External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 21:47:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make TLS support conditional

Browse Source 
Add checks for existence of GNUTLS and automatically disable
it if not found.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-01-07 14:54:18 +00:00
parent b7159dca8b
commit f587c27768
20 changed files with 311 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
configure.ac
View File

@ -1025,30 +1025,62 @@ CFLAGS="$old_cflags"
LIBS="$old_libs" LIBS="$old_libs"
dnl GnuTLS library dnl GnuTLS library
GNUTLS_CFLAGS= AC_ARG_WITH([gnutls],
GNUTLS_LIBS= AC_HELP_STRING([--with-gnutls], [use GNUTLS for encryption @<:@default=check@:>@]),
GNUTLS_FOUND=no [],
if test -x "$PKG_CONFIG" ; then [with_gnutls=check])
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
[GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
fi if test "x$with_gnutls" != "xno"; then
if test "$GNUTLS_FOUND" = "no"; then if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then
GNUTLS_CFLAGS="-I$with_gnutls/include"
GNUTLS_LIBS="-L$with_gnutls/lib"
fi
fail=0 fail=0
old_cflags="$CFLAGS"
old_libs="$LIBS" old_libs="$LIBS"
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1]) CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt]) LIBS="$LIBS $GNUTLS_LIBS"
test $fail = 1 && GNUTLS_FOUND=no
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt]) if test -x "$PKG_CONFIG" ; then
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
[GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
fi
if test "$GNUTLS_FOUND" = "no"; then
fail=0
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
test $fail = 0 && GNUTLS_FOUND=yes
GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls"
fi
if test "$GNUTLS_FOUND" = "no"; then
if test "$with_gnutls" = "check"; then
with_gnutls=no
GNUTLS_LIBS=
GNUTLS_CFLAGS=
else
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
fi
else
dnl Not all versions of gnutls include -lgcrypt, and so we add
dnl it explicitly for the calls to gcry_control/check_version
GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
with_gnutls=yes
fi
dnl Not all versions of gnutls include -lgcrypt, and so we add
dnl it explicitly for the calls to gcry_control/check_version
GNUTLS_LIBS="$LIBS -lgcrypt"
LIBS="$old_libs" LIBS="$old_libs"
else CFLAGS="$old_CFLAGS"
GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
fi fi
if test "x$with_gnutls" = "xyes" ; then
AC_DEFINE_UNQUOTED([HAVE_GNUTLS], 1,
[whether GNUTLS is available for encryption])
fi
AM_CONDITIONAL([HAVE_GNUTLS], [test "x$with_gnutls" = "xyes"])
AC_SUBST([GNUTLS_CFLAGS]) AC_SUBST([GNUTLS_CFLAGS])
AC_SUBST([GNUTLS_LIBS]) AC_SUBST([GNUTLS_LIBS])
@ -3168,7 +3200,11 @@ AC_MSG_NOTICE([ libssh2: $LIBSSH2_CFLAGS $LIBSSH2_LIBS])
else else
AC_MSG_NOTICE([ libssh2: no]) AC_MSG_NOTICE([ libssh2: no])
fi fi
if test "$with_gnutls" != "no" ; then
AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS]) AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS])
else
AC_MSG_NOTICE([ gnutls: no])
fi
if test "$with_sasl" != "no" ; then if test "$with_sasl" != "no" ; then
AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS]) AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS])
else else

41
daemon/libvirtd.c
View File

@ -449,7 +449,9 @@ static int daemonSetupNetworking(virNetServerPtr srv,
virNetServerServicePtr svc = NULL; virNetServerServicePtr svc = NULL;
virNetServerServicePtr svcRO = NULL; virNetServerServicePtr svcRO = NULL;
virNetServerServicePtr svcTCP = NULL; virNetServerServicePtr svcTCP = NULL;
#if HAVE_GNUTLS
virNetServerServicePtr svcTLS = NULL; virNetServerServicePtr svcTLS = NULL;
#endif
gid_t unix_sock_gid = 0; gid_t unix_sock_gid = 0;
int unix_sock_ro_mask = 0; int unix_sock_ro_mask = 0;
int unix_sock_rw_mask = 0; int unix_sock_rw_mask = 0;
@ -474,9 +476,11 @@ static int daemonSetupNetworking(virNetServerPtr srv,
unix_sock_rw_mask, unix_sock_rw_mask,
unix_sock_gid, unix_sock_gid,
config->auth_unix_rw, config->auth_unix_rw,
#if HAVE_GNUTLS
NULL,
#endif
false, false,
config->max_client_requests, config->max_client_requests)))
NULL)))
goto error; goto error;
if (sock_path_ro) { if (sock_path_ro) {
VIR_DEBUG("Registering unix socket %s", sock_path_ro); VIR_DEBUG("Registering unix socket %s", sock_path_ro);
@ -484,9 +488,11 @@ static int daemonSetupNetworking(virNetServerPtr srv,
unix_sock_ro_mask, unix_sock_ro_mask,
unix_sock_gid, unix_sock_gid,
config->auth_unix_ro, config->auth_unix_ro,
#if HAVE_GNUTLS
NULL,
#endif
true, true,
config->max_client_requests, config->max_client_requests)))
NULL)))
goto error; goto error;
} }
@ -507,9 +513,11 @@ static int daemonSetupNetworking(virNetServerPtr srv,
if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr, if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr,
config->tcp_port, config->tcp_port,
config->auth_tcp, config->auth_tcp,
#if HAVE_GNUTLS
NULL,
#endif
false, false,
config->max_client_requests, config->max_client_requests)))
NULL)))
goto error; goto error;
if (virNetServerAddService(srv, svcTCP, if (virNetServerAddService(srv, svcTCP,
@ -517,6 +525,7 @@ static int daemonSetupNetworking(virNetServerPtr srv,
goto error; goto error;
} }
#if HAVE_GNUTLS
if (config->listen_tls) { if (config->listen_tls) {
virNetTLSContextPtr ctxt = NULL; virNetTLSContextPtr ctxt = NULL;
@ -546,9 +555,9 @@ static int daemonSetupNetworking(virNetServerPtr srv,
virNetServerServiceNewTCP(config->listen_addr, virNetServerServiceNewTCP(config->listen_addr,
config->tls_port, config->tls_port,
config->auth_tls, config->auth_tls,
ctxt,
false, false,
config->max_client_requests, config->max_client_requests))) {
ctxt))) {
virObjectUnref(ctxt); virObjectUnref(ctxt);
goto error; goto error;
} }
@ -559,13 +568,23 @@ static int daemonSetupNetworking(virNetServerPtr srv,
virObjectUnref(ctxt); virObjectUnref(ctxt);
} }
#else
(void)privileged;
if (config->listen_tls) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("This libvirtd build does not support TLS"));
goto error;
}
#endif
} }
#if HAVE_SASL #if HAVE_SASL
if (config->auth_unix_rw == REMOTE_AUTH_SASL || if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
config->auth_unix_ro == REMOTE_AUTH_SASL || config->auth_unix_ro == REMOTE_AUTH_SASL ||
config->auth_tcp == REMOTE_AUTH_SASL || # if HAVE_GNUTLS
config->auth_tls == REMOTE_AUTH_SASL) { config->auth_tls == REMOTE_AUTH_SASL ||
# endif
config->auth_tcp == REMOTE_AUTH_SASL) {
saslCtxt = virNetSASLContextNewServer( saslCtxt = virNetSASLContextNewServer(
(const char *const*)config->sasl_allowed_username_list); (const char *const*)config->sasl_allowed_username_list);
if (!saslCtxt) if (!saslCtxt)
@ -576,7 +595,9 @@ static int daemonSetupNetworking(virNetServerPtr srv,
return 0; return 0;
error: error:
#if HAVE_GNUTLS
virObjectUnref(svcTLS); virObjectUnref(svcTLS);
#endif
virObjectUnref(svcTCP); virObjectUnref(svcTCP);
virObjectUnref(svc); virObjectUnref(svc);
virObjectUnref(svcRO); virObjectUnref(svcRO);

