76 Commits

Author SHA1 Message Date
Michal Privoznik
c684b3c7e8 rpc: Use g_strdup_printf() instead of virAsprintf()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2019-11-12 16:15:58 +01:00
Ján Tomko
45bf10ba1d rpc: use g_strdup instead of VIR_STRDUP
Replace all occurrences of
  if (VIR_STRDUP(a, b) < 0)
     /* effectively dead code */
with:
  a = g_strdup(b);

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-21 12:51:58 +02:00
Ján Tomko
8b5ef0a6b8 rpc: use G_GNUC_UNUSED
Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-15 11:25:24 +02:00
Daniel P. Berrangé
2b0d597670 util: get rid of virGetEnv{Allow,Block}SUID functions
Now that 100% of libvirt code is forbidden in a SUID environment,
we no longer need to worry about whether env variables are
trustworthy or not. The virt-login-shell setuid program, which
does not link to any libvirt code, will purge all environment
variables, except $TERM, before invoking the virt-login-shell-helper
program which uses libvirt.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-07 16:54:02 +01:00
Adrian Brzezinski
dc4e9bfb84 rpc: cleanup in virNetTLSContextNew
Failed new gnutls context allocations in virNetTLSContextNew function
results in double free and segfault. Occasional memory leaks may also
occur.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Adrian Brzezinski <redhat@adrb.pl>
2019-04-16 11:22:50 +01:00
Cole Robinson
af36f8a641 Require a semicolon for VIR_ONCE_GLOBAL_INIT calls
Missing semicolon at the end of macros can confuse some analyzers
(like cppcheck <filename>). VIR_ONCE_GLOBAL_INIT is almost
exclusively called without an ending semicolon, but let's
standardize on using one like the other macros.

Add a dummy struct definition at the end of the macro, so
the compiler will require callers to add a semicolon.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-02-03 17:46:29 -05:00
Erik Skultety
5165ff0971 src: More cleanup of some system headers already contained in internal.h
All of the ones being removed are pulled in by internal.h. The only
exception is sanlock which expects the application to include <stdint.h>
before sanlock's headers, because sanlock prototypes use fixed width
int, but they don't include stdint.h themselves, so we have to leave
that one in place.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 10:16:39 +02:00
Ján Tomko
fe8a06798d Remove check for gnutls/crypto.h
Assume its presence for gnutls >= 3.2.

Check introduced by <commit 7d21d6b>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Michal Privoznik
10f94828ea virobject: Introduce VIR_CLASS_NEW() macro
So far we are repeating the following lines over and over:

  if (!(virSomeObjectClass = virClassNew(virClassForObject(),
                             "virSomeObject",
                             sizeof(virSomeObject),
                             virSomeObjectDispose)))
      return -1;

While this works, it is impossible to do some checking. Firstly,
the class name (the 2nd argument) doesn't match the name in the
code in all cases (the 3rd argument). Secondly, the current style
is needlessly verbose. This commit turns example into following:

  if (!(VIR_CLASS_NEW(virSomeObject,
                      virClassForObject)))
      return -1;

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-18 10:04:55 +02:00
Daniel P. Berrange
83c1ab5838 Report what TLS priority string we use for a session
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-16 11:03:33 +00:00
Daniel P. Berrange
214489f550 rpc: allow priority string to be passed to TLS context
Extend the virNetTLSContextNew* constructors to allow
the TLS priority string to be passed in, overriding the
compile time default.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
cbb2e91ecc configure: allow setting default TLS priority string
Currently libvirt calls gnutls_set_default_priority()
which on old systems resolves to "NORMAL" while new
systems it resolves to "@SYSTEM". Either way, this
is a global default that is identical across all apps.

We want to allow distros to flexibility to define a
custom default string for libvirt priority, so add
a --tls-priority=STRING  flag to configure to enable
this to be set.

It is expected that distros would use this when creating
RPM/Deb/etc packages, according to their preferred crypto
handling policies.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
20c5ded9d0 rpc: set gnutls log function at global init time
Currently we set the gnutls log function when creating a
TLS context, however, the setting is in fact global, not
per context. So we should be setting it when we first call
gnutls_global_init() instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
d8a8af3492 tls: remove support for gnutls 1.x.x, require 2.2.0
We need to use the gnutls_priority_set_direct method which
was not introduced until 2.1.7, so bump version to 2.2.0
which is the first stable release with it included. This
release dates from Dec 2007 so it is reasonable to ditch
support for the 1.x.x series for gnutls releases entirely.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Jovanka Gulicoska
b29e08dbe3 More usage of virGetLastErrorMessage
Convert to virGetLastErrorMessage() in the rest of the code
2016-05-19 15:17:03 -04:00
Giuseppe Scrivano
ab22096710 security: fix DH key generation when FIPS mode is on
When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
specified as the prime's number of bits, a bigger value works in both
cases.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2014-09-04 11:56:36 +02:00
Martin Kletzander
93cf8f9861 cleanup spaces between parentheses and braces
And add a syntax-check for '){$'.  It's not perfect, but better than
nothing.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-20 14:50:21 +02:00
Nehal J Wani
3d5c29a17c Fix typos in src/*
Fix minor typos in source comments

