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -127,7 +127,8 @@ esxUtil_RequestPassword(virConnectAuthPtr auth, const char *username,
|
||||
|
||||
|
||||
int
|
||||
esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter)
|
||||
esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter,
|
||||
int *noVerify)
|
||||
{
|
||||
int result = 0;
|
||||
int i;
|
||||
@ -176,6 +177,15 @@ esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter)
|
||||
virReportOOMError(conn);
|
||||
goto failure;
|
||||
}
|
||||
} else if (STRCASEEQ(queryParam->name, "no_verify") &&
|
||||
noVerify != NULL) {
|
||||
if (virStrToLong_i(queryParam->value, NULL, 10, noVerify) < 0 ||
|
||||
(*noVerify != 0 && *noVerify != 1)) {
|
||||
ESX_ERROR(conn, VIR_ERR_INVALID_ARG,
|
||||
"Query parameter 'no_verify' has unexpected value "
|
||||
"'%s' (should be 0 or 1)", queryParam->value);
|
||||
goto failure;
|
||||
}
|
||||
} else {
|
||||
VIR_WARN("Ignoring unexpected query parameter '%s'",
|
||||
queryParam->name);
|
||||
|
@ -35,7 +35,8 @@ char *esxUtil_RequestUsername(virConnectAuthPtr auth,
|
||||
char *esxUtil_RequestPassword(virConnectAuthPtr auth, const char *username,
|
||||
const char *server);
|
||||
|
||||
int esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter);
|
||||
int esxUtil_ParseQuery(virConnectPtr conn, char **transport, char **vcenter,
|
||||
int *noVerify);
|
||||
|
||||
int esxUtil_ParseVirtualMachineIDString(const char *id_string, int *id);
|
||||
|
||||
|
@ -188,7 +188,7 @@ _esxVI_CURL_Debug(CURL *curl ATTRIBUTE_UNUSED, curl_infotype type,
|
||||
|
||||
int
|
||||
esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx, const char *url,
|
||||
const char *username, const char *password)
|
||||
const char *username, const char *password, int noVerify)
|
||||
{
|
||||
int result = 0;
|
||||
esxVI_String *propertyNameList = NULL;
|
||||
@ -238,6 +238,7 @@ esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx, const char *url,
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_USERAGENT, "libvirt-esx");
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_HEADER, 0);
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_FOLLOWLOCATION, 1);
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_SSL_VERIFYPEER, noVerify ? 0 : 1);
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_COOKIEFILE, "");
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_HTTPHEADER, ctx->curl_headers);
|
||||
curl_easy_setopt(ctx->curl_handle, CURLOPT_WRITEFUNCTION,
|
||||
|
@ -63,7 +63,7 @@ int esxVI_Context_Alloc(virConnectPtr conn, esxVI_Context **ctx);
|
||||
void esxVI_Context_Free(esxVI_Context **ctx);
|
||||
int esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx,
|
||||
const char *url, const char *username,
|
||||
const char *password);
|
||||
const char *password, int noVerify);
|
||||
int esxVI_Context_Download(virConnectPtr conn, esxVI_Context *ctx,
|
||||
const char *url, char **content);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user