Commit Graph

556 Commits

Author SHA1 Message Date
Peter Krempa
21a2d1b69c rpc: serverclient: Add option to suppress errors on EOF
The protocol may not use an explicit API to close the connection and
just close the socket instead. Add option to suppress errors in such
case.
2017-03-17 17:20:22 +01:00
Peter Krempa
494c302c7f rpc: socket: Add possibility to suppress errors on read hangup
In some cases a read error due to connection hangup is expected. This
patch adds a flag that removes the logging of a virError in such case.
2017-03-17 17:19:00 +01:00
Daniel P. Berrange
83c1ab5838 Report what TLS priority string we use for a session
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-16 11:03:33 +00:00
Daniel P. Berrange
7310739d1f Short circuit SASL auth when no mechanisms are available
If the SASL config does not have any mechanisms we currently
just report an empty list to the client which will then
fail to identify a usable mechanism. This is a server config
error, so we should fail immediately on the server side.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-16 11:01:39 +00:00
Marc Hartmayer
d6bc7622f0 rpc: Fix potentially segfaults
We have to allocate first and if, and only if, it was successful we
can set the count. A segfault has occurred in
virNetServerServiceNewPostExecRestart() when VIR_ALLOC_N(svc->socks,
n) has failed, but svc->nsocsk = n was already set. Thus
virObejectUnref(svc) was called and therefore it was possible that
virNetServerServiceDispose was called => segmentation fault.  For
safeness NULL pointer check were added in
virNetServerServiceDispose().

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-02-12 15:02:42 -05:00
Pino Toscano
1a5de3fe2e remote: do not check for an existing config dir
When composing the path to the default known_hosts file (for the libssh
and libssh2 drivers), do not check whether the configuration directory
(determined by virGetUserConfigDirectory()) exists: both the drivers can
handle non-existing files, and are able to create them (and their
directories) in that case.

This adds a small behaviour change: before, the key for an unknown host,
and manually accepted, was saved only if the configuration directory
existed -- a bit incoherent behaviour though.
2017-01-11 13:38:04 +01:00
Pino Toscano
45c4a70c70 remote: fix logic for known_hosts and keyfile checks
If any of them is specified for the libssh and libssh2 drivers, there is
no need to depend on checks based on other paths: in particular, a
specified path for known_hosts was ignored if the local config directory
could not be determined, and the path for keyfile was ignored if the
home could not be determined.

Instead, lazily determine and use these two paths only in case they are
needed.
2017-01-11 13:37:45 +01:00
Pino Toscano
408a1ce5f8 rpc: libssh: allow a NULL known_hosts file
Make sure that virNetLibsshSessionSetHostKeyVerification accepts a NULL
value for the path to the known_hosts file:
- call ssh_options_set(SSH_OPTIONS_KNOWNHOSTS) anyway, using /dev/null,
  otherwise libssh will use its default path
- do not call ssh_write_knownhost when no known hosts file was set

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1406457
2017-01-11 13:37:24 +01:00
Roman Bogorodskiy
e4cb660160 genprotocol.pl: add darwin to fixup list 2016-11-24 17:17:43 +03:00
Pino Toscano
22eaee8e01 remote: expose a new libssh transport
Implement in virtNetClient and VirNetSocket the needed functions to
expose a new libssh transport, providing all the options that the
libssh2 transport supports.
2016-11-15 15:50:51 +01:00
Pino Toscano
6917467c2b libssh_transport: add new libssh-based transport
Implement a new libssh transport, which uses libssh to communicate with
remote hosts, and add all the build system stuff (search of libssh,
private symbols, etc) to built it.

This new transport supports all the common ssh authentication methods,
making use of libvirt's auth callbacks for interaction with the user.
2016-11-15 15:50:51 +01:00
Pino Toscano
24ee5dc907 virnetsocket: improve search for default SSH key
Add a couple of helper functions to check whether one of the default
names of SSH keys (as documented in ssh-keygen(1)) exists, and use them
to specify a key for the libssh2 transport if none was passed.
2016-11-15 15:50:51 +01:00
Pino Toscano
0e9fec979d virNetSocket: allow to not close FD
Add an internal variable to mark the FD as "not owned" by the
virNetSocket, in case the internal implementation takes the actual
ownership of the descriptor; this avoids a warning when closing the
socket, as the FD would be invalid.
2016-11-15 15:50:51 +01:00
Erik Skultety
238b20b47f rpc: virnetserver: Remove dead code checking the client limits
Prior to commit 2737aaaf, we allowed every client to connect successfully,
however, if accepting a client would eventually lead to an overcommit of the
limits, we would disconnect it immediately with "Too many active clients,
dropping connection from...". Recent changes refactored the code in a way, that
it is not possible for the client-related callback to be dispatched and the
client to be accepted if the limits wouldn't permit to do so, therefore a check
if a connection should be dropped due to limits violation has become a dead
code that could be removed.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 14:51:13 +02:00
Erik Skultety
e9ce8a7d24 admin: rpc: virnetserver: Fix updating of the client limits
Commit 2737aaaf changed our policy for accepting new clients in a way, that
instead of accepting new clients only to disconnect them immediately, since
that would overcommit the limit, we temporarily disable polling for the
dedicated file descriptor, so any new connection will queue on the socket.
Commit 8b1f0469 then added the possibility to change the limits during runtime
but it didn't re-enable polling for the previously disabled file descriptor,
thus any new connection would still continue to queue on the socket. This patch
forces an update of the services each time the limits were changed in some way.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1357776