2
daemon/remote.c
View File

@ -2464,6 +2464,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
if (!sasl) if (!sasl)
goto authfail; goto authfail;
# if HAVE_GNUTLS
/* Inform SASL that we've got an external SSF layer from TLS */ /* Inform SASL that we've got an external SSF layer from TLS */
if (virNetServerClientHasTLSSession(client)) { if (virNetServerClientHasTLSSession(client)) {
int ssf; int ssf;
@ -2477,6 +2478,7 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto authfail; goto authfail;
} }
# endif
if (virNetServerClientIsSecure(client)) if (virNetServerClientIsSecure(client))
/* If we've got TLS or UNIX domain sock, we don't care about SSF */ /* If we've got TLS or UNIX domain sock, we don't care about SSF */

8
src/Makefile.am
View File

@ -1771,7 +1771,6 @@ libvirt_net_rpc_la_SOURCES = \
rpc/virnetmessage.h rpc/virnetmessage.c \ rpc/virnetmessage.h rpc/virnetmessage.c \
rpc/virnetprotocol.h rpc/virnetprotocol.c \ rpc/virnetprotocol.h rpc/virnetprotocol.c \
rpc/virnetsocket.h rpc/virnetsocket.c \ rpc/virnetsocket.h rpc/virnetsocket.c \
rpc/virnettlscontext.h rpc/virnettlscontext.c \
rpc/virkeepaliveprotocol.h rpc/virkeepaliveprotocol.c \ rpc/virkeepaliveprotocol.h rpc/virkeepaliveprotocol.c \
rpc/virkeepalive.h rpc/virkeepalive.c rpc/virkeepalive.h rpc/virkeepalive.c
if HAVE_LIBSSH2 if HAVE_LIBSSH2
@ -1781,6 +1780,13 @@ else
EXTRA_DIST += \ EXTRA_DIST += \
rpc/virnetsshsession.h rpc/virnetsshsession.c rpc/virnetsshsession.h rpc/virnetsshsession.c
endif endif
if HAVE_GNUTLS
libvirt_net_rpc_la_SOURCES += \
rpc/virnettlscontext.h rpc/virnettlscontext.c
else
EXTRA_DIST += \
rpc/virnettlscontext.h rpc/virnettlscontext.c
endif
if HAVE_SASL if HAVE_SASL
libvirt_net_rpc_la_SOURCES += \ libvirt_net_rpc_la_SOURCES += \
rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c

17
src/libvirt.c
View File

@ -55,7 +55,9 @@
#include "configmake.h" #include "configmake.h"
#include "intprops.h" #include "intprops.h"
#include "virconf.h" #include "virconf.h"
#include "rpc/virnettlscontext.h" #if HAVE_GNUTLS
# include "rpc/virnettlscontext.h"
#endif
#include "vircommand.h" #include "vircommand.h"
#include "virrandom.h" #include "virrandom.h"
#include "viruri.h" #include "viruri.h"
@ -268,6 +270,8 @@ winsock_init(void)
} }
#endif #endif
#ifdef HAVE_GNUTLS
static int virTLSMutexInit(void **priv) static int virTLSMutexInit(void **priv)
{ {
virMutexPtr lock = NULL; virMutexPtr lock = NULL;
@ -308,11 +312,11 @@ static int virTLSMutexUnlock(void **priv)
static struct gcry_thread_cbs virTLSThreadImpl = { static struct gcry_thread_cbs virTLSThreadImpl = {
/* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */ /* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */
#ifdef GCRY_THREAD_OPTION_VERSION # ifdef GCRY_THREAD_OPTION_VERSION
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
#else # else
GCRY_THREAD_OPTION_PTHREAD, GCRY_THREAD_OPTION_PTHREAD,
#endif # endif
NULL, NULL,
virTLSMutexInit, virTLSMutexInit,
virTLSMutexDestroy, virTLSMutexDestroy,
@ -320,6 +324,7 @@ static struct gcry_thread_cbs virTLSThreadImpl = {
virTLSMutexUnlock, virTLSMutexUnlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
}; };
#endif
/* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This /* Helper macros to implement VIR_DOMAIN_DEBUG using just C99. This
* assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but * assumes you pass fewer than 15 arguments to VIR_DOMAIN_DEBUG, but
@ -403,12 +408,16 @@ virGlobalInit(void)
virErrorInitialize() < 0) virErrorInitialize() < 0)
goto error; goto error;
#ifdef HAVE_GNUTLS
gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl); gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl);
gcry_check_version(NULL); gcry_check_version(NULL);
#endif
virLogSetFromEnv(); virLogSetFromEnv();
#ifdef HAVE_GNUTLS
virNetTLSInit(); virNetTLSInit();
#endif
#if HAVE_LIBCURL #if HAVE_LIBCURL
curl_global_init(CURL_GLOBAL_DEFAULT); curl_global_init(CURL_GLOBAL_DEFAULT);

12
src/locking/lock_daemon.c
View File

@ -654,7 +654,11 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv)
/* Systemd passes FDs, starting immediately after stderr, /* Systemd passes FDs, starting immediately after stderr,
* so the first FD we'll get is '3'. */ * so the first FD we'll get is '3'. */
if (!(svc = virNetServerServiceNewFD(3, 0, false, 1, NULL))) if (!(svc = virNetServerServiceNewFD(3, 0,
#if HAVE_GNUTLS
NULL,
#endif
false, 1)))
return -1; return -1;
if (virNetServerAddService(srv, svc, NULL) < 0) { if (virNetServerAddService(srv, svc, NULL) < 0) {
@ -672,7 +676,11 @@ virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path)
VIR_DEBUG("Setting up networking natively"); VIR_DEBUG("Setting up networking natively");
if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0, false, 1, NULL))) if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
#if HAVE_GNUTLS
NULL,
#endif
false, 1)))
return -1; return -1;
if (virNetServerAddService(srv, svc, NULL) < 0) { if (virNetServerAddService(srv, svc, NULL) < 0) {

