Commit Graph

7 Commits

Author SHA1 Message Date
Martin Kletzander
a8743c3938 rpc: Remove keepalive_required option
Since its introduction in 2011 (particularly in commit f4324e3292),
the option doesn't work.  It just effectively disables all incoming
connections.  That's because the client private data that contain the
'keepalive_supported' boolean, are initialized to zeroes so the bool is
false and the only other place where the bool is used is when checking
whether the client supports keepalive.  Thus, according to the server,
no client supports keepalive.

Removing this instead of fixing it is better because a) apparently
nobody ever tried it since 2011 (4 years without one month) and b) we
cannot know whether the client supports keepalive until we get a ping or
pong keepalive packet.  And that won't happen until after we dispatched
the ConnectOpen call.

Another two reasons would be c) the keepalive_required was tracked on
the server level, but keepalive_supported was in private data of the
client as well as the check that was made in the remote layer, thus
making all other instances of virNetServer miss this feature unless they
all implemented it for themselves and d) we can always add it back in
case there is a request and a use-case for it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-10 13:15:56 +02:00
Martin Kletzander
beb0eda2e3 Add configuration options for permissions on daemon's admin socket
This is not going to be very widely used, but for some corner cases and
easier (unsafe) debugging, it might be nice.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:21 +02:00
Michal Privoznik
68f60f669c daemon: Introduce max_anonymous_clients
https://bugzilla.redhat.com/show_bug.cgi?id=992980

This config tunable allows users to determine the maximum number of
accepted but yet not authenticated users.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-03-17 17:45:13 +01:00
Laine Stump
1ecbff4073 build: fix missing max_queued_clients in augeas test file for libvirtd.conf
Broken in commit 1199edb1d4
2013-08-05 15:09:52 -04:00
Daniel P. Berrange
b904bba7f4 Add a policy kit access control driver
Add an access control driver that uses the pkcheck command
to check authorization requests. This is fairly inefficient,
particularly for cases where an API returns a list of objects
and needs to check permission for each object.

It would be desirable to use the polkit API but this links
to glib with abort-on-OOM behaviour, so can't be used. The
other alternative is to speak to dbus directly

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:24:36 +01:00
Daniel P. Berrange
ed3bac713c Setup default access control manager in libvirtd
Add a new 'access_drivers' config parameter to the libvirtd.conf
configuration file. This allows admins to setup the default
access control drivers to use for API authorization. The same
driver is to be used by all internal drivers & APIs

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-06-24 15:24:36 +01:00
Daniel P. Berrange
de9758ae9b Autogenerate augeas test case from default config files
When adding new config file parameters, the corresponding
additions to the augeas lens' are constantly forgotten.
Also there are augeas test cases, these don't catch the
error, since they too are never updated.

To address this, the augeas test cases need to be auto-generated
from the example config files.

* build-aux/augeas-gentest.pl: Helper to generate an
  augeas test file, substituting in elements from the
  example config files
* src/Makefile.am, daemon/Makefile.am: Switch to
  auto-generated augeas test cases
* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
  src/locking/test_libvirt_sanlock.aug,
  src/locking/test_libvirt_sanlock.aug.in,
  src/lxc/test_libvirtd_lxc.aug,
  src/lxc/test_libvirtd_lxc.aug.in,
  src/qemu/test_libvirtd_qemu.aug,
  src/qemu/test_libvirtd_qemu.aug.in: Remove example
  config file data, replacing with a ::CONFIG:: placeholder

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-28 11:07:12 +01:00