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-21 16:49:08 -06:00
Ján Tomko
b69f99229c Indent top-level labels by one space in src/rpc/ 2014-03-25 14:58:40 +01:00
Martin Kletzander
7fa91525bd Use K&R style for curly braces in src/rpc/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-20 17:16:38 +01:00
Daniel P. Berrange
2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Daniel P. Berrange
b29275d928 Move dtrace probe macros into separate header file
The dtrace probe macros rely on the logging API. We can't make
the internal.h header include the virlog.h header though since
that'd be a circular include. Instead simply split the dtrace
probes into their own header file, since there's no compelling
reason for them to be in the main internal.h header.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:21 +00:00
Daniel P. Berrange
1e4a02bdfe Remove all direct use of getenv
Unconditional use of getenv is not secure in setuid env.
While not all libvirt code runs in a setuid env (since
much of it only exists inside libvirtd) this is not always
clear to developers. So make all the code paranoid, even
if it only ever runs inside libvirtd.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-21 14:03:52 +01:00
John Ferlan
f905cc9984 virnettlscontext: Resolve Coverity warnings (UNINIT)
Coverity complained about the usage of the uninitialized cacerts in the
event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)"
fail the for loop used to fill in the certs will have indeterminate data
as well as the possibility that both failures would result in the
gnutls_x509_crt_deinit() call having a similar fate.

Initializing cacerts only would resolve the issue; however, it still
would leave the indeterminate action, so rather add a parameter to
the virNetTLSContextLoadCACertListFromFile() to pass the max size rather
then overloading the returned count parameter. If the the call is never
made, then we won't go through the for loops referencing the empty
cacerts
2013-08-09 07:28:14 -04:00
Daniel P. Berrange
31d41d9268 Fix validation of CA certificate chains
The code added to validate CA certificates did not take into
account the possibility that the cacert.pem file can contain
multiple (concatenated) cert data blocks. Extend the code for
loading CA certs to use the gnutls APIs for loading cert lists.
Add test cases to check that multi-level trees of certs will
validate correctly.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 10:44:28 +01:00
Daniel P. Berrange
792f81a40e Convert 'int i' to 'size_t i' in src/rpc/ files
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-10 17:40:14 +01:00
Michal Privoznik
ff50bdfda3 Adapt to VIR_ALLOC and virAsprintf in src/rpc/* 2013-07-10 11:07:32 +02:00
Eric Blake
1cd97c7ab4 build: fix typo in earlier commit
Bummer, I committed, then fixed a typo, then tested, and forgot to
amend the commit before pushing 7d21d6b6.

* src/rpc/virnettlscontext.c (includes): Use correct spelling.
2013-05-29 11:08:14 -06:00
Eric Blake
7d21d6b697 build: fix build with newer gnutls
Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
with:

rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]

Yeah, it's stupid that gnutls broke API by moving their declaration
into a new header without including that header from the old one,
but it's easy enough to work around, all without breaking on gnutls
1.4.1 (hello RHEL 5) that lacked the new header.

* configure.ac (gnutls): Check for <gnutls/crypto.h>.
* src/rpc/virnettlscontext.c (includes): Include additional header.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-29 08:52:42 -06:00
Michal Privoznik
16251193af Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/* 2013-05-23 09:56:38 +02:00
Osier Yang
ba0880b25c syntax-check: Add the rule to forbid whitespace before ";"
Only a few cases are allowed:

1) The expression is empty for "for" loop, E.g.

  for (i = 0; ; i++)

2) An empty statement

  while (write(statuswrite, &status, 1) == -1 &&
         errno == EINTR)
      ; /* empty */

3) ";" is inside double-quote, I.e, as part of const string. E.g.

  vshPrint(ctl, "a ; b ; cd;\n");

The "for" loop in src/rpc/virnettlscontext.c is the special case,
1) applies for it, so change it together in this patch.
2013-05-22 13:16:03 +08:00
Laine Stump
bfe7721d50 util: move virFile* functions from virutil.c to virfile.c
These all existed before virfile.c was created, and for some reason
weren't moved.