6
src/lxc/lxc_controller.c
View File

@ -631,9 +631,11 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl)
0700, 0700,
0, 0,
0, 0,
#if HAVE_GNUTLS
NULL,
#endif
false, false,
5, 5)))
NULL)))
goto error; goto error;
if (virNetServerAddService(ctrl->server, svc, NULL) < 0) if (virNetServerAddService(ctrl->server, svc, NULL) < 0)

15
src/qemu/qemu_migration.c
View File

@ -23,8 +23,10 @@
#include <config.h> #include <config.h>
#include <sys/time.h> #include <sys/time.h>
#include <gnutls/gnutls.h> #ifdef HAVE_GNUTLS
#include <gnutls/x509.h> # include <gnutls/gnutls.h>
# include <gnutls/x509.h>
#endif
#include <fcntl.h> #include <fcntl.h>
#include <poll.h> #include <poll.h>
@ -196,6 +198,7 @@ static void qemuMigrationCookieFree(qemuMigrationCookiePtr mig)
} }
#ifdef HAVE_GNUTLS
static char * static char *
qemuDomainExtractTLSSubject(const char *certdir) qemuDomainExtractTLSSubject(const char *certdir)
{ {
@ -254,7 +257,7 @@ error:
VIR_FREE(pemdata); VIR_FREE(pemdata);
return NULL; return NULL;
} }
#endif
static qemuMigrationCookieGraphicsPtr static qemuMigrationCookieGraphicsPtr
qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver, qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
@ -273,9 +276,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
if (!listenAddr) if (!listenAddr)
listenAddr = driver->vncListen; listenAddr = driver->vncListen;
#ifdef HAVE_GNUTLS
if (driver->vncTLS && if (driver->vncTLS &&
!(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->vncTLSx509certdir))) !(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->vncTLSx509certdir)))
goto error; goto error;
#endif
} else { } else {
mig->port = def->data.spice.port; mig->port = def->data.spice.port;
if (driver->spiceTLS) if (driver->spiceTLS)
@ -286,9 +291,11 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
if (!listenAddr) if (!listenAddr)
listenAddr = driver->spiceListen; listenAddr = driver->spiceListen;
#ifdef HAVE_GNUTLS
if (driver->spiceTLS && if (driver->spiceTLS &&
!(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->spiceTLSx509certdir))) !(mig->tlsSubject = qemuDomainExtractTLSSubject(driver->spiceTLSx509certdir)))
goto error; goto error;
#endif
} }
if (!(mig->listen = strdup(listenAddr))) if (!(mig->listen = strdup(listenAddr)))
goto no_memory; goto no_memory;
@ -297,7 +304,9 @@ qemuMigrationCookieGraphicsAlloc(virQEMUDriverPtr driver,
no_memory: no_memory:
virReportOOMError(); virReportOOMError();
#ifdef HAVE_GNUTLS
error: error:
#endif
qemuMigrationCookieGraphicsFree(mig); qemuMigrationCookieGraphicsFree(mig);
return NULL; return NULL;
} }

15
src/remote/remote_driver.c
View File

@ -80,7 +80,9 @@ struct private_data {
int counter; /* Serial number for RPC */ int counter; /* Serial number for RPC */
#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls; virNetTLSContextPtr tls;
#endif
int is_secure; /* Secure if TLS or SASL or UNIX sockets */ int is_secure; /* Secure if TLS or SASL or UNIX sockets */
char *type; /* Cached return from remoteType. */ char *type; /* Cached return from remoteType. */
@ -596,12 +598,19 @@ doRemoteOpen(virConnectPtr conn,
/* Connect to the remote service. */ /* Connect to the remote service. */
switch (transport) { switch (transport) {
case trans_tls: case trans_tls:
#ifdef HAVE_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath, priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false, geteuid() != 0 ? true : false,
sanity, verify); sanity, verify);
if (!priv->tls) if (!priv->tls)
goto failed; goto failed;
priv->is_secure = 1; priv->is_secure = 1;
#else
(void)sanity;
virReportError(VIR_ERR_INVALID_ARG, "%s",
_("GNUTLS support not available in this build"));
goto failed;
#endif
/*FALLTHROUGH*/ /*FALLTHROUGH*/
case trans_tcp: case trans_tcp:
@ -609,11 +618,13 @@ doRemoteOpen(virConnectPtr conn,
if (!priv->client) if (!priv->client)
goto failed; goto failed;
#ifdef HAVE_GNUTLS
if (priv->tls) { if (priv->tls) {
VIR_DEBUG("Starting TLS session"); VIR_DEBUG("Starting TLS session");
if (virNetClientSetTLSSession(priv->client, priv->tls) < 0) if (virNetClientSetTLSSession(priv->client, priv->tls) < 0)
goto failed; goto failed;
} }
#endif
break; break;
@ -1001,8 +1012,10 @@ doRemoteClose(virConnectPtr conn, struct private_data *priv)
(xdrproc_t) xdr_void, (char *) NULL) == -1) (xdrproc_t) xdr_void, (char *) NULL) == -1)
ret = -1; ret = -1;
#ifdef HAVE_GNUTLS
virObjectUnref(priv->tls); virObjectUnref(priv->tls);
priv->tls = NULL; priv->tls = NULL;
#endif
virNetClientSetCloseCallback(priv->client, virNetClientSetCloseCallback(priv->client,
NULL, NULL,
NULL, NULL,
@ -3880,6 +3893,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
saslcb))) saslcb)))
goto cleanup; goto cleanup;
# ifdef HAVE_GNUTLS
/* Initialize some connection props we care about */ /* Initialize some connection props we care about */
if (priv->tls) { if (priv->tls) {
if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0) if ((ssf = virNetClientGetTLSKeySize(priv->client)) < 0)
@ -3891,6 +3905,7 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv,
if (virNetSASLSessionExtKeySize(sasl, ssf) < 0) if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
goto cleanup; goto cleanup;
} }
# endif
/* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */ /* If we've got a secure channel (TLS or UNIX sock), we don't care about SSF */
/* If we're not secure, then forbid any anonymous or trivially crackable auth */ /* If we're not secure, then forbid any anonymous or trivially crackable auth */