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 14:51:13 +02:00
Erik Skultety
5b9f735f16 rpc: virnetserver: Add code to CheckLimits to handle suspending of services
So far, virNetServerCheckLimits was only used to possibly re-enable accepting
new clients that might have previously been disabled due to client limits
violation (max_clients, max_anonymous_clients). This patch refactors
virNetServerAddClient, which is currently the only place where the services get
disabled, in order to use the virNetServerCheckLimits helper instead of
checking the limits by itself.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 14:51:13 +02:00
Erik Skultety
17bc333411 rpc: virnetserver: Move virNetServerCheckLimits which is static up in the file
Since virNetServerAddClient checks for the limits in order to temporarily
suspend the services, thus not accepting any more clients, there is no reason
why virNetServerCheckLimits, which is only responsible for re-enabling
previously disabled services according to the limits, could not do both. To be
able to do that however, it needs to be moved up in the file since it's static
(and because it's just a helper and there's only one caller it should remain
 static).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 14:51:13 +02:00
Erik Skultety
2e5417bc46 rpc: virnetserver: Rename ClientSetProcessingControls to ClientSetLimits
The original naming was just a leftover that should have been fixed in commit
8b1f0469.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 14:51:13 +02:00
Ján Tomko
a3f565b339 Fix possible invalid read in adminClientGetInfo
virNetServerClientGetInfo returns the client's remote address
as a string, which is a part of the client object.

Use VIR_STRDUP to make a copy which can be freely accessed
even after the virNetServerClient object is unlocked.

To reproduce, put a sleep between virObjectUnlock in
virNetServerClientGetInfo and virTypedParamsAddString in
adminClientGetInfo, then close the queried connection during
that sleep.
2016-06-29 16:13:12 +02:00
Ján Tomko
541bd183f7 Rename virNetClient*AddrString
Add SASL at the end to make the format obvious.
2016-06-23 22:31:20 +02:00
Ján Tomko
eaf7ff3873 Rename virNetServerClient*AddrString
Add SASL at the end to make the format obvious.
2016-06-23 22:23:21 +02:00
Ján Tomko
ea537e7b36 Add SASL to virNetSocket{Local,Remote}AddrString
Rename them to virNetSocket{Local,Remote}AddrStringSASL
to make their format more obvious.
2016-06-23 22:23:21 +02:00
Ján Tomko
dbce70b243 virNetSocket: rename AddrStr to AddrStrSASL
Make it more obvious that these are in the SASL format.
2016-06-23 22:23:21 +02:00
Ján Tomko
23b6559d65 Introduce virNetServerClientRemoteAddrStringURI
Use it in virNetServerClientGetInfo to switch back to using
the URI-format (separated by ':') instead of the SASL format
(separated by ';').

Also use it in the error message reported by virNetServerAddClient.
2016-06-23 22:23:02 +02:00
Ján Tomko
2da6a13e5f Introduce virNetSocketRemoteAddrStringURI
It will return the socket address and port in a URI-like
format: [::1]:1234
Add a test case to virnetsockettest.
2016-06-23 22:21:36 +02:00
Ján Tomko
0f7eeb20ad Revert "virnetsocket: Provide socket address format in a more standard form"
This partially reverts commit 9b45c9f049.

It changed the default format of socket address from the one SASL
requires, but did not adjust all the callers.

It also removed the test coverage for it.