This is mostly straightfoward, although the syntax rule prohibiting
write() had to be changed to have an exception for virfile.c instead
of virutil.c.

This movement pointed out that there is a function called
virBuildPath(), and another almost identical function called
virFileBuildPath(). They really should be a single function, which
I'll take care of as soon as I figure out what the arglist should look
like.
2013-05-10 13:09:30 -04:00
Michal Privoznik
7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Daniel P. Berrange
51997e50fa Add APIs to get at more client security data
A socket object has various pieces of security data associated
with it, such as the SELinux context, the SASL username and
the x509 distinguished name. Add new APIs to virNetServerClient
and related modules to access this data.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:11:46 +00:00
Daniel P. Berrange
ad9ea4a9fd Re-add DTrace probes on 'dispose' functions
When converting to virObject, the probes on the 'Free' functions
were removed on the basis that there is a probe on virObjectFree
that suffices. This puts a burden on people writing probe scripts
to identify which object is being dispose. This adds back probes
in the 'Dispose' functions and updates the rpc monitor systemtap
example to use them

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
John Ferlan
2792ad143e virnetttlcontext: Resolve issues found by Valgrind
Need to initialize 'usage' and 'critical' since the VIR_DEBUG will
attempt to use them.
2013-02-07 14:08:14 -05:00
John Ferlan
ffd61edd87 tlscontext: Make sure to get proper pointer to 'dname'
Keep Coverity happy by passing a pointer to 'dname' rather than the
array itself.  The PROBE expansion would cause a BAD_SIZEOF.
2013-02-05 16:51:06 -05:00
Daniel P. Berrange
bba93d40da Convert all rpc classes over to virObjectLockable 2013-01-16 11:02:58 +00:00
Daniel P. Berrange
69218922e8 Allow for multi-level inheritance of virObject classes
Currently all classes must directly inherit from virObject.
This allows for arbitrarily deep hierarchy. There's not much
to this aside from chaining up the 'dispose' handlers from
each class & providing APIs to check types.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-15 19:21:31 +00:00
Daniel P. Berrange
f24404a324 Rename virterror.c virterror_internal.h to virerror.{c,h} 2012-12-21 11:19:50 +00:00
Daniel P. Berrange
44f6ae27fe Rename util.{c,h} to virutil.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange
404174cad3 Rename threads.{c,h} to virthread.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange
ab9b7ec2f6 Rename memory.{c,h} to viralloc.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
936d95d347 Rename logging.{c,h} to virlog.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange
1c04f99970 Remove spurious whitespace between function name & open brackets
The libvirt coding standard is to use 'function(...args...)'
instead of 'function (...args...)'. A non-trivial number of
places did not follow this rule and are fixed in this patch.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-11-02 13:36:49 +00:00
Ján Tomko
149c87b49d Various typos and misspellings 2012-10-12 00:03:43 +02:00
Eric Blake
4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Eric Blake
2387aa26c1 maint: fix missing spaces in message
I got an off-list report about a bad diagnostic:
Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8

True to form, I've added a syntax check rule to prevent it
from recurring, and found several other offenders.

* cfg.mk (sc_require_whitespace_in_translation): New rule.
* src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add
space.
* src/esx/esx_util.c (esxUtil_ParseUri): Likewise.
* src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSetMetadata)
(qemuDomainGetMetadata): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise.
* src/rpc/virnettlscontext.c
(virNetTLSContextCheckCertDNWhitelist): Likewise.
* src/vmware/vmware_driver.c (vmwareDomainResume): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives):
Avoid false negatives.
* tools/virsh-domain.c (info_save_image_dumpxml): Reword.
Based on a report by Luwen Su.
2012-09-12 11:55:29 -06:00
Daniel P. Berrange
e10e1969d5 Turn virNetTLSContext and virNetTLSSession into virObject instances
Make virNetTLSContext and virNetTLSSession use the virObject
APIs for reference counting

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-07 11:47:41 +01:00
Osier Yang
f9ce7dad60 Desert the FSF address in copyright
Per the FSF address could be changed from time to time, and GNU
recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

  You should have received a copy of the GNU General Public License
  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

This patch removes the explicit FSF address, and uses above instead
(of course, with inserting 'Lesser' before 'General').

Except a bunch of files for security driver, all others are changed
automatically, the copyright for securify files are not complete,
that's why to do it manually:

  src/security/security_selinux.h
  src/security/security_driver.h
  src/security/security_selinux.c
  src/security/security_apparmor.h
  src/security/security_apparmor.c
  src/security/security_driver.c
2012-07-23 10:50:50 +08:00