20
src/rpc/virnetclient.c
View File

@ -70,7 +70,9 @@ struct _virNetClient {
virNetSocketPtr sock; virNetSocketPtr sock;
bool asyncIO; bool asyncIO;
#if HAVE_GNUTLS
virNetTLSSessionPtr tls; virNetTLSSessionPtr tls;
#endif
char *hostname; char *hostname;
virNetClientProgramPtr *programs; virNetClientProgramPtr *programs;
@ -627,7 +629,9 @@ void virNetClientDispose(void *obj)
if (client->sock) if (client->sock)
virNetSocketRemoveIOCallback(client->sock); virNetSocketRemoveIOCallback(client->sock);
virObjectUnref(client->sock); virObjectUnref(client->sock);
#if HAVE_GNUTLS
virObjectUnref(client->tls); virObjectUnref(client->tls);
#endif
#if HAVE_SASL #if HAVE_SASL
virObjectUnref(client->sasl); virObjectUnref(client->sasl);
#endif #endif
@ -663,8 +667,10 @@ virNetClientCloseLocked(virNetClientPtr client)
virObjectUnref(client->sock); virObjectUnref(client->sock);
client->sock = NULL; client->sock = NULL;
#if HAVE_GNUTLS
virObjectUnref(client->tls); virObjectUnref(client->tls);
client->tls = NULL; client->tls = NULL;
#endif
#if HAVE_SASL #if HAVE_SASL
virObjectUnref(client->sasl); virObjectUnref(client->sasl);
client->sasl = NULL; client->sasl = NULL;
@ -745,6 +751,7 @@ void virNetClientSetSASLSession(virNetClientPtr client,
#endif #endif
#if HAVE_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client, int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls) virNetTLSContextPtr tls)
{ {
@ -755,12 +762,12 @@ int virNetClientSetTLSSession(virNetClientPtr client,
sigset_t oldmask, blockedsigs; sigset_t oldmask, blockedsigs;
sigemptyset(&blockedsigs); sigemptyset(&blockedsigs);
#ifdef SIGWINCH # ifdef SIGWINCH
sigaddset(&blockedsigs, SIGWINCH); sigaddset(&blockedsigs, SIGWINCH);
#endif # endif
#ifdef SIGCHLD # ifdef SIGCHLD
sigaddset(&blockedsigs, SIGCHLD); sigaddset(&blockedsigs, SIGCHLD);
#endif # endif
sigaddset(&blockedsigs, SIGPIPE); sigaddset(&blockedsigs, SIGPIPE);
virNetClientLock(client); virNetClientLock(client);
@ -847,13 +854,16 @@ error:
virNetClientUnlock(client); virNetClientUnlock(client);
return -1; return -1;
} }
#endif
bool virNetClientIsEncrypted(virNetClientPtr client) bool virNetClientIsEncrypted(virNetClientPtr client)
{ {
bool ret = false; bool ret = false;
virNetClientLock(client); virNetClientLock(client);
#if HAVE_GNUTLS
if (client->tls) if (client->tls)
ret = true; ret = true;
#endif
#if HAVE_SASL #if HAVE_SASL
if (client->sasl) if (client->sasl)
ret = true; ret = true;
@ -956,6 +966,7 @@ const char *virNetClientRemoteAddrString(virNetClientPtr client)
return virNetSocketRemoteAddrString(client->sock); return virNetSocketRemoteAddrString(client->sock);
} }
#if HAVE_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client) int virNetClientGetTLSKeySize(virNetClientPtr client)
{ {
int ret = 0; int ret = 0;
@ -965,6 +976,7 @@ int virNetClientGetTLSKeySize(virNetClientPtr client)
virNetClientUnlock(client); virNetClientUnlock(client);
return ret; return ret;
} }
#endif
static int static int
virNetClientCallDispatchReply(virNetClientPtr client) virNetClientCallDispatchReply(virNetClientPtr client)

8
src/rpc/virnetclient.h
View File

@ -23,7 +23,9 @@
#ifndef __VIR_NET_CLIENT_H__ #ifndef __VIR_NET_CLIENT_H__
# define __VIR_NET_CLIENT_H__ # define __VIR_NET_CLIENT_H__
# include "virnettlscontext.h" # ifdef HAVE_GNUTLS
# include "virnettlscontext.h"
# endif
# include "virnetmessage.h" # include "virnetmessage.h"
# ifdef HAVE_SASL # ifdef HAVE_SASL
# include "virnetsaslcontext.h" # include "virnetsaslcontext.h"
@ -107,8 +109,10 @@ void virNetClientSetSASLSession(virNetClientPtr client,
virNetSASLSessionPtr sasl); virNetSASLSessionPtr sasl);
# endif # endif
# ifdef HAVE_GNUTLS
int virNetClientSetTLSSession(virNetClientPtr client, int virNetClientSetTLSSession(virNetClientPtr client,
virNetTLSContextPtr tls); virNetTLSContextPtr tls);
# endif
bool virNetClientIsEncrypted(virNetClientPtr client); bool virNetClientIsEncrypted(virNetClientPtr client);
bool virNetClientIsOpen(virNetClientPtr client); bool virNetClientIsOpen(virNetClientPtr client);
@ -116,7 +120,9 @@ bool virNetClientIsOpen(virNetClientPtr client);
const char *virNetClientLocalAddrString(virNetClientPtr client); const char *virNetClientLocalAddrString(virNetClientPtr client);
const char *virNetClientRemoteAddrString(virNetClientPtr client); const char *virNetClientRemoteAddrString(virNetClientPtr client);
# ifdef HAVE_GNUTLS
int virNetClientGetTLSKeySize(virNetClientPtr client); int virNetClientGetTLSKeySize(virNetClientPtr client);
# endif
void virNetClientClose(virNetClientPtr client); void virNetClientClose(virNetClientPtr client);

6
src/rpc/virnetserver.c
View File

@ -98,7 +98,9 @@ struct _virNetServer {
unsigned int quit :1; unsigned int quit :1;
#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls; virNetTLSContextPtr tls;
#endif
unsigned int autoShutdownTimeout; unsigned int autoShutdownTimeout;
size_t autoShutdownInhibitions; size_t autoShutdownInhibitions;
@ -309,7 +311,9 @@ static int virNetServerDispatchNewClient(virNetServerServicePtr svc,
virNetServerServiceGetAuth(svc), virNetServerServiceGetAuth(svc),
virNetServerServiceIsReadonly(svc), virNetServerServiceIsReadonly(svc),
virNetServerServiceGetMaxRequests(svc), virNetServerServiceGetMaxRequests(svc),
#if HAVE_GNUTLS
virNetServerServiceGetTLSContext(svc), virNetServerServiceGetTLSContext(svc),
#endif
srv->clientPrivNew, srv->clientPrivNew,
srv->clientPrivPreExecRestart, srv->clientPrivPreExecRestart,
srv->clientPrivFree, srv->clientPrivFree,
@ -1034,12 +1038,14 @@ no_memory:
return -1; return -1;
} }
#if HAVE_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv, int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls) virNetTLSContextPtr tls)
{ {
srv->tls = virObjectRef(tls); srv->tls = virObjectRef(tls);
return 0; return 0;
} }
#endif
static void virNetServerAutoShutdownTimer(int timerid ATTRIBUTE_UNUSED, static void virNetServerAutoShutdownTimer(int timerid ATTRIBUTE_UNUSED,