Revert most of the changes except the virSocketAddrFormatFull support
for URI-formatted strings.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1345743 while
reverting the format used by virt-admin's client-info command from
the URI one to the SASL one.

https://bugzilla.redhat.com/show_bug.cgi?id=1345743
2016-06-23 22:15:06 +02:00
Peter Krempa
830f9b624d rpcgen: Add support for generating funcs returning alloc'd typed params
Since it's rather tedious to write the dispatchers for functions that
return an array of typed parameters (which are rather common) let's add
some rpcgen code to generate them.
2016-06-22 08:15:45 +02:00
Daniel P. Berrange
214489f550 rpc: allow priority string to be passed to TLS context
Extend the virNetTLSContextNew* constructors to allow
the TLS priority string to be passed in, overriding the
compile time default.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
cbb2e91ecc configure: allow setting default TLS priority string
Currently libvirt calls gnutls_set_default_priority()
which on old systems resolves to "NORMAL" while new
systems it resolves to "@SYSTEM". Either way, this
is a global default that is identical across all apps.

We want to allow distros to flexibility to define a
custom default string for libvirt priority, so add
a --tls-priority=STRING  flag to configure to enable
this to be set.

It is expected that distros would use this when creating
RPM/Deb/etc packages, according to their preferred crypto
handling policies.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
20c5ded9d0 rpc: set gnutls log function at global init time
Currently we set the gnutls log function when creating a
TLS context, however, the setting is in fact global, not
per context. So we should be setting it when we first call
gnutls_global_init() instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
d8a8af3492 tls: remove support for gnutls 1.x.x, require 2.2.0
We need to use the gnutls_priority_set_direct method which
was not introduced until 2.1.7, so bump version to 2.2.0
which is the first stable release with it included. This
release dates from Dec 2007 so it is reasonable to ditch
support for the 1.x.x series for gnutls releases entirely.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Jovanka Gulicoska
b29e08dbe3 More usage of virGetLastErrorMessage
Convert to virGetLastErrorMessage() in the rest of the code
2016-05-19 15:17:03 -04:00
Erik Skultety
8b1f04693d admin: Introduce virAdmServerSetClientLimits
Opposite operation to virAdmServerGetClientLimits. Understandably though,
setting values for current number of clients connected or still waiting
for authentication does not make sense, since changes to these values are event
dependent, i.e. a client connects - counter is increased. Thus only the limits
to maximum clients connected and waiting for authentication can be set. Should
a request for other controls to be set arrive (provided such a setting will
be first introduced to the config), the set of configuration controls can be
later expanded (thanks to typed params). This patch also introduces a
constraint that the maximum number of clients waiting for authentication has to
be less than the overall maximum number of clients connected and any attempt to
violate this constraint will be denied.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-19 12:31:53 +02:00
Erik Skultety
abf29786f2 virnetserver: Introduce server's client-related limits getters
Add some trivial getters for client related attributes to virnetserver before
any admin method can be introduced.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-19 11:11:13 +02:00
Cole Robinson
b6238738ea rpc: use virNetMessageClearPayload in client
This removes the opencoded payload freeing in the client, to use
the shared virNetMessageClearPayload call. Two changes:

- ClearPayload sets nfds=0, which fixes a potential crash if
  an error path called virNetMessageFree/Clear on the message
  after fds was free'd
- We drop the inner loop VIR_FORCE_CLOSE... this may mean fds are
  kept open a little bit longer if the call is blocking but in
  practice I don't think it will have any effect
2016-05-05 14:28:19 -04:00
Cole Robinson
64bd680d42 rpc: Clear more in virNetMessageClearPayload
Set all counters to 0. This doesn't impact current users, but
future users will want this
2016-05-05 14:28:19 -04:00
Cole Robinson
220c4e85b3 rpc: Add virNetMessageClearPayload
Handles freeing the buffer and fds, but not the message details.
Use it to drop some duplicate code.
2016-05-05 14:28:19 -04:00
Michal Privoznik
b17e610e1f virNetServerClientNewPostExecRestart: Avoid align problems
I've noticed this while trying to compile libvirt on my arm box.

  CC       rpc/libvirt_net_rpc_server_la-virnetserverclient.lo
rpc/virnetserverclient.c: In function 'virNetServerClientNewPostExecRestart':
rpc/virnetserverclient.c:516:45: error: cast increases required alignment of target type [-Werror=cast-align]
                                             (long long *) &timestamp) < 0) {
                                             ^
cc1: all warnings being treated as errors