6
src/rpc/virnetserver.h
View File

@ -26,7 +26,9 @@
# include <signal.h> # include <signal.h>
# include "virnettlscontext.h" # ifdef HAVE_GNUTLS
# include "virnettlscontext.h"
# endif
# include "virnetserverprogram.h" # include "virnetserverprogram.h"
# include "virnetserverclient.h" # include "virnetserverclient.h"
# include "virnetserverservice.h" # include "virnetserverservice.h"
@ -79,8 +81,10 @@ int virNetServerAddService(virNetServerPtr srv,
int virNetServerAddProgram(virNetServerPtr srv, int virNetServerAddProgram(virNetServerPtr srv,
virNetServerProgramPtr prog); virNetServerProgramPtr prog);
# if HAVE_GNUTLS
int virNetServerSetTLSContext(virNetServerPtr srv, int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls); virNetTLSContextPtr tls);
# endif
void virNetServerUpdateServices(virNetServerPtr srv, void virNetServerUpdateServices(virNetServerPtr srv,
bool enabled); bool enabled);

63
src/rpc/virnetserverclient.c
View File

@ -66,8 +66,10 @@ struct _virNetServerClient
int auth; int auth;
bool readonly; bool readonly;
char *identity; char *identity;
#if HAVE_GNUTLS
virNetTLSContextPtr tlsCtxt; virNetTLSContextPtr tlsCtxt;
virNetTLSSessionPtr tls; virNetTLSSessionPtr tls;
#endif
#if HAVE_SASL #if HAVE_SASL
virNetSASLSessionPtr sasl; virNetSASLSessionPtr sasl;
#endif #endif
@ -147,13 +149,18 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) {
VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p", VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p",
#ifdef HAVE_GNUTLS
client->tls, client->tls,
client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1, client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1,
#else
NULL, -1,
#endif
client->rx, client->rx,
client->tx); client->tx);
if (!client->sock || client->wantClose) if (!client->sock || client->wantClose)
return 0; return 0;
#if HAVE_GNUTLS
if (client->tls) { if (client->tls) {
switch (virNetTLSSessionGetHandshakeStatus(client->tls)) { switch (virNetTLSSessionGetHandshakeStatus(client->tls)) {
case VIR_NET_TLS_HANDSHAKE_RECVING: case VIR_NET_TLS_HANDSHAKE_RECVING:
@ -170,6 +177,7 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) {
mode |= VIR_EVENT_HANDLE_WRITABLE; mode |= VIR_EVENT_HANDLE_WRITABLE;
} }
} else { } else {
#endif
/* If there is a message on the rx queue, and /* If there is a message on the rx queue, and
* we're not in middle of a delayedClose, then * we're not in middle of a delayedClose, then
* we're wanting more input */ * we're wanting more input */
@ -180,7 +188,9 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) {
then monitor for writability on socket */ then monitor for writability on socket */
if (client->tx) if (client->tx)
mode |= VIR_EVENT_HANDLE_WRITABLE; mode |= VIR_EVENT_HANDLE_WRITABLE;
#if HAVE_GNUTLS
} }
#endif
VIR_DEBUG("mode=%o", mode); VIR_DEBUG("mode=%o", mode);
return mode; return mode;
} }
@ -287,6 +297,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
} }
#ifdef HAVE_GNUTLS
/* Check the client's access. */ /* Check the client's access. */
static int static int
virNetServerClientCheckAccess(virNetServerClientPtr client) virNetServerClientCheckAccess(virNetServerClientPtr client)
@ -322,6 +333,8 @@ virNetServerClientCheckAccess(virNetServerClientPtr client)
return 0; return 0;
} }
#endif
static void virNetServerClientSockTimerFunc(int timer, static void virNetServerClientSockTimerFunc(int timer,
void *opaque) void *opaque)
@ -340,9 +353,11 @@ static void virNetServerClientSockTimerFunc(int timer,
static virNetServerClientPtr static virNetServerClientPtr
virNetServerClientNewInternal(virNetSocketPtr sock, virNetServerClientNewInternal(virNetSocketPtr sock,
int auth, int auth,
#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls,
#endif
bool readonly, bool readonly,
size_t nrequests_max, size_t nrequests_max)
virNetTLSContextPtr tls)
{ {
virNetServerClientPtr client; virNetServerClientPtr client;
@ -360,7 +375,9 @@ virNetServerClientNewInternal(virNetSocketPtr sock,
client->sock = virObjectRef(sock); client->sock = virObjectRef(sock);
client->auth = auth; client->auth = auth;
client->readonly = readonly; client->readonly = readonly;
#ifdef HAVE_GNUTLS
client->tlsCtxt = virObjectRef(tls); client->tlsCtxt = virObjectRef(tls);
#endif
client->nrequests_max = nrequests_max; client->nrequests_max = nrequests_max;
client->sockTimer = virEventAddTimeout(-1, virNetServerClientSockTimerFunc, client->sockTimer = virEventAddTimeout(-1, virNetServerClientSockTimerFunc,
@ -394,7 +411,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock,
int auth, int auth,
bool readonly, bool readonly,
size_t nrequests_max, size_t nrequests_max,
#ifdef HAVE_GNUTLS
virNetTLSContextPtr tls, virNetTLSContextPtr tls,
#endif
virNetServerClientPrivNew privNew, virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart privPreExecRestart, virNetServerClientPrivPreExecRestart privPreExecRestart,
virFreeCallback privFree, virFreeCallback privFree,
@ -402,9 +421,19 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock,
{ {
virNetServerClientPtr client; virNetServerClientPtr client;
VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls); VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth,
#ifdef HAVE_GNUTLS
tls
#else
NULL
#endif
);
if (!(client = virNetServerClientNewInternal(sock, auth, readonly, nrequests_max, tls))) if (!(client = virNetServerClientNewInternal(sock, auth,
#ifdef HAVE_GNUTLS
tls,
#endif
readonly, nrequests_max)))
return NULL; return NULL;
if (privNew) { if (privNew) {
@ -470,9 +499,11 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec
if (!(client = virNetServerClientNewInternal(sock, if (!(client = virNetServerClientNewInternal(sock,
auth, auth,
#ifdef HAVE_GNUTLS
NULL,
#endif
readonly, readonly,
nrequests_max, nrequests_max))) {
NULL))) {
virObjectUnref(sock); virObjectUnref(sock);
return NULL; return NULL;
} }
@ -571,6 +602,7 @@ bool virNetServerClientGetReadonly(virNetServerClientPtr client)
} }
#ifdef HAVE_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client) bool virNetServerClientHasTLSSession(virNetServerClientPtr client)
{ {
bool has; bool has;
@ -589,6 +621,7 @@ int virNetServerClientGetTLSKeySize(virNetServerClientPtr client)
virNetServerClientUnlock(client); virNetServerClientUnlock(client);
return size; return size;
} }
#endif
int virNetServerClientGetFD(virNetServerClientPtr client) int virNetServerClientGetFD(virNetServerClientPtr client)
{ {
@ -615,8 +648,10 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client)
{ {
bool secure = false; bool secure = false;
virNetServerClientLock(client); virNetServerClientLock(client);
#if HAVE_GNUTLS
if (client->tls) if (client->tls)
secure = true; secure = true;
#endif
#if HAVE_SASL #if HAVE_SASL
if (client->sasl) if (client->sasl)
secure = true; secure = true;
@ -628,6 +663,7 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client)
} }
#if HAVE_SASL #if HAVE_SASL
void virNetServerClientSetSASLSession(virNetServerClientPtr client, void virNetServerClientSetSASLSession(virNetServerClientPtr client,
virNetSASLSessionPtr sasl) virNetSASLSessionPtr sasl)
@ -730,8 +766,10 @@ void virNetServerClientDispose(void *obj)
#endif #endif
if (client->sockTimer > 0) if (client->sockTimer > 0)
virEventRemoveTimeout(client->sockTimer); virEventRemoveTimeout(client->sockTimer);
#if HAVE_GNUTLS
virObjectUnref(client->tls); virObjectUnref(client->tls);
virObjectUnref(client->tlsCtxt); virObjectUnref(client->tlsCtxt);
#endif
virObjectUnref(client->sock); virObjectUnref(client->sock);
virNetServerClientUnlock(client); virNetServerClientUnlock(client);
virMutexDestroy(&client->lock); virMutexDestroy(&client->lock);
@ -784,10 +822,12 @@ void virNetServerClientClose(virNetServerClientPtr client)
if (client->sock) if (client->sock)
virNetSocketRemoveIOCallback(client->sock); virNetSocketRemoveIOCallback(client->sock);
#if HAVE_GNUTLS
if (client->tls) { if (client->tls) {
virObjectUnref(client->tls); virObjectUnref(client->tls);
client->tls = NULL; client->tls = NULL;
} }
#endif
client->wantClose = true; client->wantClose = true;
while (client->rx) { while (client->rx) {
@ -847,10 +887,13 @@ int virNetServerClientInit(virNetServerClientPtr client)
{ {
virNetServerClientLock(client); virNetServerClientLock(client);
#if HAVE_GNUTLS
if (!client->tlsCtxt) { if (!client->tlsCtxt) {
#endif
/* Plain socket, so prepare to read first message */ /* Plain socket, so prepare to read first message */
if (virNetServerClientRegisterEvent(client) < 0) if (virNetServerClientRegisterEvent(client) < 0)
goto error; goto error;
#if HAVE_GNUTLS
} else { } else {
int ret; int ret;
@ -879,6 +922,7 @@ int virNetServerClientInit(virNetServerClientPtr client)
goto error; goto error;
} }
} }
#endif
virNetServerClientUnlock(client); virNetServerClientUnlock(client);
return 0; return 0;
@ -1180,6 +1224,8 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client)
} }
} }
#if HAVE_GNUTLS
static void static void
virNetServerClientDispatchHandshake(virNetServerClientPtr client) virNetServerClientDispatchHandshake(virNetServerClientPtr client)
{ {
@ -1202,6 +1248,7 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client)
client->wantClose = true; client->wantClose = true;
} }
} }
#endif
static void static void
virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque) virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
@ -1218,17 +1265,21 @@ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
if (events & (VIR_EVENT_HANDLE_WRITABLE | if (events & (VIR_EVENT_HANDLE_WRITABLE |
VIR_EVENT_HANDLE_READABLE)) { VIR_EVENT_HANDLE_READABLE)) {
#if HAVE_GNUTLS
if (client->tls && if (client->tls &&
virNetTLSSessionGetHandshakeStatus(client->tls) != virNetTLSSessionGetHandshakeStatus(client->tls) !=
VIR_NET_TLS_HANDSHAKE_COMPLETE) { VIR_NET_TLS_HANDSHAKE_COMPLETE) {
virNetServerClientDispatchHandshake(client); virNetServerClientDispatchHandshake(client);
} else { } else {
#endif
if (events & VIR_EVENT_HANDLE_WRITABLE) if (events & VIR_EVENT_HANDLE_WRITABLE)
virNetServerClientDispatchWrite(client); virNetServerClientDispatchWrite(client);
if (events & VIR_EVENT_HANDLE_READABLE && if (events & VIR_EVENT_HANDLE_READABLE &&
client->rx) client->rx)
virNetServerClientDispatchRead(client); virNetServerClientDispatchRead(client);
#if HAVE_GNUTLS
} }
#endif
} }
/* NB, will get HANGUP + READABLE at same time upon /* NB, will get HANGUP + READABLE at same time upon

4
src/rpc/virnetserverclient.h
View File

@ -52,7 +52,9 @@ virNetServerClientPtr virNetServerClientNew(virNetSocketPtr sock,
int auth, int auth,
bool readonly, bool readonly,
size_t nrequests_max, size_t nrequests_max,
# ifdef HAVE_GNUTLS
virNetTLSContextPtr tls, virNetTLSContextPtr tls,
# endif
virNetServerClientPrivNew privNew, virNetServerClientPrivNew privNew,
virNetServerClientPrivPreExecRestart privPreExecRestart, virNetServerClientPrivPreExecRestart privPreExecRestart,
virFreeCallback privFree, virFreeCallback privFree,
@ -76,8 +78,10 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
int virNetServerClientGetAuth(virNetServerClientPtr client); int virNetServerClientGetAuth(virNetServerClientPtr client);
bool virNetServerClientGetReadonly(virNetServerClientPtr client); bool virNetServerClientGetReadonly(virNetServerClientPtr client);
# ifdef HAVE_GNUTLS
bool virNetServerClientHasTLSSession(virNetServerClientPtr client); bool virNetServerClientHasTLSSession(virNetServerClientPtr client);
int virNetServerClientGetTLSKeySize(virNetServerClientPtr client); int virNetServerClientGetTLSKeySize(virNetServerClientPtr client);
# endif
# ifdef HAVE_SASL # ifdef HAVE_SASL
void virNetServerClientSetSASLSession(virNetServerClientPtr client, void virNetServerClientSetSASLSession(virNetServerClientPtr client,