Problem is, @timestap is defined as time_t which is 32 bits long,
and we are typecasting it to long long which is 64bits long.
Solution is to make @timestamp type of long long. At the same
time, we can make @conn_time in _virNetServerClient struct long
long too. There is no need for it to be type of time_t.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-05 13:48:56 +02:00
Michal Privoznik
2a3a2c2f5b virNetServerClientNewPostExecRestart: Drop useless typecasts
In this function, @id is defined as unsigned long long. When
passing this variable to virJSONValueObjectGetNumberUlong(),
well address of this variable, it's typecasted to ull*. There
is no need for that. It's a same story with @nrequests_max.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-05 13:48:53 +02:00
Erik Skultety
8420a53edf virnetserverclient: Add an internal method to retrieve client's identity
This method just aggregates various client object attributes, like socket
address, connection type (RO/RW), and some TCP/TLS/UNIX identity in an atomic
manner.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
bde2cb6136 virneserverclient: Introduce virNetServerClientHasSASLSession
We do have a similar method, serving the same purpose, for TLS, but we lack
one for SASL. So introduce one, in order for other modules to be able to find
out, if a SASL session is active, or better said, that a SASL session exists
at all.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
9b45c9f049 virnetsocket: Provide socket address format in a more standard form
Our socket address format is in a rather non-standard format and that is
because sasl library requires the IP address and service to be delimited by a
semicolon. The string form is a completely internal matter, however once the
admin interfaces to retrieve client identity information are merged, we should
return the socket address string in a common format, e.g. format defined by
URI rfc-3986, i.e. the IP address and service are delimited by a colon and
in case of an IPv6 address, square brackets are added:

Examples:
    127.0.0.1:1234
    [::1]:1234

This patch changes our default format to the one described above, while adding
separate methods to request the non-standard SASL format using semicolon as a
delimiter.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
52a2eef948 admin: Introduce virAdmServerLookupClient
Just like with server-related APIs, before any of client-based APIs can be
called, a reference to a client-side client object needs to be obtained. For
this purpose, a lookup method should exist. Apart from the client retrieval
logic, a new error code for non-existent client had to be added as well.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
42b06aa65d rpc: virnetserverclient: Implement client connection transport retrieval
Although we document 6 types of transport that we support, internally we can
only differentiate between TCP, TLS, and UNIX transports only, since both SSH
and libssh2 transports, due to using netcat, behave in the exactly the same
way as a UNIX socket.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:49 +02:00
Erik Skultety
04bab54d05 rpc: virnetserver: Support retrieval of a list of clients
For now, the list copy is done simply by locking the whole server, walking the
original and increasing the refcount on each object. We may want to change
the list to a lockable object (like list of domains) later in the future if
we discover some performance issues related to locking the whole server in
order to walk the whole list of clients, possibly issuing some 'ForEach'
callback.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
4bd430748c rpc: gendispatch: Tune it to support client structure
Now that libvirt-admin supports another client-side object and provided that
we want to generate as many both client-side and server-side RPC dispatchers,
support for this needs to be added to gendispatch.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
a32135b3b1 rpc: virnetserverclient: Introduce new attribute conn_time to client
Besides ID, libvirt should provide several parameters to help the user
distinguish two clients from each other. One of them is the connection
timestamp. This patch also adds a testcase for proper JSON formatting of the
new attribute too (proper formatting of older clients that did not support
this attribute yet is included in the existing tests) - in order to
testGenerateJSON to work, a mock of time_t time(time_t *timer) needed to be
created.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:52 +02:00
Erik Skultety
5841d64d25 rpc: virnetserverclient: Identify clients by an integer ID
Admin API needs a way of addressing specific clients. Unlike servers, which we
are happy to address by names both because its name reflects its purpose (to
some extent) and we only have two of them (so far), naming clients doesn't make
any sense, since a) each client is an anonymous, i.e. not recognized after a
disconnect followed by a reconnect, b) we can't predict what kind of requests
it's going to send to daemon, and c) the are loads of them comming and going,
so the only viable option is to use an ID which is of a reasonably wide data
type.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:51 +02:00
Cole Robinson
8958dde506 rpc: protocol: Clarify VIR_NET_ERROR usage with streams
The described protocol semantics really only apply to server initiated
stream messages. Document the semantics for client messages.
2016-05-02 10:13:04 -04:00
Michal Privoznik
18944b7aea virnetclientstream: Process stream messages later
There are two functions on the client that handle incoming stream
data.  The first one virNetClientStreamQueuePacket() is a low
level function that just processes the incoming stream data from
the socket and stores it into an internal structure. This happens
in the client event loop therefore the shorter the callbacks are,
the better. The second function virNetClientStreamRecvPacket()
then handles copying data from internal structure into a client
provided buffer.
Change introduced in this commit makes just that: new queue for
incoming stream packets is introduced. Then instead of copying
data into intermediate internal buffer and then copying them into
user buffer, incoming stream messages are queue into the queue
and data is copied just once - in the upper layer function
virNetClientStreamRecvPacket(). In the end, there's just one
copying of data and therefore shorter event loop callback. This
should boost the performance which has proven to be the case in
my testing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-02 07:56:38 +02:00