31
src/rpc/virnetserverservice.c
View File

@ -41,7 +41,9 @@ struct _virNetServerService {
bool readonly; bool readonly;
size_t nrequests_client_max; size_t nrequests_client_max;
#if HAVE_GNUTLS
virNetTLSContextPtr tls; virNetTLSContextPtr tls;
#endif
virNetServerServiceDispatchFunc dispatchFunc; virNetServerServiceDispatchFunc dispatchFunc;
void *dispatchOpaque; void *dispatchOpaque;
@ -90,9 +92,11 @@ cleanup:
virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service, const char *service,
int auth, int auth,
#if HAVE_GNUTLS
virNetTLSContextPtr tls,
#endif
bool readonly, bool readonly,
size_t nrequests_client_max, size_t nrequests_client_max)
virNetTLSContextPtr tls)
{ {
virNetServerServicePtr svc; virNetServerServicePtr svc;
size_t i; size_t i;
@ -106,7 +110,9 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
svc->auth = auth; svc->auth = auth;
svc->readonly = readonly; svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max; svc->nrequests_client_max = nrequests_client_max;
#if HAVE_GNUTLS
svc->tls = virObjectRef(tls); svc->tls = virObjectRef(tls);
#endif
if (virNetSocketNewListenTCP(nodename, if (virNetSocketNewListenTCP(nodename,
service, service,
@ -144,9 +150,11 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask, mode_t mask,
gid_t grp, gid_t grp,
int auth, int auth,
#if HAVE_GNUTLS
virNetTLSContextPtr tls,
#endif
bool readonly, bool readonly,
size_t nrequests_client_max, size_t nrequests_client_max)
virNetTLSContextPtr tls)
{ {
virNetServerServicePtr svc; virNetServerServicePtr svc;
int i; int i;
@ -160,7 +168,9 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
svc->auth = auth; svc->auth = auth;
svc->readonly = readonly; svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max; svc->nrequests_client_max = nrequests_client_max;
#if HAVE_GNUTLS
svc->tls = virObjectRef(tls); svc->tls = virObjectRef(tls);
#endif
svc->nsocks = 1; svc->nsocks = 1;
if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0)
@ -202,9 +212,11 @@ error:
virNetServerServicePtr virNetServerServiceNewFD(int fd, virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth, int auth,
#if HAVE_GNUTLS
virNetTLSContextPtr tls,
#endif
bool readonly, bool readonly,
size_t nrequests_client_max, size_t nrequests_client_max)
virNetTLSContextPtr tls)
{ {
virNetServerServicePtr svc; virNetServerServicePtr svc;
int i; int i;
@ -218,7 +230,9 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd,
svc->auth = auth; svc->auth = auth;
svc->readonly = readonly; svc->readonly = readonly;
svc->nrequests_client_max = nrequests_client_max; svc->nrequests_client_max = nrequests_client_max;
#if HAVE_GNUTLS
svc->tls = virObjectRef(tls); svc->tls = virObjectRef(tls);
#endif
svc->nsocks = 1; svc->nsocks = 1;
if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0)
@ -401,11 +415,12 @@ size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc)
return svc->nrequests_client_max; return svc->nrequests_client_max;
} }
#if HAVE_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc) virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc)
{ {
return svc->tls; return svc->tls;
} }
#endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc, void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func, virNetServerServiceDispatchFunc func,
@ -425,7 +440,9 @@ void virNetServerServiceDispose(void *obj)
virObjectUnref(svc->socks[i]); virObjectUnref(svc->socks[i]);
VIR_FREE(svc->socks); VIR_FREE(svc->socks);
#if HAVE_GNUTLS
virObjectUnref(svc->tls); virObjectUnref(svc->tls);
#endif
} }
void virNetServerServiceToggle(virNetServerServicePtr svc, void virNetServerServiceToggle(virNetServerServicePtr svc,

20
src/rpc/virnetserverservice.h
View File

@ -40,21 +40,27 @@ typedef int (*virNetServerServiceDispatchFunc)(virNetServerServicePtr svc,
virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename, virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
const char *service, const char *service,
int auth, int auth,
# if HAVE_GNUTLS
virNetTLSContextPtr tls,
# endif
bool readonly, bool readonly,
size_t nrequests_client_max, size_t nrequests_client_max);
virNetTLSContextPtr tls);
virNetServerServicePtr virNetServerServiceNewUNIX(const char *path, virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
mode_t mask, mode_t mask,
gid_t grp, gid_t grp,
int auth, int auth,
# if HAVE_GNUTLS
virNetTLSContextPtr tls,
# endif
bool readonly, bool readonly,
size_t nrequests_client_max, size_t nrequests_client_max);
virNetTLSContextPtr tls);
virNetServerServicePtr virNetServerServiceNewFD(int fd, virNetServerServicePtr virNetServerServiceNewFD(int fd,
int auth, int auth,
# if HAVE_GNUTLS
virNetTLSContextPtr tls,
# endif
bool readonly, bool readonly,
size_t nrequests_client_max, size_t nrequests_client_max);
virNetTLSContextPtr tls);
virNetServerServicePtr virNetServerServiceNewPostExecRestart(virJSONValuePtr object); virNetServerServicePtr virNetServerServiceNewPostExecRestart(virJSONValuePtr object);
@ -65,7 +71,9 @@ int virNetServerServiceGetPort(virNetServerServicePtr svc);
int virNetServerServiceGetAuth(virNetServerServicePtr svc); int virNetServerServiceGetAuth(virNetServerServicePtr svc);
bool virNetServerServiceIsReadonly(virNetServerServicePtr svc); bool virNetServerServiceIsReadonly(virNetServerServicePtr svc);
size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc); size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc);
# ifdef HAVE_GNUTLS
virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc); virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc);
# endif
void virNetServerServiceSetDispatcher(virNetServerServicePtr svc, void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
virNetServerServiceDispatchFunc func, virNetServerServiceDispatchFunc func,

17
src/rpc/virnetsocket.c
View File

@ -79,7 +79,9 @@ struct _virNetSocket {
char *localAddrStr; char *localAddrStr;
char *remoteAddrStr; char *remoteAddrStr;
#if HAVE_GNUTLS
virNetTLSSessionPtr tlsSession; virNetTLSSessionPtr tlsSession;
#endif
#if HAVE_SASL #if HAVE_SASL
virNetSASLSessionPtr saslSession; virNetSASLSessionPtr saslSession;
@ -948,11 +950,13 @@ virJSONValuePtr virNetSocketPreExecRestart(virNetSocketPtr sock)
goto error; goto error;
} }
#endif #endif
#if HAVE_GNUTLS
if (sock->tlsSession) { if (sock->tlsSession) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s", virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Unable to save socket state when TLS session is active")); _("Unable to save socket state when TLS session is active"));
goto error; goto error;
} }
#endif
if (!(object = virJSONValueNewObject())) if (!(object = virJSONValueNewObject()))
goto error; goto error;
@ -1011,10 +1015,12 @@ void virNetSocketDispose(void *obj)
unlink(sock->localAddr.data.un.sun_path); unlink(sock->localAddr.data.un.sun_path);
#endif #endif
#if HAVE_GNUTLS
/* Make sure it can't send any more I/O during shutdown */ /* Make sure it can't send any more I/O during shutdown */
if (sock->tlsSession) if (sock->tlsSession)
virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL); virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL);
virObjectUnref(sock->tlsSession); virObjectUnref(sock->tlsSession);
#endif
#if HAVE_SASL #if HAVE_SASL
virObjectUnref(sock->saslSession); virObjectUnref(sock->saslSession);
#endif #endif
@ -1178,6 +1184,7 @@ const char *virNetSocketRemoteAddrString(virNetSocketPtr sock)
} }
#if HAVE_GNUTLS
static ssize_t virNetSocketTLSSessionWrite(const char *buf, static ssize_t virNetSocketTLSSessionWrite(const char *buf,
size_t len, size_t len,
void *opaque) void *opaque)
@ -1208,7 +1215,7 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock,
sock); sock);
virMutexUnlock(&sock->lock); virMutexUnlock(&sock->lock);
} }
#endif
#if HAVE_SASL #if HAVE_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock, void virNetSocketSetSASLSession(virNetSocketPtr sock,
@ -1280,13 +1287,17 @@ static ssize_t virNetSocketReadWire(virNetSocketPtr sock, char *buf, size_t len)
#endif #endif
reread: reread:
#if HAVE_GNUTLS
if (sock->tlsSession && if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) { VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionRead(sock->tlsSession, buf, len); ret = virNetTLSSessionRead(sock->tlsSession, buf, len);
} else { } else {
#endif
ret = read(sock->fd, buf, len); ret = read(sock->fd, buf, len);
#if HAVE_GNUTLS
} }
#endif
if ((ret < 0) && (errno == EINTR)) if ((ret < 0) && (errno == EINTR))
goto reread; goto reread;
@ -1335,13 +1346,17 @@ static ssize_t virNetSocketWriteWire(virNetSocketPtr sock, const char *buf, size
#endif #endif
rewrite: rewrite:
#if HAVE_GNUTLS
if (sock->tlsSession && if (sock->tlsSession &&
virNetTLSSessionGetHandshakeStatus(sock->tlsSession) == virNetTLSSessionGetHandshakeStatus(sock->tlsSession) ==
VIR_NET_TLS_HANDSHAKE_COMPLETE) { VIR_NET_TLS_HANDSHAKE_COMPLETE) {
ret = virNetTLSSessionWrite(sock->tlsSession, buf, len); ret = virNetTLSSessionWrite(sock->tlsSession, buf, len);
} else { } else {
#endif
ret = write(sock->fd, buf, len); ret = write(sock->fd, buf, len);
#if HAVE_GNUTLS
} }
#endif
if (ret < 0) { if (ret < 0) {
if (errno == EINTR) if (errno == EINTR)

6
src/rpc/virnetsocket.h
View File

@ -26,7 +26,9 @@
# include "virsocketaddr.h" # include "virsocketaddr.h"
# include "vircommand.h" # include "vircommand.h"
# include "virnettlscontext.h" # ifdef HAVE_GNUTLS
# include "virnettlscontext.h"
# endif
# include "virobject.h" # include "virobject.h"
# ifdef HAVE_SASL # ifdef HAVE_SASL
# include "virnetsaslcontext.h" # include "virnetsaslcontext.h"
@ -122,8 +124,10 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len);
int virNetSocketSendFD(virNetSocketPtr sock, int fd); int virNetSocketSendFD(virNetSocketPtr sock, int fd);
int virNetSocketRecvFD(virNetSocketPtr sock, int *fd); int virNetSocketRecvFD(virNetSocketPtr sock, int *fd);
# ifdef HAVE_GNUTLS
void virNetSocketSetTLSSession(virNetSocketPtr sock, void virNetSocketSetTLSSession(virNetSocketPtr sock,
virNetTLSSessionPtr sess); virNetTLSSessionPtr sess);
# endif
# ifdef HAVE_SASL # ifdef HAVE_SASL
void virNetSocketSetSASLSession(virNetSocketPtr sock, void virNetSocketSetSASLSession(virNetSocketPtr sock,

11
tests/Makefile.am
View File

@ -91,7 +91,7 @@ test_programs = virshtest sockettest \
commandtest seclabeltest \ commandtest seclabeltest \
virhashtest virnetmessagetest virnetsockettest \ virhashtest virnetmessagetest virnetsockettest \
viratomictest \ viratomictest \
utiltest virnettlscontexttest shunloadtest \ utiltest shunloadtest \
virtimetest viruritest virkeyfiletest \ virtimetest viruritest virkeyfiletest \
virauthconfigtest \ virauthconfigtest \
virbitmaptest \ virbitmaptest \
@ -100,6 +100,10 @@ test_programs = virshtest sockettest \
sysinfotest \ sysinfotest \
$(NULL) $(NULL)
if HAVE_GNUTLS
test_programs += virnettlscontexttest
endif
if WITH_SECDRIVER_SELINUX if WITH_SECDRIVER_SELINUX
test_programs += securityselinuxtest test_programs += securityselinuxtest
endif endif
@ -526,6 +530,7 @@ virnetsockettest_SOURCES = \
virnetsockettest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) virnetsockettest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
virnetsockettest_LDADD = $(LDADDS) virnetsockettest_LDADD = $(LDADDS)
if HAVE_GNUTLS
virnettlscontexttest_SOURCES = \ virnettlscontexttest_SOURCES = \
virnettlscontexttest.c testutils.h testutils.c virnettlscontexttest.c testutils.h testutils.c
virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) virnettlscontexttest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
@ -536,6 +541,10 @@ virnettlscontexttest_LDADD += -ltasn1
else else
EXTRA_DIST += pkix_asn1_tab.c EXTRA_DIST += pkix_asn1_tab.c
endif endif
else
EXTRA_DIST += \
virnettlscontexttest.c testutils.h testutils.c pkix_asn1_tab.c
endif
virtimetest_SOURCES = \ virtimetest_SOURCES = \
virtimetest.c testutils.h testutils.c virtimetest.c testutils.h testutils.c